SlideShare une entreprise Scribd logo

IPv6 strategy for deployment at ETH Switzerland

Swiss IPv6 Council
Swiss IPv6 Council

This document summarizes IPv6 implementation plans at ETH Zurich. It discusses that IPv4 addresses are running out, so IPv6 is needed to connect growing devices. The roadmap is to gain experience with IPv6 in 2013-2014, start dual-stack rollout in 2015, and transition fully from IPv4 by 2020. Key aspects covered include changing to a new IPv6 address range, DHCPv6 implementation challenges, firewall upgrades, and initial projects already using IPv6.

1  sur  19
Télécharger pour lire hors ligne
IPv6 at ETH Zurich Armin Wittmann
Agenda  IPv4 usage at ETH Zurich  Changing IPv6 range before rollout  Roadmap Dr. A. Wittmann November 2012
IPv4: free 64 (/26) subnets # free /26 64-Subnets 300 250 200 150 100 50 0 2007 2008 2009 2010 2011 11.2012 Dr. A. Wittmann November 2012
# devices detected last 90 days vs. IPv4-Range 250000 200000 150000 # different MAC addresses (last 90 days) # assigned IPv4 addresses 100000 50000 0 2005 2006 2007 2008 2009 2010 2011 9.2012 Dr. A. Wittmann November 2012
IPv6-Traffic (last 12 months) Dr. A. Wittmann November 2012
Changing IPv6 range before rollout  BCM analysis  BIA analysis  new Provider Independent (PI) IPv6 range will replace old one  Request: Request made by SWITCH: 13.9.2012 Routing to ETH done: 21.9.2012 Dr. A. Wittmann November 2012
IPv6-Roadmap: Management view  IPv6 pilot projekt started important infrastructures (Exchange, CMS, Hosting, Storage)  Instruction initiative Server-Admins, IT-Supporter, end user, students documentation must be made first  DHCPv6 release in December 2012 produktive per April 2013 client networks will be forced IPv6-only network zone offered for all ETH  IPv4-NAT/PAT project started (usage for next 10 years ) Dr. A. Wittmann November 2012
IPv6 @ ETH Zurich Derk Valenkamp
Agenda  My personal impression about IPv6  Roadmap  IPv6-Concept (ID ICT-Networks)  DHCPv6  Firewall  IPv6 SSID ‚eth‘ design  Multicast  What is done  ? Dr. A. Wittmann November 2012
My personal impression about IPv6  No way around IPv6 to connect all the devices to the Internet/Intranet  Phase 4 in Gartner‘s Hype Cycle (Slope of enlightenment)  It is not enterprise ready yet (DHCP, OS-Support,...)  It is mainly designed for ISP‘s  Nearly no IPv6 rollout-project‘s in other Universities/Companies  Client-side: no fallback to IPv4 (DNS) – new rfc announced Dr. A. Wittmann November 2012
Roadmap  1H 2013 Network Ready for IPv6 large scale deployment (Firewall; DHCP-Relay; IPv6-only test-VPZ)  2014 get experience  2015 start IPv6 Rollout (Dualstack)  2020 start a ‚get rid of IPv4‘-project Dr. A. Wittmann November 2012
IPv6-Concept (2001:067C:10ec::/48 PI) 49 Bit 50 Bit 1 x Reserve (not used) 256 /58 Bereiche für VPZ Jedes VPZ erhält somit 64 /64 Subnetze diese 1 VPZ-Prefix können auch für interne Cluster- oder Managementadressierung verwendet werden. 0 1 VPZ-Prefix 128 /58 Bereiche für weitere VPZ 0 1 4096 /64 Subnetze für Tests bis IPv6 produktive eingesetzt wird 0 4096 /64 Subnetze für Network 0 (Links/Loopback/NET-Admin) 49 Bit 50 Bit 51 Bit 52 Bit 58 Bit
IPv6 Concept  One IPv6-Range (/58; Prefix) per VRF -> 64 subnets  One /64-Subnetz reserved per VLAN  But on the Router will be configured only a /118 subnet configured for Server (1024 IPv6’s) /115 subnet Docking/Client (8192 IPv6’s)  Prevent for DoS (Router breaks down during scans)  No auto configured addresses allowed. - No MAC-Addresses leave the ETH Zurich - No Random IPv6 Addresses (IDS, Support)  Always configured in Dual Stack with IPv4 (no 6to4-NAT)  Source-Routing will be blocked  Some Multicast addresses will be blocked (DHCP,DNS..)  Incoming IPv6 RAs will be blocked on access ports. Dr. A. Wittmann November 2012
DHCPv6  DHCPv6-Relay standard ... use outgoing interface of the router, which is IPv4 only ...will change  ‚No‘ redundant server -> 2 standalone Server with independent ranges (2x 4096 = 8192)  DHCPv6 lease depend to DUID (DHCP Unique ID), which is assigned by the OS...PXE-Boot?  Not all OS Support DHCPv6 – Android 4.x Dr. A. Wittmann November 2012
Firewall IPv6  Old Firewall Service Module not capable  New Hardware onsite, migration by end 2012  Separate ACL for IPv4 and IPv6 → new Firmware available now → CSM Release in Q1.2013 Dr. A. Wittmann November 2012
IPv6 SSID ‚eth‘ design VTP-Zone WPA DHCP-Client vrf red DHCP-Client vrf red Cat4500/Cat3750 10x MPLS trunk eBGP FWSM (vrf-global) Fusion Routers trunk Central DHCP-Server Central DHCP-Server Dr. A. Wittmann November 2012
What is done  2001:067c:10ec::/48 = ETH Zurich Subnet  10-Gig Dual-Stack-connection to SWITCH  Core is ready, but some issues with DHCP  DHCP (with limitations)  DNS  IPv6 rough concept  IPv6 Firewall  IPv6 VPN-Client (IPv6 tunneled over IPv4)  Mgmt Tool ‘Netcenter’ (Reports, IP-Tool, Firewall)  IPv6 Loadbalancer Dr. A. Wittmann November 2012
What is not planed yet  SEND/CGA (secure arp)  Router performance, whole Subnet have to be open  IPv6 to IPv4 NAT nor IPv4 to IPv6 NAT  DNS-Problems, IPv4-NAT is easier  IPv6 HTTP-Proxy  IPv6 Multicast (Not supported yet) Dr. A. Wittmann November 2012
? Dr. A. Wittmann November 2012

Recommandé

IPv6 Security und Hacking
IPv6 Security und HackingIPv6 Security und Hacking
IPv6 Security und HackingSwiss IPv6 Council
 
IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungSwiss IPv6 Council
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwiss IPv6 Council
 
Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationSwiss IPv6 Council
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCSSwiss IPv6 Council
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 
The Use of IPv6 in IoT
The Use of IPv6 in IoTThe Use of IPv6 in IoT
The Use of IPv6 in IoTOliver Müller
 

Recommandé

IPv6 Security und Hacking
IPv6 Security und HackingIPv6 Security und Hacking
IPv6 Security und HackingSwiss IPv6 Council
 
IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungSwiss IPv6 Council
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwiss IPv6 Council
 
Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationSwiss IPv6 Council
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCSSwiss IPv6 Council
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 
The Use of IPv6 in IoT
The Use of IPv6 in IoTThe Use of IPv6 in IoT
The Use of IPv6 in IoTOliver Müller
 
Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppOliver Müller
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
SDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumSDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumThe Linux Foundation
 
Symmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan DohertySymmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan Dohertyharryvanhaaren
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalDPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalJim St. Leger
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PROIDEA
 
LF_DPDK17_Integrating and using DPDK with Open vSwitch
LF_DPDK17_Integrating and using DPDK with Open vSwitchLF_DPDK17_Integrating and using DPDK with Open vSwitch
LF_DPDK17_Integrating and using DPDK with Open vSwitchLF_DPDK
 
Software Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFVSoftware Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFVYoshihiro Nakajima
 
LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...
LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...
LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...LF_DPDK
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksLayer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksVikram G Hosakote
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop ServiceCOLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop ServiceThe Linux Foundation
 
Multicast in OpenStack Tips
Multicast in OpenStack TipsMulticast in OpenStack Tips
Multicast in OpenStack TipsVikram G Hosakote
 
Network Test Automation 2015-04-23 #npstudy
Network Test Automation 2015-04-23 #npstudyNetwork Test Automation 2015-04-23 #npstudy
Network Test Automation 2015-04-23 #npstudyHiroshi Ota
 
LF_DPDK17_Accelerating Packet Processing with FPGA NICs
LF_DPDK17_Accelerating Packet Processing with FPGA NICsLF_DPDK17_Accelerating Packet Processing with FPGA NICs
LF_DPDK17_Accelerating Packet Processing with FPGA NICsLF_DPDK
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalIKT-Norge
 
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)Martin Schütte
 
TU Delft OpenCourseWare
TU Delft OpenCourseWareTU Delft OpenCourseWare
TU Delft OpenCourseWareWillem van Valkenburg
 
OpenData lunchpresentatie over mobiel en OpenCourseWare
OpenData lunchpresentatie over mobiel en OpenCourseWareOpenData lunchpresentatie over mobiel en OpenCourseWare
OpenData lunchpresentatie over mobiel en OpenCourseWareWillem van Valkenburg
 

Contenu connexe

Tendances

Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppOliver Müller
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
SDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumSDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumThe Linux Foundation
 
Symmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan DohertySymmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan Dohertyharryvanhaaren
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalDPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalJim St. Leger
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PROIDEA
 
LF_DPDK17_Integrating and using DPDK with Open vSwitch
LF_DPDK17_Integrating and using DPDK with Open vSwitchLF_DPDK17_Integrating and using DPDK with Open vSwitch
LF_DPDK17_Integrating and using DPDK with Open vSwitchLF_DPDK
 
Software Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFVSoftware Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFVYoshihiro Nakajima
 
LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...
LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...
LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...LF_DPDK
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksLayer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksVikram G Hosakote
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop ServiceCOLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop ServiceThe Linux Foundation
 
Network Test Automation 2015-04-23 #npstudy
Network Test Automation 2015-04-23 #npstudyNetwork Test Automation 2015-04-23 #npstudy
Network Test Automation 2015-04-23 #npstudyHiroshi Ota
 
LF_DPDK17_Accelerating Packet Processing with FPGA NICs
LF_DPDK17_Accelerating Packet Processing with FPGA NICsLF_DPDK17_Accelerating Packet Processing with FPGA NICs
LF_DPDK17_Accelerating Packet Processing with FPGA NICsLF_DPDK
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalIKT-Norge
 
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)Martin Schütte
 

Tendances (20)

Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer App
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack Environments
 
SDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumSDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + Quantum
 
Symmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan DohertySymmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan Doherty
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalDPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun Rajagopal
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
 
LF_DPDK17_Integrating and using DPDK with Open vSwitch
LF_DPDK17_Integrating and using DPDK with Open vSwitchLF_DPDK17_Integrating and using DPDK with Open vSwitch
LF_DPDK17_Integrating and using DPDK with Open vSwitch
 
Software Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFVSoftware Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFV
 
LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...
LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...
LF_DPDK17_Accelerating NFV with VMware's Enhanced Network Stack (ENS) and Int...
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksLayer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norway
 
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop ServiceCOLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
 
Multicast in OpenStack Tips
Multicast in OpenStack TipsMulticast in OpenStack Tips
Multicast in OpenStack Tips
 
Network Test Automation 2015-04-23 #npstudy
Network Test Automation 2015-04-23 #npstudyNetwork Test Automation 2015-04-23 #npstudy
Network Test Automation 2015-04-23 #npstudy
 
LF_DPDK17_Accelerating Packet Processing with FPGA NICs
LF_DPDK17_Accelerating Packet Processing with FPGA NICsLF_DPDK17_Accelerating Packet Processing with FPGA NICs
LF_DPDK17_Accelerating Packet Processing with FPGA NICs
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in general
 
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
 

En vedette

OpenData lunchpresentatie over mobiel en OpenCourseWare
OpenData lunchpresentatie over mobiel en OpenCourseWareOpenData lunchpresentatie over mobiel en OpenCourseWare
OpenData lunchpresentatie over mobiel en OpenCourseWareWillem van Valkenburg
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationSwiss IPv6 Council
 
Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Swiss IPv6 Council
 
SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"Swiss IPv6 Council
 
Content based image retrieval tugas softskill kelompok 1 2 ia15
Content based image retrieval tugas softskill kelompok 1 2 ia15Content based image retrieval tugas softskill kelompok 1 2 ia15
Content based image retrieval tugas softskill kelompok 1 2 ia15Fazar Hidayat
 
Dos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionDos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionSwiss IPv6 Council
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
TU Delft goes mobile for blackboard strategic workshop 20111027
TU Delft goes mobile for blackboard strategic workshop 20111027TU Delft goes mobile for blackboard strategic workshop 20111027
TU Delft goes mobile for blackboard strategic workshop 20111027Willem van Valkenburg
 
Human trafficking dg conference
Human trafficking dg conferenceHuman trafficking dg conference
Human trafficking dg conferenceVignesh Dhanaraj
 
Cpb surgical&clinical orientation
Cpb surgical&clinical orientationCpb surgical&clinical orientation
Cpb surgical&clinical orientationSandeep Jose K
 
Mechanical circulatory support (landes bioscience vademecum)
Mechanical circulatory support (landes bioscience vademecum)Mechanical circulatory support (landes bioscience vademecum)
Mechanical circulatory support (landes bioscience vademecum)Sandeep Jose K
 
crosstalk minimisation using vlsi
crosstalk minimisation using vlsicrosstalk minimisation using vlsi
crosstalk minimisation using vlsisubhradeep mitra
 
Cardiopulmonary bypass
Cardiopulmonary bypassCardiopulmonary bypass
Cardiopulmonary bypassSandeep Jose K
 

En vedette (20)

TU Delft OpenCourseWare
TU Delft OpenCourseWareTU Delft OpenCourseWare
TU Delft OpenCourseWare
 
OpenData lunchpresentatie over mobiel en OpenCourseWare
OpenData lunchpresentatie over mobiel en OpenCourseWareOpenData lunchpresentatie over mobiel en OpenCourseWare
OpenData lunchpresentatie over mobiel en OpenCourseWare
 
Ações de reação no canteiro do hds
Ações de reação no canteiro do hdsAções de reação no canteiro do hds
Ações de reação no canteiro do hds
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- Acceleration
 
Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen
 
6 f
6 f6 f
6 f
 
SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"
 
Carien Engelhard, interview en portfolio
Carien Engelhard, interview en portfolioCarien Engelhard, interview en portfolio
Carien Engelhard, interview en portfolio
 
iTU Delft app version 2
iTU Delft app version 2iTU Delft app version 2
iTU Delft app version 2
 
Content based image retrieval tugas softskill kelompok 1 2 ia15
Content based image retrieval tugas softskill kelompok 1 2 ia15Content based image retrieval tugas softskill kelompok 1 2 ia15
Content based image retrieval tugas softskill kelompok 1 2 ia15
 
Dos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionDos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 Transition
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
IPv6 Transition
IPv6 TransitionIPv6 Transition
IPv6 Transition
 
TU Delft goes mobile for blackboard strategic workshop 20111027
TU Delft goes mobile for blackboard strategic workshop 20111027TU Delft goes mobile for blackboard strategic workshop 20111027
TU Delft goes mobile for blackboard strategic workshop 20111027
 
LnA Design_group5
LnA Design_group5LnA Design_group5
LnA Design_group5
 
Human trafficking dg conference
Human trafficking dg conferenceHuman trafficking dg conference
Human trafficking dg conference
 
Cpb surgical&clinical orientation
Cpb surgical&clinical orientationCpb surgical&clinical orientation
Cpb surgical&clinical orientation
 
Mechanical circulatory support (landes bioscience vademecum)
Mechanical circulatory support (landes bioscience vademecum)Mechanical circulatory support (landes bioscience vademecum)
Mechanical circulatory support (landes bioscience vademecum)
 
crosstalk minimisation using vlsi
crosstalk minimisation using vlsicrosstalk minimisation using vlsi
crosstalk minimisation using vlsi
 
Cardiopulmonary bypass
Cardiopulmonary bypassCardiopulmonary bypass
Cardiopulmonary bypass
 

Similaire à IPv6 strategy for deployment at ETH Switzerland

Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 
Interconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsInterconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsThomas Morin
 
Challenges of L2 NID Based Architecture for vCPE and NFV Deployment
Challenges of L2 NID Based Architecture for vCPE and NFV Deployment Challenges of L2 NID Based Architecture for vCPE and NFV Deployment
Challenges of L2 NID Based Architecture for vCPE and NFV Deployment Bangladesh Network Operators Group
 
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...Jim St. Leger
 
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...IPv6no
 
Openstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNsOpenstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNsThomas Morin
 
Shmcfarl slb66-slb64-nat64-proxy
Shmcfarl slb66-slb64-nat64-proxyShmcfarl slb66-slb64-nat64-proxy
Shmcfarl slb66-slb64-nat64-proxyShannon McFarland
 
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat642009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64yacc2000
 
NZNOG 2020 - The Trouble With NAT
NZNOG 2020 - The Trouble With NATNZNOG 2020 - The Trouble With NAT
NZNOG 2020 - The Trouble With NATMark Smith
 
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDKDPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDKLagopus SDN/OpenFlow switch
 
DPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro NakajimaDPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro NakajimaJim St. Leger
 
Inside Microsoft's FPGA-Based Configurable Cloud
Inside Microsoft's FPGA-Based Configurable CloudInside Microsoft's FPGA-Based Configurable Cloud
Inside Microsoft's FPGA-Based Configurable Cloudinside-BigData.com
 
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fred Bovy
 
AWT goes IPv6 talk @BELNET Workshop
AWT goes IPv6 talk @BELNET WorkshopAWT goes IPv6 talk @BELNET Workshop
AWT goes IPv6 talk @BELNET Workshopir. Carmelo Zaccone
 
I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorialFred Bovy
 
Inside Microsoft's FPGA-Based Configurable Cloud
Inside Microsoft's FPGA-Based Configurable CloudInside Microsoft's FPGA-Based Configurable Cloud
Inside Microsoft's FPGA-Based Configurable Cloudinside-BigData.com
 
High Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing CommunityHigh Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing Community6WIND
 

Similaire à IPv6 strategy for deployment at ETH Switzerland (20)

Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6
 
3hows
3hows3hows
3hows
 
Interconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsInterconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNs
 
Challenges of L2 NID Based Architecture for vCPE and NFV Deployment
Challenges of L2 NID Based Architecture for vCPE and NFV Deployment Challenges of L2 NID Based Architecture for vCPE and NFV Deployment
Challenges of L2 NID Based Architecture for vCPE and NFV Deployment
 
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
 
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
 
Openstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNsOpenstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNs
 
Shmcfarl slb66-slb64-nat64-proxy
Shmcfarl slb66-slb64-nat64-proxyShmcfarl slb66-slb64-nat64-proxy
Shmcfarl slb66-slb64-nat64-proxy
 
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat642009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
 
NZNOG 2020 - The Trouble With NAT
NZNOG 2020 - The Trouble With NATNZNOG 2020 - The Trouble With NAT
NZNOG 2020 - The Trouble With NAT
 
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDKDPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
 
DPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro NakajimaDPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro Nakajima
 
Inside Microsoft's FPGA-Based Configurable Cloud
Inside Microsoft's FPGA-Based Configurable CloudInside Microsoft's FPGA-Based Configurable Cloud
Inside Microsoft's FPGA-Based Configurable Cloud
 
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0
 
NAT_Final
NAT_FinalNAT_Final
NAT_Final
 
AWT goes IPv6 talk @BELNET Workshop
AWT goes IPv6 talk @BELNET WorkshopAWT goes IPv6 talk @BELNET Workshop
AWT goes IPv6 talk @BELNET Workshop
 
Tech f42
Tech f42Tech f42
Tech f42
 
I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorial
 
Inside Microsoft's FPGA-Based Configurable Cloud
Inside Microsoft's FPGA-Based Configurable CloudInside Microsoft's FPGA-Based Configurable Cloud
Inside Microsoft's FPGA-Based Configurable Cloud
 
High Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing CommunityHigh Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing Community
 

Plus de Swiss IPv6 Council

Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Swiss IPv6 Council
 
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?Swiss IPv6 Council
 
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Swiss IPv6 Council
 
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieIPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieSwiss IPv6 Council
 
IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6Swiss IPv6 Council
 
IPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationIPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationSwiss IPv6 Council
 
Network Neutrality - What's At Stake
Network Neutrality - What's At StakeNetwork Neutrality - What's At Stake
Network Neutrality - What's At StakeSwiss IPv6 Council
 

Plus de Swiss IPv6 Council (9)

Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014
 
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
 
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
 
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieIPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
 
IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6
 
IPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationIPv6 solutions for an easy implementation
IPv6 solutions for an easy implementation
 
Network Neutrality - What's At Stake
Network Neutrality - What's At StakeNetwork Neutrality - What's At Stake
Network Neutrality - What's At Stake
 
LISP Update
LISP UpdateLISP Update
LISP Update
 
IPv6 Enterprise Planning
IPv6 Enterprise PlanningIPv6 Enterprise Planning
IPv6 Enterprise Planning
 

IPv6 strategy for deployment at ETH Switzerland

  • 1. IPv6 at ETH Zurich Armin Wittmann
  • 2. Agenda  IPv4 usage at ETH Zurich  Changing IPv6 range before rollout  Roadmap Dr. A. Wittmann November 2012
  • 3. IPv4: free 64 (/26) subnets # free /26 64-Subnets 300 250 200 150 100 50 0 2007 2008 2009 2010 2011 11.2012 Dr. A. Wittmann November 2012
  • 4. # devices detected last 90 days vs. IPv4-Range 250000 200000 150000 # different MAC addresses (last 90 days) # assigned IPv4 addresses 100000 50000 0 2005 2006 2007 2008 2009 2010 2011 9.2012 Dr. A. Wittmann November 2012
  • 5. IPv6-Traffic (last 12 months) Dr. A. Wittmann November 2012
  • 6. Changing IPv6 range before rollout  BCM analysis  BIA analysis  new Provider Independent (PI) IPv6 range will replace old one  Request: Request made by SWITCH: 13.9.2012 Routing to ETH done: 21.9.2012 Dr. A. Wittmann November 2012
  • 7. IPv6-Roadmap: Management view  IPv6 pilot projekt started important infrastructures (Exchange, CMS, Hosting, Storage)  Instruction initiative Server-Admins, IT-Supporter, end user, students documentation must be made first  DHCPv6 release in December 2012 produktive per April 2013 client networks will be forced IPv6-only network zone offered for all ETH  IPv4-NAT/PAT project started (usage for next 10 years ) Dr. A. Wittmann November 2012
  • 8. IPv6 @ ETH Zurich Derk Valenkamp
  • 9. Agenda  My personal impression about IPv6  Roadmap  IPv6-Concept (ID ICT-Networks)  DHCPv6  Firewall  IPv6 SSID ‚eth‘ design  Multicast  What is done  ? Dr. A. Wittmann November 2012
  • 10. My personal impression about IPv6  No way around IPv6 to connect all the devices to the Internet/Intranet  Phase 4 in Gartner‘s Hype Cycle (Slope of enlightenment)  It is not enterprise ready yet (DHCP, OS-Support,...)  It is mainly designed for ISP‘s  Nearly no IPv6 rollout-project‘s in other Universities/Companies  Client-side: no fallback to IPv4 (DNS) – new rfc announced Dr. A. Wittmann November 2012
  • 11. Roadmap  1H 2013 Network Ready for IPv6 large scale deployment (Firewall; DHCP-Relay; IPv6-only test-VPZ)  2014 get experience  2015 start IPv6 Rollout (Dualstack)  2020 start a ‚get rid of IPv4‘-project Dr. A. Wittmann November 2012
  • 12. IPv6-Concept (2001:067C:10ec::/48 PI) 49 Bit 50 Bit 1 x Reserve (not used) 256 /58 Bereiche für VPZ Jedes VPZ erhält somit 64 /64 Subnetze diese 1 VPZ-Prefix können auch für interne Cluster- oder Managementadressierung verwendet werden. 0 1 VPZ-Prefix 128 /58 Bereiche für weitere VPZ 0 1 4096 /64 Subnetze für Tests bis IPv6 produktive eingesetzt wird 0 4096 /64 Subnetze für Network 0 (Links/Loopback/NET-Admin) 49 Bit 50 Bit 51 Bit 52 Bit 58 Bit
  • 13. IPv6 Concept  One IPv6-Range (/58; Prefix) per VRF -> 64 subnets  One /64-Subnetz reserved per VLAN  But on the Router will be configured only a /118 subnet configured for Server (1024 IPv6’s) /115 subnet Docking/Client (8192 IPv6’s)  Prevent for DoS (Router breaks down during scans)  No auto configured addresses allowed. - No MAC-Addresses leave the ETH Zurich - No Random IPv6 Addresses (IDS, Support)  Always configured in Dual Stack with IPv4 (no 6to4-NAT)  Source-Routing will be blocked  Some Multicast addresses will be blocked (DHCP,DNS..)  Incoming IPv6 RAs will be blocked on access ports. Dr. A. Wittmann November 2012
  • 14. DHCPv6  DHCPv6-Relay standard ... use outgoing interface of the router, which is IPv4 only ...will change  ‚No‘ redundant server -> 2 standalone Server with independent ranges (2x 4096 = 8192)  DHCPv6 lease depend to DUID (DHCP Unique ID), which is assigned by the OS...PXE-Boot?  Not all OS Support DHCPv6 – Android 4.x Dr. A. Wittmann November 2012
  • 15. Firewall IPv6  Old Firewall Service Module not capable  New Hardware onsite, migration by end 2012  Separate ACL for IPv4 and IPv6 → new Firmware available now → CSM Release in Q1.2013 Dr. A. Wittmann November 2012
  • 16. IPv6 SSID ‚eth‘ design VTP-Zone WPA DHCP-Client vrf red DHCP-Client vrf red Cat4500/Cat3750 10x MPLS trunk eBGP FWSM (vrf-global) Fusion Routers trunk Central DHCP-Server Central DHCP-Server Dr. A. Wittmann November 2012
  • 17. What is done  2001:067c:10ec::/48 = ETH Zurich Subnet  10-Gig Dual-Stack-connection to SWITCH  Core is ready, but some issues with DHCP  DHCP (with limitations)  DNS  IPv6 rough concept  IPv6 Firewall  IPv6 VPN-Client (IPv6 tunneled over IPv4)  Mgmt Tool ‘Netcenter’ (Reports, IP-Tool, Firewall)  IPv6 Loadbalancer Dr. A. Wittmann November 2012
  • 18. What is not planed yet  SEND/CGA (secure arp)  Router performance, whole Subnet have to be open  IPv6 to IPv4 NAT nor IPv4 to IPv6 NAT  DNS-Problems, IPv4-NAT is easier  IPv6 HTTP-Proxy  IPv6 Multicast (Not supported yet) Dr. A. Wittmann November 2012
  • 19. ? Dr. A. Wittmann November 2012