SlideShare une entreprise Scribd logo

Addressing plans

E
enes373
FormationTechnologie
1  sur  44
Télécharger pour lire hors ligne
Developing an IPv6 Addressing Plan Guidelines, Rules, Best Practice Ron Broersma DREN Chief Engineer SPAWAR Network Security Manager ron@spawar.navy.mil
Introduction •  IPv6 deployment includes: –  obtaining a block of IPv6 addresses (a “prefix”) for your organization and its networks. –  establishing a plan for how those addresses will be assigned to your networks and subnets. •  Observation: Many plans have serious flaws –  usually takes about 3 times to get it right –  many plans include the same basic mistakes •  Goal of this presentation: –  not intended to be a comprehensive tutorial –  review the common mistakes, and the reasons behind them –  save everyone time and effort, by avoiding those mistakes •  less re-numbering –  take full advantage of the vast address space now available to us 16-Nov-2011 2
The piece that has changed 16-Nov-2011 3 ISO 7 Layer Model Application Presentation Session Transport Network Link Physical Sockets TCP, UDP IP Mac Layer Internet Stack IPv6
Address Structure •  Unicast addresses are structured as a subnetwork prefix and an interface identifier. 16-Nov-2011 4 Subnet prefix Interface ID (host part) Allocated through a hierarchy of registries, service providers, and sites (global unicast) Automatically assigned using stateless autoconfiguration, or statically, or with DHCPv6 Size of a given (sub)network is effectively not limited by the number of unique host values as was the case in IPv4 where a /24 (Class C) net can only have 254 hosts. /64 /128
Address Types 16-Nov-2011 5 http://www.ripe.net/ipv6-address-types/ipv6-address-types.pdf
Example Allocation •  Your enterprise is allocated a Global Unicast Prefix* •  How do you assign xxxx and yyyy throughout your enterprise? 16-Nov-2011 6 2001 0DB8 xxxx yyyy Interface ID /32 /48 /64 2001:DB8::/32 * ”The default provider allocation via the RIRs is currently a /32.” (RFC 5375)
Big mistake #1 •  Using other than /64 for subnets •  Some choose /120 •  Reasoning: –  “host” part is same size as in IPv4 (8 bits) –  /64 is wasteful –  the security guy wants to be able to enumerate all hosts by scanning the subnet, just like in IPv4 16-Nov-2011 7 2001 0DB8 xxxx yyyy /120
IPv4 practice gets in the way •  Being conservative with addresses –  operating on the notion that addresses are very scarce •  Making the subnet mask long, to avoid waste. Examples: –  /30 for point-to-point links –  if you only have 10 hosts on a subnet, then allocate a /28 –  squeezing as many subnets as possible out of a /24 16-Nov-2011 8
Making the paradigm shift •  You may be un-qualified to develop a final IPv6 addressing plan if you think: –  /64 for subnets is wasteful –  /64 for point-to-point links is wasteful –  /48 for small sites is wasteful 16-Nov-2011 9
Subnets are /64 •  If you choose other than /64, the following things will not work: –  Neighbor Discovery –  Secure Neighbor Discovery –  Stateless Address Autoconfiguration (SLAAC) –  Microsoft DHCPv6 –  Multicast with Embedded-RP –  Mobile-IPv6 –  and many other things in the future •  Using other than /64 for subnets goes against: –  RFC 4291 “IPv6 Addressing Architecture” –  RFC 5375 “IPv6 Addressing Considerations” 16-Nov-2011 10
Subnets are /64 16-Nov-2011 11 “For all unicast addresses, except those that start with the binary value 000, Interface IDs are required to be 64 bits long.” (RFC 4291) “Using /64 subnets is strongly recommended, also for links connecting only routers. A deployment compliant with the current IPv6 specifications cannot use other prefix lengths.” (RFC 5375)
What about point-to-point links? •  Even if we finally agree that subnets are /64, some will argue that point-to-point links must be /126 (like an IPv4 /30) or /127. –  Can’t waste a whole /64 when you need only 2 addresses •  Best practice is to allocate /64 for point-to-point links –  whether you need 2 out of 2**64 or 200 out of 2**64, there’s not much difference in “waste” •  But what about that DoS problem from the ping-pong effect? –  This will not happen on a RFC 4443 compliant IPv6 implementation –  If you have a non-compliant device (Juniper), you can set the interface mask to /126 on the interface as a temporary workaround until your device is fixed, but you should still allocate a /64 for the link. –  Never use /127 (See RFC 3627), but also look at RFC 6164. 16-Nov-2011 12
Mistake #2 •  Thinking you have to get the addressing plan right the first time –  Unless you have operational experience with IPv6 deployments and transition, you WILL get it wrong. –  Usually takes about 3 times to get it right. •  Thinking you can’t afford to re-address –  Since the first plan is probably a throw-away, you will have to re-address when you come up with a revised plan. 16-Nov-2011 13
Iterative planning approach •  Assume the first plan is a throwaway –  Don’t put too much energy into it, because it is only temporary •  Do some initial limited IPv6 deployments based on the initial addressing plan –  testbeds –  public facing services •  Gain operational experience –  realize ways to improve the addressing plan –  interact with the community to get ideas •  Develop your next addressing plan –  put more energy into this one –  readdress the existing IPv6 infrastructure •  Do a wider deployment with the new plan –  internal servers, maybe clients. •  Iterate 16-Nov-2011 14
Mistake #3 •  Trying to be too creative about how much address space to allocate to a “site” –  Thinking you need to allocate large amounts of space to large sites, and much smaller amounts to small sites •  Assuming that large allocations to small sites is wasteful –  Go back and review the slide on being stuck in the IPv4 conservation paradigm. 16-Nov-2011 15
“Sites” get a /48 •  Here, the “site” field is 0x0000-0xFFFF –  That gives you 65,536 sites! –  That’s not enough? •  And each site get 65,536 subnets –  That’s not enough? Its like a “Class A” block of huge subnets. •  Standardize! –  It simplifies things administratively and operationally. 16-Nov-2011 16 2001 0DB8 “site” yyyy Interface ID /32 /48 /64
Mistake #4 •  Justify “upwards”, rather than pre-allocate “downwards”. –  Requiring sites to develop documentation and justification for their address space requirements –  Allocating to those groups or sites based on that justification 16-Nov-2011 17
Pre-allocation •  You can easily pre-allocate to the site level –  see slide on “sites get a /48” •  Within sites, addressing can align with existing subnet structure –  later, you may want to re-address your IPv4 networks (but don’t worry about that just yet). 16-Nov-2011 18
Mistake #5 •  Host-centric allocation rather than subnet- centric –  Thinking that address allocation has anything to do with the number of hosts 16-Nov-2011 19
Focus on subnets •  A /64 subnet has enough room for this many hosts: •  You don’t have to think about whether a subnet is large enough for all your hosts. •  You don’t have to worry about “growing” a subnet later if you get more hosts. •  Just focus on your network topology (links, subnets, VLANs, etc.) and align with that. 16-Nov-2011 20 18,446,744,073,709,551,616
Once again 16-Nov-2011 21 When doing an address plan, a major driver in IPv4 was efficiency and conservation In IPv6, efficiency and conservation is NOT a major driver, but instead it is all about better alignment with network topology, accommodation of security architecture, and operational simplicity through standardization
Other Considerations •  In IPv6, every interface has multiple addresses –  In IPv4, we thought of a “host” as having a single IP address •  Embedding IPv4 addresses in IPv6 addresses adds administrative burden and limits flexibility –  limited long term benefit, so don’t do it –  It is reasonable to copy just the “host” part of the IPv4 address into the IID (host part) of the IPv6 address 16-Nov-2011 22
Other Considerations •  There is an opportunity to align the addressing plan with security topology, to simplify ACLs –  This is the type of thing you may start to incorporate into your 3rd version of your plan. •  Internal aggregation is not nearly as critical as aggregating route announcements to your ISP –  you can afford to carry a few thousand routes internally, but the Internet can’t afford to carry all your /48’s or longer. 16-Nov-2011 23
Other Considerations •  Most of the context here has been for large enterprises that aggregate into a very few connections to one or two ISPs, and use “provider-independent” (PI) space. •  If you have a lot of small outlier sites that are single-homed directly to an ISP, have them get their address space from that ISP, known as “provider-aggregatable” (PA) space. 16-Nov-2011 24
Adding structure or hierarchy •  Examples: – grouping of sites by •  region •  service delivery point – grouping of subnets within a site to align with •  IPv4 mapping •  routing topology •  security topology 16-Nov-2011 25
Adding structure or hierarchy •  Recommendation: add grouping or hierarchy on nibble (4 bit) boundaries –  Aligns better with hex digits –  Aligns better with grouping in DNS PTR records •  Examples: –  /36 for regions •  16 regions with 4096 sites per region –  /44 for service delivery points •  16 customers per SDP, up to 4096 SDPs –  /52 to align with IPv4 allocations •  can map up to 16 allocations 16-Nov-2011 26
Subnet numbering example •  You could just assign them incrementally –  0, 1, 2, 3, etc •  You could have them match some part of your existing IPv4 subnet numbers –  Like the 3rd octet of your subnets addresses, if you have a “Class B” and all your subnets are /24’s •  You may want to create some hierarchy, if you have separate enclaves or security zones or want to map to multiple existing IPv4 allocations. 2001 0DB8 1234 subnet Interface ID /32 /48 /64 0000 to FFFF
Hierarchy Example •  Save the top 4 bits of the subnet number for mapping to IPv4 allocation (or other grouping) –  That’s a /52 •  Subnet numbers are then 000 to FFF –  4096 subnets per /52 (you only need 256, but 3 hex digits allows you to keep decimal notation) 2001 0DB8 1234 subnet Interface ID /32 /48 /64 0000 to FFFF
Example Addressing Scheme •  Address the network for consistency between protocols –  Align VLAN number with 3rd octet of IPv4 address –  Align IPv6 “subnet number” with the above 16-Nov-2011 29 2001 0DB8 1234 subnet Interface ID 128 123 subnet host IPv6 IPv4 VLAN-id
IPv6 Addressing Example Subnet IPv4 IPv6 Offices 128.123.1.0/24 2001:480:1234:1::/64 Computer Room 128.123.2.0/24 2001:480:1234:2::/64 DMZ (BR) 128.123.100.0/24 2001:480:1234:1100::/64 DMZ (FW) 128.123.101.0/24 2001:480:1234:1101::/64 fw-to-br 128.123.254.0/30 2001:480:1234:1000::/64 fw-to-ir 128.123.254.4/30 2001:480:1234:0000::/64 Notes: - Used subnet 000 for “infrastructure” links - /52 used to designate security zone (0 – trust, 1 – untrust) - IPv4 and IPv6 subnet numbers try to align, where possible (when IPv4 subnets are /24) - didn’t use /126’s nor /127’s for the point-to-point links
Privacy Addresses (RFC 4941) •  Incompatible with many Enterprise environments –  Need address stability for many reasons • Logging, Forensics, DNS stability, ACLs, etc. •  Enabled by default in Windows –  Breaks plug-n-play because we have to visit every Windows machine to disable this feature. •  Just added in Mac OS X “Lion”. •  Ubuntu thinking about making it default. [Privacy addresses] are horrible and I hope nobody really uses them, but they're better than NAT. … Owen DeLong, Hurricane Electric 16-Nov-2011 31
Living with Privacy addresses •  Where your clients support DHCPv6, use that to assign addresses –  No DHCPv6 client support in Windows XP, Mac OSX before 10.7 (Lion), etc. •  If all your Windows systems are in Active Directory, use GPO to disable privacy addresses •  Options for other systems: –  configure system to disable privacy addresses •  registry setting in Windows (see below) –  configure addresses statically on the hosts –  keep a historical record of all MAC address to IPv6 address mappings for every host, for correlation in IDS and forensics tools 16-Nov-2011 32 netsh interface ipv6 set privacy state=disabled store=persistent netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
Additional Guides •  Preparing an IPv6 Addressing Plan •  IPv6 Address Design, a few practical principles 16-Nov-2011 33 http://www.ripe.net/lir-services/training/material/IPv6-for-LIRs-Training-Course/IPv6_addr_plan4.pdf http://www.txv6tf.org/wp-content/uploads/2011/09/Doyle-TXv6TF_09142011.pdf
End of Addressing discussion
Other topics
What’s missing: IPv6 Operational Experience •  Lots of planning is underway –  transition planning –  address planning •  Much of this planning is done by individuals who have never touched an IPv6 packet •  Too much energy is being wasted on plans that are flawed, because they are not based on operational experience •  It is more important to turn on IPv6 now and start moving some IPv6 traffic, than it is to have a complete plan 16-Nov-2011 36
Getting IPv6 experience •  Run IPv6 at home –  Get a tunnel from Hurricane Electric •  Get the IPv6 Certification from HE •  Managers: –  make sure your network engineers are doing the above, or something similar •  Run IPv6 in a testbed environment •  IPv6-enable just your public-facing services to start with •  Then you can start comprehensive planning 16-Nov-2011 37
Go native •  “native IPv6” means “don’t use tunnels”. –  some confuse this term to mean IPv6-only, but that is not the case. •  Access to Legacy IPv4 networks and systems will be necessary for years to come. –  we need both IPv4 and IPv6 at the same time. –  IPv4 and IPv6 are not directly interoperable •  Use “dual stack” as the IPv6 transition mechanism –  can use translators in the interim, but NOT long term. goal is end-to-end native IPv6. 16-Nov-2011 38
About translators •  Common scenario: –  Don’t IPv6-enable your actual public web site, but instead front-end it with an IPv6-to-IPv4 translator •  This is OK as an interim step, because of the extreme importance of IPv6-enabling the public Internet •  But the target is end-to-end native IPv6, so consider any such translators to be very temporary –  unless that translation device is already in the path for reasons unrelated to IPv6 transition 16-Nov-2011 39
From a Microsoft talk… 16-Nov-2011 40
IPv6 traffic percentage •  From a server perspective, what percentage of the Internet will try to reach you over IPv6 today? –  0.4% •  From a client perspective, what percentage of Internet traffic is IPv6, where everything at your site is IPv6-enabled: 16-Nov-2011 41
Another event like World IPv6 Day? •  June 2012 •  You should plan to IPv6-enable your public facing services before then 16-Nov-2011 42
Final Comments 16-Nov-2011 43
END Any Questions? Contact me at: ron@spawar.navy.mil 16-Nov-2011 44

Recommandé

IPv6 Addressing Plan Fundamentals
IPv6 Addressing Plan FundamentalsIPv6 Addressing Plan Fundamentals
IPv6 Addressing Plan FundamentalsRIPE NCC
 
IPv4 and IPv6 - addressing Internet infrastructure
IPv4 and IPv6 - addressing Internet infrastructureIPv4 and IPv6 - addressing Internet infrastructure
IPv4 and IPv6 - addressing Internet infrastructureRIPE NCC
 
Preparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing PlanlPreparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing PlanlDave Thyssen
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningDeploy360 Programme (Internet Society)
 
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6cyberjoex
 
IPv6 Tutorial; USENIX LISA 2013
IPv6 Tutorial; USENIX LISA 2013IPv6 Tutorial; USENIX LISA 2013
IPv6 Tutorial; USENIX LISA 2013Shumon Huque
 
Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.SolarWinds
 
IPv6 Deployment Planning Tutorial, by Philip Smith [APNIC 38]
IPv6 Deployment Planning Tutorial, by Philip Smith [APNIC 38]IPv6 Deployment Planning Tutorial, by Philip Smith [APNIC 38]
IPv6 Deployment Planning Tutorial, by Philip Smith [APNIC 38]APNIC
 

Recommandé

IPv6 Addressing Plan Fundamentals
IPv6 Addressing Plan FundamentalsIPv6 Addressing Plan Fundamentals
IPv6 Addressing Plan FundamentalsRIPE NCC
 
IPv4 and IPv6 - addressing Internet infrastructure
IPv4 and IPv6 - addressing Internet infrastructureIPv4 and IPv6 - addressing Internet infrastructure
IPv4 and IPv6 - addressing Internet infrastructureRIPE NCC
 
Preparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing PlanlPreparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing PlanlDave Thyssen
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningDeploy360 Programme (Internet Society)
 
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6cyberjoex
 
IPv6 Tutorial; USENIX LISA 2013
IPv6 Tutorial; USENIX LISA 2013IPv6 Tutorial; USENIX LISA 2013
IPv6 Tutorial; USENIX LISA 2013Shumon Huque
 
Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.SolarWinds
 
IPv6 Deployment Planning Tutorial, by Philip Smith [APNIC 38]
IPv6 Deployment Planning Tutorial, by Philip Smith [APNIC 38]IPv6 Deployment Planning Tutorial, by Philip Smith [APNIC 38]
IPv6 Deployment Planning Tutorial, by Philip Smith [APNIC 38]APNIC
 
IPv6-addressing-subnetting
IPv6-addressing-subnettingIPv6-addressing-subnetting
IPv6-addressing-subnettingLaura Sofia Bruges Holguin
 
6421 b Module-04
6421 b Module-046421 b Module-04
6421 b Module-04Bibekananada Jena
 
Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorialkriz5
 
IPv6 address-planning
IPv6 address-planningIPv6 address-planning
IPv6 address-planningTim Martin
 
IPv6 Autoconfig
IPv6 AutoconfigIPv6 Autoconfig
IPv6 AutoconfigFred Bovy
 
Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Karunakant Rai
 
IPv6 Theory by Cisco
IPv6 Theory by CiscoIPv6 Theory by Cisco
IPv6 Theory by CiscoFebrian ‎
 
Cisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoCisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoFebrian ‎
 
Apnic-Training-IPv6_workshop
Apnic-Training-IPv6_workshopApnic-Training-IPv6_workshop
Apnic-Training-IPv6_workshopNguyen Minh Thu
 
IPv6 Transition,Transcición IPv6
IPv6 Transition,Transcición IPv6IPv6 Transition,Transcición IPv6
IPv6 Transition,Transcición IPv6Suministros Obras y Sistemas
 
IPv4 and IPv6
IPv4 and IPv6IPv4 and IPv6
IPv4 and IPv6RIPE NCC
 
IPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanIPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanJumping Bean
 
IPv6 introduction
IPv6 introductionIPv6 introduction
IPv6 introductionGuider Lee
 
I Pv6 Enabling Menog 0.4
I Pv6 Enabling Menog 0.4I Pv6 Enabling Menog 0.4
I Pv6 Enabling Menog 0.4Hussein Elmenshawy
 
interoperatbility between IPv4 and IPv6
interoperatbility between IPv4 and IPv6interoperatbility between IPv4 and IPv6
interoperatbility between IPv4 and IPv6Nitin Gehlot
 
Yeti DNS Project
Yeti DNS ProjectYeti DNS Project
Yeti DNS ProjectAPNIC
 
IPv6 on the Interop Network
IPv6 on the Interop NetworkIPv6 on the Interop Network
IPv6 on the Interop NetworkNetwork Utility Force
 
IPV6 Introduction
IPV6 Introduction IPV6 Introduction
IPV6 Introduction Heba_a
 
Ipv6
Ipv6Ipv6
Ipv6maha5960
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...gogo6
 
IPV6 addressing plan exercise-1
IPV6 addressing plan exercise-1IPV6 addressing plan exercise-1
IPV6 addressing plan exercise-1stupidbopols
 
Networking - TCP/IP stack introduction and IPv6
Networking - TCP/IP stack introduction and IPv6Networking - TCP/IP stack introduction and IPv6
Networking - TCP/IP stack introduction and IPv6Rodolfo Kohn
 

Contenu connexe

Tendances

Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorialkriz5
 
IPv6 address-planning
IPv6 address-planningIPv6 address-planning
IPv6 address-planningTim Martin
 
IPv6 Autoconfig
IPv6 AutoconfigIPv6 Autoconfig
IPv6 AutoconfigFred Bovy
 
Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Karunakant Rai
 
IPv6 Theory by Cisco
IPv6 Theory by CiscoIPv6 Theory by Cisco
IPv6 Theory by CiscoFebrian ‎
 
Cisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoCisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoFebrian ‎
 
Apnic-Training-IPv6_workshop
Apnic-Training-IPv6_workshopApnic-Training-IPv6_workshop
Apnic-Training-IPv6_workshopNguyen Minh Thu
 
IPv4 and IPv6
IPv4 and IPv6IPv4 and IPv6
IPv4 and IPv6RIPE NCC
 
IPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanIPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanJumping Bean
 
IPv6 introduction
IPv6 introductionIPv6 introduction
IPv6 introductionGuider Lee
 
interoperatbility between IPv4 and IPv6
interoperatbility between IPv4 and IPv6interoperatbility between IPv4 and IPv6
interoperatbility between IPv4 and IPv6Nitin Gehlot
 
Yeti DNS Project
Yeti DNS ProjectYeti DNS Project
Yeti DNS ProjectAPNIC
 
IPV6 Introduction
IPV6 Introduction IPV6 Introduction
IPV6 Introduction Heba_a
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...gogo6
 

Tendances (20)

IPv6-addressing-subnetting
IPv6-addressing-subnettingIPv6-addressing-subnetting
IPv6-addressing-subnetting
 
6421 b Module-04
6421 b Module-046421 b Module-04
6421 b Module-04
 
Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorial
 
IPv6 address-planning
IPv6 address-planningIPv6 address-planning
IPv6 address-planning
 
IPv6 Autoconfig
IPv6 AutoconfigIPv6 Autoconfig
IPv6 Autoconfig
 
Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Introduction to ipv6 v1.3
Introduction to ipv6 v1.3
 
IPv6 Theory by Cisco
IPv6 Theory by CiscoIPv6 Theory by Cisco
IPv6 Theory by Cisco
 
Cisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoCisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by Hinwoto
 
Apnic-Training-IPv6_workshop
Apnic-Training-IPv6_workshopApnic-Training-IPv6_workshop
Apnic-Training-IPv6_workshop
 
IPv6 Transition,Transcición IPv6
IPv6 Transition,Transcición IPv6IPv6 Transition,Transcición IPv6
IPv6 Transition,Transcición IPv6
 
IPv4 and IPv6
IPv4 and IPv6IPv4 and IPv6
IPv4 and IPv6
 
IPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanIPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 Lan
 
IPv6 introduction
IPv6 introductionIPv6 introduction
IPv6 introduction
 
I Pv6 Enabling Menog 0.4
I Pv6 Enabling Menog 0.4I Pv6 Enabling Menog 0.4
I Pv6 Enabling Menog 0.4
 
interoperatbility between IPv4 and IPv6
interoperatbility between IPv4 and IPv6interoperatbility between IPv4 and IPv6
interoperatbility between IPv4 and IPv6
 
Yeti DNS Project
Yeti DNS ProjectYeti DNS Project
Yeti DNS Project
 
IPv6 on the Interop Network
IPv6 on the Interop NetworkIPv6 on the Interop Network
IPv6 on the Interop Network
 
IPV6 Introduction
IPV6 Introduction IPV6 Introduction
IPV6 Introduction
 
Ipv6
Ipv6Ipv6
Ipv6
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
 

En vedette

IPV6 addressing plan exercise-1
IPV6 addressing plan exercise-1IPV6 addressing plan exercise-1
IPV6 addressing plan exercise-1stupidbopols
 
Networking - TCP/IP stack introduction and IPv6
Networking - TCP/IP stack introduction and IPv6Networking - TCP/IP stack introduction and IPv6
Networking - TCP/IP stack introduction and IPv6Rodolfo Kohn
 
IPV6 addressing plan exercise-2
IPV6 addressing plan exercise-2IPV6 addressing plan exercise-2
IPV6 addressing plan exercise-2stupidbopols
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesDon Anto
 
Mobile IPv6 course at CACIC 2006
Mobile IPv6 course at CACIC 2006Mobile IPv6 course at CACIC 2006
Mobile IPv6 course at CACIC 2006Rodolfo Kohn
 
Fred explainsi pv6-v2-alpha
Fred explainsi pv6-v2-alphaFred explainsi pv6-v2-alpha
Fred explainsi pv6-v2-alphaFred Bovy
 
IPv6 Addressing Fundamentals
IPv6 Addressing FundamentalsIPv6 Addressing Fundamentals
IPv6 Addressing FundamentalsRIPE NCC
 
IPv6 Addressing Plans and Subnetting
IPv6 Addressing Plans and SubnettingIPv6 Addressing Plans and Subnetting
IPv6 Addressing Plans and SubnettingRIPE NCC
 
IPV6 Addressing
IPV6 Addressing IPV6 Addressing
IPV6 Addressing Heba_a
 
Internet Protocol Version 6
Internet Protocol Version 6Internet Protocol Version 6
Internet Protocol Version 6sandeepjain
 
Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)Sri Prasanna
 
IPv6 networking training sduffy v3
IPv6 networking training sduffy v3IPv6 networking training sduffy v3
IPv6 networking training sduffy v3Shane Duffy
 
Lesson 3: IPv6 Fundamentals
Lesson 3: IPv6 FundamentalsLesson 3: IPv6 Fundamentals
Lesson 3: IPv6 FundamentalsMahmmoud Mahdi
 
Addressing IPv6
Addressing IPv6Addressing IPv6
Addressing IPv6Fastly
 
IPv6 Fundamentals
IPv6 FundamentalsIPv6 Fundamentals
IPv6 FundamentalsMatt Bynum
 
Fault tolerance in distributed systems
Fault tolerance in distributed systemsFault tolerance in distributed systems
Fault tolerance in distributed systemssumitjain2013
 

En vedette (18)

IPV6 addressing plan exercise-1
IPV6 addressing plan exercise-1IPV6 addressing plan exercise-1
IPV6 addressing plan exercise-1
 
Networking - TCP/IP stack introduction and IPv6
Networking - TCP/IP stack introduction and IPv6Networking - TCP/IP stack introduction and IPv6
Networking - TCP/IP stack introduction and IPv6
 
IPV6 addressing plan exercise-2
IPV6 addressing plan exercise-2IPV6 addressing plan exercise-2
IPV6 addressing plan exercise-2
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
 
Mobile IPv6 course at CACIC 2006
Mobile IPv6 course at CACIC 2006Mobile IPv6 course at CACIC 2006
Mobile IPv6 course at CACIC 2006
 
Fred explainsi pv6-v2-alpha
Fred explainsi pv6-v2-alphaFred explainsi pv6-v2-alpha
Fred explainsi pv6-v2-alpha
 
IPv6 Addressing Fundamentals
IPv6 Addressing FundamentalsIPv6 Addressing Fundamentals
IPv6 Addressing Fundamentals
 
I pv6 for cmu
I pv6 for cmuI pv6 for cmu
I pv6 for cmu
 
IPv6 Addressing Plans and Subnetting
IPv6 Addressing Plans and SubnettingIPv6 Addressing Plans and Subnetting
IPv6 Addressing Plans and Subnetting
 
IPV6 Addressing
IPV6 Addressing IPV6 Addressing
IPV6 Addressing
 
Internet Protocol Version 6
Internet Protocol Version 6Internet Protocol Version 6
Internet Protocol Version 6
 
Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)
 
IPv6 networking training sduffy v3
IPv6 networking training sduffy v3IPv6 networking training sduffy v3
IPv6 networking training sduffy v3
 
Lesson 3: IPv6 Fundamentals
Lesson 3: IPv6 FundamentalsLesson 3: IPv6 Fundamentals
Lesson 3: IPv6 Fundamentals
 
Addressing IPv6
Addressing IPv6Addressing IPv6
Addressing IPv6
 
IPv6 theoryfinalx
IPv6 theoryfinalxIPv6 theoryfinalx
IPv6 theoryfinalx
 
IPv6 Fundamentals
IPv6 FundamentalsIPv6 Fundamentals
IPv6 Fundamentals
 
Fault tolerance in distributed systems
Fault tolerance in distributed systemsFault tolerance in distributed systems
Fault tolerance in distributed systems
 

Similaire à Addressing plans

IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address Planningsmarthosein
 
12 steps for IPv6 Deployment in Governments and Enterprises
12 steps for IPv6 Deployment in Governments and Enterprises12 steps for IPv6 Deployment in Governments and Enterprises
12 steps for IPv6 Deployment in Governments and EnterprisesAPNIC
 
IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onAPNIC
 
On demand expansion of IPv6 address allocation size in legacy IPv6 space by T...
On demand expansion of IPv6 address allocation size in legacy IPv6 space by T...On demand expansion of IPv6 address allocation size in legacy IPv6 space by T...
On demand expansion of IPv6 address allocation size in legacy IPv6 space by T...APNIC
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
Tutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoTutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoAPNIC
 
Ipv6 neighbor discovery problems and mitigations
Ipv6 neighbor discovery problems and mitigationsIpv6 neighbor discovery problems and mitigations
Ipv6 neighbor discovery problems and mitigationsKarunakant Rai
 
IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)Juniper Networks
 
Americas Headquarters IPv6 Addressing White Paper IPv6 Introduction
Americas Headquarters IPv6 Addressing White Paper IPv6 IntroductionAmericas Headquarters IPv6 Addressing White Paper IPv6 Introduction
Americas Headquarters IPv6 Addressing White Paper IPv6 IntroductionScott Faria
 
IPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have ToIPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have ToGary Wilhelm
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsNetwork Utility Force
 
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityFernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityEdgeUno
 
IPv6_Unified_2011-07-12-.ppt
IPv6_Unified_2011-07-12-.pptIPv6_Unified_2011-07-12-.ppt
IPv6_Unified_2011-07-12-.pptBruno638059
 

Similaire à Addressing plans (20)

IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address Planning
 
12 steps for IPv6 Deployment in Governments and Enterprises
12 steps for IPv6 Deployment in Governments and Enterprises12 steps for IPv6 Deployment in Governments and Enterprises
12 steps for IPv6 Deployment in Governments and Enterprises
 
IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-on
 
On demand expansion of IPv6 address allocation size in legacy IPv6 space by T...
On demand expansion of IPv6 address allocation size in legacy IPv6 space by T...On demand expansion of IPv6 address allocation size in legacy IPv6 space by T...
On demand expansion of IPv6 address allocation size in legacy IPv6 space by T...
 
ARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities ReportARIN 36 IETF IPv6 Activities Report
ARIN 36 IETF IPv6 Activities Report
 
3hows
3hows3hows
3hows
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
Tutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoTutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demo
 
IPv4 adressing
IPv4 adressingIPv4 adressing
IPv4 adressing
 
Enabling IPv6 Services Transparently
Enabling IPv6 Services TransparentlyEnabling IPv6 Services Transparently
Enabling IPv6 Services Transparently
 
Ipv6 neighbor discovery problems and mitigations
Ipv6 neighbor discovery problems and mitigationsIpv6 neighbor discovery problems and mitigations
Ipv6 neighbor discovery problems and mitigations
 
IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)
 
Americas Headquarters IPv6 Addressing White Paper IPv6 Introduction
Americas Headquarters IPv6 Addressing White Paper IPv6 IntroductionAmericas Headquarters IPv6 Addressing White Paper IPv6 Introduction
Americas Headquarters IPv6 Addressing White Paper IPv6 Introduction
 
UNIT-2.pptx
UNIT-2.pptxUNIT-2.pptx
UNIT-2.pptx
 
PACE-IT: Introduction to IPv6 - N10 006
PACE-IT: Introduction to IPv6 - N10 006 PACE-IT: Introduction to IPv6 - N10 006
PACE-IT: Introduction to IPv6 - N10 006
 
IPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have ToIPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have To
 
Chapter13ccna
Chapter13ccnaChapter13ccna
Chapter13ccna
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
 
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityFernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
 
IPv6_Unified_2011-07-12-.ppt
IPv6_Unified_2011-07-12-.pptIPv6_Unified_2011-07-12-.ppt
IPv6_Unified_2011-07-12-.ppt
 

Dernier

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 

Dernier (20)

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 

Addressing plans

  • 1. Developing an IPv6 Addressing Plan Guidelines, Rules, Best Practice Ron Broersma DREN Chief Engineer SPAWAR Network Security Manager ron@spawar.navy.mil
  • 2. Introduction •  IPv6 deployment includes: –  obtaining a block of IPv6 addresses (a “prefix”) for your organization and its networks. –  establishing a plan for how those addresses will be assigned to your networks and subnets. •  Observation: Many plans have serious flaws –  usually takes about 3 times to get it right –  many plans include the same basic mistakes •  Goal of this presentation: –  not intended to be a comprehensive tutorial –  review the common mistakes, and the reasons behind them –  save everyone time and effort, by avoiding those mistakes •  less re-numbering –  take full advantage of the vast address space now available to us 16-Nov-2011 2
  • 3. The piece that has changed 16-Nov-2011 3 ISO 7 Layer Model Application Presentation Session Transport Network Link Physical Sockets TCP, UDP IP Mac Layer Internet Stack IPv6
  • 4. Address Structure •  Unicast addresses are structured as a subnetwork prefix and an interface identifier. 16-Nov-2011 4 Subnet prefix Interface ID (host part) Allocated through a hierarchy of registries, service providers, and sites (global unicast) Automatically assigned using stateless autoconfiguration, or statically, or with DHCPv6 Size of a given (sub)network is effectively not limited by the number of unique host values as was the case in IPv4 where a /24 (Class C) net can only have 254 hosts. /64 /128
  • 6. Example Allocation •  Your enterprise is allocated a Global Unicast Prefix* •  How do you assign xxxx and yyyy throughout your enterprise? 16-Nov-2011 6 2001 0DB8 xxxx yyyy Interface ID /32 /48 /64 2001:DB8::/32 * ”The default provider allocation via the RIRs is currently a /32.” (RFC 5375)
  • 7. Big mistake #1 •  Using other than /64 for subnets •  Some choose /120 •  Reasoning: –  “host” part is same size as in IPv4 (8 bits) –  /64 is wasteful –  the security guy wants to be able to enumerate all hosts by scanning the subnet, just like in IPv4 16-Nov-2011 7 2001 0DB8 xxxx yyyy /120
  • 8. IPv4 practice gets in the way •  Being conservative with addresses –  operating on the notion that addresses are very scarce •  Making the subnet mask long, to avoid waste. Examples: –  /30 for point-to-point links –  if you only have 10 hosts on a subnet, then allocate a /28 –  squeezing as many subnets as possible out of a /24 16-Nov-2011 8
  • 9. Making the paradigm shift •  You may be un-qualified to develop a final IPv6 addressing plan if you think: –  /64 for subnets is wasteful –  /64 for point-to-point links is wasteful –  /48 for small sites is wasteful 16-Nov-2011 9
  • 10. Subnets are /64 •  If you choose other than /64, the following things will not work: –  Neighbor Discovery –  Secure Neighbor Discovery –  Stateless Address Autoconfiguration (SLAAC) –  Microsoft DHCPv6 –  Multicast with Embedded-RP –  Mobile-IPv6 –  and many other things in the future •  Using other than /64 for subnets goes against: –  RFC 4291 “IPv6 Addressing Architecture” –  RFC 5375 “IPv6 Addressing Considerations” 16-Nov-2011 10
  • 11. Subnets are /64 16-Nov-2011 11 “For all unicast addresses, except those that start with the binary value 000, Interface IDs are required to be 64 bits long.” (RFC 4291) “Using /64 subnets is strongly recommended, also for links connecting only routers. A deployment compliant with the current IPv6 specifications cannot use other prefix lengths.” (RFC 5375)
  • 12. What about point-to-point links? •  Even if we finally agree that subnets are /64, some will argue that point-to-point links must be /126 (like an IPv4 /30) or /127. –  Can’t waste a whole /64 when you need only 2 addresses •  Best practice is to allocate /64 for point-to-point links –  whether you need 2 out of 2**64 or 200 out of 2**64, there’s not much difference in “waste” •  But what about that DoS problem from the ping-pong effect? –  This will not happen on a RFC 4443 compliant IPv6 implementation –  If you have a non-compliant device (Juniper), you can set the interface mask to /126 on the interface as a temporary workaround until your device is fixed, but you should still allocate a /64 for the link. –  Never use /127 (See RFC 3627), but also look at RFC 6164. 16-Nov-2011 12
  • 13. Mistake #2 •  Thinking you have to get the addressing plan right the first time –  Unless you have operational experience with IPv6 deployments and transition, you WILL get it wrong. –  Usually takes about 3 times to get it right. •  Thinking you can’t afford to re-address –  Since the first plan is probably a throw-away, you will have to re-address when you come up with a revised plan. 16-Nov-2011 13
  • 14. Iterative planning approach •  Assume the first plan is a throwaway –  Don’t put too much energy into it, because it is only temporary •  Do some initial limited IPv6 deployments based on the initial addressing plan –  testbeds –  public facing services •  Gain operational experience –  realize ways to improve the addressing plan –  interact with the community to get ideas •  Develop your next addressing plan –  put more energy into this one –  readdress the existing IPv6 infrastructure •  Do a wider deployment with the new plan –  internal servers, maybe clients. •  Iterate 16-Nov-2011 14
  • 15. Mistake #3 •  Trying to be too creative about how much address space to allocate to a “site” –  Thinking you need to allocate large amounts of space to large sites, and much smaller amounts to small sites •  Assuming that large allocations to small sites is wasteful –  Go back and review the slide on being stuck in the IPv4 conservation paradigm. 16-Nov-2011 15
  • 16. “Sites” get a /48 •  Here, the “site” field is 0x0000-0xFFFF –  That gives you 65,536 sites! –  That’s not enough? •  And each site get 65,536 subnets –  That’s not enough? Its like a “Class A” block of huge subnets. •  Standardize! –  It simplifies things administratively and operationally. 16-Nov-2011 16 2001 0DB8 “site” yyyy Interface ID /32 /48 /64
  • 17. Mistake #4 •  Justify “upwards”, rather than pre-allocate “downwards”. –  Requiring sites to develop documentation and justification for their address space requirements –  Allocating to those groups or sites based on that justification 16-Nov-2011 17
  • 18. Pre-allocation •  You can easily pre-allocate to the site level –  see slide on “sites get a /48” •  Within sites, addressing can align with existing subnet structure –  later, you may want to re-address your IPv4 networks (but don’t worry about that just yet). 16-Nov-2011 18
  • 19. Mistake #5 •  Host-centric allocation rather than subnet- centric –  Thinking that address allocation has anything to do with the number of hosts 16-Nov-2011 19
  • 20. Focus on subnets •  A /64 subnet has enough room for this many hosts: •  You don’t have to think about whether a subnet is large enough for all your hosts. •  You don’t have to worry about “growing” a subnet later if you get more hosts. •  Just focus on your network topology (links, subnets, VLANs, etc.) and align with that. 16-Nov-2011 20 18,446,744,073,709,551,616
  • 21. Once again 16-Nov-2011 21 When doing an address plan, a major driver in IPv4 was efficiency and conservation In IPv6, efficiency and conservation is NOT a major driver, but instead it is all about better alignment with network topology, accommodation of security architecture, and operational simplicity through standardization
  • 22. Other Considerations •  In IPv6, every interface has multiple addresses –  In IPv4, we thought of a “host” as having a single IP address •  Embedding IPv4 addresses in IPv6 addresses adds administrative burden and limits flexibility –  limited long term benefit, so don’t do it –  It is reasonable to copy just the “host” part of the IPv4 address into the IID (host part) of the IPv6 address 16-Nov-2011 22
  • 23. Other Considerations •  There is an opportunity to align the addressing plan with security topology, to simplify ACLs –  This is the type of thing you may start to incorporate into your 3rd version of your plan. •  Internal aggregation is not nearly as critical as aggregating route announcements to your ISP –  you can afford to carry a few thousand routes internally, but the Internet can’t afford to carry all your /48’s or longer. 16-Nov-2011 23
  • 24. Other Considerations •  Most of the context here has been for large enterprises that aggregate into a very few connections to one or two ISPs, and use “provider-independent” (PI) space. •  If you have a lot of small outlier sites that are single-homed directly to an ISP, have them get their address space from that ISP, known as “provider-aggregatable” (PA) space. 16-Nov-2011 24
  • 25. Adding structure or hierarchy •  Examples: – grouping of sites by •  region •  service delivery point – grouping of subnets within a site to align with •  IPv4 mapping •  routing topology •  security topology 16-Nov-2011 25
  • 26. Adding structure or hierarchy •  Recommendation: add grouping or hierarchy on nibble (4 bit) boundaries –  Aligns better with hex digits –  Aligns better with grouping in DNS PTR records •  Examples: –  /36 for regions •  16 regions with 4096 sites per region –  /44 for service delivery points •  16 customers per SDP, up to 4096 SDPs –  /52 to align with IPv4 allocations •  can map up to 16 allocations 16-Nov-2011 26
  • 27. Subnet numbering example •  You could just assign them incrementally –  0, 1, 2, 3, etc •  You could have them match some part of your existing IPv4 subnet numbers –  Like the 3rd octet of your subnets addresses, if you have a “Class B” and all your subnets are /24’s •  You may want to create some hierarchy, if you have separate enclaves or security zones or want to map to multiple existing IPv4 allocations. 2001 0DB8 1234 subnet Interface ID /32 /48 /64 0000 to FFFF
  • 28. Hierarchy Example •  Save the top 4 bits of the subnet number for mapping to IPv4 allocation (or other grouping) –  That’s a /52 •  Subnet numbers are then 000 to FFF –  4096 subnets per /52 (you only need 256, but 3 hex digits allows you to keep decimal notation) 2001 0DB8 1234 subnet Interface ID /32 /48 /64 0000 to FFFF
  • 29. Example Addressing Scheme •  Address the network for consistency between protocols –  Align VLAN number with 3rd octet of IPv4 address –  Align IPv6 “subnet number” with the above 16-Nov-2011 29 2001 0DB8 1234 subnet Interface ID 128 123 subnet host IPv6 IPv4 VLAN-id
  • 30. IPv6 Addressing Example Subnet IPv4 IPv6 Offices 128.123.1.0/24 2001:480:1234:1::/64 Computer Room 128.123.2.0/24 2001:480:1234:2::/64 DMZ (BR) 128.123.100.0/24 2001:480:1234:1100::/64 DMZ (FW) 128.123.101.0/24 2001:480:1234:1101::/64 fw-to-br 128.123.254.0/30 2001:480:1234:1000::/64 fw-to-ir 128.123.254.4/30 2001:480:1234:0000::/64 Notes: - Used subnet 000 for “infrastructure” links - /52 used to designate security zone (0 – trust, 1 – untrust) - IPv4 and IPv6 subnet numbers try to align, where possible (when IPv4 subnets are /24) - didn’t use /126’s nor /127’s for the point-to-point links
  • 31. Privacy Addresses (RFC 4941) •  Incompatible with many Enterprise environments –  Need address stability for many reasons • Logging, Forensics, DNS stability, ACLs, etc. •  Enabled by default in Windows –  Breaks plug-n-play because we have to visit every Windows machine to disable this feature. •  Just added in Mac OS X “Lion”. •  Ubuntu thinking about making it default. [Privacy addresses] are horrible and I hope nobody really uses them, but they're better than NAT. … Owen DeLong, Hurricane Electric 16-Nov-2011 31
  • 32. Living with Privacy addresses •  Where your clients support DHCPv6, use that to assign addresses –  No DHCPv6 client support in Windows XP, Mac OSX before 10.7 (Lion), etc. •  If all your Windows systems are in Active Directory, use GPO to disable privacy addresses •  Options for other systems: –  configure system to disable privacy addresses •  registry setting in Windows (see below) –  configure addresses statically on the hosts –  keep a historical record of all MAC address to IPv6 address mappings for every host, for correlation in IDS and forensics tools 16-Nov-2011 32 netsh interface ipv6 set privacy state=disabled store=persistent netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
  • 33. Additional Guides •  Preparing an IPv6 Addressing Plan •  IPv6 Address Design, a few practical principles 16-Nov-2011 33 http://www.ripe.net/lir-services/training/material/IPv6-for-LIRs-Training-Course/IPv6_addr_plan4.pdf http://www.txv6tf.org/wp-content/uploads/2011/09/Doyle-TXv6TF_09142011.pdf
  • 34. End of Addressing discussion
  • 36. What’s missing: IPv6 Operational Experience •  Lots of planning is underway –  transition planning –  address planning •  Much of this planning is done by individuals who have never touched an IPv6 packet •  Too much energy is being wasted on plans that are flawed, because they are not based on operational experience •  It is more important to turn on IPv6 now and start moving some IPv6 traffic, than it is to have a complete plan 16-Nov-2011 36
  • 37. Getting IPv6 experience •  Run IPv6 at home –  Get a tunnel from Hurricane Electric •  Get the IPv6 Certification from HE •  Managers: –  make sure your network engineers are doing the above, or something similar •  Run IPv6 in a testbed environment •  IPv6-enable just your public-facing services to start with •  Then you can start comprehensive planning 16-Nov-2011 37
  • 38. Go native •  “native IPv6” means “don’t use tunnels”. –  some confuse this term to mean IPv6-only, but that is not the case. •  Access to Legacy IPv4 networks and systems will be necessary for years to come. –  we need both IPv4 and IPv6 at the same time. –  IPv4 and IPv6 are not directly interoperable •  Use “dual stack” as the IPv6 transition mechanism –  can use translators in the interim, but NOT long term. goal is end-to-end native IPv6. 16-Nov-2011 38
  • 39. About translators •  Common scenario: –  Don’t IPv6-enable your actual public web site, but instead front-end it with an IPv6-to-IPv4 translator •  This is OK as an interim step, because of the extreme importance of IPv6-enabling the public Internet •  But the target is end-to-end native IPv6, so consider any such translators to be very temporary –  unless that translation device is already in the path for reasons unrelated to IPv6 transition 16-Nov-2011 39
  • 40. From a Microsoft talk… 16-Nov-2011 40
  • 41. IPv6 traffic percentage •  From a server perspective, what percentage of the Internet will try to reach you over IPv6 today? –  0.4% •  From a client perspective, what percentage of Internet traffic is IPv6, where everything at your site is IPv6-enabled: 16-Nov-2011 41
  • 42. Another event like World IPv6 Day? •  June 2012 •  You should plan to IPv6-enable your public facing services before then 16-Nov-2011 42
  • 44. END Any Questions? Contact me at: ron@spawar.navy.mil 16-Nov-2011 44