ipv6 for it leaders-2016-06-22 v2 - pmi mile hi -...

6/21/2016 1© 2016 Global Technology Resources, Inc. All Rights Reserved.

IPv6 Transition Planning for IT Business LeadersJune 22, 2016

Scott HoggCTO GTRI, Chair Emeritus RMv6TF, IPv6 COE Infoblox

CCIE #5133, CISSP #4610

IPv4 Internet Growth

• IPv4 address depletion is occurring around the world.

• “The Internet is running out of phone numbers”.

– IANA free pool of IPv4 address space depleted February 3, 2011

– APNIC extinguished its supply of IPv4 addresses on April 15, 2011

– RIPE NCC reached their final /8 on September 14, 2012

– ARIN reached their final /8 on April 23, 2014, complete exhaustion on September 24, 2015

• The Internet population will continue to become more densely populated.

• IPv4 address blocks will become increasingly fragmented due to address transfers between organizations.

• Lack of available Internet addresses is restricting innovation of Internet technologies.

• Does your organization have enough IPv4 address to sustain operations indefinitely?


IPv4 Address Exhaustion


Source: http://www.potaroo.net/tools/ipv4/

Internet Population Growth

• 7 Billion people on Earth, over 7 Billion mobile devices

6/21/2016 4© 2016 Global Technology Resources, Inc. All Rights Reserved.Source: http://www.internetworldstats.com/stats.htm

4B people are still not connected to the Internet

Cisco Visual Networking Index (VNI)


http://www.cisco.com/go/vnihttp://www.cisco.com/web/solutions/sp/vni/vni_forecast_highlights/index.html

Internet Protocol Version 6

• IPv6 is the next generation computer network protocol for use on the Internet and within private networks.

• IPv6 is a standard defined by the Internet Engineering Task Force (IETF) and was first specified in the mid-to-late-90s. IPv6 has had more than a decade to mature and it is now ready for mass deployment and Internet use.

• IPv6 is designed to replace IPv4 but IPv6 is a different protocol than IPv4 yet they can both coexist. You can use both versions simultaneously making systems “bilingual”. Dual-Stack/Dual-Protocol

• We are in an awkward period where IPv4 address exhaustion is occurring yet we have not migrated to IPv6.

• Organizations that connect to the Internet now need to learn about IPv6 and prepare their systems to communicate using this protocol.


Business Case for IPv6

• Reasons why an organization would want to deploy IPv6:

– Desire to share their information and

communicate with the broadest Internet

population

– The Internet now uses both IP versions

– Communicate with customers, partners,

vendors, suppliers, employees, everyone

– Maintaining business continuity and

business relevancy

– Avoiding technology obsolescence6/21/2016 7© 2016 Global Technology Resources, Inc. All Rights Reserved.


IPv4 and IPv6 Header

TCP/IP Protocol Stack

Application Layer

TransportLayer

Internet Layer

Link Layer Ethernet T1/E1/T3/E3WirelessSONET

SDH

IPv4 IPv6

ARP

ICMP

IGMP

TCP UDP SCTPH

TT

P(S

)

SS

H

SM

TP

TF

TP

DH

CP

DN

S

SIP

WebR

TC

TLS

/SS

L

SN

MP

BG

P

DCCP


ICMPv6

NDP MLD


Dual IP Stacks Model

• Dual-Stack Architecture – RFC 1933

• Choice of the IP version is based on name lookup, application or operating system preference

• IPv4 and IPv6 packets flow in Ethernet like “ships in the night”

Application

Data Link (EthernetII)

TCP UDP

IPv4 IPv6

0x86dd0x0800

Node-to-Node Communications

• For two nodes to communicate they must support one common protocol

• An IPv4-only node cannot communicate with an IPv6-only node


IPv4-Only Dual Protocol IPv6-Only

IPv4-Only Yes (IPv4) Yes (IPv4) No

Dual Protocol Yes (IPv4) Yes (IPv6, IPv4) Yes (IPv6)

IPv6-Only No Yes (IPv6) Yes (IPv6)

Dual-Stack Transition

• Organizations use IPv4 today and will add

IPv6 as a separate protocol, run them in

parallel for many years, and after many

years, start to disable IPv4


IPv4 Deployment

IPv6 Deployment

Time

Dual-Protocol Operations

• In a dual-protocol environment there are many tasks that will need to be performed twice (once for each IP version)

– IP Address Management, DNS, DHCP/DHCPv6

– Firewall policies – two objects and rules

– Router/switch – configure and maintain two IP routing protocols

– Server configuration – all nodes need two addresses

– End-to-end testing

– Application testing

• Consider the CAPEX and OPEX as you make the transition6/21/2016 13© 2016 Global Technology Resources, Inc. All Rights Reserved.

Dual Stack OPEX Costs


IPv6-Only

• This is not easily achievable because most of the content on the Internet is IPv4-only. This would require NAT64/DNS64 to access but only applications that use DNS may work.

• There are many systems in environments that are IPv4-only

– Game consoles (PS3, Xbox 360/Live, Wii)

– Printers, Tivo, BlueRay, IP cameras

– UPSs, KVMs, iLO

– Windows XP/Win2k3 use IPv4 for DNS queries

• RFC 6586 - Experiences from an IPv6-Only Network

• RFC 7404 - Using Only Link-Local Addressing inside an IPv6 Network


Benefits of IPv6-Only

• Reduced OPEX costs by running only a single IP protocol

• IPv6 addressing (operations) is simpler

– No NAT makes everything better

• Reduced dependence on increasingly expensive IPv4 addresses

– If you know you are going to need more IPv4, buy it now

– Sell your public IPv4 at the peak price

• No need to purchase and maintain CGN/LSN systems

• In some cases IPv6 performs better than IPv4


https://community.infoblox.com/t5/IPv6-Center-of-Excellence/IPv4-Address-Trading-for-Fun-and-Profit/ba-p/3496

Is IPv6 Faster Than IPv4?

• There are now several studies analyzing if IPv6 is faster than IPv4.

– Google’s 2010 paper titled “Evaluating IPv6 Adoption in the Internet”

• Geoff Huston of APNIC at NANOG 66

– 6to4 and Teredo are responsible for most of the connection failures

– He concluded that native IPv6 can be as-fast as IPv4

• Paul Saab at Facebook has shows data from Mobile Proxygenthat shows IPv6 is faster for them.

– “Facebook says it has seen users’ News Feeds loading 20 percent to 40 percent faster on mobile devices using IPv6”.

• Hurricane Electric (HE) Global IPv6 Deployment Progress Report

– “Percentage of IPv6 rDNS Nameservers where IPv6 is as fast or faster than IPv4 (within 1ms): 74.9%”



Planning for IPv6

• Everyone must understand the importance of IPv6 to the organization– Map IPv6 Features/Advantages to areas in your Enterprise

Architecture– Show how IPv6 will aid or transform your organization

• Leadership must buy into the process• Strong Project Managers are required to guide the

transition– IPv6 is not a Project but a Program

– It spans many technical domains and spans years

• Organize your plan based on IT environment• Phases of the transition

– Internet Edge First, ISP Interconnect– Internet-facing services– Core/WAN– Access Networks

Enterprise IPv6 Deployment Guidelines

• Enterprise IPv6 Deployment Guidelines (RFC 7381), October 2014

• Preparation and Assessment Phase

– Program Planning, Inventory Phase, Training,

Security Policy, Routing, Address Plan, Tools

Assessment

• External Phase

– Connectivity, Security, Monitoring, Servers and

Applications, NPT

• Internal Phase

– Security, Network Infrastructure, End-user Devices,

Corporate Systems

• IPv6 Only



• IETF RFC 7381 provides guidance -Section 2 covers planning

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4

1.1. Enterprise Assumptions . . . . . . . . . . . . . . . . . 5

1.2. IPv4-Only Considerations . . . . . . . . . . . . . . . . 5

1.3. Reasons for a Phased Approach . . . . . . . . . . . . . . 6

2. Preparation and Assessment Phase . . . . . . . . . . . . . . 7

2.1. Program Planning . . . . . . . . . . . . . . . . . . . . 7

2.2. Inventory Phase . . . . . . . . . . . . . . . . . . . . . 8

2.2.1. Network Infrastructure Readiness Assessment . . . . . 8

2.2.2. Application Readiness Assessment . . . . . . . . . . 9

2.2.3. Importance of Readiness Validation and Testing . . . 9

2.3. Training . . . . . . . . . . . . . . . . . . . . . . . . 10

2.4. Security Policy . . . . . . . . . . . . . . . . . . . . . 10

2.4.1. IPv6 Is No More Secure Than IPv4 . . . . . . . . . . 10

2.4.2. Similarities between IPv6 and IPv4 Security . . . . . 11

2.4.3. Specific Security Issues for IPv6 . . . . . . . . . . 11

2.5. Routing . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.6. Address Plan . . . . . . . . . . . . . . . . . . . . . . 14

2.7. Tools Assessment . . . . . . . . . . . . . . . . . . . . 16



IPv6 Transition Office

• Building a transition office requires a team approach

• Organizing a cross-functional team (people, process,

technology)

• Regular/Frequent meetings with IPv6 stakeholders to

coordinate IPv6 migration activities

Your

Organization

IPv6

Transition OfficeVendors

IPv6 Community

IETF

ARIN

Customers

IPv6 Planning Steps


1. Evaluate effects on business model

2. Establish IPv6 project team

3. Establish IPv6 training strategy

4. Decide IPv6 architectural solution

5. Develop exception strategy

6. Assess network hardware and software readiness

7. Obtain IPv6 prefix(es)

8. Develop security policy

9. Test application software and services

10. Develop procurement plan

11. Execute plans Source: Cisco BRKRST2311

Agile Methodology for IPv6

• Agile approach to project management and software development

– 2001 Manifesto for Agile Software Development

– Principles behind the Agile Manifesto

• Some organizations may try to consider everything when embarking on IPv6

• It can be an iterative process with “sprint” milestones

• Applying Agile Methodology to IPv6 Deployment– Infoblox IPv6 COE Blog, 8/12/15

– http://community.infoblox.com/t5/IPv6-Center-of-Excellence/Applying-

Agile-Methodology-to-IPv6-Deployment/ba-p/3507



IPv6 Transition Timeline

201620142012201020082006

IPv4 Address Depletion

IPv6 Drivers

IPv6 Constraints

Mandated Federal Transition

Dual-protocol OS Deployments

DNS/DHCPv6/DDNS Products

IPv6 Security Products

IT Technology Refresh Cycle

IPv6-Capable Vendor Products

Service Provider IPv6 Offerings

CGN/LSN Deployments

Transition Planning


IPv6 Design Strategy

• Consider your organizational structure and current network topology

• IPv6 will use some of the same topology and traffic patterns

– IPv4 makes heavy use of Unicast and client/server flows

– IPv6 will eventually add more Mobile and Peer-to-Peer traffic flows

• Plan your deployment and addressing based on your current topology and future growth

– The physical topology won’t change with IPv6’s introduction

• Your IPv6 security architecture will be similar to your current protection measures

– The perimeter security model is still valid with IPv6


• IETF RFC 7381 provides guidance -Section 3 & 4 covers deployment

• Start with the External phase then move to the Internal phase

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4

2. Preparation and Assessment Phase . . . . . . . . . . . . . . 7

3. External Phase . . . . . . . . . . . . . . . . . . . . . . . 17

3.1. Connectivity . . . . . . . . . . . . . . . . . . . . . . 18

3.2. Security . . . . . . . . . . . . . . . . . . . . . . . . 19

3.3. Monitoring . . . . . . . . . . . . . . . . . . . . . . . 20

3.4. Servers and Applications . . . . . . . . . . . . . . . . 20

3.5. Network Prefix Translation for IPv6 . . . . . . . . . . . 21

4. Internal Phase . . . . . . . . . . . . . . . . . . . . . . . 21

4.1. Security . . . . . . . . . . . . . . . . . . . . . . . . 22

4.2. Network Infrastructure . . . . . . . . . . . . . . . . . 22

4.3. End-User Devices . . . . . . . . . . . . . . . . . . . . 23

4.4. Corporate Systems . . . . . . . . . . . . . . . . . . . . 24


IPv6 Deployment Phases


IPv6 ACT NOW (RIPE NCC)


Source: http://www.ipv6actnow.org/info/statistics/

Google IPv6 Statistics


Source: http://www.google.com/ipv6/statistics.html#

Google IPv6 Statistics


Comcast IPv6 Deployment


Source: http://www.comcast6.net/

Verizon Wireless IPv6 Deployment


http://www.internetsociety.org/deploy360/blog/2014/06/verizon-wireless-passes-50-ipv6-deployment/

http://www.worldipv6launch.org/measurements/

T-Mobile USA IPv6 Deployment


http://www.worldipv6launch.org/measurements/

Sprint Wireless IPv6 Deployment


Source: http://www.worldipv6launch.org/apps/ipv6week/measurement/images/graphs/SprintWireless.png

AT&T Wireless IPv6 Deployment


Source: http://www.worldipv6launch.org/apps/ipv6week/measurement/images/graphs/AT&TWireless.png

British Sky Broadcasting (BSkyB)


http://www.worldipv6launch.org/latest-ipv6-network-operator-measurements/

Akamai IPv6 Adoption Visualization


https://www.akamai.com/us/en/our-thinking/state-of-the-internet-report/state-of-the-internet-ipv6-adoption-visualization.jsp


Summary

• IPv6 is not a passing fad. IPv6 is an eventuality and is inevitable.

• The global IPv6 transition is already underway.• An IPv6-enabled Internet already exists and IPv6

Internet content exists.• Your network and host OS infrastructure is already

IPv6 capable. It is just a matter of enabling it.• Service providers have initial IPv6 services and are

continuing to expand their deployments.• Organizations are migrating to IPv6 to communicate

with the broadest range of Internet users.• You should be planning to transition to IPv6 sooner

rather than later to preserve Internet business continuity.


Rocky Mountain IPv6Task Force

• Regional “chapter” of North American IPv6 Task Force and, therefore, the IPv6 Forum

• Our Charter

– Provide Education on IPv6 and its benefits

– Promotion of IPv6 technology

– Research and Development and showcase IPv6 technology and services

– Put on local IPv6-focused events

– Work to further the use of IPv6 with a regional focus

• Annual Rocky Mountain IPv6 Summit

– Download presentations from first 8 years of events

– www.RMv6TF.org

– https://www.youtube.com/channel/UC0ZRZIvwE_Ak0

nfzgbgYMHw/feed

NetworkWorld Blog


http://www.networkworld.com/blog/core-networking-and-security/http://www.networkworld.com/author/scott-hogg/

Infoblox IPv6 Center of Excellence


https://community.infoblox.com/t5/IPv6-Center-of-Excellence/bg-p/IPv6

GTRI’s IPv6 Transition Services


• IPv6 Inventory and Assessment Services– Documentation of your current inventory and determination of

IPv6 compatibility

– Data gathering expertise using manual and automated utilities

– Inventory data aggregation and review

• IPv6 Training– Education for your teams to help them learn IPv6 technologies

– IPv6 training tailored to specific IT job functions and roles

– Classroom hands-on training taught at your location

• IPv6 Transition Planning– Custom-tailored transition planning for your IPv6 migration, tied to

your enterprise architecture

– Detailed and technical transition planning documents

– IPv6 address planning and documentation

GTRI’s IPv6 Transition Services


• IPv6 Application Assessment– Software assessments leveraging COTS tools and our extensive

experience

– Review of your operating system constraints for IPv6 adoption

• IPv6 Experimentation and Laboratory Testing– Systems testing in our IPv6 lab (DNS, routing, security, load

balancers, applications)

– Perform IPv6 product testing, IPv6 security testing

• IPv6 Deployment– Deployment of dual-stack and other IPv6 transition techniques

– Dual Stack DNS servers and IPv6 security deployment

• IPv6 Troubleshooting– In depth troubleshooting of dual-stack application behavior


Questions and Answers

Q:&

A:[email protected] Mobile: [email protected] @scotthogg

ipv6 for it leaders-2016-06-22 v2 - pmi mile hi -...

Documents