Adressing IPv6 strategy
 

Adressing IPv6 strategy

on

  • 1,842 views

New challenges, risks and implications for enterprises in addressing IPv6 subject.

New challenges, risks and implications for enterprises in addressing IPv6 subject.
Orange recommendations in building your company IPv6 strategy.

Statistics

Views

Total Views
1,842
Views on SlideShare
1,829
Embed Views
13

Actions

Likes
2
Downloads
60
Comments
0

2 Embeds 13

http://a0.twimg.com 12
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • presentation title
  • Transcript : We used to have charts in these presentations that would predict exhaustion at some point, around now. Now, what we need to look at how exhaustion going to ripple around the world. Once IANA ran out of addresses in January 2011, based on current consumption rates in each of the different regional registries, it's possible to have some rough predictions of when the regions are going to run out of their current allocations. Two important things to take out of this slide, one, it's hard to know with any form of precision when the addresses are going to go, but what it is possible to say is in what order the regions are going to run out of addresses. The current estimates have, the blue lines of Asia Pacific will happen probably some time this year, in the not too distant future, then we'll go to Europe and then North America and then there's a lag before Latin America and Africa run out of their addresses. The order is important. Asia Pac is, as expected, the area which is going to run out of v4 addresses first and second, the timing of when this address exhaustion is going to happen in the region is also pretty close. Often times, enterprise talk to us about, well, you know, what's the calendar, when is this going to impact me because right now we've run out of scarce resource,

Adressing IPv6 strategy Adressing IPv6 strategy Presentation Transcript

  • IPv6 December 2011
  • agenda
    • drivers
    • challenges
    • recommendations
    • services
  • section 1 enterprise drivers
  • external drivers IPv4 @ depletion governmental push mix of connectivity
  • IPv4 @ depletion
    • IP@ continuous demand
      • e.g.: Asian countries
        • 57% world population
        • 24% Internet penetration rate, ( +100 M users/y)
    • Internet registries policy (APNIC/RIPE/ARIN etc.)
      • preserve latest IPv4 resources
      • drastically change in allocation policy
      • difficult to get public IPv4 addresses
    • IPv6 natural choice for Internet growth
      • 3.4x1038 IP addresses
      • or 5x1028 IP@ for each of the 6.5 billions of people
    IPv4@ is depleted at worldwide level (IANA) first RIR depletion (Asia-APNIC): May 2011
  • IPv4 @ forecasts source: Geoff Huston, APNIC likelihood of exhaustion IANA APNIC RIPENCC ARIN LACNIC AFRINIC 100 90 80 70 60 50 40 30 20 10 0 Jan 2011 Jul 2011 Jan 2012 Jul 2012 Jan 2013 Jul 2013 Jan 2014 Jul 2014 Jan 2015 Jul 2015 close date
  • governmental push competitiveness and economical development
    • USA
      • federal agencies will move their public Web services to IPv6 by September 2012
      • request to support IPv6 internally and application IPv6 compatible
      • request to their partners to support IPv6 to exchange
    • China
      • Chinese incumbent IPv6 commercial trials launch in 2012; plan to retire IPv4 by 2015
      • partners asking for IPv6 compatibility
      • China Next Generation Internet (CNGI)
    • India
      • Department of Telecommunications IPv6 conformance request for service provider
      • call for 2012 deadline on IPv6 deployment
    • Japan
      • provider with strong IPv6 position
      • DSL service/video service
      • services starting to be cheaper with IPv6 in specific areas
    • Europe
      • action plan to push IPv6 adoption (May 2008)
  • mix of connectivity
    • IPv6 is developing and ISP introduces translation mechanism as well to rationalize remaining IPv4 addresses; on residential side, one public IPv4 address will be shared among several customers
    • enterprises should expect their customers, partners, suppliers and remote employees to have a mix of connectivity
    better served via end-to-end IPv6 connectivity
    • applications could work poorly or even not at all when one side uses a shared IPv4 address
    • customers/partners/suppliers may request IPv6 connectivity
    • need to develop IPv6 Internet presence
    IPv4 + IPv6 (dual stack) IPv6 IPv4 shared IPv6 + IPv4 shared IPv4 only cnx. heterogeneity IPv6 IPv4 used by ISP to rationalize latest IPv4@ NAT limitations issue
  • six internal drivers
  • public addresses
    • context: difficult to get new IPv4 @ block
    • need additional public addresses for new projects or extensions
      • shared IPv4 @ solution has caveats (performance, application, security)
      • enterprises using provider-independent (PI) addresses
        • IP @ reallocation
          • decrease scalability
          • short term heavy investment
      • enterprises using provider-aggregated (PA) addresses
        • provider will reach its limits for providing IPv4 @ (2012-2015?)
    • e.g.: customer needs additional public IP @ in 220 sites for partners (simpler than NAT, which would induce complexity and potential partner application restrictions)
  • security
    • IPv6 is on by default in major OS
      • Microsoft does not recommend disabling IPv6
    • security concern
      • IPv6 can be a backdoor on a secured IPv4 network
    • e.g.: Teredo (tunneling IPv6 over UDP)
      • internal users want to get P2P over IPv6
      • firewall just sees IPv4 UDP traffic
      • firewall control can be bypassed
      • unauthorized traffic can be received
      • inbound is allowed: hackers can penetrate
    • remote users/devices can be dual stack; does IPv4 IPSec VPN prevent inbound IPv6?
    • IPv6 control and protection will pass through its visibility and therefore integration
    IPv6
  • VPN environment
    • IPv6 can solve private architecture issues
      • addressing plan not always optimum
        • eliminate private addressing overlap between subsidiaries
        • private addressing (RFC 1918) becomes insufficient
      • facilitate network merge
      • renumbering and reallocation can be heavy tasks
      • invest in long-term solution
    • clean and easy network management
      • eliminates NAT issues and corresponding operational complexity
      • enables network simplification for large companies
      • provides unique host addressing
  • assessment and growth expertise
    • IPv6 is unavoidable
    • IPv6 planning/activation may require a lot of time
    • growth expertise reduces costs of integration
      • evaluate the use of IPv6 configurations and coexistence with IPv4
      • evaluate network and application-related performance
      • understand the impact on operations and support in production environment
    • e.g.: test and evaluate IPv6, to prepare for network consolidation
      • reduce costs of supporting two diverse networks
        • consolidation of technology, applications and vendors
        • reduction/elimination of duplicate or redundant tools, processes
        • offer additional services to support internal clients
  • machine-to-machine
    • IPv6 is the cornerstone of the “Internet of things”
      • an (almost) unlimited addressing capacity
      • advanced self-configuration capabilities
      • IP is ubiquitous and scalable
        • IPv6 is lightweight
        • IPv6-enabled sensor technology is already available
      • new services: more proactive, closer to the customer and aware of situation
  • internal drivers summary internal mandate technical leadership new project or extension OS with IPv6 and no IPv6 security addressing not optimal (overlap, limitation) network merge and simplification addressing capacity, self-configuration capabilities new services IPv6 planning and activation may require time reduce costs of integration IP@ need expertise readiness security M2M VPN issue IPv6
  • risks and implications if enterprises don't adequately address IPv6 now
    • remote users won’t be able to connect to the IPv4 corporate network
      • when on an IPv6 or IPv4 shared Internet service provider: IPSec will not be supported on provider NAT
    • missed business opportunities if your product does not support IPv6
    • IPv6-enabled devices (tablets, PCs, smartphones) connecting to the corporate network could create security concerns
    • inability to convey product information or accept orders from customers on Internet IPv6 (e-commerce, Website, extranet)
      • service provider potential translation only covers http, not secured or specific B2B protocol
    • if your partners/suppliers/customers migrate to IPv6, will you still be able to communicate or be authorized to continue working with them? (e.g., the U.S. federal agencies)
  • section 2 customer challenges
  • is it IPv6 time for enterprises?
    • maintain business continuity and growth during the evolution
    • assess IPv6 business impacts and opportunities
    • safeguard information security
    • ensure application and network readiness
    • need to be prepared and have a mitigation plan
    time to define an IPv6 plan www my site v6 only v4 only IPv4 sold out IPv6 available X OS IPv6
  • IPv6 integration challenge areas
    • IPv6 integration challenges vary from one organization to another
      • size, IT infrastructure, in-house software, various present technologies, policies, processes, future needs, etc.
    involve cross-functional ICT staffs security maintenance procurement application development process interface, chassis operating systems network monitoring management applications incl. in-house software servers firewall shared infrastructure services IP devices software hardware assessment assessments and planning training upgrade and configuration testing IPv4/IPv6 coexistence mgt. resource
  • section 3 our recommendations
  • Orange recommendations
    • define IPv6 plan
    • start integrating IPv6
      • smooth and progressive approach
      • based on defined integration objectives
      • part of your infrastructure lifecycle
    • no risk to integrate IPv6
      • IPv4 and IPv6 coexist
    • one-off migration of the whole infrastructure to IPv6 is often not realistic
      • technical and financial challenges
  • define IPv6 integration objectives
    • value of integration
      • ensure security
      • develop Internet IPv6-facing presence (commercial or leadership)
    • project goal
      • enhanced security with IPv6 support
      • make Website accessible from Internet IPv6
    • project scope
      • geographically, site types, services, elements
    • time dependencies
      • internal: e.g., other infrastructure projects
      • external: e.g., product readiness
    build a project team
  • IPv6 consulting go for a smooth and tailored transition
    • Orange Business Services can help you build your IPv6 strategy
    • IPv6 readiness assessment
      • understand the current situation (incl. applications)
      • define the level of effort to move to IPv6 (resources, HW, SW, etc.)
      • list the business advantages
      • build a vision on the way to go (technical challenges and architecture)
      • identify security risks and how to mitigate them
      • estimate project costs
    • go phase
      • identify project team
      • implement and manage project
  • section 4 our IPv6 strategy and network offer
  • Orange Business Services IPv6 strategy
    • deployed IPv6 in our IP VPN and Internet services (April 2009)
    • anticipate IPv4 @ depletion
    • support and create innovative services
    • leader in machine-to-machine
    • share IPv6 opportunities and challenges with customers
    • promote wider deployment and use of IPv6
    • stimulate the global innovation environment
    IPv6
  • IPv6 option with Orange VPN
    • flexible and without additional equipment
      • dual stack IPv4/IPv6 WAN interface for a smooth transition
      • native IPv6 implemented in our backbone: any-to-any connectivity
      • identical IPv4/IPv6 IPVPN service (same classes of service)
    • designed to facilitate the introduction of IPv6
      • site-by-site subscription
      • existing IPv4 VPN remains unchanged
    • worldwide availability: 130+ countries
    • first global provider on the global managed IP VPN market
  • availability and next steps
    • availability
      • Business VPN product
      • worldwide availability (+130 countries)
      • Internet in France
      • on Cisco Orange Business Services managed routers
      • leased line, SDSL, Ethernet access
    • roadmap and next steps (2011-2012)
      • Internet direct international (Q3 2011)
      • access types to ADSL
      • move towards full IPv6 industrialization and generalization
  • leader in IPv6 expertise with more than 15 years of IPv6 experience
    • 1994: member of IETF workgroups
    • 2002: deployment of a native IPv6 international commercial network “OpenTransitv6” (Asia, U.S., Europe)
    • 2004: first managed IPv6 customer network
    • 2008: Orange IPv6 program launch
    • 2009: IPv6 IP VPN launch; first global provider on the global managed IP VPN market
    • 2010: IPv6 consulting launch
  • please visit: www.ipv6.orange-business.com with IPv6 or IPv4 enterprise briefing please download: highlights #5 highlights #8 IPv6 factsheet
  • thank you Orange, the Orange mark and any other Orange product or service names referred to in this material are trade marks of Orange Personal Communications Services Limited. © Orange Personal Communications Services Limited. France Telecom Group restricted.