Weitere ähnliche Inhalte Kürzlich hochgeladen (20) Enterprise Deployment at Cisco, the Enterprise by Kumar Reddy at gogoNET LIVE! 3 IPv6 Conference1. Deployment
Experiences with IPv6
Kumar Reddy
Director, Technical Marketing Engineering
Cisco Systems
With thanks to: Andrew Yourtchenko, Alok Wadhwa, Mayur Brahmankar, Jon Woolwine
© 2012 Cisco and/or its affiliates. All rights reserved.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
2. Dual Stack
© 2012 Cisco and/or its affiliates. All rights reserved.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
3. Outside – In
• Internet Evolution
• Business Continuity
• B2C, B2B
IPv4 Enterprise IPv6 Internet
Inside – Out
• Globalization
• Technology Leadership
• Industry mandate
• BYOD-Security-Visibility
• Flatten management plane
Dual-Stack Enterprise IPv4 Internet
http://www.cisco.com/en/US/netsol/ns817/networking_solutions_program_home.html
4. • Secured broad executive support
• Progress requires multi-functional teams – not just a networking problem
• Pursuing Outside-In and Inside-Out in parallel
• Coordinated equipment upgrades and software updates with fleet
upgrade program
• Made sure common client configurations were tested
• Made operational changes e.g. IPv6-specific security mechanisms and
monitoring solutions for IPv6 traffic
• To date
• Provided IPv6 access in approximately one-third of global offices –
tunnel access for interim connectivity
• IPv6-enabled 100% of the core network
• Observed Happy Eyeballs (RFC 6555) in action
• Observed IPv6 attacks
• Monitor worldwide usage with 6lab.cisco.com/stats
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
5. 38,98% of WiFi devices were Apple devices (13,53% iPhone, 7,28% iPad), 30,56% Intel devices
45,4% are doing 802.11n (up to 144Mbps on 2,4GHz band), 37,25% are doing 802.11n
(300Mbps / 5GHz), 13,88% are doing 802.11g (54Mbps / 2,4GHz), 3,47% are doing 802.11a
(54Mbps / 5GHz)
Example from IPv6 World Congress, Jan 2012
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
7. Early experiences with
IPv6-only WiFi on
2001:db8::d06:f00d/64
© 2012 Cisco and/or its affiliates. All rights reserved.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
8. • Scope
Series of experiments inside Cisco and at Public Conferences (e.g. Cisco Live) with
IPv6-only WiFi
Core network dual-stacked
Access to ‘legacy’ Internet through a NAT64
Tried both dedicated and shared Access Points with a “try me” IPv6 SSID
• Logistics
Volunteer based support – Red T-shirts offered as incentive
Each event was contained within a (very large) conference room, floor or campus
building
Email alias and wiki for support and report issues, findings – limited publicity
Kept list of applications that worked/didn’t work (user-reported)
Kept traffic statistics
• To know more
http://blogs.cisco.com/borderless/ipv6-at-ciscolive-san-diego/
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
10. Measure: Unique MACs with
IPv6 LL address
IPv6 global address
IPv6 with global EUI address
IPv4 global address
Measurements de-duplicate
privacy addresses
In 6 months *:
Dual stack-capable devices
increased from 47.5% to
77.5%
IPv6-using devices increased
by 87.3%
* Between IPv6 World Congress, Jan 2012
And Cisco Live US: June 2012
Dual stack capable : IPv4 global + IPv6 LL
IPv6 using : IPv6 global
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
11. • Network and client issues
• Different OS policies generate new privacy addresses at different times
• DHCPv6 not supported on some OS [versions]
• Some mobile OS’ don’t support IPv6-only at all – at best workaround with IPv4 + ACL
• Network devices still need IPv4 too
• Happy Eyeballs implementation varies across platforms/browsers
• Subtle First Hop/RA timer interactions
• Certain devices have a high sensitivity to SSID switching (with dual stack too)
• Very few mobile clients support IPv6 on radio interfaces
• Our network setup
• An old IPv4 multicast filter impacted RA distribution
• Our DNS server address is not easy to remember (next time use eg. 2001:DB8::53)
• User Experience
• Many users couldn’t tell if they were using IPv6 or not
• Test-ipv6.com, IPvFOO, IPv6 toolkit app etc are useful
• Poor user experience == frequent disconnects and long wait to associate
• Recorded 160 applications tried by users (at internal events)
• Generally collaboration applications broke through NAT64
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
12. • Before IPv6 turn on
A fair amount of selling is still required to overcome fear of the unknown
Knowledge of IPv6 outside core group(s)/enthusiasts can be superficial
• Support
No shortage of volunteers (T-shirt effect?) and lots of enthusiasm but actual
support provided by small groups of usual suspects
Real debug/troubleshooting skills are poorly distributed – this needs to change
• Dual stack
Worked well
• IPv6 only
See subtle network / client interactions
And not so subtle stack differences
And uncover old design “short-cuts”
And need changes e.g. security and management planes
And there are bugs to fix
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
13. Thank You
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13