4 to 6: it is time, a presentation about ipv6 in mission critical environments
DESCRIPTION
This presentation outlines IPv6 in Mission Critical Environments; typical environments of customers of Schuberg PhilisTRANSCRIPT
![Page 1: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/1.jpg)
4 to 6: It is time
IPv6 in Mission Critical EnvironmentsMay 2012
1
![Page 2: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/2.jpg)
Agenda
» Intro» Why IPv6?» How to get there?» What can we do?» Q & A
2
![Page 3: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/3.jpg)
Intro
» IPv6 Taskforce: it is all about awareness!» V6 World Congress 2012, February 2012, Paris» IPv6 World Launch Day, the Future is forever (June 6th)
What will it mean to us?
3
![Page 4: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/4.jpg)
Why IPv6?
» IPv6 is inevitable
» It’s a transition (coexistence)
» The ‘Chicken-egg‘ problem:– End users– Content providers Ref: Geoff Huston’s Run-down model -
http://www.potaroo.net/tools/ipv4/index.html
4
RIPE NCC – last 2.67 /8 with <40Mio IPv4 addrAPNIC – last /8 with <16Mio IPv4 addresses
![Page 5: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/5.jpg)
IPv4 versus IPv6
» The Internet protocol (IPv4):– In operation since 1980s– 4 billion unique addresses:
4,294,967,296 2^32
– IPSec back-ported from IPv6– NAT– ARP broadcast
» IPv6:– In operation since 1998– 340 sextillion addresses:
340,282,366,920,938,463,463,374,607,431,768,211,456 = 2^128This equals to 2^96 times the IPv4 address space
– Native IPSec support– No NAT– Neighbor discovery multicast– Simplified headers– Native QoS– Native Mobile IP– Auto configuration– Privacy extensions– Optimized packet structure (jumbograms)
5
![Page 6: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/6.jpg)
The protocol stack
6
![Page 7: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/7.jpg)
IPv6 address notation
An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). An example: 2a00:1188:5:2:207:e9ff:fe24:cf71
C:\Users\eblekkenhorst>nslookup www.cupfighter.netServer: sbpodc101.sbp.lanAddress: 10.71.2.10
Non-authoritative answer:Name: www.cupfighter.netAddresses: 2001:67c:20c8:aa00::20 195.66.90.18
Groups of zeros can be replaced by a double colon (::). This can only be done once:a::b::c can be interpreted as a:0:b:0:0:0:0:c or a:0:0:b:0:0:0:c etc.Reverse DNS: 1.7.f.c.4.2.e.f.f.f.9.e.7.0.2.0.2.0.0.0.5.0.0.0.8.8.1.1.0.0.a.2.ip6.arpa
7
![Page 8: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/8.jpg)
IPv4 versus IPv6 header format
8
IPv6 Internals by Iljitsch van Beijnum Network protocol specialist
![Page 9: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/9.jpg)
The future of IPv4
» First IPv4 and then IPv6; whatever happened to IPv5?» Will IPv4 ever go away?
Coexistence
9
![Page 10: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/10.jpg)
How to get there?
» It’s a ‘journey’ – An iterative step-by-step approach– Have a sound strategy and implementation plan
» Critical success factor: awareness and training» Involvement of all stake holders» Involvement of vendors and suppliers
‘Try before you die’10
![Page 11: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/11.jpg)
The Mission Critical ecosystem
11
![Page 12: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/12.jpg)
What can we do - Implementation scenarios
» Dual stack (‘bilingual’) is preferred
» Any NAT implementation e.g. CGN or NAT64 has disadvantages– It breaks the end-to-end principle– It has significant security, scalability, and reliability problems, by virtue of
being stateful– CGN makes it impossible to host services on well known ports
12
![Page 13: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/13.jpg)
Implementation scenario one
» Do nothing– Single stack IPv4– Actively disabling the IPv6 stack– Changing landscape: isolation– Losing the competitive advantage
13
![Page 14: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/14.jpg)
Implementation scenario two
» NAT64– Dual stack on perimeter
14
![Page 15: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/15.jpg)
Implementation scenario three
» Dual stack– IPv4 and IPv6 hybrid
15
![Page 16: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/16.jpg)
Implementation scenario four
» NAT46– IPv6 centric with IPv4
‘legacy’ entry point
16
![Page 17: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/17.jpg)
Implementation Scenarios
» Things to keep in mind: IPv4 versus IPv6:– ARP (broadcast) is obsoleted by RDP and NDP (multicast) in IPv6– IP address auto-configuration mechanisms (SLAAC)– With IPv6 first hop security becomes an additional point of attention– IPv4 private IP address space, just like NAT, does not exist anymore in IPv6
» The ‘waste’ paradigm shift: Think big! An IPv4 mind set doesn’t compute anymore– The smallest routable IPv6 subnet is /64…– 18,446,744,073,709,551,616 unique IPv6 addresses in one subnet
» IP address management is essential and automation is key
» Industry best practice for IP address space allocation:– /32 for any Service Provider and thus the Schuberg Philis prefix– /48 per customer environment– /64 per smallest subnet (VLAN)– /120 - /127 potentially for point-to-point links
(on demand, implementation specific, not internet routable)
17
![Page 18: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/18.jpg)
IP address space allocation
» Provider Aggregatable– IP address allocation
convention for service providers
– Minimum size /32
» Provider Independent– IP address allocation
for multihomed customers (most of our customers)
– Minimum size /48
18
![Page 19: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/19.jpg)
From a Schuberg Philis perspective
» The customer teams to address IPv6 with their customer» Use this presentation or the White Paper as a starting point» The IPv6 task force as an advisory board and facilitator for all customer teams
» V6 as a best practice: have an IPv6 implementation strategy as an option in every– new customer (green field)– refresh project– any additional infrastructure or external connection in existing customer
environments
19
![Page 20: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/20.jpg)
Tools
» White paper» Presentation / workshop» Campaign / marketing material» IPv6 PoC environment in CORP-IT» Office environment» IPv6 World Launch Day on June 6th 2012: SBP participation» The taskforce
20
![Page 21: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/21.jpg)
IPv6 in practice
» IPv6 on Office LAN is already working
» www.cupfighter.net is v6 enabled
» SBP McInfra bastion, mx and dns are v6 enabled
» Next step:– Enable access to internal and
public services
21
![Page 22: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/22.jpg)
McInfra access
» VPN AnyConnect Client» IPv6 via IPv4 VPN tunnel
22
McInfra bastion, far end of VPN
tunnel
While at the same time IPv6 on the
internet is reachable!
![Page 23: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/23.jpg)
Customer specific discussion topics
» Challenges» Impact analysis» Strategy» Roadmap
23
![Page 24: 4 to 6: It is time, a presentation about IPv6 in Mission Critical Environments](https://reader036.vdocuments.mx/reader036/viewer/2022062616/54919e48b47959e0178b463f/html5/thumbnails/24.jpg)
Q & A
24