Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

LT03 IDNOG04 - Dewangga - IPv6 Implementation for End Users

233 views

Published on

LT03 IDNOG04 - Dewangga - IPv6 Implementation for End Users

Published in: Internet
  • Login to see the comments

  • Be the first to like this

LT03 IDNOG04 - Dewangga - IPv6 Implementation for End Users

  1. 1. IPv6 Implementation for End Users (RA) On RouterOS Device
  2. 2. About Me System Engineer Profile: keybase.io/dewangga [hokage@networksninja.net] 0xA028CD70
  3. 3. Transition Problems • IPv6 subnetting ? • Hardware or firmware support ? • We are afraid to deploy new technology ? :-)
  4. 4. Why IPv6? • IPv4 NAT issue on approximately thousand(s) device(s) connected at the same time -- no CGN :-) • Utilize bandwidth usage both IPv4 and IPv6 at the same time. • End-to-end encryption and low-risk man-in-the-middle attack(s)
  5. 5. Limitations • Deployment using RouterOS (MikroTik) • SME (Small-Medium Enterprise) Infrastructure
  6. 6. Net Diagram Branch A Router Branch B Router Branch A Clients Branch B Clients CORE Router CORE Switch2001:6400:dead:beef::/64 2001:6400:dead:beef::2/64 2001:6400:dead:beef::1/64 Branch A: 2001:6400:dead:b33f::/64 Branch B: 2001:6400:dead:b055::/64
  7. 7. Configurations – Core Router [dewangga@core.networksninja.net] > /ipv6 addr add interface=ether2 address=2001:6400:dead:beef::/64 advertise=no [dewangga@core.networksninja.net] > /ipv6 rou add dst-address=2001:6400:dead:b33f::/64 gateway=2001:6400:dead:beef::1 check-gateway=ping add dst-address=2001:6400:dead:b055::/64 gateway=2001:6400:dead:beef::2 check-gateway=ping
  8. 8. Configurations – Router Branch A [dewangga@a.networksninja.net] > /ipv6 addr add interface=ether1 address=2001:6400:dead:beef::1/64 advertise=no add interface=ether2 address=2001:6400:dead:b33f::/64 advertise=no [dewangga@a.networksninja.net] > /ipv6 rou add dst-address=::/0 gateway=fe80::e68d:8cff:fe3f:6732%ether1 check-gateway=ping
  9. 9. Configurations – Router Branch B [dewangga@b.networksninja.net] > /ipv6 addr add interface=ether1 address=2001:6400:dead:beef::2/64 advertise=no add interface=ether2 address=2001:6400:dead:b055::/64 advertise=no [dewangga@b.networksninja.net] > /ipv6 rou add dst-address=::/0 gateway=fe80::e68d:8cff:fe3f:6732%ether1 check-gateway=ping
  10. 10. Configurations – Router Advertisement (A & B) [dewangga@a.networksninja.net] > /ipv6 nd set [ find default=yes ] disabled=yes add advertise-mac-address=no interface=ether2 managed-address-configuration=yes mtu=1500 other-configuration=yes reachable-time=10s retransmit-interval=5s [dewangga@a.networksninja.net] > /ipv6 nd prefix add interface=ether2 prefix=2001:6400:dead:b33f::/64 [dewangga@a.networksninja.net] > /ipv6 nd prefix default set autonomous=no
  11. 11. Clients Configuration • Just enable IPv6 Configuration on your operating system that support ipv6 RA (latest operating system are native IPv6 Support by default) • Client should be received IPv6 from RA (eg: 2001:6400:dead:b33f:5054:ff:fe3d:498f or 2001:6400:dead:b33f:f5a6:5d7b:6647:2bf5)
  12. 12. In GUI :-)
  13. 13. Conclusion • Do NOT do any deployment if you aren't ready yet. Don't leave any vulnerable system exposed to the world wide. • By enabling IPv6 to end user(s), we are helping the operators to reduce usage of CGN and Router CPU Resource because of NAT. • Ensure the scalability, reachability and connectability for end user(s).
  14. 14. Thanks

×