IPv6 is rapidly becoming an important
network technology to service providers,
government agencies and enterprises.
Deployment of IPv6 requires new management strategies, practices and tools to enable deployment and effective operation.
Because most deployments of IPv6 will be in dual-stack networks that use IPv4 and IPv6 in parallel, the IPv4 management infrastructure will be extended for IPv6 for integrated IPv4-IPv6 operation. It will be
crucial for IPv6 deployments to be carefully
planned and managed to ensure successful
implementation and avoid significant
increases in management overhead. This
article provides some background information
on IPv6 deployment and management
strategies.
1. Managing IPv6 Deployments
by Jeffrey Wheeler and Ralph Droms
Abstract been a ‘hot topic.’ The management of
IPv6 deployments is not as simple an effort
for the deploying and managing of IPv6
infrastructures which has led in part
IPv6 is rapidly becoming an important
as extending existing IPv4 management to several vendor specific proprietary
network technology to service providers,
solutions to accommodate a longer IPv6 solutions and BCPs.
government agencies and enterprises.
Deployment of IPv6 requires new man-
address space. IPv6 is not just a single
new protocol but an entirely new technical • Requirements for additional institutional
agement strategies, practices and tools to knowledge in support staff
solution with many protocols and services
enable deployment and effective opera-
tion. Because most deployments of IPv6
being introduced. • Managing nodes’ transitions from IPv4
to IPv6 entities
will be in dual-stack networks that use IPv4 Hence the management of IPv6 is not
and IPv6 in parallel, the IPv4 management about managing a new network ‘feature’ or • Management and design strategies for
infrastructure will be extended for IPv6 for ‘functionality’ but about managing a funda- the new addressing structure, hierarchy
integrated IPv4-IPv6 operation. It will be mentally new IP paradigm truly supporting and attendant policies
crucial for IPv6 deployments to be carefully
planned and managed to ensure success-
end-to-end services with full mobility and
other advanced features. Eventually the • The introduction of additional DHCP
and DNS services for IPv6 and the
ful implementation and avoid significant focus will then be on network manage-
management of those
increases in management overhead. This ment tools becoming ‘IP agnostic’ which
article provides some background informa-
tion on IPv6 deployment and management
will introduce abstraction layers new to • Managing the coexistence of the IPv4
applications and developers of IP manage- and IPv6 security infrastructures
strategies. ment solutions.
• Tool visibility, insight and analysis into
Introduction IPv6 Network utilization specific to IPv6 traffic and uti-
lization that is a part of the whole IPv4/
Fulfilling many of the technical proph-
esies of the Internet’s near-past, IPv6 has
Management Strategy IPv6 traffic load and performance stats.
Regardless of the size or purpose of the
reached a high degree of importance and Creating a High Level IPv6
deployment of an IPv6 network, there will
credibility as well as has reached the fore- Management Strategy
be a workload increase on all staff from the
front of many discussion regarding NGN To address the complexities introduced by
architects to the administrators. Most initial
Architectures. The main driver behind the deployment of IPv6, a high level IPv6
deployments will be dual-stack based, in
the focus on IPv6 is the acknowledged management strategy should be devel-
which IPv6 is deployed in parallel with an
impending exhaustion of the IPv4 address oped before beginning an IPv6 deploy-
existing IPv4 network. Those dual-stack
space. The consumption of IPv4 address ment. The first step in that strategy is the
networks may, in fact, require more than
space has been accelerated by the rapid development of subject matter expertise
twice as much effort to manage as an IPv4
expansion of IP into mobile devices, NGN in IPv6 and IPv6 management in network
network, because the IPv6 network will es-
Enterprise and Service Provider infrastruc- operations staff. While IPv6 operates much
sentially be a parallel network that interacts
tures providing Play and 4Play services, like IPv4 and provides similar services, the
with the IPv4 network. The challenge in
as well as the rapid growth of virtualization. details are different, and operations staff
network management of these dual-stack
Service providers are also looking at IPv6 will need to learn those details to deploy
networks is to reduce the cost of operation
as a way of restoring end-to-end Internet and operate IPv6. An IPv6 management
as close as possible to the cost of running
service. At the same time, the DoD 2008 strategy will focus on appropriate stan-
an IPv4 network.
mandate for IPv6 readiness, along with dards for architecture and designs incor-
similar mandates from other countries and The introduction of IPv6 into an existing porating current RFCs and Drafts. Vendors
international organizations, has stimulated IPv4 infrastructure creates new complexi- can contribute to a strategy through shar-
development of IPv6 deployment solutions. ties for network management such as: ing experience and BCPs, and by provid-
Although network devices have had IPv6 • Managing the actual transition process ing management tools that offer:
since the late 10s, the focus on Network
Management for IPv6 has only recently
itself. The standards bodies have yet
to facilitate a standardized approach
• Handling the 128-bit IPv6 addresses
with multiple formats and expressions
CISCO PUBLIC
2. and allow for multiple datatypes in IPv6 transition management strategies and . The management of translators which
databases. transition architectures: will no doubt be deployed in the final
• Facilitate management of the expanded • Many, if not all, of the transition manage-
phases of the transition period.
address scoping and hierarchy intro- ment tools and processes will undergo Developing and Integrating an IPv6
duced by IPv6 evolutionary change as the IPv6 infra- Event Management Strategy
• The ability to manage multiple ad-
structures are moved from conception
to maturity.
It is assumed that the initial rollouts of
IPv6 management will focus largely on
dresses on each interface / sub-inter-
face including a mix of IPv4 and IPv6 • IPv6 management will support multiple
events as any additional processes and
methodologies for management of IPv6,
addresses (and evolutionary as well) transition
the harmonized IPv4/IPv6 environment
• Manage and provide for auto configura-
mechanisms for IPv6 like DSTM, SSTM,
NAT-PT…
and the transition aspects are developed.
tion Following are a number of key recommen-
• Manage the dual-stack deployments • Most of the efforts involved in manag- dations applicable to any new IPv6 hybrid
ing the IPv6 transition process and deployment:
fully
Managing the Transition
period will be new to the management
lifecycle established for IPv4 networks. • Determine and document what IPv6
events are key and critical to initial
Every network will have a transition period
during which IPv6 is deployed and tested • Separate data repositories specific to rollouts
before the IPv6 service is considered to
the transition period will need to be
created and managed. • Identify sources for all of the IPv6
be fully operational. Management of this events determined and categorize
transition includes the architecture of the The transition management will need to against available tools. For example:
IPv6 service, which may combine full IPv6 take into the account the most likely
o Are there available tools to manage
service to parts of the network with IPv6 phases that will be found in all Transition
these events?
transport over IPv4 where full IPv6 ser- Strategies:
vice is not required, accommodation of o Are there standard MIBs or propri-
1. Management of the Dual-Stack environ-
legacy devices and services that may not etary MIBs for these events?
ments
be upgradeable to IPv6 and integration of
o Is RMON supported for these
IPv6 capabilities into legacy management 2. Management of the integrated use of
events?
tools for management of the actual IPv6 tunneling solutions, which by default
deployment for the duration of the transi- then presents the IPv6 infrastructure as • Map the IPv6 events and the flow of
tion period. an overlay to the initial IPv4 transport; events to the identified tools. IPv6
and presents new scenarios for events as
There are a number of tacit assumptions
in most cases IPv6 will initially be run
that can be considered reality for most
IP NGN ARCHITECTURE THOUGHT LEADERSHIP JOURNAL - Q1 FY2010
3. tion: Given the relative immaturity of the
management designs and solutions,
the initial IPv6 management solutions
will no doubt be centralized and oper-
ated from a ‘command and control’
paradigm. Focus should be made
upon the need to move quickly to a
distributed environment with that new
IPv6 distributed management solution
integrated with other legacy solutions.
This rapid migration from a centralized
to a distributed management strategy
should be well documented and build
upon the lessons’ learned early in the
centralized deployment. Since the
IPv6 management strategy will include
the initial dual-stack deployments, and
that these dual-stack deployments will
eventually give way to native IPv6 the
management strategy implementation
in a dual-stack environment and as an must not be viewed as a closed canon but must keep in lockstep with the actual
overlay on the existing IPv4 transport as an evolving and living strategy. Initially IPv6 rollouts in network designs. Coor-
infrastructure. the strategy will have a total and exclusive dination is critical.
o Key is to separate the IPv4 events
IPv6 focus but must migrate to being IP
agnostic. Focusing initially on the goal of • Security Management consider-
from the IPv6 events ations for both IPv4 and IPv6 because of
being IP agnostic will present a scope (and
• Perform a gap analysis and identify any scope creep) that is so large that the effort
IPv6
new IPv6 events that will need addi- will not likely find completion. o Firewall updates for IPv6 secu-
tional tools not yet identified. rity strategy and reporting must be
IPv6 Management
• Integrate the initial toolsets and results
planned for and should address and
into a common reporting solution. Issues and Concerns incorporate impacts to both IPv4 and
IPv6. This of course assumes that the
• Create a Correlation solution to transfer
Within an overall IPv6 management
strategy there are key areas of technical
network architects and designers are
the intelligence from the IPv4 event working closely with the IPv6 security
detail that should be included in any initial
data to the IPv6 environment and the folk. Serious consideration must be
IPv6 management strategy and resulting
reciprocal. This will be a key aspect of given initially to hardware and network
task list. The areas listed below provide
the overall strategy and will be required designs that could exacerbate an al-
high-level identification of efforts that could
if the intent is to reduce the TCO and ready fragile and exposed IPv4 network
each launch a separate article in and of
mitigate admin’s time. infrastructure. Without a well-reasoned
themselves but for the sake of brevity we’ll
design the IPv4 infrastructure could be
• Consider the entire process as iterative. address them here in abbreviated form:
impacted and put at risk by any IPv6
Refine the IPv6 Event Management Strat- • Renumbering impact on ACL policies attack or penetration.
egy as each ‘lessons learned’ phase is and Reflexive ACL support strategy.
o Security exposure of IPv4 due to
passed. The refinement of the IPv6 Event Since IPv6 addresses do not follow the
the complexity and additional code
Management Strategy will go through sev- convention or model of IPv4 addresses
required to support iPv6. This expo-
eral large-scale changes as the infrastruc- any management application or report-
sure is not just limited to operational
ture moves from a dual-stack through to ing tool will require rewrites to the code
equipment but includes those manage-
the final IPv6 primary and native environ- base.
ment platforms and solutions that are
ment. The Event management strategy
• Distributed IPv6 management integra-
CISCO PUBLIC
4. being introduced to support IPv6 in o Coincident with IPv6 rollouts are ment solution for IPv6. Following are
dual-stack deployments. advanced network services and appli- some key elements included in this
cations. This mandates that a manage- Network Virtualization architecture:
o The introduction of new avenues for
ment strategy should focus on spoofing
security risks due largely to the inex- o Access Edge IPv6 strategy
attacks at all layers of applications and
perience of IPv6 of network admin and
services. o IPv6 transport strategy
design staff.
o ARP and DHCP attacks (mixed IPv4 o Core and Services IPv6 manage-
o Tools and processes that identify
and IPv6) should be assumed given the ment strategy
reconnaissance attacks by blocking
information to attacker at any and all
dual-stack architecture.
• The lack of ‘backward compatibility’ of
IPv4/IPv6 points. o Since initial IPv6 deployments will IPv6 management tool roll outs based
not be fully automated the IPv6 man- on legacy IPv4 code bases. Immedi-
o Enhanced policy management and
agement strategy should identify appli- ate demands for management tools
AAA management for IPv6 limiting the
cation layer attacks and rogue devices required for DoD and Federal IPv6
exploitation due to unauthorized ac-
and apps in the most automated way as compliance could lead to disparate
cess
possible. products under the same product
o Mitigate IPv6 routing information
and IPv6 routing protocol attacks and • IPv6 will place new and immediate
heading.
spoofing. Ensure that IPv6 routing
demands on syslog type solutions due
to ICMP changes for IPv6. ICMPv6
Summary
information is given the same security As seen, IPv6 poses considerable chal-
is new for IPv6. Traditional tools and
and management considerations as lenges to any network infrastructure and
home-grown scripts will need to be
IPv4 even though IPv6 traffic is moved management strategy. IPv6 Network
scrutinized for necessary changes to
initially over an IPv4 transport. Do not Management tools and solutions will
support IPv6. The level of effort put into
assume that since the transport most evolve slightly behind the standards as
this aspect of any IPv6 management
likely will be IPv4 that the transport will well as network equipment IPv6 features
solutions will be on par with the Y2K
not be a viable target. and functionalities. IPv6 instrumentation
efforts looking for issues deep in code.
roadmaps in products traditionally take 18
o Since IPv6 offers a radically new
and more complex header architecture • Assuming a dual-stack architecture- month plans. This pushes the impetus and
focus on separating management importance of IPv6 management initially to
the IPv6 management strategy must
strategies as if the IPv6 network were a scripting tools, CLI and existing IPv4 code-
identify header manipulation attacks at
virtualized network. Cisco provides a base tools. The evolution of IPv6 man-
the least.
well articulated ‘network virtualization’ agement solutions and tools will pace the
o Smurf attacks will always be a con- strategy with multiple BCPs that can migration from IPv4 to dual-stack to native
cern regardless of IPv4 and / or IPv6. be utilized to set up this initial manage- IPv6 implementations.
IP NGN ARCHITECTURE THOUGHT LEADERSHIP JOURNAL - Q1 FY2010
5. Americas Headquarters Asia Pacific Headquarters Europe Headquarters
Cisco Systems, Inc. Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV
San Jose, CA Singapore Amsterdam, The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and
Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst,
CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration
Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys,
MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise,
The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R)
Americas Headquarters Asia Pacific Headquarters Europe Headquarters
Cisco Systems, Inc. Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV
San Jose, CA Singapore Amsterdam, The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to
the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE,
CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation,
EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace,
MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase
Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R)