IPv6@awt.be 5-6-7 october 2011 Belnet Workshop S. Vince – Information Systems Expert C. Zaccone – Network Systems Expert
Who’s AWT ?Agence Wallonne des Télécommunications : ICT public actor in WalloniaMain goals : Technology watch Advise PromoteTargets : SME Public sector Citizens
AWT IPv6 History2006 : Get our range (2001:06a8:3880::/48)2008 : All external services available Internal IPv6 on separate VLAN/SSID2009 : Dissemination to the public sector (tryout)2010 : Dual Stack services on DMZ Kick off Dual Stack LAN (for Users & Guest)2011 : Workstation OS Migration to Dual Stack
Why & How AWT goes v6•Why does AWT have been interested by IPv6 : Demonstration & Curiosity Innovative provider with dual-Stack support European involvement in next gen internet Since 2011, no more IPv4 !•1st Step (careful approach in 2008) : No impact on IPv4 production Priceless Deployment Recycling of old equipments (with new Firmware) Only 1 new Virtual Machine (Reverse-Proxy & Relay)•Actual situation (now, evolutional approach) : Dual-Stack Services Still using Reverse-Proxy for some old apps Issues for finding a good VPN alternative
Caveats & Observations•FW & Routers use 2 ACLs: 1st for v4 and 2nd for v6•Don’t use IP addresses when not necessary prefer hostname•Application server ACL must be adapted (subnet v4 <> v6)•When possible, use dual-stack on the same host Managingdifferent machines (one on v4, the other on v6) could be a mess•Is your management & statistic tools ready for v6 (AWstat, syslog, ...)•ICMP handling & role are not the same in v4 & v6•Your end-user is using v6 without know it : did you know ?•Appliance with v6 enable logo: do you get the same performance ?•Protocol fixup on some appliance are not v6 capable•Dual Stack is good (we think it’s necessary), but v6 only is not realist !
AWT GuidelinesTeam Work : IT & Net guys MUST be involvedGood understanding of IPv6 : IPv6 is more than a simple upgrade of IPv4; System migration, re-engineering, configuration must be assumedCheck compatibility issues : ISP readiness (Dual Stack vs 6to4, etc) Equipments (FW/SW/OS upgrade, renewing) Applications (upgrade, turn around, new code)Do a Proof of concept (before production phase)Get Certified (IPv6 Forum)Online Resources : IPv6 Cookbook: awt.be/ipv6