Network Utility Force is a network architecture and consulting firm that specializes in IPv6 deployment. The document discusses several key points regarding the need for IPv6 adoption. It notes that IPv4 addresses are depleting and IPv6 is necessary to support growth, including the internet of things. It also outlines factors organizations should consider when planning their IPv6 deployment such as addressing, routing, security, testing, and training. The document emphasizes that IPv6 can be deployed using best practices with an emphasis on performance, security, and flexibility.

1. The Case for IPv6: Paving the Way for
the Internet of Things
www.netuf.net
expert network architecture, engineering
deployment and training
twitter: @netuf
© 2011 - 2014 Network Utility Force, LLC.

2. Who We Are / What We Do
● Founded in December of 2011, and headquartered in Atlanta, GA, Network
Utility Force, LLC. (NUF)
● Created by highly experienced network and security architects
● Address complex and difficult infrastructure problems (wired and wireless),
with an emphasis on design and deployment for international service
providers, government agencies and large enterprises, including higher
education institutions.
www.netuf.net | 404-635-6667 | info@netuf.net
© 2011 - 2014 Network Utility Force, LLC.

3. Expertise
● Architecture & Design
● Audit/recommendations
● Configuration
● BGP
● Data Center Design
● DNS
● Fabric Deployment
● IPv6
● MPLS/GMPLS
● Optimization/Repair
● Peering
● SDN
● Security
● Training
● Virtualization
● Wireless and Wi-Fi
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

4. Relationship with KINBER
● Architecture
● Design
● Lab Testing
● Configuration
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

5. © 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

6. © 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

7. © 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

8. It’s Not Just Our Prediction
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net
http://www.potaroo.net/tools/ipv4/

9. Timelines Just Got Shorter!
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

10. IPv6 Enabled Networks (as of Today)
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net
ripe.net

11. Waiting for IPv6 Traffic Myth
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

12. IPv6 is Faster
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net
Lee Howard, IPv6 Performance Bonus: https://www.youtube.com/watch?v=Ftoy2tp4kDM

13. IoT Demands IPv6
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

14. What are the Costs?
● See Lee Howard’s talks on IPv6 deployment costs (and costs of NOT
deploying IPv6) (http://www.youtube.com/watch?v=vXf8ZIew1j0)
● A good estimate for the cost of renumbering existing devices to free up
IPv4 space is $2.50/device
● Sale of an IPv4 address is likely to bring in $10-15 per address for the next
year or two
● After ARIN free space run-out, each IPv4 address is likely to bring in twice
that, $20-30, and up
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

15. Paying for the Deployment
● Many institutions have large address allocations
○ Some math for an example institution that has a /16 (historically called
a “Class B”)
○ /16 = 65,384 addresses
○ Let’s assume that by renumbering ¼ of that address space, that ½ of it
will be freed
○ ¼ of 65,384 is 16,346
○ ½ of 65,384 is 32,692
○ It costs $2.50 to renumber 16,346 devices. 2.50*16346=$40,865
○ At sale, addresses fetch $20 each. 20*32,692=$5,081,730
○ Net proceeds: $5,081,730-$40,865=$5,040,865!!!
●
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

16. Still Not Convinced?
RFC 6540
- IPv6 Support Required for All IP-Capable Nodes -
Given the global lack of available IPv4 space, and limitations in IPv4 extension and
transition technologies, this document advises that IPv6 support is no longer considered
optional. It also cautions that there are places in existing IETF documents where the
term "IP" is used in a way that could be misunderstood by implementers as the term "IP"
becomes a generic that can mean IPv4 + IPv6, IPv6-only, or IPv4-only, depending on
context and application.
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

17. I’m Convinced; What’s Next?
“Okay, my organization is convinced it’s time to begin IPv6
planning and deployment, what do I need to consider?”
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

18. Best Practices
The fundamentals haven’t changed a bit for IPv6, consider:
• Security
• Maintainability
• Scalability
• Performance
• Flexibility
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

19. Apply the Fundamentals
What areas need the most attention?
• Addressing plan
• Interconnectivity
• Bootstrapping/AAA
• Security issues
• Staff training
• Transition
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

20. © 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net
IPv4 vs IPv6
Length in Bits 32 128
Amount of Addresses 232
4,294,967,296
2128
340,282,366,920,939,463,374,607,431,768
,211,456
Address Format Dotted Decimal
192.168.100.1
Hexadecimal
Dynamic Addressing DHCP SLAAC/DHCPv6
IPSec Optional Mandatory
Header Length Variable Fixed
Minimal Packet Size 576 bytes (fragmented) 1280 bytes
Header Checksum Yes No
Header Options Yes No (extensions)
Flow No Packet Flow Label

21. IPv6 Address Space is Vast
● “IPv6 uses a 128-bit address, allowing 2128, or approximately 3.4×1038
addresses, or more than 7.9×1028 times as many as IPv4, which uses 32-
bit addresses.” (Wikipedia)
● That’s 340 Undecillion!
● Undecillion is a number with 36 zeros.
● We must change our thinking about how to allocate address space to meet
our best practice goals
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

22. Addressing Plan
● Depends on the type of network, the size of the network, and problem to be
solved
● Points to consider
○ Documentation
○ Ease of troubleshooting
○ Aggregation
○ Standards compliance
○ Growth
○ SLAAC
○ Existing IPv4 addressing plan
○ Human factors
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

23. Algorithmic Approaches
● Interop took an algorithmic approach to IPv6 numbering
● Encode every IPv4 address in your network in an IPv6 address
○ 10.10.10.10 (A0A0A0A)
○ 2001:DB8:A0A:A0A::
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

24. Interconnectivity
● Routing protocols have been updated, but the fundamental concepts
remain the same
○ Run routing protocols such that they fail when the underlying transport
fails
■ That means separate v4 and v6 protocols
○ For ease of management, configure IPv4 and IPv6 connectivity to
follow the same paths
○ Also use the same routing policies whenever possible
● Ask your Internet traffic peers, suppliers, partners and clients to begin
transporting IPv6 traffic
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

25. Bootstrapping/AAA
● Some fundamental changes have been made to the bootstrap process to
join an IPv6 network, all part of the Neighbor Discovery process
○ Router Advertisements (RA) – Tells potential clients about the routers
and prefixes available on the network
○ StateLess Address Auto Configuration (SLAAC)
■ New in IPv6, allows a device to generate it’s own address
■ Supported universally
○ Dynamic Host Configuration Protocol v6 (DHCPv6)
■ Very similar to v4, can distribute address, DNS server, other
information about the network
■ Good support, but far from universal
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

26. Security Issues
● Use the same diligence you used for IPv4
● Ask equipment vendors to support specific protections in IPv6
○ RA-Guard – prevents an attacker from sending rogue RAs into the
network and becoming a man-in-the-middle
○ DHCP-Shield – similar to RA-Guard in that it blocks fake DHCP servers
from giving out false information
● Ensure equipment supports all IPv4 features you use in IPv6 as well such
as ACLs, anti-spoof filtering (RPF), etc. Why should v6 be any different in
these areas?
● Where firewalls are needed, ensure your choice of firewall supports v6 as
well as v4.
● NAT is NOT a security feature and v6 doesn’t have it
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

27. Transition Technologies
● 3 Types
○ Dual Stack
■ most common
■ Simply means running both v4 and v6 at the same time
○ Tunneling
■ Putting either IPv4 packets inside IPv6 packets or vice versa, depending on the
situation
■ Can be useful to solve problems in certain areas, but in general, tunneling hurts
performance and should be avoided when possible
■ Examples: 6rd, 6in4, 4in6, DS-Lite, MAP
○ Translation
■ Converting an IPv4 packet into an IPv6 packet or vice versa
■ Like in tunnels, can be useful in certain circumstances, especially for rapid
deployment of IPv6 on public facing services such as web servers
■ Example: NAT64
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

28. Training
● Find an experienced organization to provide training
● Service providers require a different level of scalability and maintainability
than enterprise, use a trainer that understands SP’s unique challenges
● Build a lab and experiment
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

29. Lab Testing
● Build a lab
● Stock it with the identical equipment you have in the field
● Replicate identical configurations and software versions of what is in the
field
● Can’t afford to buy all that equipment?
○ Make a vendor do it
○ Hire a consulting firm
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

30. © 2011 - 2014 Network Utility Force, LLC.

31. Conclusions
● IPv6 works in the real world
● There are challenges to implementing IPv6, but nothing show-stopping
● Much of the Internet’s content is reachable over IPv6 (and growing fast) including all
of Google, FaceBook and 3000 other sites
● A much smaller percentage of Internet users have IPv6 connectivity (though this
may change quickly with IPv4 depletion)
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

32. Resources
● ARIN.net
● ipv6forum.com
● internetsociety.org/deploy360/ipv6
● ipv6actnow.org
● Lee Howard, IPv6 Performance Bonus:
○ https://www.youtube.com/watch?v=Ftoy2tp4kDM
● Lee Howard, Total Cost of Ownership (TCO) of IPv6:
○ https://www.youtube.com/watch?v=vXf8ZIew1j0
● ripe.net
● potaroo.net/tools/ipv4
● gogo6.com
● netuf.net/p/ipv6.html (infographic)
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

33. Questions
© 2011 - 2014 Network Utility Force, LLC.
www.netuf.net | 404-635-6667 | info@netuf.net

34. Brandon Ross
CEO and Chief Network Architect
bross@netuf.net
404-635-6667
Download this presentation now:
© 2011 - 2014 Network Utility Force, LLC.
Thank You
www.netuf.net | 404-635-6667 | info@netuf.net