DOCSLIB.ORG

Supporting Ipv6 in External DNS Services

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Supporting Ipv6 in External DNS Services SOLUTION NOTE Supporting IPv6 in External DNS Services You’ve seen the headlines; “The world is running out of Internet Addresses.” Indeed, the traditional IPv4 address space is reaching capacity. What does this mean to you? Is this like the Y2K bug? Is your network at risk to suddenly stop working? The answer is yes - and no. Yes, this is like the Y2K bug, in that the issue is suddenly getting a lot of attention in the media. But no, we are not going to wake up one day and find everything is broken. The gradual consumption of IPv4 addressing has been tracked for a long time and the industry has prepared technology to ease the transition. The most immediate impact will be felt by organizations who have not previously acquired an IPv4 Internet domain and address range - or existing organizations that need to expand their existing routable IPv4 space - because they might not be able to get anything but IPv6 addresses. IP Address consumption estimates from the Internet Assigned Numbers Authority (IANA) and various Regional Internet Registry (RIR) While IPv4 is not going away anytime soon, and will coexist with IPv6 on public networks for a time, all organizations should plan and prepare to support IPv6 because its adoption is accelerating. This paper will help you do that The Primary Issues As IPv6 is adopted on the Internet, enterprise IT organization Dual Stack must support business requirements to ensure that all external Web Server Internet services such as web sites, email and other application services are IPv6 capable. Therefore, you will need to support IPv6 in your external, internet-facing DNS server in your network’s DMZ. Dual Stack Firewall with IPv4 SMTP Server NAT Translation Many organizations are choosing not to immediately use IPv6 Internal on their internal networks due the cost and hassle of replacing IPv4 Network existing network infrastructure. That’s OK. At least for now, through Network Address Translation (NAT) support in edge Dual Stack External Server routers, organizations can continue to use non-routable IPv4 addresses on internal networks. For DNS, the primary difference between IPv4 and IPv6 is the type of record used to map names to addresses. IPv6 DNS DMZ records are called AAAA Records, which are capable of referencing host entries that contain the larger, 128bit address format of IPv6 addresses. In contrast, IPv4 DNS utilizes A Records which contain the traditional 32 bit addresses used in IPv4. Since IPv4 is not going away any time soon, your external DNS solution must simultaneously support both IPv6 and IPv4. In other words, your external DNS server should run dual IP protocol stacks and support both IPv4 A Records and IPv6 AAAA Records. ©2013 Infoblox Inc. All Rights Reserved. Infoblox-note-ipv6-in-external-dns-services-April2012 1 SOLUTION NOTE Supporting IPv6 in External DNS Services The Infoblox Solution An appliance-based Infoblox DNS solution is a simple and robust platform for IPv6 capable external DNS. Infoblox has dual stack IPv6/IPv4 support and will deliver both IPv4 DNS A records and IPv6 AAAA records to DNS requests from Internet Internet hosts over either protocol. This support, coupled with a dual stack server infrastructure on the other routing equipment, firewalls and web servers in the rest of the DMZ, can guarantee that both IPv4 and IPv6 users will reach an internet-facing web site. External Secondary External Secondary External Secondary Infoblox appliances provide a hardened system, which protects against privilege escalation and malware attacks, and is ready “out of box” for DMZ deployment. Infoblox Tok yo New York London appliances support High Availability features such as VRRP redundant hardware failover, and patented Infoblox Grid™ technology, which easily scales to support failover and recovery to a redundant data center. Grid Master Candidate Grid Master Hidden Primary Grid Master Candidate The Infoblox external DNS solution fully supports IPv4 and IPv6 DNS Security (DNSSEC) that has been tested Tok yo New York London for interoperability with root name servers and is Joint Interoperability Test Command (JITC) and Office of Management and Budget (OMB) compliant for government and military applications. Infoblox Grid “one-click” technology automates DNSSEC deployment and maintenance features such as certificate acquisition and signing key refresh to take the tedious, manual labor out of the equation when implementing a best- practice external DNS services. Summary The most pressing step for enterprise organizations preparing an IPv6 transition is to support IPv6 on Internet facing DNS network services. Deploying these services with dual stack support for IPv4 and IPv6 and using a DNS server that supports both IPv4 A records and IPv6 AAAA records will ensure the continued delivery of web services to customers and critical business communications like email available for all. The Infoblox solution meets these IPv6 requirements, is easy to deploy and maintain, and additionally provides superior DNSSEC support, High Availability, and enterprise Disaster Recovery. Infoblox Product Warranty and Services The standard hardware warranty is for a period of one year. The system software has a 90-day warranty that will meet published specifi- cations. Optional service products are also available that extend the hardware and software warranty. These products are recommended to ensure the appliance is kept updated with the latest software enhancements and to ensure the security and availability of the system. Professional services and training courses are also available from Infoblox. Information in this document is subject to change without notice. Infoblox Inc. assumes no responsibility for errors that appear in this document. Corporate Headquarters: +1.408.986.4000 1.866.463.6256 (toll-free, U.S. and Canada) [email protected] www.infoblox.com ©2013 Infoblox Inc. All Rights Reserved. Infoblox-note-ipv6-in-external-dns-services-April2012 2.
Load more

Recommended publications
  • Ipv6 – What Is It, Why Is It Important, and Who Is in Charge? … Answers to Common Questions from Policy Makers, Executives and Other Non­Technical Readers
    IPv6 – What is it, why is it important, and who is in charge? … answers to common questions from policy makers, executives and other non­technical readers. A factual paper prepared for and endorsed by the Chief Executive Officers of ICANN and all the Regional Internet Registries, October 2009. 1. What is IPv6? “IP” is the Internet Protocol, the set of digital communication codes which underlies the Internet infrastructure. IP allows the flow of packets of data between any pair of points on the network, providing the basic service upon which the entire Internet is built. Without IP, the Internet as we know it would not exist. Currently the Internet makes use of IP version 4, or IPv4, which is now reaching the limits of its capacity to address additional devices. IPv6 is the “next generation” of IP, which provides a vastly expanded address space. Using IPv6, the Internet will be able to grow to millions of times its current size, in terms of the numbers of people, devices and objects connected to it1. 2. Just how big is IPv6? To answer this question, we must compare the IPv6 address architecture with that of IPv4. The IPv4 address has 32 bits, allowing today’s Internet to connect up to around four billion devices. By contrast, IPv6 has an address of 128 bits. Because each additional bit doubles the size of the address space, an extra 96 bits increases the theoretical size of the address space by many trillions of times. For comparison, if IPv4 were represented as a golf ball, then IPv6 would be approaching the size of the Sun.2 IPv6 is certainly not infinite, but it is not going to run out any time soon.
    [Show full text]
  • Guidelines for the Secure Deployment of Ipv6
    Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks NIST Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Dr. Patrick D. Gallagher, Director GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-119 Natl. Inst. Stand. Technol. Spec. Publ. 800-119, 188 pages (Dec. 2010) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.
    [Show full text]
  • DOD Memorandum: Department of Defense Implementation of Internet
    DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON DC 20301-1010 June 29, 2021 MEMORANDUM FOR SENIOR PENTAGON LEADERSHIP DEFENSE AGENCY AND DOD FIELD ACTIVITY DIRECTORS SUBJECT: Directive-type Memorandum 21-004 – “Department of Defense Implementation of Internet Protocol Version 6” References: See Attachment 1 Purpose. Pursuant to the Federal requirements in Office of Management and Budget (OMB) Memorandum M-21-07, this directive-type memorandum (DTM): • Establishes policy, assigns responsibilities, and prescribes procedures for deploying and using Internet Protocol version 6 (IPv6) in DoD information systems. • Is effective June 29, 2021; it will be converted to a new DoD instruction. This DTM will expire effective 12 months from the date issuance is published on the DoD Issuances Website, June 29, 2022. Applicability. This DTM: • Applies to OSD, the Military Departments (including the Coast Guard at all times, including when it is a Service in the Department of Homeland Security by agreement with that Department), the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within DoD (referred to collectively in this issuance as the “DoD Components”). • Does not apply to National Security Systems, as defined by Committee on National Security Systems Instruction 4009. Definitions. See Glossary. Policy. Pursuant to OMB Memorandum M-21-07, all new networked DoD information systems that use internet protocol (IP) technologies will be IPv6-enabled before implementation and operational use by the end of fiscal year (FY) 2023.
    [Show full text]
  • Ipv6 Cheat Sheet
    Internet Protocol Version 6 (IPv6) Basics Cheat Sheet IPv6 Addresses by Jens Roesen /64 – lan segment, 18,446,744,073,709,551,616 v6 IPs IPv6 quick facts /48 – subscriber site, 65536 /64 lan segments successor of IPv4 • 128-bit long addresses • that's 296 times the IPv4 address space • that's 2128 or 3.4x1038 or over 340 /32 – minimum allocation size, 65536 /48 subscriber sites, allocated to ISPs undecillion IPs overall • customer usually gets a /64 subnet, which yields 4 billion times the Ipv4 address space • no need for network address translation (NAT) any more • no broadcasts any more • no ARP • stateless address 2001:0db8:0f61:a1ff:0000:0000:0000:0080 configuration without DHCP • improved multicast • easy IP renumbering • minimum MTU size 1280 • mobile IPv6 • global routing prefix subnet ID interface ID mandatory IPsec support • fixed IPv6 header size of 40 bytes • extension headers • jumbograms up to 4 GiB subnet prefix /64 IPv6 & ICMPv6 Headers IPv6 addresses are written in hexadecimal and divided into eight pairs of two byte blocks, each containing four hex IPv6 header digits. Addresses can be shortened by skipping leading zeros in each block. This would shorten our example address to 0 8 16 24 32 2001:db8:f61:a1ff:0:0:0:80. Additionally, once per IPv6 IP, we can replace consecutive blocks of zeros with a version traffic class flow label double colon: 2001:db8:f61:a1ff::80. The 64-bit interface ID can/should be in modified EUI-64 format. A MAC 00 03 ba 24 a9 6c payload length next header hop limit 48-bit MAC can be transformed to an 64-bit interface ID by inverting the 7th (universal) bit and inserting a ff and fe byte after rd source IPv6 address the 3 byte.
    [Show full text]
  • Ipv6 and DNS Ipv6 – the Future of IP
    IPv6 and DNS Chapters 22,29 CSA 442 IPv6 – The Future of IP • Current version of IP - version 4 - is over 20 years old • IPv4 has shown remarkable ability to move to new technologies – IP has accommodated dramatic changes since original design – Basic principles still appropriate today – Many new types of hardware – Scaling - from a few tens to a few tens of millions of computers • But, as with any old technology, it has some problems • IETF has proposed entirely new version to address some specific problems 1 Motivation for Change • Address space – 32 bit address space allows for over a million networks – But…all that is left is Class C and too small for many organizations – Predictions we would have run out of IP addresses by now – Besides, how will we network all our toasters and cell phones to the Internet? • Type of service – Different applications have different requirements for delivery reliability and speed ; i.e. real time data, quality of service – Current IP has type of service that's not often implemented • Multicast Name and Version Number • Preliminary versions called IP - Next Generation (IPng) • Several proposals all called IPng • One was selected and uses next available version number (6) – Version 5 was already assigned to an experimental protocol, ST, Streams Protocol • Result is IP version 6 (IPv6) • In the works since 1990 2 New Features of IPv6 • Address size - IPv6 addresses are 128bits – ~3*1038 possible addresses in theory • Header format - entirely different • Extension headers - Additional information stored
    [Show full text]
  • Ipv6: the Next Generation Internet Protocol 2
    GENERAL I ARTICLE IPv6: The Next Generation Internet Protocol 2. New Features in IPv6 Harsha Srinath IPv4, the workhorse protocol of the currently popular TePI IP protocol suite, is fast becoming obsolete. The exponen­ tial growth of the Internet is the main reason that has required the creation of the next generation of Internet Protocol-IPv6. IPv6 is ~uch more flexible and promises to take care of the address space and security issues in the Harsha Srinath is currently pursuing his MS foreseeable future. degree in Computer Science at the Center for In this part we explain the new features introduced in the Advanced Computer emerging Internet Protocol standard and why they have Studies (CACS) in been introduced. University of Louisiana at Lafayette, USA. His Birth of IPv6 research interests include networking with an As mentioned in Part 11 of the paper, the growth of the global emphasis on wireless Internet was exponential since its inception in the 1980's. The networks, distributed databases and data designers of this Internet Protocol (lPv4) never envisioned the mining. scale of the Internet, nor could they imagine its potential for growth. Unfortunately, this unprecedented growth apart from benefiting millions of users was not without ill consequences. It posed a potential threat that a day might come when virtually all Part 1, IPv4 and its shortcom­ IP address are exhausted. Further, with increasing monetary ings, Resonance, Vol.8, NO.3, pp.33-41,2003. transactions being done using the Internet, there was a need for more security features in the Internet Protocol. A development of a potential solution for this problem began during the late 1990s;The creation of a new version of the Internet Protocol, IPv6, the next-generation Internet Protocol (IPng), was approved by the Internet Engineering Steering Keywords Group on November 17, 1994 as a proposed standard.
    [Show full text]
  • ETSI White Paper on Ipv6 Best Practices, Benefits, Transition
    ETSI White Paper No. 35 IPv6 Best Practices, Benefits, Transition Challenges and the Way Forward First edition – August 2020 ISBN No. 979-10-92620-31-1 ETSI 06921 Sophia Antipolis CEDEX, France Tel +33 4 92 94 42 00 [email protected] www.etsi.org Contributing organizations and authors CAICT Zhiruo Liu China Telecom Chongfeng Xie, Cong Li Cisco Patrick Wetterwald, Pascal Thubert, Francois Clad Hewlett-Packard Enterprise Yanick Pouffary Huawei Giuseppe Fioccola, Xipeng Xiao, Georgios Karagiannis, Shucheng(Will) Liu KPN Eduard Metz Luxembourg University Latif Ladid PT Telecom Jose Cananao, Jose Palma Post Luxembourg Sébastien Lourdez Telefonica Luis M. Contreras IPv6 Best Practices, Benefits, Transition Challenges and the Way Forward 2 Contents Contributing organizations and authors 2 Contents 3 Executive Summary 6 1 Background 8 1.1 Why should IPv6 become a priority again? 8 1.2 Goals of this White Paper 9 2 IPv6 progress in the last 5 years 10 2.1 Devices supporting IPv6 10 2.2 Content (web sites, cloud services) supporting IPv6 11 2.3 Networks supporting IPv6 12 2.4 Number of IPv6 users 12 2.5 Amount of IPv6 traffic 13 2.6 IPv6 standardization progress 14 3 IPv6 service design for Mobile, Fixed broadband and enterprises 14 3.1 IPv6 transition solutions from operator perspective 15 3.1.1 For IPv6 introduction 16 3.1.2 For IPv6-only service delivery 17 3.2 IPv6 prefix and address assignment at the CPEs 22 3.2.1 For MBB UEs 23 3.2.2 For FBB RGs 23 3.2.3 For Enterprise CPEs 23 3.3 IPv6 Packet Transport 24 3.4 IPv6 deployment inside enterprise
    [Show full text]
  • Empirical Analysis of Ipv4 and Ipv6 Networks Through Dual-Stack Sites
    information Article Empirical Analysis of IPv4 and IPv6 Networks through Dual-Stack Sites Kwun-Hung Li and Kin-Yeung Wong * School of Science and Technology, The Open University of Hong Kong, Hong Kong, China; [email protected] * Correspondence: [email protected] Abstract: IPv6 is the most recent version of the Internet Protocol (IP), which can solve the problem of IPv4 address exhaustion and allow the growth of the Internet (particularly in the era of the Internet of Things). IPv6 networks have been deployed for more than a decade, and the deployment is still growing every year. This empirical study was conducted from the perspective of end users to evaluate IPv6 and IPv4 performance by sending probing traffic to 1792 dual-stack sites around the world. Connectivity, packet loss, hop count, round-trip time (RTT), and throughput were used as performance metrics. The results show that, compared with IPv4, IPv6 has better connectivity, lower packet loss, and similar hop count. However, compared with IPv4, it has higher latency and lower throughput. We compared our results with previous studies conducted in 2004, 2007, and 2014 to investigate the improvement of IPv6 networks. The results of the past 16 years have shown that the connectivity of IPv6 has increased by 1–4%, and the IPv6 RTT (194.85 ms) has been greatly reduced, but it is still longer than IPv4 (163.72 ms). The throughput of IPv6 is still lower than that of IPv4. Keywords: IPv6; IPv4; network performance; Internet; IoT Citation: Li, K.-H.; Wong, K.-Y. Empirical Analysis of IPv4 and IPv6 1.
    [Show full text]
  • Global Mobile Ipv6 Addressing Using Transition Mechanisms
    Global Mobile IPv6 Addressing using Transition Mechanisms Edgard Jamhour , Simone Storoz and Carlos Maziero Graduate Program in Applied Computer Science, Pontifical Catholic University of Paraná, Brazil. [email protected] [email protected] [email protected] Abstract and cellular networks) [2]. However, in order to provide connectivity to the global Internet, one must consider the The adoption of the Internet Protocol in mobile and shortage of IP version 4 (IPv4) addresses. The use of private wireless technologies has considerably increased the IPv4 addresses [4] was considered a temporary solution to number of hosts that can potentially access the global the IPv4 address shortage problem until a new addressing Internet. IPv6 is considered the long term solution for the scheme, IPv6, would be adopted [5]. Private addresses are IPv4 address shortage problem, but the transition from not considered a final solution because they are not IPv4 to IPv6 is supposed to be very gradual. Therefore, uniquely addressable. That is, a host with a private IPv4 there will be a long time during which both protocol address can start a session with a host with a public address, versions will coexist. To facilitate transition, the IETF using an address translation mechanism such as Network has set up a work group called NGTRANS (Next Address Translation (NAT), but not the contrary [6]. Generation TRANSition) which specifies mechanisms for supporting interoperability between IPv4 and IPv6. This IPv6 solves this problem by offering a virtually unlimited paper describes a new approach for implementing mobile address space. However, there is expected to be a long networks with global Internet connectivity using transition period during which it will be necessary for IPv4 transition mechanisms.
    [Show full text]
  • Ipv6 – Frequently Asked Questions (Faqs)
    IPv6 – Frequently Asked Questions (FAQs) GENERAL 1. What is IPv6? IPv6 (Internet Protocol version 6) is the latest version of the Internet Protocol that has been designed to supplement and eventually be the successor of IPv4, which is the protocol predominantly in use today. IPv6 was developed by the Internet Engineering Task Force (IETF). 2. What is the main limitation of IPv4? The biggest limitation of IPv4 is its 32-bit addressing space resulting in about 4.3 billion IP addresses only. The rapid growth of internet, wireless subscribers and deployment of NGN technology is leading to accelerated consumption of IP addresses with the result that IPv4 addresses are almost exhausted today. 3. What are the advantages of IPv6? The IPv6 offers several advantages over IPv4 as below: a) Large Address Space – There are 128 bits in IPv6 address compared to 32 bits in IPv4 address, thereby practically making available an almost infinite pool of IP addresses (340 trillion trillion trillion). b) Auto configuration – This is a plug and play feature which simplifies network configuration especially when the number of devices / nodes is very large like in typical sensor networks. It helps networks to quickly respond to crisis situations and facilitate adhoc network reorganisations. c) Simplified Header format with better Quality of Service (QoS) – The header format has been simplified in IPv6 which helps in faster routing and switching. There is also a traffic class and flow label field, improving streaming for several applications such as VoIP, interactive gaming, e-commerce, videos etc. d) IP Host Mobility – This feature enables a mobile node to arbitrarily change its location on an IP network while still remaining reachable and maintaining existing connections.
    [Show full text]
  • TR 102 235 V1.1.1 (2003-07) Technical Report
    ETSI TR 102 235 V1.1.1 (2003-07) Technical Report Methods for Testing and Specification (MTS); Internet Protocol Testing (IPT); Pre-normative Study for IPv6 Testing 2 ETSI TR 102 235 V1.1.1 (2003-07) Reference DTR/MTS-00083 Keywords IP, methodology, testing ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: [email protected] Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. © European Telecommunications Standards Institute 2003.
    [Show full text]
  • Best Practices: IP Guidelines for the IT Professional
    IP Guidelines for the IT Professional Best Practices Crestron Electronics, Inc. Original Instructions The U.S. English version of this document is the original instructions. All other languages are a translation of the original instructions. Crestron product development software is licensed to Crestron dealers and Crestron Service Providers (CSPs) under a limited nonexclusive, nontransferable Software Development Tools License Agreement. Crestron product operating system software is licensed to Crestron dealers, CSPs, and end-users under a separate End-User License Agreement. Both of these Agreements can be found on the Crestron website at www.crestron.com/legal/software_license_ agreement. The product warranty can be found at www.crestron.com/warranty. The specific patents that cover Crestron products are listed at www.crestron.com/legal/patents. Certain Crestron products contain open source software. For specific information, visit www.crestron.com/opensource. Crestron, the Crestron logo, 3-Series, 4-Series, CaptureLiveHD, Crestron Connected, Crestron Mobile Pro, Crestron Toolbox, DigitalMedia, DM, Fusion RV, and Smart Graphics are either trademarks or registered trademarks of Crestron Electronics, Inc. in the United States and/or other countries. Flash is either a trademark or registered trademark of Adobe Systems Incorporated in the United States and/or other countries. iPad is either a trademark or registered trademark of Apple, Inc. in the United States and/or other countries. Blu-ray is either a trademark or registered trademark of the Blu-ray Disc Association (BDA) in the United States and/or other countries. HDMI is either a trademark or registered trademark of HDMI Licensing LLC in the United States and/or other countries.
    [Show full text]