Your SlideShare is downloading. ×

IPv6 is Taking Off!

1,284

Published on

Keynote from the 2012 Cisco Network Innovation Summit in Eschborn. IPv4 exhaustion and IPv6 transition is one of the most challenging technology transitions, the Internet and IT industry by and large, …

Keynote from the 2012 Cisco Network Innovation Summit in Eschborn. IPv4 exhaustion and IPv6 transition is one of the most challenging technology transitions, the Internet and IT industry by and large, have had to deal with. Although IPv6 has been specified almost two decades ago, its deployment and customer transition have not happened fast enough to be able to cope with the tremendous growth of the Internet and the exhaustion of IPv4 address space. Cisco is investing a tremendous amount of resources and intellectual capital in leading this transition with innovative technology, standardization leadership and its unparalleled knowledge of IP architectures and direct customer engagement.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,284
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
54
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IPv6 is taking offSteve SimloProduct Manager NOSTG, IPv6 High Impact Projectssimlo@cisco.com
  • 2. Agenda•  The global view / technology and market drivers……it’s not all about IPv4 address famine !•  Some myths surrounding IPv6 deployment……and some real data !•  IPv6 Migration Strategies….no one size fit’s all !•  Cisco’s own experience with IPv6…..what works for us today and where we are going•  Conclusion….places to find out more information© 2012 Cisco and/or its affiliates. All rights reserved. 2
  • 3. © 2012 Cisco and/or its affiliates. All rights reserved. 2010 Cisco Confidential 3
  • 4. Do I pay less ? NAT’s are good. Where is the RFC1918 gives me Any newWhere is the content? network? security, and IPv4 applications? Too much pain & address runout is no gain my ISP’s problem. Device User Enterprise ISP The network is not ready, Content users don’t care and I don’t want to risk a poor end- user experience today for potential gains tomorrow “A deadlock, stalemate, impasse; a roughly equal (frequently unsatisfactory) outcome to a conflict in which there is no clear winner or loser,” © 2012 Cisco and/or its affiliates. All rights reserved. 4
  • 5. Meanwhile …IPv4 run-out is very real IANA APNIC RIPE ARIN LACNIC AFRINIC Last /8 policy http://ipv6.he.net/statistics/ © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  • 6. The world will run out of IPv4 addresses in the next few years. Mobile devices are growing faster than the mobile subscribers that use them. By 2016 there will be 7.5 billion people... ...and 19 billion fixed and mobile-connected devices.© 2012 Cisco and/or its affiliates. All rights reserved. 6
  • 7. Companies around the world have come together to permanently enable IPv6 for their products and services. IPv4 vs IPv6 That’s one IP address for every 32-bit number 128-bit number drop of water on 4.3 billion addresses 340 undecillion addresses earth, 10 trillion fold. Devices can more easily connect to each other or the cloud while alleviating the growth limitations that come with the IPv4 address shortage.© 2012 Cisco and/or its affiliates. All rights reserved. 7
  • 8. Modern Devices Support IPv6•  Prefer IPv6 connectivity (RFC 5221)•  Use SLAAC/DHCPv6 and have Link Local Addresses (RFC 4862)•  Can run IPv6 over an IPv4 network under certain circumstances Tunneled over an IPv4 core, And/or on L2 segment•  Will try to use IPv6 if they receive a AAAA record from DNS•  Don’t always display IPv6 information (mobile devices)•  Use privacy addresses (RFC 4961)•  Modern browsers implement RFC 6555 (Happy Eyeballs)•  Use IPv6 link-local capabilities for plug and play protocols© 2012 Cisco and/or its affiliates. All rights reserved. 8
  • 9. Connections wont be limited to devices— everyday things will have IP addresses. When a vending Elderly patients can wear a Your network enabled car machine is running out small wireless device that will automatically turn on of product, it can monitors their heart condition. the air-conditioning in your automatically schedule In an emergency, healthcare house, when you’re on its own restock. providers would automatically your way home. be contacted.© 2012 Cisco and/or its affiliates. All rights reserved. 9
  • 10. © 2012 Cisco and/or its affiliates. All rights reserved. 2010 Cisco Confidential 10
  • 11. “When are you planning to deploy IPv6 in production” July 2010 March 2012 No plans 40% No plans 15%24 months 24 months12 months 12 months 6 months 32% 6 months 65%In Progress Done 0 10 20 30 40 50 60 0 10 20 30 40 50 60 © 2012 Cisco and/or its affiliates. All rights reserved. 11
  • 12. IPv4 CGN IPv4 sessions traverses Statefull NAT’s. Challenges for Content: Transparency to application, Location, Security Challenges for SP: CAPEX/OPEX of CGN due to statefulness© 2012 Cisco and/or its affiliates. All rights reserved. 12
  • 13. Portals/Social !"#$%"$#&()$&*& •  Facebook: 40 sessions%#!" •  Yahoo: 110 sessions •  Bing: 30%!!" •  G+: 30$#!" •  Wikipedia: 50$!!" •  Twitter : 20 #!" !" !"#$%"$#&()$&*& &()" *+)" &+,-"./0("/12(" %#!" %!!" $#!"VoD/TV Replay platforms:•  Canalplus : 70 sessions $!!"•  Pluzz.fr: 95 sessions #!"•  BBC : 45 sessions !" Peer to Peer: &(")*+," -&./")*+," •  Bittorent : 700© 2012 Cisco and/or its affiliates. All rights reserved. 13
  • 14. 30 10 15 20 NAT Sessions times millions of users Web 2.0 (ex: AJAX) Application Behavior Under Constrained NAT Resources© 2012 Cisco and/or its affiliates. All rights reserved. 14
  • 15. IPv6 DNS <AAAA, A> IPv4 CGN Restoring End to End© 2012 Cisco and/or its affiliates. All rights reserved. 15
  • 16. CGN Only 6rd + CGN 2011 2013 2015 2011 2013 2015 - CGN44 Capex and Opex is growing - CGN44 Cost is capped as Content driven by Subcribers growth, switches to IPv6. AND application complexity - 6rd cost does not increase much as a (session per user) function of # IPv6 users, AND Application complexity is transparent© 2012 Cisco and/or its affiliates. All rights reserved. 16
  • 17. IPv6 Estimated Adoption Timeframes 2010 2012 2014•  2010: Low Impact – Buying behavior shift IPv4/IPv6 limited to mandated and early adopters Co-existence IPv6 Government Globalization Mandate Deadlines Early •  2012: Mandates take effect – Globalization - Adopters WorldIPv6Launch - Massive Mobile deployment. Transition Transition to IPv6 forces customers to acquire Planning product or managed services to sustain business and customer reach •  2014: IPv6 is mainstream – customers without transition infrastructure experience reduced service levels, diminished customer reach IPv6 Business Impact – The Cost of Waiting Goes Up Low Risk© 2012 Cisco and/or its affiliates. All rights reserved. Moderate Risk High Risk 17
  • 18. 6lab.cisco.com/stats Jim Barksdale, •  ~80 % of Internet Core transit former Netscape CEO (top 5% AS’s) is IPv6 enabled •  ~ 35% of global Internet content/ Web pages are reachable over IPv6 •  ~1% of Internet users have IPv6 Great disparities across countries© 2010 Cisco and/or its affiliates. All rights reserved. 2012 Cisco Confidential 18
  • 19. 6lab.cisco.com/stats© 2012 Cisco and/or its affiliates. All rights reserved. 2010 19
  • 20. 6lab.cisco.com/stats© 2012 Cisco and/or its affiliates. All rights reserved. 2010 20
  • 21. http://6lab.cisco.com/stats/ IPv6 Transit AS IPv6 Enabled AS Definitions: “IPv6 Transit” implies current IPv6 transit to at least one other AS “IPv6 Enabled” implies a terminal node in IPv6 but Transit in IPv4 © 2012 Cisco and/or its affiliates. All rights reserved. 21
  • 22. 6lab.cisco.com/statsInternet Transit Content Users© 2012 Cisco and/or its affiliates. All rights reserved. 2010 22
  • 23. © 2012 Cisco and/or its affiliates. All rights reserved. 2010 Cisco Confidential 23
  • 24. 1-Enable Core •  Dual-Stack •  MPLS/6(v)PE IPv4 IPv6 Internet Internet Prosper phase: Today’s focus: W6L IPv6 only Infrastructure, Dual-Stack Core IPv4: Legacy Service6rd or Dual-stack access (ex: T-Mobile US, DT, China T., KDG)Residential IPV6 service Same for MSDC IPv4 Core Dual Stack Core Dual Stack Dual Stack Core Dual Stack Core 6rd BR LNS Core AFTR MAP BR NAT + NAT 6↔4 v6 Access v4 IPv6 Access MAP or DS-Lite IPv4 Access over (ex: DOCSIS 3.0) over 6rd or L2TP Network v4 Network v6 PE PE NAT CE CE CE CE Subscriber Subscriber Subscriber Subscriber Subscriber Network Network Network Network Network All IPv4 Carrier Grade NAT IPv6 Rapid FTTH DSL, Deployment Cable, DSL Native Cable, DSL IPv6-Only Access Network Mobile-LTE IPv6-Only Subscriber Dual Stack Preserve Prepare Prosper © 2012 Cisco and/or its affiliates. All rights reserved. For more info see: http://www.cisco.com/go/cgv6 24
  • 25. • 1- IPv6 Transit + CDN • 2- Full Spectrum Internet • 3- CGN Bypass • 4- LTE/4G + Mobile growth© 2012 Cisco and/or its affiliates. All rights reserved. 25
  • 26. !"#$%"$#&%$($")$& 1(#234)# %5#6.*)#47*#8(9#:*23(8;)<# =>?+#;)#27(:9@A()# &0#,()-./# %&,()-./# +,()-./# ()*# !"# $"# %!"# %$"# &!"# &$"# 65% of Cisco Enterprise Technology Advisory Board members will have IPv6 WEB sites by Q2 2013© 2012 Cisco and/or its affiliates. All rights reserved. 26
  • 27. ?*F+,# E+48+,6F5G# &H#IF4*#4,+#J.G##8,5-+,6#K# Internet Business D4)84*+# Continuity <+-5=+>?9#@AB?<C# B2C, B2B 7+)8.,#9*,4*+:;# 2/.34/5641.)# ()*+,)+*#+-./01.)# !"# $"# %!"# %$"# &!"# &$"# !"#© 2012 Cisco and/or its affiliates. All rights reserved. 27
  • 28. Outside – In•  Internet Evolution•  Business Continuity•  B2C, B2B IPv4 Enterprise IPv6 InternetInside – Out•  Globalization•  Technology Leadership•  Industry mandate•  BYOD-Security-Visibility•  Flatten management plane Dual-Stack Enterprise IPv4 Internet http://www.cisco.com/en/US/netsol/ns817/networking_solutions_program_home.html © 2012 Cisco and/or its affiliates. All rights reserved. 28
  • 29. a) Server Load Balancer b) Software Proxy c) Statefull NAT64 http reverse proxy Web Tier IPv4 IPv4 IPv4 IPv6 IPv6 IPv6 Internet Internet Internet IPv6 IPv6 IPv6 DMZ DMZ DMZ Apache ACE30 MSFT PortProxy ASR1000 ASA IPv4 IPv4 IPv4 Email Back-End WEB WEB VPN WEB IPv4-only Server IPv4-only Server IPv4-only Server © 2012 Cisco and/or its affiliates. All rights reserved. 29
  • 30. •  Life-Cycle management, depends on Timing and Use case •  Native/Dual-Stack where you can, Tunnels where you must IPv4 •  Security – Visibility – Management IPv6 •  IPv6 Host Configuration. Internet Branch Core - WAN DMZ WEB Services Email ..etc.. Services Campus Block Datacenter Block© 2012 Cisco and/or its affiliates. All rights reserved. 30
  • 31. Orderly Transition – Slow to dual-Stack all the way to user •  Dual-Stack Core – Network based Tunnel to connect island IPv4 •  ISATAP for IPv6 services to users… Design gotchas IPv6 •  Dual-Stack selected part of DC (server front-end) Internet Branch Core - WAN DMZ WEB Services Email ..etc.. Services ISATAP Campus Block Datacenter Block© 2012 Cisco and/or its affiliates. All rights reserved. 31
  • 32. End User and Service first - Challenging but Doable •  First Hop Security IPv4 •  Network based Tunnel to connect Islands IPv6 •  Dual-Stack selected part of DC (server front-end) Internet Branch Core - WAN DMZ AnyConnect WEB Services Email ..etc.. Services Campus Block Datacenter Block© 2012 Cisco and/or its affiliates. All rights reserved. 32
  • 33. BYoD Best Practice : Deploy Dual-Stack•  Life-Cycle management, depends on Timing and Use case•  Native/Dual-Stack where you can, Tunnels where you must IPv4•  Security – Visibility – Management IPv6•  IPv6 Host Configuration. Internet Branch Core - WAN DMZ WEB Services Email ..etc.. Services Campus Block Datacenter Block © 2012 Cisco and/or its affiliates. All rights reserved. 33
  • 34. IPv6 and BYOD AD/LDAP NCS ISE Prime ISE •  Client authentication and authorization MDM MgrCisco Prime•  Data collection and Reports•  Address management Cisco Catalyst Cisco WLAN Switches Controller ASA Firewall User X User Y CSM / ASDM WLC •  IPv6 Client Bridging iOS or Android Devices •  First Hop Security •  Mobility (7.2) •  Security and optimization (7.2) •  Client Management (7.2) •  VideoStream (7.2) © 2012 Cisco and/or its affiliates. All rights reserved. 34
  • 35. Solution: IPv6 Traffic Visibility IPv6 MIBs and host support IPv6/IPv4 Dual Stack Hosts NAM Traffic AnalyzerIntegrated Management & Reporting Console L2 Campus L3IPv6 Traffic Metering with NAM and IPv6 overFlexible Netflow, including tunnel IPv4 tunnel(export over IPv4)IPv6 SLA: E2E test, measurement IPv4(UDP-Jitter, UDP-Echo, ICMP Echo,TCP Connect) WANIPv6 Apps and Tunnel detectionwith NBAR2 ASA and IOS Tunnel Filtering© 2012 Cisco and/or its affiliates. All rights reserved. 35
  • 36. Know your end point with Cisco Prime38,98% of WiFi devices were Apple devices (13,53% iPhone, 7,28% iPad), 30,56% Intel devices45,4% are doing 802.11n (up to 144Mbps on 2,4GHz band), 37,25% are doing 802.11n(300Mbps / 5GHz), 13,88% are doing 802.11g (54Mbps / 2,4GHz), 3,47% are doing 802.11a(54Mbps / 5GHz) Example from IPv6 World Congress, Jan 2012© 2012 Cisco and/or its affiliates. All rights reserved. 36
  • 37. Multiple IPv6 addresses per client Up to 8 IPv6 Addresses are Tracked per Client.•  Support for many IPv6 addresses per client is necessary because: Clients can have multiple address types per interface Clients can be assigned addresses via multiple methods such as SLAAC and DHCPv6 Most clients automatically generate a temporary address in addition to assigned addresses.© 2012 Cisco and/or its affiliates. All rights reserved. 2010 37
  • 38. First Hop Security for wireless clients IPv6 802.11 IPv6 VLAN Ethernet CAPWAP Tunnel IPv6 RA 802.11Router Advertisement RA From Client DroppedGuard at the Access Point (Local and FlexConnect modes)DHCPv6 Server DHCPv6 AdvertisementGuard Blocked at the Controller.Undesired IPv6 IPv6 Source GuardAddresses/Prefix Drops Undesired Packets at Controller© 2012 Cisco and/or its affiliates. All rights reserved. 2010 38
  • 39. Solution: IPv6 First Hop Security802.1x and Port ACL IPv6/IPv4 Dual Stack Hosts•  Authorize Device•  Filter traffic on Layer 2 ports Access LayerPort Security:•  Prevents TCAM overflow L2NDP Address Gleaning•  Discover Address binding WLC 7.2•  Audit Trail IPv6 First Hop Security Suite•  Revoke inactive devices L3 Distribution LayerIPv6 NDP inspection•  Enforce Mac/IPv6 binding•  Prevents Neighbor Discovery spoofing Core Layer attacksIPv6 RA Guard / Throttler•  Stops Rogue Router Advertisement threats Dual-StackDHCP Guard WAN•  Prevent rogue DHCP server IPv6 uRPFSource Guard: Blocks spoofed traffic in hardware•  Stops traffic from un-authorized sources. © 2012 Cisco and/or its affiliates. All rights reserved. 39
  • 40. © 2012 Cisco and/or its affiliates. All rights reserved. 2010 Cisco Confidential 40
  • 41. IPv6 User Access @ Cisco•  Secured broad executive support•  Progress requires multi-functional teams – not just a networking problem•  Pursuing Outside-In and Inside-Out in parallel •  Coordinated equipment upgrades and software updates with fleet upgrade program •  Made sure common client configurations were tested •  Made operational changes e.g. IPv6-specific security mechanisms and monitoring solutions for IPv6 traffic•  To date •  Provided IPv6 access in approximately one-third of global offices – tunnel access for interim connectivity •  IPv6-enabled 100% of the core network •  Observed Happy Eyeballs (RFC 6555) in action •  Observed IPv6 attacks •  Monitor worldwide usage with 6lab.cisco.com/stats© 2012 Cisco and/or its affiliates. All rights reserved. 41
  • 42. © 2012 Cisco and/or its affiliates. All rights reserved. Dual stack topology 42
  • 43. Measure: Unique MACs with IPv6 LL address IPv6 global address IPv6 with global EUI address IPv4 global address Measurements de-duplicate privacy addresses In 6 months *: Dual stack-capable devices increased from 47.5% to 77.5% IPv6-using devices increased by 87.3% * Between IPv6 World Congress, Jan 2012 And Cisco Live US: June 2012 Dual stack capable : IPv4 global + IPv6 LL IPv6 using : IPv6 global http://blogs.cisco.com/borderless/ipv6-at-ciscolive-san-diego/© 2012 Cisco and/or its affiliates. All rights reserved. 43
  • 44. Model 1 - Proxy at Model 2 – SLB64 Model 3 – Dual Stack Internet Edge Web Servers Internet Internet Internet IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 www.cisco.com www.cisco.com www.cisco.com www.cisco.com www.cisco.com www.cisco.com AKAMAI AKAMAI AKAMAI DMZ Network, Security, Proxy DMZ Network, Security DMZ Network, Security Assurance Svc Assurance Svc Data Center Network Data Center Network Server Load Balancer (ACE) Server Load Balancer (ACE) Data Center Network Cisco.com Web Servers Server Load Balancer (ACE) Assurance Cisco.com Web Servers Cisco.com Web Servers Svc Assurance IdM, Authz Content IdM, Authz Content IdM, Authz Content Assurance Svc Svc Middleware App Platforms Middleware App Platforms Middleware App Platforms Database Database Database© 2012 Cisco and/or its affiliates. All rights reserved. 44
  • 45. www.cisco.com www.webex.com home.cisco.com© 2012 Cisco and/or its affiliates. All rights reserved. 45
  • 46. © 2012 Cisco and/or its affiliates. All rights reserved. 2010 Cisco Confidential 46
  • 47. Next Steps1.  Audit and Assess: determine IPv6 readiness and processes that need to be upgraded2.  Train and try: develop technical skills and best practices for your environment3.  Build a Transition Plan: create a strategy for transitioning your current network to support IPv6 1.  Deploy IPv6 dual stack: Progressively add IPv6 capability to IT infrastructure for a smooth transition, including network, end-points, security and applications 2.  IPv6 and BYOD: ensure IPv6 is included in any BYOD strategy, include security and visibility tools© 2012 Cisco and/or its affiliates. All rights reserved. 47
  • 48. •  IPv6 Education •  Training: IPv6 FD •  Certified Pro. CCIE/CCDE/CCDP/CCNA/CCNP •  CiscoLive, Conferences & Webinars •  Cisco Press •  IPv6 Knowledge Portal •  Comprehensive Advanced Services •  IPv6 Support Community •  IPV6 adoption Statistics •  Leading in Certification www.cisco.com/go/ipv6© 2012 Cisco and/or its affiliates. All rights reserved. 48
  • 49. Hurricane Electric, IPv4 exhaust http://ipv6.he.net/statistics/ IPv6 adoption statistics http://6lab.cisco.com/stats/ ISOC, World IPv6 Launch www.worldipv6launch.org Cisco IPv6 home page www.cisco.com/go/ipv6 Cisco IPv6 Knowledge portal http://www.cisco.com/web/solutions/netsys/ipv6/ knowledgebase/index.html Cisco IPv6 Support community https://supportforums.cisco.com/community/netpro/ network-infrastructure/ipv6-transition Cisco Blog IPv6 Tag blogs.cisco.com/tag/ipv6 Lippis Report Podcast http://lippisreport.com/2012/07/world-ipv6-day-marks- Interview - Alain Fiocco massive-transition-in-ip-addressing-what-it-means-to-you/ Certification, USGv6/IPV6RL Ph2 https://www.iol.unh.edu/services/testing/ipv6/ usgv6tested.php Tweeter #IPv6, @alainfiocco, @Deploy360, @TeamARIN LinkedIn Group http://www.linkedin.com Groups: IPv6, IPv6 Enthusiasts, IPv6Security© 2012 Cisco and/or its affiliates. All rights reserved. 49
  • 50. Winston Churchill What have you enabled IPv6 on today ?© 2010 Cisco and/or its affiliates. All rights reserved. 2012 Cisco Confidential 50
  • 51. Agenda•  The global view / technology and market drivers……it’s not all about IPv4 address famine !•  Some myths surrounding IPv6 deployment……and some real data !•  IPv6 Migration Strategies….no one size fit’s all !•  Cisco’s own experience with IPv6…..what works for us today and where we are going•  Conclusion….places to find out more information© 2012 Cisco and/or its affiliates. All rights reserved. 51

×