APNIC deployed IPv6 across its network and services over several years using the following approach:
1) APNIC initially used its IPv6 allocation of 2001:DC0:2000::/35 and split it into /48 and /64 subnets for its network. It configured IPv6 routing and DNS services for these subnets.
2) APNIC then deployed IPv6 for its critical services like DNS, web, FTP, mail, and load balancing. This included configuring IPv6 addresses and enabling IPv6 protocols for these services.
3) APNIC later added anycast instances of its DNS services and regional whois service using cloud providers to improve availability. Lessons learned included testing services thoroughly before deployment and monitoring
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
Abitcool - A vast array of small-scale service providers with gigabit access, by Tony Hain. A presentation given at APNIC 38 during the APOPS 3 session.
- 22% of visible DNS resolvers are capable of making IPv6 queries, but 35% of DNS queries are actually passed to these resolvers, indicating more widespread IPv6 support.
- The top IPv6-capable resolvers are operated by companies like Google, AT&T, and Comcast, serving over 60% of queries.
- IPv6 DNS responses have a high success rate (96%) when response sizes are kept below the typical 1500 byte MTU to avoid fragmentation issues.
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
APNIC Chief Scientist Geoff Huston presented on the various approached used by root servers to deliver large DNS responses at the DNS-OARC 26 in Madrid from 15 to 16 May 2017.
APNIC deployed IPv6 across its network and services over several years using the following approach:
1) APNIC initially used its IPv6 allocation of 2001:DC0:2000::/35 and split it into /48 and /64 subnets for its network. It configured IPv6 routing and DNS services for these subnets.
2) APNIC then deployed IPv6 for its critical services like DNS, web, FTP, mail, and load balancing. This included configuring IPv6 addresses and enabling IPv6 protocols for these services.
3) APNIC later added anycast instances of its DNS services and regional whois service using cloud providers to improve availability. Lessons learned included testing services thoroughly before deployment and monitoring
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
Abitcool - A vast array of small-scale service providers with gigabit access, by Tony Hain. A presentation given at APNIC 38 during the APOPS 3 session.
- 22% of visible DNS resolvers are capable of making IPv6 queries, but 35% of DNS queries are actually passed to these resolvers, indicating more widespread IPv6 support.
- The top IPv6-capable resolvers are operated by companies like Google, AT&T, and Comcast, serving over 60% of queries.
- IPv6 DNS responses have a high success rate (96%) when response sizes are kept below the typical 1500 byte MTU to avoid fragmentation issues.
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
APNIC Chief Scientist Geoff Huston presented on the various approached used by root servers to deliver large DNS responses at the DNS-OARC 26 in Madrid from 15 to 16 May 2017.
IPv6 deployment architecture for broadband access networksAPNIC
At CommunicAsia 2016, Training and Technical Assistance Manager Nurul Islam discussed the design option for IPv6 in a broadband access network and the impact that IoT will have on this in order to support future growth.
This document summarizes the results of measuring IPv6 performance by embedding scripts in online ads. IPv6 connections were found to be about as fast as IPv4 connections, with IPv6 being faster around half the time and within 10ms of IPv4 for most connections. However, IPv6 connections were also found to be less reliable, with an average failure rate of 1.5% compared to 0.2% for IPv4. While speeds are generally comparable once established, the higher failure rate of IPv6 connections means IPv4 still has an advantage in reliability of initial connections.
Welcome to the APNIC Member Gathering, MongoliaAPNIC
Services Director George Kuo presents on IPv6 deployment in the region; IPv6 in broadband networks, getting more IPv4 address space; APNIC whois data quality, and routing security at a Member Gathering in Mongolia from 13 to 14 June 2017.
CommunicAsia 2017: IPv6 deployment architecture for IoTAPNIC
APNIC Training and Technical Assistance Manager Nurul Islam discusses the design options for IPv6 in a broadband access network and the impact that IoT will have on this in order to support future growth at CommunicAsia 2017.
FPT Telecom has deployed IPv6 throughout its core network, broadband network gateway (BNG), and customer premise equipment (CPE). At the BNG, IPv6 was deployed by combining the BNG with a DHCPv6 server. Over 818,000 IPv6 subscribers have been onboarded, accounting for 24.3% of FPT Telecom's total subscribers. Case studies examined issues with generating unique DHCP client identifiers and methods for selectively deploying IPv6 to only CPE devices ready to support it.
BGP: Whats so special about the number 512?GeoffHuston
It was reported that parts of the Internet crashed when the number of routes in the Internet's Inter-domain routing table (BGP) exceeded 512K routes. This presentation looks at the growth of the Internet's routing table and how this correlates to the capacity and speed of memory in hardware routers.
Internet Noise (A Story About Two Little Subnets - Tom PasekaMyNOG
Tom Paseka from Cloudflare presented on internet noise received on the IP blocks 1.1.1.0/24 and 1.0.0.0/24. He discussed that these blocks receive unwanted traffic such as from misconfigurations and misuse. Traffic levels have increased to 8-13Gbps from previous studies. Legitimate traffic makes up an estimated 7-13% and includes DNS queries. Availability testing found issues with over 30 ISPs null routing or using the blocks internally. Documentation recommends blocks like 192.0.2.0/24 for examples but sometimes they are still misused.
Community tools to fight against DDoS, SANOG 27APNIC
Community tools can help fight DDoS attacks in three ways:
1. Bogon filtering blocks traffic from bogon address space not assigned to any network. Networks share bogon lists and filter incoming routes.
2. Flow Sonar provides visual network traffic analysis to detect anomalies indicating attacks. It incorporates DDoS alert feeds to identify compromised sources.
3. UTRS implements remote triggered blackhole filtering to divert suspected attack traffic to a null route. Cooperating networks distribute and apply attack filters to mitigate large infrastructure attacks.
Netflix uses its Open Connect content delivery network to stream video content directly to internet service providers. The Open Connect network consists of appliances located within ISP networks that cache Netflix's content. This allows 95% of Netflix's streaming traffic to be served directly from the Open Connect caches, reducing load on upstream networks. The control plane determines the optimal stream for a user, while the data plane serves the cached content through Open Connect during playback. Netflix fills the caches overnight using predictive algorithms to pre-position popular content at locations close to users.
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaMyNOG
The document discusses using an SDN controller and BGP EPE to enable inter-domain traffic engineering. The solution uses the controller to calculate optimal paths, push MPLS labels to ingress routers, and dynamically steer traffic to peering links. This allows automatic optimization for congestion and latency while simplifying ASBRs to only label switching with no IP lookup or policies. Telemetry from the network is also used for analytics and machine learning to enable predictive and adaptive traffic engineering across domains.
1. APNIC measures IPv6 deployment using online advertisements that test devices' ability to fetch URLs over IPv6. Their data shows 24.07% of end users are IPv6 capable, a over 400% increase in the past 5 years.
2. India has the highest percentage of IPv6 capable users at 63.79%, while many Asian and European economies have over 30%. Mobile networks are a major driver of IPv6 adoption.
3. IPv6 performance analysis shows a 1.4% global failure rate for TCP connections and varying results for connection speeds between regions, which may be influenced by different routing paths for IPv4 and IPv6.
Enterprise networks using private IPv4 address space might not feel the need to migrate to IPv6. They are wrong and might be faced with severe consequences in the future.
464XLAT Tutorial, by Masataka Mawatari.
Presented at the APNIC 40 "Hypes? Fanfares? Fads? Wading through the muddy IPv6 puddle" session, Wed 9 Sep 2015.
This document summarizes a large European service provider's plans for deploying IPv6 across its various networks, including residential, L3 MPLS VPN, and public networks. It discusses challenges around operating multivendor networks with interdependent services. The service provider is taking a dual-stack approach, initially exposing only external-facing services to IPv6. Configuration details are provided for residential broadband network elements like Juniper E320/ERX routers, covering topics like interfaces, routing, subscriber addressing, DNS servers, accounting, and LNS configuration. The goal is a transparent rollout that maintains existing IPv4 customer experiences while introducing IPv6 connectivity.
IPv4 addresses are nearly exhausted while IPv6 provides a vast address space to support continued Internet growth. While IPv4 and IPv6 can coexist, IPv6 adoption is needed as the only sustainable solution. Global metrics show increasing IPv6 deployment over time through allocations, routing entries, and user access, though challenges remain around applications, skills, and justification. RIRs and IETF are committed to IPv6 to maintain the openness and development of the Internet.
This document provides an overview of network state awareness and troubleshooting techniques. The agenda covers troubleshooting methodology, packet forwarding review, active and passive monitoring, quality of service, control plane, and routing protocol stability. It distinguishes between the control plane, which creates routing information based on aggregated data, and the data plane, which makes forwarding decisions based on packet details. Various troubleshooting tools are discussed like traceroute, interface statistics, NetFlow, and performance monitoring to analyze the network from the data plane perspective.
The document summarizes APNIC's deployment of IPv6 services, including their initial allocation and address planning, DNS deployment on dual stack servers, web, FTP, mail, load balancing, internal LAN/WiFi, and VPN services. It discusses lessons learned around testing IPv6 functionality before adding AAAA records, using low TTLs initially, ensuring reverse DNS works, and expanding monitoring to cover IPv6 connectivity and services. IPv6 services are now also offered on cloud platforms.
This document provides guidance on rapidly deploying IPv6 for ISP networks. It begins by outlining common concerns with IPv6 implementation and then provides steps to take including: starting implementation in a lab; enabling IPv6 on core infrastructure; enabling customer services in stages from easiest to hardest; and conducting a network readiness assessment. The document then provides examples of enabling IPv6 on routers and end customer connections using a simplified IPv6 addressing scheme. It discusses additional considerations like security, Linux and Windows test beds, non-networking devices, sources of help, and convincing management of the need for IPv6 deployment.
IPv6 deployment architecture for broadband access networksAPNIC
At CommunicAsia 2016, Training and Technical Assistance Manager Nurul Islam discussed the design option for IPv6 in a broadband access network and the impact that IoT will have on this in order to support future growth.
This document summarizes the results of measuring IPv6 performance by embedding scripts in online ads. IPv6 connections were found to be about as fast as IPv4 connections, with IPv6 being faster around half the time and within 10ms of IPv4 for most connections. However, IPv6 connections were also found to be less reliable, with an average failure rate of 1.5% compared to 0.2% for IPv4. While speeds are generally comparable once established, the higher failure rate of IPv6 connections means IPv4 still has an advantage in reliability of initial connections.
Welcome to the APNIC Member Gathering, MongoliaAPNIC
Services Director George Kuo presents on IPv6 deployment in the region; IPv6 in broadband networks, getting more IPv4 address space; APNIC whois data quality, and routing security at a Member Gathering in Mongolia from 13 to 14 June 2017.
CommunicAsia 2017: IPv6 deployment architecture for IoTAPNIC
APNIC Training and Technical Assistance Manager Nurul Islam discusses the design options for IPv6 in a broadband access network and the impact that IoT will have on this in order to support future growth at CommunicAsia 2017.
FPT Telecom has deployed IPv6 throughout its core network, broadband network gateway (BNG), and customer premise equipment (CPE). At the BNG, IPv6 was deployed by combining the BNG with a DHCPv6 server. Over 818,000 IPv6 subscribers have been onboarded, accounting for 24.3% of FPT Telecom's total subscribers. Case studies examined issues with generating unique DHCP client identifiers and methods for selectively deploying IPv6 to only CPE devices ready to support it.
BGP: Whats so special about the number 512?GeoffHuston
It was reported that parts of the Internet crashed when the number of routes in the Internet's Inter-domain routing table (BGP) exceeded 512K routes. This presentation looks at the growth of the Internet's routing table and how this correlates to the capacity and speed of memory in hardware routers.
Internet Noise (A Story About Two Little Subnets - Tom PasekaMyNOG
Tom Paseka from Cloudflare presented on internet noise received on the IP blocks 1.1.1.0/24 and 1.0.0.0/24. He discussed that these blocks receive unwanted traffic such as from misconfigurations and misuse. Traffic levels have increased to 8-13Gbps from previous studies. Legitimate traffic makes up an estimated 7-13% and includes DNS queries. Availability testing found issues with over 30 ISPs null routing or using the blocks internally. Documentation recommends blocks like 192.0.2.0/24 for examples but sometimes they are still misused.
Community tools to fight against DDoS, SANOG 27APNIC
Community tools can help fight DDoS attacks in three ways:
1. Bogon filtering blocks traffic from bogon address space not assigned to any network. Networks share bogon lists and filter incoming routes.
2. Flow Sonar provides visual network traffic analysis to detect anomalies indicating attacks. It incorporates DDoS alert feeds to identify compromised sources.
3. UTRS implements remote triggered blackhole filtering to divert suspected attack traffic to a null route. Cooperating networks distribute and apply attack filters to mitigate large infrastructure attacks.
Netflix uses its Open Connect content delivery network to stream video content directly to internet service providers. The Open Connect network consists of appliances located within ISP networks that cache Netflix's content. This allows 95% of Netflix's streaming traffic to be served directly from the Open Connect caches, reducing load on upstream networks. The control plane determines the optimal stream for a user, while the data plane serves the cached content through Open Connect during playback. Netflix fills the caches overnight using predictive algorithms to pre-position popular content at locations close to users.
Cloud Traffic Engineer – Google Espresso Project by Shaowen MaMyNOG
The document discusses using an SDN controller and BGP EPE to enable inter-domain traffic engineering. The solution uses the controller to calculate optimal paths, push MPLS labels to ingress routers, and dynamically steer traffic to peering links. This allows automatic optimization for congestion and latency while simplifying ASBRs to only label switching with no IP lookup or policies. Telemetry from the network is also used for analytics and machine learning to enable predictive and adaptive traffic engineering across domains.
1. APNIC measures IPv6 deployment using online advertisements that test devices' ability to fetch URLs over IPv6. Their data shows 24.07% of end users are IPv6 capable, a over 400% increase in the past 5 years.
2. India has the highest percentage of IPv6 capable users at 63.79%, while many Asian and European economies have over 30%. Mobile networks are a major driver of IPv6 adoption.
3. IPv6 performance analysis shows a 1.4% global failure rate for TCP connections and varying results for connection speeds between regions, which may be influenced by different routing paths for IPv4 and IPv6.
Enterprise networks using private IPv4 address space might not feel the need to migrate to IPv6. They are wrong and might be faced with severe consequences in the future.
464XLAT Tutorial, by Masataka Mawatari.
Presented at the APNIC 40 "Hypes? Fanfares? Fads? Wading through the muddy IPv6 puddle" session, Wed 9 Sep 2015.
This document summarizes a large European service provider's plans for deploying IPv6 across its various networks, including residential, L3 MPLS VPN, and public networks. It discusses challenges around operating multivendor networks with interdependent services. The service provider is taking a dual-stack approach, initially exposing only external-facing services to IPv6. Configuration details are provided for residential broadband network elements like Juniper E320/ERX routers, covering topics like interfaces, routing, subscriber addressing, DNS servers, accounting, and LNS configuration. The goal is a transparent rollout that maintains existing IPv4 customer experiences while introducing IPv6 connectivity.
IPv4 addresses are nearly exhausted while IPv6 provides a vast address space to support continued Internet growth. While IPv4 and IPv6 can coexist, IPv6 adoption is needed as the only sustainable solution. Global metrics show increasing IPv6 deployment over time through allocations, routing entries, and user access, though challenges remain around applications, skills, and justification. RIRs and IETF are committed to IPv6 to maintain the openness and development of the Internet.
This document provides an overview of network state awareness and troubleshooting techniques. The agenda covers troubleshooting methodology, packet forwarding review, active and passive monitoring, quality of service, control plane, and routing protocol stability. It distinguishes between the control plane, which creates routing information based on aggregated data, and the data plane, which makes forwarding decisions based on packet details. Various troubleshooting tools are discussed like traceroute, interface statistics, NetFlow, and performance monitoring to analyze the network from the data plane perspective.
The document summarizes APNIC's deployment of IPv6 services, including their initial allocation and address planning, DNS deployment on dual stack servers, web, FTP, mail, load balancing, internal LAN/WiFi, and VPN services. It discusses lessons learned around testing IPv6 functionality before adding AAAA records, using low TTLs initially, ensuring reverse DNS works, and expanding monitoring to cover IPv6 connectivity and services. IPv6 services are now also offered on cloud platforms.
This document provides guidance on rapidly deploying IPv6 for ISP networks. It begins by outlining common concerns with IPv6 implementation and then provides steps to take including: starting implementation in a lab; enabling IPv6 on core infrastructure; enabling customer services in stages from easiest to hardest; and conducting a network readiness assessment. The document then provides examples of enabling IPv6 on routers and end customer connections using a simplified IPv6 addressing scheme. It discusses additional considerations like security, Linux and Windows test beds, non-networking devices, sources of help, and convincing management of the need for IPv6 deployment.
Successes and Challenges of IPv6 Transition at APNICAPNIC
This document summarizes APNIC's experiences implementing dual-stack NAT-PT and IPv6-only Wi-Fi networks. It describes the challenges faced such as needing NAT at an unusual location and user reconnections over UDP. Solutions such as access lists, route maps and increased UDP timeouts are discussed. The success of IPv6-only Wi-Fi on various devices is also noted, along with challenges in connecting some mobile devices, which was addressed by enabling RDNSS on the router. The importance of services supporting IPv6 is highlighted.
This document discusses VMware Integration Engineering's implementation of IPv6 in their physical and virtual infrastructure.
The key points are:
1) VMware Integration Engineering implemented IPv6 to test and validate VMware products as if operating as a real customer, including acquiring IPv6 address space and enabling IPv6 in their physical network and virtual testbeds (vPods).
2) Their implementation involved multiple phases including network audits, address planning, enabling management services, and deploying IPv6 routing.
3) Their use of virtual testbeds (vPods) with dual-stack IPv4/IPv6 networks was very successful for testing networking scenarios and VMware products.
4) Some best
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...gogo6
gogo6 IPv6 Video Series. Event, presentation and speaker details below:
EVENT
gogoNET LIVE! 3: Enterprise wide Migration. http://gogonetlive.com
November 12 – 14, 2012 at San Jose State University, California
Agenda: http://gogonetlive.com/4105/gogonetlive3-agenda.asp
PRESENTATION
Deploying IPv6 in Cisco's Labs
Presentation video: http://www.gogo6.com/video/deploying-ipv6-in-cisco-s-labs-by-robert-beckett-at-gogonet-live
Interview video: http://www.gogo6.com/video/interview-with-robert-beckett-at-gogonet-live-3-ipv6-conference
SPEAKER
Robert Beckett - Services Technical Leader, Cisco Systems
Bio/Profile: http://www.gogo6.com/profile/RobertBeckett
MORE
Learn more about IPv6 on the gogoNET social network
http://www.gogo6.com
Get free IPv6 connectivity with Freenet6
http://www.gogo6.com/Freenet6
Subscribe to the gogo6 IPv6 Channel on YouTube
http://www.youtube.com/subscription_center?add_user=gogo6videos
Follow gogo6 on Twitter
http://twitter.com/gogo6inc
Like gogo6 on Facebook
http://www.facebook.com/pages/IPv6-products-community-and-services-gogo6/161626696777
The document discusses the upcoming introduction of IPv6. [1] IPv6 is a new standard for IP numbering that will provide more IP addresses as the current IPv4 addresses are running out. [2] It will help overcome limitations in the old IPv4 system and ensure there are enough addresses available into the next century. [3] The document outlines some of the key features and improvements IPv6 will provide, such as larger packet sizes, better security features, quality of service support, and mobility support.
The document discusses several methods for migrating from IPv4 to IPv6 including native dual stack, DS-Lite, NAT64, and 6RD. Native dual stack allows simultaneous use of IPv4 and IPv6 but is the most complex to deploy. DS-Lite tunnels IPv4 packets over IPv6 to allow an IPv6-only access network. NAT64 provides IPv4-IPv6 translation to allow access to IPv4 servers from an IPv6 network. 6RD allows lightweight IPv6 deployment without upgrades by encapsulating IPv6 in IPv4. Each method has different impacts on the access network, subscriber edge, and home network domains.
The document discusses the company's IPv6 evolution over time. It began IPv6 trials in 2006 and worked towards a full corporate deployment. Key steps included enabling IPv6 in operating systems, transition technologies, routing protocols, security tools, and datacenters. Challenges included address scaling, control plane traffic increases, and routing between IPv4 and IPv6. The company now has full IPv6 backbone and 63% of hosts enabled, with a goal of full dual-stack by end of year. It is piloting an IPv6-only network using NAT64 and has found most applications and services work but some do not. Future plans include expanding DNS64 and testing NAT64 redundancy.
PLNOG 7: Grzegorz Janoszka - Memoirs from an IPv6 deployment in the hosting n...PROIDEA
This document summarizes LeaseWeb's experience deploying IPv6 in its hosting network. It discusses LeaseWeb's history with IPv6, its deployment plan assumptions, current IPv6 usage and traffic levels, methods for promoting IPv6 adoption, overestimated issues, and unexpected problems encountered. The document concludes by outlining LeaseWeb's plans to further improve IPv6 support and automation, promote IPv6 usage among top customers, and expand IPv6 peering and address assignments.
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime
IPv6 was created to address the limited address space of IPv4 as global IPv4 address allocation was running out. Some of the key differences between IPv4 and IPv6 include IPv6's significantly larger 128-bit address space compared to IPv4's 32-bit addresses, as well as changes to areas like packet headers, fragmentation, and neighbor discovery. Transition technologies like dual stack, NAT64, and DS-Lite were developed to help transition from IPv4 to IPv6, while ensuring IPv6 connectivity even for networks and devices that still use IPv4. Fully enabling IPv6 requires changes to network infrastructure like firewalls, routers, and switches to support the new protocol.
This document summarizes Jeff Schmidt's presentation on Telstra's deployment of IPv6 for mobiles. Key points include:
1) Telstra implemented IPv6 to future-proof their network and address IPv4 depletion issues, using dual-stack and 464XLAT architectures.
2) Business drivers were addressing the growing traffic demand and enabling new technologies like IoT, while technical drivers addressed IPv4 depletion and inefficiencies.
3) The deployment included addressing and subnetting plans, network security designs, and testing multiple deployment models.
OpenStack Neutron has expanded its support for IPv6 addressing in tenant networks. It now supports stateless address autoconfiguration (SLAAC), DHCPv6-stateless, and DHCPv6-stateful addressing schemes. Neutron also allows dual-stack configuration of IPv4 and IPv6 addresses on ports and routers. Additional changes were made to security groups and port behavior to support IPv6. Future development is focused on IPv6 prefix delegation to simplify assignment of global unique IPv6 addresses for tenant networks.
Happy Eyeballs v2 (HEv2) extends Happy Eyeballs v1 to improve user experience during IPv6 and IPv4 connection attempts. While HEv2 still prefers IPv6, it may reorder address preference to accelerate connection times. However, HEv2 can hide IPv6 failures, making it difficult for operators to monitor IPv6 quality. A new draft proposes extending HEv2 to report failures to operators via syslog. RFC8273 describes assigning each host a unique IPv6 prefix, improving isolation and management in shared environments like hotspots and data centers.
12.00 - Dr. Tim Chown - University of SouthamptonIPv6 Summit 2010
1) The university deployed IPv6 in a phased approach over many years, first running it in 1997 and now having a large dual-stack production network.
2) They took a dual-stack approach to allow existing IPv4 systems while gaining experience with IPv6. Managing the complexity of dual-stack has been the main challenge.
3) Early experiences included getting IPv6 connectivity, enabling core services like DNS and web servers, and porting internal software. Harder aspects involved multi-addressing, some application support, and security issues like rogue routers.
This document discusses strategies for deploying IPv6 in cellular networks given the impending exhaustion of IPv4 addresses and increasing number of internet-connected devices. The best long-term solution is dual-stack (IPv4 and IPv6), but alternatives like IPv6-only with NAT64 and 464XLAT can work as well by allowing IPv6-only devices to access IPv4 content. NAT64 and DNS64 enable IPv6-only clients to reach IPv4 servers, while 464XLAT provides a more efficient solution that works for applications using literal IPv4 addresses. Large-scale deployments by mobile carriers demonstrate the viability of IPv6-only networks with NAT64 or 464XLAT.
IPV6 Deployment for Broadband Internet by Azura Mat SalimMyNOG
Telekom Malaysia (TM) has been deploying IPv6 since 2004 to prepare for IPv4 address exhaustion. In 2011, TM accelerated its IPv6 implementation by forming a steering committee and focusing on network infrastructure, operations, IT systems, products, and training. Currently, TM has over 100 IPv6 peering partners globally and provides dual-stack broadband Internet using PPPoE and DHCPv6 with delegated IPv6 prefixes. While IPv6 traffic is still less than 1% of TM's total traffic, the number of dual-stack subscribers is growing steadily as more users acquire IPv6-compatible devices. TM's deployment strategy is to push IPv6 configurations gradually without forcing migration and provide education to address common user misconceptions
This document discusses various techniques for IPv6 transition and coexistence with IPv4, including:
- Dual-stack which allows simultaneous support of both IPv4 and IPv6.
- Tunnels which encapsulate IPv6 packets in IPv4 packets to provide IPv6 connectivity through IPv4 networks.
- Translation techniques like NAT64 which allow communication between IPv4-only and IPv6-only nodes.
The document discusses various techniques for transitioning from IPv4 to IPv6, including dual stack, tunnels, and translation. Dual stack allows simultaneous support of both IPv4 and IPv6 by keeping both protocol stacks. Tunnels encapsulate IPv6 packets in IPv4 packets to carry IPv6 traffic over IPv4 networks. Translation techniques like NAT64 algorithmically translate IPv4 and IPv6 addresses to allow communication between IPv4-only and IPv6-only nodes. Newer methods like 464XLAT and DS-Lite aim to address IPv4 exhaustion by sharing public IPv4 addresses among more clients.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
6. IPv6 in the Industry Sectors
Backbone (Transit) ✅
Broadband ISP ✅
Content Network and Data Centres ✅
Internet of Things (IoT) ✅
Mobile Wireless (Cellular) ✅
Enterprise Networks ☑️
6
ISOC State of IPv6 Deployment 2017
7. IPv6 in Enterprise Networks
7
Enterprise network operators will need to transition using dual-stack
to ensure Internet-facing services are accessible over IPv4 or IPv6,
while introducing IPv6 access within their own IT network and
infrastructure (WiFi, Ethernet, LAN, WAN, laptops and so forth).
8. Motivation for deployment
• Promoting and supporting IPv6 deployment in the region
• Providing critical DNS infrastructure
• Providing public whois service for APNIC blocks
10. 1
2
3
Using the initial allocation:
2001:DC0:2000::/35
( before 2003 )
Deploy IPv6 in parallel with existing IPv4
network (dual stack)
Use IPv4 tunnel for peering
while no native IPv6 upstream
available yet. (2003)
Deployment timeline
13. 4
5
6
Split 2001:DC0:2000::/35
into /48s
Split 2001:DC0:2000:0000::/48 into /64s
Used VLAN number as part of subnet:
VLAN 10 => 2001:DC0:2000:10::/64
Configuration of IPv6 upstream connection
• Configured BGP peering with Hurricane
Electric
• Advertise 2001:DC0:2000::/35
• Configure router VLAN 10 interface with
/64 subnet.
Deployment timeline
14. 7
8
9
Configured cisco router interface
on VLAN 10 as RA
• Used
2001:0DC0:2000:10::/64 for
stateless auto-configuration
Configured Bind caching/recursive DNS
server
• Running bind on Redhat Linux
• Assigned static IPv6 on the
network interface:
o 2001:0DC0:2000:10::53/64
• Enabled Bind to listen on IPv6
address
• dig www.ripe.net
@2001:0DC0:2000:10::53 to test
Deployment timeline
Connected workstations to
VLAN 10 for testing
• Verify IPv6 auto configuration
works by looking at interface
IP
• Verify reachability: ping6,
traceroute6
16. DNS Production Deployment
16
Use 2001:DC0::/32
JAPAN
2001:DC0:0000:/35
Secondary DNS servers
AUSTRALIA
2001:DC0:2000:/35
Secondary DNS,
APNIC Services (web, mail)
HONG KONG
2001:DC0:4000:/35
Secondary DNS
17. IPv6 Services deployment - DNS
• DNS servers for APNIC.NET must be configured first.
– Setup the server static IPv6 address
– Configure to listen on IPv6 UDP and TCP port 53.
– Apply the same DNS ACL of IPv4 for IPv6 traffic.
• Adding AAAA resource records with 5 minutes TTL initially.
ns1.apnic.net. 1H IN A 202.12.29.25
ns1.apnic.net. 5M IN AAAA 2001:0DB8:11::25
tinnie.apnic.net. 1H IN A 202.12.29.59
tinnie.apnic.net. 5M IN AAAA 2001:0DB8:11::59
ns3.apnic.net. 1H IN A 202.12.28.131
ns3.apnic.net. 5M IN AAAA 2001:0DB8:21::131
19. IPv6 Services deployment – Web
• Update www.apnic.net host with IPv6 static IP address
• Update apache configuration to listen on IPv6 TCP 80, 443.
• Add AAAA record in DNS for www.apnic.net.
www.apnic.net 1H IN A 203.119.102.244
www.apnic.net 5M IN AAAA 2001:0DB8:13::244
20. IPv6 Services deployment - FTP
• Update ftp.apnic.net host with IPv6 static IP address
• Update FTP service to listen on IPv6 TCP port 21.
• Add AAAA record in DNS for ftp.apnic.net.
ftp.apnic.net 1H IN A 202.12.29.205
ftp.apnic.net 5M IN AAAA 2001:0DB8:11::205
20
21. IPv6 Services deployment - Mail
Mail gateway
• Replaced Barracuda spam firewall with
Halon
• Supports incoming and outgoing IPv6
SMTP session.
• Uses IPv6 as priority and failover to IPv4 if
connection failed.
• Serve as internal IPv6 SMTP open relay.
• Clustering worked only in IPv4 until 2004
• Anti-spam, anti-virus definition updates via
IPv4.
Mail store
• Used Courier IMAP to serve IPv6 mail
client access.
• Migrated to Microsoft Exchange and works
with IPv6.
• Uses IPv6 as priority and failover to IPv4 if
connection failed.
22. IPv6 Services deployment – Load Balancer
Replaced Radware with F5 LTM
Full support of IPv6 service load balancing.
Allows IPv6 virtual server with IPv4 only
backend server pool.
Use for load balancing whois queries in both
IPv4 and IPv6
23. IPv6 Services deployment – LAN and Wifi
• Using router for both LAN and WIFI IPv6 auto configuration
• Using redundant pair of IPv4 DCHP server and DNS resolver
• WIFI authentication uses Radius and LDAP over IPv6.
24. IPv6 Services deployment - VPN
Using SSL VPN, assigning IPv4 and IPv6 address
Authentication uses Active Directory over IPv6.
25. IPv6 Anycast Service
• e.in-addr-servers.arpa – Dual stack anycast DNS server
– Authoritative for in-addr.arpa reverse delegations.
• Example: 202.in-addr.arpa, 1.in-addr.arpa,
– Using the same IP: 203.119.86.101 & 2001:DD8:6::101/48
• Brisbane
• Hong Kong
• Tokyo
27. IPv6 Anycast Service
• 2017 – Additional anycast DNS servers
– Secondary DNS service for CCTLDs in developing countries.
– Anycast instance of APNIC NS servers
• Secondary DNS for APNIC block reverse delegations.
– Anycast instance for e.ip6-servers.arpa
• Secondary DNS for ip6.arpa delegations - IPv6 Registry blocks
– Anycast deployment: Australia, Singapore, Japan
28. IPv6 service in the Cloud
APNIC Regional whois service: whois.apnic.net
• Multiple whois servers behind a load balancer per site
• Site locations: Brisbane, Tokyo, London, Fremont US.
• Load balancer provides dual stack whois access.
• Load balancer and whois server uses IPv4 internally.
• Uses the cloud provided IPv4 and IPv6 static IP address.
• Uses Linux on provided cloud virtualization platform.
30. Lessons learned
• DNS
– Test the service before adding AAAA in DNS.
• IPv6 hosts will start connecting via IPv6.
– Use low TTL initially e.g. 5 min to easily roll back.
– Must have working reverse DNS for IPv6.
• Google not accepting mail if SMTP server has no reverse DNS.
– Set the outbound IPv6 address
• Configured ACLs normally knows static IP but not autoconfigure IP.
31. Lessons learned
• Mail
– Make sure static IP is being use for outbound.
– IPv6 reverse DNS must be working or mail might bounce.
– Update SPF record if you have existing one for IPv4.
– Update firewall/ACL, the same for IPv4.
31
32. Lessons learned
• Monitoring
– Review existing monitoring, behavior might have changed.
• Does it check for IPv6 or IPv4?
• Example: SSH check will start using IPv6 not both.
– Duplicating an existing check to work with IPv6
• Making sure critical services have separate check for both IPv4 and IPv6
– Monitoring host must be running on dual stack
– Customized, scripting to suit requirements.
– Monitor services from external network.
• Will give you idea if your IPv6 provider is stable and reliable.
• Allows monitoring of changes in firewall/ACLs rules.
33. Lessons learned
• IPv6 service on cloud
– Cloud providers like Amazon AWS is now supporting IPv6, check
location
• Can deploy dual stack virtual machine
• IPv6 load balancer is available
• IPv6 DNS based, geolocation traffic management is available
– Linode supports IPv6 in most locations.
• Can deploy dual stack virtual machine
• IPv6 load balancer is available
• No DNS based, geolocation traffic management
– Dyn DNS based, geolocation traffic management works
• Pricing is not transparent, rely on sales representative for pricing.
• Quite expensive