Kinber ipv6-education-healthcare

© 2013 Utilities Telecom Council
IPv6: What Higher Education Needs to Know,
Now
Brandon Ross
Chief Network Architect and CEO
Network Utility Force

KINBER 2013 Member Meeting
IPv6 Support Required for All IP-Capable Nodes – RFC 6540
Given the global lack of available IPv4 space, and
limitations in IPv4 extension and transition technologies,
this document advises that IPv6 support is no longer
considered optional. It also cautions that there are places in
existing IETF documents where the term "IP" is used in a
way that could be misunderstood by implementers as the
term "IP" becomes a generic that can mean IPv4 + IPv6,
IPv6-only, or IPv4-only, depending on context and
application.

RFC 6540
• Are you aware of this requirement?
• Are your nodes IPv6 capable?

Background
• IPv4 depletion is already occurring
• IPv6 adoption is accelerating
• Most network hardware supports IPv6
• For the most part, dual stack Just Works
http://www.potaroo.net/tools/ipv4/
IPv4 Free Pool Depletion
http://bgp.potaroo.net/v6/as2.0/
IPv6 Routing Table Growth

US Feds Lesson Learned
The US federal government had a mandate for all public facing web
services to support IPv6 by September 30, 2012.
287 of 1494 sites had IPv6 web support by the deadline.
Today 958 of 1351 sites support IPv6.
That’s over 70%. Not 100%, but far ahead
of most other large organizations.Source: http://usgv6-deploymon.antd.nist.gov//

But Can We Afford to Deploy IPv6?
• Well, what are the costs?
– See Lee Howard’s talks on IPv6 deployment costs (and costs of NOT
deploying IPv6) (http://www.youtube.com/watch?v=vXf8ZIew1j0)
– A good estimate for the cost of renumbering existing devices to free up
IPv4 space is $2.50/device
– Sale of an IPv4 address is likely to bring in $10-15 per address for the
next year or two
– After ARIN free space run-out, each IPv4 address is likely to bring in
twice that, $20-30, and up

Paying for IPv6 Deployment
• Many educational institutions have large address allocations
– Some math for an example institution that has a /16 (historically called
a “Class B”)
– /16 = 65,384 addresses
– Let’s assume that by renumbering ¼ of that address space, that ½ of it
will be freed
• ¼ of 65,384 is 16,346
• ½ of 65,384 is 32,692
• It costs $2.50 to renumber 16,346 devices. 2.50*16346=$40,865
• At sale, addresses fetch $20 each. 20*32,692=$5,081,730.
• Net proceeds: $5,081,730-$40,865=$5,040,865!!!

What next?
“Okay, my organization is convinced it’s time
to begin IPv6 deployment, what do I need to
consider?”

Consider the Fundamentals of Best Practice
The fundamentals haven’t changed a bit for
IPv6, consider:
• Security
• Maintainability
• Scalability
• Performance
• Flexibility

Apply the Fundamentals
What areas need the most attention?
• Addressing plan
• Interconnectivity
• Bootstrapping/AAA
• Security issues
• Staff training
• Transition

IPv6 Address Space is VAST
“IPv6 uses a 128-bit address, allowing 2128, or approximately
3.4×1038 addresses, or more than 7.9×1028 times as many as
IPv4, which uses 32-bit addresses.” (Wikipedia)
That’s 340 Undecillion!
Undecillion is a number with 36 zeros.
We must change our thinking about how to allocate address
space to meet our best practice goals.

State of Assignments
• All of the registries, for the most part, assign initial blocks
for
 Service provider /32
 Enterprise /48

What makes up a good addressing plan?
• Depends on the type of network, the size of the
network, and problem to be solved
• Points to consider
 Documentation
 Ease of troubleshooting
 Aggregation
 Standards compliance
 Growth
 SLAAC
 Existing IPv4 addressing plan
 Human factors

Interconnectivity
• Routing protocols have been updated, but the fundamental
concepts remain the same
– Run routing protocols such that they fail when the underlying transport
fails
• That means separate v4 and v6 protocols
– For ease of management, configure IPv4 and IPv6 connectivity to
follow the same paths
– Also use the same routing policies whenever possible
• Ask your Internet traffic peers, suppliers, partners and clients
to begin transporting IPv6 traffic

Security Issues
• Use the same diligence you used for IPv4
• Ask equipment vendors to support specific protections in IPv6
– RA-Guard – prevents an attacker from sending rogue RAs into the
network and becoming a man-in-the-middle
– DHCP-Shield – similar to RA-Guard in that it blocks fake DHCP
servers from giving out false information
• Ensure equipment supports all IPv4 features you use in IPv6
as well such as ACLs, anti-spoof filtering (RPF), etc. Why
should v6 be any different in these areas?
• Where firewalls are needed, ensure your choice of firewall
supports v6 as well as v4.
• NAT is NOT a security feature and v6 doesn’t have it

Staff Training
• Find an experienced organization to provide training
• Education and research institutions require a different level of
scalability and maintainability than enterprise, use a trainer
that understands education’s unique challenges
• Build a lab, get a tunnel to experiment with IPv6

How to get there from here
• IPv6 transition technologies have been designed by
standards organizations to make a transition to an IPv6 world
easier
• They all involve compromises in performance or functionality
(or both) because inherently IPv4-only devices CAN NOT
speak to IPv6-only devices without help
• These technologies bridge between those worlds, or allow
one to operate on top of the other

Transition
• 3 types of transition technologies
– Dual Stack
• Hopefully will be the most common
• Simply means running both v4 and v6 at the same time
– Tunneling
• Putting either IPv4 packets inside IPv6 packets or vice versa, depending on the situation
• Can be useful to solve problems in certain areas, but in general, tunneling hurts performance
and should be avoided when possible
• Examples: 6rd, 6in4, 4in6, DS-Lite, MAP
– Translation
• Converting an IPv4 packet into an IPv6 packet or vice versa
• Like in tunnels, can be useful in certain circumstances, especially for rapid deployment of IPv6
on public facing services such as web servers
• Example: NAT64

Case Study - InteropNet
• InteropNet is the network that supports the Interop trade
show, known as one of the largest portable, rapid deployment
network in the world
• The network supports 100’s of exhibitor booths and 10’s of
thousands of attendees to the show
• Native IPv6 has been consistently supported everywhere in
the network for the last 3 years (and supported in a less
ubiquitous manner for over 15 years)
• Users inside the InteropNET used IPv6 to reach
www.interop.com without knowing it
• 4 GB delivered over IPv6
• 13 GB delivered over IPv4

Case Study – City of Douglasville, GA
• One of the first, free, metro Wifi projects to support native
IPv6
• Covers 60 acres in Douglasville, a suburb of Atlanta including
parks and a downtown pedestrian area

Conclusions
• IPv6 works in the real world
• There are challenges to implementing IPv6, but nothing
show-stopping
• Much of the Internet’s content is reachable over IPv6 (and
growing fast) including all of Google, FaceBook and 3000
other sites
• A much smaller percentage of Internet users have IPv6
connectivity (though this may change quickly with IPv4
depletion)

Questions?
Brandon Ross – bross@netuf.net - +1-404-635-6667
Download the
presentation using this
QR code:

Kinber ipv6-education-healthcare

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (6)

Semelhante a Kinber ipv6-education-healthcare

Semelhante a Kinber ipv6-education-healthcare (20)

Mais de Network Utility Force

Mais de Network Utility Force (8)

Último

Último (20)

Kinber ipv6-education-healthcare