SlideShare uma empresa Scribd logo

Tore 20111122 i pv6-forum_norway_2-single_stack_ipv6_only_data_center_deployments

I
IPv6no
Tecnologia
1 de 17
Baixar para ler offline
Single-stack IPv6-only data center deployments Tore Anderson CG Security and Networking Redpill Linpro IPv6 Forum Norway 2, Stavanger, November 2011 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
Our plan, in a nutshell • Provision servers exclusively with IPv6 addresses/connectivity • Let the network translate traffic from IPv4 clients to IPv6 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
But what about dual-stack? The simplest deployment model is dual stack: one turns on IPv6 throughout one's existing IPv4 network and allows applications using the two protocols to operate as ships in the night. This model is applicable to most networks -- home, enterprise, service provider, or content provider network. [...] the native dual-stack connectivity model remains the recommended approach. -- RFC 6180: “Guidelines for Using IPv6 Transition Mechanisms during IPv6 Deployment” PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
Reminder: the dual-stack plan Total available IPv4 addresses 4,3bn Internet hosts IPv4 Dual-stack migration period IPv6 0 1998: IPv6 is Time Dual-stack standardised migration complete PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
Dual-stack progress report Total available IPv4 addresses 4,3bn Internet hosts IPv4 IPv6 0 1998: IPv6 is Time Today standardised PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
Disillusioned dual-stack • A decade of being the recommended approach, yet NO deployment • Does not in any way help with IPv4 depletion • ...the only real reason interest in IPv6 is picking up nowadays • We see increasing address consumption due to virtualization • Adds complexity and operational overhead • More ACLs, more monitoring, more address management, more possible failure scenarios, more setup, more things to test.... • Sysadmins resist complexity: simple=stable PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
IPv6-only viability • Most of the server operating systems and applications we commonly use support IPv6(-only) very well • Apache, Bacula, Exim, HAProxy, Icinga, Linux, MySQL, Nginx, OpenSSH, OpenSolaris, Postfix, PostgreSQL, Puppet, Tomcat, Varnish, Zimbra....just to name a few • Proprietary applications may or may not support IPv6 • A few server vendors support IPv6 ILO/OOB management • Network boot/provisioning (PXE) does not support IPv6 • It all depends on the applications used • I estimate that the majority of our customers' servers and applications could have run IPv6-only today with no problems PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
Translating IPv4 to IPv6 • Stateless IP/ICMP Translation - SIIT • Specified in RFC 6145 + RFC 6052 • Also known as IVI and NAT46 IPv6 internet • Maps the IPv4 internet into an arbitrary ::/0 (not to scale...) IPv6 prefix – e.g. 2001:db8::0.0.0.0/96: IPv4 internet SIIT “IPv4-in-IPv6” internet 0.0.0.0/0 gateway 2001:db8::0.0.0.0/96 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
SIIT 101, part 1 One (or more) of the provider's public IPv4 addresses are routed to the IPv4 interface of the SIIT gateway, using standard IPv4 routing protocols. This address represents a single node inside the IPv6 domain. IPv4 IPv6 Route: 87.238.33.10/32 SIIT gateway PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
SIIT 101, part 2 An IPv6 prefix is routed to the IPv6 interface of the SIIT gateway, again using standard routing protocols. This prefix represents the entire IPv4 internet mapped into IPv6. It must be statically configured on the SIIT gateway. IPv4 IPv6 Route: 87.238.33.10/32 Route: 2001:db8::/96 SIIT gateway PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
SIIT 101, part 3 The server is configured with an IPv6 address that embeds the entire IPv4 address it will be reachable at from IPv4 clients protocols. This address is routed to the server using standard IPv6 routing protocols. IPv4 IPv6 Route: 87.238.33.10/32 Route: 2001:db8::/96 SIIT gateway www.redpill-linpro.com 2001:db8::87.238.33.10 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
SIIT 101, part 4 The server's translated IPv4 address is published in DNS alongside its native IPv6 address: www.redpill-linpro.com. IN A 87.238.33.10 www.redpill-linpro.com. IN AAAA 2001:db8::87.238.33.10 IPv4 IPv6 Route: 87.238.33.10/32 Route: 2001:db8::/96 SIIT gateway www.redpill-linpro.com 2001:db8::87.238.33.10 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
SIIT 101, part 4 The IP source/destination addresses are converted as follows (RFC 6052): ➔ When translating from IPv4 to IPv6: Prepend the IPv6 translation prefix ➔ When translating from IPv6 to IPv4: Strip the IPv6 translation prefix The remainder of the IP header fields are converted according to a set of rules specified in RFC 6145, for example: ➔ IPv4 Time To Live <-> IPv6 Hop Limit; ➔ IPv4 Protocol <-> IPv6 Next Header; and so forth. IPv4 packet IPv6 packet Source: Source: 1.2.3.4 Translation 2001:db8::1.2.3.4 Destination: Destination: 87.238.33.10 2001:db8::87.238.33.10 Time To Live: Hop Limit: 64 64 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
Summary of a translated flow IPv4 IPv6 IPv4 packet IPv6 packet SRC = 1.2.3.4 SRC = 2001:db8::1.2.3.4 DST = 87.238.33.10 DST = 2001:db8::87.238.33.10 DB www.redpill-linpro.com SIIT gateway 2001:db8::87.238.33.10 File IPv4-only end user ... 1.2.3.4 IPv4 packet IPv6 packet SRC = 87.238.33.10 SRC = 2001:db8::87.238.33.10 DST = 1.2.3.4 DST = 2011:db8::1.2.3.4 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
Why we went with SIIT • Avoids the complexity and operational overhead we get with dual-stack • Excellent IPv4 address conservation • Only the servers that are running public services gets IPv4 addresses • No waste due to aggregation, infrastructure, oversized LAN prefixes • Stateless operation has some very advantageous properties: • Performance: no need for flow tracking - wirespeed throughput • Availability: works fine with anycast and equal-cost multipathing • Flexibility: translators does not need to be placed on-path, flows does not have pass bi-directionally across a single translator • Users' IPv4 addresses remain known to the application, e.g., for geo-loc • Several production quality implementations exist, e.g., Cisco ASR • We want to move towards the eventual sunsetting of IPv4 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
Some possible pitfalls • Applications that in general do not support NAT (e.g. FTP) • ALGs may solve the problem in some cases • “Layer 4 MTU” mismatch due to the larger IPv6 header • Means full-sized IPv4 packets must be fragmented on the IPv6 side, if the MTU is the same on both the IPv4 and IPv6 interfaces • Not a problem for TCP as MSS will be negotiated separately • Services that need to initiate connections (e.g. outbound mail servers) • Stateful NAT64+DNS64 or proxies may be used for sporadic outbound communication (such as OS patch retrieval) • We intend to start with HTTP, which will avoid all of the above PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
Questions? Thank you! Further reading: • RFC 6052 - IPv6 Addressing of IPv4/IPv6 Translators • RFC 6145 – IP/ICMP Translation Algorithm • RFC 6219 - The CERNET IVI Translation Design and Deployment for the IPv4/IPv6 Coexistence and Transition PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING

Recomendados

Ole Ipv4onlifesupport
Ole Ipv4onlifesupport Ole Ipv4onlifesupport
Ole Ipv4onlifesupport IPv6no
 
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway MeetingCameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway MeetingIPv6no
 
IPv6, DLD og NAT: Steinar Haug, IPv6 guru, Ventelo
IPv6, DLD og NAT: Steinar Haug, IPv6 guru, VenteloIPv6, DLD og NAT: Steinar Haug, IPv6 guru, Ventelo
IPv6, DLD og NAT: Steinar Haug, IPv6 guru, VenteloIPv6no
 
Ole - Ipv4onlifesupport
Ole - Ipv4onlifesupportOle - Ipv4onlifesupport
Ole - Ipv4onlifesupportIPv6no
 
Geir Making the leap to ipv6 final
Geir Making the leap to ipv6 finalGeir Making the leap to ipv6 final
Geir Making the leap to ipv6 finalIPv6no
 
Jan zorz procurement-ripe-501
Jan zorz procurement-ripe-501Jan zorz procurement-ripe-501
Jan zorz procurement-ripe-501IPv6no
 
Uwe Germany ipv6-strategy-public
Uwe Germany ipv6-strategy-publicUwe Germany ipv6-strategy-public
Uwe Germany ipv6-strategy-publicIPv6no
 
I pv6 forum_certification_conor_20120424
I pv6 forum_certification_conor_20120424I pv6 forum_certification_conor_20120424
I pv6 forum_certification_conor_20120424IPv6no
 

Recomendados

Ole Ipv4onlifesupport
Ole Ipv4onlifesupport Ole Ipv4onlifesupport
Ole Ipv4onlifesupport IPv6no
 
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway MeetingCameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway MeetingIPv6no
 
IPv6, DLD og NAT: Steinar Haug, IPv6 guru, Ventelo
IPv6, DLD og NAT: Steinar Haug, IPv6 guru, VenteloIPv6, DLD og NAT: Steinar Haug, IPv6 guru, Ventelo
IPv6, DLD og NAT: Steinar Haug, IPv6 guru, VenteloIPv6no
 
Ole - Ipv4onlifesupport
Ole - Ipv4onlifesupportOle - Ipv4onlifesupport
Ole - Ipv4onlifesupportIPv6no
 
Geir Making the leap to ipv6 final
Geir Making the leap to ipv6 finalGeir Making the leap to ipv6 final
Geir Making the leap to ipv6 finalIPv6no
 
Jan zorz procurement-ripe-501
Jan zorz procurement-ripe-501Jan zorz procurement-ripe-501
Jan zorz procurement-ripe-501IPv6no
 
Uwe Germany ipv6-strategy-public
Uwe Germany ipv6-strategy-publicUwe Germany ipv6-strategy-public
Uwe Germany ipv6-strategy-publicIPv6no
 
I pv6 forum_certification_conor_20120424
I pv6 forum_certification_conor_20120424I pv6 forum_certification_conor_20120424
I pv6 forum_certification_conor_20120424IPv6no
 
Steinar ipv6forum 20111121v2
Steinar ipv6forum 20111121v2Steinar ipv6forum 20111121v2
Steinar ipv6forum 20111121v2IPv6no
 
Jan zorz procurement-ripe-501
Jan zorz procurement-ripe-501Jan zorz procurement-ripe-501
Jan zorz procurement-ripe-501IPv6no
 
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011IPv6no
 
Tore K IPv6 and Altibox
Tore K IPv6 and AltiboxTore K IPv6 and Altibox
Tore K IPv6 and AltiboxIPv6no
 
Nathalie - Stavanger
Nathalie - StavangerNathalie - Stavanger
Nathalie - StavangerIPv6no
 
Life Without IPv4: Tore Anderson, IPv6 guru, Redpill Linpro
Life Without IPv4: Tore Anderson, IPv6 guru, Redpill LinproLife Without IPv4: Tore Anderson, IPv6 guru, Redpill Linpro
Life Without IPv4: Tore Anderson, IPv6 guru, Redpill LinproIPv6no
 
11-Sigurd_Thunem-IPv6_through_moderniation
11-Sigurd_Thunem-IPv6_through_moderniation11-Sigurd_Thunem-IPv6_through_moderniation
11-Sigurd_Thunem-IPv6_through_moderniationIPv6no
 
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleGoogle and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleIPv6no
 
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...IPv6no
 
IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...
IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...
IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...IPv6no
 
17-Pete_Vickers-IPv6-in-the-Mobile-Net
17-Pete_Vickers-IPv6-in-the-Mobile-Net17-Pete_Vickers-IPv6-in-the-Mobile-Net
17-Pete_Vickers-IPv6-in-the-Mobile-NetIPv6no
 
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproNorway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproIPv6no
 
Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...
Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...
Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...IPv6no
 
IPv6 - The Time Is Now: Latif Ladid, President, IPv6 forum
IPv6 - The Time Is Now: Latif Ladid, President, IPv6 forumIPv6 - The Time Is Now: Latif Ladid, President, IPv6 forum
IPv6 - The Time Is Now: Latif Ladid, President, IPv6 forumIPv6no
 
Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...
Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...
Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...IPv6no
 
Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...
Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...
Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...IPv6no
 
IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...
IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...
IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...IPv6no
 
Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...
Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...
Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...IPv6no
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6no
 
IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...
IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...
IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...IPv6no
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Mais conteúdo relacionado

Mais de IPv6no

Steinar ipv6forum 20111121v2
Steinar ipv6forum 20111121v2Steinar ipv6forum 20111121v2
Steinar ipv6forum 20111121v2IPv6no
 
Jan zorz procurement-ripe-501
Jan zorz procurement-ripe-501Jan zorz procurement-ripe-501
Jan zorz procurement-ripe-501IPv6no
 
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011IPv6no
 
Tore K IPv6 and Altibox
Tore K IPv6 and AltiboxTore K IPv6 and Altibox
Tore K IPv6 and AltiboxIPv6no
 
Nathalie - Stavanger
Nathalie - StavangerNathalie - Stavanger
Nathalie - StavangerIPv6no
 
Life Without IPv4: Tore Anderson, IPv6 guru, Redpill Linpro
Life Without IPv4: Tore Anderson, IPv6 guru, Redpill LinproLife Without IPv4: Tore Anderson, IPv6 guru, Redpill Linpro
Life Without IPv4: Tore Anderson, IPv6 guru, Redpill LinproIPv6no
 
11-Sigurd_Thunem-IPv6_through_moderniation
11-Sigurd_Thunem-IPv6_through_moderniation11-Sigurd_Thunem-IPv6_through_moderniation
11-Sigurd_Thunem-IPv6_through_moderniationIPv6no
 
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleGoogle and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleIPv6no
 
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...IPv6no
 
IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...
IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...
IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...IPv6no
 
17-Pete_Vickers-IPv6-in-the-Mobile-Net
17-Pete_Vickers-IPv6-in-the-Mobile-Net17-Pete_Vickers-IPv6-in-the-Mobile-Net
17-Pete_Vickers-IPv6-in-the-Mobile-NetIPv6no
 
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproNorway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproIPv6no
 
Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...
Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...
Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...IPv6no
 
IPv6 - The Time Is Now: Latif Ladid, President, IPv6 forum
IPv6 - The Time Is Now: Latif Ladid, President, IPv6 forumIPv6 - The Time Is Now: Latif Ladid, President, IPv6 forum
IPv6 - The Time Is Now: Latif Ladid, President, IPv6 forumIPv6no
 
Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...
Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...
Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...IPv6no
 
Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...
Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...
Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...IPv6no
 
IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...
IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...
IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...IPv6no
 
Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...
Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...
Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...IPv6no
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6no
 
IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...
IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...
IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...IPv6no
 

Mais de IPv6no (20)

Steinar ipv6forum 20111121v2
Steinar ipv6forum 20111121v2Steinar ipv6forum 20111121v2
Steinar ipv6forum 20111121v2
 
Jan zorz procurement-ripe-501
Jan zorz procurement-ripe-501Jan zorz procurement-ripe-501
Jan zorz procurement-ripe-501
 
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011
 
Tore K IPv6 and Altibox
Tore K IPv6 and AltiboxTore K IPv6 and Altibox
Tore K IPv6 and Altibox
 
Nathalie - Stavanger
Nathalie - StavangerNathalie - Stavanger
Nathalie - Stavanger
 
Life Without IPv4: Tore Anderson, IPv6 guru, Redpill Linpro
Life Without IPv4: Tore Anderson, IPv6 guru, Redpill LinproLife Without IPv4: Tore Anderson, IPv6 guru, Redpill Linpro
Life Without IPv4: Tore Anderson, IPv6 guru, Redpill Linpro
 
11-Sigurd_Thunem-IPv6_through_moderniation
11-Sigurd_Thunem-IPv6_through_moderniation11-Sigurd_Thunem-IPv6_through_moderniation
11-Sigurd_Thunem-IPv6_through_moderniation
 
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleGoogle and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
 
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
 
IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...
IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...
IPv6 Seen From Statoil: Knut Sebastian Tungland, Chief Engineer Information T...
 
17-Pete_Vickers-IPv6-in-the-Mobile-Net
17-Pete_Vickers-IPv6-in-the-Mobile-Net17-Pete_Vickers-IPv6-in-the-Mobile-Net
17-Pete_Vickers-IPv6-in-the-Mobile-Net
 
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproNorway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
 
Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...
Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...
Mobile Broadband and IPv6 in Slovenia: Jan Zorz, Co-Founder Go6 Institute og ...
 
IPv6 - The Time Is Now: Latif Ladid, President, IPv6 forum
IPv6 - The Time Is Now: Latif Ladid, President, IPv6 forumIPv6 - The Time Is Now: Latif Ladid, President, IPv6 forum
IPv6 - The Time Is Now: Latif Ladid, President, IPv6 forum
 
Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...
Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...
Future internet research and IPv6: Till Christopher Lech, Seniorrådgiver, Nor...
 
Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...
Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...
Possible futures for the internet: Sander Steffann, IPv6 specialist, co-chair...
 
IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...
IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...
IPv6 Statlig og offentlig fokus - hvorfor nå?: Patrik Fältström, Distinguishe...
 
Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...
Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...
Fra IPv4 til IPv6 bakgrunn og historie: Hans Petter Holen, IT Direktør, Visma...
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
 
IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...
IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...
IPv6 through modernization: Sigurd Thunem, Direktør Arkitektur og Strategi, T...
 

Último

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Último (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

Tore 20111122 i pv6-forum_norway_2-single_stack_ipv6_only_data_center_deployments

  • 1. Single-stack IPv6-only data center deployments Tore Anderson CG Security and Networking Redpill Linpro IPv6 Forum Norway 2, Stavanger, November 2011 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 2. Our plan, in a nutshell • Provision servers exclusively with IPv6 addresses/connectivity • Let the network translate traffic from IPv4 clients to IPv6 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 3. But what about dual-stack? The simplest deployment model is dual stack: one turns on IPv6 throughout one's existing IPv4 network and allows applications using the two protocols to operate as ships in the night. This model is applicable to most networks -- home, enterprise, service provider, or content provider network. [...] the native dual-stack connectivity model remains the recommended approach. -- RFC 6180: “Guidelines for Using IPv6 Transition Mechanisms during IPv6 Deployment” PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 4. Reminder: the dual-stack plan Total available IPv4 addresses 4,3bn Internet hosts IPv4 Dual-stack migration period IPv6 0 1998: IPv6 is Time Dual-stack standardised migration complete PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 5. Dual-stack progress report Total available IPv4 addresses 4,3bn Internet hosts IPv4 IPv6 0 1998: IPv6 is Time Today standardised PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 6. Disillusioned dual-stack • A decade of being the recommended approach, yet NO deployment • Does not in any way help with IPv4 depletion • ...the only real reason interest in IPv6 is picking up nowadays • We see increasing address consumption due to virtualization • Adds complexity and operational overhead • More ACLs, more monitoring, more address management, more possible failure scenarios, more setup, more things to test.... • Sysadmins resist complexity: simple=stable PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 7. IPv6-only viability • Most of the server operating systems and applications we commonly use support IPv6(-only) very well • Apache, Bacula, Exim, HAProxy, Icinga, Linux, MySQL, Nginx, OpenSSH, OpenSolaris, Postfix, PostgreSQL, Puppet, Tomcat, Varnish, Zimbra....just to name a few • Proprietary applications may or may not support IPv6 • A few server vendors support IPv6 ILO/OOB management • Network boot/provisioning (PXE) does not support IPv6 • It all depends on the applications used • I estimate that the majority of our customers' servers and applications could have run IPv6-only today with no problems PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 8. Translating IPv4 to IPv6 • Stateless IP/ICMP Translation - SIIT • Specified in RFC 6145 + RFC 6052 • Also known as IVI and NAT46 IPv6 internet • Maps the IPv4 internet into an arbitrary ::/0 (not to scale...) IPv6 prefix – e.g. 2001:db8::0.0.0.0/96: IPv4 internet SIIT “IPv4-in-IPv6” internet 0.0.0.0/0 gateway 2001:db8::0.0.0.0/96 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 9. SIIT 101, part 1 One (or more) of the provider's public IPv4 addresses are routed to the IPv4 interface of the SIIT gateway, using standard IPv4 routing protocols. This address represents a single node inside the IPv6 domain. IPv4 IPv6 Route: 87.238.33.10/32 SIIT gateway PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 10. SIIT 101, part 2 An IPv6 prefix is routed to the IPv6 interface of the SIIT gateway, again using standard routing protocols. This prefix represents the entire IPv4 internet mapped into IPv6. It must be statically configured on the SIIT gateway. IPv4 IPv6 Route: 87.238.33.10/32 Route: 2001:db8::/96 SIIT gateway PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 11. SIIT 101, part 3 The server is configured with an IPv6 address that embeds the entire IPv4 address it will be reachable at from IPv4 clients protocols. This address is routed to the server using standard IPv6 routing protocols. IPv4 IPv6 Route: 87.238.33.10/32 Route: 2001:db8::/96 SIIT gateway www.redpill-linpro.com 2001:db8::87.238.33.10 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 12. SIIT 101, part 4 The server's translated IPv4 address is published in DNS alongside its native IPv6 address: www.redpill-linpro.com. IN A 87.238.33.10 www.redpill-linpro.com. IN AAAA 2001:db8::87.238.33.10 IPv4 IPv6 Route: 87.238.33.10/32 Route: 2001:db8::/96 SIIT gateway www.redpill-linpro.com 2001:db8::87.238.33.10 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 13. SIIT 101, part 4 The IP source/destination addresses are converted as follows (RFC 6052): ➔ When translating from IPv4 to IPv6: Prepend the IPv6 translation prefix ➔ When translating from IPv6 to IPv4: Strip the IPv6 translation prefix The remainder of the IP header fields are converted according to a set of rules specified in RFC 6145, for example: ➔ IPv4 Time To Live <-> IPv6 Hop Limit; ➔ IPv4 Protocol <-> IPv6 Next Header; and so forth. IPv4 packet IPv6 packet Source: Source: 1.2.3.4 Translation 2001:db8::1.2.3.4 Destination: Destination: 87.238.33.10 2001:db8::87.238.33.10 Time To Live: Hop Limit: 64 64 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 14. Summary of a translated flow IPv4 IPv6 IPv4 packet IPv6 packet SRC = 1.2.3.4 SRC = 2001:db8::1.2.3.4 DST = 87.238.33.10 DST = 2001:db8::87.238.33.10 DB www.redpill-linpro.com SIIT gateway 2001:db8::87.238.33.10 File IPv4-only end user ... 1.2.3.4 IPv4 packet IPv6 packet SRC = 87.238.33.10 SRC = 2001:db8::87.238.33.10 DST = 1.2.3.4 DST = 2011:db8::1.2.3.4 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 15. Why we went with SIIT • Avoids the complexity and operational overhead we get with dual-stack • Excellent IPv4 address conservation • Only the servers that are running public services gets IPv4 addresses • No waste due to aggregation, infrastructure, oversized LAN prefixes • Stateless operation has some very advantageous properties: • Performance: no need for flow tracking - wirespeed throughput • Availability: works fine with anycast and equal-cost multipathing • Flexibility: translators does not need to be placed on-path, flows does not have pass bi-directionally across a single translator • Users' IPv4 addresses remain known to the application, e.g., for geo-loc • Several production quality implementations exist, e.g., Cisco ASR • We want to move towards the eventual sunsetting of IPv4 PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 16. Some possible pitfalls • Applications that in general do not support NAT (e.g. FTP) • ALGs may solve the problem in some cases • “Layer 4 MTU” mismatch due to the larger IPv6 header • Means full-sized IPv4 packets must be fragmented on the IPv6 side, if the MTU is the same on both the IPv4 and IPv6 interfaces • Not a problem for TCP as MSS will be negotiated separately • Services that need to initiate connections (e.g. outbound mail servers) • Stateful NAT64+DNS64 or proxies may be used for sporadic outbound communication (such as OS patch retrieval) • We intend to start with HTTP, which will avoid all of the above PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING
  • 17. Questions? Thank you! Further reading: • RFC 6052 - IPv6 Addressing of IPv4/IPv6 Translators • RFC 6145 – IP/ICMP Translation Algorithm • RFC 6219 - The CERNET IVI Translation Design and Deployment for the IPv4/IPv6 Coexistence and Transition PRODUCTS • CONSULTING • APPLICATION MANAGEMENT • IT OPERATIONS • SUPPORT • TRAINING