Slide 1

2009 Cisco Systems, Inc. All rights reserved. Presentation_ID 1 IPv6 Enterprise Deployment Strategy Benoit Lourdelet, IPv6 Product Manager, blourdel@cisco.comblourdel@cisco.com

Slide 2

2009 Cisco Systems, Inc. All rights reserved. TERENA 2 Capturing the IPv6 business opportunity Status on IPv6 adoption Impact of IPv4-address exhaustion Enterprise network functions Making an IPv6 plan

Slide 3

2009 Cisco Systems, Inc. All rights reserved. TERENA 3 V6-Enabled Image Source: Forrester, Three Mega Business Trends Will Reshape The Tech Sector V6 Enabled V6 in 2010 V6-Enabled V6 in iOS 4.0 Departments Functions Workgroups/ teams Web-enabled Devices Consumer Software Cloud-based Services Enterprise Collaboration Tools V6-Enabled alpha Ironport cisco.com

Slide 4

2009 Cisco Systems, Inc. All rights reserved. TERENA 4 Impact of IPv4 address pool exhaustion Enterprises should expect their customers, partners, and remote employees to have a mix of connectivity Public IPv4-only Public IPv4 and IPv6 Shared IPv4-only Shared IPv4 and IPv6 IPv6 only

Slide 5

2009 Cisco Systems, Inc. All rights reserved. TERENA 5 Impact of Shared IPv4 Address on Applications Applications which could work poorly or even not at all when one side uses a shared IPv4 address Multiple TCP connections (like AJAX) in parallel Assuming that one IPv4 address = one user (for logging, for load balancing, for access control) Expecting inbound connections (like active FTP) Using an application not yet supported by the NAT devices

Slide 6

2009 Cisco Systems, Inc. All rights reserved. TERENA 6 Dramatic Increase in Enterprise Activity When the IPv4 pool(s) run out things keep working but the Internet stops growing Enterprise that is or will be expanding into new markets Growth/Protection Enterprise that partners with other companies/organizations doing IPv6 Governments, enterprise partners, contractors Partnership Microsoft Windows 7, Server 2008 Microsoft DirectAccess OS/Apps Mergers & Acquisitions NAT Overlap Fixing Old Problems High Density Virtual Machine environments (Server virtualization, VDI) SmartGrid New Technologies External Pressure Internal Pressure

Slide 7

2009 Cisco Systems, Inc. All rights reserved. TERENA 7 IPv6 Internet Presence (websites, remote users, B2B ) IPv6 Islands (Wireless/Consumer devices, Labs ) Internal Data Center, Enterprise Apps Ubiquitous Dual-Stack IPv6 Pilot and Basic Infrastructure IPv4 EOL Sales Certs (IPv6 Logo,USGv6, RIPE-501) Mandated 1, 2, 3 Who? Government Agencies Customers who sell to government agencies Motivated 2 3 4 Who? Customers with IPv4 address exhaustion Global Enterprises with consumer or business interaction on the public internet Customers with user-provided devices on their networks Early Adopter 2 4 3 5 6 7 Who? Companies looking for competitive advantage Companies using IPv6 to solve business problems Early adopters preparing for coexistence Mainstream 2 Who? Large US/European Enterprises Small-Medium Enterprises 1 2 3 5 6 7 4 IPv6 Adoption and Delivery

Slide 8

2009 Cisco Systems, Inc. All rights reserved. TERENA 8 IPv6 for Internet Presence How to offer services on the IPv6 Internet?

Slide 9

2009 Cisco Systems, Inc. All rights reserved. TERENA 9 What is Internet Presence? The set of services offered by the enterprises Governments Hospitals Schools To their Customers Citizens Patients students

Slide 10

2009 Cisco Systems, Inc. All rights reserved. TERENA 10 Why Should an Enterprise Add an IPv6 Internet Presence? To be ready for IPv6 Regulations or incentives To keep applications running Unique IP address per user Customers having only IPv6 connectivity

Slide 11

2009 Cisco Systems, Inc. All rights reserved. TERENA 11 Multiple Ways to Add IPv6 to Web Servers Add native IPv6 to existing web servers: could require some changes in application scripts & logging Add a set of IPv6-only web servers More flexibility and independence of IPv4 & IPv6 Address Family Translator (AFT) in load balancer Accept IPv6 connection from browser Load balance and connect to server with IPv4 AFT in reverse web proxies Quite often reverse proxies are used for security anyway Same scenario as load balancers AFT in network devices Currently with NAT-PT but scalability issue and deprecated by IETF Being worked on at the IETF Behave WG

Slide 12

2009 Cisco Systems, Inc. All rights reserved. TERENA 12 IPv6 Access to Internet How can enterprise internal users access services on the IPv6 Internet?

Slide 13

2009 Cisco Systems, Inc. All rights reserved. TERENA 13 Why Getting IPv6 Access to the Internet? Get end-to-end connectivity for all users Avoid being placed behind a NAT Customer or partner requiring IPv6 Getting know-how and expertise on IPv6 IPv4 connectivity is too expensive

Slide 14

2009 Cisco Systems, Inc. All rights reserved. TERENA 14 Adding IPv6 Access for Internal Users Choice of deployment models Dual-stack: add IPv6 to all hosts and network devices recommended approach Application proxies at the perimeter: Internal browser connects over IPv4 to proxies Proxies connects to IPv6 server Tunneling add IPv6 only to some hosts and network devices could be used for pilot phase or in case of legacy devices

Slide 15

2009 Cisco Systems, Inc. All rights reserved. TERENA 15 IPv6 in the Intranet How can enterprise internal users use IPv6 for internal services?

Slide 16

2009 Cisco Systems, Inc. All rights reserved. TERENA 16 Why Adding IPv6 to all hosts in the intranet? Even if RFC 1918 is enough for enterprise Visibility of tunneled IPv6 traffic To enforce a security policy Enable IPv6-only application Windows 7 DirectAccess transport IPv6 only Windows 2008 Cluster uses IPv6 link-local address Apple Airport management uses IPv6 link-local address Simpler network management without any NAT Ease of deployment and mobility Facilitate merging & acquisition (avoiding NAT conflicts) Be ready to merge/acquire with a IPv6-enabled organization

Slide 17

2009 Cisco Systems, Inc. All rights reserved. TERENA 17 Building an IPv6 intranet Well-known and proven designs (dual-stack, hybrid, ) Enterprises have run several protocols in parallel for years (DECnet, AppleTalk, IPX, ) All OS (Microsoft, Apple, *ix) supports IPv6 for years Some hidden costs Training of operational staff Test all applications for IPv6 readiness

Slide 18

2009 Cisco Systems, Inc. All rights reserved. TERENA 18 Provider Considerations

Slide 19

2009 Cisco Systems, Inc. All rights reserved. TERENA 19 Asking the tough questions ! Dual-stack or native IPv6 at each POP SLA driven just like IPv4 to support VPN, content access Basic Internet PA is no good for customers with multiple providers or change them at any pace PI is new, constantly changing expectations and no guarantee an SP wont do something stupid like not route PI space Customers fear that RIR will review existing IPv4 space and want it back if they get IPv6 PI PI/PA Policy Concerns IPv6 provisioning and access to hosted or cloud-based services today (existing agreements) Salesforce.com, Microsoft BPOS (Business Productivity Online Services), Amazon, Google Apps Host/Cloud Apps Dual-stack or native IPv6 at each POP SLA driven just like IPv4 to support VPN, content access SLA

Slide 20

2009 Cisco Systems, Inc. All rights reserved. TERENA 20 A Phased Approach to IPv6 Adoption Repeat for the Next IPv6-Critical Area in Your Network Identify the highest priority IPv6-critical areas in your network Perform IPv6 Assessment on highest- priority areas to determine scope of design Develop an IPv6 design that enables IPv6 to be introduced without disrupting your IPv4 network Begin IPv6 testing and implementation in pilot mode, then extend over time into production deployment Start with a Phased Plan Aligned with Your Business Strategy 2341

Slide 21

2009 Cisco Systems, Inc. All rights reserved. Presentation_ID 21 Questions ?

Slide 22

2009 Cisco Systems, Inc. All rights reserved. TERENA 22

Slide 23

2009 Cisco Systems, Inc. All rights reserved. TERENA 23 Reference Materials Deploying IPv6 in Campus Networks (Just updated): http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Ca mpIPv6.html http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Ca mpIPv6.html Deploying IPv6 in Branch Networks (Just updated): http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns816/l anding_br_ipv6.html http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns816/l anding_br_ipv6.html New/Updated IPv6 Cisco Sites: http://www.cisco.com/go/ipv6 http://www.cisco.gom/go/entipv6 http://www.cisco.com/go/ipv6http://www.cisco.gom/go/entipv6 Cisco Network Designs: http://www.cisco.com/go/designzone http://www.cisco.com/go/designzone Cisco Live Tweet Chat on Enterprise IPv6: http://bit.ly/a8s2tWhttp://bit.ly/a8s2tW Interop Las Vegas Enterprise IPv6 Session Twitter:@eyepv6

Slide 24

2009 Cisco Systems, Inc. All rights reserved. TERENA 24 Recommended Reading Deploying IPv6 in Broadband Networks - Adeel Ahmed, Salman Asadullah ISBN0470193387, John Wiley & Sons Publications Available Now- Hardcover/eBook