IPv6 on the INTEROPNETInterop, Wednesday, 9 May 2013Brandon Ross, Routing Team LeadChief Network Architect, Network Utilit...
Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Les...
RFC 6540• Are you aware of this requirement?• Are your nodes IPv6 capable?
IPv6 Support Required for All IP-Capable Nodes – RFC 6540• “Given the global lack of available IPv4space, and limitations ...
Background• IPv4 depletion is already occurring• IPv6 adoption is accelerating• Most network hardware supports IPv6• For t...
US Feds Lesson LearnedThe US federal government had a mandate for all public facing webservices to support IPv6 by Septemb...
Europe out of Free Pool• Asia (APNIC) effectively ran out of freeaddresses in April, 2011• Europe (RIPE) is also out of ad...
Goals• Network must be fully dual stack(IPv4+IPv6)• All IPv4 services should be reachable overIPv6• Connections to IPv6-en...
Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Les...
Building on IPv4, IPv6 addresses contemporary networking needsIPv6 Advantages OverviewFeatures IPv4 IPv6Address length 32 ...
Unlock the potential of IPv6IPv6 Operational Advantages• Robust, Effective, Efficient. UnlimitedAddress space. Extensibili...
IPv6 Features useful in Internet facing devicesInternet PresenceTransitionDual Stack IPv4 and IPv6 – on all publically ava...
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Les...
Connectivity and Routing
Autoconfiguration• All client-facing networks use SLAAC toallow clients to auto-assign themselves anIPv6 address and defau...
DNS• All DNS services are provided by DynDNSand load-balanced by F5• Using anycast to direct traffic to it’snearest DNS se...
InteropNET NOC Services• Goal was to provide all internal servicesover IPv6 as well as IPv4• This required coordination wi...
Wireless• InteropNET wireless is provided by Xirrus• Purpose-built VLANs are shared across allAPs and all are dual-stack
IPAM
IPv6 Attack TrafficSrc. Port Dst. Addr. Dst. Port Seg. Port In50854 2607:f8b0:4001:c02::bd 443 356597 2607:f8b0:400f:800::...
Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Les...
State of Assignments• All of the registries, for the most part,assign initial blocks for Service provider /32 Enterprise...
What makes up a goodaddressing plan?• Depends on the type of network, the size ofthe network, and problem to be solved• Po...
Algorithmic Approach• Encode every IPv4 address in the networkin an IPv6 address10.10.10.10 (A0A0A0A)2001:DB8:A0A:A0A::
Link Numbering Issues• OSPFv3 masks this problem, unlike in IPv4• Separation of addressing from the link statedatabase mea...
Link Numbering Issues• To detect link numbering errors, look for “Uturn” routing:$ traceroute6 2620:144:B0C::traceroute to...
Link Numbering Issues
Link Numbering Issues• Should you number your links at all or justuse link-local?• Loopback interfaces usually show up soy...
Link Numbering Issues• Using equal cost multipath?• $ traceroute6 2001:DB8::5:2• traceroute to 2001:DB8::5:2 (2001:DB8::5:...
Link Numbering Issues• Does your management system use link numbering formonitoring or circuit identification?• Are you re...
Link Numbering Issues• $ traceroute6 2001:DB8::5:2• traceroute to 2001:DB8::5:2 (2001:DB8::5:2), 30hops max, 80 byte packe...
Standards ComplianceNetworks smaller than /64 can be desirable,especially using /127s for point to point links(RFC 6164)To...
Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Les...
DUID• When a Windows machine is cloned, you can gettwo or more machines with the same DHCPv6Unique IDentifier (DUID)• This...
Rogue RAs• When a client is configured to run 6to4 (anautomatic tunneling protocol) and InternetConnection Sharing, it wil...
Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Les...
Conclusions• IPv6 works in the real world• There are challenges to implementingIPv6, but nothing show-stopping• Much of th...
Learn More!• http://www.getipv6.info/• http://tunnelbroker.net/• http://www.sixxs.net/• http://www.ipv6ready.org• https://...
Upcoming SlideShare
Loading in …5
×

IPv6 on the Interop Network

1,040 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,040
On SlideShare
0
From Embeds
0
Number of Embeds
541
Actions
Shares
0
Downloads
118
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  •  IPv6 Network Architecture OptionsWhen moving from an IPv4 to IPv6 environment there are several key choices to be made.Do you have Internet access from multiple providers?How to autoconfigure your end hosts?Which transition Mechanisms will you use? Tunneling, Dual Stack, Translation. Which we will cover later on in this webinarEveryone should already be reachable on the IPv6 Internet, but this is not enough, dont stop here.As Yanick already covered IPv6 is already on your internal network and has similar vulnrabilities as IPv4 that need to be addressed.
  • Let’s us now talk about the different transition mechanisms we have at our disposal to address the transition to IPv6. The industry knew from the start that IPv6 was not backward compatible with IPv4, they had to provide some transition tools.There are 3 methodsThe first one is Dual Stack – that is the ability for hosts or routers to support both IPv4 and IPv6The second one is Tunneling – a method using encapsulation of IPv6 inside and IPv4 packet to cross an existing IPv4 network.And the third one Translation – the more complex way to actually translate an IPv6 packet into an IPv4 packet, or vice-versaWe will analyze all these techniques in more detail in the next slide
  • Because IPv6 is not backwards compatible with IPv4, IPv4 hosts and IPv6 hosts cannot communicate directly.With dual stack, a host has both an IPv4 and an IPv6 stack. Applications can use either stack to communicate. Usually there is a default stack for each application or for the system. If the network is unable to establish the connection after a certain time, the network will try the other stack. Trying both IP version in parallel is recommended since trying both protocols in sequence will delay deployment.While dual-stack devices offer the greatest flexibility, the following is also true:An IPv4 address (public or private) must be available for every dual-stack device.Dual-stack routers must maintain two routing tables. Dual-stack nodes require additional memory and CPU power. Each network requires its own routing protocol.Firewalls must be configured with security rules appropriate to each.A DNS resolver capable of resolving both IPv4 and IPv6 addresses is required.All applications must be able to determine whether communication is with an IPv4 or IPv6 peer.Separate network management commands are required.Still, Dual Stack is the recommended transition tools for all networks, as it allows to migrate at the user’s own pace.
  • The concept of tunneling is simple and has been used for a long time.The IPv6 packet is encapsulated in an IPv4 packet. This can happen automatically, or manually. This can happen at the host or a gateway router.When using a gateway router, which is common for Enterprises, IPv6 hosts do not require any changes. The gateway routers will take care of the encapsulation over IPv4 and maintain connectivity point. They also maintain a list of the gateway routers that are closest to IPv6 hosts. It is also possible to create the tunnel at the host itself. This distributes the load over many hosts. This method is prevalent for home connections. One well known method is ISATAP and supported by Microsoft.ISATAP has been proposed by Microsoft. It is not a real IETF standard (Info only) and require specialized protocol to replace ND. It has problems to scale, but because of Microsoft is a major player. The main advantage of IPv6 tunneling over IPv4 is the fact that it allows deploying IPv6 in your network even if the Carrier infrastructure does not support IPv6 yet. In the same way, if you can support full IPv6 in the infrastructure, you can tunnel IPv4 over IPv6.There are many drawbacks though. As the encapsulation is performed in the slow path, there is a performance and latency impact. In addition the IPv4 header increases the packet size and may require fragmentation and multi packet transmissions. Tunneling can be more vulnerable to security attacks. The tunneling masks the real origin of the packets and make debugging and network management.
  • Even with tunneling or dual stack, the fact remains that IPv4 host can only talk to IPv4 servers. Translation is the last mechanism in our tools box. But it is not simple that simple, as addresses appear in all level of the OSI hierarchy, even possibly in the packet data itself. All the drawbacks of NAT exists with this solution. We already covered NAT in depth and will not restate it here.This mechanism should remain a last resort.
  • IPv6 on the Interop Network

    1. 1. IPv6 on the INTEROPNETInterop, Wednesday, 9 May 2013Brandon Ross, Routing Team LeadChief Network Architect, Network Utility Forcehttp://www.netuf.net/Jeff Enters, Chief Infrastructure Architect, HPhttp://www.hp.com/services
    2. 2. Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Lessons Learned• Conclusions
    3. 3. RFC 6540• Are you aware of this requirement?• Are your nodes IPv6 capable?
    4. 4. IPv6 Support Required for All IP-Capable Nodes – RFC 6540• “Given the global lack of available IPv4space, and limitations in IPv4 extensionand transition technologies, this documentadvises that IPv6 support is no longerconsidered optional.”• “IPv6 support must be equivalent or betterin quality and functionality when comparedto IPv4 support in a new or updated IPimplementation.”
    5. 5. Background• IPv4 depletion is already occurring• IPv6 adoption is accelerating• Most network hardware supports IPv6• For the most part, dual stack Just Workshttp://www.potaroo.net/toolsIPv4 Free Pool Depletionhttp://www.ipv6actnow.org/info/statistics/#allocIPv6 Routing Table Growth
    6. 6. US Feds Lesson LearnedThe US federal government had a mandate for all public facing webservices to support IPv6 by September 30, 2012.287 of 1494 sites had IPv6 web support by the deadline.Today 961 of 1355 sites support IPv6.That’s over 70%. Not 100%, but far aheadof most other large organizations.Source: http://usgv6-deploymon.antd.nist.gov//
    7. 7. Europe out of Free Pool• Asia (APNIC) effectively ran out of freeaddresses in April, 2011• Europe (RIPE) is also out of addresses asof September 14th, 2012• ARIN predicted to run out of free space inApril, 2014 (Geoff Huston,http://www.potaroo.net/tools/ipv4/index.html)
    8. 8. Goals• Network must be fully dual stack(IPv4+IPv6)• All IPv4 services should be reachable overIPv6• Connections to IPv6-enabled websitesshould use IPv6 by default• Nothing should break 
    9. 9. Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Lessons Learned• Conclusions
    10. 10. Building on IPv4, IPv6 addresses contemporary networking needsIPv6 Advantages OverviewFeatures IPv4 IPv6Address length 32 bits 128 bitsNAT Often necessary Not necessaryHeader size Variable length, 20 bytes + manyoptionsFixed-length, 40 bytes + extension headersConfiguration Manual, DHCPv4 Manual, stateless automatic, statefulautomatic (DHCPv6)Types of addresses Broadcast, multicast, unicast Multicast, unicast, anycastAddresses per-interface Single MultipleNeighbor discovery, routerdiscovery, Address resolution,NUD, redirects, etc.A variety of separate protocols Neighbor Discovery Protocol (built in)IPsec Optional IntegratedQoS Some Better
    11. 11. Unlock the potential of IPv6IPv6 Operational Advantages• Robust, Effective, Efficient. UnlimitedAddress space. Extensibility.Optimized for next generationnetworks.• End to End Services andapplications.• Enable Service Automation.• Better Support for QoS.• Enhanced Mobility.• Policy driven operations.• Free manpower from ordinary tasks.• Rapid deployment.• Much more than just a larger addressingspace
    12. 12. IPv6 Features useful in Internet facing devicesInternet PresenceTransitionDual Stack IPv4 and IPv6 – on all publically available serversTranslation NAT64ConnectivityMake sure your mBGP is able to advertise and receive bothIPv4 and IPv6 Internet route updatesUnderstand how DNS server, OS, and application will interact.Make sure DNS server can store AAAA (IPv6 Address) records.Ensure records can be retrieved over both IPv4 and IPv6transport.Enable Load balancer for both IPv4 and IPv6 trafficSecurityDeploy IPv6 Firewall and IDS/IPSIPsec – Now integrated into the IPv6 protocol, but not widelydeployedVPN – IPv6 VPN is very similar to IPv4 VPN
    13. 13. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13IPv6 Network Architecture OptionsAddress Allocation choice• Provider Independent versus Provider Aggragatable address allocation schemeAddressing Mechanisms choice• Manual, Stateless autoconfiguration and/or Stateful autoconfigurationTransition Mechanisms choice• Dual Stack to allow coexistence of both IPv6 and IPv4 on the same infrastructureAnd/or Tunneling and/or TranslationIPv6 Internet presence only• BUT do not stop there!Having a longer term plan for full end-to-end IPv6 enablement is the recommended approachSecurity Concerns• Similar to IPv4 + new IPv6 specific security concerns and need to include access media securityRemember IPv6 is almost certainly already in your internal network, just unmonitored!
    14. 14. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14Transition StrategiesThree main methodsDual Stack• Provides complete support for IPv4 and IPv6protocolsTunneling• Encapsulates IPv6 packets in IPv4 headers(and in later IPv4 packets in IPv6 headers)• Requires dual-stack devices at either end ofthe connectionTranslation• Translates IPv6 addresses and into IPv4addressesCampusLANWirelessLAN Core / DCRemote officesand branchesIPv4InternetWANIPv6InternetExample Today State Disconnected from IPv6Internet
    15. 15. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15Dual StackUse IPv4 or IPv6• IPv4 and IPv6 protocol stacksimplemented on the same device.• + Most simple and recommendedapproach, network is the same+ Applications can select whichnetwork protocol to be used• - IPv4-only cannot communicatewith IPv6-only- Need to maintain 2 routingtables, 2 firewall rule sets, 2network managementconfigurations etc..- Network applications mustdistinguish between IPv6 and IPv4peersSimple and widely used.Recommended StrategyTransition Strategies Explained
    16. 16. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16Dual StackUse IPv4 or IPv6• IPv4 and IPv6 protocol stacksimplemented on the same device.• + Most simple and recommendedapproach, network is the same+ Applications can select whichnetwork protocol to be used• - IPv4-only cannot communicatewith IPv6-only- Need to maintain 2 routingtables, 2 firewall rule sets, 2network managementconfigurations etc..- Network applications mustdistinguish between IPv6 and IPv4peersTunneling6-in-4 or 4-in-6• One transport protocol is encapsulatedas the payload of the other (and viceversa).• + Connect Islands of IPv6 or IPv4+ Compatible across incompatiblenetworks+ Recommended for site-to-site• - Security issues with tunneledprotocols- Trough FW (FW can’t inspect payload)- Reduced performance- Complicated network managementand troubleshootingSimple and widely used.Recommended StrategySimple and widely usedTransition Strategies Explained
    17. 17. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17Dual StackUse IPv4 or IPv6• IPv4 and IPv6 protocol stacksimplemented on the same device.• + Most simple and recommendedapproach, network is the same+ Applications can select whichnetwork protocol to be used• - IPv4-only cannot communicatewith IPv6-only- Need to maintain 2 routingtables, 2 firewall rule sets, 2network managementconfigurations etc..- Network applications mustdistinguish between IPv6 and IPv4peersTunneling6-in-4 or 4-in-6• One transport protocol is encapsulatedas the payload of the other (and viceversa).• + Connect Islands of IPv6 or IPv4+ Compatible across incompatiblenetworks+ Recommended for site-to-site• - Security issues with tunneledprotocols- Trough FW (FW can’t inspect payload)- Reduced performance- Complicated network managementand troubleshootingTranslationBetween IPv4 and IPv6(NAT64/DNS64)• Translates IPv6 names & addresses intoIPv4 names& addresses (and vice versa).• + Enables IPv6-only host to communicatewith IPv4-only hosts (and vice versa),+ No modification to IPv4 or IPv6 end nodes,only at boundary routers• - Application incompatibilities (e.g. VoIP),need for ALG, and has all NAT drawbacks- Increased complexity in network topology- Reduced Performance (dep. on HW)- Complicated troubleshootingSimple and widely used.Recommended StrategySimple and widely usedIf you must!Transition Strategies Explained
    18. 18. Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Lessons Learned• Conclusions
    19. 19. Connectivity and Routing
    20. 20. Autoconfiguration• All client-facing networks use SLAAC toallow clients to auto-assign themselves anIPv6 address and default gateway on thecorrect subnet– Supported by all IPv6-capable devicesAuto-assignedIPv6 addressDefault Gateway(Link-local from RA)
    21. 21. DNS• All DNS services are provided by DynDNSand load-balanced by F5• Using anycast to direct traffic to it’snearest DNS server, either show floor orDenver
    22. 22. InteropNET NOC Services• Goal was to provide all internal servicesover IPv6 as well as IPv4• This required coordination with vendors toenable IPv6, make sure services werebound to their IPv6 ports, and publishAAAA records• Most (but not all) services ended upreachable over IPv6
    23. 23. Wireless• InteropNET wireless is provided by Xirrus• Purpose-built VLANs are shared across allAPs and all are dual-stack
    24. 24. IPAM
    25. 25. IPv6 Attack TrafficSrc. Port Dst. Addr. Dst. Port Seg. Port In50854 2607:f8b0:4001:c02::bd 443 356597 2607:f8b0:400f:800::100a 443 356593 2607:f8b0:400f:800::1005 443 356598 2607:f8b0:400f:800::1000 443 349336 2404:6800:4003:802::1001 443 353427 2607:f8b0:400f:800::1000 80 349875 2607:fae0:1:1:426c:8fff:fe59:5172 22 351154 2607:f8b0:400f:800::100f 80 353425 2607:f8b0:400f:800::1006 80 349717 2607:fae0:1:1:426c:8fff:fe59:5172 22 351654 2607:f8b0:400f:800::1003 443 349221 2607:f8b0:400f:801::1006 443 349233 2607:fae0:1:1:426c:8fff:fe59:5172 22 353616 2a03:2880:10:6f01:face:b00c::5 80 363077 2607:f8b0:4001:c02::bd 443 353419 2607:f8b0:400f:800::1002 80 358448 2607:f8b0:400f:800::1005 443 353416 2607:f8b0:400f:801::100e 80 360311 2607:f8b0:400f:800::100c 80 362773 2607:f8b0:4001:c02::bd 443 350390 2607:f8b0:400f:800::1003 443 353406 2607:f8b0:400f:800::1009 80 362751 2607:f8b0:4001:c02::bd 443 362320 2607:f8b0:4001:c02::bd 443 362059 2607:f8b0:400f:800::1006 443 350117 2001:4860:4007:801::1007 443 351679 2607:f8b0:400f:801::100f 443 3
    26. 26. Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Lessons Learned• Results and Statistics• Conclusions
    27. 27. State of Assignments• All of the registries, for the most part,assign initial blocks for Service provider /32 Enterprise /48
    28. 28. What makes up a goodaddressing plan?• Depends on the type of network, the size ofthe network, and problem to be solved• Points to consider Documentation Ease of troubleshooting Aggregation Standards compliance Growth SLAAC Existing IPv4 addressing plan Human factors
    29. 29. Algorithmic Approach• Encode every IPv4 address in the networkin an IPv6 address10.10.10.10 (A0A0A0A)2001:DB8:A0A:A0A::
    30. 30. Link Numbering Issues• OSPFv3 masks this problem, unlike in IPv4• Separation of addressing from the link statedatabase means that OSPFv3 neighborrelationships will establish, even on links withmismatched addressing and/or masks• Link-local based forwarding prevents addressmismatches from being easily detectedbecause traffic flows normally andtraceroutes don’t appear too strange
    31. 31. Link Numbering Issues• To detect link numbering errors, look for “Uturn” routing:$ traceroute6 2620:144:B0C::traceroute to 2620:144:B0C:: (2620:144:b0c::), 30 hops max, 80 byte packets1 2620:144:8fc:: (2620:144:8fc::) 26.747 ms 26.730 ms 26.716 ms2 2620:144:b0c::2 (2620:144:b0c::2) 29.137 ms 29.222 ms 29.264 ms3 2620:144:8fc:: (2620:144:8fc::) 29.355 ms 29.335 ms 29.350 ms4 2620:144:8fc:: (2620:144:8fc::) 29.438 ms !H 29.433 ms !H 29.413 ms !HNote hop 2 is the misnumbered address. This traceroute should havelooked like this:$ traceroute6 2620:144:B0C::traceroute to 2620:144:B0C:: (2620:144:b0c::), 30 hops max, 80 byte packets1 2620:144:8fc:: (2620:144:8fc::) 32.473 ms 32.447 ms 32.427 ms
    32. 32. Link Numbering Issues
    33. 33. Link Numbering Issues• Should you number your links at all or justuse link-local?• Loopback interfaces usually show up soyou know which routers traffic is following,so why waste address space on links?
    34. 34. Link Numbering Issues• Using equal cost multipath?• $ traceroute6 2001:DB8::5:2• traceroute to 2001:DB8::5:2 (2001:DB8::5:2), 30 hops max,80 byte packets• 1 2001:DB8::6:1 (2001:DB8::6:1) 22.723 ms 26.730 ms26.716 ms• 2 2001:DB8::1:1 (2001:DB8::1:1) 80.233 ms * ms72.173 ms• 3 2001:DB8::5:2 (2001:DB8::5:2) * ms 99.223 ms29.350 ms• Which link did it take?
    35. 35. Link Numbering Issues• Does your management system use link numbering formonitoring or circuit identification?• Are you really saving any significant addressing by notassigning addresses?
    36. 36. Link Numbering Issues• $ traceroute6 2001:DB8::5:2• traceroute to 2001:DB8::5:2 (2001:DB8::5:2), 30hops max, 80 byte packets• 1 2001:DB8::6:1 (2001:DB8::6:1) 22.723 ms26.730 ms 26.716 ms• 2 2001:DB8::4 (2001:DB8::4) * ms 88.322 ms *ms• 3 2001:DB8::5:2 (2001:DB8::5:2) * ms 90.123ms 100.110 ms• Better, now we know which link is having issues.
    37. 37. Standards ComplianceNetworks smaller than /64 can be desirable,especially using /127s for point to point links(RFC 6164)To avoid future breakage, allocate a /64 in yourdocumentation but use the smaller blockSimilarly, reserve /48s for EVERYTHING youcan, there’s no reason to allocate densely,there’s plenty of spaceIf you have a complex network, allocate in asparse way to enable easy aggregation
    38. 38. Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Lessons Learned• Conclusions
    39. 39. DUID• When a Windows machine is cloned, you can gettwo or more machines with the same DHCPv6Unique IDentifier (DUID)• This DUID is used by the DHCPv6 server toidentify the client, so when two clients with thesame DUID request IPv6 addresses with DHCPv6,they will both be given the same address• When the second machine receives its addressfrom the DHCPv6 server, it does IPv6 DuplicateAddress Detection, determines there is an IPaddress conflict, and refuses the lease
    40. 40. Rogue RAs• When a client is configured to run 6to4 (anautomatic tunneling protocol) and InternetConnection Sharing, it will advertise itself as anIPv6 router by sending out RAs on its wirelessinterface• Clients receiving such RAs will auto-assignthemselves an address in the wrong subnet• Routers are generally configured with RA guard orequivalent on their wired ports• Unfortunately there is no way to block rogue RAsover wireless APs (and some wired switches)
    41. 41. Agenda• Background and Goals• IPv6 Basics• How IPv6 works on the InteropNET• Subnetting and Addressing• Challenges and Lessons Learned• Conclusions
    42. 42. Conclusions• IPv6 works in the real world• There are challenges to implementingIPv6, but nothing show-stopping• Much of the Internet’s content is reachableover IPv6 (and growing fast) including allof Google, FaceBook and 3000 other sites• A much smaller percentage of Internetusers have IPv6 connectivity (though thismay change quickly with IPv4 depletion)
    43. 43. Learn More!• http://www.getipv6.info/• http://tunnelbroker.net/• http://www.sixxs.net/• http://www.ipv6ready.org• https://www.arin.net/knowledge/ipv6_info_center.html• Contact us:– Brandon Ross,• Chief Network Architect and CEO• Network Utility Force• bross@netuf.net +1-404-635-6667– Jeff Enters• Chief Infrastructure Architect• HP TS Networking• Jeff.enters@hp.com +1-414-412-3268

    ×