ipv6: we care so you don't have to

Click here to load reader

Download IPv6: We Care So You Don't Have To

Post on 12-Nov-2014

744 views

Category:

Education

2 download

Embed Size (px)

DESCRIPTION

Is it time to panic? Are we completely out of IP addresses? Do I have to learn to speak hexadecimal? What is IPv6 and should you care? In this session, we'll attempt to answer these questions and more and we're likely to have more questions than answers. IPv6 is the newest version of the IP/Internet Protocol (currently referred to as IPv4) and was created primarily to address the shortage of IP addresses across the world. However, there's a lot more going on with IPv6 than just addressing changes. This session will address just what the campus has done and still needs to do and what you need to worry about as IPv6 comes closer to your front door.

TRANSCRIPT

  • 1. IPv6: We Care . So You Dont Have To Jim GoganDirector, ITS Comm Tech/Networking 2011 CTC Retreat
  • 2. Setting the Stage So, if you dont care . why are you here? Can you run right out after this and start using IPv6 on campus? no Are there still lots of implementation issues? yep Can you ask questions during the presentation? it depends What were YOU doing on World IPv6 Day?
  • 3. What is IP? Do I need to ask? Current predominant implementation: IPv4 Whats wrong with IPv4? Addressing: 32 bits the famous quad-dotted- decimal notation (e.g. 152.19.145.93) Provides for 4,294,967,296 IP addresses Devices are statically configured for all necessary information or use DHCP for all necessary information
  • 4. IPv4 Addresses Exhausted
  • 5. Solutions for Addressing Addressing NAT? NO!! NAT is evil NAT violates the end-to-end principle thats the foundation of the Internet NAT sucks .. Large business failures? Microsoft has managed to purchase 666,624 IP addresses from the bankrupt Canadian company Nortel for $7.5 million. Doesnt scale unless the economy REALLY gets bad IPv6 Bringing you a new address plan since 1998 (13 years ago!)
  • 6. IPv6 Addresses 128 bit addresses instead of 32 bits Allows for 340,282,366,920,938,463,463,374,607,431,76 8,211,456 nodes 52 trillion trillion addresses per person in the world Allows for scalable, simple and easily understandable addressing schemes (pause for chuckle)
  • 7. IPv6 Addressing Format IPv6 address consists of 8 sets of 16 bit hex values, totaling 128 bits Ex: 2610:0028:3090:5001:dddd:7a76:9e51:aacc 16 bit hex values separated by colons Abbreviation is possible Can omit leading zeros Consecutive zeroes in contiguous blocks can be represented by double colons Ex: 2610:0028:0000:3090:0000:0000:9e51:aacc becomes 2610:28:0:3090::9e51:aacc (ahhh MUCH better ..) Network prefix like IPv4 CIDR 152.19.145.0/24 IPv6 network prefix has similar notation 2610:28:3090:5001::/64
  • 8. First Impression of IPv6 Addresses
  • 9. What Else Does IPv6 Offer? No more broadcast addresses: IPv6 uses multicast instead (oh, joy!!) SLAAC: Stateless Address Auto-Configuration Router advertises itself (Router Advertisement) Router provides IP address prefix info; host portion comes from end station itself Uses ICMPv6 (all those sites blocking ICMP on systems --- one word: dont!) Still need DHCPv6 though and that presents other issues No router fragmentation (jumbo frames users take note!) No ARP Neighbor Discovery Protocol instead (which also uses ICMPv6 and multicast)
  • 10. IPv6 Addressing Model Interfaces can have multiple addresses Addresses have different scopes Link-local Unique-local Global
  • 11. Global (Unicast) Addresses Routable across the Internet Structured hierarchically to allow address aggregation 1st 32 bits: ISP (3 high level bits set to 001) Next 16 bits: Site Level Aggregator Next 16 bits: LAN designation Final 64 bits: Interface ID /48 network prefix allows for 65,536 LANs (subnets) So .. All LANs have 64 bits of network prefix vs. variable length network prefix of IPv4 Ex: 2610:28:3090:5001:dddd:7a76:9e51:aacc
  • 12. Unique-Local (Unicast) Addresses Analogous to RFC-1918 IPv4 private addresses Not routable on the Internet Represented by FD00::/8 Not recommended to use BOTH Global and ULA SAS (Source Address Selection) determines when to use which address; ULA should talk to ULA and Global should talk to Global; has issues
  • 13. Link-Local (Unicast) Addresses Mandatory addresses used between IPv6 devices on the same link Automatically assigned by device on startup Not routed Begin with FE80::/10
  • 14. Multicast Addresses Prefix of FF00::/8 Second octet defines lifetime (permanent or temporary) and scope (node/link/site/organization/global) Used for Router Advertisements, DHCP, NDP, multicast apps
  • 15. So, How Much IPv6 Is Out There? Not much Maybe around .04-.08% of all Internet traffic Around 6% of all networks on the Internet advertise an IPv6 network World IPv6 Day June 8th 2011 Hundreds (wow!) of web companies and industry players enabled v6 on their main websites for 24 hours Brought attention to the efforts; demonstrated what issues there were; demonstrated what issues there werent UNC was a participant
  • 16. IPv6 Status at UNC Not much Range: Campus: 2610:28:3090::/47 Public: 2610:28:3090::/48 On-campus only: 2610:28:3091::/48 UNC HealthCare (Hospital): 2610:28:8000::/48 NCREN has IPv6 routing enabled locally and with relevant peers IPv6 disabled on CCI load Enabled on a small number of campus VLANs, but we still had a presence on World IPv6 Day http://www.unc.edu was accessible by IPv6-only clients but without IPv6 running on the web servers; howd we do that?
  • 17. Implementation Strategy Dual-stack!!! Run BOTH IPv4 and IPv6 on critical infrastructure services, on servers that need IPv6 access and on limited number of clients that need IPv6 (helps for testing and troubleshooting) Implement IPv6 records on DNS servers A records for IPv4; AAAA records for IPv6 Campus BIND DNS servers in dual-stack mode Use static addresses or SLAAC for now (not good long-term strategy); working on DHCPv6 deployment, but theres .. issues ..
  • 18. Issues for Deployment Security Monitoring tools Security Measurement tools Security Security And .
  • 19. What We Learned Prepping for World IPv6 Day FQDN references = good; quad-dotted decimal references = bad Is all of your content local? (i.e. do you reference off-site URLs for content?) Caching servers (impacted Facebook v6 pages) Multicast is VERY important and not trivial to troubleshoot Windows prefers IPv6 over IPv4 Solaris has .. Issues Default RHEL ip6tables blocks DHCPv6 by default
  • 20. But Wait, Theres More Router Advertisements DHCPv6 Apple finally DUID (DHCP Unique Identifier) No longer required to be MAC address Issue with imaging systems More tunnels than the Swiss Alps IPv6 routing not in current fluffy code: coming soon
  • 21. Where Do We Go From Here? Slowly Dont see near-term requirement for IPv6 client access (other than troubleshooting server setups) First priorities: server resources that require access from anywhere in the world (particularly Asia) Talk to us first Harden up those servers Ask for static v6 addresses and register AAAA records Monitor usage carefully
  • 22. Resources http://ipv6.unc.edu http://www.getipv6.info/index.php/Main_Page (ARIN IPv6 Wiki) http://ndtv701ipv6.net.unc.edu:7123/

View more