SlideShare ist ein Scribd-Unternehmen logo

Successfully Deploying IPv6

Zivaro Inc
Zivaro Inc

This document summarizes a presentation on successfully deploying IPv6. The presentation covers dual stack migration planning, training for deployment success, addressing challenges, IPv6 routing, dual-protocol applications, and troubleshooting dual-protocol networks. The presentation advises organizations to add IPv6 while continuing to run IPv4 for many years, treat IPv6 deployment as a long-term program rather than a project, and focus initial efforts on internet-facing devices.

Technologie
1 von 15
Downloaden Sie, um offline zu lesen
© 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Successfully  Deploying  IPv6   Presented  by  Sco8  Hogg,  CTO  GTRI   NANOG  On  The  Road  7  –  Herndon,  VA   June  23rd,  2015  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Dual Stack Migration Planning Pitfalls •  Training for IPv6 Deployment Success •  Addressing Challenges •  IPv6 Routing •  Dual-Protocol Applications •  Troubleshooting Dual-Protocol Networks Agenda  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Organizations using IPv4 today will add IPv6 as a separate protocol, run them in parallel for many years, then after many years, start to disable IPv4. IPv6  Planning  –  Dual  Stack  MigraOon   IPv4  Deployment   IPv6  Deployment   Time  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Failing to build a cross-function IPv6 deployment team –  Multidisciplinary, Collaborative, Cooperative •  Organizations need to treat IPv6 as a “Program” not just like a typical smaller IT “Project”. –  IPv6 transition is made up of many projects that will span multiple years and cross the entire enterprise. •  Regular/Frequent meetings are key to maintaining pace. •  Just like anything, executive buy-in and support is essential. IPv6  Planning  PiPalls  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t try to look at everything, identify devices requiring IPv6 •  Focus your efforts on the Internet perimeter. –  Look at every device in the transmission path (IPS, WAF, web proxy, DLP, …). •  The good news is you have waited to deploy IPv6. –  Now most IT products come standard with IPv6 capabilities. •  Don’t be concerned about an IPv4-only management plane. –  You can continue to manage systems over IPv4. •  Some devices may remain IPv4-only until they are decommissioned. Performing  an  IPv6  Readiness  Assessment  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assume your IT organization has not taken the initiative to immerse themselves in learning IPv6. •  People need to be trained early in the process, but not too early that they forget what they learned. –  Train “just in time”, not years before an IPv6 address is actually configured on a production device. •  Train for different skillsets (appdev, sysadmin, net admin, sec admin, helpdesk, PMs, …). •  Much of your IPv4 experience is applicable to IPv6. •  Don’t fear the larger addresses – Learn to “Think in Hex”. Training  for  Success  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  IPv4-Think is dangerous when planning IPv6 addressing –  Crazy Talk: Using decimal #s, embedding VLAN #, IPv4 address converted to hex •  There is no scarcity of IPv6 addresses –  If there is no scarcity, there can be no waste –  Don’t try to assign only the minimum-needed prefix length –  Plan for the number of subnets, not the number of hosts •  Perform addressing for simplicity and ease of use and management –  Don’t be concerned about lots of reserved space IPv6  Addressing  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t force levels of hierarchy that are not needed. •  Use standard prefix lengths: /48, /56, /64 •  Use nibble-boundary – don’t use /50, /57, /65, … •  Consistency between sites can increase operational efficiency, however, not every site needs the same addressing plan. –  Branches need a different plan than a data center “site”. •  Stick with Global Unicast Addresses (GUA) 2000::/3 –  Use these everywhere, you don’t need NAT •  Avoid Unique Local Addresses (ULA) FC00::/7 IPv6  Addressing  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  IP addressing and routing go hand-in-hand. •  All IP routing protocols have IPv6 capabilities. •  Separating control plane for two data planes can be desirable. –  Establish BGP peer over IPv4 TCP 179 for sharing IPv4 routes –  Establish BGP peer over IPv6 TCP 179 for sharing IPv6 routes •  Don’t forget to use a 32-bit RID to the IPv6 routing process. •  Peering using global (preferred) or link-local addresses. •  Consider using locally-administered link-local addresses. –  fe80::cccc:0001, fe80::dddd:0002, … •  Type carefully – don’t fat-finger the address IPv6  RouOng  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assessing current code for IPv6-capability –  Most applications do not create socket-level connections. –  Most applications use higher-level APIs or rely on lower-level web services for connectivity. •  Create code that is Address-Family (AF) independent. •  Presentation-to-Numeric (p2n) & Numeric-to-Presentation (n2p) –  Robustness principle: Be conservative in what you send, be liberal in what you accept. •  Be careful of data structures for storing 128-bit addresses. •  Create code that performs dual-protocol DNS resolution and incorporates Happy Eyeballs (RFC 6555). •  Write code that properly handles Path MTU Discovery (PMTUD). Dual-­‐Protocol  ApplicaOons  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Understand how IPv4 and IPv6 are different in terms of networking (NDP, extension headers, dynamic tunnels) •  Don’t deploy IPv6 if you lack the products to secure the protocol properly. •  Don’t be overly worried about IPv6 NDP security weaknesses. –  You haven’t secured your IPv4 LANs either. –  https://community.infoblox.com/blogs/2015/02/10/holding- ipv6-neighbor-discovery-higher-standard-security IPv6  Security  ConsideraOons  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Even if you do not deploy IPv6, there could still be IPv6- related issues that you must deal with. •  You now have IPv6-enabled nodes in your environment. •  Using a disciplined troubleshooting methodology will pay dividends when dealing with multi-part problems. •  Troubleshoot IPv6 in segments (LAN1, WAN, LAN2). •  Troubleshooting NDP requires a magnifying lens. –  You may need to break out the protocol analyzer. –  Looking for an IPv6 needle in a haystack of IPv4. TroubleshooOng  Dual  Protocol  Networks  
© 2015 Global Technology Resources, Inc. All Rights Reserved. TroubleshooOng  Dual  Protocol  Networks   Applicatio n Layer Transport Layer Internet Layer Link Layer IPv4 IPv6 ARP ICMP IGMP TCP UDP SCTP HTTP(S)   SSH   SMTP   TFTP   DHCP   DNS   SIP   WebRTC   TLS/SSL   SNMP   BGP   DCCP T1/E1/T3/E3 SONET SDH ICMPv6 NDP MLD Ethernet Wireless
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  View yourself from the Internet-perspective –  Leverage IPv6-capable looking glasses –  Is your traffic really using IPv6? •  In a dual-protocol environment there are many tasks that will need to be performed twice (once for each IP version). •  Some connections could use IPv4 and/or IPv6 –  Web pages could be delivered over a combination of protocols. How do you know which protocol was used? –  IPv6 Browser add-ons, plug-ins can be helpful TroubleshooOng  Dual  Protocol  Networks  
© 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Thank  You!   Sco8  Hogg,  CTO  GTRI   303-­‐949-­‐4865    |    shogg  at  gtri.com  

Empfohlen

IPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadbandIPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadband
APNIC
 
Basics of IP Addressing
Basics of IP AddressingBasics of IP Addressing
Basics of IP Addressing
Kushal Sheth
 
IoT Development - Opportunities and Challenges
IoT Development - Opportunities and ChallengesIoT Development - Opportunities and Challenges
IoT Development - Opportunities and Challenges
Asim Rais Siddiqui
 
IP Address
IP AddressIP Address
IP Address
Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11
Irsandi Hasan
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
sreelekha appakondappagari
 
Internet protocol (ip)
Internet protocol (ip)Internet protocol (ip)
Internet protocol (ip)
junnubabu
 
Ipv4 and Ipv6
Ipv4 and Ipv6Ipv4 and Ipv6
Ipv4 and Ipv6
Rishav Bhurtel
 

Empfohlen

IPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadbandIPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadband
APNIC
 
Basics of IP Addressing
Basics of IP AddressingBasics of IP Addressing
Basics of IP Addressing
Kushal Sheth
 
IoT Development - Opportunities and Challenges
IoT Development - Opportunities and ChallengesIoT Development - Opportunities and Challenges
IoT Development - Opportunities and Challenges
Asim Rais Siddiqui
 
IP Address
IP AddressIP Address
IP Address
Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11
Irsandi Hasan
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
sreelekha appakondappagari
 
Internet protocol (ip)
Internet protocol (ip)Internet protocol (ip)
Internet protocol (ip)
junnubabu
 
Ipv4 and Ipv6
Ipv4 and Ipv6Ipv4 and Ipv6
Ipv4 and Ipv6
Rishav Bhurtel
 
RFID with INTERNET OF THINGS
RFID with INTERNET OF THINGSRFID with INTERNET OF THINGS
RFID with INTERNET OF THINGS
Bino Mathew Varghese
 
WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)
Sajid Marwat
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Peter R. Egli
 
InfiniBand Presentation
InfiniBand PresentationInfiniBand Presentation
InfiniBand Presentation
Shekhar Kumar
 
Network administration and Management
Network administration and ManagementNetwork administration and Management
Network administration and Management
Bry Cunal
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
OECLIB Odisha Electronics Control Library
 
CCNA IP Addressing
CCNA IP AddressingCCNA IP Addressing
CCNA IP Addressing
Dsunte Wilson
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
gr9293
 
Protocol for Secure Communication
Protocol for Secure CommunicationProtocol for Secure Communication
Protocol for Secure Communication
chauhankapil
 
A very good introduction to IPv6
A very good introduction to IPv6A very good introduction to IPv6
A very good introduction to IPv6
Syed Arshad
 
IPv6
IPv6IPv6
IPv6
Talal Alsubaie
 
Wireless communication technologies
Wireless communication technologiesWireless communication technologies
Wireless communication technologies
Chandrakant Choure
 
IP Address
IP AddressIP Address
IP Address
Rahul P
 
Ip addressing
Ip addressingIp addressing
Ip addressing
Online
 
CCNA v6.0 ITN - Chapter 06
CCNA v6.0 ITN - Chapter 06CCNA v6.0 ITN - Chapter 06
CCNA v6.0 ITN - Chapter 06
Irsandi Hasan
 
IP addressing and Subnetting PPT
IP addressing and Subnetting PPTIP addressing and Subnetting PPT
IP addressing and Subnetting PPT
Pijush Kanti Das
 
CCNA Report
CCNA ReportCCNA Report
CCNA Report
Abhishek Parihari
 
IPV6 INTRODUCTION
IPV6 INTRODUCTIONIPV6 INTRODUCTION
IPV6 INTRODUCTION
AVINASH JURIANI
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
Manoj Gharate
 
Wi-Fi For Beginners - Module 3 - Access Points (APs)
Wi-Fi For Beginners - Module 3 - Access Points (APs)Wi-Fi For Beginners - Module 3 - Access Points (APs)
Wi-Fi For Beginners - Module 3 - Access Points (APs)
Nigel Bowden
 
Using Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced ThreatsUsing Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
Zivaro Inc
 

Weitere ähnliche Inhalte

Was ist angesagt?

WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)
Sajid Marwat
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Peter R. Egli
 

Was ist angesagt? (20)

RFID with INTERNET OF THINGS
RFID with INTERNET OF THINGSRFID with INTERNET OF THINGS
RFID with INTERNET OF THINGS
 
WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
 
InfiniBand Presentation
InfiniBand PresentationInfiniBand Presentation
InfiniBand Presentation
 
Network administration and Management
Network administration and ManagementNetwork administration and Management
Network administration and Management
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
 
CCNA IP Addressing
CCNA IP AddressingCCNA IP Addressing
CCNA IP Addressing
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
 
Protocol for Secure Communication
Protocol for Secure CommunicationProtocol for Secure Communication
Protocol for Secure Communication
 
A very good introduction to IPv6
A very good introduction to IPv6A very good introduction to IPv6
A very good introduction to IPv6
 
IPv6
IPv6IPv6
IPv6
 
Wireless communication technologies
Wireless communication technologiesWireless communication technologies
Wireless communication technologies
 
IP Address
IP AddressIP Address
IP Address
 
Ip addressing
Ip addressingIp addressing
Ip addressing
 
CCNA v6.0 ITN - Chapter 06
CCNA v6.0 ITN - Chapter 06CCNA v6.0 ITN - Chapter 06
CCNA v6.0 ITN - Chapter 06
 
IP addressing and Subnetting PPT
IP addressing and Subnetting PPTIP addressing and Subnetting PPT
IP addressing and Subnetting PPT
 
CCNA Report
CCNA ReportCCNA Report
CCNA Report
 
IPV6 INTRODUCTION
IPV6 INTRODUCTIONIPV6 INTRODUCTION
IPV6 INTRODUCTION
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
 
Wi-Fi For Beginners - Module 3 - Access Points (APs)
Wi-Fi For Beginners - Module 3 - Access Points (APs)Wi-Fi For Beginners - Module 3 - Access Points (APs)
Wi-Fi For Beginners - Module 3 - Access Points (APs)
 

Andere mochten auch

Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn'tSingle Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
Zivaro Inc
 
Support Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network ArchitectureSupport Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network Architecture
Zivaro Inc
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSX
Zivaro Inc
 
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Horacio Gonzalez
 

Andere mochten auch (20)

Using Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced ThreatsUsing Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced Threats
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn'tSingle Glass of Pain: See Your World, Maybe You Wish You Hadn't
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?Post IPv6 Implementation and Security: Now What?
Post IPv6 Implementation and Security: Now What?
 
IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013
 
Support Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network ArchitectureSupport Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network Architecture
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology Brief
 
GTRI.com Splunk for Vmware APP
GTRI.com Splunk for Vmware APPGTRI.com Splunk for Vmware APP
GTRI.com Splunk for Vmware APP
 
Splunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.comSplunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.com
 
Splunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DaySplunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech Day
 
Software-Defined WAN 101
Software-Defined WAN 101Software-Defined WAN 101
Software-Defined WAN 101
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSX
 
GTRI Splunk Overview - Splunk Tech Day
GTRI Splunk Overview - Splunk Tech DayGTRI Splunk Overview - Splunk Tech Day
GTRI Splunk Overview - Splunk Tech Day
 
Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013
Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013
Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013
 
GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech Day
 
Big Data Workshop: Splunk and Dell EMC...Better Together
Big Data Workshop: Splunk and Dell EMC...Better TogetherBig Data Workshop: Splunk and Dell EMC...Better Together
Big Data Workshop: Splunk and Dell EMC...Better Together
 
Organizational Change Management
Organizational Change ManagementOrganizational Change Management
Organizational Change Management
 
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
 
Beyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security TechnologiesBeyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security Technologies
 

Ähnlich wie Successfully Deploying IPv6

IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
Rochester Security Summit
 
Top 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres DeploymentTop 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres Deployment
EDB
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Network Utility Force
 

Ähnlich wie Successfully Deploying IPv6 (20)

IPv6 at LinkedIn
IPv6 at LinkedInIPv6 at LinkedIn
IPv6 at LinkedIn
 
12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities Report
 
Preparing for IPv6 implementation using Artificial Intelligence (AI) presenta...
Preparing for IPv6 implementation using Artificial Intelligence (AI) presenta...Preparing for IPv6 implementation using Artificial Intelligence (AI) presenta...
Preparing for IPv6 implementation using Artificial Intelligence (AI) presenta...
 
12 steps for IPv6 Deployment in Governments and Enterprises
12 steps for IPv6 Deployment in Governments and Enterprises12 steps for IPv6 Deployment in Governments and Enterprises
12 steps for IPv6 Deployment in Governments and Enterprises
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
Top 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres DeploymentTop 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres Deployment
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
 
3hows
3hows3hows
3hows
 
Edge 2016 IPv6 is here: the future is now
Edge 2016 IPv6 is here: the future is nowEdge 2016 IPv6 is here: the future is now
Edge 2016 IPv6 is here: the future is now
 
IPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPsIPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPs
 
IETF Activities Update
IETF Activities UpdateIETF Activities Update
IETF Activities Update
 
VNIX-NOG 2023: IPv6 Deployment in government networks
VNIX-NOG 2023: IPv6 Deployment in government networksVNIX-NOG 2023: IPv6 Deployment in government networks
VNIX-NOG 2023: IPv6 Deployment in government networks
 
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
 
Presd1 09
Presd1 09Presd1 09
Presd1 09
 
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other ObservationsAusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
AusNOG 2011 - Residential IPv6 CPE - What Not to Do and Other Observations
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6
 
npNOG 5: IPv6 Deployment Update
npNOG 5: IPv6 Deployment UpdatenpNOG 5: IPv6 Deployment Update
npNOG 5: IPv6 Deployment Update
 
IPv6 on the Interop Network
IPv6 on the Interop NetworkIPv6 on the Interop Network
IPv6 on the Interop Network
 

Mehr von Zivaro Inc

Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 

Mehr von Zivaro Inc (8)

How to Rightsize Your Citrix Investment
How to Rightsize Your Citrix InvestmentHow to Rightsize Your Citrix Investment
How to Rightsize Your Citrix Investment
 
On-Prem vs. Cloud Collaboration Showdown
On-Prem vs. Cloud Collaboration ShowdownOn-Prem vs. Cloud Collaboration Showdown
On-Prem vs. Cloud Collaboration Showdown
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same Coin
 
Denver Big Data Analytics Day
Denver Big Data Analytics DayDenver Big Data Analytics Day
Denver Big Data Analytics Day
 
Cisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined NetworkingCisco ACI: A New Approach to Software Defined Networking
Cisco ACI: A New Approach to Software Defined Networking
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DaySplunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
 
GTRI Splunk Elite Partner Capabilities
GTRI Splunk Elite Partner CapabilitiesGTRI Splunk Elite Partner Capabilities
GTRI Splunk Elite Partner Capabilities
 

Kürzlich hochgeladen

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Kürzlich hochgeladen (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

Successfully Deploying IPv6

  • 1. © 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Successfully  Deploying  IPv6   Presented  by  Sco8  Hogg,  CTO  GTRI   NANOG  On  The  Road  7  –  Herndon,  VA   June  23rd,  2015  
  • 2. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Dual Stack Migration Planning Pitfalls •  Training for IPv6 Deployment Success •  Addressing Challenges •  IPv6 Routing •  Dual-Protocol Applications •  Troubleshooting Dual-Protocol Networks Agenda  
  • 3. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Organizations using IPv4 today will add IPv6 as a separate protocol, run them in parallel for many years, then after many years, start to disable IPv4. IPv6  Planning  –  Dual  Stack  MigraOon   IPv4  Deployment   IPv6  Deployment   Time  
  • 4. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Failing to build a cross-function IPv6 deployment team –  Multidisciplinary, Collaborative, Cooperative •  Organizations need to treat IPv6 as a “Program” not just like a typical smaller IT “Project”. –  IPv6 transition is made up of many projects that will span multiple years and cross the entire enterprise. •  Regular/Frequent meetings are key to maintaining pace. •  Just like anything, executive buy-in and support is essential. IPv6  Planning  PiPalls  
  • 5. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t try to look at everything, identify devices requiring IPv6 •  Focus your efforts on the Internet perimeter. –  Look at every device in the transmission path (IPS, WAF, web proxy, DLP, …). •  The good news is you have waited to deploy IPv6. –  Now most IT products come standard with IPv6 capabilities. •  Don’t be concerned about an IPv4-only management plane. –  You can continue to manage systems over IPv4. •  Some devices may remain IPv4-only until they are decommissioned. Performing  an  IPv6  Readiness  Assessment  
  • 6. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assume your IT organization has not taken the initiative to immerse themselves in learning IPv6. •  People need to be trained early in the process, but not too early that they forget what they learned. –  Train “just in time”, not years before an IPv6 address is actually configured on a production device. •  Train for different skillsets (appdev, sysadmin, net admin, sec admin, helpdesk, PMs, …). •  Much of your IPv4 experience is applicable to IPv6. •  Don’t fear the larger addresses – Learn to “Think in Hex”. Training  for  Success  
  • 7. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  IPv4-Think is dangerous when planning IPv6 addressing –  Crazy Talk: Using decimal #s, embedding VLAN #, IPv4 address converted to hex •  There is no scarcity of IPv6 addresses –  If there is no scarcity, there can be no waste –  Don’t try to assign only the minimum-needed prefix length –  Plan for the number of subnets, not the number of hosts •  Perform addressing for simplicity and ease of use and management –  Don’t be concerned about lots of reserved space IPv6  Addressing  
  • 8. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t force levels of hierarchy that are not needed. •  Use standard prefix lengths: /48, /56, /64 •  Use nibble-boundary – don’t use /50, /57, /65, … •  Consistency between sites can increase operational efficiency, however, not every site needs the same addressing plan. –  Branches need a different plan than a data center “site”. •  Stick with Global Unicast Addresses (GUA) 2000::/3 –  Use these everywhere, you don’t need NAT •  Avoid Unique Local Addresses (ULA) FC00::/7 IPv6  Addressing  
  • 9. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  IP addressing and routing go hand-in-hand. •  All IP routing protocols have IPv6 capabilities. •  Separating control plane for two data planes can be desirable. –  Establish BGP peer over IPv4 TCP 179 for sharing IPv4 routes –  Establish BGP peer over IPv6 TCP 179 for sharing IPv6 routes •  Don’t forget to use a 32-bit RID to the IPv6 routing process. •  Peering using global (preferred) or link-local addresses. •  Consider using locally-administered link-local addresses. –  fe80::cccc:0001, fe80::dddd:0002, … •  Type carefully – don’t fat-finger the address IPv6  RouOng  
  • 10. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assessing current code for IPv6-capability –  Most applications do not create socket-level connections. –  Most applications use higher-level APIs or rely on lower-level web services for connectivity. •  Create code that is Address-Family (AF) independent. •  Presentation-to-Numeric (p2n) & Numeric-to-Presentation (n2p) –  Robustness principle: Be conservative in what you send, be liberal in what you accept. •  Be careful of data structures for storing 128-bit addresses. •  Create code that performs dual-protocol DNS resolution and incorporates Happy Eyeballs (RFC 6555). •  Write code that properly handles Path MTU Discovery (PMTUD). Dual-­‐Protocol  ApplicaOons  
  • 11. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Understand how IPv4 and IPv6 are different in terms of networking (NDP, extension headers, dynamic tunnels) •  Don’t deploy IPv6 if you lack the products to secure the protocol properly. •  Don’t be overly worried about IPv6 NDP security weaknesses. –  You haven’t secured your IPv4 LANs either. –  https://community.infoblox.com/blogs/2015/02/10/holding- ipv6-neighbor-discovery-higher-standard-security IPv6  Security  ConsideraOons  
  • 12. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  Even if you do not deploy IPv6, there could still be IPv6- related issues that you must deal with. •  You now have IPv6-enabled nodes in your environment. •  Using a disciplined troubleshooting methodology will pay dividends when dealing with multi-part problems. •  Troubleshoot IPv6 in segments (LAN1, WAN, LAN2). •  Troubleshooting NDP requires a magnifying lens. –  You may need to break out the protocol analyzer. –  Looking for an IPv6 needle in a haystack of IPv4. TroubleshooOng  Dual  Protocol  Networks  
  • 13. © 2015 Global Technology Resources, Inc. All Rights Reserved. TroubleshooOng  Dual  Protocol  Networks   Applicatio n Layer Transport Layer Internet Layer Link Layer IPv4 IPv6 ARP ICMP IGMP TCP UDP SCTP HTTP(S)   SSH   SMTP   TFTP   DHCP   DNS   SIP   WebRTC   TLS/SSL   SNMP   BGP   DCCP T1/E1/T3/E3 SONET SDH ICMPv6 NDP MLD Ethernet Wireless
  • 14. © 2015 Global Technology Resources, Inc. All Rights Reserved. •  View yourself from the Internet-perspective –  Leverage IPv6-capable looking glasses –  Is your traffic really using IPv6? •  In a dual-protocol environment there are many tasks that will need to be performed twice (once for each IP version). •  Some connections could use IPv4 and/or IPv6 –  Web pages could be delivered over a combination of protocols. How do you know which protocol was used? –  IPv6 Browser add-ons, plug-ins can be helpful TroubleshooOng  Dual  Protocol  Networks  
  • 15. © 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Thank  You!   Sco8  Hogg,  CTO  GTRI   303-­‐949-­‐4865    |    shogg  at  gtri.com