Ipv6 enterprise case study
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

IPv6 Enterprise Case Study PowerPoint PPT Presentation


  • 132 Views
  • Uploaded on
  • Presentation posted in: General

IPv6 Enterprise Case Study. Tim Chown [email protected] School of Electronics and Computer Science University of Southampton (UK) IEC 21st Century Conference, 27th March 2006, London. Case Study. In this slot we look at an IPv6 deployment in a small-medium enterprise network

Download Presentation

IPv6 Enterprise Case Study

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ipv6 enterprise case study

IPv6 EnterpriseCase Study

Tim Chown

[email protected]

School of Electronics and Computer Science

University of Southampton (UK)

IEC 21st Century Conference,

27th March 2006, London


Case study

Case Study

  • In this slot we look at an IPv6 deployment in a small-medium enterprise network

    • Electronics and Computer Science @ Southampton

  • Philosophy is dual-stack

    • Consider IPv6-only elements at a later date

  • A production deployment

    • Aim to make key network services IPv6 enabled

    • Facilitate deployment of IPv6-only nodes if desired

    • Must therefore be robust; introducing IPv6 must not adversely affect IPv4 service

  • Academic setting, but services still critical


Ecs specifics

ECS specifics

  • Medium sized department network

  • Around 1,000 hosts in around 16 IPv4 subnets

    • Mixed Win 2000/XP, MacOS/X, Linux, Solaris, Irix

  • New Cisco switch-routers

    • Cisco 6509 (1) and 3750 (30+)

  • Run all own infrastructure Internet services

    • DNS, SMTP (MX servers), web, NTP, …

  • IPv4 connectivity supplied by LeNSE and JANET

    • Regional and backbone academic providers

    • Includes IPv4 multicast

  • Limited but good IPv6 knowledge in staff

    • Ran a training course for JANET community in 2005


Deployment scenario

Deployment scenario

  • Goal to deploy pervasively in ECS

  • We decided to deploy dual-stack

    • Enable IPv6 in all host and router platforms where possible

    • Enable all key applications and services

    • Support teaching and research

    • Facilitate IPv6 access for potential overseas students

  • Need to also consider offering remote IPv6 access

    • Some form of tunnelling considered

    • But those services provided at JANET level now

      • 6to4 relay and IPv6 tunnel broker

    • Thus focused here on internal ECS deployment


Ecs ipv4 topology

ECS IPv4 topology


Ietf documents

IETF documents

  • Considered (and co-authored) during the process

  • Enterprise Scenarios

    • Issues to consider for the transition

    • RFC4057

  • Enterprise Analysis

    • Considers applicability of the transition tools

    • draft-ietf-v6ops-ent-analysis-04

  • Campus Transition

    • A specific case study (discussed here today)

    • draft-chown-v6ops-campus-transition-02


Phase 1 advanced planning

Phase 1: Advanced planning

  • Introduce IPv6 requirements into all tenders

    • Ensure you have ability to turn IPv6 on when ready

  • Obtain IPv6 address block allocation from ISP

    • Enterprise allocation by default a /48

    • Includes DNS forward and reverse delegation

  • Establish IPv6 training programme

    • Determine ‘hands-on’ trial requirements for operational staff, perhaps via a tunnel broker

  • Review IPv6 security issues

    • Review and revise security policies


Phase 2a testbeds trials

Phase 2a: testbeds/trials

  • Assign and deploy IPv6 capable access router(s) and security devices (firewall)

    • Isolated dual-stack environment, e.g. IPv4 DMZ

  • Establish IPv6 connectivity to provider

    • Configure desired routing protocols, if required

  • Connect testbed hosts on internal network

    • For an initial testbed a single /64 subnet should suffice

  • Deploy IPv6 DNS

    • e.g. using BIND9 on a Unix platform

  • Enable IPv6 on the host systems

    • Configure applications and services


Phase 2b preparation

Phase 2b: Preparation

  • Survey systems, applications and services for IPv6 capability

    • Includes management/monitoring/OSS components

    • Assess porting options for IPv4-only elements

    • Consider alternative solutions if no IPv6 capability available

  • Formulate an IPv6 site addressing plan

    • How to allocate your /48

    • May administratively overlap with existing IPv4 plan

  • Document IPv6 related policies

    • e.g. Stateless vs Stateful address assignment, use of IPv6 privacy addresses


Phase 3 deployment

Phase 3: Deployment

  • Configure IPv6 on dual-stack routing equipment

    • Access router and firewall(s)

  • Enable IPv6 on the wire on chosen links

    • e.g. Server subnet(s) and selected client subnets

  • Add IPv6 addresses to DNS servers and configure servers to respond over IPv6

  • Enable IPv6 on management elements

  • Enable IPv6 on selected production services

    • e.g. Web, DNS, mail Mxes

  • Include IPv6 in all ongoing security tests

    • Peroidic penetration tests, etc.


Address allocations

Address allocations

  • JANET is academic ISP in the UK

    • Assigned 2001:630::/32 by the RIPE RIR

  • Southampton requested a prefix

    • Assigned 2001:630:d0::/48

    • University has 15-20 Schools

  • ECS allocated a /56 prefix

    • Allows 256 subnets of size /64

    • Allocated in a way that allows us to go back for more

    • Allocated to be congruent with existing IPv4 subnets

  • Address management

    • Using manual/SLAAC, with early DHCPv6 trials


Service enabling

Service enabling

  • DNS

    • BIND9 running on three primary DNS servers

  • Mail MX

    • IPv6 running on three sendmail-based MX systems

    • (No IPv6 for MS Exchange yet, server side)

  • Web

    • IPv6 integral to Apache 2

    • Running around 200 domains

  • NTP

    • Using Meinberg and RIPE TT systems (roof GPS-based)


Ipv6 enterprise case study

DNS

  • Two aspects to consider

  • IPv6 records for hosts in DNS

    • Use new AAAA record for IPv6:

    • ns0.ecs.soton.ac.uk. 1800 IN A 152.78.70.1

    • ns0.ecs.soton.ac.uk. 1800 IN AAAA 2001:630:d0:f116::53

  • IPv6 transport for the lookups

    • Nominet support IPv6 transport to .uk

    • JANET supports IPv6 transport to .ac.uk

    • Some root servers now support IPv6 transport

  • Supported out of the box in BIND9

  • General advice to deploy local dual-stack DNS resolver


Client enabling

Client enabling

  • IPv6 availability good on all systems

  • Windows XP

    • Turn on with ‘netsh ipv6 install’

  • Mac OS/X

    • On by default

  • Linux

    • Varies by flavour; often on by default

  • Solaris

    • Enable at install or subsequently

  • Available on some ‘unexpected’ systems

    • e.g. Symbian-based Nokia 9500 via WLAN interface


Microsoft future

Microsoft future

  • Windows Vista and Server “Longhorn”

    • Two good feature articles:

    • http://www.microsoft.com/technet/itsolutions/network/evaluate/new_network.mspx

    • http://www.microsoft.com/technet/community/columns/cableguy/cg1005.mspx

  • Both have integrated IP stack

    • Most importantly IPv6 is on by default

  • Strong IPv6 support, including:

    • IPsec support

    • Teredo (IPv6 tunneling through IPv4 NATs)

    • IPv6 over PPP

    • MLDv2 (for IPv6 source-specific multicast)

    • DHCPv6 client (for stateful configuration)


Routing

Routing

  • Recently procured internal routing equipment

  • Included IPv6 requirements in tender

    • Included IETF IPv6 RFC specifications

    • IPv6 network management and monitoring capability

    • Some advanced services

      • IPv6 Multicast

      • MLD (IPv6 multicast) snooping in Layer 2 devices

    • Plus many IPv4 features!

  • Ultimately chose Cisco 6509 and 3750 solution

    • Deployed from Day 1 with IPv6 enabled


Ecs dual stack topology

ECS dual-stack topology


Improved ip multicast

Improved IP Multicast

  • IPv6 offers streamlined multicast deployment

    • Multicast is base part of the IPv6 protocol

    • No MSDP for IPv6

    • Instead use Embedded RP (RFC3956)

      • RP address included in IPv6 multicast group address

      • Thus no need for protocol to interconnect RPs

      • Developed in 6NET project (www.6net.org)

    • Also strong interest in IPv6 SSM multicast model

      • Alternative simplified multicast architecture - no RPs

  • Has led to two student-led innovations

    • ECS-TV and Surge Radio


Monitoring tools

Monitoring tools

  • Use several tools, including

    • Cisco Netflow for IPv6

    • SNMP with MRTG

    • RIPE NCC Test Traffic measurement server

  • Example below shows IPv6 traffic to/from a DMZ link

    • Sun-Sun 19th-26th March 2006


Summary

Summary

  • IPv6 has been deployed dual-stack

    • Enabled on all links

    • Many hosts IPv6 enabled

  • Key (external facing) services IPv6 enabled

    • DNS, Mail MXs, web

    • No adverse impact on IPv4 service

  • Seeing some student innovation

    • Also (CS) students using IPv6 in home networks

  • Positive experience to date

    • Next steps: Mobile IPv6 trials, IPv6-only trials

    • Also dual-stack firewall and IDS trials


  • Login