IPv6: We Care So You Don't Have To


Published on

Is it time to panic? Are we completely out of IP addresses? Do I have to learn to speak hexadecimal? What is IPv6 and should you care? In this session, we'll attempt to answer these questions and more and we're likely to have more questions than answers. IPv6 is the newest version of the IP/Internet Protocol (currently referred to as IPv4) and was created primarily to address the shortage of IP addresses across the world. However, there's a lot more going on with IPv6 than just addressing changes. This session will address just what the campus has done and still needs to do and what you need to worry about as IPv6 comes closer to your front door.

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

IPv6: We Care So You Don't Have To

  1. 1. IPv6: We Care …. So You Don’t Have To Jim GoganDirector, ITS Comm Tech/Networking 2011 CTC Retreat
  2. 2. Setting the Stage• So, if you don’t care …. why are you here?• Can you run right out after this and start using IPv6 on campus? …… no• Are there still lots of implementation issues? …… yep• Can you ask questions during the presentation? …… it depends• What were YOU doing on World IPv6 Day?
  3. 3. What is IP?• Do I need to ask?• Current predominant implementation: IPv4 – What’s wrong with IPv4? – Addressing: 32 bits – the famous quad-dotted- decimal notation (e.g. – Provides for 4,294,967,296 IP addresses – Devices are statically configured for all necessary information or use DHCP for all necessary information
  4. 4. IPv4 Addresses Exhausted
  5. 5. Solutions for Addressing Addressing• NAT? – NO!! NAT is evil – NAT violates the end-to-end principle that’s the foundation of the Internet – NAT sucks …..• Large business failures? – “Microsoft has managed to purchase 666,624 IP addresses from the bankrupt Canadian company Nortel for $7.5 million.” – Doesn’t scale unless the economy REALLY gets bad• IPv6 – Bringing you a new address plan since 1998 (13 years ago!)
  6. 6. IPv6 Addresses• 128 bit addresses instead of 32 bits• Allows for 340,282,366,920,938,463,463,374,607,431,76 8,211,456 nodes• 52 trillion trillion addresses per person in the world• “Allows for scalable, simple and easily understandable addressing schemes” (pause for chuckle)
  7. 7. IPv6 Addressing Format• IPv6 address consists of 8 sets of 16 bit hex values, totaling 128 bits – Ex: 2610:0028:3090:5001:dddd:7a76:9e51:aacc• 16 bit hex values separated by colons• Abbreviation is possible – Can omit leading zeros – Consecutive zeroes in contiguous blocks can be represented by double colons • Ex: 2610:0028:0000:3090:0000:0000:9e51:aacc becomes 2610:28:0:3090::9e51:aacc (ahhh … MUCH better …..)• Network prefix like IPv4 CIDR –• IPv6 network prefix has similar notation – 2610:28:3090:5001::/64
  8. 8. First Impression of IPv6 Addresses
  9. 9. What Else Does IPv6 Offer?• No more broadcast addresses: IPv6 uses multicast instead (oh, joy!!)• SLAAC: Stateless Address Auto-Configuration – Router advertises itself (Router Advertisement) – Router provides IP address prefix info; host portion comes from end station itself – Uses ICMPv6 (all those sites blocking ICMP on systems --- one word: don’t!) – Still need DHCPv6 though and that presents other issues• No router fragmentation (jumbo frames users take note!)• No ARP – Neighbor Discovery Protocol instead (which also uses ICMPv6 and multicast)
  10. 10. IPv6 Addressing Model• Interfaces can have multiple addresses• Addresses have different scopes – Link-local – Unique-local – Global
  11. 11. Global (Unicast) Addresses• Routable across the Internet• Structured hierarchically to allow address aggregation – 1st 32 bits: ISP (3 high level bits set to 001) – Next 16 bits: Site Level Aggregator – Next 16 bits: LAN designation – Final 64 bits: Interface ID• /48 network prefix allows for 65,536 LANs (subnets)• So ….. All LANs have 64 bits of network prefix vs. variable length network prefix of IPv4• Ex: 2610:28:3090:5001:dddd:7a76:9e51:aacc
  12. 12. Unique-Local (Unicast) Addresses• Analogous to RFC-1918 IPv4 private addresses• Not routable on the Internet• Represented by FD00::/8• Not recommended to use BOTH Global and ULA – SAS (Source Address Selection) determines when to use which address; ULA should talk to ULA and Global should talk to Global; has issues
  13. 13. Link-Local (Unicast) Addresses• Mandatory addresses used between IPv6 devices on the same link• Automatically assigned by device on startup• Not routed• Begin with FE80::/10
  14. 14. Multicast Addresses• Prefix of FF00::/8• Second octet defines lifetime (permanent or temporary) and scope (node/link/site/organization/global)• Used for Router Advertisements, DHCP, NDP, multicast apps
  15. 15. So, How Much IPv6 Is Out There?• Not much – Maybe around .04-.08% of all Internet traffic – Around 6% of all networks on the Internet advertise an IPv6 network• World IPv6 Day – June 8th 2011 – Hundreds (wow!) of web companies and industry players enabled v6 on their main websites for 24 hours – Brought attention to the efforts; demonstrated what issues there were; demonstrated what issues there weren’t – UNC was a participant
  16. 16. IPv6 Status at UNC• Not much• Range: – Campus: 2610:28:3090::/47 • Public: 2610:28:3090::/48 • On-campus only: 2610:28:3091::/48 – UNC HealthCare (Hospital): 2610:28:8000::/48• NCREN has IPv6 routing enabled locally and with relevant peers• IPv6 disabled on CCI load• Enabled on a small number of campus VLANs, but we still had a presence on World IPv6 Day – http://www.unc.edu was accessible by IPv6-only clients but without IPv6 running on the web servers; how’d we do that?
  17. 17. Implementation Strategy• Dual-stack!!! Run BOTH IPv4 and IPv6 on critical infrastructure services, on servers that need IPv6 access and on limited number of clients that need IPv6 (helps for testing and troubleshooting)• Implement IPv6 records on DNS servers – A records for IPv4; AAAA records for IPv6 – Campus BIND DNS servers in dual-stack mode• Use static addresses or SLAAC for now (not good long-term strategy); working on DHCPv6 deployment, but there’s ….. issues …..
  18. 18. Issues for Deployment• Security• Monitoring tools• Security• Measurement tools• Security• Security• And …….
  19. 19. What We Learned Prepping for World IPv6 Day• FQDN references = good; quad-dotted decimal references = bad• Is all of your content local? (i.e. do you reference off-site URLs for content?)• Caching servers (impacted Facebook v6 pages)• Multicast is VERY important and not trivial to troubleshoot• Windows prefers IPv6 over IPv4• Solaris has ….. Issues• Default RHEL ip6tables blocks DHCPv6 by default
  20. 20. But Wait, There’s More• Router Advertisements• DHCPv6 – Apple … finally … – DUID (DHCP Unique Identifier) • No longer required to be MAC address • Issue with imaging systems• More tunnels than the Swiss Alps• IPv6 routing not in current “fluffy” code: coming soon
  21. 21. Where Do We Go From Here?• Slowly• Don’t see near-term requirement for IPv6 client access (other than troubleshooting server setups)• First priorities: server resources that require access from anywhere in the world (particularly Asia) – Talk to us first – Harden up those servers – Ask for static v6 addresses and register AAAA records – Monitor usage carefully
  22. 22. Resources• http://ipv6.unc.edu• http://www.getipv6.info/index.php/Main_Page (ARIN IPv6 Wiki)• http://ndtv701ipv6.net.unc.edu:7123/