Intro: What is IPv6? • Developed in the 1990s • IPv6 is…? • IPv1, v2, v3, v5.. IPv7? Features IPv4 IPv6 Size 32 bits 128 bits Space 4,294,967,296 340,282,366,920,938,463,463,3 74,607,431,768,211,456 NotaGon doHed decimal notaGon hexadecimal with colons
The Internet Big Picture INTERNET USAGE STATISTICS World Internet Users and PopulaGon Stats Source = hHp://www.internetworldstats.com/stats.htm
DrasGc measures by USG Upgrade public/external facing servers and services (e.g. web, email, DNS, ISP services, etc) to operationally use native IPv6 by the end of FY 2012; Upgrade internal client applications that communicate with public Internet servers and supporting enterprise networks to operationally use native IPv6 by the end of FY 2014; Designate an IPv6 Transition Manager and submit their name, title, and contact information to IPv6@omb.eop.gov by October 30, 2010. The IPv6 Transition Manager is to serve as the person responsible for leading the agency s IPv6 transition activities, and liaison with the wider Federal IPv6 effort as necessary; and, Ensure agency procurements of networked IT comply with FAR requirements for use of the USGv6 Profile and Test Program for the completeness and quality of their IPv6 capabilities.
DrasGc measures by USG Release Date: February 2010 The purpose of Guidelines for the Secure Deployment of IPv6 is to provide information security guidance to organizations that are planning to deploy IPv6 technologies or are simply seeking a better understanding of IPv6. The scope of this document encompasses the IPv6 protocol and related protocol specifications. IPv6-related security considerations are discussed with emphasis on deployment-related security concerns. The document also includes general guidance on secure IPv6 deployment and integration planning.
Malaysia: What’s our IPv4 stats Malaysia s IPv4 pool status Allocated Adver<sed Unadver<sed % Used 6,366,720 5,416,960 949,760 85.08%
Malaysia s Deployment Timeline • Ministry of Energy, Water and CommunicaGons (MEWC @ KTAK)1 had iniGated the establishment of Na<onal IPv6 Council in 2004 • NAv6 Centre was also established in 2005 as experts to advice and guide the government. • The NaGonal IPv6 Council of Malaysia has stated2: ISPs by 2006 Public Sector by 2011 Malaysia by 2012 1 – Now know as Ministry Of Information, Communication And Culture (MICC) @ (KPKK) 2 – The timeline has been revised by the Government in 2010
Malaysia’s IPv6 iniGaGve: ISP IPv6 Compliance Audit IPv6 Compliance Audit for ISPs Phase 1 :- Basic IPv6 Connectivity Phase 2 :- ISP Interconnectivity Phase 3 :- Implementation of IPv6 for Commercial ServicesPhase 2 Compliance Audit :7 December until 21 December 20091. Celcom (M) Berhad2. DiGi Telecommunications Sdn Bhd3. Extreme Broadband Sdn Bhd4. Global Transit Communications Sdn Bhd5. JARING Communications Sdn Bhd6. Maxis7. NTT MSC Sdn Bhd8. Optical Communication Engineering Sdn Bhd9. Packet One Networks (M) Sdn Bhd10. Telekom Malaysia Berhad11. TT dotCom Sdn Bhd12. TM Net Sdn Bhd Phase 1 Compliance ISP Audit executed on March 2007 Source: http://www.skmm.gov.my/link_file/tenders/pdf10/notification_IPv6_audit_phase2.pdf http://nav6.usm.my/Research/isp.php
Malaysia: DNS & Domains Total .MY domains in Malaysia Source : http://www.domainregistry.my/
Malaysia: DNS & Domains Total .MY domains that supports IPv6 Source : http://www.domainregistry.my/
Malaysia’s IPv6 iniGaGve: IPv6 Compliance Audit Another achievement for the global IPv6 community. • The Malaysian .my Domain Registry has taken the initiative to undergo the Phase-1 IPv6 Compliance audit offered by NAv6 for their Secondary DNS Server on the 23rd April 2010. • This is the 3rd audit conducted for .my Domain Registry. • The 1st audit in April 2008 was to verify their network connectivity while the 2nd audit also in 2008 was done on their Primary DNS Server. • NAv6 would like to extend our heartiest congratulations to .my Domain Registry for their initiatives and accomplishments as one of the global key organization spearheading the IPv6.MY Domain Registry is IPv6 implementations. enabled 1st Audit April 2008 2nd Audit 2008 3rd Audit April 2010
Malaysia’s IPv6 iniGaGve: IPv6 TransiGon Guideline for Public Sector CollaboraGve eﬀort between KTAK, MAMPU, NAv6 and several key agencies. Made available to the public on 4th January 2010 http://www.mampu.gov.my/pdf/suratarahankp040110.pdf Document covers: • IPv6 implementation in Malaysia • Introduction to IPv6 • Management Structure • Recommended Phases of IPv6 implementation at agencies • Phase 1 • Phase 2 • Phase 3
IPv6 TransiGon Guideline for Public Sector Explaining Phase 1 Phase 1 is targeted at gefng the agencys main oﬃce (HQ) capable of supporGng IPv6 and achieving secure global connec<vity. What need to be done: • Plan the budget, network architecture and other consideraGons. • Set up a simula<on laboratory @ Test Lab. • Perform a comprehensive compliance and security audit. • Set up few applica<ons to take advantages of IPv6. • Evaluate the implementaGon.
IPv6 TransiGon Guideline for Public Sector Explaining Phase 2 The objecGve of Phase 2 is to replicate the Phase 1 setup in a branch oﬃce. What need to be done is similar to Phase 1: • Plan the budget, network architecture and other consideraGons. • Set up a simula<on laboratory @ Test Lab (if required). • Perform a comprehensive compliance and security audit. • Set up few applica<ons to take advantages of IPv6. • Evaluate the implementaGon.
IPv6 TransiGon Guideline for Public Sector Explaining Phase 3 Phase 3 is geared towards migraGng applicaGons. It is best to choose an applicaGon that has a signiﬁcant value to the organizaGon for the migraGon process. Making the applicaGon IPv6 aware: potenGal issues to look for: • The applicaGon was purchased and the vendor is no longer suppor<ng it. • It is an in-‐house built applicaGon whereby the current developers are not trained in developing applicaGons for IPv6. • Modifying or porGng the current applicaGon will incur a high cost in data migraGon.
Sample Deployment: Enabling IPv6 on MoF’s Web Portal 1 2 3
Five Steps On The Path To IPv6 • Focus on IP address design and management. • Start the IPv6 preﬁx assignment applicaGon process now. Stop worrying about conserving addresses and start thinking about adding meaning to individual hex digits. • Update network support systems • Do you have an internal DNS infrastructure? Can nameservers support both IPv4 A and IPv6 AAAA records? If theyre dual stacked, how do they respond to a name query when there are both IPv4 and IPv6 addresses assigned? • Budget for security updates and exper<se • End-‐to-‐end IPsec notwithstanding, security systems tend to be the problem children in IPv6 deployments. Not everything will survive the transiGon, so allocate some funds here.
Five Steps On The Path To IPv6 • Understand the lingo • Tools for monitoring, logging, alarms, conﬁguraGon management, and change management have to understand IPv6, not speak it. • Have end-‐to-‐end training • Dont limit IPv6 educaGon to IT. Going all-‐IPv6 posiGons your company as a technology leader. Make sure customer-‐facing personnel can tell the story.
Building Human Resource: CerGﬁed IPv6 Network Engineer (CNE6) [ http://nav6.usm.my/Academic/training.php ] The aim of this IPv6 training program is to give in depth informaGon on the transiGon from IPv4 to IPv6 and expose the parGcipants on the technical experGse needed in the deployment of IPv6 in the organizaGons network.