ipv6 – what you need to know tom hollingsworth ccnp,ccvp,ccsp, mcse
TRANSCRIPT
IPv6 – What You IPv6 – What You Need To KnowNeed To Know
Tom HollingsworthTom Hollingsworth
CCNP,CCVP,CCSP, MCSECCNP,CCVP,CCSP, MCSE
What is IP?What is IP?
Internet Protocol version 4 – Internet Protocol version 4 – ARPANetARPANet
IPv4 Address – 192.0.2.22/24IPv4 Address – 192.0.2.22/24 2^32 IPv4 addresses != 4 billion2^32 IPv4 addresses != 4 billion Classful networking – later Classful networking – later
developed into CIDRdeveloped into CIDR Network Address Translation (NAT) Network Address Translation (NAT)
used to extend life of IPv4used to extend life of IPv4
IPv4 – Exit, Stage RightIPv4 – Exit, Stage Right
ICANN/IANA exhaustion occurred ICANN/IANA exhaustion occurred 2/3/20112/3/2011
First RIR to reach depletion – APNIC First RIR to reach depletion – APNIC (8/10/2011)(8/10/2011)
Last projected RIR depletion date – Last projected RIR depletion date – 7/23/20127/23/2012
Rate of consumption at exhaustion Rate of consumption at exhaustion was approx. 4 million addresses per was approx. 4 million addresses per dayday
How Did We Run Out?How Did We Run Out?
Every networked device needs an Every networked device needs an addressaddress
Explosion of networked devicesExplosion of networked devices Desire for connection vs. Need for Desire for connection vs. Need for
addressingaddressing Bad /8 management – 1.0.0.0/8, Bad /8 management – 1.0.0.0/8,
127.0.0.0/8, and Class E127.0.0.0/8, and Class E
Version 6? Where’s Version 6? Where’s Version 5?Version 5?
Version 5 = Stream protocol – Version 5 = Stream protocol – incorporated into IPv6incorporated into IPv6
Version 6 – In development since Version 6 – In development since 19931993
Classless NetworkingClassless Networking 2^128 = 2^128 =
340,282,366,920,938,463,463,374,6340,282,366,920,938,463,463,374,607,07,
431,768,211,456 (340 undecillion) 431,768,211,456 (340 undecillion) addressesaddresses
What Does It Look Like?What Does It Look Like?
IPv4 – 10IPv4 – 10..1010..11..11
IPv6 – IPv6 – 20012001::470470::1f0f1f0f::80c80c::beefbeef::cafecafe::abcdabcd::5454
Link Local – fe80Link Local – fe80::::beefbeef::cafecafe::abcdabcd::5454
IPv6 – In DetailIPv6 – In Detail
Hexadecimal (base 16) addressing – 0-9, Hexadecimal (base 16) addressing – 0-9, a-fa-f
Removed unnecessary header fieldsRemoved unnecessary header fields Removed broadcast in favor of multicastRemoved broadcast in favor of multicast ARP is gone in favor of ICMPv6 and NDARP is gone in favor of ICMPv6 and ND ::1 is the only loopback::1 is the only loopback Much more reliance on DNS for hostsMuch more reliance on DNS for hosts
Hands-Off ConfigurationHands-Off Configuration
IPv6 uses Stateless AutoconfigurationIPv6 uses Stateless Autoconfiguration EUI-64 standard using MAC addressEUI-64 standard using MAC address
Address hiding available for security needsAddress hiding available for security needs Neighbor Solicitation to discover Neighbor Solicitation to discover
addressesaddresses Router Advertisement announces Router Advertisement announces
networknetwork DHCP available, but less needed (only DHCP available, but less needed (only
for DNS resolution)for DNS resolution)
IPv6 Configuration – IPv6 Configuration – Dual Stack or Tunnels?Dual Stack or Tunnels?
6to4 tunnel – each IPv4 has its own 6to4 tunnel – each IPv4 has its own /48 – doesn’t work with NAT or RFC /48 – doesn’t work with NAT or RFC 19181918
Teredo - MS tunnel for use with NATTeredo - MS tunnel for use with NAT ISATAP – allows v4 addresses to ISATAP – allows v4 addresses to
convert to v6, but very complicated convert to v6, but very complicated and relies on DNSand relies on DNS
Dual Stack – Running IPv4 and IPv6 Dual Stack – Running IPv4 and IPv6 simultaneously (expensive)simultaneously (expensive)
Host Readiness – Host Readiness – Windows 7Windows 7
Windows 7 – full IPv6 network stackWindows 7 – full IPv6 network stack Enabled by defaultEnabled by default Full IPv6 DNS record (AAAA) Full IPv6 DNS record (AAAA)
supportsupport
Host Readiness – Host Readiness – Windows XPWindows XP
IPv6 supported in SP2 – Must be IPv6 supported in SP2 – Must be enabledenabled
Does NOT support DNS lookups over Does NOT support DNS lookups over IPv6IPv6
Host Readiness – OS XHost Readiness – OS X
Supported in Jaguar (10.2.x) but Supported in Jaguar (10.2.x) but much better in Snow Leopard much better in Snow Leopard (10.6.x)(10.6.x)
Issues with IPv6 networks being Issues with IPv6 networks being “broken” and not failing to IPv4 as “broken” and not failing to IPv4 as well as DNS server issueswell as DNS server issues
Make sure to be on 10.6.5 or later Make sure to be on 10.6.5 or later for best resultsfor best results
Are My Servers IPv6-ready?Are My Servers IPv6-ready?
Upgrade to Windows Server 2008Upgrade to Windows Server 2008 Snow Leopard 10.6.5 or laterSnow Leopard 10.6.5 or later Verify Linux Kernel supportVerify Linux Kernel support For appliances, check vendor release For appliances, check vendor release
notesnotes
Router ReadinessRouter Readiness
Older equipment doesn’t have Older equipment doesn’t have support for IPv6support for IPv6
Ensure your network equipment is Ensure your network equipment is updatedupdated
IPv6 FirewallsIPv6 Firewalls
IPv6 is a different protocol and IPv6 is a different protocol and requires different rulesrequires different rules
No NAT66 means rules must be No NAT66 means rules must be more detailedmore detailed
Check your firewall vendor to find Check your firewall vendor to find code level for IPv6 supportcode level for IPv6 support
Another good site: Another good site: https://www.icsalabs.com/technology-program/ipv6/ipv6-capable-security-products
What Happens if I Don’t What Happens if I Don’t Use IPv6?Use IPv6?
Major sites are moving to IPv6 Major sites are moving to IPv6 contentcontent Facebook, Google, Netflix, YahooFacebook, Google, Netflix, Yahoo
When IPv4 is depleted, new websites When IPv4 is depleted, new websites will be IPv6-onlywill be IPv6-only
Both protocols needed to access Both protocols needed to access 100% of the Internet going forward100% of the Internet going forward
World IPv6 Day – June 8World IPv6 Day – June 8
Google, Yahoo, and many others are Google, Yahoo, and many others are enabling IPv6 along with IPv4 for 24 enabling IPv6 along with IPv4 for 24 hours as a testhours as a test
About 0.05% of Internet users are About 0.05% of Internet users are expected to have IPv6 related issuesexpected to have IPv6 related issues
Test things out to see how IPv6 Test things out to see how IPv6 works for youworks for you
How can I be ready for How can I be ready for IPv6 today?IPv6 today?
Talk to your ISP and find out their Talk to your ISP and find out their plansplans
Ensure your network equipment is up Ensure your network equipment is up to dateto date
Document your network to make Document your network to make renumbering simple when D-Day renumbering simple when D-Day comescomes
Talk to peers and colleagues to refine Talk to peers and colleagues to refine best recommendationsbest recommendations
Spread the WordSpread the Word
Don’t let stories like this be the face of Don’t let stories like this be the face of IPv6:IPv6:
Web developers have tried to compensate for this problem by creating IPv6 -- a system that
recognizes six-digit IP addresses rather than four-digit ones.
Read more: http://www.foxnews.com/scitech/2011/01/26/
internet-run-ip-addresses-happens-anyones-guess/#ixzz1CFQVefc0
More InformationMore Information
World IPv6 Day - World IPv6 Day - http://isoc.org/wp/worldipv6day/http://isoc.org/wp/worldipv6day/
ARIN IPv6 Information - ARIN IPv6 Information - https://www.arin.net/knowledge/v4-https://www.arin.net/knowledge/v4-v6.htmlv6.html
Microsoft IPv6 Resources - Microsoft IPv6 Resources - http://technet.microsoft.com/en-us/nhttp://technet.microsoft.com/en-us/network/bb530961etwork/bb530961
More InformationMore Information
Apple IPv6 Info - Apple IPv6 Info - http://www.apple.com/server/macosx/tehttp://www.apple.com/server/macosx/technology/networking.htmlchnology/networking.html
IPv6 Wikipedia Page - IPv6 Wikipedia Page - http://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/IPv6
IPv6 enabled address page – IPv6 enabled address page – http://ip6.mehttp://ip6.me
Renumbering a network without a flag Renumbering a network without a flag day - http://tools.ietf.org/html/rfc4192day - http://tools.ietf.org/html/rfc4192