Presentation held at PreFIA Workshop at 07.05.2013 in Dublin by Gerold Gruber and Martin Krengel, Citkomm
Dealing with real challenges in IPv6 transition process of a municipality data centre
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
GEN6 IPv6 data centre transition workbench report Citkomm
1. Author:
Version:
IPV6 TRANSITION IN PRACTICE
WORKBENCH REPORT
Pre FIA Workshops
GEN6 Governments enabled IPv6
Gerold Gruber
Martin Krengel
07.05.2013
V 1.0
3. 3
CITKOMM
WHO WE ARE …
Over 40 years of company history
One of the major municipal
IT service providers in
North Rhine-Westfalia
195 employees
appr. 22 Mio. business volume (2011)
Founded as central data centre
Evolution to system integrator
CITKOMM
5. 5
CITKOMM
WHAT WE DO …
Technology
Operating infrastructure
Management of
special applications
Professional support
for applications
Software development
Authentication
6. 6
CITKOMM
WHAT WE DO …
Consulting
Financial accounting
Information technology
Business processes and
organisation
Document management
7. 7
CITKOMM
WHAT WE DO …
Shared Services
Accounting
Personal management
Information technology
8. 8
CITKOMM AS GEN6 PILOT
PROJECT TARGET
Enable the data centre for IPv6
9. MPLS
Backbone
9
CITKOMM AS GEN6 PILOT
NETWORK OVERVIEW
Internet
sTESTA
DOI
Backbone
DMZ
Application
Backbone
citkomm
Network
iWAN
Customer
Network
10. 10
CITKOMM AS GEN6 PILOT
WHY IT IS POSSIBLE
Implementation as Dual Stack
Keep untouched systems unaffected operational as far as
possible
Using existing systems
Network mostly bases on Linux software routers, no
investment necessary to use up-to-date software
Current installed operating systems in server and client
support IPv6
Legacy technology can be hidden
Terminal services
Backend networks
11. 11
CHALLENGE
IPV6 ADDRESSES
Addresses are available from RIPE NCC
But what is about routing on private trunks?
Allocation of an aggregated IPv6 address space
for the German public administration
National concept for address distribution in public
government "IPv6 address concept and key points of the
organisation“
Addressing is not simply ´re-addressing„ from
existing IPv4 networks
Points for traffic regulation / firewalling necessary
13. 13
CHALLENGE
IPV6 ROUTING IN PRIVATE CLOUDS
Routing on private paths using public addresses
No more hiding behind NAT
Several destinations in several networks with several
subnets
Limited memory in small routers can not hold huge routing
tables
Aggregation of subnets is necessary
14. 14
CHALLENGE
BUSINESS APPLICATIONS
Public government use special software
Most suppliers are focussed on one single application
IT-development focuses on the professional user…
…a loooot less on administration or software design
Even less emphasis on network demands, security or
infrastructure innovations
Several Applications base on legacy core or are
still legacy
15. 15
CHALLENGE
PROOFED INVESTMENT
There is no IPv6 ready certificate for
interoperation test
IPv6 enabled in product flyer can mean nearly
everything
Clear demands for procurement of components –
fitting to use case
IPv6 profiles, published by the Federal Office of
Administration
http://www.bit.bund.de/BIT/DE/Beratung/IPv6/BestPractice
/node.html
in German only so far, English translation is inprogress
16. 16
CHALLENGE
WEB APPLICATIONS
Web Modules are restricted to IPv4
IPv4-adresses as “field type”
Restricted field length for session handling / cookies
Late support for IPv6 (Typo3: Nov. 2012)
Workaround
Reverse Proxy to avoid native IPv6 on the server interface
but
Remaining problems on customer IPv6, like e.g. cookie
size
Pay attention on DNS entries, only enable tested sites
17. 17
CHALLENGE
DYNAMIC ROUTING
Internet Access Network and Backbone are
dynamic routed based on OSPF
IPv6 operating on separate daemon
Integration of IPv6 machine by machine as used
Full support in Internet Access Network
Partial support in Backbone
19. 19
SUMMARY
EASY STEPS FOR IPV6
Develop an IPv6 addressing scheme
Get IPv6 addresses
Enable uplink for IPv6
Enable DNS with IPv6
Enable external Mail with IPv6
Test web services with access based on IPv6
And than
Go ahead with your personal challenges...