SlideShare una empresa de Scribd logo

Successfully Deploying IPv6

Zivaro Inc
Zivaro Inc

This document summarizes a presentation on successfully deploying IPv6. The presentation covers dual stack migration planning, training for deployment success, addressing challenges, IPv6 routing, dual-protocol applications, and troubleshooting dual-protocol networks. The presentation advises organizations to add IPv6 while continuing to run IPv4 for many years, treat IPv6 deployment as a long-term program rather than a project, and focus initial efforts on internet-facing devices.

Tecnología
1 de 15
Descargar para leer sin conexión
© 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Successfully  Deploying  IPv6   Presented  by  Sco8  Hogg,  CTO  GTRI   NANOG  On  The  Road  7  –  Herndon,  VA   June  23rd,  2015  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Dual Stack Migration Planning Pitfalls •  Training for IPv6 Deployment Success •  Addressing Challenges •  IPv6 Routing •  Dual-Protocol Applications •  Troubleshooting Dual-Protocol Networks Agenda  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Organizations using IPv4 today will add IPv6 as a separate protocol, run them in parallel for many years, then after many years, start to disable IPv4. IPv6  Planning  –  Dual  Stack  MigraOon   IPv4  Deployment   IPv6  Deployment   Time  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Failing to build a cross-function IPv6 deployment team –  Multidisciplinary, Collaborative, Cooperative •  Organizations need to treat IPv6 as a “Program” not just like a typical smaller IT “Project”. –  IPv6 transition is made up of many projects that will span multiple years and cross the entire enterprise. •  Regular/Frequent meetings are key to maintaining pace. •  Just like anything, executive buy-in and support is essential. IPv6  Planning  PiPalls  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t try to look at everything, identify devices requiring IPv6 •  Focus your efforts on the Internet perimeter. –  Look at every device in the transmission path (IPS, WAF, web proxy, DLP, …). •  The good news is you have waited to deploy IPv6. –  Now most IT products come standard with IPv6 capabilities. •  Don’t be concerned about an IPv4-only management plane. –  You can continue to manage systems over IPv4. •  Some devices may remain IPv4-only until they are decommissioned. Performing  an  IPv6  Readiness  Assessment  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assume your IT organization has not taken the initiative to immerse themselves in learning IPv6. •  People need to be trained early in the process, but not too early that they forget what they learned. –  Train “just in time”, not years before an IPv6 address is actually configured on a production device. •  Train for different skillsets (appdev, sysadmin, net admin, sec admin, helpdesk, PMs, …). •  Much of your IPv4 experience is applicable to IPv6. •  Don’t fear the larger addresses – Learn to “Think in Hex”. Training  for  Success  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  IPv4-Think is dangerous when planning IPv6 addressing –  Crazy Talk: Using decimal #s, embedding VLAN #, IPv4 address converted to hex •  There is no scarcity of IPv6 addresses –  If there is no scarcity, there can be no waste –  Don’t try to assign only the minimum-needed prefix length –  Plan for the number of subnets, not the number of hosts •  Perform addressing for simplicity and ease of use and management –  Don’t be concerned about lots of reserved space IPv6  Addressing  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t force levels of hierarchy that are not needed. •  Use standard prefix lengths: /48, /56, /64 •  Use nibble-boundary – don’t use /50, /57, /65, … •  Consistency between sites can increase operational efficiency, however, not every site needs the same addressing plan. –  Branches need a different plan than a data center “site”. •  Stick with Global Unicast Addresses (GUA) 2000::/3 –  Use these everywhere, you don’t need NAT •  Avoid Unique Local Addresses (ULA) FC00::/7 IPv6  Addressing  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  IP addressing and routing go hand-in-hand. •  All IP routing protocols have IPv6 capabilities. •  Separating control plane for two data planes can be desirable. –  Establish BGP peer over IPv4 TCP 179 for sharing IPv4 routes –  Establish BGP peer over IPv6 TCP 179 for sharing IPv6 routes •  Don’t forget to use a 32-bit RID to the IPv6 routing process. •  Peering using global (preferred) or link-local addresses. •  Consider using locally-administered link-local addresses. –  fe80::cccc:0001, fe80::dddd:0002, … •  Type carefully – don’t fat-finger the address IPv6  RouOng  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assessing current code for IPv6-capability –  Most applications do not create socket-level connections. –  Most applications use higher-level APIs or rely on lower-level web services for connectivity. •  Create code that is Address-Family (AF) independent. •  Presentation-to-Numeric (p2n) & Numeric-to-Presentation (n2p) –  Robustness principle: Be conservative in what you send, be liberal in what you accept. •  Be careful of data structures for storing 128-bit addresses. •  Create code that performs dual-protocol DNS resolution and incorporates Happy Eyeballs (RFC 6555). •  Write code that properly handles Path MTU Discovery (PMTUD). Dual-­‐Protocol  ApplicaOons  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Understand how IPv4 and IPv6 are different in terms of networking (NDP, extension headers, dynamic tunnels) •  Don’t deploy IPv6 if you lack the products to secure the protocol properly. •  Don’t be overly worried about IPv6 NDP security weaknesses. –  You haven’t secured your IPv4 LANs either. –  https://community.infoblox.com/blogs/2015/02/10/holding- ipv6-neighbor-discovery-higher-standard-security IPv6  Security  ConsideraOons  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Even if you do not deploy IPv6, there could still be IPv6- related issues that you must deal with. •  You now have IPv6-enabled nodes in your environment. •  Using a disciplined troubleshooting methodology will pay dividends when dealing with multi-part problems. •  Troubleshoot IPv6 in segments (LAN1, WAN, LAN2). •  Troubleshooting NDP requires a magnifying lens. –  You may need to break out the protocol analyzer. –  Looking for an IPv6 needle in a haystack of IPv4. TroubleshooOng  Dual  Protocol  Networks  
© 2015 Global Technology Resources, Inc. All Rights Reserved. TroubleshooOng  Dual  Protocol  Networks   Applicatio n Layer Transport Layer Internet Layer Link Layer IPv4 IPv6 ARP ICMP IGMP TCP UDP SCTP HTTP(S)   SSH   SMTP   TFTP   DHCP   DNS   SIP   WebRTC   TLS/SSL   SNMP   BGP   DCCP T1/E1/T3/E3 SONET SDH ICMPv6 NDP MLD Ethernet Wireless
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  View yourself from the Internet-perspective –  Leverage IPv6-capable looking glasses –  Is your traffic really using IPv6? •  In a dual-protocol environment there are many tasks that will need to be performed twice (once for each IP version). •  Some connections could use IPv4 and/or IPv6 –  Web pages could be delivered over a combination of protocols. How do you know which protocol was used? –  IPv6 Browser add-ons, plug-ins can be helpful TroubleshooOng  Dual  Protocol  Networks  
© 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Thank  You!   Sco8  Hogg,  CTO  GTRI   303-­‐949-­‐4865    |    shogg  at  gtri.com  

Recomendados

IPv6
IPv6IPv6
IPv6
Suman Bose
 
IPv6
IPv6IPv6
IPv6
Peter R. Egli
 
IP Routing
IP RoutingIP Routing
IP Routing
Peter R. Egli
 
Dhcp
DhcpDhcp
Dhcp
Chinmoy Jena
 
Network address translation
Network address translationNetwork address translation
Network address translation
Varsha Honde
 
IPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for MobilesIPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for Mobiles
APNIC
 
Routing and switching essentials companion guide
Routing and switching essentials companion guideRouting and switching essentials companion guide
Routing and switching essentials companion guide
Siddhartha Rajbhatt
 
IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition Strategies
APNIC
 

Recomendados

IPv6
IPv6IPv6
IPv6
Suman Bose
 
IPv6
IPv6IPv6
IPv6
Peter R. Egli
 
IP Routing
IP RoutingIP Routing
IP Routing
Peter R. Egli
 
Dhcp
DhcpDhcp
Dhcp
Chinmoy Jena
 
Network address translation
Network address translationNetwork address translation
Network address translation
Varsha Honde
 
IPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for MobilesIPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for Mobiles
APNIC
 
Routing and switching essentials companion guide
Routing and switching essentials companion guideRouting and switching essentials companion guide
Routing and switching essentials companion guide
Siddhartha Rajbhatt
 
IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition Strategies
APNIC
 
Network design
Network designNetwork design
Network design
Amir Jafari
 
Static Routing
Static RoutingStatic Routing
Static Routing
Kishore Kumar
 
Subnetting
SubnettingSubnetting
Subnetting
selvakumar_b1985
 
Introduction to TCP/IP
Introduction to TCP/IPIntroduction to TCP/IP
Introduction to TCP/IP
Michael Lamont
 
Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorial
kriz5
 
Ipv6
Ipv6Ipv6
Ipv6
satish 486
 
CCNA Product Overview.pptx
CCNA Product Overview.pptxCCNA Product Overview.pptx
CCNA Product Overview.pptx
KISHOYIANKISH
 
EtherChannel Configuration
EtherChannel ConfigurationEtherChannel Configuration
EtherChannel Configuration
NetProtocol Xpert
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
Muuluu
 
Syslog Protocols
Syslog ProtocolsSyslog Protocols
Syslog Protocols
Martin Schütte
 
IPv6 Transition Techniques
IPv6 Transition TechniquesIPv6 Transition Techniques
IPv6 Transition Techniques
APNIC
 
Encor chapter 1_packet forwarding
Encor chapter 1_packet forwardingEncor chapter 1_packet forwarding
Encor chapter 1_packet forwarding
merhatsidikmelke
 
Cs8601 4
Cs8601 4Cs8601 4
Cs8601 4
Kathirvel Ayyaswamy
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
Rana assad ali
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
Duane Bodle
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking ppt
Er. Anmol Bhagat
 
Switch security
Switch securitySwitch security
Switch security
nullowaspmumbai
 
CCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCPCCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCP
Vuz Dở Hơi
 
Static Routing
Static RoutingStatic Routing
Static Routing
Sachii Dosti
 
RARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE ProtocolsRARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE Protocols
Peter R. Egli
 
Using Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced ThreatsUsing Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
Zivaro Inc
 

Más contenido relacionado

La actualidad más candente

Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
Muuluu
 
RARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE ProtocolsRARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE Protocols
Peter R. Egli
 

La actualidad más candente (20)

Network design
Network designNetwork design
Network design
 
Static Routing
Static RoutingStatic Routing
Static Routing
 
Subnetting
SubnettingSubnetting
Subnetting
 
Introduction to TCP/IP
Introduction to TCP/IPIntroduction to TCP/IP
Introduction to TCP/IP
 
Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorial
 
Ipv6
Ipv6Ipv6
Ipv6
 
CCNA Product Overview.pptx
CCNA Product Overview.pptxCCNA Product Overview.pptx
CCNA Product Overview.pptx
 
EtherChannel Configuration
EtherChannel ConfigurationEtherChannel Configuration
EtherChannel Configuration
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
 
Syslog Protocols
Syslog ProtocolsSyslog Protocols
Syslog Protocols
 
IPv6 Transition Techniques
IPv6 Transition TechniquesIPv6 Transition Techniques
IPv6 Transition Techniques
 
Encor chapter 1_packet forwarding
Encor chapter 1_packet forwardingEncor chapter 1_packet forwarding
Encor chapter 1_packet forwarding
 
Cs8601 4
Cs8601 4Cs8601 4
Cs8601 4
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking ppt
 
Switch security
Switch securitySwitch security
Switch security
 
CCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCPCCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCP
 
Static Routing
Static RoutingStatic Routing
Static Routing
 
RARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE ProtocolsRARP, BOOTP, DHCP and PXE Protocols
RARP, BOOTP, DHCP and PXE Protocols
 

Destacado

Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn'tSingle Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
Zivaro Inc
 
Support Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network ArchitectureSupport Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network Architecture
Zivaro Inc
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSX
Zivaro Inc
 
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Horacio Gonzalez
 

Destacado (20)

Using Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced ThreatsUsing Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced Threats
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn'tSingle Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?
 
IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013
 
Support Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network ArchitectureSupport Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network Architecture
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology Brief
 
GTRI.com Splunk for Vmware APP
GTRI.com Splunk for Vmware APPGTRI.com Splunk for Vmware APP
GTRI.com Splunk for Vmware APP
 
Splunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.comSplunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.com
 
Splunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DaySplunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech Day
 
Software-Defined WAN 101
Software-Defined WAN 101Software-Defined WAN 101
Software-Defined WAN 101
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSX
 
GTRI Splunk Overview - Splunk Tech Day
GTRI Splunk Overview - Splunk Tech DayGTRI Splunk Overview - Splunk Tech Day
GTRI Splunk Overview - Splunk Tech Day
 
Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013
Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013
Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013
 
GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech Day
 
Big Data Workshop: Splunk and Dell EMC...Better Together
Big Data Workshop: Splunk and Dell EMC...Better TogetherBig Data Workshop: Splunk and Dell EMC...Better Together
Big Data Workshop: Splunk and Dell EMC...Better Together
 
Organizational Change Management
Organizational Change ManagementOrganizational Change Management
Organizational Change Management
 
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
 
Beyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security TechnologiesBeyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security Technologies
 

Similar a Successfully Deploying IPv6

IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
Rochester Security Summit
 
Top 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres DeploymentTop 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres Deployment
EDB
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Network Utility Force
 

Similar a Successfully Deploying IPv6 (20)

IPv6 at LinkedIn
IPv6 at LinkedInIPv6 at LinkedIn
IPv6 at LinkedIn
 
12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities Report
 
Preparing for IPv6 implementation using Artificial Intelligence (AI) presenta...
Preparing for IPv6 implementation using Artificial Intelligence (AI) presenta...Preparing for IPv6 implementation using Artificial Intelligence (AI) presenta...
Preparing for IPv6 implementation using Artificial Intelligence (AI) presenta...
 
12 steps for IPv6 Deployment in Governments and Enterprises
12 steps for IPv6 Deployment in Governments and Enterprises12 steps for IPv6 Deployment in Governments and Enterprises
12 steps for IPv6 Deployment in Governments and Enterprises
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
Top 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres DeploymentTop 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres Deployment
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
 
3hows
3hows3hows
3hows
 
Edge 2016 IPv6 is here: the future is now
Edge 2016 IPv6 is here: the future is nowEdge 2016 IPv6 is here: the future is now
Edge 2016 IPv6 is here: the future is now
 
IPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPsIPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPs
 
IETF Activities Update
IETF Activities UpdateIETF Activities Update
IETF Activities Update
 
VNIX-NOG 2023: IPv6 Deployment in government networks
VNIX-NOG 2023: IPv6 Deployment in government networksVNIX-NOG 2023: IPv6 Deployment in government networks
VNIX-NOG 2023: IPv6 Deployment in government networks
 
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
 
Presd1 09
Presd1 09Presd1 09
Presd1 09
 
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other ObservationsAusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6
 
npNOG 5: IPv6 Deployment Update
npNOG 5: IPv6 Deployment UpdatenpNOG 5: IPv6 Deployment Update
npNOG 5: IPv6 Deployment Update
 
IPv6 on the Interop Network
IPv6 on the Interop NetworkIPv6 on the Interop Network
IPv6 on the Interop Network
 

Más de Zivaro Inc

Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 

Más de Zivaro Inc (8)

How to Rightsize Your Citrix Investment
How to Rightsize Your Citrix InvestmentHow to Rightsize Your Citrix Investment
How to Rightsize Your Citrix Investment
 
On-Prem vs. Cloud Collaboration Showdown
On-Prem vs. Cloud Collaboration ShowdownOn-Prem vs. Cloud Collaboration Showdown
On-Prem vs. Cloud Collaboration Showdown
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same Coin
 
Denver Big Data Analytics Day
Denver Big Data Analytics DayDenver Big Data Analytics Day
Denver Big Data Analytics Day
 
Cisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined NetworkingCisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined Networking
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DaySplunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
 
GTRI Splunk Elite Partner Capabilities
GTRI Splunk Elite Partner CapabilitiesGTRI Splunk Elite Partner Capabilities
GTRI Splunk Elite Partner Capabilities
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Successfully Deploying IPv6

  • 1. © 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Successfully  Deploying  IPv6   Presented  by  Sco8  Hogg,  CTO  GTRI   NANOG  On  The  Road  7  –  Herndon,  VA   June  23rd,  2015  
  • 2. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Dual Stack Migration Planning Pitfalls •  Training for IPv6 Deployment Success •  Addressing Challenges •  IPv6 Routing •  Dual-Protocol Applications •  Troubleshooting Dual-Protocol Networks Agenda  
  • 3. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Organizations using IPv4 today will add IPv6 as a separate protocol, run them in parallel for many years, then after many years, start to disable IPv4. IPv6  Planning  –  Dual  Stack  MigraOon   IPv4  Deployment   IPv6  Deployment   Time  
  • 4. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Failing to build a cross-function IPv6 deployment team –  Multidisciplinary, Collaborative, Cooperative •  Organizations need to treat IPv6 as a “Program” not just like a typical smaller IT “Project”. –  IPv6 transition is made up of many projects that will span multiple years and cross the entire enterprise. •  Regular/Frequent meetings are key to maintaining pace. •  Just like anything, executive buy-in and support is essential. IPv6  Planning  PiPalls  
  • 5. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t try to look at everything, identify devices requiring IPv6 •  Focus your efforts on the Internet perimeter. –  Look at every device in the transmission path (IPS, WAF, web proxy, DLP, …). •  The good news is you have waited to deploy IPv6. –  Now most IT products come standard with IPv6 capabilities. •  Don’t be concerned about an IPv4-only management plane. –  You can continue to manage systems over IPv4. •  Some devices may remain IPv4-only until they are decommissioned. Performing  an  IPv6  Readiness  Assessment  
  • 6. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assume your IT organization has not taken the initiative to immerse themselves in learning IPv6. •  People need to be trained early in the process, but not too early that they forget what they learned. –  Train “just in time”, not years before an IPv6 address is actually configured on a production device. •  Train for different skillsets (appdev, sysadmin, net admin, sec admin, helpdesk, PMs, …). •  Much of your IPv4 experience is applicable to IPv6. •  Don’t fear the larger addresses – Learn to “Think in Hex”. Training  for  Success  
  • 7. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  IPv4-Think is dangerous when planning IPv6 addressing –  Crazy Talk: Using decimal #s, embedding VLAN #, IPv4 address converted to hex •  There is no scarcity of IPv6 addresses –  If there is no scarcity, there can be no waste –  Don’t try to assign only the minimum-needed prefix length –  Plan for the number of subnets, not the number of hosts •  Perform addressing for simplicity and ease of use and management –  Don’t be concerned about lots of reserved space IPv6  Addressing  
  • 8. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t force levels of hierarchy that are not needed. •  Use standard prefix lengths: /48, /56, /64 •  Use nibble-boundary – don’t use /50, /57, /65, … •  Consistency between sites can increase operational efficiency, however, not every site needs the same addressing plan. –  Branches need a different plan than a data center “site”. •  Stick with Global Unicast Addresses (GUA) 2000::/3 –  Use these everywhere, you don’t need NAT •  Avoid Unique Local Addresses (ULA) FC00::/7 IPv6  Addressing  
  • 9. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  IP addressing and routing go hand-in-hand. •  All IP routing protocols have IPv6 capabilities. •  Separating control plane for two data planes can be desirable. –  Establish BGP peer over IPv4 TCP 179 for sharing IPv4 routes –  Establish BGP peer over IPv6 TCP 179 for sharing IPv6 routes •  Don’t forget to use a 32-bit RID to the IPv6 routing process. •  Peering using global (preferred) or link-local addresses. •  Consider using locally-administered link-local addresses. –  fe80::cccc:0001, fe80::dddd:0002, … •  Type carefully – don’t fat-finger the address IPv6  RouOng  
  • 10. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assessing current code for IPv6-capability –  Most applications do not create socket-level connections. –  Most applications use higher-level APIs or rely on lower-level web services for connectivity. •  Create code that is Address-Family (AF) independent. •  Presentation-to-Numeric (p2n) & Numeric-to-Presentation (n2p) –  Robustness principle: Be conservative in what you send, be liberal in what you accept. •  Be careful of data structures for storing 128-bit addresses. •  Create code that performs dual-protocol DNS resolution and incorporates Happy Eyeballs (RFC 6555). •  Write code that properly handles Path MTU Discovery (PMTUD). Dual-­‐Protocol  ApplicaOons  
  • 11. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Understand how IPv4 and IPv6 are different in terms of networking (NDP, extension headers, dynamic tunnels) •  Don’t deploy IPv6 if you lack the products to secure the protocol properly. •  Don’t be overly worried about IPv6 NDP security weaknesses. –  You haven’t secured your IPv4 LANs either. –  https://community.infoblox.com/blogs/2015/02/10/holding- ipv6-neighbor-discovery-higher-standard-security IPv6  Security  ConsideraOons  
  • 12. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Even if you do not deploy IPv6, there could still be IPv6- related issues that you must deal with. •  You now have IPv6-enabled nodes in your environment. •  Using a disciplined troubleshooting methodology will pay dividends when dealing with multi-part problems. •  Troubleshoot IPv6 in segments (LAN1, WAN, LAN2). •  Troubleshooting NDP requires a magnifying lens. –  You may need to break out the protocol analyzer. –  Looking for an IPv6 needle in a haystack of IPv4. TroubleshooOng  Dual  Protocol  Networks  
  • 13. © 2015 Global Technology Resources, Inc. All Rights Reserved. TroubleshooOng  Dual  Protocol  Networks   Applicatio n Layer Transport Layer Internet Layer Link Layer IPv4 IPv6 ARP ICMP IGMP TCP UDP SCTP HTTP(S)   SSH   SMTP   TFTP   DHCP   DNS   SIP   WebRTC   TLS/SSL   SNMP   BGP   DCCP T1/E1/T3/E3 SONET SDH ICMPv6 NDP MLD Ethernet Wireless
  • 14. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  View yourself from the Internet-perspective –  Leverage IPv6-capable looking glasses –  Is your traffic really using IPv6? •  In a dual-protocol environment there are many tasks that will need to be performed twice (once for each IP version). •  Some connections could use IPv4 and/or IPv6 –  Web pages could be delivered over a combination of protocols. How do you know which protocol was used? –  IPv6 Browser add-ons, plug-ins can be helpful TroubleshooOng  Dual  Protocol  Networks  
  • 15. © 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Thank  You!   Sco8  Hogg,  CTO  GTRI   303-­‐949-­‐4865    |    shogg  at  gtri.com