Future proofing: Is IPv6 the safest bet

Like this? Share it with your network

Share

Future proofing: Is IPv6 the safest bet

  • 690 views
Uploaded on

With the proliferation of IP based devices there is a shortage of IP addresses so is this the right time to consider the move to IPv6? This session will outline the choices available to you as well as ...

With the proliferation of IP based devices there is a shortage of IP addresses so is this the right time to consider the move to IPv6? This session will outline the choices available to you as well as addressing the pros and cons of becoming and IPv6 trail blazer.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
690
On Slideshare
690
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
26
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Technology deployment in the early 1990’s was disjointed and most likely standalone technology. It was also unlikely that there were many changes, moved or adds to the environment. Networks were relatively flat and in the main were hard wired with static IP addresses. Recording of the environment was not a key requirement that businesses depended on.In the interim years, we have seen the evolution of flexible environments and data demands, fueled by DNS and DHCP, enabling our environment to be completely fluid with much greater levels of complexity.I
  • Due to compelling operational and cost efficiency benefits, networks are evolving from multiple disparate networks to streamlined converged IP networks. The core foundation of this converged network is the IP network. This network requires scrupulous management of all IP network components including DHCP servers whose job is to map static IP address assignmentsAnd DNS servers whose function is to handle domain name translationsThese clean, converged networks are still running messy, decentralized IP Address Management-networks have evolved, but for many organizations, their IPAM hasn’t.Ironically, many are still using the same recording methods we did almost 20 years ago, now with increased reliance and risk associated and far greater overheads. It is inevitable that all companies will have to deploy a management system in this critical technology area. The business gains are exponential….Approx 45% of all business are still using spreadsheets, home grown solutions or 1st gen IPAM to manage their IP address assignmentThe complexity that drives business today can be defined by it’s competitive advantage to the business.The incorporation of these processes and technologies lead to greater complexities. Businesses are continually revisiting their technology and processes looking for greater advantage. They are also taking on a “Service Oriented” approach to managing their networks to improve efficiencies and derive greater benefit to their external and internal clients.More often than not, enterprises today are disregarding the potential gains from the optimisation of IP Address management, DHCP and DNS. Considering that systems, processes and procedures are continually monitored and reviewed, it is surprising that these three mission critical services remain on freeware and in siloed deployments with little or no relationship to each other.The simple fact is that IP addresses are at the core of everything that we require to operate any company. All of our processes rely on these services to run their IT services. Services that extend out into the business, HR, Finance, warehousing, delivery, customer management, then we look internally to our security, governance and reporting. Question: How do organizations ensure that all of these core business functions are able to operate reliably without large teams manually operating them?
  • Simplified IPAM-Centralized and automated control over your IP Address Management functions:To assign, configure, deploy, monitor and audit IP addresses throughout your networkDNSDHCPAutomated & Integrated DDI FunctionsSingle intuitive user interfaceRecurring tasks for deployment and discoveryAPI/CLI extends inter-system automationAppliance solutions for simplified purchasing, management, maintenance of IPAM and/or DNS/DHCP functions.
  • Pro: Stateless AutoconfigIPv6 neighbor discovery (ND) supplants ARP and introduces the option for stateless automatic configuration in place of static IP addressing or DHCP (although both are still options under IPv6). Hosts configured for autoconfig (which is a default configuration on most platforms) automatically learn of the prefix(es) and router(s) present on the segment, and automatically address themselves as appropriate using EUI-64 addressing.
  • Draw: No More IP ScanningWith 264 possible host addresses per /64 prefix, performing a ping scan to detect devices is futile. From a security perspective, this is a boon for mitigating the automated spread of worms and enumeration attempts. On the other hand, it obsoletes an accounting mechanism on which many administrators have come to rely. It also increases the value of DNS servers to attackers.

Transcript

  • 1. Is this the right time to consider the move to IPv6?Martin Wellsted – Business development directorBT Diamond IP
    September, 2010
  • 2. IP Expo 2010
    With the proliferation of IP based devices there is a shortage of IP addresses so is this the right time to consider the move to IPv6? This session will outline the choices available to you as well as addressing the pros and cons of becoming and IPv6 trail blazer.
  • 3. What is IPAM?
  • 4. What is IP Address Management?
    IPAM= IP Address Management
    IP address inventory (Documentation)
    IP policy
    DNS = Domain Name Service
    Hostname to IP address translation
    Or IP address to hostname, etc.
    DHCP= Dynamic Host Configuration Protocol
    Automatic assignment of IP addresses to hosts / network devices
    IPAM
    Network
    DHCP
    DNS
  • 5.
    • Complete IPv4 and IPv6 Inventory
    • 6. Hierarchical view
    • 7. Policy based mgmt
    • 8. Automatic allocation
    • 9. Utilization display
    • 10. Overlapping space
    • 11. Discovery
    IPControl Functionalities
    • User defined device types
    • 12. Role-based access
    • 13. Device naming conventions
    • 14. Multi-interface
    • 15. Audit capabilities
    • 16. Discovery
    IPAM
    Address
    Management
    IPAM
    Block
    Management
    DHCP
    DNS
  • Why is IPAM important?
  • 28. Technology Evolution - Historical Overview
    Many disparate networks-static, flat environments
    Private lines
    Frame Relay
    ATM
    Internet
    Mobile
    Applications
    Storage
  • 29. Today’s Networks and IP Address Management
    All companies require IPAM
    No IP, No DNS = No Network
    • Unique IP addresses and valid DNS names critical to networks and business applications
    • 30. Growing number of devices (IPs) on the typical enterprise network
    • 31. Disparate DNS and DHCP Servers are difficult to manage
    • 32. CHANGE HAPPENS – New services, locations, acquisitions, markets affect IP assignments
    Total Reliance on IPAM
  • 33. BT Diamond IP Delivers Streamlined IPAM
    Increased functionality
    • Change control
    • 34. Auditing
    • 35. Multiple concurrent users
    • 36. Error-correction
    • 37. Naming policy enforcement
    Room to grow
    • VoIP, UCC and wireless networks have increased VLAN and subnet demand
    Improved workflow and automation
    • Importance of email between groups
    • 38. Manual configuration of spreadsheets and DNS/DHCP servers
    • 39. Streamlined workflow
    • 40. Automated configuration of DNS and DHCP based on initial IPAM assignment
    PLUS…Dedicated appliances
    • Simplified Management
    • 41. Enhanced Security
    • 42. Improved reliability
    • 43. Comprehensive coverage-full integration with IP address management (IPAM)
  • Should I consider IPv6?
  • 44. Assignment of Public IP Space
    IANA = Internet Assigned Numbers Authority
    Assigns public IP addresses to Regional Internet Registries (RIR)
    RIRs assign to Local Internet Registries (LIR) or companies directly
    Most LIRs are Internet Service Providers
  • 45. What‘s The Challenge?
    Last IANA IPv4 allocation: 05.06.2011
    Last RIR IPv4 allocation: 05.02.2012
    Projected remaining time until IANA and RIR exhaustion over time (1) 
    Projected IANA/RIR consumptions (2) 
    Source: ipv4.potoaroo.net
    06.09.2010
  • 46. IPv4 IP Space comes to an end....
    IPv4 addresses wear thin
    Dylan Bushell-Embling  |   October 19, 2010 | telecomseurope.net
    The world's supply of free IPv4 address space has fallen to below 5%, and is set to run out early next year, the Number Resource Organization (NRO) has warned.
    APAC internet registry APNIC has just been assigned two blocks of IPv4 addresses, leaving just 12 blocks remaining the NRO said. Each block is equivalent to 1/256th of the total IPv4 space of nearly 4.3 billion IP addresses. The final five will be distributed simultaneously to each of the regional internet registries, so only seven remain to be given out normally.
    The NRO said that at the current rate of exhaustion, the final five blocks of IPv4 addresses will be allocated in early 2011. “The pressure to adopt IPv6 is mounting. Many worry that without adequate preparation and action, there will be a chaotic scramble for IPv6,” the NRO said in a statement.
    More than 200 million IPv4 addresses have been allocated since January, when the proportion available hit 10%.
    APNIC said Asia Pacific would be particularly hard hit by the exhaustion of IPv4 addresses, because of the region’s rapid pace of growth. Around 45.9% of the IPv6 addresses allocated in the world last year went to the region.
    The world’s five regional registries are expected to allocate over 2,000 IPv6 address blocks this year – a 70% increase from 2009. This compares to just an 8% growth in IPv4 allocations for the year. The NRO said this indicated a strong momentum behind IPv6 adoption.
    Source: telecomseurope.net ; Orignal Author: Dylan Bushell-Embling
  • 47. What‘s The Challenge?
    IPv4
    32-bit number
    4,3*109 (billion)
    Presentation: Decimal (0-255), 4 digits, separator: Period
    Example: 68.109.23.126
    IPv6
    128-bit number
    3,4*1038 (undecillion)
    Presentation: Hexadecimal, 8 digits, Separator: Colon
    Example: 2001:0db8:85a3:08d3:1319:8a2e:0370:7344
  • 48. Management of IPv6 Address Space
    Management of IPv6 address space
    IPv4/IPv6 address inventory; transition planning
    Address assignment
    Autoconfiguration
    DHCPv6 (Dynamic Host Configuration Protocol) management
    Prefix delegation, IPv6 address assignment (stateful), IPv6 configuration initialization (combined stateful/stateless)
    Name Resolution
    DNS (Domain Name System)
    Maps hierarchical domain names to IP addresses
    pc.diamondip.com IN AAAA 3ffe:3328:4:3:250:4ff:fe5c:b3f4
    Maps IP addresses to domain names
    4.f.3.b.c.5.e.f.f.f.4.0.0.5.2.0.3.0.0.0.4.0.0.0.8.2.3.3.e.f.f.3.ip6.arpa. IN PTR pc.diamondip.com.
  • 49. IPv6 Pro’s
    Much Larger Address Space
    Virtually Unlimited Host Addresses per Prefix
    Stateless Autoconfig
    Automatic Link-Local Addressing
    No More IP Scanning
    With 264 possible host addresses per /64 prefix, performing a ping scan to detect devices is futile.
    From a security perspective, this is a boon for mitigating the automated spread of worms and enumeration attempts.
    No more need for NAT
  • 50. IPv6 Con’s
    Investment required in IPv6 enabled technologies
    Bleeding edge – not tried and tested in the real world
    Typing Long Addresses
    Requires the adoption of IP management software
    Requires the development of Policy and Practices
    No More IP Scanning
    It obsoletes an accounting mechanism on which many administrators have come to rely.
    It also increases the value of DNS servers to attackers.
    Mixed environments IPv4 & IPv6 could be difficult
  • 51. Is there an easy answer?
  • 52. Well .... Yes and No
    Yes – There are tools out there to help
    Yes – it lifts restrictions on IP space
    Yes – It improves security
    Yes - It improves simplicity
    No – You will have to invest
    No – You will have to develop new policies and working practices
    No – you will have to maintain dual environments for the foreseeable future.
  • 53. BT’s answerDiamond IP Software Suite
    IPControl
    Automated Address Block Allocation
    IP Address Capacity Management
    IP Subnets & Devices
    Complete IP Inventory
    Multi-vendor DHCP/DNS server configuration and management
    Network Services
    DNS and DHCP service
    Based on ISC products
    Full GUI support of options