SlideShare une entreprise Scribd logo

How to prepare for IPv6 Networking

David Strom
David Strom

A white paper for RWW on making the transition to IPv6.

Technologie
1  sur  8
Télécharger pour lire hors ligne
How To Prepare for IPv6 Networking BY ED TITTEL AND JEFF CARRELL SPONSORED BY
The TCP/IP protocols that drive the Internet have been available in two different versions since the mid-1990s. The network protocol known as Internet Protocol, or IP, that helps name TCP/IP, comes in a 32-bit flavor known as IPv4, and a 128- bit flavor known as IPv6. Though IPv6 traces its roots back to work undertaken at the Internet Engineering Task Force (IETF) as far back as 1994, it has only begun to register with internet service providers (ISPs) and major network users with some urgency in the past few years. Because it uses 32-bit addresses, IPv4 has serious issues today. The maximum number of addresses that a 32-bit value can represent is around 4.3 billion. By the time various reservations for loopback, private IP addresses, multicasts, and experimental uses are removed, somewhat over 3.9 billion public IP addresses remain for allocation. As of February 2011, the Internet Assigned Numbers Authority (IANA) had allocated all remaining public IP address ranges to the five global regional Internet registries. A quick look at this IPv4 Exhaustion Counter below shows a total of 13.24 /8 (8-bit) IPv4 address ranges remaining, for a total of less than 3,400 remaining unallocated IPv4 addresses. Essentially, this means IPv4 is played out. Figure 1: The iNetCore Exhaustion Counter ReadWriteWeb | How to Prepare for IPv6 Networking | 1
By contrast, with a 128-bit address space, IPv6 creates a completely different universe. The total maximum addresses available is on the order of 3.4 * 1038 addresses (that is 34 undecillion, in US numbers). The IPv6 address space is roughly 8 * 1027 larger than the IPv4 address space. The best way to really understand what this means is to ponder the typical IPv6 address allocation from an ISP to a customer for networking use. Customers are usually granted a /64 address, which means a single entity gets 4.3 billion times as many addresses as occur in the entire IPv4 address space. There’s More to IPv6 Than Oodles of Addresses Beyond an extremely large address space, IPv6 brings numerous other advantages to networks that use this protocol stack, and the many services it supports. These include the following: • A redesigned IP header format that moves non-essential and optional elements into so-called extension headers that follow the IPv6 header. The resulting streamlined IPv6 header is more compact, and faster and easier to process as it’s routed from sender to receiver. • Efficient, hierarchical addressing and routing: rework of IPv4 into Classless Interdomain Routing (aka CIDR) taught networking engineers how to organize and orchestrate addressing and routing information. IPv6 incorporates all of this into its base design. • Multiple auto-addressing and address configuration methods, including DHCPv6 and automated link-local addressing. Local hosts can always automatically configure themselves for local communication quickly and easily (the same is not true for Internet access). • Improved security comes from built-in support for IP Security (aka IPsec) in IPv6. IPv6 incorporates security header extensions for encryption, authentication, and VPNs, and uses IPsec from end to end. Though IPsec remains optional in IPv6, it is much easier to use. • Better routing technologies. Support for a Flow Label field in the IPv6 header makes it easier to route and manage IPv6 network, to impose priority or quality of service regimes on network flows, and to use sophisticated routing and high-speed packet delivery services through the cloud (MPLS). • Better Neighbor Discovery protocols for IPv6 replaces the broadcast Address Resolution Protocol, along with ICMPv4 Router Discovery, and ICMPv4 Redirect messages. It uses efficient multicast, anycast, and unicast messages for neighbor discovery and route info. • No more NAT (network address translation) is needed — though IPv6 proxies may be a good idea to maintain anonymity and opacity — because sufficient IPv6 addresses for all conceivable uses eliminate the need for address translation services. WHY ISN’T EVERYBODY ALREADY USING IPV6? IPv6 hasn’t exactly lit the world on fire, and people are still sticking to IPv4 addresses. Why haven’t they switched? There are a lot of reasons, some which relate to services available, some to networking 2 | ReadWriteWeb | How to Prepare for IPv6 Networking
hardware components and infrastuctures, and some to necessary changes to important applications and services to enable end-to-end use of IPv6. Let’s examine each of these parts in turn, to explain where there might be hold-ups or other impediments in the way. LACK OF NATIVE IPV6 INTERNET ACCESS IPv4 and IPv6 are not interoperable, and in fact, require different protocol stack software to work properly on networking hardware (including Layer 3 switches, routers, and firewalls), as well as on servers and client devices that usually act as the end-points for Internet or private network interactions. ISPs must add IPv6 support to existing IPv4 capabilities, and be able to support both protocols indefinitely (this is usually called a “dual-stack” approach to IPv4 and IPv6). A quick look at recent surveys on ISPs that support (or plan to support) IPv6 breaks down something roughly like this: • One-third of ISPs already support IPv6 • Up to 85 percent of all ISPs plan to support IPv6 by the end of 2012, so somewhere around 50 percent are “getting ready” to go with IPv6. In the USA, for example, major ISPs such as Sprint, Comcast, AT&T, Time-Warner, and Verizon have pilot or partial deployments of IPv6. Most of them offer native, dual-stack services for enterprise and US government customers already (thanks in large part to federal mandates for IPv6 support to supply Internet services to US government agencies and workers). • The remaining 15-25 percent plan to support IPv6 in 2013 or later. A recent article by Steven J. Vaughn-Nichols entitled Hurricane Electric takes its IPv6 expertise to the datacenter makes the key point that datacenters create and use hundreds to thousands of virtual machines at a time, and all of these VMs need IP addresses. As more and more new VMs are created, data centers will have increasing needs for IPv6 addresses for them to use, with all that this entails. The day of IPv6 reckoning may therefore be closer than some may think for many organizations, for this reason. IPV6 CAPABLE NETWORKING INFRASTRUCTURES NEEDED Aside from whether or not external ISP links can accommodate IPv6, internal network infrastructures must also be able to handle IPv6 as well. For companies and organizations that purchase enterprise- class networking gear — including routers, firewalls, Layer 3 switches, and other networking appliances of all kinds (WAN Optimization, spam filters, anti-malware devices, content filters, and so forth) — IPv6 support is more often present than absent. For SOHO or SMB gear, however, some research and testing may be needed to determine what’s what. But on networks not already configured for IPv6 some work will be needed to enable IPv6 on networking gear, and then to configure it properly, and test to make sure it’s working properly. Routers will need IPv6 enabled, and to be tested to make sure IPv6 routing protocols are working properly. Layer 3 switches will need to have IPv6 VLANs set up and configured. And finally, firewalls will require turning on IPv6 packet forwarding, and rules or filters established for what kinds of IPv6 traffic (and ReadWriteWeb | How to Prepare for IPv6 Networking | 3
addresses, states, and so forth) to allow and deny. Certain IPv6-based services will also be essential to proper IPv6 network function, particularly DHCPv6 to assign and manage IPv6 network addresses, and DNSv6, to resolve IPv6 based name lookups so that clients may use domain names to make Internet service connections. At SMB organizations, adding IPv6 support may involve replacing some networking equipment — particularly switches, routers, firewalls, and so-called “combo devices” that often integrate all of these functions into a single appliance. If there aren’t any IPv6 entries in the configuration menus for the gear you’ve got, and the manuals don’t describe how to enable and configure IPv6 networking, odds are that you will have to replace some or all of your current equipment with newer, IPv6-capable devices instead, or at least update to newer firmware, if that firmware support IPv6. UPGRADE AND ENABLE KEY NETWORK SERVICES FOR IPV6: DHCP, DNS, E-MAIL, AND MORE To make effective use of IPv6, the network infrastructure must itself be upgraded to provide IPv6 support. At a minimum, this means some kind of IPv6 addressing scheme must be designed and implemented. Although DHCPv6 isn’t required to supply network interfaces with IPv6 addresses it is enough like the IPv4version for network administrators to understand how to install and use it both easily and readily. This addresses the need for clients to obtain IPv6 addresses that they can then use for IPv6 communications and network access. Likewise, support for the Domain Name Service (DNS) is as important for IPv6 users as it is for IPv4 users. Network administrators will need to investigate current DNS services to see if they can be enabled, extended or upgraded to add DNSv6 support. For smaller organizations, this often consists of confirming that an ISP (or other providers of DNS services, such as OpenDNS) can deliver DNSv6 services, and then providing the proper IP addresses for primary and secondary DNS servers in the various configuration contexts where such information is needed. Then there’s the application and services universe to consider as well, including email and Web servers. Certainly, as a core information service for organizations, e-mail services will need to be extended to support IPv6. In many cases, current software versions may support IPv6 and, as with other elements we’ve already explored, IPv6 needs to be enabled, configured, and tested for proper operation. In most cases, older SMTP, POP3, or IMAP services need upgrades or replacements to make IPv6 support possible. But the beauty of a dual-stack environment is that both IPv4 and IPv6 can coexist peacefully and harmoniously, and users can employ whichever stack works best for them. 4 | ReadWriteWeb | How to Prepare for IPv6 Networking
Case Study: A Sample SMB IPv6 Set-up Scenario Without going into all of the details involved in set-up and configuration, let’s review a recent case in point in converting a small company from IPv4 only to dual-stack IPv4/IPv6 networking and show you how it was done and the time and issues dealt with along the way. We consider a network that enabled Windows 7 clients to run in dual-stack mode, with IPv6 used when available, and IPv4 otherwise. Total expenditures involved were around $2,000 to replace an older (Rev A) D-Link DIR-655 combo device (firewall, single WAN port, 4-port GbE switch, and wireless access point with RevA3 firmware) with a Fortinet Fortigate 80C device (firewall, gateway, 6-port GbE switch, dual WAN ports with comprehensive and complete IPv6 support). STEP 1: SOLVE THE ISP BARRIER (ONE HOUR) Because local native IPv6 ISP service was not available from the company’s chosen ISP, a tunnel-based approach was set up with well-known IPv6 service provider Hurricane Electric (HE) as part of the overall solution. HE offers a free IPv6 Tunnel Broker solution that support native IPv6 Internet access by tunneling over IPv4 connections through a non-native IPv6 ISP from an in-house IPv6 enabled host computer or boundary device to an HE IPv6 router. Though tunneling does impose a performance impact, HE routers are extremely fast and efficient. And because the company peers with major backbone providers at its datacenters, we didn’t notice any perceptible slowdowns when comparing Internet interactions with dual-stack services for IPv6 as compared to using IPv4 instead. So far, users at the company have noticed no change in Internet behavior or performance, even though they’re using IPv6 for up to 35% of their network communications, according to our traffic analyses. STEP 2: MAKE THE NETWORK IPV6-READY (THREE HOURS) Once we replaced the D-Link boundary device with the Fortinet Fortigate 80C, we simply had to enable IPv6 on that device, and set up protocol filters for HTTP/HTTPs, SMTP, POP3, remote access, and ICMP, then set up the HE tunnel broker. We were immediately able to use IPv6 on devices attached directly to the Fortinet box through one of the switch ports. The total time and effort involved was under two hours, including a mix of GUI/Web and command-line-based setup and configuration activities on the Fortinet device. The next step was to configure our HP/3COM Layer 3 switches to support IPv6 VLANS to set up the switched equivalent of subnets on these devices. ReadWriteWeb | How to Prepare for IPv6 Networking | 5
STEP 3: CREATING AN IPV6 FRIENDLY ENVIRONMENT (ONE HOUR-PLUS) Configuring the HE tunnel broker automatically handled the DNS issue: we simply linked to HE’s DNS servers which run dual-stack and resolve IPv4 and IPv6 name resolution requests. In other cases, we’ve found that configuring Microsoft or BIND DNS for IPv6 takes some study and preparation, but that the actual activity usually takes less than 15 minutes to complete. The first time can be challenging but it gets progressively easier after that. The Fortinet Fortigate 80C includes a simple DHCPv6 server as part of its IPv6 configuration options. We needed only to provide it with a suitable address range for assignment, and to note static address assignments for servers, routers, switches, and so forth, and address management was good to go. Finally, we also modified an Exchange Server 2010 to enable IPv6 support. All of the IPv6 related issues and details are completely explained and illustrated in the TechNet article Understanding IPv6 Support in Exchange 2010 so this proved relatively easy and straightforward. IIS 7 supports IPv6 as-is, so unless you’ve turned off IPv6 features on the servers on which it runs, though it is necessary to download FTP for IIS 7.0 if you want to support IPv6 FTP connections for IIS (see this SoftLayer forum post for details). Depending on your installation, this could take an hour or more. 6 | ReadWriteWeb | How to Prepare for IPv6 Networking
Time to Take the IPv6 Plunge! When it comes to pursuing IPv6 deployment for your own networks, you’ll want to undertake a specific series of tasks. Inside your network, you’ll need to research the level of IPv6 support that is present on every device attached to your network. It’s a good idea to set up a test lab that’s as close to your production environment as time and money will allow, so you can document changes and the migration process independently, acquire needed upgrades and replacements, and deploy when you’ve got a sure-fire working set of equipment, software, and migration scripts or how-tos. In dealing with obtaining IPv6 from an ISP, you’ll want to contact them and inquire about IPv6 availability (or scheduled dates for turning native IPv6 access on). You’ll want to ask specifically how they will support IPv6 when it does become available, particularly if this means upgrading CPE software or replacing your current CPE device itself. In the meantime, you too, can set up a tunnel to Hurricane Electric. For organizations that contract Web, e-mail, DNS, and other services hosting to third parties, you’ll want to find out about their current or planned support for IPv6. In some cases, what you learn may also require making some changes to bring your organization into the IPv6 fold. Ed Tittel and Jeff Carrell are both longtime computing industry veterans, former Novell employees, and co-authors (with Laura Chappell) of a college textbook entitled Guide To TCP/IP, 4e (Course Technology, 2012, ISBN: 978-11330-1986-2). Jeff develops and delivers training on HP network switches and routers, and teaches hands-on IPv6 labs for SharkFest and all kinds of IPv6 task forces and organizations. Ed makes his living as a freelance writer and researcher. Together, they operate IPv6NetworkPros.com, an IPv6 portal that includes a virtual IPv6 training lab, IPv6 content and information, and pointers to most imaginable kinds of IPv6 resources. ReadWriteWeb | How to Prepare for IPv6 Networking | 7

Recommandé

Impact - Personal Effectiveness
Impact - Personal EffectivenessImpact - Personal Effectiveness
Impact - Personal EffectivenessInba raj
 
Lava Jato: Reclamação Constitucional
Lava Jato: Reclamação ConstitucionalLava Jato: Reclamação Constitucional
Lava Jato: Reclamação ConstitucionalLuiz Carlos Azenha
 
iPad for Administrators
iPad for AdministratorsiPad for Administrators
iPad for AdministratorsUnion City High School
 
El mito de el Dorado - lectura octavo-noviembre
El mito de el Dorado - lectura octavo-noviembreEl mito de el Dorado - lectura octavo-noviembre
El mito de el Dorado - lectura octavo-noviembreColegio Camilo Henríquez
 
LMS What's Out There and How to Decide
LMS What's Out There and How to DecideLMS What's Out There and How to Decide
LMS What's Out There and How to DecideLori Reed
 
펜션평창『LG777』.『XYZ』제주도팬션예약
펜션평창『LG777』.『XYZ』제주도팬션예약펜션평창『LG777』.『XYZ』제주도팬션예약
펜션평창『LG777』.『XYZ』제주도팬션예약dehryes
 
Los 7 hábitos de la gente altamente efectiva
Los 7 hábitos de la gente altamente efectivaLos 7 hábitos de la gente altamente efectiva
Los 7 hábitos de la gente altamente efectivadigennaromarina12
 
1th International Contest 35Awards: Winners (Part 1)
1th International Contest 35Awards: Winners (Part 1)1th International Contest 35Awards: Winners (Part 1)
1th International Contest 35Awards: Winners (Part 1)maditabalnco
 

Recommandé

Impact - Personal Effectiveness
Impact - Personal EffectivenessImpact - Personal Effectiveness
Impact - Personal EffectivenessInba raj
 
Lava Jato: Reclamação Constitucional
Lava Jato: Reclamação ConstitucionalLava Jato: Reclamação Constitucional
Lava Jato: Reclamação ConstitucionalLuiz Carlos Azenha
 
iPad for Administrators
iPad for AdministratorsiPad for Administrators
iPad for AdministratorsUnion City High School
 
El mito de el Dorado - lectura octavo-noviembre
El mito de el Dorado - lectura octavo-noviembreEl mito de el Dorado - lectura octavo-noviembre
El mito de el Dorado - lectura octavo-noviembreColegio Camilo Henríquez
 
LMS What's Out There and How to Decide
LMS What's Out There and How to DecideLMS What's Out There and How to Decide
LMS What's Out There and How to DecideLori Reed
 
펜션평창『LG777』.『XYZ』제주도팬션예약
펜션평창『LG777』.『XYZ』제주도팬션예약펜션평창『LG777』.『XYZ』제주도팬션예약
펜션평창『LG777』.『XYZ』제주도팬션예약dehryes
 
Los 7 hábitos de la gente altamente efectiva
Los 7 hábitos de la gente altamente efectivaLos 7 hábitos de la gente altamente efectiva
Los 7 hábitos de la gente altamente efectivadigennaromarina12
 
1th International Contest 35Awards: Winners (Part 1)
1th International Contest 35Awards: Winners (Part 1)1th International Contest 35Awards: Winners (Part 1)
1th International Contest 35Awards: Winners (Part 1)maditabalnco
 
Momentum for Change: 2013 Lighthouse Activities
Momentum for Change: 2013 Lighthouse ActivitiesMomentum for Change: 2013 Lighthouse Activities
Momentum for Change: 2013 Lighthouse ActivitiesThe Rockefeller Foundation
 
Connecting Applications from Mobile to Mainframe in the Application Economy
Connecting Applications from Mobile to Mainframe in the Application EconomyConnecting Applications from Mobile to Mainframe in the Application Economy
Connecting Applications from Mobile to Mainframe in the Application EconomyCA Technologies
 
SlideShare for OzonAction
SlideShare for OzonActionSlideShare for OzonAction
SlideShare for OzonActionAmit Ranjan
 
ケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さま
ケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さまケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さま
ケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さまABEJA, inc.
 
フロントエンドエンジニアとしてAWS re:invent に行ってきました
フロントエンドエンジニアとしてAWS re:invent に行ってきましたフロントエンドエンジニアとしてAWS re:invent に行ってきました
フロントエンドエンジニアとしてAWS re:invent に行ってきましたToshiro Shimizu
 
2015 predictions for data crawling, Big Data & Analytics
2015 predictions for data crawling, Big Data & Analytics 2015 predictions for data crawling, Big Data & Analytics
2015 predictions for data crawling, Big Data & Analytics PromptCloud
 
Evaluacion Teoria de Cesar Coll
Evaluacion Teoria de Cesar CollEvaluacion Teoria de Cesar Coll
Evaluacion Teoria de Cesar CollPetra Josefina
 
Indian rivers_Sharada Srininvasan (Student)_2011
Indian rivers_Sharada Srininvasan (Student)_2011Indian rivers_Sharada Srininvasan (Student)_2011
Indian rivers_Sharada Srininvasan (Student)_2011India Water Portal
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
The Innovation Myth
The Innovation MythThe Innovation Myth
The Innovation MythLuminary Labs
 
Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023David Strom
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity JobDavid Strom
 
Understanding passwordless technologies
Understanding passwordless technologiesUnderstanding passwordless technologies
Understanding passwordless technologiesDavid Strom
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?David Strom
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT securityDavid Strom
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacyDavid Strom
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsDavid Strom
 
The legalities of hacking back
The legalities of hacking backThe legalities of hacking back
The legalities of hacking backDavid Strom
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media worldDavid Strom
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of ThingsDavid Strom
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersDavid Strom
 
Implications and response to large security breaches
Implications and response to large security breaches Implications and response to large security breaches
Implications and response to large security breaches David Strom
 

Contenu connexe

En vedette

Momentum for Change: 2013 Lighthouse Activities
Momentum for Change: 2013 Lighthouse ActivitiesMomentum for Change: 2013 Lighthouse Activities
Momentum for Change: 2013 Lighthouse ActivitiesThe Rockefeller Foundation
 
Connecting Applications from Mobile to Mainframe in the Application Economy
Connecting Applications from Mobile to Mainframe in the Application EconomyConnecting Applications from Mobile to Mainframe in the Application Economy
Connecting Applications from Mobile to Mainframe in the Application EconomyCA Technologies
 
SlideShare for OzonAction
SlideShare for OzonActionSlideShare for OzonAction
SlideShare for OzonActionAmit Ranjan
 
ケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さま
ケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さまケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さま
ケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さまABEJA, inc.
 
フロントエンドエンジニアとしてAWS re:invent に行ってきました
フロントエンドエンジニアとしてAWS re:invent に行ってきましたフロントエンドエンジニアとしてAWS re:invent に行ってきました
フロントエンドエンジニアとしてAWS re:invent に行ってきましたToshiro Shimizu
 
2015 predictions for data crawling, Big Data & Analytics
2015 predictions for data crawling, Big Data & Analytics 2015 predictions for data crawling, Big Data & Analytics
2015 predictions for data crawling, Big Data & Analytics PromptCloud
 
Evaluacion Teoria de Cesar Coll
Evaluacion Teoria de Cesar CollEvaluacion Teoria de Cesar Coll
Evaluacion Teoria de Cesar CollPetra Josefina
 
Indian rivers_Sharada Srininvasan (Student)_2011
Indian rivers_Sharada Srininvasan (Student)_2011Indian rivers_Sharada Srininvasan (Student)_2011
Indian rivers_Sharada Srininvasan (Student)_2011India Water Portal
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 

En vedette (10)

Momentum for Change: 2013 Lighthouse Activities
Momentum for Change: 2013 Lighthouse ActivitiesMomentum for Change: 2013 Lighthouse Activities
Momentum for Change: 2013 Lighthouse Activities
 
Connecting Applications from Mobile to Mainframe in the Application Economy
Connecting Applications from Mobile to Mainframe in the Application EconomyConnecting Applications from Mobile to Mainframe in the Application Economy
Connecting Applications from Mobile to Mainframe in the Application Economy
 
SlideShare for OzonAction
SlideShare for OzonActionSlideShare for OzonAction
SlideShare for OzonAction
 
ケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さま
ケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さまケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さま
ケガしないためのAws新サービスとre inventの過ごし方 株式会社アイディーエス_外木場さま
 
フロントエンドエンジニアとしてAWS re:invent に行ってきました
フロントエンドエンジニアとしてAWS re:invent に行ってきましたフロントエンドエンジニアとしてAWS re:invent に行ってきました
フロントエンドエンジニアとしてAWS re:invent に行ってきました
 
2015 predictions for data crawling, Big Data & Analytics
2015 predictions for data crawling, Big Data & Analytics 2015 predictions for data crawling, Big Data & Analytics
2015 predictions for data crawling, Big Data & Analytics
 
Evaluacion Teoria de Cesar Coll
Evaluacion Teoria de Cesar CollEvaluacion Teoria de Cesar Coll
Evaluacion Teoria de Cesar Coll
 
Indian rivers_Sharada Srininvasan (Student)_2011
Indian rivers_Sharada Srininvasan (Student)_2011Indian rivers_Sharada Srininvasan (Student)_2011
Indian rivers_Sharada Srininvasan (Student)_2011
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity Predictions
 
The Innovation Myth
The Innovation MythThe Innovation Myth
The Innovation Myth
 

Plus de David Strom

Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023David Strom
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity JobDavid Strom
 
Understanding passwordless technologies
Understanding passwordless technologiesUnderstanding passwordless technologies
Understanding passwordless technologiesDavid Strom
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?David Strom
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT securityDavid Strom
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacyDavid Strom
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsDavid Strom
 
The legalities of hacking back
The legalities of hacking backThe legalities of hacking back
The legalities of hacking backDavid Strom
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media worldDavid Strom
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of ThingsDavid Strom
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersDavid Strom
 
Implications and response to large security breaches
Implications and response to large security breaches Implications and response to large security breaches
Implications and response to large security breaches David Strom
 
Using social networks to find your next job (2017)
Using social networks to find your next job (2017)Using social networks to find your next job (2017)
Using social networks to find your next job (2017)David Strom
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debateDavid Strom
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosDavid Strom
 
Notable Twitter fails
Notable Twitter failsNotable Twitter fails
Notable Twitter failsDavid Strom
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingDavid Strom
 
Listen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportListen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportDavid Strom
 
Network security practice: then and now
Network security practice: then and nowNetwork security practice: then and now
Network security practice: then and nowDavid Strom
 
Biggest startup mistakes
Biggest startup mistakesBiggest startup mistakes
Biggest startup mistakesDavid Strom
 

Plus de David Strom (20)

Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity Job
 
Understanding passwordless technologies
Understanding passwordless technologiesUnderstanding passwordless technologies
Understanding passwordless technologies
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT security
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacy
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fears
 
The legalities of hacking back
The legalities of hacking backThe legalities of hacking back
The legalities of hacking back
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media world
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of Things
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackers
 
Implications and response to large security breaches
Implications and response to large security breaches Implications and response to large security breaches
Implications and response to large security breaches
 
Using social networks to find your next job (2017)
Using social networks to find your next job (2017)Using social networks to find your next job (2017)
Using social networks to find your next job (2017)
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debate
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM Chaos
 
Notable Twitter fails
Notable Twitter failsNotable Twitter fails
Notable Twitter fails
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computing
 
Listen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportListen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better Support
 
Network security practice: then and now
Network security practice: then and nowNetwork security practice: then and now
Network security practice: then and now
 
Biggest startup mistakes
Biggest startup mistakesBiggest startup mistakes
Biggest startup mistakes
 

Dernier

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Dernier (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

How to prepare for IPv6 Networking

  • 1. How To Prepare for IPv6 Networking BY ED TITTEL AND JEFF CARRELL SPONSORED BY
  • 2. The TCP/IP protocols that drive the Internet have been available in two different versions since the mid-1990s. The network protocol known as Internet Protocol, or IP, that helps name TCP/IP, comes in a 32-bit flavor known as IPv4, and a 128- bit flavor known as IPv6. Though IPv6 traces its roots back to work undertaken at the Internet Engineering Task Force (IETF) as far back as 1994, it has only begun to register with internet service providers (ISPs) and major network users with some urgency in the past few years. Because it uses 32-bit addresses, IPv4 has serious issues today. The maximum number of addresses that a 32-bit value can represent is around 4.3 billion. By the time various reservations for loopback, private IP addresses, multicasts, and experimental uses are removed, somewhat over 3.9 billion public IP addresses remain for allocation. As of February 2011, the Internet Assigned Numbers Authority (IANA) had allocated all remaining public IP address ranges to the five global regional Internet registries. A quick look at this IPv4 Exhaustion Counter below shows a total of 13.24 /8 (8-bit) IPv4 address ranges remaining, for a total of less than 3,400 remaining unallocated IPv4 addresses. Essentially, this means IPv4 is played out. Figure 1: The iNetCore Exhaustion Counter ReadWriteWeb | How to Prepare for IPv6 Networking | 1
  • 3. By contrast, with a 128-bit address space, IPv6 creates a completely different universe. The total maximum addresses available is on the order of 3.4 * 1038 addresses (that is 34 undecillion, in US numbers). The IPv6 address space is roughly 8 * 1027 larger than the IPv4 address space. The best way to really understand what this means is to ponder the typical IPv6 address allocation from an ISP to a customer for networking use. Customers are usually granted a /64 address, which means a single entity gets 4.3 billion times as many addresses as occur in the entire IPv4 address space. There’s More to IPv6 Than Oodles of Addresses Beyond an extremely large address space, IPv6 brings numerous other advantages to networks that use this protocol stack, and the many services it supports. These include the following: • A redesigned IP header format that moves non-essential and optional elements into so-called extension headers that follow the IPv6 header. The resulting streamlined IPv6 header is more compact, and faster and easier to process as it’s routed from sender to receiver. • Efficient, hierarchical addressing and routing: rework of IPv4 into Classless Interdomain Routing (aka CIDR) taught networking engineers how to organize and orchestrate addressing and routing information. IPv6 incorporates all of this into its base design. • Multiple auto-addressing and address configuration methods, including DHCPv6 and automated link-local addressing. Local hosts can always automatically configure themselves for local communication quickly and easily (the same is not true for Internet access). • Improved security comes from built-in support for IP Security (aka IPsec) in IPv6. IPv6 incorporates security header extensions for encryption, authentication, and VPNs, and uses IPsec from end to end. Though IPsec remains optional in IPv6, it is much easier to use. • Better routing technologies. Support for a Flow Label field in the IPv6 header makes it easier to route and manage IPv6 network, to impose priority or quality of service regimes on network flows, and to use sophisticated routing and high-speed packet delivery services through the cloud (MPLS). • Better Neighbor Discovery protocols for IPv6 replaces the broadcast Address Resolution Protocol, along with ICMPv4 Router Discovery, and ICMPv4 Redirect messages. It uses efficient multicast, anycast, and unicast messages for neighbor discovery and route info. • No more NAT (network address translation) is needed — though IPv6 proxies may be a good idea to maintain anonymity and opacity — because sufficient IPv6 addresses for all conceivable uses eliminate the need for address translation services. WHY ISN’T EVERYBODY ALREADY USING IPV6? IPv6 hasn’t exactly lit the world on fire, and people are still sticking to IPv4 addresses. Why haven’t they switched? There are a lot of reasons, some which relate to services available, some to networking 2 | ReadWriteWeb | How to Prepare for IPv6 Networking
  • 4. hardware components and infrastuctures, and some to necessary changes to important applications and services to enable end-to-end use of IPv6. Let’s examine each of these parts in turn, to explain where there might be hold-ups or other impediments in the way. LACK OF NATIVE IPV6 INTERNET ACCESS IPv4 and IPv6 are not interoperable, and in fact, require different protocol stack software to work properly on networking hardware (including Layer 3 switches, routers, and firewalls), as well as on servers and client devices that usually act as the end-points for Internet or private network interactions. ISPs must add IPv6 support to existing IPv4 capabilities, and be able to support both protocols indefinitely (this is usually called a “dual-stack” approach to IPv4 and IPv6). A quick look at recent surveys on ISPs that support (or plan to support) IPv6 breaks down something roughly like this: • One-third of ISPs already support IPv6 • Up to 85 percent of all ISPs plan to support IPv6 by the end of 2012, so somewhere around 50 percent are “getting ready” to go with IPv6. In the USA, for example, major ISPs such as Sprint, Comcast, AT&T, Time-Warner, and Verizon have pilot or partial deployments of IPv6. Most of them offer native, dual-stack services for enterprise and US government customers already (thanks in large part to federal mandates for IPv6 support to supply Internet services to US government agencies and workers). • The remaining 15-25 percent plan to support IPv6 in 2013 or later. A recent article by Steven J. Vaughn-Nichols entitled Hurricane Electric takes its IPv6 expertise to the datacenter makes the key point that datacenters create and use hundreds to thousands of virtual machines at a time, and all of these VMs need IP addresses. As more and more new VMs are created, data centers will have increasing needs for IPv6 addresses for them to use, with all that this entails. The day of IPv6 reckoning may therefore be closer than some may think for many organizations, for this reason. IPV6 CAPABLE NETWORKING INFRASTRUCTURES NEEDED Aside from whether or not external ISP links can accommodate IPv6, internal network infrastructures must also be able to handle IPv6 as well. For companies and organizations that purchase enterprise- class networking gear — including routers, firewalls, Layer 3 switches, and other networking appliances of all kinds (WAN Optimization, spam filters, anti-malware devices, content filters, and so forth) — IPv6 support is more often present than absent. For SOHO or SMB gear, however, some research and testing may be needed to determine what’s what. But on networks not already configured for IPv6 some work will be needed to enable IPv6 on networking gear, and then to configure it properly, and test to make sure it’s working properly. Routers will need IPv6 enabled, and to be tested to make sure IPv6 routing protocols are working properly. Layer 3 switches will need to have IPv6 VLANs set up and configured. And finally, firewalls will require turning on IPv6 packet forwarding, and rules or filters established for what kinds of IPv6 traffic (and ReadWriteWeb | How to Prepare for IPv6 Networking | 3
  • 5. addresses, states, and so forth) to allow and deny. Certain IPv6-based services will also be essential to proper IPv6 network function, particularly DHCPv6 to assign and manage IPv6 network addresses, and DNSv6, to resolve IPv6 based name lookups so that clients may use domain names to make Internet service connections. At SMB organizations, adding IPv6 support may involve replacing some networking equipment — particularly switches, routers, firewalls, and so-called “combo devices” that often integrate all of these functions into a single appliance. If there aren’t any IPv6 entries in the configuration menus for the gear you’ve got, and the manuals don’t describe how to enable and configure IPv6 networking, odds are that you will have to replace some or all of your current equipment with newer, IPv6-capable devices instead, or at least update to newer firmware, if that firmware support IPv6. UPGRADE AND ENABLE KEY NETWORK SERVICES FOR IPV6: DHCP, DNS, E-MAIL, AND MORE To make effective use of IPv6, the network infrastructure must itself be upgraded to provide IPv6 support. At a minimum, this means some kind of IPv6 addressing scheme must be designed and implemented. Although DHCPv6 isn’t required to supply network interfaces with IPv6 addresses it is enough like the IPv4version for network administrators to understand how to install and use it both easily and readily. This addresses the need for clients to obtain IPv6 addresses that they can then use for IPv6 communications and network access. Likewise, support for the Domain Name Service (DNS) is as important for IPv6 users as it is for IPv4 users. Network administrators will need to investigate current DNS services to see if they can be enabled, extended or upgraded to add DNSv6 support. For smaller organizations, this often consists of confirming that an ISP (or other providers of DNS services, such as OpenDNS) can deliver DNSv6 services, and then providing the proper IP addresses for primary and secondary DNS servers in the various configuration contexts where such information is needed. Then there’s the application and services universe to consider as well, including email and Web servers. Certainly, as a core information service for organizations, e-mail services will need to be extended to support IPv6. In many cases, current software versions may support IPv6 and, as with other elements we’ve already explored, IPv6 needs to be enabled, configured, and tested for proper operation. In most cases, older SMTP, POP3, or IMAP services need upgrades or replacements to make IPv6 support possible. But the beauty of a dual-stack environment is that both IPv4 and IPv6 can coexist peacefully and harmoniously, and users can employ whichever stack works best for them. 4 | ReadWriteWeb | How to Prepare for IPv6 Networking
  • 6. Case Study: A Sample SMB IPv6 Set-up Scenario Without going into all of the details involved in set-up and configuration, let’s review a recent case in point in converting a small company from IPv4 only to dual-stack IPv4/IPv6 networking and show you how it was done and the time and issues dealt with along the way. We consider a network that enabled Windows 7 clients to run in dual-stack mode, with IPv6 used when available, and IPv4 otherwise. Total expenditures involved were around $2,000 to replace an older (Rev A) D-Link DIR-655 combo device (firewall, single WAN port, 4-port GbE switch, and wireless access point with RevA3 firmware) with a Fortinet Fortigate 80C device (firewall, gateway, 6-port GbE switch, dual WAN ports with comprehensive and complete IPv6 support). STEP 1: SOLVE THE ISP BARRIER (ONE HOUR) Because local native IPv6 ISP service was not available from the company’s chosen ISP, a tunnel-based approach was set up with well-known IPv6 service provider Hurricane Electric (HE) as part of the overall solution. HE offers a free IPv6 Tunnel Broker solution that support native IPv6 Internet access by tunneling over IPv4 connections through a non-native IPv6 ISP from an in-house IPv6 enabled host computer or boundary device to an HE IPv6 router. Though tunneling does impose a performance impact, HE routers are extremely fast and efficient. And because the company peers with major backbone providers at its datacenters, we didn’t notice any perceptible slowdowns when comparing Internet interactions with dual-stack services for IPv6 as compared to using IPv4 instead. So far, users at the company have noticed no change in Internet behavior or performance, even though they’re using IPv6 for up to 35% of their network communications, according to our traffic analyses. STEP 2: MAKE THE NETWORK IPV6-READY (THREE HOURS) Once we replaced the D-Link boundary device with the Fortinet Fortigate 80C, we simply had to enable IPv6 on that device, and set up protocol filters for HTTP/HTTPs, SMTP, POP3, remote access, and ICMP, then set up the HE tunnel broker. We were immediately able to use IPv6 on devices attached directly to the Fortinet box through one of the switch ports. The total time and effort involved was under two hours, including a mix of GUI/Web and command-line-based setup and configuration activities on the Fortinet device. The next step was to configure our HP/3COM Layer 3 switches to support IPv6 VLANS to set up the switched equivalent of subnets on these devices. ReadWriteWeb | How to Prepare for IPv6 Networking | 5
  • 7. STEP 3: CREATING AN IPV6 FRIENDLY ENVIRONMENT (ONE HOUR-PLUS) Configuring the HE tunnel broker automatically handled the DNS issue: we simply linked to HE’s DNS servers which run dual-stack and resolve IPv4 and IPv6 name resolution requests. In other cases, we’ve found that configuring Microsoft or BIND DNS for IPv6 takes some study and preparation, but that the actual activity usually takes less than 15 minutes to complete. The first time can be challenging but it gets progressively easier after that. The Fortinet Fortigate 80C includes a simple DHCPv6 server as part of its IPv6 configuration options. We needed only to provide it with a suitable address range for assignment, and to note static address assignments for servers, routers, switches, and so forth, and address management was good to go. Finally, we also modified an Exchange Server 2010 to enable IPv6 support. All of the IPv6 related issues and details are completely explained and illustrated in the TechNet article Understanding IPv6 Support in Exchange 2010 so this proved relatively easy and straightforward. IIS 7 supports IPv6 as-is, so unless you’ve turned off IPv6 features on the servers on which it runs, though it is necessary to download FTP for IIS 7.0 if you want to support IPv6 FTP connections for IIS (see this SoftLayer forum post for details). Depending on your installation, this could take an hour or more. 6 | ReadWriteWeb | How to Prepare for IPv6 Networking
  • 8. Time to Take the IPv6 Plunge! When it comes to pursuing IPv6 deployment for your own networks, you’ll want to undertake a specific series of tasks. Inside your network, you’ll need to research the level of IPv6 support that is present on every device attached to your network. It’s a good idea to set up a test lab that’s as close to your production environment as time and money will allow, so you can document changes and the migration process independently, acquire needed upgrades and replacements, and deploy when you’ve got a sure-fire working set of equipment, software, and migration scripts or how-tos. In dealing with obtaining IPv6 from an ISP, you’ll want to contact them and inquire about IPv6 availability (or scheduled dates for turning native IPv6 access on). You’ll want to ask specifically how they will support IPv6 when it does become available, particularly if this means upgrading CPE software or replacing your current CPE device itself. In the meantime, you too, can set up a tunnel to Hurricane Electric. For organizations that contract Web, e-mail, DNS, and other services hosting to third parties, you’ll want to find out about their current or planned support for IPv6. In some cases, what you learn may also require making some changes to bring your organization into the IPv6 fold. Ed Tittel and Jeff Carrell are both longtime computing industry veterans, former Novell employees, and co-authors (with Laura Chappell) of a college textbook entitled Guide To TCP/IP, 4e (Course Technology, 2012, ISBN: 978-11330-1986-2). Jeff develops and delivers training on HP network switches and routers, and teaches hands-on IPv6 labs for SharkFest and all kinds of IPv6 task forces and organizations. Ed makes his living as a freelance writer and researcher. Together, they operate IPv6NetworkPros.com, an IPv6 portal that includes a virtual IPv6 training lab, IPv6 content and information, and pointers to most imaginable kinds of IPv6 resources. ReadWriteWeb | How to Prepare for IPv6 Networking | 7