Future proofing: Is IPv6 the safest bet

687 views

Published on

With the proliferation of IP based devices there is a shortage of IP addresses so is this the right time to consider the move to IPv6? This session will outline the choices available to you as well as addressing the pros and cons of becoming and IPv6 trail blazer.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
687
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
31
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Technology deployment in the early 1990’s was disjointed and most likely standalone technology. It was also unlikely that there were many changes, moved or adds to the environment. Networks were relatively flat and in the main were hard wired with static IP addresses. Recording of the environment was not a key requirement that businesses depended on.In the interim years, we have seen the evolution of flexible environments and data demands, fueled by DNS and DHCP, enabling our environment to be completely fluid with much greater levels of complexity.I
  • Due to compelling operational and cost efficiency benefits, networks are evolving from multiple disparate networks to streamlined converged IP networks. The core foundation of this converged network is the IP network. This network requires scrupulous management of all IP network components including DHCP servers whose job is to map static IP address assignmentsAnd DNS servers whose function is to handle domain name translationsThese clean, converged networks are still running messy, decentralized IP Address Management-networks have evolved, but for many organizations, their IPAM hasn’t.Ironically, many are still using the same recording methods we did almost 20 years ago, now with increased reliance and risk associated and far greater overheads. It is inevitable that all companies will have to deploy a management system in this critical technology area. The business gains are exponential….Approx 45% of all business are still using spreadsheets, home grown solutions or 1st gen IPAM to manage their IP address assignmentThe complexity that drives business today can be defined by it’s competitive advantage to the business.The incorporation of these processes and technologies lead to greater complexities. Businesses are continually revisiting their technology and processes looking for greater advantage. They are also taking on a “Service Oriented” approach to managing their networks to improve efficiencies and derive greater benefit to their external and internal clients.More often than not, enterprises today are disregarding the potential gains from the optimisation of IP Address management, DHCP and DNS. Considering that systems, processes and procedures are continually monitored and reviewed, it is surprising that these three mission critical services remain on freeware and in siloed deployments with little or no relationship to each other.The simple fact is that IP addresses are at the core of everything that we require to operate any company. All of our processes rely on these services to run their IT services. Services that extend out into the business, HR, Finance, warehousing, delivery, customer management, then we look internally to our security, governance and reporting. Question: How do organizations ensure that all of these core business functions are able to operate reliably without large teams manually operating them?
  • Simplified IPAM-Centralized and automated control over your IP Address Management functions:To assign, configure, deploy, monitor and audit IP addresses throughout your networkDNSDHCPAutomated & Integrated DDI FunctionsSingle intuitive user interfaceRecurring tasks for deployment and discoveryAPI/CLI extends inter-system automationAppliance solutions for simplified purchasing, management, maintenance of IPAM and/or DNS/DHCP functions.
  • Pro: Stateless AutoconfigIPv6 neighbor discovery (ND) supplants ARP and introduces the option for stateless automatic configuration in place of static IP addressing or DHCP (although both are still options under IPv6). Hosts configured for autoconfig (which is a default configuration on most platforms) automatically learn of the prefix(es) and router(s) present on the segment, and automatically address themselves as appropriate using EUI-64 addressing.
  • Draw: No More IP ScanningWith 264 possible host addresses per /64 prefix, performing a ping scan to detect devices is futile. From a security perspective, this is a boon for mitigating the automated spread of worms and enumeration attempts. On the other hand, it obsoletes an accounting mechanism on which many administrators have come to rely. It also increases the value of DNS servers to attackers.
  • Future proofing: Is IPv6 the safest bet

    1. 1. Is this the right time to consider the move to IPv6?Martin Wellsted – Business development directorBT Diamond IP<br />September, 2010<br />
    2. 2. IP Expo 2010<br />With the proliferation of IP based devices there is a shortage of IP addresses so is this the right time to consider the move to IPv6? This session will outline the choices available to you as well as addressing the pros and cons of becoming and IPv6 trail blazer.<br />
    3. 3. What is IPAM?<br />
    4. 4. What is IP Address Management?<br />IPAM= IP Address Management <br />IP address inventory (Documentation)<br />IP policy<br />DNS = Domain Name Service <br />Hostname to IP address translation<br />Or IP address to hostname, etc.<br />DHCP= Dynamic Host Configuration Protocol<br />Automatic assignment of IP addresses to hosts / network devices<br />IPAM<br />Network<br />DHCP<br />DNS<br />
    5. 5. <ul><li> Complete IPv4 and IPv6 Inventory
    6. 6. Hierarchical view
    7. 7. Policy based mgmt
    8. 8. Automatic allocation
    9. 9. Utilization display
    10. 10. Overlapping space
    11. 11. Discovery</li></ul>IPControl Functionalities<br /><ul><li> User defined device types
    12. 12. Role-based access
    13. 13. Device naming conventions
    14. 14. Multi-interface
    15. 15. Audit capabilities
    16. 16. Discovery</li></ul>IPAM<br />Address<br />Management<br />IPAM<br />Block<br />Management<br />DHCP<br />DNS<br /><ul><li> Configuration mgmt
    17. 17. Domain and zone mgmt
    18. 18. Server mgmt
    19. 19. Resource Record auto-generation
    20. 20. Option dictionaries
    21. 21. Configuration mgmt
    22. 22. Scope mgmt
    23. 23. Utilization display
    24. 24. Server mgmt
    25. 25. DHCP reservations
    26. 26. Option and policy templates
    27. 27. DHCP failover</li></li></ul><li>Why is IPAM important?<br />
    28. 28. Technology Evolution - Historical Overview<br />Many disparate networks-static, flat environments<br />Private lines<br />Frame Relay<br />ATM<br />Internet<br />Mobile<br />Applications<br />Storage<br />
    29. 29. Today’s Networks and IP Address Management<br />All companies require IPAM <br />No IP, No DNS = No Network<br /><ul><li>Unique IP addresses and valid DNS names critical to networks and business applications
    30. 30. Growing number of devices (IPs) on the typical enterprise network
    31. 31. Disparate DNS and DHCP Servers are difficult to manage
    32. 32. CHANGE HAPPENS – New services, locations, acquisitions, markets affect IP assignments</li></ul>Total Reliance on IPAM<br />
    33. 33. BT Diamond IP Delivers Streamlined IPAM<br />Increased functionality<br /><ul><li>Change control
    34. 34. Auditing
    35. 35. Multiple concurrent users
    36. 36. Error-correction
    37. 37. Naming policy enforcement</li></ul>Room to grow<br /><ul><li>VoIP, UCC and wireless networks have increased VLAN and subnet demand</li></ul>Improved workflow and automation<br /><ul><li>Importance of email between groups
    38. 38. Manual configuration of spreadsheets and DNS/DHCP servers
    39. 39. Streamlined workflow
    40. 40. Automated configuration of DNS and DHCP based on initial IPAM assignment</li></ul>PLUS…Dedicated appliances<br /><ul><li>Simplified Management
    41. 41. Enhanced Security
    42. 42. Improved reliability
    43. 43. Comprehensive coverage-full integration with IP address management (IPAM)</li></li></ul><li>Should I consider IPv6?<br />
    44. 44. Assignment of Public IP Space<br />IANA = Internet Assigned Numbers Authority<br />Assigns public IP addresses to Regional Internet Registries (RIR)<br />RIRs assign to Local Internet Registries (LIR) or companies directly<br />Most LIRs are Internet Service Providers<br />
    45. 45. What‘s The Challenge?<br />Last IANA IPv4 allocation: 05.06.2011<br />Last RIR IPv4 allocation: 05.02.2012<br />Projected remaining time until IANA and RIR exhaustion over time (1) <br />Projected IANA/RIR consumptions (2) <br />Source: ipv4.potoaroo.net<br />06.09.2010<br />
    46. 46. IPv4 IP Space comes to an end....<br />IPv4 addresses wear thin<br />Dylan Bushell-Embling  |   October 19, 2010 | telecomseurope.net <br />The world's supply of free IPv4 address space has fallen to below 5%, and is set to run out early next year, the Number Resource Organization (NRO) has warned.<br />APAC internet registry APNIC has just been assigned two blocks of IPv4 addresses, leaving just 12 blocks remaining the NRO said. Each block is equivalent to 1/256th of the total IPv4 space of nearly 4.3 billion IP addresses. The final five will be distributed simultaneously to each of the regional internet registries, so only seven remain to be given out normally. <br />The NRO said that at the current rate of exhaustion, the final five blocks of IPv4 addresses will be allocated in early 2011. “The pressure to adopt IPv6 is mounting. Many worry that without adequate preparation and action, there will be a chaotic scramble for IPv6,” the NRO said in a statement.<br />More than 200 million IPv4 addresses have been allocated since January, when the proportion available hit 10%.<br />APNIC said Asia Pacific would be particularly hard hit by the exhaustion of IPv4 addresses, because of the region’s rapid pace of growth. Around 45.9% of the IPv6 addresses allocated in the world last year went to the region.<br />The world’s five regional registries are expected to allocate over 2,000 IPv6 address blocks this year – a 70% increase from 2009. This compares to just an 8% growth in IPv4 allocations for the year. The NRO said this indicated a strong momentum behind IPv6 adoption.<br />Source: telecomseurope.net ; Orignal Author: Dylan Bushell-Embling<br />
    47. 47. What‘s The Challenge?<br />IPv4<br />32-bit number<br />4,3*109 (billion)<br />Presentation: Decimal (0-255), 4 digits, separator: Period<br />Example: 68.109.23.126<br />IPv6<br />128-bit number<br />3,4*1038 (undecillion)<br />Presentation: Hexadecimal, 8 digits, Separator: Colon<br />Example: 2001:0db8:85a3:08d3:1319:8a2e:0370:7344<br />
    48. 48. Management of IPv6 Address Space<br />Management of IPv6 address space<br />IPv4/IPv6 address inventory; transition planning<br />Address assignment<br />Autoconfiguration<br />DHCPv6 (Dynamic Host Configuration Protocol) management<br />Prefix delegation, IPv6 address assignment (stateful), IPv6 configuration initialization (combined stateful/stateless)<br />Name Resolution<br />DNS (Domain Name System)<br />Maps hierarchical domain names to IP addresses<br /> pc.diamondip.com IN AAAA 3ffe:3328:4:3:250:4ff:fe5c:b3f4<br />Maps IP addresses to domain names<br /> 4.f.3.b.c.5.e.f.f.f.4.0.0.5.2.0.3.0.0.0.4.0.0.0.8.2.3.3.e.f.f.3.ip6.arpa. IN PTR pc.diamondip.com.<br />
    49. 49. IPv6 Pro’s<br />Much Larger Address Space<br />Virtually Unlimited Host Addresses per Prefix<br />Stateless Autoconfig<br />Automatic Link-Local Addressing<br />No More IP Scanning<br />With 264 possible host addresses per /64 prefix, performing a ping scan to detect devices is futile. <br />From a security perspective, this is a boon for mitigating the automated spread of worms and enumeration attempts.<br />No more need for NAT<br />
    50. 50. IPv6 Con’s<br />Investment required in IPv6 enabled technologies<br />Bleeding edge – not tried and tested in the real world<br />Typing Long Addresses<br />Requires the adoption of IP management software<br />Requires the development of Policy and Practices<br />No More IP Scanning<br />It obsoletes an accounting mechanism on which many administrators have come to rely. <br />It also increases the value of DNS servers to attackers.<br />Mixed environments IPv4 & IPv6 could be difficult<br />
    51. 51. Is there an easy answer?<br />
    52. 52. Well .... Yes and No <br />Yes – There are tools out there to help<br />Yes – it lifts restrictions on IP space<br />Yes – It improves security<br />Yes - It improves simplicity<br />No – You will have to invest<br />No – You will have to develop new policies and working practices<br />No – you will have to maintain dual environments for the foreseeable future.<br />
    53. 53. BT’s answerDiamond IP Software Suite<br />IPControl<br />Automated Address Block Allocation<br />IP Address Capacity Management<br />IP Subnets & Devices<br />Complete IP Inventory<br />Multi-vendor DHCP/DNS server configuration and management<br />Network Services<br />DNS and DHCP service<br />Based on ISC products<br />Full GUI support of options<br />

    ×