IPv6 in the Enterprise, an Outsider’s View by Mikael Lind at gogoNET LIVE! 3 IPv6 Conference


Published on

gogo6 IPv6 Video Series. Event, presentation and speaker details below:

gogoNET LIVE! 3: Enterprise wide Migration. http://gogonetlive.com
November 12 – 14, 2012 at San Jose State University, California
Agenda: http://gogonetlive.com/4105/gogonetlive3-agenda.asp

IPv6 in the Enterprise, an Outsider’s View
Abstract: http://www.gogo6.com/profiles/blogs/my-presentation-at-gogonet-live-3-ipv6-in-the-enterprise-and
Presentation video: http://www.gogo6.com/video/ipv6-in-the-enterprise-an-outsider-s-view-by-mikael-lind-at
Interview video: http://www.gogo6.com/video/interview-with-mikael-lind-at-gogonet-live-3-ipv6-conference

Mikael Lind - CTO, gogo6
Bio/Profile: http://www.gogo6.com/profile/MikaelLind

Learn more about IPv6 on the gogoNET social network
Get free IPv6 connectivity with Freenet6
Subscribe to the gogo6 IPv6 Channel on YouTube
Follow gogo6 on Twitter
Like gogo6 on Facebook

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

IPv6 in the Enterprise, an Outsider’s View by Mikael Lind at gogoNET LIVE! 3 IPv6 Conference

  1. 1. IPv6 in the Enterprise, an outsider viewThe very high level view • The outside • The insideDiving down • Actual deployment approaches© gogo6 2012 January 2010 2
  2. 2. The Very High Level View© gogo6 2012 January 2010 3
  3. 3. What do I need to do to myexternal resources?Nothing • If you are 100% sure all your website (or other services) users have good IPv4 access • If you feel no need to be prepared for some users not getting to your websiteMake your external facing servers IPv6 • Users might be running IPv6 • If you do business in Asia some might soon be IPv6 only • A web proxy might be all you need for now© gogo6 2012 January 2010 4
  4. 4. Adding IPv6 to websites can be easy • Most webservers do support IPv6 • A simple Apache server can be used as a proxy Listen [2001:db8:1000:f::3]:80 LoadModule dir_module modules/mod_dir.so LoadModule env_module modules/mod_env.so LoadModule include_module modules/mod_include.so LoadModule isapi_module modules/mod_isapi.so LoadModule log_config_module modules/mod_log_config.so LoadModule mem_cache_module modules/mod_mem_cache.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_http_module modules/mod_proxy_http.so ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / ProxyPreserveHost On • Load balancers are starting to offer IPv6 proxy functionality • Tracking and security likely going to be your biggest challenges© gogo6 2012 January 2010 5
  5. 5. Adding IPv6 to other serversOther externally facing servers that need IPv6: • E-mail • DNS • Other… depending on what you service up to external usersMight not be as easy as with the websites • DNS will likely have to be upgraded to support IPv6 • It has been supported for some time now • Alternative is to use separate servers for IPv6 • E-mail could be done using a relay server that takes inbound IPv6 e-mail and forwards to the actual servers • Outbound will be a completely different storyFirewall • Whatever firewalling that was done before has to be replicated for IPv6 • Separate proxy for IPv6 might be beneficial in this case© gogo6 2011 January 2010 6
  6. 6. What do I need to do internally?Nothing • If you are 100% that no one in the company needs to access anything IPv6Add IPv6 • Develop a plan for having IPv6 access available to users who might need it • Look at path forward to an IPv6 centric network • Roll out IPv6© gogo6 2012 January 2010 7
  7. 7. Deployment Approaches© gogo6 2012 January 2010 8
  8. 8. Deploying IPv6 in an EnterpriseLarge enterprise and government face similar challengesas small ISPs • A small enterprise will likely have more options • Security requirements are very differentNeed to provide IPv6 to a set of users and networksegments • Instead of enabling IPv6 throughout the network limited access might preferable • Access to IPv6 for remote users might also be importantIn addition to internal connectivity there is a need toprovide IPv6 to outside facing servers© gogo6 2012 January 2010 9
  9. 9. IPv6 Deployment Using TunnelingA large enterprise will need to connect individual userscertain network segments to IPv6 in order to accessexternal sources or to collaborate withcustomers/partners • In many cases a limited deployment to certain network segments or specific users will be preferable • Using a managed tunneling solution will provide control without requiring additional upgrades of the networkInstead of upgrading the whole infrastructure anenterprise can use managed tunneling to provide IPv6 ina controlled manner • Even when doing a more wide deployment of IPv6 a managed tunneling solution can prove to be a viable alternative • It offers a controlled rollout and will allow minimal changes to the existing network© gogo6 2012 January 2010 10
  10. 10. IPv6 Deployment Using Tunneling v6 in v4 tunnels Client Network IPv4 only networks Internet IPv6 only networks IPv4/IPv6dual –stack networks Servers Main office© gogo6 2012 January 2010 11
  11. 11. Dual Stack NetworkDeploying IPv6 throughout keeping IPv4 gives the bestsupport • Full access to both IPv4 and IPv6But creates extra overhead in the long run • Stuck running two network • Having to mix reduces the possibilities of designing around IPv6 and maximizing the use of it • Still the same issues with IPv4 address management© gogo6 2012 January 2010 12
  12. 12. IPv6 Deployment Using Tunneling v6 in v4 tunnels Client Network IPv4 only networks Internet IPv6 only networks IPv4/IPv6dual –stack networks Servers Main office© gogo6 2012 January 2010 13
  13. 13. IPv6 Centric Network with LegacyIPv4 SupportSome enterprise will benefit of moving to an IPv6centric environment • Since it is a managed environment it is possible • Large enterprise has the most to gain from an IPv6 only network as it can remove the issue of overlapping private networks and make integrating new networks in the future easierEven if most of the environment can be IPv6 only,support for IPv4 will be needed • Externally facing servers will need IPv4 • Some applications and services might be costly to replace and will need IPv4 to function • Some users and offices might need IPv4 to collaborate with the outside worldGoing IPv6 internally might add the need of an externalIPv6 access as well© gogo6 2012 January 2010 14
  14. 14. IPv6 Centric Network with legacyIPv4 support v6 in v4 tunnels Client Network v4 in v6 tunnels IPv4 only networks Internet IPv6 only networks IPv4/IPv6dual –stack networks Servers Main office© gogo6 2012 January 2010 15
  15. 15. Thank you.gogo6.com November 2012 16© gogo6 2012