SlideShare una empresa de Scribd logo

Roadmap to Next Generation IP Networks: A Review of the Fundamentals

Descargar como PPTX, PDF
Network Utility Force
Network Utility Force
Tecnología
1 de 19
© 2013 Utilities Telecom Council Delivering Your Future Roadmap to the Next Generation IP Network: A Review of the Fundamentals Brandon Ross Chief Network Architect and CEO Network Utility Force
UTC TELECOM 2013 IPv6 Support Required for All IP-Capable Nodes – RFC 6540 Given the global lack of available IPv4 space, and limitations in IPv4 extension and transition technologies, this document advises that IPv6 support is no longer considered optional. It also cautions that there are places in existing IETF documents where the term "IP" is used in a way that could be misunderstood by implementers as the term "IP" becomes a generic that can mean IPv4 + IPv6, IPv6-only, or IPv4-only, depending on context and application.
UTC TELECOM 2013 RFC 6540 • Are you aware of this requirement? • Are your nodes IPv6 capable?
UTC TELECOM 2013 Background • IPv4 depletion is already occurring • IPv6 adoption is accelerating • Most network hardware supports IPv6 • For the most part, dual stack Just Works http://www.potaroo.net/tools IPv4 Free Pool Depletion http://www.ipv6actnow.org/info/statistics/#alloc IPv6 Routing Table Growth
UTC TELECOM 2013 US Feds Lesson Learned The US federal government had a mandate for all public facing web services to support IPv6 by September 30, 2012. 287 of 1494 sites had IPv6 web support by the deadline. Today 961 of 1355 sites support IPv6. That’s over 70%. Not 100%, but far ahead of most other large organizations.Source: http://usgv6-deploymon.antd.nist.gov//
UTC TELECOM 2013 What next? “Okay, my organization is convinced it’s time to begin IPv6 deployment, what do I need to consider?”
UTC TELECOM 2013 Consider the Fundamentals of Best Practice The fundamentals haven’t changed a bit for IPv6, consider: • Security • Maintainability • Scalability • Performance • Flexibility
UTC TELECOM 2013 Apply the Fundamentals What areas need the most attention? • Addressing plan • Interconnectivity • Bootstrapping/AAA • Security issues • Staff training • Transition
UTC TELECOM 2013 IPv6 Address Space is VAST “IPv6 uses a 128-bit address, allowing 2128, or approximately 3.4×1038 addresses, or more than 7.9×1028 times as many as IPv4, which uses 32-bit addresses.” (Wikipedia) That’s 340 Undecillion! Undecillion is a number with 36 zeros. We must change our thinking about how to allocate address space to meet our best practice goals.
UTC TELECOM 2013 State of Assignments • All of the registries, for the most part, assign initial blocks for  Service provider /32  Enterprise /48
UTC TELECOM 2013 What makes up a good addressing plan? • Depends on the type of network, the size of the network, and problem to be solved • Points to consider  Documentation  Ease of troubleshooting  Aggregation  Standards compliance  Growth  SLAAC  Existing IPv4 addressing plan  Human factors
UTC TELECOM 2013 Algorithmic Approaches • Interop took an algorithimic approach to IPv6 numbering • Encode every IPv4 address in your network in an IPv6 address 10.10.10.10 (A0A0A0A) 2001:DB8:A0A:A0A::
UTC TELECOM 2013 Interconnectivity • Routing protocols have been updated, but the fundamental concepts remain the same – Run routing protocols such that they fail when the underlying transport fails • That means separate v4 and v6 protocols – For ease of management, configure IPv4 and IPv6 connectivity to follow the same paths – Also use the same routing policies whenever possible • Ask your Internet traffic peers, suppliers, partners and clients to begin transporting IPv6 traffic
UTC TELECOM 2013 Bootstrapping/AAA • Some fundamental changes have been made to the bootstrap process to join an IPv6 network, all part of the Neighbor Discovery process – Router Advertisements (RA) – Tells potential clients about the routers and prefixes available on the network – StateLess Address Auto Configuration (SLAAC) • New in IPv6, allows a device to generate it’s own address • Supported universally – Dynamic Host Configuration Procotol v6 (DHCPv6) • Very similar to v4, can distribute address, DNS server, other information about the network • Good support, but far from universal
UTC TELECOM 2013 Security Issues • Use the same diligence you used for IPv4 • Ask equipment vendors to support specific protections in IPv6 – RA-Guard – prevents an attacker from sending rogue RAs into the network and becoming a man-in-the-middle – DHCP-Shield – similar to RA-Guard in that it blocks fake DHCP servers from giving out false information • Ensure equipment supports all IPv4 features you use in IPv6 as well such as ACLs, anti-spoof filtering (RPF), etc. Why should v6 be any different in these areas? • Where firewalls are needed, ensure your choice of firewall supports v6 as well as v4. • NAT is NOT a security feature and v6 doesn’t have it
UTC TELECOM 2013 Staff Training • Find an experienced organization to provide training • Service providers require a different level of scalability and maintainability than enterprise, use a trainer that understands SP’s unique challenges • Build a lab, get a tunnel to experiment with IPv6
UTC TELECOM 2013 Transition • 3 types of transition technologies – Dual Stack • Hopefully will be the most common • Simply means running both v4 and v6 at the same time – Tunneling • Putting either IPv4 packets inside IPv6 packets or vice versa, depending on the situation • Can be useful to solve problems in certain areas, but in general, tunneling hurts performance and should be avoided when possible • Examples: 6rd, 6in4, 4in6, DS-Lite, MAP – Translation • Converting an IPv4 packet into an IPv6 packet or vice versa • Like in tunnels, can be useful in certain circumstances, especially for rapid deployment of IPv6 on public facing services such as web servers • Example: NAT64
UTC TELECOM 2013 Conclusions • IPv6 works in the real world • There are challenges to implementing IPv6, but nothing show-stopping • Much of the Internet’s content is reachable over IPv6 (and growing fast) including all of Google, FaceBook and 3000 other sites • A much smaller percentage of Internet users have IPv6 connectivity (though this may change quickly with IPv4 depletion)
Delivering Your Future Questions? Brandon Ross – bross@netuf.net - +1-404-635-6667 Download the presentation here: http://is.gd/19ckWM Or using this QR code:

Recomendados

The Use of IPv6 in IoT
The Use of IPv6 in IoTThe Use of IPv6 in IoT
The Use of IPv6 in IoT
Oliver Müller
 
Sky IPv6 Update
Sky IPv6 UpdateSky IPv6 Update
Sky IPv6 Update
Oliver Müller
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
Skeeve Stevens
 
Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 Migration
Swiss IPv6 Council
 
IPv6 Security und Hacking
IPv6 Security und HackingIPv6 Security und Hacking
IPv6 Security und Hacking
Swiss IPv6 Council
 
Measuring IPv6 using ad-based measurement
Measuring IPv6 using ad-based measurementMeasuring IPv6 using ad-based measurement
Measuring IPv6 using ad-based measurement
APNIC
 
IPv6 New RFCs
IPv6 New RFCsIPv6 New RFCs
IPv6 New RFCs
APNIC
 
Prevention first platform for cyber defence the alternative strategy khipu ...
Prevention first platform for cyber defence the alternative strategy khipu ...Prevention first platform for cyber defence the alternative strategy khipu ...
Prevention first platform for cyber defence the alternative strategy khipu ...
Jisc
 

Recomendados

The Use of IPv6 in IoT
The Use of IPv6 in IoTThe Use of IPv6 in IoT
The Use of IPv6 in IoT
Oliver Müller
 
Sky IPv6 Update
Sky IPv6 UpdateSky IPv6 Update
Sky IPv6 Update
Oliver Müller
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
Skeeve Stevens
 
Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 Migration
Swiss IPv6 Council
 
IPv6 Security und Hacking
IPv6 Security und HackingIPv6 Security und Hacking
IPv6 Security und Hacking
Swiss IPv6 Council
 
Measuring IPv6 using ad-based measurement
Measuring IPv6 using ad-based measurementMeasuring IPv6 using ad-based measurement
Measuring IPv6 using ad-based measurement
APNIC
 
IPv6 New RFCs
IPv6 New RFCsIPv6 New RFCs
IPv6 New RFCs
APNIC
 
Prevention first platform for cyber defence the alternative strategy khipu ...
Prevention first platform for cyber defence the alternative strategy khipu ...Prevention first platform for cyber defence the alternative strategy khipu ...
Prevention first platform for cyber defence the alternative strategy khipu ...
Jisc
 
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
OPNFV
 
IPv6 Status - Cisco 6lab
IPv6 Status - Cisco 6labIPv6 Status - Cisco 6lab
IPv6 Status - Cisco 6lab
Oliver Müller
 
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other ObservationsAusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
Mark Smith
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash Course
Thierry Zoller
 
DNS Openness
DNS OpennessDNS Openness
DNS Openness
APNIC
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
OpenStack Korea Community
 
OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...
OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...
OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...
Cloud Native Day Tel Aviv
 
OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...
OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...
OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...
OpenNebula Project
 
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
Mark Smith
 
Mastering OpenStack - Episode 13 - Network Design
Mastering OpenStack - Episode 13 - Network DesignMastering OpenStack - Episode 13 - Network Design
Mastering OpenStack - Episode 13 - Network Design
Roozbeh Shafiee
 
Mastering OpenStack - Episode 11 - Scaling Out
Mastering OpenStack - Episode 11 - Scaling OutMastering OpenStack - Episode 11 - Scaling Out
Mastering OpenStack - Episode 11 - Scaling Out
Roozbeh Shafiee
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFV
Basim Aly (JNCIP-SP, JNCIP-ENT)
 
Network Virtualization Meets the WAN
Network Virtualization Meets the WANNetwork Virtualization Meets the WAN
Network Virtualization Meets the WAN
Bruce Davie
 
IPv6/IPv4 Transition: The experience sharing of Tunnel Broker deployment
IPv6/IPv4 Transition: The experience sharing of Tunnel Broker deployment IPv6/IPv4 Transition: The experience sharing of Tunnel Broker deployment
IPv6/IPv4 Transition: The experience sharing of Tunnel Broker deployment
Ethern Lin
 
Link Samba to Cloud Storage
Link Samba to Cloud StorageLink Samba to Cloud Storage
Link Samba to Cloud Storage
Manfred Furuholmen
 
IPv6 in the EE Network
IPv6 in the EE NetworkIPv6 in the EE Network
IPv6 in the EE Network
Oliver Müller
 
How to integrate OpenStack Swift to your "legacy" system
How to integrate OpenStack Swift to your "legacy" systemHow to integrate OpenStack Swift to your "legacy" system
How to integrate OpenStack Swift to your "legacy" system
Masaaki Nakagawa
 
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
OpenStack Korea Community
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribi
buildacloud
 
OpenStack and NetApp - Chen Reuven - OpenStack Day Israel 2017
OpenStack and NetApp - Chen Reuven - OpenStack Day Israel 2017OpenStack and NetApp - Chen Reuven - OpenStack Day Israel 2017
OpenStack and NetApp - Chen Reuven - OpenStack Day Israel 2017
Cloud Native Day Tel Aviv
 
Kinber ipv6-education-healthcare
Kinber ipv6-education-healthcareKinber ipv6-education-healthcare
Kinber ipv6-education-healthcare
Network Utility Force
 
IPv6 on the Interop Network
IPv6 on the Interop NetworkIPv6 on the Interop Network
IPv6 on the Interop Network
Network Utility Force
 

Más contenido relacionado

La actualidad más candente

Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
OPNFV
 
OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...
OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...
OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...
Cloud Native Day Tel Aviv
 
OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...
OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...
OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...
OpenNebula Project
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribi
buildacloud
 

La actualidad más candente (20)

Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
 
IPv6 Status - Cisco 6lab
IPv6 Status - Cisco 6labIPv6 Status - Cisco 6lab
IPv6 Status - Cisco 6lab
 
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other ObservationsAusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash Course
 
DNS Openness
DNS OpennessDNS Openness
DNS Openness
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
 
OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...
OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...
OpenStack Resources and Capacity Management - Shimon Benattar, Mark Rasin - O...
 
OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...
OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...
OpenNebulaConf2015 1.06 Fermilab Virtual Facility: Data-Intensive Computing i...
 
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
AusNOG 2014 - Network Virtualisation: The Killer App for IPv6?
 
Mastering OpenStack - Episode 13 - Network Design
Mastering OpenStack - Episode 13 - Network DesignMastering OpenStack - Episode 13 - Network Design
Mastering OpenStack - Episode 13 - Network Design
 
Mastering OpenStack - Episode 11 - Scaling Out
Mastering OpenStack - Episode 11 - Scaling OutMastering OpenStack - Episode 11 - Scaling Out
Mastering OpenStack - Episode 11 - Scaling Out
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFV
 
Network Virtualization Meets the WAN
Network Virtualization Meets the WANNetwork Virtualization Meets the WAN
Network Virtualization Meets the WAN
 
IPv6/IPv4 Transition: The experience sharing of Tunnel Broker deployment
IPv6/IPv4 Transition: The experience sharing of Tunnel Broker deployment IPv6/IPv4 Transition: The experience sharing of Tunnel Broker deployment
IPv6/IPv4 Transition: The experience sharing of Tunnel Broker deployment
 
Link Samba to Cloud Storage
Link Samba to Cloud StorageLink Samba to Cloud Storage
Link Samba to Cloud Storage
 
IPv6 in the EE Network
IPv6 in the EE NetworkIPv6 in the EE Network
IPv6 in the EE Network
 
How to integrate OpenStack Swift to your "legacy" system
How to integrate OpenStack Swift to your "legacy" systemHow to integrate OpenStack Swift to your "legacy" system
How to integrate OpenStack Swift to your "legacy" system
 
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribi
 
OpenStack and NetApp - Chen Reuven - OpenStack Day Israel 2017
OpenStack and NetApp - Chen Reuven - OpenStack Day Israel 2017OpenStack and NetApp - Chen Reuven - OpenStack Day Israel 2017
OpenStack and NetApp - Chen Reuven - OpenStack Day Israel 2017
 

Similar a Roadmap to Next Generation IP Networks: A Review of the Fundamentals

IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
Rochester Security Summit
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2
srmanjuskp
 
testppt ch01(1)
testppt ch01(1)testppt ch01(1)
testppt ch01(1)
ryaekle
 

Similar a Roadmap to Next Generation IP Networks: A Review of the Fundamentals (20)

Kinber ipv6-education-healthcare
Kinber ipv6-education-healthcareKinber ipv6-education-healthcare
Kinber ipv6-education-healthcare
 
IPv6 on the Interop Network
IPv6 on the Interop NetworkIPv6 on the Interop Network
IPv6 on the Interop Network
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton
 
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationTech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2
 
464XLAT Tutorial
464XLAT Tutorial464XLAT Tutorial
464XLAT Tutorial
 
IPV6 Deployment for Broadband Internet by Azura Mat Salim
IPV6 Deployment for Broadband Internet by Azura Mat SalimIPV6 Deployment for Broadband Internet by Azura Mat Salim
IPV6 Deployment for Broadband Internet by Azura Mat Salim
 
IPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPsIPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPs
 
3hows
3hows3hows
3hows
 
Operational Challenges into the future
Operational Challenges into the futureOperational Challenges into the future
Operational Challenges into the future
 
Getting The World IPv6 Enabled
Getting The World IPv6 EnabledGetting The World IPv6 Enabled
Getting The World IPv6 Enabled
 
Oracle Cloud Networking And Security Exposed
Oracle Cloud Networking And Security Exposed Oracle Cloud Networking And Security Exposed
Oracle Cloud Networking And Security Exposed
 
IPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for MobilesIPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for Mobiles
 
Mobiles IPv6 Networks in 2015
Mobiles IPv6 Networks in 2015Mobiles IPv6 Networks in 2015
Mobiles IPv6 Networks in 2015
 
ARM 7: TOT IPv6 Deployment Experiences
ARM 7: TOT IPv6 Deployment ExperiencesARM 7: TOT IPv6 Deployment Experiences
ARM 7: TOT IPv6 Deployment Experiences
 
I pv6
I pv6I pv6
I pv6
 
testppt ch01(1)
testppt ch01(1)testppt ch01(1)
testppt ch01(1)
 
The Case for IPv6: Paving the Way for the Internet of Things
The Case for IPv6: Paving the Way for the Internet of ThingsThe Case for IPv6: Paving the Way for the Internet of Things
The Case for IPv6: Paving the Way for the Internet of Things
 
IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-on
 

Más de Network Utility Force

Introduction to Wide Area Network Routing
Introduction to Wide Area Network RoutingIntroduction to Wide Area Network Routing
Introduction to Wide Area Network Routing
Network Utility Force
 

Más de Network Utility Force (9)

IPv6 Enabled WiFi: Planning, Deployment and Best Practices
IPv6 Enabled WiFi: Planning, Deployment and Best PracticesIPv6 Enabled WiFi: Planning, Deployment and Best Practices
IPv6 Enabled WiFi: Planning, Deployment and Best Practices
 
Outdoor Municipal WiFi Case Study
Outdoor Municipal WiFi Case StudyOutdoor Municipal WiFi Case Study
Outdoor Municipal WiFi Case Study
 
IPv6 Technical Overview: Address Architecture, DHCPv6 and DNS
IPv6 Technical Overview: Address Architecture, DHCPv6 and DNSIPv6 Technical Overview: Address Architecture, DHCPv6 and DNS
IPv6 Technical Overview: Address Architecture, DHCPv6 and DNS
 
How to Plan and Conduct IPv6 Field Trials
How to Plan and Conduct IPv6 Field TrialsHow to Plan and Conduct IPv6 Field Trials
How to Plan and Conduct IPv6 Field Trials
 
IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014
IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014
IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014
 
Introduction to Wide Area Network Routing
Introduction to Wide Area Network RoutingIntroduction to Wide Area Network Routing
Introduction to Wide Area Network Routing
 
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 SummitNetwork Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit
 
Network Utility Force IPv6 training brochure
Network Utility Force IPv6 training brochureNetwork Utility Force IPv6 training brochure
Network Utility Force IPv6 training brochure
 
IPv6 Implementation and Migration
IPv6 Implementation and MigrationIPv6 Implementation and Migration
IPv6 Implementation and Migration
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Último (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Roadmap to Next Generation IP Networks: A Review of the Fundamentals

  • 1. © 2013 Utilities Telecom Council Delivering Your Future Roadmap to the Next Generation IP Network: A Review of the Fundamentals Brandon Ross Chief Network Architect and CEO Network Utility Force
  • 2. UTC TELECOM 2013 IPv6 Support Required for All IP-Capable Nodes – RFC 6540 Given the global lack of available IPv4 space, and limitations in IPv4 extension and transition technologies, this document advises that IPv6 support is no longer considered optional. It also cautions that there are places in existing IETF documents where the term "IP" is used in a way that could be misunderstood by implementers as the term "IP" becomes a generic that can mean IPv4 + IPv6, IPv6-only, or IPv4-only, depending on context and application.
  • 3. UTC TELECOM 2013 RFC 6540 • Are you aware of this requirement? • Are your nodes IPv6 capable?
  • 4. UTC TELECOM 2013 Background • IPv4 depletion is already occurring • IPv6 adoption is accelerating • Most network hardware supports IPv6 • For the most part, dual stack Just Works http://www.potaroo.net/tools IPv4 Free Pool Depletion http://www.ipv6actnow.org/info/statistics/#alloc IPv6 Routing Table Growth
  • 5. UTC TELECOM 2013 US Feds Lesson Learned The US federal government had a mandate for all public facing web services to support IPv6 by September 30, 2012. 287 of 1494 sites had IPv6 web support by the deadline. Today 961 of 1355 sites support IPv6. That’s over 70%. Not 100%, but far ahead of most other large organizations.Source: http://usgv6-deploymon.antd.nist.gov//
  • 6. UTC TELECOM 2013 What next? “Okay, my organization is convinced it’s time to begin IPv6 deployment, what do I need to consider?”
  • 7. UTC TELECOM 2013 Consider the Fundamentals of Best Practice The fundamentals haven’t changed a bit for IPv6, consider: • Security • Maintainability • Scalability • Performance • Flexibility
  • 8. UTC TELECOM 2013 Apply the Fundamentals What areas need the most attention? • Addressing plan • Interconnectivity • Bootstrapping/AAA • Security issues • Staff training • Transition
  • 9. UTC TELECOM 2013 IPv6 Address Space is VAST “IPv6 uses a 128-bit address, allowing 2128, or approximately 3.4×1038 addresses, or more than 7.9×1028 times as many as IPv4, which uses 32-bit addresses.” (Wikipedia) That’s 340 Undecillion! Undecillion is a number with 36 zeros. We must change our thinking about how to allocate address space to meet our best practice goals.
  • 10. UTC TELECOM 2013 State of Assignments • All of the registries, for the most part, assign initial blocks for  Service provider /32  Enterprise /48
  • 11. UTC TELECOM 2013 What makes up a good addressing plan? • Depends on the type of network, the size of the network, and problem to be solved • Points to consider  Documentation  Ease of troubleshooting  Aggregation  Standards compliance  Growth  SLAAC  Existing IPv4 addressing plan  Human factors
  • 12. UTC TELECOM 2013 Algorithmic Approaches • Interop took an algorithimic approach to IPv6 numbering • Encode every IPv4 address in your network in an IPv6 address 10.10.10.10 (A0A0A0A) 2001:DB8:A0A:A0A::
  • 13. UTC TELECOM 2013 Interconnectivity • Routing protocols have been updated, but the fundamental concepts remain the same – Run routing protocols such that they fail when the underlying transport fails • That means separate v4 and v6 protocols – For ease of management, configure IPv4 and IPv6 connectivity to follow the same paths – Also use the same routing policies whenever possible • Ask your Internet traffic peers, suppliers, partners and clients to begin transporting IPv6 traffic
  • 14. UTC TELECOM 2013 Bootstrapping/AAA • Some fundamental changes have been made to the bootstrap process to join an IPv6 network, all part of the Neighbor Discovery process – Router Advertisements (RA) – Tells potential clients about the routers and prefixes available on the network – StateLess Address Auto Configuration (SLAAC) • New in IPv6, allows a device to generate it’s own address • Supported universally – Dynamic Host Configuration Procotol v6 (DHCPv6) • Very similar to v4, can distribute address, DNS server, other information about the network • Good support, but far from universal
  • 15. UTC TELECOM 2013 Security Issues • Use the same diligence you used for IPv4 • Ask equipment vendors to support specific protections in IPv6 – RA-Guard – prevents an attacker from sending rogue RAs into the network and becoming a man-in-the-middle – DHCP-Shield – similar to RA-Guard in that it blocks fake DHCP servers from giving out false information • Ensure equipment supports all IPv4 features you use in IPv6 as well such as ACLs, anti-spoof filtering (RPF), etc. Why should v6 be any different in these areas? • Where firewalls are needed, ensure your choice of firewall supports v6 as well as v4. • NAT is NOT a security feature and v6 doesn’t have it
  • 16. UTC TELECOM 2013 Staff Training • Find an experienced organization to provide training • Service providers require a different level of scalability and maintainability than enterprise, use a trainer that understands SP’s unique challenges • Build a lab, get a tunnel to experiment with IPv6
  • 17. UTC TELECOM 2013 Transition • 3 types of transition technologies – Dual Stack • Hopefully will be the most common • Simply means running both v4 and v6 at the same time – Tunneling • Putting either IPv4 packets inside IPv6 packets or vice versa, depending on the situation • Can be useful to solve problems in certain areas, but in general, tunneling hurts performance and should be avoided when possible • Examples: 6rd, 6in4, 4in6, DS-Lite, MAP – Translation • Converting an IPv4 packet into an IPv6 packet or vice versa • Like in tunnels, can be useful in certain circumstances, especially for rapid deployment of IPv6 on public facing services such as web servers • Example: NAT64
  • 18. UTC TELECOM 2013 Conclusions • IPv6 works in the real world • There are challenges to implementing IPv6, but nothing show-stopping • Much of the Internet’s content is reachable over IPv6 (and growing fast) including all of Google, FaceBook and 3000 other sites • A much smaller percentage of Internet users have IPv6 connectivity (though this may change quickly with IPv4 depletion)
  • 19. Delivering Your Future Questions? Brandon Ross – bross@netuf.net - +1-404-635-6667 Download the presentation here: http://is.gd/19ckWM Or using this QR code: