Zivaro Inc, profile picture
Uploaded byZivaro Inc
1,157 views

Successfully Deploying IPv6

The document discusses strategies for successfully deploying IPv6, highlighting the need for a structured migration plan from IPv4, team collaboration, and ongoing training. It emphasizes the importance of treating the transition as a comprehensive program rather than a single project, while addressing challenges in routing, application compatibility, and security considerations. Additionally, the document offers guidelines for effective addressing, troubleshooting, and assessing current systems for IPv6 readiness.

Technology
Related topics:
Data Center Overview

Embed presentation

© 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Successfully  Deploying  IPv6   Presented  by  Sco8  Hogg,  CTO  GTRI   NANOG  On  The  Road  5  –  Orlando,  FL   February  24,  2015  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Dual Stack Migration Planning Pitfalls •  Training for IPv6 Deployment Success •  Addressing Challenges •  IPv6 Routing •  Dual-Protocol Applications •  Troubleshooting Dual-Protocol Networks Agenda  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Organizations using IPv4 today will add IPv6 as a separate protocol, run them in parallel for many years, then after many years, start to disable IPv4 IPv6  Planning  –  Dual  Stack  MigraNon   IPv4  Deployment   IPv6  Deployment   Time  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Failing to build a cross-function IPv6 deployment team –  Multidisciplinary, Collaborative, Cooperative •  Organizations need to treat IPv6 as a “Program” not just like a typical IT “Project” –  IPv6 transition is made up of many smaller projects that will span multiple years and cross the entire enterprise •  Regular/Frequent meetings are key to maintaining pace •  Just like anything, executive buy-in and support is essential IPv6  Planning  PiOalls  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t try to look at everything, identify devices requireing IPv6 •  Focus your efforts on the Internet perimeter –  Look at every device in the transmission path (IPS, WAF, web proxy, DLP, …) •  The good news is you have waited to deploy IPv6 –  Now most IT products come standard with IPv6 capabilities •  Don’t be concerned about an IPv4-only management plane – that will come later •  Some devices may remain IPv4-only until they die Performing  an  IPv6  Readiness  Assessment  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assume your IT organization has not taken the initiative to immerse themselves in IPv6 •  People need to be trained early in the process, but not too early that they forget what they learned –  Train “just in time”, not years before an IPv6 address is actually configured on a production device •  Train for different skillsets (appdev, sysadmin, net admin, sec admin, helpdesk, PMs, …) •  Much of your IPv4 experience is applicable to IPv6 •  Don’t fear the larger addresses – Learn to “Think in Hex” Training  for  Success  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  IPv4-Think is dangerous when planning IPv6 addressing –  Crazy Talk: Using decimal #s, embedding VLAN #, IPv4 address converted to hex •  There is no scarcity of IPv6 addresses –  If there is no scarcity, there can be no waste –  Don’t try to assign only the minimum-needed prefix length –  Plan for the number of subnets, not the number of hosts •  Perform addressing for simplicity and ease of management –  Don’t be concerned about lots of reserved space IPv6  Addressing  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Don’t force levels of hierarchy that are not needed •  Use standard prefix lengths: /48, /56, /64 •  Use nibble-boundary – don’t use /50, /57, /65, … •  Consistency between sites can increase operational efficiency, however, not every site needs the same addressing plan –  Branches need a different plan than a data center “site” •  Stick with Global Unicast Addresses (GUA) 2000::/3 •  Avoid Unique Local Addresses (ULA) FC00::/7 IPv6  Addressing  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  IP addressing and routing go hand-in-hand •  All IP routing protocols have IPv6 capabilities •  Separating control plane for two data planes can be desirable –  Establish BGP peer over IPv4 TCP 179 for sharing IPv4 routes –  Establish BGP peer over IPv6 TCP 179 for sharing IPv6 routes •  Don’t forget to use a 32-bit RID to the IPv6 routing process •  Peering using global (preferred) or link-local addresses •  Consider using locally-administered link-local addresses –  fe80::cccc:0001, fe80::dddd:0002, … •  Type carefully – don’t fat-finger the address IPv6  RouNng  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Assessing current code for IPv6-capability –  Most applications are not creating socket-level connections –  Most applications use higher-level APIs or rely on lower-level web services for connectivity •  Create code that is Address-Family (AF) independent •  Presentation-to-Numeric (p2n) & Numeric-to-Presentation (n2p) –  Robustness principle: Be conservative in what you send, be liberal in what you accept •  Be careful of data structures for storing 128-bit addresses •  Create code that performs dual-protocol DNS resolution and incorporates Happy Eyeballs (RFC 6555) •  Write code that properly handles Path MTU Discovery (PMTUD) Dual-­‐Protocol  ApplicaNons  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Understand how IPv4 and IPv6 are different in terms of networking (NDP, extension headers, dynamic tunnels, …) •  Don’t deploy IPv6 if you lack the products to secure the protocol •  Don’t be overly worried about IPv6 NDP security weaknesses –  You haven’t secured your IPv4 LANs either –  https://community.infoblox.com/blogs/2015/02/10/holding- ipv6-neighbor-discovery-higher-standard-security IPv6  Security  ConsideraNons  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Even if you do not deploy IPv6, there could still be IPv6- related issues that you must deal with. •  You now have IPv6-enabled nodes in your environment. •  Using a disciplined troubleshooting methodology will pay dividends when dealing with multi-part problems. •  Troubleshoot IPv6 in segments (LAN1, WAN, LAN2) •  Troubleshooting NDP requires a magnifying lens. –  You may need to break out the protocol analyzer –  Looking for an IPv6 needle in a haystack of IPv4 TroubleshooNng  Dual  Protocol  Networks  
© 2015 Global Technology Resources, Inc. All Rights Reserved. TroubleshooNng  Dual  Protocol  Networks   Applicatio n Layer Transport Layer Internet Layer Link Layer IPv4 IPv6 ARP ICMP IGMP TCP UDP SCTP HTTP(S)   SSH   SMTP   TFTP   DHCP   DNS   SIP   WebRTC   TLS/SSL   SNMP   BGP   DCCP T1/E1/T3/E3 SONET SDH ICMPv6 NDP MLD Ethernet Wireless
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Ping (ping6) (by name, by IP address, in both directions, specify source address, 1500-byte MTU) –  Linux: ping6 -I eth0 fe80::1 –  Windows: ping fe80::1%12 –  Cisco: ping fe80::1%GigabitEthernet0/0 –  ping -l 1500 2001:db8:dead:c0de::1 •  Traceroute (traceroute6), tracert •  Tcptraceroute6 (www.remlab.net/ndisc6/) •  Microsoft C:>pathping -6 2001:db8:11::1 •  mtr -r6 www.rmv6tf.org c100 (www.bitwizard.nl/mtr/) •  Pchar, pathchar, iperf, jperf •  Netcat (nc -6), telnet, ssh, nmap -6 -sT 2001:db8::1 End-­‐to-­‐End  IPv6  TroubleshooNng  
© 2015 Global Technology Resources, Inc. All Rights Reserved. •  Check yourself from the Internet-perspective –  Leverage IPv6-capable looking glasses –  Is your traffic really using IPv6? •  In a dual-protocol environment there are many tasks that will need to be performed twice (once for each IP version) •  Some connections could use IPv4 and/or IPv6 –  Web pages could be delivered over a combination of protocols. How do you know which protocol was used? –  Browser add-ons, plug-ins can be helpful TroubleshooNng  Dual  Protocol  Networks  
© 2015 Global Technology Resources, Inc. All Rights Reserved. IPv6  Browser  Plug-­‐ins,  Add-­‐Ons  
© 2015 Global Technology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Thank  You!   Sco8  Hogg,  CTO  GTRI   303-­‐949-­‐4865    |    shogg  at  gtri.com  

More Related Content

PDF
IPv6 at CSCS
bySwiss IPv6 Council
 
PPTX
IPv6 on the Interop Network
byNetwork Utility Force
 
PDF
12.00 - Dr. Tim Chown - University of Southampton
byIPv6 Summit 2010
 
PDF
Apache NiFi User Guide
byDeon Huang
 
PDF
IPv6 at LinkedIn
byAPNIC
 
PPT
IPv6 Deployment In Enterprise Networks
byIvan Pepelnjak
 
PDF
Presd1 09
byNiels Groeneveld
 
PDF
Introduction to Apache NiFi 1.11.4
byTimothy Spann
 
IPv6 at CSCS
bySwiss IPv6 Council
 
IPv6 on the Interop Network
byNetwork Utility Force
 
12.00 - Dr. Tim Chown - University of Southampton
byIPv6 Summit 2010
 
Apache NiFi User Guide
byDeon Huang
 
IPv6 at LinkedIn
byAPNIC
 
IPv6 Deployment In Enterprise Networks
byIvan Pepelnjak
 
Presd1 09
byNiels Groeneveld
 
Introduction to Apache NiFi 1.11.4
byTimothy Spann
 

What's hot

PDF
Final Assignment On IPv4 vs IPv6
byLITS IT Ltd,LASRC.SPACE,SAWDAGOR BD,FREELANCE BD,iREV,BD LAW ACADEMY,SMART AVI,HEA,HFSAC LTD.
 
PDF
Starting the DevOps Train
byCisco DevNet
 
PDF
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
byDataWorks Summit
 
PDF
IPv6 Adressvergabe und Adressierung
bySwiss IPv6 Council
 
PPTX
ARIN 36 IETF IPv6 Activities Report
byARIN
 
PDF
MiniFi and Apache NiFi : IoT in Berlin Germany 2018
byTimothy Spann
 
PDF
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
byIPv6no
 
PDF
IPV6 Deployment for Broadband Internet by Azura Mat Salim
byMyNOG
 
PDF
Apache Nifi Crash Course
byDataWorks Summit
 
PDF
Apache MXNet for IoT with Apache NiFi
byTimothy Spann
 
PDF
Sipforum SIP & IPv6 discussion slides
byOlle E Johansson
 
PDF
Apache Deep Learning 101 - DWS Berlin 2018
byTimothy Spann
 
PPTX
IPv6 Summit Powerpoint
byTim Price
 
KEY
IPv6 Tutorial RIPE 60
byRIPE Meetings
 
PDF
The First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFi
byDataWorks Summit
 
PPTX
Best practices and lessons learnt from Running Apache NiFi at Renault
byDataWorks Summit
 
KEY
Sip & IPv6 - time for action!
byOlle E Johansson
 
DOC
Resume of Hassan Ibrahim
byHassan Ibrahim
 
PDF
Apache NiFi 1.0 in Nutshell
byKoji Kawamura
 
PDF
Alta Disponibilidade no MySQL 5.7
byMySQL Brasil
 
Final Assignment On IPv4 vs IPv6
byLITS IT Ltd,LASRC.SPACE,SAWDAGOR BD,FREELANCE BD,iREV,BD LAW ACADEMY,SMART AVI,HEA,HFSAC LTD.
 
Starting the DevOps Train
byCisco DevNet
 
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
byDataWorks Summit
 
IPv6 Adressvergabe und Adressierung
bySwiss IPv6 Council
 
ARIN 36 IETF IPv6 Activities Report
byARIN
 
MiniFi and Apache NiFi : IoT in Berlin Germany 2018
byTimothy Spann
 
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
byIPv6no
 
IPV6 Deployment for Broadband Internet by Azura Mat Salim
byMyNOG
 
Apache Nifi Crash Course
byDataWorks Summit
 
Apache MXNet for IoT with Apache NiFi
byTimothy Spann
 
Sipforum SIP & IPv6 discussion slides
byOlle E Johansson
 
Apache Deep Learning 101 - DWS Berlin 2018
byTimothy Spann
 
IPv6 Summit Powerpoint
byTim Price
 
IPv6 Tutorial RIPE 60
byRIPE Meetings
 
The First Mile -- Edge and IoT Data Collection with Apache NiFi and MiNiFi
byDataWorks Summit
 
Best practices and lessons learnt from Running Apache NiFi at Renault
byDataWorks Summit
 
Sip & IPv6 - time for action!
byOlle E Johansson
 
Resume of Hassan Ibrahim
byHassan Ibrahim
 
Apache NiFi 1.0 in Nutshell
byKoji Kawamura
 
Alta Disponibilidade no MySQL 5.7
byMySQL Brasil
 

Viewers also liked

PDF
Successfully Deploying IPv6
byZivaro Inc
 
PPTX
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
byZivaro Inc
 
PPTX
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
byZivaro Inc
 
PPTX
Using Big Data to Counteract Advanced Threats
byZivaro Inc
 
PDF
Post IPv6 Implementation and Security: Now What?
byZivaro Inc
 
PDF
IPv6 Security - Hacker Halted 2013
byZivaro Inc
 
PDF
Support Software Defined Networking with Dynamic Network Architecture
byZivaro Inc
 
PDF
GTRI.com Splunk for Vmware APP
byZivaro Inc
 
PDF
Software Defined Networking (SDN) Technology Brief
byZivaro Inc
 
PDF
Splunk for Real time alerting and monitoring. www.gtri.com
byZivaro Inc
 
PPTX
Splunk Enterprise 6.3 - Splunk Tech Day
byZivaro Inc
 
PDF
Software-Defined WAN 101
byZivaro Inc
 
PDF
Software Defined Networking (SDN) with VMware NSX
byZivaro Inc
 
PPTX
GTRI Splunk Overview - Splunk Tech Day
byZivaro Inc
 
PPSX
Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013
byUse Age
 
PPTX
GTRI Splunk Case Studies - Splunk Tech Day
byZivaro Inc
 
PDF
Big Data Workshop: Splunk and Dell EMC...Better Together
byZivaro Inc
 
PDF
Organizational Change Management
byZivaro Inc
 
PDF
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
byHoracio Gonzalez
 
PPTX
Beyond the Phish with GTRI and Wombat Security Technologies
byZivaro Inc
 
Successfully Deploying IPv6
byZivaro Inc
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
byZivaro Inc
 
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
byZivaro Inc
 
Using Big Data to Counteract Advanced Threats
byZivaro Inc
 
Post IPv6 Implementation and Security: Now What?
byZivaro Inc
 
IPv6 Security - Hacker Halted 2013
byZivaro Inc
 
Support Software Defined Networking with Dynamic Network Architecture
byZivaro Inc
 
GTRI.com Splunk for Vmware APP
byZivaro Inc
 
Software Defined Networking (SDN) Technology Brief
byZivaro Inc
 
Splunk for Real time alerting and monitoring. www.gtri.com
byZivaro Inc
 
Splunk Enterprise 6.3 - Splunk Tech Day
byZivaro Inc
 
Software-Defined WAN 101
byZivaro Inc
 
Software Defined Networking (SDN) with VMware NSX
byZivaro Inc
 
GTRI Splunk Overview - Splunk Tech Day
byZivaro Inc
 
Petit Déj' "Ergonomie et SEO" organisé par Use Age le 26 Septembre 2013
byUse Age
 
GTRI Splunk Case Studies - Splunk Tech Day
byZivaro Inc
 
Big Data Workshop: Splunk and Dell EMC...Better Together
byZivaro Inc
 
Organizational Change Management
byZivaro Inc
 
Enib cours c.a.i. web - séance #1 - html5 css3-js - 1
byHoracio Gonzalez
 
Beyond the Phish with GTRI and Wombat Security Technologies
byZivaro Inc
 

Similar to Successfully Deploying IPv6

PDF
IPv6 Transition Considerations for ISPs
byCarlos Martinez Cagnazzo
 
PDF
2012 11-09 facex - i pv6 transition planning-
byEduardo Coelho
 
PPT
Understanding i pv6 2
bysrmanjuskp
 
PDF
TCP/IP Geeks Stockholm :: Introduction to IPv6
byOlle E Johansson
 
PDF
Rapid IPv6 Deployment for ISP Networks
bySkeeve Stevens
 
DOCX
I pv6
byUdi Ghosh
 
PPTX
Ron Broersma dren-stavanger-22 nov2011
byIPv6no
 
PPTX
6421 b Module-04
byBibekananada Jena
 
PDF
IPv6 Deployment Planning Tutorial, by Philip Smith [APNIC 38]
byAPNIC
 
PPT
Adressing IPv6 strategy
byOrange Business Services
 
PDF
The Case for IPv6: Paving the Way for the Internet of Things
byNetwork Utility Force
 
PDF
IPv6
byDavid Santos
 
PPT
Day 20.i pv6 lab
byCYBERINTELLIGENTS
 
PPTX
Compatibility between IPv4 and IPv6
byZalak Patel
 
PPTX
ip v6 subnetting-Ip v6 subnetting and intro
bylochanraj1
 
PPT
IPv6: the what, why and how
byOrange Business Services Asia Pacific
 
PDF
IPv6 Enabled WiFi: Planning, Deployment and Best Practices
byNetwork Utility Force
 
PDF
apnic36-ipv6-planning_137752590hhhh2.pdf
bysoeminTun7
 
PPTX
IPv6-Architecture.ppt hiikfdryikjhffghiikmh
bydivyanshmalik823
 
PDF
IPv6 - A Real World Deployment for Mobiles
byAPNIC
 
IPv6 Transition Considerations for ISPs
byCarlos Martinez Cagnazzo
 
2012 11-09 facex - i pv6 transition planning-
byEduardo Coelho
 
Understanding i pv6 2
bysrmanjuskp
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
byOlle E Johansson
 
Rapid IPv6 Deployment for ISP Networks
bySkeeve Stevens
 
I pv6
byUdi Ghosh
 
Ron Broersma dren-stavanger-22 nov2011
byIPv6no
 
6421 b Module-04
byBibekananada Jena
 
IPv6 Deployment Planning Tutorial, by Philip Smith [APNIC 38]
byAPNIC
 
Adressing IPv6 strategy
byOrange Business Services
 
The Case for IPv6: Paving the Way for the Internet of Things
byNetwork Utility Force
 
IPv6
byDavid Santos
 
Day 20.i pv6 lab
byCYBERINTELLIGENTS
 
Compatibility between IPv4 and IPv6
byZalak Patel
 
ip v6 subnetting-Ip v6 subnetting and intro
bylochanraj1
 
IPv6: the what, why and how
byOrange Business Services Asia Pacific
 
IPv6 Enabled WiFi: Planning, Deployment and Best Practices
byNetwork Utility Force
 
apnic36-ipv6-planning_137752590hhhh2.pdf
bysoeminTun7
 
IPv6-Architecture.ppt hiikfdryikjhffghiikmh
bydivyanshmalik823
 
IPv6 - A Real World Deployment for Mobiles
byAPNIC
 

More from Zivaro Inc

PPTX
How to Rightsize Your Citrix Investment
byZivaro Inc
 
PPTX
On-Prem vs. Cloud Collaboration Showdown
byZivaro Inc
 
PPTX
Insider Threat Solution from GTRI
byZivaro Inc
 
PDF
SDN Security: Two Sides of the Same Coin
byZivaro Inc
 
PPTX
Denver Big Data Analytics Day
byZivaro Inc
 
PDF
Cisco ACI: A New Approach to Software Defined Networking
byZivaro Inc
 
PPTX
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
byZivaro Inc
 
PDF
GTRI Splunk Elite Partner Capabilities
byZivaro Inc
 
How to Rightsize Your Citrix Investment
byZivaro Inc
 
On-Prem vs. Cloud Collaboration Showdown
byZivaro Inc
 
Insider Threat Solution from GTRI
byZivaro Inc
 
SDN Security: Two Sides of the Same Coin
byZivaro Inc
 
Denver Big Data Analytics Day
byZivaro Inc
 
Cisco ACI: A New Approach to Software Defined Networking
byZivaro Inc
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
byZivaro Inc
 
GTRI Splunk Elite Partner Capabilities
byZivaro Inc
 

Recently uploaded

PPTX
Oracle SCM Cloud Solutions for Smart Supply Chain Management
byChetu
 
PDF
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PPTX
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PPTX
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
PDF
January Patch Tuesday
byIvanti
 
PPT
Waste water treatment plant operation and maintenance
byDuggineniRamakrishna
 
PPTX
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
Using Change Data Capture (CDC) to Ingest Data into Apache Kafka
byGiovanni Marigi
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PDF
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
PPTX
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
PPTX
Lecture 05. API Security for DevSecOps Eng.pptx
byvinocol222
 
Oracle SCM Cloud Solutions for Smart Supply Chain Management
byChetu
 
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
January Patch Tuesday
byIvanti
 
Waste water treatment plant operation and maintenance
byDuggineniRamakrishna
 
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Using Change Data Capture (CDC) to Ingest Data into Apache Kafka
byGiovanni Marigi
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
Lecture 05. API Security for DevSecOps Eng.pptx
byvinocol222
 

Successfully Deploying IPv6

  • 1.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Successfully  Deploying  IPv6   Presented  by  Sco8  Hogg,  CTO  GTRI   NANOG  On  The  Road  5  –  Orlando,  FL   February  24,  2015  
  • 2.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  Dual Stack Migration Planning Pitfalls •  Training for IPv6 Deployment Success •  Addressing Challenges •  IPv6 Routing •  Dual-Protocol Applications •  Troubleshooting Dual-Protocol Networks Agenda  
  • 3.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  Organizations using IPv4 today will add IPv6 as a separate protocol, run them in parallel for many years, then after many years, start to disable IPv4 IPv6  Planning  –  Dual  Stack  MigraNon   IPv4  Deployment   IPv6  Deployment   Time  
  • 4.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  Failing to build a cross-function IPv6 deployment team –  Multidisciplinary, Collaborative, Cooperative •  Organizations need to treat IPv6 as a “Program” not just like a typical IT “Project” –  IPv6 transition is made up of many smaller projects that will span multiple years and cross the entire enterprise •  Regular/Frequent meetings are key to maintaining pace •  Just like anything, executive buy-in and support is essential IPv6  Planning  PiOalls  
  • 5.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  Don’t try to look at everything, identify devices requireing IPv6 •  Focus your efforts on the Internet perimeter –  Look at every device in the transmission path (IPS, WAF, web proxy, DLP, …) •  The good news is you have waited to deploy IPv6 –  Now most IT products come standard with IPv6 capabilities •  Don’t be concerned about an IPv4-only management plane – that will come later •  Some devices may remain IPv4-only until they die Performing  an  IPv6  Readiness  Assessment  
  • 6.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  Assume your IT organization has not taken the initiative to immerse themselves in IPv6 •  People need to be trained early in the process, but not too early that they forget what they learned –  Train “just in time”, not years before an IPv6 address is actually configured on a production device •  Train for different skillsets (appdev, sysadmin, net admin, sec admin, helpdesk, PMs, …) •  Much of your IPv4 experience is applicable to IPv6 •  Don’t fear the larger addresses – Learn to “Think in Hex” Training  for  Success  
  • 7.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  IPv4-Think is dangerous when planning IPv6 addressing –  Crazy Talk: Using decimal #s, embedding VLAN #, IPv4 address converted to hex •  There is no scarcity of IPv6 addresses –  If there is no scarcity, there can be no waste –  Don’t try to assign only the minimum-needed prefix length –  Plan for the number of subnets, not the number of hosts •  Perform addressing for simplicity and ease of management –  Don’t be concerned about lots of reserved space IPv6  Addressing  
  • 8.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  Don’t force levels of hierarchy that are not needed •  Use standard prefix lengths: /48, /56, /64 •  Use nibble-boundary – don’t use /50, /57, /65, … •  Consistency between sites can increase operational efficiency, however, not every site needs the same addressing plan –  Branches need a different plan than a data center “site” •  Stick with Global Unicast Addresses (GUA) 2000::/3 •  Avoid Unique Local Addresses (ULA) FC00::/7 IPv6  Addressing  
  • 9.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  IP addressing and routing go hand-in-hand •  All IP routing protocols have IPv6 capabilities •  Separating control plane for two data planes can be desirable –  Establish BGP peer over IPv4 TCP 179 for sharing IPv4 routes –  Establish BGP peer over IPv6 TCP 179 for sharing IPv6 routes •  Don’t forget to use a 32-bit RID to the IPv6 routing process •  Peering using global (preferred) or link-local addresses •  Consider using locally-administered link-local addresses –  fe80::cccc:0001, fe80::dddd:0002, … •  Type carefully – don’t fat-finger the address IPv6  RouNng  
  • 10.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  Assessing current code for IPv6-capability –  Most applications are not creating socket-level connections –  Most applications use higher-level APIs or rely on lower-level web services for connectivity •  Create code that is Address-Family (AF) independent •  Presentation-to-Numeric (p2n) & Numeric-to-Presentation (n2p) –  Robustness principle: Be conservative in what you send, be liberal in what you accept •  Be careful of data structures for storing 128-bit addresses •  Create code that performs dual-protocol DNS resolution and incorporates Happy Eyeballs (RFC 6555) •  Write code that properly handles Path MTU Discovery (PMTUD) Dual-­‐Protocol  ApplicaNons  
  • 11.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  Understand how IPv4 and IPv6 are different in terms of networking (NDP, extension headers, dynamic tunnels, …) •  Don’t deploy IPv6 if you lack the products to secure the protocol •  Don’t be overly worried about IPv6 NDP security weaknesses –  You haven’t secured your IPv4 LANs either –  https://community.infoblox.com/blogs/2015/02/10/holding- ipv6-neighbor-discovery-higher-standard-security IPv6  Security  ConsideraNons  
  • 12.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  Even if you do not deploy IPv6, there could still be IPv6- related issues that you must deal with. •  You now have IPv6-enabled nodes in your environment. •  Using a disciplined troubleshooting methodology will pay dividends when dealing with multi-part problems. •  Troubleshoot IPv6 in segments (LAN1, WAN, LAN2) •  Troubleshooting NDP requires a magnifying lens. –  You may need to break out the protocol analyzer –  Looking for an IPv6 needle in a haystack of IPv4 TroubleshooNng  Dual  Protocol  Networks  
  • 13.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. TroubleshooNng  Dual  Protocol  Networks   Applicatio n Layer Transport Layer Internet Layer Link Layer IPv4 IPv6 ARP ICMP IGMP TCP UDP SCTP HTTP(S)   SSH   SMTP   TFTP   DHCP   DNS   SIP   WebRTC   TLS/SSL   SNMP   BGP   DCCP T1/E1/T3/E3 SONET SDH ICMPv6 NDP MLD Ethernet Wireless
  • 14.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  Ping (ping6) (by name, by IP address, in both directions, specify source address, 1500-byte MTU) –  Linux: ping6 -I eth0 fe80::1 –  Windows: ping fe80::1%12 –  Cisco: ping fe80::1%GigabitEthernet0/0 –  ping -l 1500 2001:db8:dead:c0de::1 •  Traceroute (traceroute6), tracert •  Tcptraceroute6 (www.remlab.net/ndisc6/) •  Microsoft C:>pathping -6 2001:db8:11::1 •  mtr -r6 www.rmv6tf.org c100 (www.bitwizard.nl/mtr/) •  Pchar, pathchar, iperf, jperf •  Netcat (nc -6), telnet, ssh, nmap -6 -sT 2001:db8::1 End-­‐to-­‐End  IPv6  TroubleshooNng  
  • 15.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. •  Check yourself from the Internet-perspective –  Leverage IPv6-capable looking glasses –  Is your traffic really using IPv6? •  In a dual-protocol environment there are many tasks that will need to be performed twice (once for each IP version) •  Some connections could use IPv4 and/or IPv6 –  Web pages could be delivered over a combination of protocols. How do you know which protocol was used? –  Browser add-ons, plug-ins can be helpful TroubleshooNng  Dual  Protocol  Networks  
  • 16.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. IPv6  Browser  Plug-­‐ins,  Add-­‐Ons  
  • 17.
    © 2015 GlobalTechnology Resources, Inc. All Rights Reserved. Contents herein contain confidential information not to be copied. Thank  You!   Sco8  Hogg,  CTO  GTRI   303-­‐949-­‐4865    |    shogg  at  gtri.com