What to expect when expecting ipv6
Download
1 / 42

What to Expect When Expecting IPv6 - PowerPoint PPT Presentation


  • 118 Views
  • Uploaded on

What to Expect When Expecting IPv6. Tim Helming Director of Product Management Corey, Nachreiner, CISSP, Sr. Network Security Strategist ,. Welcome to WatchGuard’s IPv6 Webinar Series!. 3. 1. 4. 2. What To Expect from IPv6. You’re here because v6 matters to you.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' What to Expect When Expecting IPv6' - csilla


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
What to expect when expecting ipv6

What to ExpectWhen Expecting IPv6

Tim Helming

Director of Product Management

Corey, Nachreiner, CISSP,

Sr. Network Security Strategist

,


Welcome to watchguard s ipv6 webinar series
Welcome to WatchGuard’s IPv6 Webinar Series!

3

1

4

2

What To Expect from IPv6





Remember this hasn t changed much
Remember this? Hasn’t changed much!

Source: Elise Gerich, IANA/ICANN


Wipv6d native v6 traffic nearly doubled
WIPv6D: Native v6 traffic nearly doubled!

…to…

Source: http://asert.arbornetworks.com/2011/06/world-ipv6-day-final-look-and-wagons-ho/



Bottom line
Bottom Line:

More Detail in Part 2 today!






The state of ipv6 among isps
The State of IPv6 Among ISPs

Migration to IPv6 is possible in all of these scenarios… only the “how” changes.

Your ISP is your gateway to the Internet. As such, the IPv6 migration strategies available to you depend heavily on what IPv6 services your ISP offers today.


Real world ipv6 readiness an isp survey
Real-World IPv6 Readiness: An ISP Survey

  • RFC 6036: Emerging Service Provider Scenarios for IPv6 Deployment


Isp survey trends and highlights
ISP Survey Trends and Highlights

  • Estimated IPv4 depletion 2015

  • 93% plan Dual-stack backbone

  • 40% run or plan to run 6to4 relay

  • CPE often doesn’t support IPv6

  • Prefixes offered:

    • /48 most common

    • /64 (especially among mobile)

    • /56

    • /52, /60 sometimes



Hurricane Electric is a global Internet backbone provider (and transit ISP), with a specific focus on IPv6


Recap ipv6 hierarchical addressing
RECAP: IPv6 Hierarchical Addressing (and transit ISP), with a specific focus on IPv6

Interface ID

Global Routing Prefix

Prefix

SLA ID

2561:1900:4545:0003:0200:F8FF:FE21:67CF

RIR

NIR/LIR


Ipv6 subnetting
IPv6 Subnetting (and transit ISP), with a specific focus on IPv6

  • CIDR only (slash notation)

  • No concept of subnet masks

  • / followed by prefix size (decimal number 1-128)

2001:1900:4545:0003:0200:F8FF:FE21:67CF

2001:1900:4545::/48 =

/16

/32

/48

2001:1900:4545:0000:0000:0000:0000:0000 -

2001:1900:4545:FFFF:FFFF:FFFF:FFFF:FFFF

CIDR to range tool: http://www.ultratools.com/tools/ipv6CIDRToRange


Regional internet registry rir
Regional Internet Registry (RIR) (and transit ISP), with a specific focus on IPv6

  • Current ARIN

  • IPv6 Blocks:

  • 2001:0400::/23

  • 2001:1800::/23

  • 2001:4800::/23

  • 2600:0000::/12

  • 2610:0000::/23

2001:1856:4A5f::/64


Local internet registry lir
Local Internet Registry (LIR) (and transit ISP), with a specific focus on IPv6

  • ARIN IPv6 Block:

  • 2001:1800::/23

ISP A

ISP C

ISP B

  • ISP IPv6 Blocks:

  • ISP A

    • 2001:1800::/32

  • ISP B

    • 2001:1801::/32

  • ISP C

    • 2001:1802::/32

2001:1800:1234::/64

2001:1802:1234::/64


The multi homed issue pa vs pi
The Multi-Homed Issue: PA vs. PI (and transit ISP), with a specific focus on IPv6

2001:4911::/32


Map your network
Map Your Network (and transit ISP), with a specific focus on IPv6

  • You should identify:

  • Your core infrastructure (routers, switches, etc)

  • Security devices

  • Hosts and OSs on your network

  • Enumerate you DNS and DHCP servers

  • Your application servers (Public & Private)

  • Other networks devices (printers, NAS, etc..)

Nmap can help!


What needs an upgrade
What Needs an Upgrade? (and transit ISP), with a specific focus on IPv6

  • Place in three buckets:

    • No support

    • Partial support

    • Full support (w/dual-stack)

Devices lacking support will require eventual upgrade or transition services

The goal of the previous network enumeration process is to figure out what supports IPv6 and what does not.


Planning and migration strategies
Planning and Migration Strategies (and transit ISP), with a specific focus on IPv6


Planning and migration strategy
Planning and Migration Strategy (and transit ISP), with a specific focus on IPv6

This info will help you choose a migration strategy:


Ipv6 transition technologies
IPv6 Transition Technologies (and transit ISP), with a specific focus on IPv6

  • Dual-Stack: IPv4 and IPv6 run together on all/most devices. Dual-Stack routing devices can handle translation, if necessary

  • Tunneling: Allow IPv6 devices to communicate over an IPv4 network via tunnels (a lot like VPN)

    • Manual: Require configuration. More control, thus more secure

    • Automatic: Little setup. May sneak out your network

    • Tunnel Brokers: Companies that offer easy IPv6 tunneling services

  • Translation: Re-writing one protocol packets to another protocol (IPv6 to IPv4, and vice versa).

  • Application-specific proxies: Translation only for specific services (web, email, etc). IPv6 client connects to proxy server, it makes IPv4 connection to a service…


Common tunneling and translation protocols
Common Tunneling and Translation Protocols (and transit ISP), with a specific focus on IPv6


Three migration strategies
Three Migration Strategies (and transit ISP), with a specific focus on IPv6


A simplified network
A Simplified Network (and transit ISP), with a specific focus on IPv6

Internet

ISP

IPv4 Core Network

IPv4 Network (LAN)

IPv4 Network (DMZ)

IPv4 Network


Core migration

IPv6 Tunnel broker (and transit ISP), with a specific focus on IPv6

or endpoint

Core Migration

Internet

ISP

IPv6 ISP

IPv4 ISP

  • IPv6 Routers (or Dual-stack)

IPv4 Core Network

IPv6 Core Network

  • Dual-stack Routers

IPv4 Network (LAN)

IPv4 Network (DMZ)

IPv4 Network


Application server migration
Application Server Migration (and transit ISP), with a specific focus on IPv6

Internet

ISP

Depending on ISP capabilities, Tunneling or Translation services used for IPv6 Internet access.

IPv4 Core Network

IPv4 Network (LAN)

IPv4 Network (DMZ)

IPv4 Network

IPv4/IPv6 Network


Client side migration
Client-side Migration (and transit ISP), with a specific focus on IPv6

Internet

ISP

Again, Tunneling or Translation services used where needed

IPv4 Core Network

IPv4 Network (LAN)

IPv4 Network (DMZ)

IPv4 Network

IPv4/IPv6 Network


Implementation and transition
Implementation and Transition (and transit ISP), with a specific focus on IPv6


Ipv6 deployment eating the elephant
IPv6 Deployment: Eating the Elephant (and transit ISP), with a specific focus on IPv6

“[IPv6 deployment] is very much an ’eating the elephant’ problem, but at one mouthful at a time, it appears to be surprisingly easy. Just do it, bit by bit."


From islands to oceans
From Islands to Oceans (and transit ISP), with a specific focus on IPv6

Even if you converted to full IPv6 tomorrow, you will still need translation tech until everyone does IPv6

Internet

IPv6 Network

IPv4 Ocean

IPv6 Ocean

IPv4 network

IPv6 Island

IPv4 Island

IPv4 Island


Expect a long term transition phase
Expect a Long-term Transition Phase (and transit ISP), with a specific focus on IPv6


Wrapping up
Wrapping Up (and transit ISP), with a specific focus on IPv6


It s up to you
It’s Up To You! (and transit ISP), with a specific focus on IPv6


Resources for further reading
Resources for further reading: (and transit ISP), with a specific focus on IPv6

  • “0 to IPv6 in 3 Months” Case Study (PDF): goo.gl/jpnX7

  • ARIN Number Resource Policy: http://goo.gl/G5fse

  • World IPv6 Day Experiences: http://goo.gl/kGeQa

  • RFC 6036 - Emerging Service Provider Scenarios for IPv6 Deployment: http://goo.gl/WSMzR

  • IPv4-to-IPv6 Transition Strategies: http://goo.gl/8GOzJ

  • IPv6 Transition Strategies: http://goo.gl/U5iV6

  • IPv6 Calculator Tools: http://goo.gl/OqDw5


Thank you
Thank You! (and transit ISP), with a specific focus on IPv6


ad