Your SlideShare is downloading. ×
ION San Diego - US Federal IPv6 Deployments
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

ION San Diego - US Federal IPv6 Deployments

116

Published on

Ron Broersma's slides for the "Advancing the Network: Where We've Been, Where We're Headed" panel at ION San Diego on 11 December 2012.

Ron Broersma's slides for the "Advancing the Network: Where We've Been, Where We're Headed" panel at ION San Diego on 11 December 2012.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
116
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. US  Federal  IPv6  Deployments   ION  San  Diego   11  Dec,  2012   San  Diego,  CA     Ron  Broersma   DREN  Chief  Engineer   SPAWAR  Network  Security  Manager   Federal  IPv6  Task  Force   ron@spawar.navy.mil  
  • 2. US  Federal  IPv6  Status  •  NIST  IPv6  Deployment  Monitor   hOp://fedv6-­‐deployment.antd.nist.gov/  11-­‐Dec-­‐2012   2  
  • 3. Looking  forward  •  What  is  the  incenSve  to  keep  the  pressure  on   aTer  the  deadline?   –  .gov  domains  will  not  be  renewed  if  that   organizaSon  has  not  met  the  mandates  for  IPv6   (and  maybe  DNSSEC  as  well).   –  Other  organizaSons  should  consider  similar   incenSves  11-­‐Dec-­‐2012   3  
  • 4. Top  Enterprise  Deployment  Challenges  •  Lack  of  IPv6/IPv4  feature  parity   –  taking  way  too  long  to  get  there  •  Vendors  not  eaSng  own  dogfood   –  but  this  is  starSng  to  change  •  Rogue  RAs  due  to  Windows  ICS   –  set  router  priority  to  “high”  as  workaround  •  Privacy  Addresses  (RFC4941)  break  address  stability   –  no  easy  way  to  centrally  disable  •  Lack  of  DHCPv6  client  support  in  older  OS’s  •  Network  Management  over  IPv6  not  quite  there  •  OperaSonal  Complexity  with  dual-­‐stack  11-­‐Dec-­‐2012   4  
  • 5. Keys  to  success  •  Clear  simple  achievable  vision  and  mandate,  with   deadlines,  from  the  top  (CIO)  •  Responsibility,  accountability,  and  authority  established   and  managed  at  the  execuSve  level  •  Public  reporSng  of  status  along  the  way,  both  internally   and  externally  •  Bring  in  experts  that  have  IPv6  operaSonal  experience,  if   you  don’t  have  it  organically  in  your  organizaSon.    •  Early  (and  consistent)  interacSon  with  service  and   technology  providers,  to  communicate  requirements.     –  and  be  willing  to  switch  providers  to  acquire  IPv6  support  •  Dual-­‐stack  support  from  ISP(s)  11-­‐Dec-­‐2012   5  
  • 6. Benefits  of  IPv6  today  (examples)  •  Addressing   –  can  beOer  map  subnets  to  reality   –  can  align  with  security  topology,  simplifying  ACLs   –  sparse  addressing  (harder  to  scan/map)   –  never  have  to  worry  about  “growing”  a  subnet  to  hold  new  machines   –  auto-­‐configuraSon,  plug-­‐n-­‐play   –  universal  subnet  size,  no  surprises,  no  operator  confusion,  no  bitmath   –  shorter  addresses  in  some  cases   –  at  home:  mulSple  subnets  rather  than  single  IP  that  you  have  to  NAT  •  Link  Local  address  on  every  interface  •  MulScast  is  simpler   –  embedded  RP   –  no  MSDP  •  Mobile  IPv6  is  cleaner/simpler  than  in  IPv4  11-­‐Dec-­‐2012   6  
  • 7. IPv6-­‐Only  Management  LAN  
  • 8. Management  over  IPv6  in  some  products   SSH DNS Syslog SNMP NTP RADIUS TFTP Flow Unified MIB CDP IPv6 No v4 HTTPS FTP export RFC4293 LLDP MTUCisco3 6Brocade1 9Juniper 5ALU 4A10 7Aruba 1.  Can’t  reboot  using  SNMP  over  IPv6   2.   .   3.   15.2(2)TR   4.   10.0R6  (Nov  2012)   5.   12.3R1  Nov  2012  (beta  in  August)   6.   ASR1K:3.7S  (July  2012)   7.   3.0  release,  2012Q4   8.  No  plans   9.  fix  planned  for  Apr  2013   11-­‐Dec-­‐2012   8  
  • 9. END  Contact  me:    ron@spawar.navy.mil  

×