IPV6an introduction to transition planning                          Eduardo Coelho                         http://coelho.p...
TOPICS (1)• why    you have to plan before the deployment• the   framework• whats    wrong with ipv4?• dual   stack deploy...
TOPICS (2)• IPv6   addressing• DNS    settings delivery issues• legacy   devices• transition   protocols• security   conce...
WHY YOU HAVE TO PLAN    BEFORE THE DEPLOYMENT• acceptplanning as part of IT culture as it should always have been (ps: if ...
THE FRAMEWORK•a   simple framework for the changes • get    to know (conheça) • plan   (planeje) • test   (teste) • implem...
WHAT’S WRONG WITH IPV4• lack   of enough host addresses• NAT     issues and lack of end-to-end connectivity• note: you    ...
DUAL STACK DEPLOYMENT         PHILOSOPHY• ipv4   is not compatible with ipv6• thedeployment of ipv6 is meant to be made wo...
THE PLUG-AND-PLAY               PHILOSOPHY• plug-and-play   as a principle• that   makes ipv6 more plug-and-play• reduced ...
CHOOSING THE EQUIPMENTS• be   ready to update and test all your equipment• when buying new equipment, consider the updatin...
IPV6 ADDRESSING• global   unicast• link   local• unique    local• anycast, multicast, reserved   and special
DNS SETTINGS DELIVERY• llmnr• stateless   dhcp6 vs dns-ra• watch   for windows non-compliance to rfc6106• naming  is now m...
LEGACY DEVICES• identify   which devices wont be able to talk ipv4• identify   which devices wont be able to talk ipv6• ma...
TRANSITION PROTOCOLS (1)• there   a lot of transitional protocols, including some drafts• be   careful about equipment sup...
TRANSITION PROTOCOLS (2)• recommended       transitional protocols: • initial   transition: 6to4 (auto), teredo (auto, ipv...
SECURITY CONCERNS• rogue   routers• rogue   dhcp servers• sniffing• spoofing• tunneling   obfuscation
FINAL SUGGESTIONS• carefully   choose isp offering• define network-level addressing plan and enforce requirements• have   a...
REFERENCESUnique Local Address                     Internet powers flip the IPv6 switchhttp://en.wikipedia.org/wiki/      ...
Upcoming SlideShare
Loading in …5
×

2012 11-09 facex - i pv6 transition planning-

423 views
356 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
423
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

2012 11-09 facex - i pv6 transition planning-

  1. 1. IPV6an introduction to transition planning Eduardo Coelho http://coelho.pro.br
  2. 2. TOPICS (1)• why you have to plan before the deployment• the framework• whats wrong with ipv4?• dual stack deployment strategy• router advertisements and the plug-and-play philosophy• choosing the equipments
  3. 3. TOPICS (2)• IPv6 addressing• DNS settings delivery issues• legacy devices• transition protocols• security concerns• final suggestions
  4. 4. WHY YOU HAVE TO PLAN BEFORE THE DEPLOYMENT• acceptplanning as part of IT culture as it should always have been (ps: if you`re already there, great!)• your planning can act as a decision-making tool• including be ready to defend investment choices• documenting helps delegate and check compliance• feel you are on top of the changing environment
  5. 5. THE FRAMEWORK•a simple framework for the changes • get to know (conheça) • plan (planeje) • test (teste) • implement (implemente)
  6. 6. WHAT’S WRONG WITH IPV4• lack of enough host addresses• NAT issues and lack of end-to-end connectivity• note: you should pay attention to the opportunities that comes with ipv6 deploy
  7. 7. DUAL STACK DEPLOYMENT PHILOSOPHY• ipv4 is not compatible with ipv6• thedeployment of ipv6 is meant to be made world-wide in parallel to already functioning ipv4 networks• while the traffic on internet and intranets shift to v6, transition protocols will help most equipment to remain connected
  8. 8. THE PLUG-AND-PLAY PHILOSOPHY• plug-and-play as a principle• that makes ipv6 more plug-and-play• reduced router processing• better connectivity auto-healing• mobility is supported• multicast gains momentum
  9. 9. CHOOSING THE EQUIPMENTS• be ready to update and test all your equipment• when buying new equipment, consider the updating capabilities and the manufacturer update policies• watch for JITC (Defense Information Systems Agency/Joint Interoperability Test Command) compatibility• watch for ipv6ready compatibility (an ipv6forum initiative)• pay special attention to routers
  10. 10. IPV6 ADDRESSING• global unicast• link local• unique local• anycast, multicast, reserved and special
  11. 11. DNS SETTINGS DELIVERY• llmnr• stateless dhcp6 vs dns-ra• watch for windows non-compliance to rfc6106• naming is now more important than with ipv4, due to human difficulty manually handling ipv6 addresses
  12. 12. LEGACY DEVICES• identify which devices wont be able to talk ipv4• identify which devices wont be able to talk ipv6• makechoices based on the need for devices which wont operate with dual ip stack
  13. 13. TRANSITION PROTOCOLS (1)• there a lot of transitional protocols, including some drafts• be careful about equipment support• avoid transitional protocols when possible, due to security concerns (possible firewall traversal and datagram data obfuscation)• isps may offer dual stack connectivity or transparent tunneling
  14. 14. TRANSITION PROTOCOLS (2)• recommended transitional protocols: • initial transition: 6to4 (auto), teredo (auto, ipv4 nat support) • intrasite, initial transition: isatap • final transition: 4in6 (manual, rfc2473)• othertunnels: 6in4 (manual, broker based), 6over4 (requires ipv4 multicast, hard to comply), nat64 (translation protocol)
  15. 15. SECURITY CONCERNS• rogue routers• rogue dhcp servers• sniffing• spoofing• tunneling obfuscation
  16. 16. FINAL SUGGESTIONS• carefully choose isp offering• define network-level addressing plan and enforce requirements• have a clear plan for naming and dhcp• consider deprecating ipv4-only devices• prefer dual-stack devices
  17. 17. REFERENCESUnique Local Address Internet powers flip the IPv6 switchhttp://en.wikipedia.org/wiki/ (FAQ) Comparison of IPv6 support inUnique_local_address http://news.cnet.com/ operating systems 8301-1001_3-57445316-92/internet- http://en.wikipedia.org/wiki/Unique Local Unicast Addresses powers-flip-the-ipv6-switch-faq/ Comparison_of_IPv6_support_in_operhttp://tools.ietf.org/html/rfc4193 ating_systems IPv6-capable devices: Make sure theyDeprecating Site Local Addresses are ready Internet Protocol Version 6 Addresshttp://tools.ietf.org/rfc/rfc3879.txt http://www.techrepublic.com/blog/ Space networking/ipv6-capable-devices- http://www.iana.org/assignments/ipv6-IPv6 Support in Home Routers make-sure-they-are-ready/2522 address-space/ipv6-address-space.xmlhttp://msdn.microsoft.com/en-us/library/windows/hardware/ IPv6 Ready Logo Program Router Advertisement (radvd)gg463251.aspx https://www.ipv6ready.org configuration http://wiki.openwrt.org/doc/uci/radvdPrefix delegation IPv6: When do you really need tohttp://en.wikipedia.org/wiki/ switch? Does Win7 or W2K8 server supportPrefix_delegation http://www.zdnet.com/blog/networking/ RFC 6106? ipv6-when-do-you-really-need-to- http://social.technet.microsoft.com/Requirements for IPv6 Prefix switch/2444 Forums/en-US/ipv6/thread/Delegation 5757980a-5983-4efc-http://tools.ietf.org/html/rfc3769 Portal IPv6 NIC.br a5f3-27687b90fe41/ http://ipv6.brIPv6 Prefix Options for DHCP version 6 Delivering DNS via IPv6 Routerhttp://www.ietf.org/rfc/rfc3633.txt IPv6 http://www.itdojo.com/2011/05/02/ http://en.wikipedia.org/wiki/IPv6 delivering-dns-via-ipv6-router-IP Version 6 Addressing Architecture advertisements/http://tools.ietf.org/html/rfc4291 IPv6 transition mechanisms http://en.wikipedia.org/wiki/ IPv6_transition_mechanisms

×