The document discusses IPv6 addressing fundamentals and policies. It covers how to obtain IPv6 address space from RIPE, including the different allocation and assignment types. It provides guidelines for creating IPv6 addressing plans, with an example addressing plan that encodes information like function and location in the address. The document also discusses IPv6 transition mechanisms and how they allow connectivity to IPv4 networks during the transition period.
Aspekte von IPv6-Security
• Hackertools & ein paar Angriffsszenarien
• 3 Empfehlungen
q a) Ist IPv6 sicherer als IPv4?
q b) Ist IPv6 unsicherer als IPv4?
q c) Wer ist an allem Schuld?
q d) Wie wirkt sich die Integration von IPv6 in
meine Organisation auf deren IT-Sicherheit aus?
Swiss IPv6 Council Event, 24.02.2014
Neue Anforderungen an Security Devices durch IPv6
Referent: Christoph Weber, Swisscom
Mit der Einführung von IPv6 in die Datacenter und Client-Netzwerke werden neue Anforderungen an Security Devices wie Firewall, IDS/IPS und andere Security Enforcement Points gestellt. Dies erfordert Kenntnis von IPv6-spezifischen Security-Threats. Darauf basierend müssen neue Anforderungen definiert werden, gegen die anzuschaffende Geräte getestet werden müssen. Weiterhin müssen Standards bei bestehenden Geräten diesbezüglich angepasst werden, deren Implementierung validiert und Auditierungen angepasst werden.
In der Präsentation durch Christoph Weber von Swisscom werden die Ansätze, Ideen und Tools anhand von Firewall-Tests aufgezeigt und dargestellt, wie diese praktisch durchgeführt werden können und wie Ergebnisse bewertet werden müssen.
Bei der Adressarchitektur von IPv4 beinhaltet eine IP-Adresse zwei Informationen über einen Knoten (genaugenommen ein Interface): erstens die Adresse des Interfaces (Host-ID) und zweitens die Information, wie das Interface mit dem Netzwerk verbunden ist (Subnetz). Dies ändert sich mit IPv6 nicht, ausser dass der Adressraum viel grösser ist. Dies führt zu grösseren Herausforderungen in komplexen Netzwerken, insbesondere wenn Anforderungen an Multi-Homing oder Mobilität vorliegen.
LISP (Locator/ID Separation Protocol) ist eine neue Routingarchitektur mit einer neuen Adressierungsstruktur. Dabei wird die Identität eines Gerätes, auch Endpoint Identifier genannt (EID), von seiner Position im Netzwerk, auch Routing Locator (RLOC) genannt, in zwei separate Adressräume unterteilt.
Die Präsentation geht auf verschiedene Use Cases, insbesondere die Migration von IPv4 auf IPv6 mit LISP ein.
IPv6 configuration at CSCS
● Dual Stack approach
● Static addressing for networking equipment and servers
● Dynamic addressing for PC and guest networks
– Auto configuration with SLAAC
● But we still rely on DHCPv4 to distribute DNS
– Tests ongoing for:
● Distributing DNS via RA (RDNSS, RFC6106)
● DHCPv6
IPv6 deployment
5
● Configure the network part and FW/ACLs
– Test
● Configure IPv6 on the systems
– Test
– At this point the system uses IPv6 and IPv4 for outgoing
connections
● Publish the AAAA resource record into the DNS with short TTL
– If test is succesful: set normal TTL for the RR AAAA
– Now the system is fully IPv6 enabled
IPv6 lessons learned
7
● Some network devices send out RA even if they shouldn't
– Impact: machines get IPv6 global address
● Disable SLAAC autoconfiguration on all the servers
● Rogue RA:
– Impact: default gateway changed! No IPv6 connectivity anymore..
● Filter RA messages at the network level
● IPv6 ACL: be careful not to filter NS/ND messages
– Impact: you may break IPv6 connectivity
● On IPv6 ARP is replaced by ICMPv6 NS and ICMPv6 ND messages
● Firewall IPv6 limitations (CLI config needed, WebGUI not ready)
● Services not listening on IPv6. Remember to configure ssh, httpd, etc to
listen also on IPv6
Hands-on Experience with IPv6 Routing and ServicesCisco Canada
This IPv6 basic and advanced lab will provide you an opportunity to configure, troubleshoot, design and implement IPv6 network using IPv6 technologies and features such as; IPv6 addressing, IPv6 neighbor discovery, HSRPv6, static routing, OSPFv3, EIGRPv6 and BGPv6. You will be provided with a scenario made up with an IPv4 network where you will get the opportunity to configure and implement IPv6 based on the requirements and needs on the network. For e.g where would you deploy dual stack, where it make sense to do tunneling and how to deploy an IPv6 routing protocols without impacting your existing Network infrastructure.
Aspekte von IPv6-Security
• Hackertools & ein paar Angriffsszenarien
• 3 Empfehlungen
q a) Ist IPv6 sicherer als IPv4?
q b) Ist IPv6 unsicherer als IPv4?
q c) Wer ist an allem Schuld?
q d) Wie wirkt sich die Integration von IPv6 in
meine Organisation auf deren IT-Sicherheit aus?
Swiss IPv6 Council Event, 24.02.2014
Neue Anforderungen an Security Devices durch IPv6
Referent: Christoph Weber, Swisscom
Mit der Einführung von IPv6 in die Datacenter und Client-Netzwerke werden neue Anforderungen an Security Devices wie Firewall, IDS/IPS und andere Security Enforcement Points gestellt. Dies erfordert Kenntnis von IPv6-spezifischen Security-Threats. Darauf basierend müssen neue Anforderungen definiert werden, gegen die anzuschaffende Geräte getestet werden müssen. Weiterhin müssen Standards bei bestehenden Geräten diesbezüglich angepasst werden, deren Implementierung validiert und Auditierungen angepasst werden.
In der Präsentation durch Christoph Weber von Swisscom werden die Ansätze, Ideen und Tools anhand von Firewall-Tests aufgezeigt und dargestellt, wie diese praktisch durchgeführt werden können und wie Ergebnisse bewertet werden müssen.
Bei der Adressarchitektur von IPv4 beinhaltet eine IP-Adresse zwei Informationen über einen Knoten (genaugenommen ein Interface): erstens die Adresse des Interfaces (Host-ID) und zweitens die Information, wie das Interface mit dem Netzwerk verbunden ist (Subnetz). Dies ändert sich mit IPv6 nicht, ausser dass der Adressraum viel grösser ist. Dies führt zu grösseren Herausforderungen in komplexen Netzwerken, insbesondere wenn Anforderungen an Multi-Homing oder Mobilität vorliegen.
LISP (Locator/ID Separation Protocol) ist eine neue Routingarchitektur mit einer neuen Adressierungsstruktur. Dabei wird die Identität eines Gerätes, auch Endpoint Identifier genannt (EID), von seiner Position im Netzwerk, auch Routing Locator (RLOC) genannt, in zwei separate Adressräume unterteilt.
Die Präsentation geht auf verschiedene Use Cases, insbesondere die Migration von IPv4 auf IPv6 mit LISP ein.
IPv6 configuration at CSCS
● Dual Stack approach
● Static addressing for networking equipment and servers
● Dynamic addressing for PC and guest networks
– Auto configuration with SLAAC
● But we still rely on DHCPv4 to distribute DNS
– Tests ongoing for:
● Distributing DNS via RA (RDNSS, RFC6106)
● DHCPv6
IPv6 deployment
5
● Configure the network part and FW/ACLs
– Test
● Configure IPv6 on the systems
– Test
– At this point the system uses IPv6 and IPv4 for outgoing
connections
● Publish the AAAA resource record into the DNS with short TTL
– If test is succesful: set normal TTL for the RR AAAA
– Now the system is fully IPv6 enabled
IPv6 lessons learned
7
● Some network devices send out RA even if they shouldn't
– Impact: machines get IPv6 global address
● Disable SLAAC autoconfiguration on all the servers
● Rogue RA:
– Impact: default gateway changed! No IPv6 connectivity anymore..
● Filter RA messages at the network level
● IPv6 ACL: be careful not to filter NS/ND messages
– Impact: you may break IPv6 connectivity
● On IPv6 ARP is replaced by ICMPv6 NS and ICMPv6 ND messages
● Firewall IPv6 limitations (CLI config needed, WebGUI not ready)
● Services not listening on IPv6. Remember to configure ssh, httpd, etc to
listen also on IPv6
Hands-on Experience with IPv6 Routing and ServicesCisco Canada
This IPv6 basic and advanced lab will provide you an opportunity to configure, troubleshoot, design and implement IPv6 network using IPv6 technologies and features such as; IPv6 addressing, IPv6 neighbor discovery, HSRPv6, static routing, OSPFv3, EIGRPv6 and BGPv6. You will be provided with a scenario made up with an IPv4 network where you will get the opportunity to configure and implement IPv6 based on the requirements and needs on the network. For e.g where would you deploy dual stack, where it make sense to do tunneling and how to deploy an IPv6 routing protocols without impacting your existing Network infrastructure.
Presentation at OpenStack Summit Boston. This talk covers various lessons on IPv6 Neutron deployments like address allocation, address configuration, router consideration and so on.
There are still very few tools to defend against IPv6 related attacks. To improve this situation I wrote a plugin for Snort, the popular open source intrusion detection system. This plugin adds detection rules and a preprocessor for the Neighbor Discovery Protocol.
It is aimed at the detection of suspicious activity in local IPv6 networks and can detect misconfigured network elements, as well as malicious activities from attackers on the network.
(https://www.troopers.de/troopers14/troopers14-ipv6-security-summit-2014/troopers14-ipv6-security-summit-2014-presentations/index.html#IPv6Snort)
As with any new technology, IPv6 requires a learning curve for network managers and IT administration and operations personnel. This presentation covers many of the current best practices for approaching and progressing with an IPv6 deployment.
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
"Implementing an IPv6 Enabled Environment for a Public Cloud Tenant" case study I delivered in OpenStack Vancouver Summit (May, 2015) jointly with Anik and Sharmin from Cisco System.
DPDK Summit 2015 - Sprint - Arun RajagopalJim St. Leger
DPDK Summit 2015 in San Francisco.
Presentation by Arun Rajagopal, Sprint, and Sameh Gobriel, Intel.
For additional details and the video recording please visit www.dpdksummit.com.
Discussion slides for the SIP forum IPv6 task group conference call 12/12/12 covering issues with SIP DNS, SIP and locating next hop in a dual stack world and issues with Server Based ALG decisions for media paths.
IPv6 Integration im Datacenter - wie komplex ist es wirklich?Swiss IPv6 Council
Ein Anlass des Swiss Ipv6 Councils am 24. März 2014, 18 Uhr.
Referent: Ben Mathis, Leiter IT Plattform, Aspectra
Die Neugier von Ingenieuren zur Technologie stand am Anfang des Projekts, IPv6 in die beiden Datacenters der Aspectra AG zu integrieren. Inzwischen ist die erste Integrationsstufe abgeschlossen und die zweite in Arbeit. Rückblickend zeigt uns Ben Mathis, Leiter IT Plattform Aspectra AG, auf, welche Herausforderungen sich stellten und welche Entscheidungen der Schlüssel zur erfolgreichen IPv6 Integration waren. Genügend Zeit für Fragen bleibt selbstverständlich auch.
Inhalt:
- Die Motivation
- Die Strategie
- Die Implementierung
- 5 Do's und 5 Dont's
- Die offenen Punkte
Presentation at OpenStack Summit Boston. This talk covers various lessons on IPv6 Neutron deployments like address allocation, address configuration, router consideration and so on.
There are still very few tools to defend against IPv6 related attacks. To improve this situation I wrote a plugin for Snort, the popular open source intrusion detection system. This plugin adds detection rules and a preprocessor for the Neighbor Discovery Protocol.
It is aimed at the detection of suspicious activity in local IPv6 networks and can detect misconfigured network elements, as well as malicious activities from attackers on the network.
(https://www.troopers.de/troopers14/troopers14-ipv6-security-summit-2014/troopers14-ipv6-security-summit-2014-presentations/index.html#IPv6Snort)
As with any new technology, IPv6 requires a learning curve for network managers and IT administration and operations personnel. This presentation covers many of the current best practices for approaching and progressing with an IPv6 deployment.
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
"Implementing an IPv6 Enabled Environment for a Public Cloud Tenant" case study I delivered in OpenStack Vancouver Summit (May, 2015) jointly with Anik and Sharmin from Cisco System.
DPDK Summit 2015 - Sprint - Arun RajagopalJim St. Leger
DPDK Summit 2015 in San Francisco.
Presentation by Arun Rajagopal, Sprint, and Sameh Gobriel, Intel.
For additional details and the video recording please visit www.dpdksummit.com.
Discussion slides for the SIP forum IPv6 task group conference call 12/12/12 covering issues with SIP DNS, SIP and locating next hop in a dual stack world and issues with Server Based ALG decisions for media paths.
IPv6 Integration im Datacenter - wie komplex ist es wirklich?Swiss IPv6 Council
Ein Anlass des Swiss Ipv6 Councils am 24. März 2014, 18 Uhr.
Referent: Ben Mathis, Leiter IT Plattform, Aspectra
Die Neugier von Ingenieuren zur Technologie stand am Anfang des Projekts, IPv6 in die beiden Datacenters der Aspectra AG zu integrieren. Inzwischen ist die erste Integrationsstufe abgeschlossen und die zweite in Arbeit. Rückblickend zeigt uns Ben Mathis, Leiter IT Plattform Aspectra AG, auf, welche Herausforderungen sich stellten und welche Entscheidungen der Schlüssel zur erfolgreichen IPv6 Integration waren. Genügend Zeit für Fragen bleibt selbstverständlich auch.
Inhalt:
- Die Motivation
- Die Strategie
- Die Implementierung
- 5 Do's und 5 Dont's
- Die offenen Punkte
May 13, 2013, Swiss IPv6 Council Member Event.
The Impact of IPv6 to Net Politics
CGN Killer IPv6
- Why CGN isn't a good concept for the future, but IPv6 is.
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieSwiss IPv6 Council
Inhalt:
Kurz Vorgestellt Die Informatik von PostFinance
IPv6 bei PostFinance Warum wir uns mit IPv6 auseinandersetzen
Standortbestimmung Wo wir heute stehen
Herausforderungen Unsere ersten Erkenntnisse zu IPv6
Wie es weiter geht Rüstung für die Zukunft
Enterprise networks using private IPv4 address space might not feel the need to migrate to IPv6. They are wrong and might be faced with severe consequences in the future.
What LTE Parameters need to be Dimensioned and OptimizedHoracio Guillen
How to Dimension user Traffic in 4G networks
What is the best LTE Configuration
Spectrum analysis for LTE System
MIMO: What is real, What is Wishful thinking
LTE Measurements what they mean and how they are used
How to consider Overhead in LTE Dimensioning and What is the impact
How to take into account customer experience when Designing a Wireless Network
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Swiss IPv6 Council
● Anfang 2013
„Das Netzwerkmanagement erfolgt zukünftig ausschliesslich über IPv6. Alle
relevanten Netzwerkparameter (IPv4 und IPv6) werden über IPv6 abgefragt.
Konfigurationen der Netzwerkelemente sollen regelmässig automatisiert
gesichert werden. Der Transport erfolgt hier ebenfalls über IPv6“
● November 2013
… nun ja
für das hier vorgestellte Monitoring-Projekt
Erhöhte Anforderungen an das Netzwerk der AWK Group
Redundante Netzwerkkonfigurationen ohne Monitoring machen wenig Sinn
● … für diese Slides
Teilnehmer für Praxis-Versuche motvieren
Inhalt:
Wer sind wir Projektteam, Projekt
Die Post National und international
Post Domain Verwaltung ca. 700 Domains in ca. 70 Ländern
Adresskonzept Unsere ersten Erfahrungen
Dual Stack Sicherheit nicht unterlaufen
Vom User zur Post Wo stehen wir heute
Erfahrungen Hindernisse zu überwinden
Masterplan (Engineering) Unsere Entscheidungsgrundlage
Tools und Prozesse Wie weit sind wir
Intranet und Datacenter Im Lifecycle IPv6 ready werden
IPv6 Enterprise Adoption Planning.
Opportunities and Challenges.
The Evolution of the Internet and what we learn from it
IPv6 101
Why should you introduce IPv6 now
Is there an IPv6 Killer App
Planning and Methodology
The 7 most important steps
The biggest sumbling blocks - theory and practice
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
2. 2
• RIPE Policies
• What ranges can I get, and where?
• Allocation Process
• How do I use this space?
• IPv6 Addressing Guidelines
• Recommendations
Agenda
Tuesday, April 29, 2014
3. Ferenc Csorba - 13 March 2014
RIPE NCC
• Located in Amsterdam
• Not for profit organisation
• One of the 5 Regional Internet
Registries
RIPE NCC - who are we? 3
Tuesday, April 29, 2014
4. 4
“On 14 September 2012, the RIPE NCC
ran out of their regular pool of IPv4”
Tuesday, April 29, 2014
6. IPv6 Address Basics
6IP Address Distribution
Allocation PA Assignment PI Assignment
IANA
End User
LIR
RIR
/3
/32
/12
/56/48 /48
Tuesday, April 29, 2014
7. Ferenc Csorba - 13 March 2014
RIPE Policies
•IPv6 Address Allocation &
Assignment Policy
•RIPE-589
•Made by the RIPE Community
•Consensus is the key
7
Tuesday, April 29, 2014
8. Getting it
8
• To qualify, an organisation must:
• Be an LIR
• Have a plan for making assignments within two years
• Minimum allocation size /32
• Up to a /29 without additional justification
• More if justified by customer numbers
Getting an IPv6 allocation
Tuesday, April 29, 2014
9. Getting it
9
• Give your customers enough addresses
• up to a /48
• For more addresses send in request form
• alternatively, make a sub-allocation
• Every assignment must be registered in the
RIPE Database
Customer Assignments
Tuesday, April 29, 2014
10. Getting it
10Comparison IPv4 and IPv6 status
IPv4 IPv6
ALLOCATED PA ALLOCATED-BY-RIR
ASSIGNED PA ASSIGNED
ASSIGNED PA AGGREGATED-BY-LIR
SUB-ALLOCATED PA ALLOCATED-BY-LIR
ASSIGNED PI ASSIGNED PI
Tuesday, April 29, 2014
11. Getting it
11
• Status is ASSIGNED
• Minimum assignment size is a/64
• For more than a /48, send a request form
Using ASSIGNED
ALLOCATED-BY-RIR
ASSIGNED /44
Tuesday, April 29, 2014
12. Getting it
12
• Can be used to group customers
• broadband, for example
• “assignment size” = assignment of each customer
Using AGGREGATED-BY-LIR
ALLOCATED-BY-RIR
AGGREGATED-BY-LIR
assignment-size: 56
/34
/56 /56/56/56/56
Tuesday, April 29, 2014
13. Getting it
13
inet6num: 2001:db8:1000::/36
netname: Brightlife
descr: Broadband services
country: NL
admin-c: BN649-RIPE
tech-c: BN649-RIPE
status: AGGREGATED-BY-LIR
assignment-size: 48
mnt-by: BRIGHTLIFE-MNT
notify: noc@example.net
changed: noc@example.net 20130218
source: RIPE
AGGREGATED-BY-LIR in the RIPE DB
Tuesday, April 29, 2014
14. Getting it
14
• Can be used for customers who expect large growth
• or for your own infrastructure
Using ALLOCATED-BY-LIR
ALLOCATED-BY-RIR
ALLOCATED-BY-LIR
AGGREGATED-BY-LIR
assignment-size: 48
/40
/36
Tuesday, April 29, 2014
16. Getting it
16
• To qualify, an organisation must:
• Meet the contractual requirements for provider
independent resources
• LIRs must demonstrate special routing requirements
• Minimum assignment size /48
• PI space can not be used for sub-assignments
• not even 1 IP address
Getting IPv6 PI address space
Tuesday, April 29, 2014
17. Tips
17IPv6 RIPEness: 10238 LIRs
4 stars
21%
3 stars
14%
2 stars
8%1 star
25%
No IPv6
32%
Tuesday, April 29, 2014
21. Why Create an Addressing Plan?
Benefits of an IPv6 Addressing Plan:
•Mental health during implementation(!)
•Easier implementation of security policies
•Efficient addressing plans are scalable
•More efficient route aggregation
21
Tuesday, April 29, 2014
22. 4 Bit Boundaries
IPv6 offers flexibility with addressing plans
Network addressing can be done on 4 bit
boundaries
22
Tuesday, April 29, 2014
23. Customers
Customers should get a large block of
addresses
•/48 - Business
•/48 or 56 - Residential
For more than a /48, send a request form
Every assignment must be registered
23
Tuesday, April 29, 2014
24. Example Situation
Customer has 6 functions:
•Servers
•Office PCs
•Network Engineers PCs
•Guests
•VPN (remote workers)
• Infrastructure (point-to-point and
loopbacks)
24
Tuesday, April 29, 2014
25. Example Situation
Customer has 3 locations:
•Main building floor 1
•Main building floor 2
•Secondary office
25
Tuesday, April 29, 2014
26. Example Assignment from LIR
The customer gets 2001:0db8:1a2b::/48
Work on 4 bit boundary
• 6 functions, leaves room for 10 new functions
• 3 locations, leaves room for 13 new locations
• We still have 8 bits!
• Room for 256 networks per function per location
26
Tuesday, April 29, 2014
27. Example Plan 1
Putting this in the address:
2001:0db8:1a2b:FLXX::/64
•F = function (0=infrastructure, 1=servers,
2=office, 3 =engineers, e=vpn, f=guest)
•L = location (0=main building 1, 1=main
building 2, 2=secondary office
•XX = Number for network of type +location
27
Tuesday, April 29, 2014
34. Example Plan Usage
2001:0db8:1a2b:1000::/64
•Servers in Main building, floor 1, network 0
2001:0db8:1a2b:1200::/64
•Servers in Secondary office, network 0
2001:0db8:1a2b:f009::/64
•Guest in Main Building, floor 1, network 9
28
Tuesday, April 29, 2014
35. Example Plan Usage
2001:0db8:1a2b:1000::/64
•Servers in Main building, floor 1, network 0
2001:0db8:1a2b:1200::/64
•Servers in Secondary office, network 0
2001:0db8:1a2b:f009::/64
•Guest in Main Building, floor 1, network 9
28
Tuesday, April 29, 2014
42. Example Plan Usage
2001:0db8:1a2b:0000::1/128
•loopback address (location doesn’t apply!)
2001:0db8:1a2b:0102::/64
•point-to-point link (0 for infrastructure)
2001:0db8:1a2b:e1ab::/64
•VPN in main office, floor 1, user 171
29
Tuesday, April 29, 2014
43. Example Plan Usage
2001:0db8:1a2b:0000::1/128
•loopback address (location doesn’t apply!)
2001:0db8:1a2b:0102::/64
•point-to-point link (0 for infrastructure)
2001:0db8:1a2b:e1ab::/64
•VPN in main office, floor 1, user 171
29
Tuesday, April 29, 2014
44. Example Plan Usage
2001:0db8:1a2b:0000::1/128
•loopback address (location doesn’t apply!)
2001:0db8:1a2b:0102::/64
•point-to-point link (0 for infrastructure)
2001:0db8:1a2b:e1ab::/64
•VPN in main office, floor 1, user 171
29
Tuesday, April 29, 2014
45. Alternatives
The previous example is just an idea
•Adapt as necessary
2001:0db8:1a2b:FFLX::/64
•256 functions
•16 locations
•16 networks per function per location
30
Tuesday, April 29, 2014
46. End User Summary
Tips:
•Work on 4-bit boundary
•Group subnets by function
•Group subnets by location
•Make a scalable addressing plan
31
Tuesday, April 29, 2014
47. ISP Addressing Plan
What should an ISP Addressing Plan contain?
•Address space for internal use
• loopback interfaces
• point-to-point connections
• servers, routers and other infrastructure at PoPs
•Use a /48 per POP
•Address space for customers
32
Tuesday, April 29, 2014
48. Loopback Interfaces
One /128 per device
• One /64 contains enough space for
18.446.744.073.709.551.616 devices
Take an easy to remember block for
loopbacks
• 2001:0db8:1a2b:0000:0000:0000:0000:0000
33
Tuesday, April 29, 2014
49. Point-to-Point Interfaces
One /64 per point-to-point connection
•Reserve 1 /64 for the link, but configure a /
127 (RFC6164)
34
Tuesday, April 29, 2014
50. ISP Guidelines
In common cases:
•One /48 per PoP
•Calculate growth
•Make it scalable
35
Tuesday, April 29, 2014
51. IPv6 Address Basics
36
• Every subnet should be a /64
• Customer assignments (sites) between:
• /64 (1 subnet)
• /48 (65,536 subnets)
• Minimum allocation size /32
• 65,536 /48s
• 16,777,216 /56s
IPv6 Address Basics
Tuesday, April 29, 2014
52. IPv6 Address Basics
37IPv6 Subnetting
0000:00002001:0DB8:0000:0000:0000:0000:0000:0000
IPv6 Subnetting
/32 = 65536 /48
/48 = 65536 /64
/52 = 4096 /64
/56 = 256 /64
64 bits interface ID
/60 = 16 /64
/64
Contact Training Services: ts@ripe.net
Follow us on Twitter: www.twitter.com/TrainingRIPENCC
www.ripe.net
Tuesday, April 29, 2014
53. Tips
38
• Customers have no idea how to handle 65536
subnets!
• Provide them with information
• https://www.ripe.net/lir-services/training/material/
IPv6-for-LIRs-Training-Course/IPv6_addr_plan4.pdf
Customers And Their /48
Tuesday, April 29, 2014
56. Transition Mechanisms
41
• Maintaining connectivity to IPv4 hosts by
sharing IPv4 addresses between clients
• Extending the address space with NAT/CGN/LSN
• Translating between IPv6 and IPv4
• Provide a mechanism to connect to the
emerging IPv6-only networks
• Tunneling IPv6 packets over IPv4-only networks
Transitioning: Solving Two Problems
Tuesday, April 29, 2014
57. Transition Mechanisms
42
• Manually configured tunnels towards a fixed
tunnel broker like SixXS, Hurricane Electric
or your own system
• Stable and predictable but not easily
deployed to the huge residential markets
• MTU might cause issues
6in4
Tuesday, April 29, 2014
59. Transition Mechanisms
44
• 6to4
• “Automatic” tunnel, system can configure itself
• IPv4 address is part of the IPv6 address
• Requires a public IPv4 address
• Uses anycast to reach a nearby server
• Return traffic might choose another server
• Teredo
• Uses UDP to encapsulate packets
• Works across (most) NAT implementations
6to4 and Teredo
Tuesday, April 29, 2014
60. Transition Mechanisms
456to4 and Teredo
PROVIDERCUSTOMER INTERNET
Home User
IPv4
IPv6 Internet
Anycast
6to4 Tunnel Servers
Infrastructure
IPv4
Tuesday, April 29, 2014
61. Transition Mechanisms
46
• Quite similar to 6to4
• Encodes the IPv4 address in the IPv6 prefix
• Uses address space assigned to the operator
• The operator has full control over the relay
• Traffic is symmetric across a relay
• Or at least stays in your domain
• Can work with both public and private space
• Needs additional software for signaling
6RD
Tuesday, April 29, 2014
63. Transition Mechanisms
48
• Single-stack clients will only have IPv6
• Translator box will strip all headers and
replace them with IPv4
• Requires some DNS “magic”
• Capture responses and replace A with AAAA
• Response is crafted based on target IPv4 address
• Usually implies address sharing on IPv4
NAT64/DNS64
Tuesday, April 29, 2014
65. Transition Mechanisms
50
• Tunneling IPv4 over IPv6
• Allows clients to use RFC1918 addresses
without doing NAT themselves
• NAT is centrally located at the provider
• Client’s IPv6 address is used to maintain
state and to keep clients apart
• Allows for duplicate IPv4 ranges
DS-lite
Tuesday, April 29, 2014