Your SlideShare is downloading. ×
0
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Tunnels and Translators and Proxies for Enterprise Deployment by Tony Hain at gogoNET LIVE! 3 IPv6 Conference

402

Published on

gogo6 IPv6 Video Series. Event, presentation and speaker details below: …

gogo6 IPv6 Video Series. Event, presentation and speaker details below:

EVENT
gogoNET LIVE! 3: Enterprise wide Migration. http://gogonetlive.com
November 12 – 14, 2012 at San Jose State University, California
Agenda: http://gogonetlive.com/4105/gogonetlive3-agenda.asp

PRESENTATION
Tunnels and Translators and Proxies for Enterprise Deployment
Presentation video: http://www.gogo6.com/video/tunnels-translators-and-proxies-for-enterprise-by-tony-hain-at
Interview video: http://www.gogo6.com/video/interview-with-tony-hain-at-gogonet-live-3-ipv6-conference

SPEAKER
Tony Hain - CEO, Hain Global Consulting

MORE
Learn more about IPv6 on the gogoNET social network
http://www.gogo6.com
Get free IPv6 connectivity with Freenet6
http://www.gogo6.com/Freenet6
Subscribe to the gogo6 IPv6 Channel on YouTube
http://www.youtube.com/subscription_center?add_user=gogo6videos
Follow gogo6 on Twitter
http://twitter.com/gogo6inc
Like gogo6 on Facebook
http://www.facebook.com/pages/IPv6-products-community-and-services-gogo6/161626696777

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
402
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IPv6 … Tunnels / Translators / Proxies 2012 gogo6 Tony Hain CEO Hain Global Consulting, Inc. tony@hain-global-consulting.comCopyright 2012 - Hain Global Consulting, Inc.
  • 2. Agenda• Transition goals• Tunnels• Translators• Proxies• Trade-offs• Wrap upCopyright 2012 - Hain Global Consulting, Inc.
  • 3. Transition goals• Decouple deployment dependencies – Applications : End system OS : Network topology• Allow application deployment at a business-needs rather than network-driven pace – Start early: before network needs force the issue• Minimize complexity – Avoid translation to the other version & back• Avoid addiction to transition technology – Long term the traffic should naturally flow awayCopyright 2012 - Hain Global Consulting, Inc.
  • 4. Tunnels• Logical overlay The Internet grew as a tunnel over the voice network• From the application perspective is virtually identical to dual-stack• Path MTU discovery important due to additional header• Tunnel asymmetry often worse than IPv4 path• Controlled vs. automated trade-offs• Firewalls often overlook/fail encapsulated pktsCopyright 2012 - Hain Global Consulting, Inc.
  • 5. Translators• IP header mangling intermediary• May need to be application-aware along entire path to also translate addresses embedded in data stream• Payload length concerns arise due to header length, and fragmentation rule differences• Daisy-chain (4-6-4, 6-4-6) will lose some context as IP options do not map identically• Lawful intercept may require per-connection 5- tuple/time loggingCopyright 2012 - Hain Global Consulting, Inc.
  • 6. Troubleshooting Connectivity Models Single Stack / Translated Traffic IPv6 End IPv6 End System Public IPv6 System Internet Public IPv4 Public IPv4 End System L L End System S S Private IPv4 N Public IPv4 N Private IPv4 End System Internet End System Dual Stack Traffic Dual Stack Public IPv6 Dual Stack End System Internet End System Public IPv4 InternetCopyright 2012 - Hain Global Consulting, Inc.
  • 7. Proxies• Protocol intermediary creating state- independent connections on either side – Application layer; semantic awareness – Socks5 layer; arbitrary applications, may pass udp – TCP layer; ‘appears’ to interlock state• Payload length may cause reassembly and/or a different number of packets on either side• If currently used for IPv4 security demarcation, it is a natural continuation, with the ability to do independent IP versions on either sideCopyright 2012 - Hain Global Consulting, Inc.
  • 8. Trade-offs• Deployment / placement of any or all is a local need’s-based decision• May be used in combination• Application awareness is a primary selection factor• Fundamental security models require audit-trail. Translators inherently break the audit-trail.Copyright 2012 - Hain Global Consulting, Inc.
  • 9. Bottom line ... There is no ‘one size fits all’ deployment model for the IPv4 Internet --- Sooooo ... There is no ‘one size fits all’ transition deployment technology or approach. Like it or not, multiple approaches will exist throughout the network until IPv4 is finally weaned out of the system. This will happen in the core faster than at the edge, just as it has with every other preceding network technology.Copyright 2012 - Hain Global Consulting, Inc.
  • 10. Wrap up• IPv6 deployment is about business continuity ...• Plan for a 3-5 year deployment timeframe• Transition tools are about decoupling dependencies• There is no one-size-fits-all transition model Get started now!Copyright 2012 - Hain Global Consulting, Inc.
  • 11. info@hain-global-consulting.com http://hain-global-consulting.comCopyright 2012 - Hain Global Consulting, Inc.
  • 12. Mental & Emotional preparation IPv4 to IPv6 transition and the stages of grief Denial Negotiation Acceptance Anger DepressionFor many, IPv4 knowledge is their justification ofvalue in the market. As demand for that knowledgewithers, and demand for the unfamiliar grows, peopleprogress through the stages of grief in a futile attemptto avoid the inevitable.Copyright 2012 - Hain Global Consulting, Inc.
  • 13. What does your organization value? Independent Thinking & Strategic Avoidance Safety of the pack Heroic RescueCopyright 2012 - Hain Global Consulting, Inc.
  • 14. Projecting RIR IPv4 pool depletion• IANA exhausted the central pool Feb. 3, 2011• APnic activated their ‘final /8 policy’ April 15, 2011• RIPE activated their ‘final /8 policy’ Sept. 14, 2012• ARIN slowed for awhile but has been picking up lately. RIR pool exhaust dates (zoomed) 8 7 6 RIR pool exhaust dates 5 afrinic 4 20 3 lacnic 18 16 2 apnic ripencc arin 14 1 12 0 10 8 6 arin 4 afrinic 2 apnic ripencc lacnic 0Copyright 2012 - Hain Global Consulting, Inc.
  • 15. Collective RIR IPv6 Allocations RIR -- IPv6 /32 equivalent allocations RIR - IPv6 allocation events 80 6 Thousands Thousands 70 5 60 Afrinic 4 Afrinic 50 Apnic Apnic 40 3 30 ARIN ARIN 2 20 Lacnic Lacnic 1 10 RIPE RIPE 0 0 RIR -- IPv6 /32 equiv. per year RIR -- IPv6 avg. /48 equiv. per allocation event 100 1000 Thousands Millions 10 100 Afrinic 10 Afrinic 1 Apnic Apnic 1 0.1 ARIN ARIN 0.1 Lacnic Lacnic 0.01 0.01 RIPE RIPE 0.001 0.001Copyright 2012 - Hain Global Consulting, Inc.

×