2012 11-09 facex - i pv6 transition planning-
Upcoming SlideShare
Loading in...5
×
 

2012 11-09 facex - i pv6 transition planning-

on

  • 431 views

 

Statistics

Views

Total Views
431
Views on SlideShare
431
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    2012 11-09 facex - i pv6 transition planning- 2012 11-09 facex - i pv6 transition planning- Presentation Transcript

    • IPV6an introduction to transition planning Eduardo Coelho http://coelho.pro.br
    • TOPICS (1)• why you have to plan before the deployment• the framework• whats wrong with ipv4?• dual stack deployment strategy• router advertisements and the plug-and-play philosophy• choosing the equipments
    • TOPICS (2)• IPv6 addressing• DNS settings delivery issues• legacy devices• transition protocols• security concerns• final suggestions
    • WHY YOU HAVE TO PLAN BEFORE THE DEPLOYMENT• acceptplanning as part of IT culture as it should always have been (ps: if you`re already there, great!)• your planning can act as a decision-making tool• including be ready to defend investment choices• documenting helps delegate and check compliance• feel you are on top of the changing environment
    • THE FRAMEWORK•a simple framework for the changes • get to know (conheça) • plan (planeje) • test (teste) • implement (implemente)
    • WHAT’S WRONG WITH IPV4• lack of enough host addresses• NAT issues and lack of end-to-end connectivity• note: you should pay attention to the opportunities that comes with ipv6 deploy
    • DUAL STACK DEPLOYMENT PHILOSOPHY• ipv4 is not compatible with ipv6• thedeployment of ipv6 is meant to be made world-wide in parallel to already functioning ipv4 networks• while the traffic on internet and intranets shift to v6, transition protocols will help most equipment to remain connected
    • THE PLUG-AND-PLAY PHILOSOPHY• plug-and-play as a principle• that makes ipv6 more plug-and-play• reduced router processing• better connectivity auto-healing• mobility is supported• multicast gains momentum
    • CHOOSING THE EQUIPMENTS• be ready to update and test all your equipment• when buying new equipment, consider the updating capabilities and the manufacturer update policies• watch for JITC (Defense Information Systems Agency/Joint Interoperability Test Command) compatibility• watch for ipv6ready compatibility (an ipv6forum initiative)• pay special attention to routers
    • IPV6 ADDRESSING• global unicast• link local• unique local• anycast, multicast, reserved and special
    • DNS SETTINGS DELIVERY• llmnr• stateless dhcp6 vs dns-ra• watch for windows non-compliance to rfc6106• naming is now more important than with ipv4, due to human difficulty manually handling ipv6 addresses
    • LEGACY DEVICES• identify which devices wont be able to talk ipv4• identify which devices wont be able to talk ipv6• makechoices based on the need for devices which wont operate with dual ip stack
    • TRANSITION PROTOCOLS (1)• there a lot of transitional protocols, including some drafts• be careful about equipment support• avoid transitional protocols when possible, due to security concerns (possible firewall traversal and datagram data obfuscation)• isps may offer dual stack connectivity or transparent tunneling
    • TRANSITION PROTOCOLS (2)• recommended transitional protocols: • initial transition: 6to4 (auto), teredo (auto, ipv4 nat support) • intrasite, initial transition: isatap • final transition: 4in6 (manual, rfc2473)• othertunnels: 6in4 (manual, broker based), 6over4 (requires ipv4 multicast, hard to comply), nat64 (translation protocol)
    • SECURITY CONCERNS• rogue routers• rogue dhcp servers• sniffing• spoofing• tunneling obfuscation
    • FINAL SUGGESTIONS• carefully choose isp offering• define network-level addressing plan and enforce requirements• have a clear plan for naming and dhcp• consider deprecating ipv4-only devices• prefer dual-stack devices
    • REFERENCESUnique Local Address Internet powers flip the IPv6 switchhttp://en.wikipedia.org/wiki/ (FAQ) Comparison of IPv6 support inUnique_local_address http://news.cnet.com/ operating systems 8301-1001_3-57445316-92/internet- http://en.wikipedia.org/wiki/Unique Local Unicast Addresses powers-flip-the-ipv6-switch-faq/ Comparison_of_IPv6_support_in_operhttp://tools.ietf.org/html/rfc4193 ating_systems IPv6-capable devices: Make sure theyDeprecating Site Local Addresses are ready Internet Protocol Version 6 Addresshttp://tools.ietf.org/rfc/rfc3879.txt http://www.techrepublic.com/blog/ Space networking/ipv6-capable-devices- http://www.iana.org/assignments/ipv6-IPv6 Support in Home Routers make-sure-they-are-ready/2522 address-space/ipv6-address-space.xmlhttp://msdn.microsoft.com/en-us/library/windows/hardware/ IPv6 Ready Logo Program Router Advertisement (radvd)gg463251.aspx https://www.ipv6ready.org configuration http://wiki.openwrt.org/doc/uci/radvdPrefix delegation IPv6: When do you really need tohttp://en.wikipedia.org/wiki/ switch? Does Win7 or W2K8 server supportPrefix_delegation http://www.zdnet.com/blog/networking/ RFC 6106? ipv6-when-do-you-really-need-to- http://social.technet.microsoft.com/Requirements for IPv6 Prefix switch/2444 Forums/en-US/ipv6/thread/Delegation 5757980a-5983-4efc-http://tools.ietf.org/html/rfc3769 Portal IPv6 NIC.br a5f3-27687b90fe41/ http://ipv6.brIPv6 Prefix Options for DHCP version 6 Delivering DNS via IPv6 Routerhttp://www.ietf.org/rfc/rfc3633.txt IPv6 http://www.itdojo.com/2011/05/02/ http://en.wikipedia.org/wiki/IPv6 delivering-dns-via-ipv6-router-IP Version 6 Addressing Architecture advertisements/http://tools.ietf.org/html/rfc4291 IPv6 transition mechanisms http://en.wikipedia.org/wiki/ IPv6_transition_mechanisms