• Save
The Case for IPv6: Paving the Way for the Internet of Things
Upcoming SlideShare
Loading in...5
×
 

The Case for IPv6: Paving the Way for the Internet of Things

on

  • 1,129 views

Presentation on IPv6 and the Internet of Things.

Presentation on IPv6 and the Internet of Things.

Statistics

Views

Total Views
1,129
Views on SlideShare
365
Embed Views
764

Actions

Likes
1
Downloads
0
Comments
0

5 Embeds 764

http://www.netuf.net 759
http://feedly.com 2
http://www.slideee.com 1
http://feeds.feedburner.com 1
http://utility234.rssing.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

The Case for IPv6: Paving the Way for the Internet of Things The Case for IPv6: Paving the Way for the Internet of Things Presentation Transcript

  • The Case for IPv6: Paving the Way for the Internet of Things www.netuf.net expert network architecture, engineering deployment and training twitter: @netuf © 2011 - 2014 Network Utility Force, LLC.
  • Who We Are / What We Do ● Founded in December of 2011, and headquartered in Atlanta, GA, Network Utility Force, LLC. (NUF) ● Created by highly experienced network and security architects ● Address complex and difficult infrastructure problems (wired and wireless), with an emphasis on design and deployment for international service providers, government agencies and large enterprises, including higher education institutions. www.netuf.net | 404-635-6667 | info@netuf.net © 2011 - 2014 Network Utility Force, LLC.
  • Expertise ● Architecture & Design ● Audit/recommendations ● Configuration ● BGP ● Data Center Design ● DNS ● Fabric Deployment ● IPv6 ● MPLS/GMPLS ● Optimization/Repair ● Peering ● SDN ● Security ● Training ● Virtualization ● Wireless and Wi-Fi © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Relationship with KINBER ● Architecture ● Design ● Lab Testing ● Configuration © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • It’s Not Just Our Prediction © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net http://www.potaroo.net/tools/ipv4/
  • Timelines Just Got Shorter! © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • IPv6 Enabled Networks (as of Today) © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net ripe.net
  • Waiting for IPv6 Traffic Myth © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • IPv6 is Faster © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net Lee Howard, IPv6 Performance Bonus: https://www.youtube.com/watch?v=Ftoy2tp4kDM
  • IoT Demands IPv6 © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • What are the Costs? ● See Lee Howard’s talks on IPv6 deployment costs (and costs of NOT deploying IPv6) (http://www.youtube.com/watch?v=vXf8ZIew1j0) ● A good estimate for the cost of renumbering existing devices to free up IPv4 space is $2.50/device ● Sale of an IPv4 address is likely to bring in $10-15 per address for the next year or two ● After ARIN free space run-out, each IPv4 address is likely to bring in twice that, $20-30, and up © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Paying for the Deployment ● Many institutions have large address allocations ○ Some math for an example institution that has a /16 (historically called a “Class B”) ○ /16 = 65,384 addresses ○ Let’s assume that by renumbering ¼ of that address space, that ½ of it will be freed ○ ¼ of 65,384 is 16,346 ○ ½ of 65,384 is 32,692 ○ It costs $2.50 to renumber 16,346 devices. 2.50*16346=$40,865 ○ At sale, addresses fetch $20 each. 20*32,692=$5,081,730 ○ Net proceeds: $5,081,730-$40,865=$5,040,865!!! ● © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Still Not Convinced? RFC 6540 - IPv6 Support Required for All IP-Capable Nodes - Given the global lack of available IPv4 space, and limitations in IPv4 extension and transition technologies, this document advises that IPv6 support is no longer considered optional. It also cautions that there are places in existing IETF documents where the term "IP" is used in a way that could be misunderstood by implementers as the term "IP" becomes a generic that can mean IPv4 + IPv6, IPv6-only, or IPv4-only, depending on context and application. © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • I’m Convinced; What’s Next? “Okay, my organization is convinced it’s time to begin IPv6 planning and deployment, what do I need to consider?” © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Best Practices The fundamentals haven’t changed a bit for IPv6, consider: • Security • Maintainability • Scalability • Performance • Flexibility © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Apply the Fundamentals What areas need the most attention? • Addressing plan • Interconnectivity • Bootstrapping/AAA • Security issues • Staff training • Transition © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net IPv4 vs IPv6 Length in Bits 32 128 Amount of Addresses 232 4,294,967,296 2128 340,282,366,920,939,463,374,607,431,768 ,211,456 Address Format Dotted Decimal 192.168.100.1 Hexadecimal Dynamic Addressing DHCP SLAAC/DHCPv6 IPSec Optional Mandatory Header Length Variable Fixed Minimal Packet Size 576 bytes (fragmented) 1280 bytes Header Checksum Yes No Header Options Yes No (extensions) Flow No Packet Flow Label
  • IPv6 Address Space is Vast ● “IPv6 uses a 128-bit address, allowing 2128, or approximately 3.4×1038 addresses, or more than 7.9×1028 times as many as IPv4, which uses 32- bit addresses.” (Wikipedia) ● That’s 340 Undecillion! ● Undecillion is a number with 36 zeros. ● We must change our thinking about how to allocate address space to meet our best practice goals © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Addressing Plan ● Depends on the type of network, the size of the network, and problem to be solved ● Points to consider ○ Documentation ○ Ease of troubleshooting ○ Aggregation ○ Standards compliance ○ Growth ○ SLAAC ○ Existing IPv4 addressing plan ○ Human factors © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Algorithmic Approaches ● Interop took an algorithmic approach to IPv6 numbering ● Encode every IPv4 address in your network in an IPv6 address ○ 10.10.10.10 (A0A0A0A) ○ 2001:DB8:A0A:A0A:: © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Interconnectivity ● Routing protocols have been updated, but the fundamental concepts remain the same ○ Run routing protocols such that they fail when the underlying transport fails ■ That means separate v4 and v6 protocols ○ For ease of management, configure IPv4 and IPv6 connectivity to follow the same paths ○ Also use the same routing policies whenever possible ● Ask your Internet traffic peers, suppliers, partners and clients to begin transporting IPv6 traffic © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Bootstrapping/AAA ● Some fundamental changes have been made to the bootstrap process to join an IPv6 network, all part of the Neighbor Discovery process ○ Router Advertisements (RA) – Tells potential clients about the routers and prefixes available on the network ○ StateLess Address Auto Configuration (SLAAC) ■ New in IPv6, allows a device to generate it’s own address ■ Supported universally ○ Dynamic Host Configuration Protocol v6 (DHCPv6) ■ Very similar to v4, can distribute address, DNS server, other information about the network ■ Good support, but far from universal © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Security Issues ● Use the same diligence you used for IPv4 ● Ask equipment vendors to support specific protections in IPv6 ○ RA-Guard – prevents an attacker from sending rogue RAs into the network and becoming a man-in-the-middle ○ DHCP-Shield – similar to RA-Guard in that it blocks fake DHCP servers from giving out false information ● Ensure equipment supports all IPv4 features you use in IPv6 as well such as ACLs, anti-spoof filtering (RPF), etc. Why should v6 be any different in these areas? ● Where firewalls are needed, ensure your choice of firewall supports v6 as well as v4. ● NAT is NOT a security feature and v6 doesn’t have it © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Transition Technologies ● 3 Types ○ Dual Stack ■ most common ■ Simply means running both v4 and v6 at the same time ○ Tunneling ■ Putting either IPv4 packets inside IPv6 packets or vice versa, depending on the situation ■ Can be useful to solve problems in certain areas, but in general, tunneling hurts performance and should be avoided when possible ■ Examples: 6rd, 6in4, 4in6, DS-Lite, MAP ○ Translation ■ Converting an IPv4 packet into an IPv6 packet or vice versa ■ Like in tunnels, can be useful in certain circumstances, especially for rapid deployment of IPv6 on public facing services such as web servers ■ Example: NAT64 © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Training ● Find an experienced organization to provide training ● Service providers require a different level of scalability and maintainability than enterprise, use a trainer that understands SP’s unique challenges ● Build a lab and experiment © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Lab Testing ● Build a lab ● Stock it with the identical equipment you have in the field ● Replicate identical configurations and software versions of what is in the field ● Can’t afford to buy all that equipment? ○ Make a vendor do it ○ Hire a consulting firm © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • © 2011 - 2014 Network Utility Force, LLC.
  • Conclusions ● IPv6 works in the real world ● There are challenges to implementing IPv6, but nothing show-stopping ● Much of the Internet’s content is reachable over IPv6 (and growing fast) including all of Google, FaceBook and 3000 other sites ● A much smaller percentage of Internet users have IPv6 connectivity (though this may change quickly with IPv4 depletion) © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Resources ● ARIN.net ● ipv6forum.com ● internetsociety.org/deploy360/ipv6 ● ipv6actnow.org ● Lee Howard, IPv6 Performance Bonus: ○ https://www.youtube.com/watch?v=Ftoy2tp4kDM ● Lee Howard, Total Cost of Ownership (TCO) of IPv6: ○ https://www.youtube.com/watch?v=vXf8ZIew1j0 ● ripe.net ● potaroo.net/tools/ipv4 ● gogo6.com ● netuf.net/p/ipv6.html (infographic) © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Questions © 2011 - 2014 Network Utility Force, LLC. www.netuf.net | 404-635-6667 | info@netuf.net
  • Brandon Ross CEO and Chief Network Architect bross@netuf.net 404-635-6667 Download this presentation now: © 2011 - 2014 Network Utility Force, LLC. Thank You www.netuf.net | 404-635-6667 | info@netuf.net