8/8/2011
SOSPG1: IPv6, Tomorrow’s Network Here Today.
Mark Brophy, I.T. Director, Rogers Townsend & Thomas Jim Small & Craig Weinhold CDW Advanced Technology Services
Session Overview
• Brief review of the characteristics of IPv4. • Introduction to some of the new characteristics of IPv6. This will not be a technical deep dive. • Briefff outline of a possible migration strategy. • Setting the record strait on a few points. • On to the experts! – Q&A period with Jim and Craig as they share their real world view and experiences with IPv6 migrations.
“In the beginning…”
God created the Internet and AOL. Now the Internet was formless and empty, (no Facebook) and darkness was over the surface of the deep, and the Spirit of God was hovering over the routers.
And God said, “Ping 127.0.0.1,” and there were packets.
1 8/8/2011
Remember this?
• Class A 0-126 (roughly 16 million hosts/network) • Class B 128-191 (65,536 hosts/network) • Class C 192-223 (256 hosts/network) There are only 4,294,967,296 possible unique IPv4 addresses in the entire world. IANA's primary address pool was exhausted on February 3, 2011 when the last 5 blocks were allocated to the 5 RIRs. APNIC was the first RIR to exhaust its regional pool on 15 April 2011, except for a small amount of address space reserved for the transition to IPv6, intended be allocated in a restricted process
The Band-Aid
• Network Address Translation. • Private address ranges created. • 10.0.0.0 to 10.255.255.255 • 172.16.0.0 172.31.255.255 • 192.168.0.0 192.168.255.255
But it broke end to end transmission between hosts.
A Typical IPv4 Network
Layer 3 Switching
Layer 2 Switching
2 8/8/2011
IPv4 • The current version of IP (known as Version 4 or IPv4) has not been substantially changed since RFC 791 was published in 1981. • The initial design did not anticipate the recent exponential growth of the Internet, Internet devices and the exhaustion of the IPv4 address space. • IPv4 addresses are become relatively scarce, forcing some organizations to use a Network Address Translator (NAT) to map multiple private addresses to a single public IP address. While NATs promote reuse of the private address space, they do not support standards-based network layer security or the correct mapping of all higher layer protocols and can create problems when connecting two organizations that use the private address space. • The growth of the Internet and the ability of Internet backbone routers to maintain large routing tables is burdensome. There are routinely over 85,000 routes in the routing tables of Internet backbone routers. The current IPv4 Internet routing infrastructure is a combination of both flat and hierarchical routing. • The requirement for security at the IP level. • The need for better support for real-time delivery of data—also called quality of service (QoS). • With more computers and devices using IP, there is a need for a simpler and more automatic configuration of addresses and other configuration settings that do not rely on the administration of a DHCP infrastructure.
Meet IPv6
IPv6 was developed by the Internet Engineering Task Force (IETF) to and is described in Internet standard document RFC 2460, published in December 1998.
About IPv4 and IPv6
3 8/8/2011
What an IPv6 network might look like.
This is just one out of many possibilities of what a network running IPv6 might resemble. Your network may vary.
The 5 Steps to IPv6
Step 1 Design
Step 2 IPv6 Ready
Step 3 IPv6 Testing
Step 4 Dual stack
Step 5 Bye Bye IPv4
The 5 Steps to IPv6
Keep it simple
Design for growth
Work with /48, /52, /56, /60 or /64
4 8/8/2011
Step 1 - Training
IPv6 will affect every single member of an IT Department from Entry Level Help Desk to Application/Web Developers to Senior Network Engineers.
New terminology
• Dual IP stack • IPv4-mapped IPv6 addresses • 6 to 4 Tunneling • TdTeredo • Stateless Auto Configuration • Stateful Auto Configuration • Sites not Subnets
What’s wrong with this address?
• 207.144.117.193 • 10.100.0.240 • 192.168.1.19 • 169.254.108.53 • 192.168.255.1 • 127.0.0.1
5 8/8/2011
What’s wrong with this address?
• 207.144.117.193 • 10.100.0.240 • 192.168.1.19 • 169.254.108.53 • 192.168.255.1 • 127.0.0.1
What’s wrong with this address?
• 2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A • 2001:DB8:0:2F3B:2AA:FF:FE28:9C5A • 2001:0DB8:0000:2F3B:02AG:00FF:FE28:9C5A • ::1
What’s wrong with this address?
• 2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A • 2001:DB8:0:2F3B:2AA:FF:FE28:9C5A • 2001:0DB8:0000:2F3B:02AG:00FF:FE28:9C5A • ::1
6 8/8/2011
Same address, different syntax
• 2001:0DB8:0000:0000:0008:8000:0000:417A • 2001:DB8:0:0:8:8000:0:417A • 2001:DB8::8:8000:0:417A • 2001:DB8:0:0:8:8000::417A • 2001:db8::8:8000:417A Why? To improve readability.
The 5 Steps to IPv6
Network devices
Operating Systems
Applications
IPv6 Ready Logo Program www.ipv6ready.org
Redmond’s Stance
• From Microsoft's perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server 2008, or later versions, some components will not function.
• http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx
7 8/8/2011
For Example: Turning off IPv6
• Hyper-V cluster - It is not possible to add a new node to an existing cluster. • TMG server - RRAS breaks. • Exchange - Mailflow & Installation problems. • Direct Access - Does not work. • SBS Server – Exchange services fail to start & network shows offline. Even if you don not configure your workstations to use IPv6, starting with Vista, Windows tunnels all IPv4 traffic through the IPv6 stack. Why? -more efficient protocols. Just leave it on but beware. Windows DoS vulnerability. http://www.youtube.com/watch?v=GA_w87K_Iuo
The 5 Steps to IPv6
IPv6 network device
IPv6 Application
IPv6 User
Testing Status Report
• Network devices: Most of your current network devices have are IPv6 ready. In some products, it may be as simple as just turning on the feature. Massive hardware upgrades should not be in order unless you are running hardware built prior to 2002. • Most, if not all, major Operating Systems are IPv6 capable.
8 8/8/2011
Testing Status Report • Applications: Going to be a rough road. A lot are not there yet and will need to be reviewed. For Instance with Exchange 2010… Source Feature IPv6 supported
Transport
Transport
Transport
Unified Messaging
The 5 Steps to IPv6 cont.
The Bottom Line
• We’re out of IPv4 address space. • •IPv6 must be adopted for continued Internet growth. • •IPv6 is not backwards compatible with IPv4. • •We must maintain IPv4 and IPv6 simultaneously for many years. • •IPv6 deployment has begun.
9 8/8/2011
On to our Experts
We have some questions of our own prepared, but feel free to join us and ask your own questions.
Without further ado…
Questions
#1 If IPv6 has been around since 1998, then there must be plenty of stable products and services running IPv6, right?
Questions
#2 I've heard some people say IPv6 is more secure than IPv4, while others say it is less secure than IPv4. What is this about?
10 8/8/2011
Questions
#3 I have enough addresses today. Why should I bother implementing IPv6? Should I even be considering implementing IPv6?
Questions
#4
What’s going on with DHCP? Do we still need it?
Questions
#5
So how much will the transition to IPv6 cost me?
11 8/8/2011
Any other questions?
Other IPv6 Session today
Please check out IPv6: The Ins and Outs ETPG6 at 1:30 today for a different IPv6 session by the Emerging Technologies Group
Check out the IPv6 demo in vendors area.
THANK YOU FOR ATTENNDING!
References and Light Reading
• Abstract: Introduction to IP Version 6 –Microsoft Corporation Published September 2003, updated January 2008. http://www.microsoft.com/ipv6 • IPv6 for the Reluctant. Mark Minasi, TechEd2009 Europe. • Migrating to IPv6 with Windows Server 2008 R2 and Windows 7, Martijn Bellaard, TechEd2011 • FAQ Internet Society http://www.isoc.org/internet/issues/ipv6_faq.shtml • IPv4 Depletion IPv6 Adoption, American Registry for Internet Numbers, Nov. 11, 2010 https://www.arin.net/knowledge/v4_deplete_v6_adopt.pdf • National Institute of Standards and Technology: U.S. Department of Commerce Special Publication 800-119 -Guidelines for the Secure Deployment of IPv6, December 2010.
12 8/8/2011
Cool Tools & Sites
• IPv6 Connectivity tool. http://test-ipv6.com • http://www.worldipv6day.org/ • Ipv6 Readiness Logo http://www.ipv6forum.com/
13