SlideShare une entreprise Scribd logo

IPv6 on the INTEROPNET: Network Architecture and Lessons Learned

Télécharger en tant que PPTX, PDF
Network Utility Force
Network Utility Force
Technologie
1  sur  43
IPv6 on the INTEROPNET Interop, Wednesday, 9 May 2013 Brandon Ross, Routing Team Lead Chief Network Architect, Network Utility Force http://www.netuf.net/ Jeff Enters, Chief Infrastructure Architect, HP http://www.hp.com/services
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
RFC 6540 • Are you aware of this requirement? • Are your nodes IPv6 capable?
IPv6 Support Required for All IP- Capable Nodes – RFC 6540 • “Given the global lack of available IPv4 space, and limitations in IPv4 extension and transition technologies, this document advises that IPv6 support is no longer considered optional.” • “IPv6 support must be equivalent or better in quality and functionality when compared to IPv4 support in a new or updated IP implementation.”
Background • IPv4 depletion is already occurring • IPv6 adoption is accelerating • Most network hardware supports IPv6 • For the most part, dual stack Just Works http://www.potaroo.net/tools IPv4 Free Pool Depletion http://www.ipv6actnow.org/info/statistics/#alloc IPv6 Routing Table Growth
US Feds Lesson Learned The US federal government had a mandate for all public facing web services to support IPv6 by September 30, 2012. 287 of 1494 sites had IPv6 web support by the deadline. Today 961 of 1355 sites support IPv6. That’s over 70%. Not 100%, but far ahead of most other large organizations.Source: http://usgv6-deploymon.antd.nist.gov//
Europe out of Free Pool • Asia (APNIC) effectively ran out of free addresses in April, 2011 • Europe (RIPE) is also out of addresses as of September 14th, 2012 • ARIN predicted to run out of free space in April, 2014 (Geoff Huston, http://www.potaroo.net/tools/ipv4/index.ht ml)
Goals • Network must be fully dual stack (IPv4+IPv6) • All IPv4 services should be reachable over IPv6 • Connections to IPv6-enabled websites should use IPv6 by default • Nothing should break 
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
Building on IPv4, IPv6 addresses contemporary networking needs IPv6 Advantages Overview Features IPv4 IPv6 Address length 32 bits 128 bits NAT Often necessary Not necessary Header size Variable length, 20 bytes + many options Fixed-length, 40 bytes + extension headers Configuration Manual, DHCPv4 Manual, stateless automatic, stateful automatic (DHCPv6) Types of addresses Broadcast, multicast, unicast Multicast, unicast, anycast Addresses per-interface Single Multiple Neighbor discovery, router discovery, Address resolution, NUD, redirects, etc. A variety of separate protocols Neighbor Discovery Protocol (built in) IPsec Optional Integrated QoS Some Better
Unlock the potential of IPv6 IPv6 Operational Advantages • Robust, Effective, Efficient. Unlimited Address space. Extensibility. Optimized for next generation networks. • End to End Services and applications. • Enable Service Automation. • Better Support for QoS. • Enhanced Mobility. • Policy driven operations. • Free manpower from ordinary tasks. • Rapid deployment. • Much more than just a larger addressing space
IPv6 Features useful in Internet facing devices Internet Presence Transition Dual Stack IPv4 and IPv6 – on all publically available servers Translation NAT64 Connectivity Make sure your mBGP is able to advertise and receive both IPv4 and IPv6 Internet route updates Understand how DNS server, OS, and application will interact. Make sure DNS server can store AAAA (IPv6 Address) records. Ensure records can be retrieved over both IPv4 and IPv6 transport. Enable Load balancer for both IPv4 and IPv6 traffic Security Deploy IPv6 Firewall and IDS/IPS IPsec – Now integrated into the IPv6 protocol, but not widely deployed VPN – IPv6 VPN is very similar to IPv4 VPN
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 IPv6 Network Architecture Options Address Allocation choice • Provider Independent versus Provider Aggragatable address allocation scheme Addressing Mechanisms choice • Manual, Stateless autoconfiguration and/or Stateful autoconfiguration Transition Mechanisms choice • Dual Stack to allow coexistence of both IPv6 and IPv4 on the same infrastructure And/or Tunneling and/or Translation IPv6 Internet presence only • BUT do not stop there! Having a longer term plan for full end-to-end IPv6 enablement is the recommended approach Security Concerns • Similar to IPv4 + new IPv6 specific security concerns and need to include access media security Remember IPv6 is almost certainly already in your internal network, just unmonitored!
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 Transition Strategies Three main methods Dual Stack • Provides complete support for IPv4 and IPv6 protocols Tunneling • Encapsulates IPv6 packets in IPv4 headers (and in later IPv4 packets in IPv6 headers) • Requires dual-stack devices at either end of the connection Translation • Translates IPv6 addresses and into IPv4 addresses Campus LAN Wireless LAN Core / DC Remote offices and branches IPv4 Internet WAN IPv6 Internet Example Today State Disconnected from IPv6 Internet
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Simple and widely used. Recommended Strategy Transition Strategies Explained
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Tunneling 6-in-4 or 4-in-6 • One transport protocol is encapsulated as the payload of the other (and vice versa). • + Connect Islands of IPv6 or IPv4 + Compatible across incompatible networks + Recommended for site-to-site • - Security issues with tunneled protocols - Trough FW (FW can’t inspect payload) - Reduced performance - Complicated network management and troubleshooting Simple and widely used. Recommended Strategy Simple and widely used Transition Strategies Explained
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Tunneling 6-in-4 or 4-in-6 • One transport protocol is encapsulated as the payload of the other (and vice versa). • + Connect Islands of IPv6 or IPv4 + Compatible across incompatible networks + Recommended for site-to-site • - Security issues with tunneled protocols - Trough FW (FW can’t inspect payload) - Reduced performance - Complicated network management and troubleshooting Translation Between IPv4 and IPv6 (NAT64/DNS64) • Translates IPv6 names & addresses into IPv4 names & addresses (and vice versa). • + Enables IPv6-only host to communicate with IPv4-only hosts (and vice versa), + No modification to IPv4 or IPv6 end nodes, only at boundary routers • - Application incompatibilities (e.g. VoIP), need for ALG, and has all NAT drawbacks - Increased complexity in network topology - Reduced Performance (dep. on HW) - Complicated troubleshooting Simple and widely used. Recommended Strategy Simple and widely used If you must! Transition Strategies Explained
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
Connectivity and Routing
Autoconfiguration • All client-facing networks use SLAAC to allow clients to auto-assign themselves an IPv6 address and default gateway on the correct subnet – Supported by all IPv6-capable devices Auto-assigned IPv6 address Default Gateway (Link-local from RA)
DNS • All DNS services are provided by DynDNS and load-balanced by F5 • Using anycast to direct traffic to it’s nearest DNS server, either show floor or Denver
InteropNET NOC Services • Goal was to provide all internal services over IPv6 as well as IPv4 • This required coordination with vendors to enable IPv6, make sure services were bound to their IPv6 ports, and publish AAAA records • Most (but not all) services ended up reachable over IPv6
Wireless • InteropNET wireless is provided by Xirrus • Purpose-built VLANs are shared across all APs and all are dual-stack
IPAM
IPv6 Attack Traffic Src. Port Dst. Addr. Dst. Port Seg. Port In 50854 2607:f8b0:4001:c02::bd 443 3 56597 2607:f8b0:400f:800::100a 443 3 56593 2607:f8b0:400f:800::1005 443 3 56598 2607:f8b0:400f:800::1000 443 3 49336 2404:6800:4003:802::1001 443 3 53427 2607:f8b0:400f:800::1000 80 3 49875 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 51154 2607:f8b0:400f:800::100f 80 3 53425 2607:f8b0:400f:800::1006 80 3 49717 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 51654 2607:f8b0:400f:800::1003 443 3 49221 2607:f8b0:400f:801::1006 443 3 49233 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 53616 2a03:2880:10:6f01:face:b00c::5 80 3 63077 2607:f8b0:4001:c02::bd 443 3 53419 2607:f8b0:400f:800::1002 80 3 58448 2607:f8b0:400f:800::1005 443 3 53416 2607:f8b0:400f:801::100e 80 3 60311 2607:f8b0:400f:800::100c 80 3 62773 2607:f8b0:4001:c02::bd 443 3 50390 2607:f8b0:400f:800::1003 443 3 53406 2607:f8b0:400f:800::1009 80 3 62751 2607:f8b0:4001:c02::bd 443 3 62320 2607:f8b0:4001:c02::bd 443 3 62059 2607:f8b0:400f:800::1006 443 3 50117 2001:4860:4007:801::1007 443 3 51679 2607:f8b0:400f:801::100f 443 3
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Results and Statistics • Conclusions
State of Assignments • All of the registries, for the most part, assign initial blocks for  Service provider /32  Enterprise /48
What makes up a good addressing plan? • Depends on the type of network, the size of the network, and problem to be solved • Points to consider  Documentation  Ease of troubleshooting  Aggregation  Standards compliance  Growth  SLAAC  Existing IPv4 addressing plan  Human factors
Algorithmic Approach • Encode every IPv4 address in the network in an IPv6 address 10.10.10.10 (A0A0A0A) 2001:DB8:A0A:A0A::
Link Numbering Issues • OSPFv3 masks this problem, unlike in IPv4 • Separation of addressing from the link state database means that OSPFv3 neighbor relationships will establish, even on links with mismatched addressing and/or masks • Link-local based forwarding prevents address mismatches from being easily detected because traffic flows normally and traceroutes don’t appear too strange
Link Numbering Issues • To detect link numbering errors, look for “Uturn” routing: $ traceroute6 2620:144:B0C:: traceroute to 2620:144:B0C:: (2620:144:b0c::), 30 hops max, 80 byte packets 1 2620:144:8fc:: (2620:144:8fc::) 26.747 ms 26.730 ms 26.716 ms 2 2620:144:b0c::2 (2620:144:b0c::2) 29.137 ms 29.222 ms 29.264 ms 3 2620:144:8fc:: (2620:144:8fc::) 29.355 ms 29.335 ms 29.350 ms 4 2620:144:8fc:: (2620:144:8fc::) 29.438 ms !H 29.433 ms !H 29.413 ms !H Note hop 2 is the misnumbered address. This traceroute should have looked like this: $ traceroute6 2620:144:B0C:: traceroute to 2620:144:B0C:: (2620:144:b0c::), 30 hops max, 80 byte packets 1 2620:144:8fc:: (2620:144:8fc::) 32.473 ms 32.447 ms 32.427 ms
Link Numbering Issues
Link Numbering Issues • Should you number your links at all or just use link-local? • Loopback interfaces usually show up so you know which routers traffic is following, so why waste address space on links?
Link Numbering Issues • Using equal cost multipath? • $ traceroute6 2001:DB8::5:2 • traceroute to 2001:DB8::5:2 (2001:DB8::5:2), 30 hops max, 80 byte packets • 1 2001:DB8::6:1 (2001:DB8::6:1) 22.723 ms 26.730 ms 26.716 ms • 2 2001:DB8::1:1 (2001:DB8::1:1) 80.233 ms * ms 72.173 ms • 3 2001:DB8::5:2 (2001:DB8::5:2) * ms 99.223 ms 29.350 ms • Which link did it take?
Link Numbering Issues • Does your management system use link numbering for monitoring or circuit identification? • Are you really saving any significant addressing by not assigning addresses?
Link Numbering Issues • $ traceroute6 2001:DB8::5:2 • traceroute to 2001:DB8::5:2 (2001:DB8::5:2), 30 hops max, 80 byte packets • 1 2001:DB8::6:1 (2001:DB8::6:1) 22.723 ms 26.730 ms 26.716 ms • 2 2001:DB8::4 (2001:DB8::4) * ms 88.322 ms * ms • 3 2001:DB8::5:2 (2001:DB8::5:2) * ms 90.123 ms 100.110 ms • Better, now we know which link is having issues.
Standards Compliance Networks smaller than /64 can be desirable, especially using /127s for point to point links (RFC 6164) To avoid future breakage, allocate a /64 in your documentation but use the smaller block Similarly, reserve /48s for EVERYTHING you can, there’s no reason to allocate densely, there’s plenty of space If you have a complex network, allocate in a sparse way to enable easy aggregation
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
DUID • When a Windows machine is cloned, you can get two or more machines with the same DHCPv6 Unique IDentifier (DUID) • This DUID is used by the DHCPv6 server to identify the client, so when two clients with the same DUID request IPv6 addresses with DHCPv6, they will both be given the same address • When the second machine receives its address from the DHCPv6 server, it does IPv6 Duplicate Address Detection, determines there is an IP address conflict, and refuses the lease
Rogue RAs • When a client is configured to run 6to4 (an automatic tunneling protocol) and Internet Connection Sharing, it will advertise itself as an IPv6 router by sending out RAs on its wireless interface • Clients receiving such RAs will auto-assign themselves an address in the wrong subnet • Routers are generally configured with RA guard or equivalent on their wired ports • Unfortunately there is no way to block rogue RAs over wireless APs (and some wired switches)
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
Conclusions • IPv6 works in the real world • There are challenges to implementing IPv6, but nothing show-stopping • Much of the Internet’s content is reachable over IPv6 (and growing fast) including all of Google, FaceBook and 3000 other sites • A much smaller percentage of Internet users have IPv6 connectivity (though this may change quickly with IPv4 depletion)
Learn More! • http://www.getipv6.info/ • http://tunnelbroker.net/ • http://www.sixxs.net/ • http://www.ipv6ready.org • https://www.arin.net/knowledge/ipv6_info_center.html • Contact us: – Brandon Ross, • Chief Network Architect and CEO • Network Utility Force • bross@netuf.net +1-404-635-6667 – Jeff Enters • Chief Infrastructure Architect • HP TS Networking • Jeff.enters@hp.com +1-414-412-3268

Recommandé

IPv6 Technical Overview: Address Architecture, DHCPv6 and DNS
IPv6 Technical Overview: Address Architecture, DHCPv6 and DNSIPv6 Technical Overview: Address Architecture, DHCPv6 and DNS
IPv6 Technical Overview: Address Architecture, DHCPv6 and DNSNetwork Utility Force
 
IPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPsIPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPsCarlos Martinez Cagnazzo
 
The Case for IPv6: Paving the Way for the Internet of Things
The Case for IPv6: Paving the Way for the Internet of ThingsThe Case for IPv6: Paving the Way for the Internet of Things
The Case for IPv6: Paving the Way for the Internet of ThingsNetwork Utility Force
 
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoIPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoDigicomp Academy AG
 
12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of SouthamptonIPv6 Summit 2010
 
APNIC Update
APNIC Update APNIC Update
APNIC Update APNIC
 
IPv6 address-planning
IPv6 address-planningIPv6 address-planning
IPv6 address-planningTim Martin
 
OARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemOARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemAPNIC
 

Recommandé

IPv6 Technical Overview: Address Architecture, DHCPv6 and DNS
IPv6 Technical Overview: Address Architecture, DHCPv6 and DNSIPv6 Technical Overview: Address Architecture, DHCPv6 and DNS
IPv6 Technical Overview: Address Architecture, DHCPv6 and DNSNetwork Utility Force
 
IPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPsIPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPsCarlos Martinez Cagnazzo
 
The Case for IPv6: Paving the Way for the Internet of Things
The Case for IPv6: Paving the Way for the Internet of ThingsThe Case for IPv6: Paving the Way for the Internet of Things
The Case for IPv6: Paving the Way for the Internet of ThingsNetwork Utility Force
 
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoIPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoDigicomp Academy AG
 
12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of Southampton12.00 - Dr. Tim Chown - University of Southampton
12.00 - Dr. Tim Chown - University of SouthamptonIPv6 Summit 2010
 
APNIC Update
APNIC Update APNIC Update
APNIC Update APNIC
 
IPv6 address-planning
IPv6 address-planningIPv6 address-planning
IPv6 address-planningTim Martin
 
OARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemOARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemAPNIC
 
VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateVNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateAPNIC
 
Tutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoTutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoAPNIC
 
IPv6-strategic-planning-framework
IPv6-strategic-planning-frameworkIPv6-strategic-planning-framework
IPv6-strategic-planning-frameworkTim Martin
 
Introduction of ipv6
Introduction of ipv6Introduction of ipv6
Introduction of ipv6KaushikMajumder22
 
CommunicAsia 2017: IPv6 deployment architecture for IoT
CommunicAsia 2017: IPv6 deployment architecture for IoTCommunicAsia 2017: IPv6 deployment architecture for IoT
CommunicAsia 2017: IPv6 deployment architecture for IoTAPNIC
 
IPv6 translation methods
IPv6 translation methodsIPv6 translation methods
IPv6 translation methodsAhmad Hijazi
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6Zivaro Inc
 
Apache NiFi User Guide
Apache NiFi User GuideApache NiFi User Guide
Apache NiFi User GuideDeon Huang
 
IPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental WebsiteIPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental WebsiteAPNIC
 
IPv6 in Mobile Networks
IPv6 in Mobile NetworksIPv6 in Mobile Networks
IPv6 in Mobile NetworksAPNIC
 
IPv6 Enabled WiFi: Planning, Deployment and Best Practices
IPv6 Enabled WiFi: Planning, Deployment and Best PracticesIPv6 Enabled WiFi: Planning, Deployment and Best Practices
IPv6 Enabled WiFi: Planning, Deployment and Best PracticesNetwork Utility Force
 
How LinkedIn used TCP Anycast to make the site faster
How LinkedIn used TCP Anycast to make the site fasterHow LinkedIn used TCP Anycast to make the site faster
How LinkedIn used TCP Anycast to make the site fasterShawn Zandi
 
Apache Nifi Crash Course
Apache Nifi Crash CourseApache Nifi Crash Course
Apache Nifi Crash CourseDataWorks Summit
 
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFiThe First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFiDataWorks Summit
 
Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.SolarWinds
 
6421 b Module-04
6421 b Module-046421 b Module-04
6421 b Module-04Bibekananada Jena
 
APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
 
PLNOG 8: Piotr Gierz - Protokół OpenFlow
PLNOG 8: Piotr Gierz - Protokół OpenFlow PLNOG 8: Piotr Gierz - Protokół OpenFlow
PLNOG 8: Piotr Gierz - Protokół OpenFlow PROIDEA
 
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistanceRobert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistancePROIDEA
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN
 
IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onAPNIC
 
Ipv6 routing
Ipv6 routingIpv6 routing
Ipv6 routingsrikrishna mallavarapu
 

Contenu connexe

Tendances

VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateVNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateAPNIC
 
Tutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoTutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoAPNIC
 
IPv6-strategic-planning-framework
IPv6-strategic-planning-frameworkIPv6-strategic-planning-framework
IPv6-strategic-planning-frameworkTim Martin
 
CommunicAsia 2017: IPv6 deployment architecture for IoT
CommunicAsia 2017: IPv6 deployment architecture for IoTCommunicAsia 2017: IPv6 deployment architecture for IoT
CommunicAsia 2017: IPv6 deployment architecture for IoTAPNIC
 
IPv6 translation methods
IPv6 translation methodsIPv6 translation methods
IPv6 translation methodsAhmad Hijazi
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6Zivaro Inc
 
Apache NiFi User Guide
Apache NiFi User GuideApache NiFi User Guide
Apache NiFi User GuideDeon Huang
 
IPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental WebsiteIPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental WebsiteAPNIC
 
IPv6 in Mobile Networks
IPv6 in Mobile NetworksIPv6 in Mobile Networks
IPv6 in Mobile NetworksAPNIC
 
IPv6 Enabled WiFi: Planning, Deployment and Best Practices
IPv6 Enabled WiFi: Planning, Deployment and Best PracticesIPv6 Enabled WiFi: Planning, Deployment and Best Practices
IPv6 Enabled WiFi: Planning, Deployment and Best PracticesNetwork Utility Force
 
How LinkedIn used TCP Anycast to make the site faster
How LinkedIn used TCP Anycast to make the site fasterHow LinkedIn used TCP Anycast to make the site faster
How LinkedIn used TCP Anycast to make the site fasterShawn Zandi
 
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFiThe First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFiDataWorks Summit
 
Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.SolarWinds
 
APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
 
PLNOG 8: Piotr Gierz - Protokół OpenFlow
PLNOG 8: Piotr Gierz - Protokół OpenFlow PLNOG 8: Piotr Gierz - Protokół OpenFlow
PLNOG 8: Piotr Gierz - Protokół OpenFlow PROIDEA
 
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistanceRobert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistancePROIDEA
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN
 

Tendances (20)

VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateVNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment Update
 
Tutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoTutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demo
 
IPv6-strategic-planning-framework
IPv6-strategic-planning-frameworkIPv6-strategic-planning-framework
IPv6-strategic-planning-framework
 
Introduction of ipv6
Introduction of ipv6Introduction of ipv6
Introduction of ipv6
 
CommunicAsia 2017: IPv6 deployment architecture for IoT
CommunicAsia 2017: IPv6 deployment architecture for IoTCommunicAsia 2017: IPv6 deployment architecture for IoT
CommunicAsia 2017: IPv6 deployment architecture for IoT
 
IPv6 translation methods
IPv6 translation methodsIPv6 translation methods
IPv6 translation methods
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
Apache NiFi User Guide
Apache NiFi User GuideApache NiFi User Guide
Apache NiFi User Guide
 
IPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental WebsiteIPv6 Deployment Case on a Korean Governmental Website
IPv6 Deployment Case on a Korean Governmental Website
 
IPv6 in Mobile Networks
IPv6 in Mobile NetworksIPv6 in Mobile Networks
IPv6 in Mobile Networks
 
IPv6 Enabled WiFi: Planning, Deployment and Best Practices
IPv6 Enabled WiFi: Planning, Deployment and Best PracticesIPv6 Enabled WiFi: Planning, Deployment and Best Practices
IPv6 Enabled WiFi: Planning, Deployment and Best Practices
 
How LinkedIn used TCP Anycast to make the site faster
How LinkedIn used TCP Anycast to make the site fasterHow LinkedIn used TCP Anycast to make the site faster
How LinkedIn used TCP Anycast to make the site faster
 
Apache Nifi Crash Course
Apache Nifi Crash CourseApache Nifi Crash Course
Apache Nifi Crash Course
 
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFiThe First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
 
Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.
 
6421 b Module-04
6421 b Module-046421 b Module-04
6421 b Module-04
 
APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering Automation
 
PLNOG 8: Piotr Gierz - Protokół OpenFlow
PLNOG 8: Piotr Gierz - Protokół OpenFlow PLNOG 8: Piotr Gierz - Protokół OpenFlow
PLNOG 8: Piotr Gierz - Protokół OpenFlow
 
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistanceRobert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities Report
 

Similaire à IPv6 on the INTEROPNET: Network Architecture and Lessons Learned

IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onAPNIC
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsNetwork Utility Force
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2srmanjuskp
 
IPv6 in Cellular Networks
IPv6 in Cellular NetworksIPv6 in Cellular Networks
IPv6 in Cellular NetworksAPNIC
 
A very good introduction to IPv6
A very good introduction to IPv6A very good introduction to IPv6
A very good introduction to IPv6Syed Arshad
 
2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-Eduardo Coelho
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn FortinetDigicomp Academy AG
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseThierry Zoller
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringChristian Elsen
 
Compatibility between IPv4 and IPv6
Compatibility between IPv4 and IPv6Compatibility between IPv4 and IPv6
Compatibility between IPv4 and IPv6Zalak Patel
 
Border Gateway Protocol & IPV6.pptx
Border Gateway Protocol & IPV6.pptxBorder Gateway Protocol & IPV6.pptx
Border Gateway Protocol & IPV6.pptxssuser3aa461
 
Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppOliver Müller
 

Similaire à IPv6 on the INTEROPNET: Network Architecture and Lessons Learned (20)

IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-on
 
Ipv6 routing
Ipv6 routingIpv6 routing
Ipv6 routing
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2
 
Enabling IPv6 Services Transparently
Enabling IPv6 Services TransparentlyEnabling IPv6 Services Transparently
Enabling IPv6 Services Transparently
 
3hows
3hows3hows
3hows
 
Kinber ipv6-education-healthcare
Kinber ipv6-education-healthcareKinber ipv6-education-healthcare
Kinber ipv6-education-healthcare
 
IPv6 in Cellular Networks
IPv6 in Cellular NetworksIPv6 in Cellular Networks
IPv6 in Cellular Networks
 
A very good introduction to IPv6
A very good introduction to IPv6A very good introduction to IPv6
A very good introduction to IPv6
 
2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-
 
IPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi PaletIPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi Palet
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash Course
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
 
Compatibility between IPv4 and IPv6
Compatibility between IPv4 and IPv6Compatibility between IPv4 and IPv6
Compatibility between IPv4 and IPv6
 
Border Gateway Protocol & IPV6.pptx
Border Gateway Protocol & IPV6.pptxBorder Gateway Protocol & IPV6.pptx
Border Gateway Protocol & IPV6.pptx
 
I pv6
I pv6I pv6
I pv6
 
Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer App
 

Plus de Network Utility Force

How to Plan and Conduct IPv6 Field Trials
How to Plan and Conduct IPv6 Field TrialsHow to Plan and Conduct IPv6 Field Trials
How to Plan and Conduct IPv6 Field TrialsNetwork Utility Force
 
IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014
IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014
IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014Network Utility Force
 
Introduction to Wide Area Network Routing
Introduction to Wide Area Network RoutingIntroduction to Wide Area Network Routing
Introduction to Wide Area Network RoutingNetwork Utility Force
 
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 SummitNetwork Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 SummitNetwork Utility Force
 
Network Utility Force IPv6 training brochure
Network Utility Force IPv6 training brochureNetwork Utility Force IPv6 training brochure
Network Utility Force IPv6 training brochureNetwork Utility Force
 

Plus de Network Utility Force (7)

Outdoor Municipal WiFi Case Study
Outdoor Municipal WiFi Case StudyOutdoor Municipal WiFi Case Study
Outdoor Municipal WiFi Case Study
 
How to Plan and Conduct IPv6 Field Trials
How to Plan and Conduct IPv6 Field TrialsHow to Plan and Conduct IPv6 Field Trials
How to Plan and Conduct IPv6 Field Trials
 
IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014
IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014
IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014
 
Introduction to Wide Area Network Routing
Introduction to Wide Area Network RoutingIntroduction to Wide Area Network Routing
Introduction to Wide Area Network Routing
 
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 SummitNetwork Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit
 
Network Utility Force IPv6 training brochure
Network Utility Force IPv6 training brochureNetwork Utility Force IPv6 training brochure
Network Utility Force IPv6 training brochure
 
IPv6 Implementation and Migration
IPv6 Implementation and MigrationIPv6 Implementation and Migration
IPv6 Implementation and Migration
 

Dernier

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 

Dernier (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 

IPv6 on the INTEROPNET: Network Architecture and Lessons Learned

  • 1. IPv6 on the INTEROPNET Interop, Wednesday, 9 May 2013 Brandon Ross, Routing Team Lead Chief Network Architect, Network Utility Force http://www.netuf.net/ Jeff Enters, Chief Infrastructure Architect, HP http://www.hp.com/services
  • 2. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
  • 3. RFC 6540 • Are you aware of this requirement? • Are your nodes IPv6 capable?
  • 4. IPv6 Support Required for All IP- Capable Nodes – RFC 6540 • “Given the global lack of available IPv4 space, and limitations in IPv4 extension and transition technologies, this document advises that IPv6 support is no longer considered optional.” • “IPv6 support must be equivalent or better in quality and functionality when compared to IPv4 support in a new or updated IP implementation.”
  • 5. Background • IPv4 depletion is already occurring • IPv6 adoption is accelerating • Most network hardware supports IPv6 • For the most part, dual stack Just Works http://www.potaroo.net/tools IPv4 Free Pool Depletion http://www.ipv6actnow.org/info/statistics/#alloc IPv6 Routing Table Growth
  • 6. US Feds Lesson Learned The US federal government had a mandate for all public facing web services to support IPv6 by September 30, 2012. 287 of 1494 sites had IPv6 web support by the deadline. Today 961 of 1355 sites support IPv6. That’s over 70%. Not 100%, but far ahead of most other large organizations.Source: http://usgv6-deploymon.antd.nist.gov//
  • 7. Europe out of Free Pool • Asia (APNIC) effectively ran out of free addresses in April, 2011 • Europe (RIPE) is also out of addresses as of September 14th, 2012 • ARIN predicted to run out of free space in April, 2014 (Geoff Huston, http://www.potaroo.net/tools/ipv4/index.ht ml)
  • 8. Goals • Network must be fully dual stack (IPv4+IPv6) • All IPv4 services should be reachable over IPv6 • Connections to IPv6-enabled websites should use IPv6 by default • Nothing should break 
  • 9. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
  • 10. Building on IPv4, IPv6 addresses contemporary networking needs IPv6 Advantages Overview Features IPv4 IPv6 Address length 32 bits 128 bits NAT Often necessary Not necessary Header size Variable length, 20 bytes + many options Fixed-length, 40 bytes + extension headers Configuration Manual, DHCPv4 Manual, stateless automatic, stateful automatic (DHCPv6) Types of addresses Broadcast, multicast, unicast Multicast, unicast, anycast Addresses per-interface Single Multiple Neighbor discovery, router discovery, Address resolution, NUD, redirects, etc. A variety of separate protocols Neighbor Discovery Protocol (built in) IPsec Optional Integrated QoS Some Better
  • 11. Unlock the potential of IPv6 IPv6 Operational Advantages • Robust, Effective, Efficient. Unlimited Address space. Extensibility. Optimized for next generation networks. • End to End Services and applications. • Enable Service Automation. • Better Support for QoS. • Enhanced Mobility. • Policy driven operations. • Free manpower from ordinary tasks. • Rapid deployment. • Much more than just a larger addressing space
  • 12. IPv6 Features useful in Internet facing devices Internet Presence Transition Dual Stack IPv4 and IPv6 – on all publically available servers Translation NAT64 Connectivity Make sure your mBGP is able to advertise and receive both IPv4 and IPv6 Internet route updates Understand how DNS server, OS, and application will interact. Make sure DNS server can store AAAA (IPv6 Address) records. Ensure records can be retrieved over both IPv4 and IPv6 transport. Enable Load balancer for both IPv4 and IPv6 traffic Security Deploy IPv6 Firewall and IDS/IPS IPsec – Now integrated into the IPv6 protocol, but not widely deployed VPN – IPv6 VPN is very similar to IPv4 VPN
  • 13. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 IPv6 Network Architecture Options Address Allocation choice • Provider Independent versus Provider Aggragatable address allocation scheme Addressing Mechanisms choice • Manual, Stateless autoconfiguration and/or Stateful autoconfiguration Transition Mechanisms choice • Dual Stack to allow coexistence of both IPv6 and IPv4 on the same infrastructure And/or Tunneling and/or Translation IPv6 Internet presence only • BUT do not stop there! Having a longer term plan for full end-to-end IPv6 enablement is the recommended approach Security Concerns • Similar to IPv4 + new IPv6 specific security concerns and need to include access media security Remember IPv6 is almost certainly already in your internal network, just unmonitored!
  • 14. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 Transition Strategies Three main methods Dual Stack • Provides complete support for IPv4 and IPv6 protocols Tunneling • Encapsulates IPv6 packets in IPv4 headers (and in later IPv4 packets in IPv6 headers) • Requires dual-stack devices at either end of the connection Translation • Translates IPv6 addresses and into IPv4 addresses Campus LAN Wireless LAN Core / DC Remote offices and branches IPv4 Internet WAN IPv6 Internet Example Today State Disconnected from IPv6 Internet
  • 15. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Simple and widely used. Recommended Strategy Transition Strategies Explained
  • 16. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Tunneling 6-in-4 or 4-in-6 • One transport protocol is encapsulated as the payload of the other (and vice versa). • + Connect Islands of IPv6 or IPv4 + Compatible across incompatible networks + Recommended for site-to-site • - Security issues with tunneled protocols - Trough FW (FW can’t inspect payload) - Reduced performance - Complicated network management and troubleshooting Simple and widely used. Recommended Strategy Simple and widely used Transition Strategies Explained
  • 17. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Tunneling 6-in-4 or 4-in-6 • One transport protocol is encapsulated as the payload of the other (and vice versa). • + Connect Islands of IPv6 or IPv4 + Compatible across incompatible networks + Recommended for site-to-site • - Security issues with tunneled protocols - Trough FW (FW can’t inspect payload) - Reduced performance - Complicated network management and troubleshooting Translation Between IPv4 and IPv6 (NAT64/DNS64) • Translates IPv6 names & addresses into IPv4 names & addresses (and vice versa). • + Enables IPv6-only host to communicate with IPv4-only hosts (and vice versa), + No modification to IPv4 or IPv6 end nodes, only at boundary routers • - Application incompatibilities (e.g. VoIP), need for ALG, and has all NAT drawbacks - Increased complexity in network topology - Reduced Performance (dep. on HW) - Complicated troubleshooting Simple and widely used. Recommended Strategy Simple and widely used If you must! Transition Strategies Explained
  • 18. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
  • 20. Autoconfiguration • All client-facing networks use SLAAC to allow clients to auto-assign themselves an IPv6 address and default gateway on the correct subnet – Supported by all IPv6-capable devices Auto-assigned IPv6 address Default Gateway (Link-local from RA)
  • 21. DNS • All DNS services are provided by DynDNS and load-balanced by F5 • Using anycast to direct traffic to it’s nearest DNS server, either show floor or Denver
  • 22. InteropNET NOC Services • Goal was to provide all internal services over IPv6 as well as IPv4 • This required coordination with vendors to enable IPv6, make sure services were bound to their IPv6 ports, and publish AAAA records • Most (but not all) services ended up reachable over IPv6
  • 23. Wireless • InteropNET wireless is provided by Xirrus • Purpose-built VLANs are shared across all APs and all are dual-stack
  • 24. IPAM
  • 25. IPv6 Attack Traffic Src. Port Dst. Addr. Dst. Port Seg. Port In 50854 2607:f8b0:4001:c02::bd 443 3 56597 2607:f8b0:400f:800::100a 443 3 56593 2607:f8b0:400f:800::1005 443 3 56598 2607:f8b0:400f:800::1000 443 3 49336 2404:6800:4003:802::1001 443 3 53427 2607:f8b0:400f:800::1000 80 3 49875 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 51154 2607:f8b0:400f:800::100f 80 3 53425 2607:f8b0:400f:800::1006 80 3 49717 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 51654 2607:f8b0:400f:800::1003 443 3 49221 2607:f8b0:400f:801::1006 443 3 49233 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 53616 2a03:2880:10:6f01:face:b00c::5 80 3 63077 2607:f8b0:4001:c02::bd 443 3 53419 2607:f8b0:400f:800::1002 80 3 58448 2607:f8b0:400f:800::1005 443 3 53416 2607:f8b0:400f:801::100e 80 3 60311 2607:f8b0:400f:800::100c 80 3 62773 2607:f8b0:4001:c02::bd 443 3 50390 2607:f8b0:400f:800::1003 443 3 53406 2607:f8b0:400f:800::1009 80 3 62751 2607:f8b0:4001:c02::bd 443 3 62320 2607:f8b0:4001:c02::bd 443 3 62059 2607:f8b0:400f:800::1006 443 3 50117 2001:4860:4007:801::1007 443 3 51679 2607:f8b0:400f:801::100f 443 3
  • 26. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Results and Statistics • Conclusions
  • 27. State of Assignments • All of the registries, for the most part, assign initial blocks for  Service provider /32  Enterprise /48
  • 28. What makes up a good addressing plan? • Depends on the type of network, the size of the network, and problem to be solved • Points to consider  Documentation  Ease of troubleshooting  Aggregation  Standards compliance  Growth  SLAAC  Existing IPv4 addressing plan  Human factors
  • 29. Algorithmic Approach • Encode every IPv4 address in the network in an IPv6 address 10.10.10.10 (A0A0A0A) 2001:DB8:A0A:A0A::
  • 30. Link Numbering Issues • OSPFv3 masks this problem, unlike in IPv4 • Separation of addressing from the link state database means that OSPFv3 neighbor relationships will establish, even on links with mismatched addressing and/or masks • Link-local based forwarding prevents address mismatches from being easily detected because traffic flows normally and traceroutes don’t appear too strange
  • 31. Link Numbering Issues • To detect link numbering errors, look for “Uturn” routing: $ traceroute6 2620:144:B0C:: traceroute to 2620:144:B0C:: (2620:144:b0c::), 30 hops max, 80 byte packets 1 2620:144:8fc:: (2620:144:8fc::) 26.747 ms 26.730 ms 26.716 ms 2 2620:144:b0c::2 (2620:144:b0c::2) 29.137 ms 29.222 ms 29.264 ms 3 2620:144:8fc:: (2620:144:8fc::) 29.355 ms 29.335 ms 29.350 ms 4 2620:144:8fc:: (2620:144:8fc::) 29.438 ms !H 29.433 ms !H 29.413 ms !H Note hop 2 is the misnumbered address. This traceroute should have looked like this: $ traceroute6 2620:144:B0C:: traceroute to 2620:144:B0C:: (2620:144:b0c::), 30 hops max, 80 byte packets 1 2620:144:8fc:: (2620:144:8fc::) 32.473 ms 32.447 ms 32.427 ms
  • 33. Link Numbering Issues • Should you number your links at all or just use link-local? • Loopback interfaces usually show up so you know which routers traffic is following, so why waste address space on links?
  • 34. Link Numbering Issues • Using equal cost multipath? • $ traceroute6 2001:DB8::5:2 • traceroute to 2001:DB8::5:2 (2001:DB8::5:2), 30 hops max, 80 byte packets • 1 2001:DB8::6:1 (2001:DB8::6:1) 22.723 ms 26.730 ms 26.716 ms • 2 2001:DB8::1:1 (2001:DB8::1:1) 80.233 ms * ms 72.173 ms • 3 2001:DB8::5:2 (2001:DB8::5:2) * ms 99.223 ms 29.350 ms • Which link did it take?
  • 35. Link Numbering Issues • Does your management system use link numbering for monitoring or circuit identification? • Are you really saving any significant addressing by not assigning addresses?
  • 36. Link Numbering Issues • $ traceroute6 2001:DB8::5:2 • traceroute to 2001:DB8::5:2 (2001:DB8::5:2), 30 hops max, 80 byte packets • 1 2001:DB8::6:1 (2001:DB8::6:1) 22.723 ms 26.730 ms 26.716 ms • 2 2001:DB8::4 (2001:DB8::4) * ms 88.322 ms * ms • 3 2001:DB8::5:2 (2001:DB8::5:2) * ms 90.123 ms 100.110 ms • Better, now we know which link is having issues.
  • 37. Standards Compliance Networks smaller than /64 can be desirable, especially using /127s for point to point links (RFC 6164) To avoid future breakage, allocate a /64 in your documentation but use the smaller block Similarly, reserve /48s for EVERYTHING you can, there’s no reason to allocate densely, there’s plenty of space If you have a complex network, allocate in a sparse way to enable easy aggregation
  • 38. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
  • 39. DUID • When a Windows machine is cloned, you can get two or more machines with the same DHCPv6 Unique IDentifier (DUID) • This DUID is used by the DHCPv6 server to identify the client, so when two clients with the same DUID request IPv6 addresses with DHCPv6, they will both be given the same address • When the second machine receives its address from the DHCPv6 server, it does IPv6 Duplicate Address Detection, determines there is an IP address conflict, and refuses the lease
  • 40. Rogue RAs • When a client is configured to run 6to4 (an automatic tunneling protocol) and Internet Connection Sharing, it will advertise itself as an IPv6 router by sending out RAs on its wireless interface • Clients receiving such RAs will auto-assign themselves an address in the wrong subnet • Routers are generally configured with RA guard or equivalent on their wired ports • Unfortunately there is no way to block rogue RAs over wireless APs (and some wired switches)
  • 41. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
  • 42. Conclusions • IPv6 works in the real world • There are challenges to implementing IPv6, but nothing show-stopping • Much of the Internet’s content is reachable over IPv6 (and growing fast) including all of Google, FaceBook and 3000 other sites • A much smaller percentage of Internet users have IPv6 connectivity (though this may change quickly with IPv4 depletion)
  • 43. Learn More! • http://www.getipv6.info/ • http://tunnelbroker.net/ • http://www.sixxs.net/ • http://www.ipv6ready.org • https://www.arin.net/knowledge/ipv6_info_center.html • Contact us: – Brandon Ross, • Chief Network Architect and CEO • Network Utility Force • bross@netuf.net +1-404-635-6667 – Jeff Enters • Chief Infrastructure Architect • HP TS Networking • Jeff.enters@hp.com +1-414-412-3268

Notes de l'éditeur

  1.  IPv6 Network Architecture OptionsWhen moving from an IPv4 to IPv6 environment there are several key choices to be made.Do you have Internet access from multiple providers?How to autoconfigure your end hosts?Which transition Mechanisms will you use? Tunneling, Dual Stack, Translation. Which we will cover later on in this webinarEveryone should already be reachable on the IPv6 Internet, but this is not enough, dont stop here.As Yanick already covered IPv6 is already on your internal network and has similar vulnrabilities as IPv4 that need to be addressed.
  2. Let’s us now talk about the different transition mechanisms we have at our disposal to address the transition to IPv6. The industry knew from the start that IPv6 was not backward compatible with IPv4, they had to provide some transition tools.There are 3 methodsThe first one is Dual Stack – that is the ability for hosts or routers to support both IPv4 and IPv6The second one is Tunneling – a method using encapsulation of IPv6 inside and IPv4 packet to cross an existing IPv4 network.And the third one Translation – the more complex way to actually translate an IPv6 packet into an IPv4 packet, or vice-versaWe will analyze all these techniques in more detail in the next slide
  3. Because IPv6 is not backwards compatible with IPv4, IPv4 hosts and IPv6 hosts cannot communicate directly.With dual stack, a host has both an IPv4 and an IPv6 stack. Applications can use either stack to communicate. Usually there is a default stack for each application or for the system. If the network is unable to establish the connection after a certain time, the network will try the other stack. Trying both IP version in parallel is recommended since trying both protocols in sequence will delay deployment.While dual-stack devices offer the greatest flexibility, the following is also true:An IPv4 address (public or private) must be available for every dual-stack device.Dual-stack routers must maintain two routing tables. Dual-stack nodes require additional memory and CPU power. Each network requires its own routing protocol.Firewalls must be configured with security rules appropriate to each.A DNS resolver capable of resolving both IPv4 and IPv6 addresses is required.All applications must be able to determine whether communication is with an IPv4 or IPv6 peer.Separate network management commands are required.Still, Dual Stack is the recommended transition tools for all networks, as it allows to migrate at the user’s own pace.
  4. The concept of tunneling is simple and has been used for a long time.The IPv6 packet is encapsulated in an IPv4 packet. This can happen automatically, or manually. This can happen at the host or a gateway router.When using a gateway router, which is common for Enterprises, IPv6 hosts do not require any changes. The gateway routers will take care of the encapsulation over IPv4 and maintain connectivity point. They also maintain a list of the gateway routers that are closest to IPv6 hosts. It is also possible to create the tunnel at the host itself. This distributes the load over many hosts. This method is prevalent for home connections. One well known method is ISATAP and supported by Microsoft.ISATAP has been proposed by Microsoft. It is not a real IETF standard (Info only) and require specialized protocol to replace ND. It has problems to scale, but because of Microsoft is a major player. The main advantage of IPv6 tunneling over IPv4 is the fact that it allows deploying IPv6 in your network even if the Carrier infrastructure does not support IPv6 yet. In the same way, if you can support full IPv6 in the infrastructure, you can tunnel IPv4 over IPv6.There are many drawbacks though. As the encapsulation is performed in the slow path, there is a performance and latency impact. In addition the IPv4 header increases the packet size and may require fragmentation and multi packet transmissions. Tunneling can be more vulnerable to security attacks. The tunneling masks the real origin of the packets and make debugging and network management.
  5. Even with tunneling or dual stack, the fact remains that IPv4 host can only talk to IPv4 servers. Translation is the last mechanism in our tools box. But it is not simple that simple, as addresses appear in all level of the OSI hierarchy, even possibly in the packet data itself. All the drawbacks of NAT exists with this solution. We already covered NAT in depth and will not restate it here.This mechanism should remain a last resort.