This document provides an overview of IPv6 and its implementation status at UNC. Some key points: - IPv4 addresses are exhausted, while IPv6 provides vast addressing space to support future growth. However, IPv6 deployment is still low, around 6% of networks. - IPv6 offers features like stateless address autoconfiguration, no ARP, and multicast addressing instead of broadcasts. - At UNC, IPv6 is enabled on limited campus VLANs and servers. Implementation focuses on dual-stack while addressing security, monitoring, and other issues. Slow expansion is recommended over the near term.

1. IPv6: We Care ….
So You Don’t Have To
Jim Gogan
Director, ITS Comm Tech/Networking
2011 CTC Retreat

2. Setting the Stage
• So, if you don’t care …. why are you here?
• Can you run right out after this and start using
IPv6 on campus? …… no
• Are there still lots of implementation issues?
…… yep
• Can you ask questions during the
presentation? …… it depends
• What were YOU doing on World IPv6 Day?

3. What is IP?
• Do I need to ask?
• Current predominant implementation: IPv4
– What’s wrong with IPv4?
– Addressing: 32 bits – the famous quad-dotted-
decimal notation (e.g. 152.19.145.93)
– Provides for 4,294,967,296 IP addresses
– Devices are statically configured for all necessary
information or use DHCP for all necessary
information

4. IPv4 Addresses Exhausted

5. Solutions for Addressing Addressing
• NAT?
– NO!! NAT is evil – NAT violates the end-to-end principle
that’s the foundation of the Internet – NAT sucks …..
• Large business failures?
– “Microsoft has managed to purchase 666,624 IP addresses
from the bankrupt Canadian company Nortel for $7.5
million.”
– Doesn’t scale unless the economy REALLY gets bad
• IPv6
– Bringing you a new address plan since 1998 (13 years ago!)

6. IPv6 Addresses
• 128 bit addresses instead of 32 bits
• Allows for
340,282,366,920,938,463,463,374,607,431,76
8,211,456 nodes
• 52 trillion trillion addresses per person in the
world
• “Allows for scalable, simple and easily
understandable addressing schemes” (pause
for chuckle)

7. IPv6 Addressing Format
• IPv6 address consists of 8 sets of 16 bit hex values, totaling
128 bits
– Ex: 2610:0028:3090:5001:dddd:7a76:9e51:aacc
• 16 bit hex values separated by colons
• Abbreviation is possible
– Can omit leading zeros
– Consecutive zeroes in contiguous blocks can be represented by
double colons
• Ex: 2610:0028:0000:3090:0000:0000:9e51:aacc becomes
2610:28:0:3090::9e51:aacc (ahhh … MUCH better …..)
• Network prefix like IPv4 CIDR – 152.19.145.0/24
• IPv6 network prefix has similar notation –
2610:28:3090:5001::/64

8. First Impression of IPv6 Addresses

9. What Else Does IPv6 Offer?
• No more broadcast addresses: IPv6 uses multicast instead
(oh, joy!!)
• SLAAC: Stateless Address Auto-Configuration
– Router advertises itself (Router Advertisement)
– Router provides IP address prefix info; host portion comes from
end station itself
– Uses ICMPv6 (all those sites blocking ICMP on systems --- one
word: don’t!)
– Still need DHCPv6 though and that presents other issues
• No router fragmentation (jumbo frames users take note!)
• No ARP – Neighbor Discovery Protocol instead (which also
uses ICMPv6 and multicast)

10. IPv6 Addressing Model
• Interfaces can have multiple addresses
• Addresses have different scopes
– Link-local
– Unique-local
– Global

11. Global (Unicast) Addresses
• Routable across the Internet
• Structured hierarchically to allow address aggregation
– 1st 32 bits: ISP (3 high level bits set to 001)
– Next 16 bits: Site Level Aggregator
– Next 16 bits: LAN designation
– Final 64 bits: Interface ID
• /48 network prefix allows for 65,536 LANs (subnets)
• So ….. All LANs have 64 bits of network prefix vs.
variable length network prefix of IPv4
• Ex: 2610:28:3090:5001:dddd:7a76:9e51:aacc

12. Unique-Local (Unicast) Addresses
• Analogous to RFC-1918 IPv4 private addresses
• Not routable on the Internet
• Represented by FD00::/8
• Not recommended to use BOTH Global and
ULA
– SAS (Source Address Selection) determines when
to use which address; ULA should talk to ULA and
Global should talk to Global; has issues

13. Link-Local (Unicast) Addresses
• Mandatory addresses used between IPv6
devices on the same link
• Automatically assigned by device on startup
• Not routed
• Begin with FE80::/10

14. Multicast Addresses
• Prefix of FF00::/8
• Second octet defines lifetime (permanent or
temporary) and scope
(node/link/site/organization/global)
• Used for Router Advertisements, DHCP, NDP,
multicast apps

15. So, How Much IPv6 Is Out There?
• Not much
– Maybe around .04-.08% of all Internet traffic
– Around 6% of all networks on the Internet advertise an
IPv6 network
• World IPv6 Day
– June 8th 2011
– Hundreds (wow!) of web companies and industry players
enabled v6 on their main websites for 24 hours
– Brought attention to the efforts; demonstrated what issues
there were; demonstrated what issues there weren’t
– UNC was a participant

16. IPv6 Status at UNC
• Not much
• Range:
– Campus: 2610:28:3090::/47
• Public: 2610:28:3090::/48
• On-campus only: 2610:28:3091::/48
– UNC HealthCare (Hospital): 2610:28:8000::/48
• NCREN has IPv6 routing enabled locally and with relevant
peers
• IPv6 disabled on CCI load
• Enabled on a small number of campus VLANs, but we still
had a presence on World IPv6 Day
– http://www.unc.edu was accessible by IPv6-only clients but
without IPv6 running on the web servers; how’d we do that?

17. Implementation Strategy
• Dual-stack!!! Run BOTH IPv4 and IPv6 on critical
infrastructure services, on servers that need IPv6
access and on limited number of clients that need
IPv6 (helps for testing and troubleshooting)
• Implement IPv6 records on DNS servers
– A records for IPv4; AAAA records for IPv6
– Campus BIND DNS servers in dual-stack mode
• Use static addresses or SLAAC for now (not good
long-term strategy); working on DHCPv6
deployment, but there’s ….. issues …..

18. Issues for Deployment
• Security
• Monitoring tools
• Security
• Measurement tools
• Security
• Security
• And …….

19. What We Learned Prepping for World
IPv6 Day
• FQDN references = good; quad-dotted decimal
references = bad
• Is all of your content local? (i.e. do you reference
off-site URLs for content?)
• Caching servers (impacted Facebook v6 pages)
• Multicast is VERY important and not trivial to
troubleshoot
• Windows prefers IPv6 over IPv4
• Solaris has ….. Issues
• Default RHEL ip6tables blocks DHCPv6 by default

20. But Wait, There’s More
• Router Advertisements
• DHCPv6
– Apple … finally …
– DUID (DHCP Unique Identifier)
• No longer required to be MAC address
• Issue with imaging systems
• More tunnels than the Swiss Alps
• IPv6 routing not in current “fluffy” code:
coming soon

21. Where Do We Go From Here?
• Slowly
• Don’t see near-term requirement for IPv6 client
access (other than troubleshooting server setups)
• First priorities: server resources that require
access from anywhere in the world (particularly
Asia)
– Talk to us first
– Harden up those servers
– Ask for static v6 addresses and register AAAA records
– Monitor usage carefully

22. Resources
• http://ipv6.unc.edu
• http://www.getipv6.info/index.php/Main_Page (ARIN IPv6
Wiki)
• http://ndtv701ipv6.net.unc.edu:7123/