The Case for IPv6: Paving the Way for the Internet of Things

The Case for IPv6: Paving the Way for
the Internet of Things
www.netuf.net
expert network architecture, engineering
deployment and training
twitter: @netuf
© 2011 - 2014 Network Utility Force, LLC.

Who We Are / What We Do
● Founded in December of 2011, and headquartered in Atlanta, GA, Network
Utility Force, LLC. (NUF)
● Created by highly experienced network and security architects
● Address complex and difficult infrastructure problems (wired and wireless),
with an emphasis on design and deployment for international service
providers, government agencies and large enterprises, including higher
education institutions.
www.netuf.net | 404-635-6667 | info@netuf.net

Expertise
● Architecture & Design
● Audit/recommendations
● Configuration
● BGP
● Data Center Design
● DNS
● Fabric Deployment
● IPv6
● MPLS/GMPLS
● Optimization/Repair
● Peering
● SDN
● Security
● Training
● Virtualization
● Wireless and Wi-Fi

Relationship with KINBER
● Architecture
● Design
● Lab Testing
● Configuration

It’s Not Just Our Prediction
http://www.potaroo.net/tools/ipv4/

Timelines Just Got Shorter!

IPv6 Enabled Networks (as of Today)
ripe.net

Waiting for IPv6 Traffic Myth

IPv6 is Faster
Lee Howard, IPv6 Performance Bonus: https://www.youtube.com/watch?v=Ftoy2tp4kDM

IoT Demands IPv6

What are the Costs?
● See Lee Howard’s talks on IPv6 deployment costs (and costs of NOT
deploying IPv6) (http://www.youtube.com/watch?v=vXf8ZIew1j0)
● A good estimate for the cost of renumbering existing devices to free up
IPv4 space is $2.50/device
● Sale of an IPv4 address is likely to bring in $10-15 per address for the next
year or two
● After ARIN free space run-out, each IPv4 address is likely to bring in twice
that, $20-30, and up

Paying for the Deployment
● Many institutions have large address allocations
○ Some math for an example institution that has a /16 (historically called
a “Class B”)
○ /16 = 65,384 addresses
○ Let’s assume that by renumbering ¼ of that address space, that ½ of it
will be freed
○ ¼ of 65,384 is 16,346
○ ½ of 65,384 is 32,692
○ It costs $2.50 to renumber 16,346 devices. 2.50*16346=$40,865
○ At sale, addresses fetch $20 each. 20*32,692=$5,081,730
○ Net proceeds: $5,081,730-$40,865=$5,040,865!!!
●

Still Not Convinced?
RFC 6540
- IPv6 Support Required for All IP-Capable Nodes -
Given the global lack of available IPv4 space, and limitations in IPv4 extension and
transition technologies, this document advises that IPv6 support is no longer considered
optional. It also cautions that there are places in existing IETF documents where the
term "IP" is used in a way that could be misunderstood by implementers as the term "IP"
becomes a generic that can mean IPv4 + IPv6, IPv6-only, or IPv4-only, depending on
context and application.

I’m Convinced; What’s Next?
“Okay, my organization is convinced it’s time to begin IPv6
planning and deployment, what do I need to consider?”

Best Practices
The fundamentals haven’t changed a bit for IPv6, consider:
• Security
• Maintainability
• Scalability
• Performance
• Flexibility

Apply the Fundamentals
What areas need the most attention?
• Addressing plan
• Interconnectivity
• Bootstrapping/AAA
• Security issues
• Staff training
• Transition

IPv4 vs IPv6
Length in Bits 32 128
Amount of Addresses 232
4,294,967,296
2128
340,282,366,920,939,463,374,607,431,768
,211,456
Address Format Dotted Decimal
192.168.100.1
Hexadecimal
Dynamic Addressing DHCP SLAAC/DHCPv6
IPSec Optional Mandatory
Header Length Variable Fixed
Minimal Packet Size 576 bytes (fragmented) 1280 bytes
Header Checksum Yes No
Header Options Yes No (extensions)
Flow No Packet Flow Label

IPv6 Address Space is Vast
● “IPv6 uses a 128-bit address, allowing 2128, or approximately 3.4×1038
addresses, or more than 7.9×1028 times as many as IPv4, which uses 32-
bit addresses.” (Wikipedia)
● That’s 340 Undecillion!
● Undecillion is a number with 36 zeros.
● We must change our thinking about how to allocate address space to meet
our best practice goals

Addressing Plan
● Depends on the type of network, the size of the network, and problem to be
solved
● Points to consider
○ Documentation
○ Ease of troubleshooting
○ Aggregation
○ Standards compliance
○ Growth
○ SLAAC
○ Existing IPv4 addressing plan
○ Human factors

Algorithmic Approaches
● Interop took an algorithmic approach to IPv6 numbering
● Encode every IPv4 address in your network in an IPv6 address
○ 10.10.10.10 (A0A0A0A)
○ 2001:DB8:A0A:A0A::

Interconnectivity
● Routing protocols have been updated, but the fundamental concepts
remain the same
○ Run routing protocols such that they fail when the underlying transport
fails
■ That means separate v4 and v6 protocols
○ For ease of management, configure IPv4 and IPv6 connectivity to
follow the same paths
○ Also use the same routing policies whenever possible
● Ask your Internet traffic peers, suppliers, partners and clients to begin
transporting IPv6 traffic

Bootstrapping/AAA
● Some fundamental changes have been made to the bootstrap process to
join an IPv6 network, all part of the Neighbor Discovery process
○ Router Advertisements (RA) – Tells potential clients about the routers
and prefixes available on the network
○ StateLess Address Auto Configuration (SLAAC)
■ New in IPv6, allows a device to generate it’s own address
■ Supported universally
○ Dynamic Host Configuration Protocol v6 (DHCPv6)
■ Very similar to v4, can distribute address, DNS server, other
information about the network
■ Good support, but far from universal

Security Issues
● Use the same diligence you used for IPv4
● Ask equipment vendors to support specific protections in IPv6
○ RA-Guard – prevents an attacker from sending rogue RAs into the
network and becoming a man-in-the-middle
○ DHCP-Shield – similar to RA-Guard in that it blocks fake DHCP servers
from giving out false information
● Ensure equipment supports all IPv4 features you use in IPv6 as well such
as ACLs, anti-spoof filtering (RPF), etc. Why should v6 be any different in
these areas?
● Where firewalls are needed, ensure your choice of firewall supports v6 as
well as v4.
● NAT is NOT a security feature and v6 doesn’t have it

Transition Technologies
● 3 Types
○ Dual Stack
■ most common
■ Simply means running both v4 and v6 at the same time
○ Tunneling
■ Putting either IPv4 packets inside IPv6 packets or vice versa, depending on the
situation
■ Can be useful to solve problems in certain areas, but in general, tunneling hurts
performance and should be avoided when possible
■ Examples: 6rd, 6in4, 4in6, DS-Lite, MAP
○ Translation
■ Converting an IPv4 packet into an IPv6 packet or vice versa
■ Like in tunnels, can be useful in certain circumstances, especially for rapid
deployment of IPv6 on public facing services such as web servers
■ Example: NAT64

Training
● Find an experienced organization to provide training
● Service providers require a different level of scalability and maintainability
than enterprise, use a trainer that understands SP’s unique challenges
● Build a lab and experiment

Lab Testing
● Build a lab
● Stock it with the identical equipment you have in the field
● Replicate identical configurations and software versions of what is in the
field
● Can’t afford to buy all that equipment?
○ Make a vendor do it
○ Hire a consulting firm

Conclusions
● IPv6 works in the real world
● There are challenges to implementing IPv6, but nothing show-stopping
● Much of the Internet’s content is reachable over IPv6 (and growing fast) including all
of Google, FaceBook and 3000 other sites
● A much smaller percentage of Internet users have IPv6 connectivity (though this
may change quickly with IPv4 depletion)

Resources
● ARIN.net
● ipv6forum.com
● internetsociety.org/deploy360/ipv6
● ipv6actnow.org
● Lee Howard, IPv6 Performance Bonus:
○ https://www.youtube.com/watch?v=Ftoy2tp4kDM
● Lee Howard, Total Cost of Ownership (TCO) of IPv6:
○ https://www.youtube.com/watch?v=vXf8ZIew1j0
● ripe.net
● potaroo.net/tools/ipv4
● gogo6.com
● netuf.net/p/ipv6.html (infographic)

Questions

Brandon Ross
CEO and Chief Network Architect
bross@netuf.net
404-635-6667
Download this presentation now:
Thank You

The Case for IPv6: Paving the Way for the Internet of Things

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (6)

Similar to The Case for IPv6: Paving the Way for the Internet of Things

Similar to The Case for IPv6: Paving the Way for the Internet of Things (20)

Recently uploaded

Recently uploaded (16)

The Case for IPv6: Paving the Way for the Internet of Things