Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
IPv6 Roll-out Where  do  we   start ? Olivier MJ Crépin-Leblond  PhD   http://www.gih.com/ocl.html   -  [email_address] Ve...
IPv4 address depletion <ul><li>How quickly are new addresses allocated? </li></ul><ul><li>How soon are we running out of a...
RIR IPv4  Address   Assignments Source: http://www.potaroo.net/tools/ipv4/  Figure 9 © 2009 Global Information  Highway  Ltd
IPv4  Address   Depletion Source: http://www.potaroo.net/tools/ipv4/  Figure 30 © 2009 Global Information  Highway  Ltd
IPv4 address depletion <ul><li>Pool of IANA unallocated IPv4 address blocks depleted by about mid-2011. Pool of Regional I...
So where do we start? <ul><li>The difficulty in implementing dual stack, ie. IPv4/IPv6 dual capability, varies from servic...
A typical corporate network © 2009 Global Information  Highway  Ltd
Textbook roll-out in a large successful IT focused organization  <ul><li>Traditionally , roll-out of a network starts in t...
The textbook roll-out Problem: high implementation difficulty and high costs at early stages of implementation act as a ba...
Order of Traditional Roll-out Digit color: cost / Box color: difficulty © 2009 Global Information  Highway  Ltd
So where do we start? <ul><li>Regardless of network topology (which we’ll ignore in our example diagram), start with the “...
Set-up dual stack backbone test © 2009 Global Information  Highway  Ltd
A step by step approach <ul><li>Most recent routers support IPv6 and IPv4 dual stack. </li></ul><ul><li>Software upgrade r...
Implement dual stack DNS © 2009 Global Information  Highway  Ltd
A step by step approach <ul><li>Most DNS servers run on Unix/Linux hosts which are inherently IPv6 compatible. </li></ul><...
Implement dual stack E-mail /SMTP © 2009 Global Information  Highway  Ltd
A step by step approach <ul><li>Most Email servers run on Unix/Linux hosts which are inherently IPv6 compatible * . </li><...
Connect to outside world via IPv6 © 2009 Global Information  Highway  Ltd
A step by step approach <ul><li>Most recent Firewalls support IPv6 and IPv4 dual stack. </li></ul><ul><li>Software upgrade...
IPv6 Internet Service Provider? <ul><li>Is your ISP IPv6 compatible? </li></ul><ul><ul><li>Yes: no problem – you can now c...
Set-up dual stack Web Server © 2009 Global Information  Highway  Ltd
A step by step approach <ul><li>Most Web servers run on Unix/Linux hosts + Apache which are inherently IPv6 compatible * ....
Upgrade Intranet Databases to Dual Stack © 2009 Global Information  Highway  Ltd
A step by step approach <ul><li>Many database servers run on Unix/Linux hosts which are inherently IPv6 compatible. </li><...
Set-up local hub dual stack tests © 2009 Global Information  Highway  Ltd
A step by step approach <ul><li>Most recent routers support IPv6 and IPv4 dual stack. </li></ul><ul><li>Software upgrade r...
Set-up dual stack clients © 2009 Global Information  Highway  Ltd
A step by step approach <ul><li>Ease of use depends on operating system: </li></ul><ul><ul><li>Pre-windows XP: unlikely to...
Expand dual stack resilience © 2009 Global Information  Highway  Ltd
A step by step approach <ul><li>Most recent routers support IPv6 and IPv4 dual stack. </li></ul><ul><li>Software upgrade r...
Full dual stack IPv6 Roll-out © 2009 Global Information  Highway  Ltd
A step by step approach <ul><li>Includes interfacing with legacy databases. </li></ul><ul><li>Includes WIFI access, as wel...
Summary A stage by stage roll-out of IPv6/IPv4 dual stack, leading to a migration towards IPv6 is possible and can be seam...
Graphical Summary of proposal © 2009 Global Information  Highway  Ltd
Conclusion <ul><li>Immediately: Ensure that IPv6 compatibility is  compulsory  for  all  new purchases of IT & Telecom Equ...
Proprietary document.  By taking delivery of this Presentation (hereafter “Presentation”), you accept on behalf of your co...
Upcoming SlideShare
Loading in …5
×

Suggestion for an IPv6 Roll Out

3,266 views

Published on

With the IPv4 free address pool decreasing in size daily, it is high time for an organisation to start work on implementing IPv6. But such an important process is complex, so where does one start?
This presentation proposes a novel way to roll-out IPv6 in an organisation by starting with the easiest services first.

Feedback is welcome.

Published in: Technology
  • Follow the link, new dating source: ❤❤❤ http://bit.ly/39pMlLF ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating for everyone is here: ❤❤❤ http://bit.ly/39pMlLF ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Suggestion for an IPv6 Roll Out

  1. 1. IPv6 Roll-out Where do we start ? Olivier MJ Crépin-Leblond PhD http://www.gih.com/ocl.html - [email_address] Version 200908.1 © 2009 Global Information Highway Ltd
  2. 2. IPv4 address depletion <ul><li>How quickly are new addresses allocated? </li></ul><ul><li>How soon are we running out of addresses? </li></ul><ul><li>Why do I need to think about this now? </li></ul><ul><li>Why has it taken so much time to get there? </li></ul><ul><li>Can’t I just wait until IPv4 addresses run out? </li></ul><ul><li>Isn’t this going to be costly? </li></ul><ul><li>Okay – so where/how do I start? </li></ul>© 2009 Global Information Highway Ltd
  3. 3. RIR IPv4 Address Assignments Source: http://www.potaroo.net/tools/ipv4/ Figure 9 © 2009 Global Information Highway Ltd
  4. 4. IPv4 Address Depletion Source: http://www.potaroo.net/tools/ipv4/ Figure 30 © 2009 Global Information Highway Ltd
  5. 5. IPv4 address depletion <ul><li>Pool of IANA unallocated IPv4 address blocks depleted by about mid-2011. Pool of Regional Internet Registry (RIR) IPv4 address blocks depleted 6-8 months later. </li></ul><ul><li>3 options for a new project: 100% IPv6, or using IPv4 Network Address Translation (NAT), or (after 2012) purchase IPv4 address on the market. By that time, IPv4 address market will likely make those addresses more expensive to obtain. </li></ul><ul><li>The only sustainable way out of this dilemma is to start transferring services to IPv6 now! </li></ul>© 2009 Global Information Highway Ltd
  6. 6. So where do we start? <ul><li>The difficulty in implementing dual stack, ie. IPv4/IPv6 dual capability, varies from service to service. </li></ul><ul><li>Since IPv6 is different to IPv4, a period of training, testing and adaptation is required for the network installers and operators. </li></ul><ul><li>Start as soon as possible in order to be able to perform a tidy and natural network upgrade. </li></ul><ul><li>The traditional method in rolling out new networks is to start with the backbone and then implement services </li></ul><ul><li>This leads to faster implementation but because it triggers the need to upgrade everything at once, it looks expensive to managers who will need to sign for the project. </li></ul>© 2009 Global Information Highway Ltd
  7. 7. A typical corporate network © 2009 Global Information Highway Ltd
  8. 8. Textbook roll-out in a large successful IT focused organization <ul><li>Traditionally , roll-out of a network starts in the following order: </li></ul><ul><ul><li>Access: set-up access router/firewall and IPv6 access. Defining a clear networking numbering plan </li></ul></ul><ul><ul><li>Install Client Computers / Backbone / Local Offices </li></ul></ul><ul><ul><li>Implement full dual-stack resilience in network </li></ul></ul><ul><ul><li>Set-up DNS, Email, Web Servers, Database Servers etc. </li></ul></ul><ul><ul><li>Draft a comprehensive IPv6 company policy </li></ul></ul><ul><li>Where are the barriers to this implementation? </li></ul>© 2009 Global Information Highway Ltd
  9. 9. The textbook roll-out Problem: high implementation difficulty and high costs at early stages of implementation act as a barrier to entry, to which a corporation might be unwilling to commit. (*) these stages can take place simultaneously. © 2009 Global Information Highway Ltd Test $$ 2/5 Dual Stack Resilience 5 Test $$ 2/5 Local Hubs 4 Test $$ 3/5 Backbone Router 3 Test $$$ 1/5 Client Computers 2 Test $$ 3/5 Access Router/FW 1 $$ 5/5 Write IPv6 policy 10 Test $$$ 3/5 Database Server 9 (*) Test $ 1/5 Web Server 8 (*) Test $ 1/5 Email Server 7 (*) Test $ 1/5 DNS Server 6 (*) Status Cost Difficulty Title Stage
  10. 10. Order of Traditional Roll-out Digit color: cost / Box color: difficulty © 2009 Global Information Highway Ltd
  11. 11. So where do we start? <ul><li>Regardless of network topology (which we’ll ignore in our example diagram), start with the “ easier ” services first! Go for quick wins! </li></ul><ul><li>Those are services already running on hosts which are naturally IPv6 compatible and can run dual stack in a stable way: </li></ul><ul><ul><li>You will be surprised how many such hosts exist; </li></ul></ul><ul><ul><li>You will be surprised how easy it is to make them run IPv4 & IPv6 simultaneously. </li></ul></ul>© 2009 Global Information Highway Ltd
  12. 12. Set-up dual stack backbone test © 2009 Global Information Highway Ltd
  13. 13. A step by step approach <ul><li>Most recent routers support IPv6 and IPv4 dual stack. </li></ul><ul><li>Software upgrade required for older routers. </li></ul><ul><li>If your backbone routers cannot support IPv6, it might be time to consider replacing them (except in some cases when you could run IPv6 on IPv4) </li></ul><ul><li>It might be costly to upgrade front end router management software, although manufacturers are releasing new versions. </li></ul><ul><li>New numbering plan is required. Design it carefully. </li></ul>© 2009 Global Information Highway Ltd Test $$ 3/5 Backbone Router 1 Status Cost Difficulty Title Stage
  14. 14. Implement dual stack DNS © 2009 Global Information Highway Ltd
  15. 15. A step by step approach <ul><li>Most DNS servers run on Unix/Linux hosts which are inherently IPv6 compatible. </li></ul><ul><li>Software upgrade required for older servers. </li></ul><ul><li>Can be batched with other DNS server upgrades, such as, for example, DNSSEC, DKIM text, SPF, etc. </li></ul><ul><li>Custom-written Front End input software is the stumbling block here because it might be more costly to upgrade. </li></ul>© 2009 Global Information Highway Ltd Test $ 1/5 DNS Server 2 Status Cost Difficulty Title Stage
  16. 16. Implement dual stack E-mail /SMTP © 2009 Global Information Highway Ltd
  17. 17. A step by step approach <ul><li>Most Email servers run on Unix/Linux hosts which are inherently IPv6 compatible * . </li></ul><ul><li>Software upgrade required for older servers. </li></ul><ul><li>If IPv6 does not work, email automatically falls back to IPv4. </li></ul><ul><li>Use of IPv6 for Email opens the door to IP whitelisting and possible future anti-spam & authentication methods. </li></ul>( * ) http://smtpsurvey.stillhq.com/smtp-survey.cgi?dashboard=1 © 2009 Global Information Highway Ltd Test $ 1/5 Email Server 3 Status Cost Difficulty Title Stage
  18. 18. Connect to outside world via IPv6 © 2009 Global Information Highway Ltd
  19. 19. A step by step approach <ul><li>Most recent Firewalls support IPv6 and IPv4 dual stack. </li></ul><ul><li>Software upgrade required for older Firewalls. </li></ul><ul><li>If your Firewalls cannot support IPv6, it is time to get ready to replace them. </li></ul><ul><li>New numbering plan is required etc. </li></ul><ul><li>New company-wide Firewall rules are required. </li></ul><ul><li>Access Router/FW can access native IPv6 directly or through a tunnel. </li></ul><ul><li>No more Network Address Translation (NAT) so Firewall rules need to be precise! </li></ul>© 2009 Global Information Highway Ltd Test $$ 3/5 Access Router/FW 4 Status Cost Difficulty Title Stage
  20. 20. IPv6 Internet Service Provider? <ul><li>Is your ISP IPv6 compatible? </li></ul><ul><ul><li>Yes: no problem – you can now connect to the Internet using IPv6 </li></ul></ul><ul><ul><li>No: your Firewall/Access Router can access the Internet through a Tunnel to an IPv6 tunneling service: </li></ul></ul><ul><ul><ul><li>This is not as hard as it sounds. Many ISPs offer IPv6 tunneling and setting up is no harder than setting up a Virtual Private Network. </li></ul></ul></ul><ul><ul><ul><li>However: when your ISP will offer Native IPv6, the move from tunneled IPv6 to native IPv6 will be require renumbering, so this is only advisable for smaller networks. </li></ul></ul></ul>© 2009 Global Information Highway Ltd Test $ 2/5 Access Router/FW 4. 5 Status Cost Difficulty Title Stage
  21. 21. Set-up dual stack Web Server © 2009 Global Information Highway Ltd
  22. 22. A step by step approach <ul><li>Most Web servers run on Unix/Linux hosts + Apache which are inherently IPv6 compatible * . </li></ul><ul><li>Software upgrade required for older servers. </li></ul><ul><li>Load balancing software and other custom-written front end software might be the stumbling block here because it might be more costly to upgrade or rewrite. However, not all Web sites use this. </li></ul>( * ) http://news.netcraft.com/archives/web_server_survey.html © 2009 Global Information Highway Ltd Test $ 1/5 Web Server 5 Status Cost Difficulty Title Stage
  23. 23. Upgrade Intranet Databases to Dual Stack © 2009 Global Information Highway Ltd
  24. 24. A step by step approach <ul><li>Many database servers run on Unix/Linux hosts which are inherently IPv6 compatible. </li></ul><ul><li>Software upgrade required for older servers. </li></ul><ul><li>Older Operating Systems and custom-written software are the stumbling blocks here. </li></ul><ul><li>Some of these systems might be legacy systems which cannot be upgraded. This is where investment is required for an IPv6 – IPv4 NAT implementation. </li></ul>© 2009 Global Information Highway Ltd Test $$$ 3/5 Database Server 6 Status Cost Difficulty Title Stage
  25. 25. Set-up local hub dual stack tests © 2009 Global Information Highway Ltd
  26. 26. A step by step approach <ul><li>Most recent routers support IPv6 and IPv4 dual stack. </li></ul><ul><li>Software upgrade required for older routers. </li></ul><ul><li>If your local routers cannot support IPv6, it is time to get ready to replace them. </li></ul><ul><li>It might be costly to upgrade front end router management software, although manufacturers are releasing new versions. </li></ul><ul><li>New numbering plan is required etc. </li></ul><ul><li>Knowledge has already been acquired from upgrading backbone. </li></ul>© 2009 Global Information Highway Ltd Test $$ 2/5 Local Hubs 7 Status Cost Difficulty Title Stage
  27. 27. Set-up dual stack clients © 2009 Global Information Highway Ltd
  28. 28. A step by step approach <ul><li>Ease of use depends on operating system: </li></ul><ul><ul><li>Pre-windows XP: unlikely to upgrade. </li></ul></ul><ul><ul><li>Windows XP: possible to upgrade but not ideal. </li></ul></ul><ul><ul><li>Windows Vista: IPv6 compatible. </li></ul></ul><ul><ul><li>Windows 7: 100% IPv6 compatible + special added features. </li></ul></ul><ul><ul><li>Mac OSX: IPv6 compatible. </li></ul></ul><ul><li>Not all software compatible either. </li></ul><ul><li>Consider upgrading to latest O/S + Software in next replacement cycle. </li></ul>© 2009 Global Information Highway Ltd Test $$$ 1/5 Client Computers 8 Status Cost Difficulty Title Stage
  29. 29. Expand dual stack resilience © 2009 Global Information Highway Ltd
  30. 30. A step by step approach <ul><li>Most recent routers support IPv6 and IPv4 dual stack. </li></ul><ul><li>Software upgrade required for older routers. </li></ul><ul><li>If your backbone routers cannot support IPv6, it is time to get ready to replace them. </li></ul><ul><li>New numbering plan is required etc. </li></ul><ul><li>By that time, hands-on experience has already been acquired thanks to test phase. Less time is spent testing. </li></ul>© 2009 Global Information Highway Ltd $$ 2/5 Dual Stack Resilience 9 Status Cost Difficulty Title Stage
  31. 31. Full dual stack IPv6 Roll-out © 2009 Global Information Highway Ltd
  32. 32. A step by step approach <ul><li>Includes interfacing with legacy databases. </li></ul><ul><li>Includes WIFI access, as well as IP telephony. </li></ul><ul><li>New numbering plan is followed etc. </li></ul><ul><li>By that time, valuable hands-on experience has already been acquired thanks to test phases so costs are reduced. </li></ul><ul><li>The challenge is integration of all new devices. </li></ul>© 2009 Global Information Highway Ltd $$ 5/5 Full Roll-out 10 Status Cost Difficulty Title Stage
  33. 33. Summary A stage by stage roll-out of IPv6/IPv4 dual stack, leading to a migration towards IPv6 is possible and can be seamless if started today. Costs can be spread over time and training can take place in early testing stages. © 2009 Global Information Highway Ltd Test $$ 3/5 Backbone Router 1 $$ 5/5 Full Roll-out 10 $$ 2/5 Dual Stack Resilience 9 Test $$$ 1/5 Client Computers 8 Test $$$ 3/5 Database Server 6 Test $$ 2/5 Local Hubs 7 Test $ 1/5 Web Server 5 Test $$ 3/5 Access Router/FW 4 Test $ 1/5 Email Server 3 Test $ 1/5 DNS Server 2 Status Cost Difficulty Title Stage
  34. 34. Graphical Summary of proposal © 2009 Global Information Highway Ltd
  35. 35. Conclusion <ul><li>Immediately: Ensure that IPv6 compatibility is compulsory for all new purchases of IT & Telecom Equipment (whether directly or through bids). </li></ul><ul><li>Do not wait for a need to push you to transition: starting this gradual process immediately , will ensure a smoother transition process. </li></ul><ul><li>Starting immediately , your IT personnel will more easily be introduced to IPv6. </li></ul><ul><li>A more serene approach to resolve this challenge. </li></ul><ul><li>Reduced Risks; Reduced costs. </li></ul><ul><li>Treat this as “inside information” </li></ul>© 2009 Global Information Highway Ltd
  36. 36. Proprietary document. By taking delivery of this Presentation (hereafter “Presentation”), you accept on behalf of your company or organization to comply with the following. No other property rights are granted by the delivery of this Presentation than the right to read it and reproduce it in its entirety, for the sole purpose of information. This Presentation, its content, illustrations and photos shall not be modified without prior written consent of Global Information Highway Ltd (hereafter “GIH”). It can be reproduced in part provided its source is duly acknowledged. Some parts of this Presentation (illustrations and basic Mask/Layout) are copyrighted by third parties including but not limited to Microsoft® as well as Sources quoted. This Presentation and the materials it contains shall not, in whole or in part, be sold, rented, or licensed to any third party subject to payment or not. This Presentation may contain market-sensitive or other information that is correct at the time of going to press. This information involves a number of factors which could change over time, affecting the true public representation. GIH assumes no obligation to update any information contained in this document or with respect to the information described herein. The statements made herein do not constitute an offer or form part of any contract. They are based on GIH information and are expressed in good faith but no warranty or representation is given as to their accuracy. When additional information is required, its author can be contacted to provide further details. GIH shall assume no liability for any damage in connection with the use of this Presentation and the materials it contains, even if GIH has been advised of the likelihood of such damages. This licence is governed by English law and exclusive jurisdiction is given to the courts and tribunals of England without prejudice to the right of GIH to bring proceedings for infringement of copyright or any other intellectual property right in any other court of competent jurisdiction. All Rights Reserved. © 2009 Global Information Highway Ltd. Global Information Highway Ltd 7 Kensington Church Court London W8 4SP United Kingdom

×