SlideShare una empresa de Scribd logo

Successfully Deploying IPv6

Zivaro Inc
Zivaro Inc

GTRI's CTO, Scott Hogg, presented at NANOG (North American Network Operators Group) on the topic of deploying IPv6, including pitfalls to be aware of, addressing challenges, routing, dual-protocol applications, troubleshooting and training. Presented by Scott Hogg, CTO GTRI, at NANOG On The Road 5, Orlando, FL, February 24, 2015.

Tecnología
1 de 17
© 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Successfully  Deploying  IPv6   Presented  by  Sco8  Hogg,  CTO  GTRI   NANOG  On  The  Road  5  –  Orlando,  FL   February  24,  2015  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Dual Stack Migration Planning Pitfalls •  Training for IPv6 Deployment Success •  Addressing Challenges •  IPv6 Routing •  Dual-Protocol Applications •  Troubleshooting Dual-Protocol Networks Agenda  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Organizations using IPv4 today will add IPv6 as a separate protocol, run them in parallel for many years, then after many years, start to disable IPv4 IPv6  Planning  –  Dual  Stack  MigraNon   IPv4  Deployment   IPv6  Deployment   Time  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Failing to build a cross-function IPv6 deployment team –  Multidisciplinary, Collaborative, Cooperative •  Organizations need to treat IPv6 as a “Program” not just like a typical IT “Project” –  IPv6 transition is made up of many smaller projects that will span multiple years and cross the entire enterprise •  Regular/Frequent meetings are key to maintaining pace •  Just like anything, executive buy-in and support is essential IPv6  Planning  PiOalls  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t try to look at everything, identify devices requireing IPv6 •  Focus your efforts on the Internet perimeter –  Look at every device in the transmission path (IPS, WAF, web proxy, DLP, …) •  The good news is you have waited to deploy IPv6 –  Now most IT products come standard with IPv6 capabilities •  Don’t be concerned about an IPv4-only management plane – that will come later •  Some devices may remain IPv4-only until they die Performing  an  IPv6  Readiness  Assessment  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assume your IT organization has not taken the initiative to immerse themselves in IPv6 •  People need to be trained early in the process, but not too early that they forget what they learned –  Train “just in time”, not years before an IPv6 address is actually configured on a production device •  Train for different skillsets (appdev, sysadmin, net admin, sec admin, helpdesk, PMs, …) •  Much of your IPv4 experience is applicable to IPv6 •  Don’t fear the larger addresses – Learn to “Think in Hex” Training  for  Success  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  IPv4-Think is dangerous when planning IPv6 addressing –  Crazy Talk: Using decimal #s, embedding VLAN #, IPv4 address converted to hex •  There is no scarcity of IPv6 addresses –  If there is no scarcity, there can be no waste –  Don’t try to assign only the minimum-needed prefix length –  Plan for the number of subnets, not the number of hosts •  Perform addressing for simplicity and ease of management –  Don’t be concerned about lots of reserved space IPv6  Addressing  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t force levels of hierarchy that are not needed •  Use standard prefix lengths: /48, /56, /64 •  Use nibble-boundary – don’t use /50, /57, /65, … •  Consistency between sites can increase operational efficiency, however, not every site needs the same addressing plan –  Branches need a different plan than a data center “site” •  Stick with Global Unicast Addresses (GUA) 2000::/3 •  Avoid Unique Local Addresses (ULA) FC00::/7 IPv6  Addressing  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  IP addressing and routing go hand-in-hand •  All IP routing protocols have IPv6 capabilities •  Separating control plane for two data planes can be desirable –  Establish BGP peer over IPv4 TCP 179 for sharing IPv4 routes –  Establish BGP peer over IPv6 TCP 179 for sharing IPv6 routes •  Don’t forget to use a 32-bit RID to the IPv6 routing process •  Peering using global (preferred) or link-local addresses •  Consider using locally-administered link-local addresses –  fe80::cccc:0001, fe80::dddd:0002, … •  Type carefully – don’t fat-finger the address IPv6  RouNng  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assessing current code for IPv6-capability –  Most applications are not creating socket-level connections –  Most applications use higher-level APIs or rely on lower-level web services for connectivity •  Create code that is Address-Family (AF) independent •  Presentation-to-Numeric (p2n) & Numeric-to-Presentation (n2p) –  Robustness principle: Be conservative in what you send, be liberal in what you accept •  Be careful of data structures for storing 128-bit addresses •  Create code that performs dual-protocol DNS resolution and incorporates Happy Eyeballs (RFC 6555) •  Write code that properly handles Path MTU Discovery (PMTUD) Dual-­‐Protocol  ApplicaNons  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Understand how IPv4 and IPv6 are different in terms of networking (NDP, extension headers, dynamic tunnels, …) •  Don’t deploy IPv6 if you lack the products to secure the protocol •  Don’t be overly worried about IPv6 NDP security weaknesses –  You haven’t secured your IPv4 LANs either –  https://community.infoblox.com/blogs/2015/02/10/holding- ipv6-neighbor-discovery-higher-standard-security IPv6  Security  ConsideraNons  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Even if you do not deploy IPv6, there could still be IPv6- related issues that you must deal with. •  You now have IPv6-enabled nodes in your environment. •  Using a disciplined troubleshooting methodology will pay dividends when dealing with multi-part problems. •  Troubleshoot IPv6 in segments (LAN1, WAN, LAN2) •  Troubleshooting NDP requires a magnifying lens. –  You may need to break out the protocol analyzer –  Looking for an IPv6 needle in a haystack of IPv4 TroubleshooNng  Dual  Protocol  Networks  
© 2015 Global Technology Resources, Inc. All Rights Reserved. TroubleshooNng  Dual  Protocol  Networks   Applicatio n Layer Transport Layer Internet Layer Link Layer IPv4 IPv6 ARP ICMP IGMP TCP UDP SCTP HTTP(S)   SSH   SMTP   TFTP   DHCP   DNS   SIP   WebRTC   TLS/SSL   SNMP   BGP   DCCP T1/E1/T3/E3 SONET SDH ICMPv6 NDP MLD Ethernet Wireless
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Ping (ping6) (by name, by IP address, in both directions, specify source address, 1500-byte MTU) –  Linux: ping6 -I eth0 fe80::1 –  Windows: ping fe80::1%12 –  Cisco: ping fe80::1%GigabitEthernet0/0 –  ping -l 1500 2001:db8:dead:c0de::1 •  Traceroute (traceroute6), tracert •  Tcptraceroute6 (www.remlab.net/ndisc6/) •  Microsoft C:>pathping -6 2001:db8:11::1 •  mtr -r6 www.rmv6tf.org c100 (www.bitwizard.nl/mtr/) •  Pchar, pathchar, iperf, jperf •  Netcat (nc -6), telnet, ssh, nmap -6 -sT 2001:db8::1 End-­‐to-­‐End  IPv6  TroubleshooNng  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Check yourself from the Internet-perspective –  Leverage IPv6-capable looking glasses –  Is your traffic really using IPv6? •  In a dual-protocol environment there are many tasks that will need to be performed twice (once for each IP version) •  Some connections could use IPv4 and/or IPv6 –  Web pages could be delivered over a combination of protocols. How do you know which protocol was used? –  Browser add-ons, plug-ins can be helpful TroubleshooNng  Dual  Protocol  Networks  
© 2015 Global Technology Resources, Inc. All Rights Reserved. IPv6  Browser  Plug-­‐ins,  Add-­‐Ons  
© 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Thank  You!   Sco8  Hogg,  CTO  GTRI   303-­‐949-­‐4865    |    shogg  at  gtri.com  

Recomendados

IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
Swiss IPv6 Council
 
IPv6 on the Interop Network
IPv6 on the Interop NetworkIPv6 on the Interop Network
IPv6 on the Interop Network
Network Utility Force
 
12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton
IPv6 Summit 2010
 
Apache NiFi User Guide
Apache NiFi User GuideApache NiFi User Guide
Apache NiFi User Guide
Deon Huang
 
IPv6 at LinkedIn
IPv6 at LinkedInIPv6 at LinkedIn
IPv6 at LinkedIn
APNIC
 
IPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise NetworksIPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise Networks
Ivan Pepelnjak
 
Presd1 09
Presd1 09Presd1 09
Presd1 09
Niels Groeneveld
 
Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4
Timothy Spann
 

Recomendados

IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
Swiss IPv6 Council
 
IPv6 on the Interop Network
IPv6 on the Interop NetworkIPv6 on the Interop Network
IPv6 on the Interop Network
Network Utility Force
 
12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton
IPv6 Summit 2010
 
Apache NiFi User Guide
Apache NiFi User GuideApache NiFi User Guide
Apache NiFi User Guide
Deon Huang
 
IPv6 at LinkedIn
IPv6 at LinkedInIPv6 at LinkedIn
IPv6 at LinkedIn
APNIC
 
IPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise NetworksIPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise Networks
Ivan Pepelnjak
 
Presd1 09
Presd1 09Presd1 09
Presd1 09
Niels Groeneveld
 
Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4Introduction to Apache NiFi 1.11.4
Introduction to Apache NiFi 1.11.4
Timothy Spann
 
Final Assignment On IPv4 vs IPv6
Final Assignment On IPv4 vs IPv6Final Assignment On IPv4 vs IPv6
Final Assignment On IPv4 vs IPv6
LITS IT Ltd,LASRC.SPACE,SAWDAGOR BD,FREELANCE BD,iREV,BD LAW ACADEMY,SMART AVI,HEA,HFSAC LTD.
 
Starting the DevOps Train
Starting the DevOps TrainStarting the DevOps Train
Starting the DevOps Train
Cisco DevNet
 
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFiThe First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
DataWorks Summit
 
IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und Adressierung
Swiss IPv6 Council
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities Report
ARIN
 
MiniFi and Apache NiFi : IoT in Berlin Germany 2018
MiniFi and Apache NiFi : IoT in Berlin Germany 2018MiniFi and Apache NiFi : IoT in Berlin Germany 2018
MiniFi and Apache NiFi : IoT in Berlin Germany 2018
Timothy Spann
 
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproNorway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
IPv6no
 
IPV6 Deployment for Broadband Internet by Azura Mat Salim
IPV6 Deployment for Broadband Internet by Azura Mat SalimIPV6 Deployment for Broadband Internet by Azura Mat Salim
IPV6 Deployment for Broadband Internet by Azura Mat Salim
MyNOG
 
Apache Nifi Crash Course
Apache Nifi Crash CourseApache Nifi Crash Course
Apache Nifi Crash Course
DataWorks Summit
 
Apache MXNet for IoT with Apache NiFi
Apache MXNet for IoT with Apache NiFiApache MXNet for IoT with Apache NiFi
Apache MXNet for IoT with Apache NiFi
Timothy Spann
 
Sipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slidesSipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slides
Olle E Johansson
 
Apache Deep Learning 101 - DWS Berlin 2018
Apache Deep Learning 101 - DWS Berlin 2018Apache Deep Learning 101 - DWS Berlin 2018
Apache Deep Learning 101 - DWS Berlin 2018
Timothy Spann
 
IPv6 Summit Powerpoint
IPv6 Summit PowerpointIPv6 Summit Powerpoint
IPv6 Summit Powerpoint
Tim Price
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60
RIPE Meetings
 
The First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFi
The First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFiThe First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFi
The First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFi
DataWorks Summit
 
Best practices and lessons learnt from Running Apache NiFi at Renault
Best practices and lessons learnt from Running Apache NiFi at RenaultBest practices and lessons learnt from Running Apache NiFi at Renault
Best practices and lessons learnt from Running Apache NiFi at Renault
DataWorks Summit
 
Sip & IPv6 - time for action!
Sip & IPv6 - time for action!Sip & IPv6 - time for action!
Sip & IPv6 - time for action!
Olle E Johansson
 
Resume of Hassan Ibrahim
Resume of Hassan IbrahimResume of Hassan Ibrahim
Resume of Hassan Ibrahim
Hassan Ibrahim
 
Apache NiFi 1.0 in Nutshell
Apache NiFi 1.0 in NutshellApache NiFi 1.0 in Nutshell
Apache NiFi 1.0 in Nutshell
Koji Kawamura
 
Alta Disponibilidade no MySQL 5.7
Alta Disponibilidade no MySQL 5.7Alta Disponibilidade no MySQL 5.7
Alta Disponibilidade no MySQL 5.7
MySQL Brasil
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
Zivaro Inc
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
 

Más contenido relacionado

La actualidad más candente

The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFiThe First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
DataWorks Summit
 
IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und Adressierung
Swiss IPv6 Council
 
IPv6 Summit Powerpoint
IPv6 Summit PowerpointIPv6 Summit Powerpoint
IPv6 Summit Powerpoint
Tim Price
 
The First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFi
The First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFiThe First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFi
The First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFi
DataWorks Summit
 
Best practices and lessons learnt from Running Apache NiFi at Renault
Best practices and lessons learnt from Running Apache NiFi at RenaultBest practices and lessons learnt from Running Apache NiFi at Renault
Best practices and lessons learnt from Running Apache NiFi at Renault
DataWorks Summit
 
Resume of Hassan Ibrahim
Resume of Hassan IbrahimResume of Hassan Ibrahim
Resume of Hassan Ibrahim
Hassan Ibrahim
 

La actualidad más candente (20)

Final Assignment On IPv4 vs IPv6
Final Assignment On IPv4 vs IPv6Final Assignment On IPv4 vs IPv6
Final Assignment On IPv4 vs IPv6
 
Starting the DevOps Train
Starting the DevOps TrainStarting the DevOps Train
Starting the DevOps Train
 
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFiThe First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
 
IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und Adressierung
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities Report
 
MiniFi and Apache NiFi : IoT in Berlin Germany 2018
MiniFi and Apache NiFi : IoT in Berlin Germany 2018MiniFi and Apache NiFi : IoT in Berlin Germany 2018
MiniFi and Apache NiFi : IoT in Berlin Germany 2018
 
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproNorway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
 
IPV6 Deployment for Broadband Internet by Azura Mat Salim
IPV6 Deployment for Broadband Internet by Azura Mat SalimIPV6 Deployment for Broadband Internet by Azura Mat Salim
IPV6 Deployment for Broadband Internet by Azura Mat Salim
 
Apache Nifi Crash Course
Apache Nifi Crash CourseApache Nifi Crash Course
Apache Nifi Crash Course
 
Apache MXNet for IoT with Apache NiFi
Apache MXNet for IoT with Apache NiFiApache MXNet for IoT with Apache NiFi
Apache MXNet for IoT with Apache NiFi
 
Sipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slidesSipforum SIP & IPv6 discussion slides
Sipforum SIP & IPv6 discussion slides
 
Apache Deep Learning 101 - DWS Berlin 2018
Apache Deep Learning 101 - DWS Berlin 2018Apache Deep Learning 101 - DWS Berlin 2018
Apache Deep Learning 101 - DWS Berlin 2018
 
IPv6 Summit Powerpoint
IPv6 Summit PowerpointIPv6 Summit Powerpoint
IPv6 Summit Powerpoint
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60
 
The First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFi
The First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFiThe First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFi
The First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFi
 
Best practices and lessons learnt from Running Apache NiFi at Renault
Best practices and lessons learnt from Running Apache NiFi at RenaultBest practices and lessons learnt from Running Apache NiFi at Renault
Best practices and lessons learnt from Running Apache NiFi at Renault
 
Sip & IPv6 - time for action!
Sip & IPv6 - time for action!Sip & IPv6 - time for action!
Sip & IPv6 - time for action!
 
Resume of Hassan Ibrahim
Resume of Hassan IbrahimResume of Hassan Ibrahim
Resume of Hassan Ibrahim
 
Apache NiFi 1.0 in Nutshell
Apache NiFi 1.0 in NutshellApache NiFi 1.0 in Nutshell
Apache NiFi 1.0 in Nutshell
 
Alta Disponibilidade no MySQL 5.7
Alta Disponibilidade no MySQL 5.7Alta Disponibilidade no MySQL 5.7
Alta Disponibilidade no MySQL 5.7
 

Destacado

Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn'tSingle Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
Zivaro Inc
 
Support Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network ArchitectureSupport Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network Architecture
Zivaro Inc
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSX
Zivaro Inc
 
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Horacio Gonzalez
 

Destacado (20)

Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn'tSingle Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
 
Using Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced ThreatsUsing Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced Threats
 
Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?
 
IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013
 
Support Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network ArchitectureSupport Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network Architecture
 
GTRI.com Splunk for Vmware APP
GTRI.com Splunk for Vmware APPGTRI.com Splunk for Vmware APP
GTRI.com Splunk for Vmware APP
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology Brief
 
Splunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.comSplunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.com
 
Splunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DaySplunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech Day
 
Software-Defined WAN 101
Software-Defined WAN 101Software-Defined WAN 101
Software-Defined WAN 101
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSX
 
GTRI Splunk Overview - Splunk Tech Day
GTRI Splunk Overview - Splunk Tech DayGTRI Splunk Overview - Splunk Tech Day
GTRI Splunk Overview - Splunk Tech Day
 
Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013
Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013
Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013
 
GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech Day
 
Big Data Workshop: Splunk and Dell EMC...Better Together
Big Data Workshop: Splunk and Dell EMC...Better TogetherBig Data Workshop: Splunk and Dell EMC...Better Together
Big Data Workshop: Splunk and Dell EMC...Better Together
 
Organizational Change Management
Organizational Change ManagementOrganizational Change Management
Organizational Change Management
 
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
 
Beyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security TechnologiesBeyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security Technologies
 

Similar a Successfully Deploying IPv6

Top 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres DeploymentTop 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres Deployment
EDB
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Network Utility Force
 
Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
saryu2011
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2
srmanjuskp
 

Similar a Successfully Deploying IPv6 (20)

Panel with IPv6 CE Vendors
Panel with IPv6 CE VendorsPanel with IPv6 CE Vendors
Panel with IPv6 CE Vendors
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
Top 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres DeploymentTop 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres Deployment
 
IPv6 Deployment Update
IPv6 Deployment UpdateIPv6 Deployment Update
IPv6 Deployment Update
 
IPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPsIPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPs
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6
 
npNOG 5: IPv6 Deployment Update
npNOG 5: IPv6 Deployment UpdatenpNOG 5: IPv6 Deployment Update
npNOG 5: IPv6 Deployment Update
 
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
 
bdNOG 11: IPv6 Update
bdNOG 11: IPv6 UpdatebdNOG 11: IPv6 Update
bdNOG 11: IPv6 Update
 
12 steps for IPv6 Deployment in Governments and Enterprises
12 steps for IPv6 Deployment in Governments and Enterprises12 steps for IPv6 Deployment in Governments and Enterprises
12 steps for IPv6 Deployment in Governments and Enterprises
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?
 
3hows
3hows3hows
3hows
 
Oracle Cloud Networking And Security Exposed
Oracle Cloud Networking And Security Exposed Oracle Cloud Networking And Security Exposed
Oracle Cloud Networking And Security Exposed
 
Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
 
Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
 
IPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have ToIPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have To
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015
 
IPv6 New RFCs
IPv6 New RFCsIPv6 New RFCs
IPv6 New RFCs
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2
 

Más de Zivaro Inc

Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 

Más de Zivaro Inc (8)

How to Rightsize Your Citrix Investment
How to Rightsize Your Citrix InvestmentHow to Rightsize Your Citrix Investment
How to Rightsize Your Citrix Investment
 
On-Prem vs. Cloud Collaboration Showdown
On-Prem vs. Cloud Collaboration ShowdownOn-Prem vs. Cloud Collaboration Showdown
On-Prem vs. Cloud Collaboration Showdown
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same Coin
 
Denver Big Data Analytics Day
Denver Big Data Analytics DayDenver Big Data Analytics Day
Denver Big Data Analytics Day
 
Cisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined NetworkingCisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined Networking
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DaySplunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
 
GTRI Splunk Elite Partner Capabilities
GTRI Splunk Elite Partner CapabilitiesGTRI Splunk Elite Partner Capabilities
GTRI Splunk Elite Partner Capabilities
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

Successfully Deploying IPv6

  • 1. © 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Successfully  Deploying  IPv6   Presented  by  Sco8  Hogg,  CTO  GTRI   NANOG  On  The  Road  5  –  Orlando,  FL   February  24,  2015  
  • 2. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Dual Stack Migration Planning Pitfalls •  Training for IPv6 Deployment Success •  Addressing Challenges •  IPv6 Routing •  Dual-Protocol Applications •  Troubleshooting Dual-Protocol Networks Agenda  
  • 3. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Organizations using IPv4 today will add IPv6 as a separate protocol, run them in parallel for many years, then after many years, start to disable IPv4 IPv6  Planning  –  Dual  Stack  MigraNon   IPv4  Deployment   IPv6  Deployment   Time  
  • 4. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Failing to build a cross-function IPv6 deployment team –  Multidisciplinary, Collaborative, Cooperative •  Organizations need to treat IPv6 as a “Program” not just like a typical IT “Project” –  IPv6 transition is made up of many smaller projects that will span multiple years and cross the entire enterprise •  Regular/Frequent meetings are key to maintaining pace •  Just like anything, executive buy-in and support is essential IPv6  Planning  PiOalls  
  • 5. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t try to look at everything, identify devices requireing IPv6 •  Focus your efforts on the Internet perimeter –  Look at every device in the transmission path (IPS, WAF, web proxy, DLP, …) •  The good news is you have waited to deploy IPv6 –  Now most IT products come standard with IPv6 capabilities •  Don’t be concerned about an IPv4-only management plane – that will come later •  Some devices may remain IPv4-only until they die Performing  an  IPv6  Readiness  Assessment  
  • 6. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assume your IT organization has not taken the initiative to immerse themselves in IPv6 •  People need to be trained early in the process, but not too early that they forget what they learned –  Train “just in time”, not years before an IPv6 address is actually configured on a production device •  Train for different skillsets (appdev, sysadmin, net admin, sec admin, helpdesk, PMs, …) •  Much of your IPv4 experience is applicable to IPv6 •  Don’t fear the larger addresses – Learn to “Think in Hex” Training  for  Success  
  • 7. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  IPv4-Think is dangerous when planning IPv6 addressing –  Crazy Talk: Using decimal #s, embedding VLAN #, IPv4 address converted to hex •  There is no scarcity of IPv6 addresses –  If there is no scarcity, there can be no waste –  Don’t try to assign only the minimum-needed prefix length –  Plan for the number of subnets, not the number of hosts •  Perform addressing for simplicity and ease of management –  Don’t be concerned about lots of reserved space IPv6  Addressing  
  • 8. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t force levels of hierarchy that are not needed •  Use standard prefix lengths: /48, /56, /64 •  Use nibble-boundary – don’t use /50, /57, /65, … •  Consistency between sites can increase operational efficiency, however, not every site needs the same addressing plan –  Branches need a different plan than a data center “site” •  Stick with Global Unicast Addresses (GUA) 2000::/3 •  Avoid Unique Local Addresses (ULA) FC00::/7 IPv6  Addressing  
  • 9. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  IP addressing and routing go hand-in-hand •  All IP routing protocols have IPv6 capabilities •  Separating control plane for two data planes can be desirable –  Establish BGP peer over IPv4 TCP 179 for sharing IPv4 routes –  Establish BGP peer over IPv6 TCP 179 for sharing IPv6 routes •  Don’t forget to use a 32-bit RID to the IPv6 routing process •  Peering using global (preferred) or link-local addresses •  Consider using locally-administered link-local addresses –  fe80::cccc:0001, fe80::dddd:0002, … •  Type carefully – don’t fat-finger the address IPv6  RouNng  
  • 10. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assessing current code for IPv6-capability –  Most applications are not creating socket-level connections –  Most applications use higher-level APIs or rely on lower-level web services for connectivity •  Create code that is Address-Family (AF) independent •  Presentation-to-Numeric (p2n) & Numeric-to-Presentation (n2p) –  Robustness principle: Be conservative in what you send, be liberal in what you accept •  Be careful of data structures for storing 128-bit addresses •  Create code that performs dual-protocol DNS resolution and incorporates Happy Eyeballs (RFC 6555) •  Write code that properly handles Path MTU Discovery (PMTUD) Dual-­‐Protocol  ApplicaNons  
  • 11. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Understand how IPv4 and IPv6 are different in terms of networking (NDP, extension headers, dynamic tunnels, …) •  Don’t deploy IPv6 if you lack the products to secure the protocol •  Don’t be overly worried about IPv6 NDP security weaknesses –  You haven’t secured your IPv4 LANs either –  https://community.infoblox.com/blogs/2015/02/10/holding- ipv6-neighbor-discovery-higher-standard-security IPv6  Security  ConsideraNons  
  • 12. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Even if you do not deploy IPv6, there could still be IPv6- related issues that you must deal with. •  You now have IPv6-enabled nodes in your environment. •  Using a disciplined troubleshooting methodology will pay dividends when dealing with multi-part problems. •  Troubleshoot IPv6 in segments (LAN1, WAN, LAN2) •  Troubleshooting NDP requires a magnifying lens. –  You may need to break out the protocol analyzer –  Looking for an IPv6 needle in a haystack of IPv4 TroubleshooNng  Dual  Protocol  Networks  
  • 13. © 2015 Global Technology Resources, Inc. All Rights Reserved. TroubleshooNng  Dual  Protocol  Networks   Applicatio n Layer Transport Layer Internet Layer Link Layer IPv4 IPv6 ARP ICMP IGMP TCP UDP SCTP HTTP(S)   SSH   SMTP   TFTP   DHCP   DNS   SIP   WebRTC   TLS/SSL   SNMP   BGP   DCCP T1/E1/T3/E3 SONET SDH ICMPv6 NDP MLD Ethernet Wireless
  • 14. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Ping (ping6) (by name, by IP address, in both directions, specify source address, 1500-byte MTU) –  Linux: ping6 -I eth0 fe80::1 –  Windows: ping fe80::1%12 –  Cisco: ping fe80::1%GigabitEthernet0/0 –  ping -l 1500 2001:db8:dead:c0de::1 •  Traceroute (traceroute6), tracert •  Tcptraceroute6 (www.remlab.net/ndisc6/) •  Microsoft C:>pathping -6 2001:db8:11::1 •  mtr -r6 www.rmv6tf.org c100 (www.bitwizard.nl/mtr/) •  Pchar, pathchar, iperf, jperf •  Netcat (nc -6), telnet, ssh, nmap -6 -sT 2001:db8::1 End-­‐to-­‐End  IPv6  TroubleshooNng  
  • 15. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Check yourself from the Internet-perspective –  Leverage IPv6-capable looking glasses –  Is your traffic really using IPv6? •  In a dual-protocol environment there are many tasks that will need to be performed twice (once for each IP version) •  Some connections could use IPv4 and/or IPv6 –  Web pages could be delivered over a combination of protocols. How do you know which protocol was used? –  Browser add-ons, plug-ins can be helpful TroubleshooNng  Dual  Protocol  Networks  
  • 16. © 2015 Global Technology Resources, Inc. All Rights Reserved. IPv6  Browser  Plug-­‐ins,  Add-­‐Ons  
  • 17. © 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Thank  You!   Sco8  Hogg,  CTO  GTRI   303-­‐949-­‐4865    |    shogg  at  gtri.com