SlideShare a Scribd company logo

IPv6 at CSCS

Swiss IPv6 Council
Swiss IPv6 Council

IPv6 configuration at CSCS ● Dual Stack approach ● Static addressing for networking equipment and servers ● Dynamic addressing for PC and guest networks – Auto configuration with SLAAC ● But we still rely on DHCPv4 to distribute DNS – Tests ongoing for: ● Distributing DNS via RA (RDNSS, RFC6106) ● DHCPv6 IPv6 deployment 5 ● Configure the network part and FW/ACLs – Test ● Configure IPv6 on the systems – Test – At this point the system uses IPv6 and IPv4 for outgoing connections ● Publish the AAAA resource record into the DNS with short TTL – If test is succesful: set normal TTL for the RR AAAA – Now the system is fully IPv6 enabled IPv6 lessons learned 7 ● Some network devices send out RA even if they shouldn't – Impact: machines get IPv6 global address ● Disable SLAAC autoconfiguration on all the servers ● Rogue RA: – Impact: default gateway changed! No IPv6 connectivity anymore.. ● Filter RA messages at the network level ● IPv6 ACL: be careful not to filter NS/ND messages – Impact: you may break IPv6 connectivity ● On IPv6 ARP is replaced by ICMPv6 NS and ICMPv6 ND messages ● Firewall IPv6 limitations (CLI config needed, WebGUI not ready) ● Services not listening on IPv6. Remember to configure ssh, httpd, etc to listen also on IPv6

1 of 11
Download to read offline
IPv6 at CSCS Swiss IPv6 Council, Lugano, November 29th, 2012 Chris Gamboni, CSCS Email: cgamboni@cscs.ch
2 IPv6 status at CSCS ● Spring 2011: Initial IPv6 network support ● Spring 2011: IPv6 enabled on some test networks ● Spring 2011: Initial IPv6 deploy on DMZ ● 6 June 2011: IPv6 World Day ● Autumn 2011: Set up new Firewall with IPv6 support ● Winter 2011: IPv6 on DMZ, with www.cscs.ch and dns ● Spring 2012: IPv6 enabled on Office and Guest networks ● First half of 2012 : CSCS relocation from Manno to Lugano ● 6 June 2012: IPv6 Launch Day ● Autumn 2012: IPv6 enabled on frontend nodes ● Autumn 2012: First HPC cluster with IPv6 connectivity
3 IPv6 addresses ● 2001:620:808::/48 is the official IPv6 subnet assigned to CSCS – Our network may be splitted into 65536 networks (/64) – A plan is needed: for example we can split our subnet in 16 x /52 subnets ● 2001:620:808:0000::/52 = Offices ● 2001:620:808:1000::/52 = Guests ● 2001:620:808:2000::/52 = Lab ● 2001:620:808:3000::/52 = DataCenter ● 2001:620:808:4000::/52 = Networking equipment ● ... ● 2001:620:808:f000::/52 = DMZ – In this case each /52 subnet has up to 4096 networks (/64)
4 IPv6 configuration at CSCS ● Dual Stack approach ● Static addressing for networking equipment and servers ● Dynamic addressing for PC and guest networks – Auto configuration with SLAAC ● But we still rely on DHCPv4 to distribute DNS – Tests ongoing for: ● Distributing DNS via RA (RDNSS, RFC6106) ● DHCPv6
5 IPv6 deployment ● Configure the network part and FW/ACLs – Test ● Configure IPv6 on the systems – Test – At this point the system uses IPv6 and IPv4 for outgoing connections ● Publish the AAAA resource record into the DNS with short TTL – If test is succesful: set normal TTL for the RR AAAA – Now the system is fully IPv6 enabled
6 IPv6 SLAAC ● SLAAC Stateless auto configuration: – Privacy concerns: ● use DHCPv6 or Privacy Extension – How do you track users ? ● Monitoring tools have to be installed ● Example: – arpwatch doesn't work for IPv6
7 IPv6 lessons learned ● Some network devices send out RA even if they shouldn't – Impact: machines get IPv6 global address ● Disable SLAAC autoconfiguration on all the servers ● Rogue RA: – Impact: default gateway changed! No IPv6 connectivity anymore.. ● Filter RA messages at the network level ● IPv6 ACL: be careful not to filter NS/ND messages – Impact: you may break IPv6 connectivity ● On IPv6 ARP is replaced by ICMPv6 NS and ICMPv6 ND messages ● Firewall IPv6 limitations (CLI config needed, WebGUI not ready) ● Services not listening on IPv6. Remember to configure ssh, httpd, etc to listen also on IPv6
8 IPv6 problems at CSCS ● User tracking for auto configured networks ● Reverse dns for auto configured networks – IPAM ? DHCPv6 ? ● Firewall support not yet complete – Next release ? ● Network devices support not complete – Next release ? ● OS support not yet complete (dhcpv6 support, RDNSS, etc.) ● Not enough experience on IPv6 ● Applications support for IPv6 ● IPv6 on non IPv6 enabled networks (6to4, teredo, tunnels,etc.)
CSCS next steps ● Consolidate Data Center IPv6 deployment ● Gain experience ● Solve problems !
10 IPv6 tools ● ping6 ● traceroute6 ● IPv6 Monitoring tools: – NDPmon – Ipv6mon – addrwatch – ramond ● IPv6 Security tools: – THC-IPv6 The Hacker Choice Attack Toolkit – Nmap (v 5)
Conclusion ● CSCS has already enabled IPv6 – Gaining experience on IPv6 deployment – Problems on IPv6 have a low impact (now) ● DataCenter is ready to support IPv6 – New system with dual stack IPv4/IPv6, where possible. – Some existing systems will get IPv6. ● Still waiting for some features on network device ● Still waiting for more support from OS vendor

Recommended

Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationSwiss IPv6 Council
 
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandIPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandSwiss IPv6 Council
 
Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppOliver Müller
 
The Use of IPv6 in IoT
The Use of IPv6 in IoTThe Use of IPv6 in IoT
The Use of IPv6 in IoTOliver Müller
 
IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungSwiss IPv6 Council
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
IPv6 Security und Hacking
IPv6 Security und HackingIPv6 Security und Hacking
IPv6 Security und HackingSwiss IPv6 Council
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwiss IPv6 Council
 

Recommended

Der Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationDer Einsatz von Lisp für die IPv6 Migration
Der Einsatz von Lisp für die IPv6 MigrationSwiss IPv6 Council
 
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandIPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandSwiss IPv6 Council
 
Microsoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppMicrosoft IT's IPv6 Killer App
Microsoft IT's IPv6 Killer AppOliver Müller
 
The Use of IPv6 in IoT
The Use of IPv6 in IoTThe Use of IPv6 in IoT
The Use of IPv6 in IoTOliver Müller
 
IPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungIPv6 Adressvergabe und Adressierung
IPv6 Adressvergabe und AdressierungSwiss IPv6 Council
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
IPv6 Security und Hacking
IPv6 Security und HackingIPv6 Security und Hacking
IPv6 Security und HackingSwiss IPv6 Council
 
Swisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwisscom: Testing von IPv6 Security Devices
Swisscom: Testing von IPv6 Security DevicesSwiss IPv6 Council
 
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesHands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesCisco Canada
 
Sky IPv6 Update
Sky IPv6 UpdateSky IPv6 Update
Sky IPv6 UpdateOliver Müller
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
IPv6 at Mythic Beasts - Networkshop44
IPv6 at Mythic Beasts - Networkshop44IPv6 at Mythic Beasts - Networkshop44
IPv6 at Mythic Beasts - Networkshop44Jisc
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
IPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi PaletIPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi PaletРегистар националног Интернет домена Србије - РНИДС
 
IPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi PaletIPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi PaletРегистар националног Интернет домена Србије - РНИДС
 
IPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi PaletIPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi PaletРегистар националног Интернет домена Србије - РНИДС
 
Application Engineered Routing: Allowing Applications to Program the Network
Application Engineered Routing: Allowing Applications to Program the NetworkApplication Engineered Routing: Allowing Applications to Program the Network
Application Engineered Routing: Allowing Applications to Program the NetworkCisco Canada
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PROIDEA
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
IPv6 New RFCs
IPv6 New RFCsIPv6 New RFCs
IPv6 New RFCsAPNIC
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6Zivaro Inc
 
Content over IPv6: no excuses
Content over IPv6: no excusesContent over IPv6: no excuses
Content over IPv6: no excusesIvan Pepelnjak
 
Ipv6
Ipv6Ipv6
Ipv6Nitesh Singh
 
IPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise NetworksIPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise NetworksIvan Pepelnjak
 
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop ServiceCOLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop ServiceThe Linux Foundation
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsNetwork Utility Force
 
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksLayer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksVikram G Hosakote
 
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?Swiss IPv6 Council
 
Carien Engelhard, interview en portfolio
Carien Engelhard, interview en portfolioCarien Engelhard, interview en portfolio
Carien Engelhard, interview en portfolioKunst & Marketing | Kunstenaars in de Markt
 

More Related Content

What's hot

Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesHands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesCisco Canada
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
IPv6 at Mythic Beasts - Networkshop44
IPv6 at Mythic Beasts - Networkshop44IPv6 at Mythic Beasts - Networkshop44
IPv6 at Mythic Beasts - Networkshop44Jisc
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
Application Engineered Routing: Allowing Applications to Program the Network
Application Engineered Routing: Allowing Applications to Program the NetworkApplication Engineered Routing: Allowing Applications to Program the Network
Application Engineered Routing: Allowing Applications to Program the NetworkCisco Canada
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PROIDEA
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
IPv6 New RFCs
IPv6 New RFCsIPv6 New RFCs
IPv6 New RFCsAPNIC
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6Zivaro Inc
 
Content over IPv6: no excuses
Content over IPv6: no excusesContent over IPv6: no excuses
Content over IPv6: no excusesIvan Pepelnjak
 
IPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise NetworksIPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise NetworksIvan Pepelnjak
 
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop ServiceCOLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop ServiceThe Linux Foundation
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsNetwork Utility Force
 
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksLayer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksVikram G Hosakote
 

What's hot (20)

Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesHands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and Services
 
Sky IPv6 Update
Sky IPv6 UpdateSky IPv6 Update
Sky IPv6 Update
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
 
IPv6 at Mythic Beasts - Networkshop44
IPv6 at Mythic Beasts - Networkshop44IPv6 at Mythic Beasts - Networkshop44
IPv6 at Mythic Beasts - Networkshop44
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 Lessons
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack Environments
 
IPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi PaletIPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi Palet
 
IPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi PaletIPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi Palet
 
IPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi PaletIPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi Palet
 
Application Engineered Routing: Allowing Applications to Program the Network
Application Engineered Routing: Allowing Applications to Program the NetworkApplication Engineered Routing: Allowing Applications to Program the Network
Application Engineered Routing: Allowing Applications to Program the Network
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNIC
 
IPv6 New RFCs
IPv6 New RFCsIPv6 New RFCs
IPv6 New RFCs
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
Content over IPv6: no excuses
Content over IPv6: no excusesContent over IPv6: no excuses
Content over IPv6: no excuses
 
Ipv6
Ipv6Ipv6
Ipv6
 
IPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise NetworksIPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise Networks
 
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop ServiceCOLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
COLO: COarse-grain LOck-stepping Virtual Machines for Non-stop Service
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the FundamentalsRoadmap to Next Generation IP Networks: A Review of the Fundamentals
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
 
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksLayer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
 

Viewers also liked

IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?Swiss IPv6 Council
 
CSCS Expert Community project summary
CSCS Expert Community project summaryCSCS Expert Community project summary
CSCS Expert Community project summaryPistoia Alliance
 
Dangerous construction pictures
Dangerous construction picturesDangerous construction pictures
Dangerous construction picturesAndy Jones
 
Noise Module 3 - Overview- industrial noise control
Noise Module 3 - Overview- industrial noise controlNoise Module 3 - Overview- industrial noise control
Noise Module 3 - Overview- industrial noise controlNorrazman Zaiha Zainol
 
Strength Training Basics Part 1
Strength Training Basics Part 1Strength Training Basics Part 1
Strength Training Basics Part 1Brian Ayers
 
Noise module 5 - Introduction to noise analysis
Noise module 5 - Introduction to noise analysisNoise module 5 - Introduction to noise analysis
Noise module 5 - Introduction to noise analysisNorrazman Zaiha Zainol
 
Noise Module 4 - Noise control regulations
Noise Module 4 - Noise control regulationsNoise Module 4 - Noise control regulations
Noise Module 4 - Noise control regulationsNorrazman Zaiha Zainol
 
Noise Module 1 - Introduction to sound and noise
Noise Module 1 - Introduction to sound and noiseNoise Module 1 - Introduction to sound and noise
Noise Module 1 - Introduction to sound and noiseNorrazman Zaiha Zainol
 
Strength Training Basics Part 2
Strength Training Basics Part 2Strength Training Basics Part 2
Strength Training Basics Part 2Brian Ayers
 
Module 2 Legislation of OSH in Malaysia
Module 2 Legislation of OSH in MalaysiaModule 2 Legislation of OSH in Malaysia
Module 2 Legislation of OSH in MalaysiaNorrazman Zaiha Zainol
 
Module 1 Introduction to Industrial Safety
Module 1 Introduction to Industrial SafetyModule 1 Introduction to Industrial Safety
Module 1 Introduction to Industrial SafetyNorrazman Zaiha Zainol
 
Module 3 OSH Management System MS1722:2003 OSH-MS
Module 3 OSH Management System MS1722:2003 OSH-MSModule 3 OSH Management System MS1722:2003 OSH-MS
Module 3 OSH Management System MS1722:2003 OSH-MSNorrazman Zaiha Zainol
 
Asas Keselamatan dalam Kerja Elektrik: Modul 1 - Perundangan
Asas Keselamatan dalam Kerja Elektrik: Modul 1 - Perundangan Asas Keselamatan dalam Kerja Elektrik: Modul 1 - Perundangan
Asas Keselamatan dalam Kerja Elektrik: Modul 1 - Perundangan Norrazman Zaiha Zainol
 

Viewers also liked (17)

IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?IPv6 Integration im Datacenter - wie komplex ist es wirklich?
IPv6 Integration im Datacenter - wie komplex ist es wirklich?
 
Carien Engelhard, interview en portfolio
Carien Engelhard, interview en portfolioCarien Engelhard, interview en portfolio
Carien Engelhard, interview en portfolio
 
CSCS Expert Community project summary
CSCS Expert Community project summaryCSCS Expert Community project summary
CSCS Expert Community project summary
 
Noise Module 2 - Audiometry
Noise Module 2 - AudiometryNoise Module 2 - Audiometry
Noise Module 2 - Audiometry
 
IPv6 Transition
IPv6 TransitionIPv6 Transition
IPv6 Transition
 
CAREER AS SAFETY AND HEALTH OFFICER
CAREER AS SAFETY AND HEALTH OFFICERCAREER AS SAFETY AND HEALTH OFFICER
CAREER AS SAFETY AND HEALTH OFFICER
 
Dangerous construction pictures
Dangerous construction picturesDangerous construction pictures
Dangerous construction pictures
 
Noise Module 3 - Overview- industrial noise control
Noise Module 3 - Overview- industrial noise controlNoise Module 3 - Overview- industrial noise control
Noise Module 3 - Overview- industrial noise control
 
Strength Training Basics Part 1
Strength Training Basics Part 1Strength Training Basics Part 1
Strength Training Basics Part 1
 
Noise module 5 - Introduction to noise analysis
Noise module 5 - Introduction to noise analysisNoise module 5 - Introduction to noise analysis
Noise module 5 - Introduction to noise analysis
 
Noise Module 4 - Noise control regulations
Noise Module 4 - Noise control regulationsNoise Module 4 - Noise control regulations
Noise Module 4 - Noise control regulations
 
Noise Module 1 - Introduction to sound and noise
Noise Module 1 - Introduction to sound and noiseNoise Module 1 - Introduction to sound and noise
Noise Module 1 - Introduction to sound and noise
 
Strength Training Basics Part 2
Strength Training Basics Part 2Strength Training Basics Part 2
Strength Training Basics Part 2
 
Module 2 Legislation of OSH in Malaysia
Module 2 Legislation of OSH in MalaysiaModule 2 Legislation of OSH in Malaysia
Module 2 Legislation of OSH in Malaysia
 
Module 1 Introduction to Industrial Safety
Module 1 Introduction to Industrial SafetyModule 1 Introduction to Industrial Safety
Module 1 Introduction to Industrial Safety
 
Module 3 OSH Management System MS1722:2003 OSH-MS
Module 3 OSH Management System MS1722:2003 OSH-MSModule 3 OSH Management System MS1722:2003 OSH-MS
Module 3 OSH Management System MS1722:2003 OSH-MS
 
Asas Keselamatan dalam Kerja Elektrik: Modul 1 - Perundangan
Asas Keselamatan dalam Kerja Elektrik: Modul 1 - Perundangan Asas Keselamatan dalam Kerja Elektrik: Modul 1 - Perundangan
Asas Keselamatan dalam Kerja Elektrik: Modul 1 - Perundangan
 

Similar to IPv6 at CSCS

IPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanIPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanJumping Bean
 
Deploying IPv6-mostly access networks
Deploying IPv6-mostly access networksDeploying IPv6-mostly access networks
Deploying IPv6-mostly access networksRIPE NCC
 
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...Jim St. Leger
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015Netgate
 
The IPv6-Only Network
The IPv6-Only NetworkThe IPv6-Only Network
The IPv6-Only NetworkAPNIC
 
Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6 Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6 Ceph Community
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 
High Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing CommunityHigh Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing Community6WIND
 
IPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadbandIPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadbandAPNIC
 
JavaZone 2023 Lyntale.pdf
JavaZone 2023 Lyntale.pdfJavaZone 2023 Lyntale.pdf
JavaZone 2023 Lyntale.pdfSteinar Bang
 
IPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have ToIPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have ToGary Wilhelm
 
Tutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoTutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoAPNIC
 
IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onAPNIC
 
OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6Shixiong Shang
 

Similar to IPv6 at CSCS (20)

Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
 
IPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanIPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 Lan
 
Deploying IPv6-mostly access networks
Deploying IPv6-mostly access networksDeploying IPv6-mostly access networks
Deploying IPv6-mostly access networks
 
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
 
Run Your Own 6LoWPAN Based IoT Network
Run Your Own 6LoWPAN Based IoT NetworkRun Your Own 6LoWPAN Based IoT Network
Run Your Own 6LoWPAN Based IoT Network
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015
 
The IPv6-Only Network
The IPv6-Only NetworkThe IPv6-Only Network
The IPv6-Only Network
 
Neutron IPv6
Neutron IPv6Neutron IPv6
Neutron IPv6
 
Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6 Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6
 
High Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing CommunityHigh Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing Community
 
7 slaac-rick graziani
7 slaac-rick graziani7 slaac-rick graziani
7 slaac-rick graziani
 
IPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadbandIPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadband
 
What's new in Neutron Juno
What's new in Neutron JunoWhat's new in Neutron Juno
What's new in Neutron Juno
 
JavaZone 2023 Lyntale.pdf
JavaZone 2023 Lyntale.pdfJavaZone 2023 Lyntale.pdf
JavaZone 2023 Lyntale.pdf
 
IPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have ToIPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have To
 
Tutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoTutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demo
 
IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-on
 
OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6
 
IPv6 training guide - Yuval Shaul
IPv6 training guide - Yuval ShaulIPv6 training guide - Yuval Shaul
IPv6 training guide - Yuval Shaul
 

More from Swiss IPv6 Council

Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Swiss IPv6 Council
 
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Swiss IPv6 Council
 
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieIPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieSwiss IPv6 Council
 
IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6Swiss IPv6 Council
 
SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"Swiss IPv6 Council
 
Dos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionDos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionSwiss IPv6 Council
 
Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Swiss IPv6 Council
 
IPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationIPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationSwiss IPv6 Council
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationSwiss IPv6 Council
 
Network Neutrality - What's At Stake
Network Neutrality - What's At StakeNetwork Neutrality - What's At Stake
Network Neutrality - What's At StakeSwiss IPv6 Council
 

More from Swiss IPv6 Council (13)

Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014Intro Swiss IPv6 Council Event, 24. März 2014
Intro Swiss IPv6 Council Event, 24. März 2014
 
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
Dual-Stack IPv6 Monitoring bei AWK - Member Anlass Swiss IPv6 Council Nov 2013
 
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der VorstudieIPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
IPv6 bei PostFinance AG - Erste Erkenntnisse aus der Vorstudie
 
IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6IPv6 bei der Post - Step by Step zu IPv6
IPv6 bei der Post - Step by Step zu IPv6
 
SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"SIG IPv6 Provider "IPv6 Ready"
SIG IPv6 Provider "IPv6 Ready"
 
Dos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 TransitionDos And Donts Of IPv6 Transition
Dos And Donts Of IPv6 Transition
 
Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen Members geneva dos and donts of transition silvia hagen
Members geneva dos and donts of transition silvia hagen
 
IPv6 solutions for an easy implementation
IPv6 solutions for an easy implementationIPv6 solutions for an easy implementation
IPv6 solutions for an easy implementation
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- Acceleration
 
Network Neutrality - What's At Stake
Network Neutrality - What's At StakeNetwork Neutrality - What's At Stake
Network Neutrality - What's At Stake
 
LISP Update
LISP UpdateLISP Update
LISP Update
 
IPv6 Enterprise Planning
IPv6 Enterprise PlanningIPv6 Enterprise Planning
IPv6 Enterprise Planning
 

IPv6 at CSCS

  • 1. IPv6 at CSCS Swiss IPv6 Council, Lugano, November 29th, 2012 Chris Gamboni, CSCS Email: cgamboni@cscs.ch
  • 2. 2 IPv6 status at CSCS ● Spring 2011: Initial IPv6 network support ● Spring 2011: IPv6 enabled on some test networks ● Spring 2011: Initial IPv6 deploy on DMZ ● 6 June 2011: IPv6 World Day ● Autumn 2011: Set up new Firewall with IPv6 support ● Winter 2011: IPv6 on DMZ, with www.cscs.ch and dns ● Spring 2012: IPv6 enabled on Office and Guest networks ● First half of 2012 : CSCS relocation from Manno to Lugano ● 6 June 2012: IPv6 Launch Day ● Autumn 2012: IPv6 enabled on frontend nodes ● Autumn 2012: First HPC cluster with IPv6 connectivity
  • 3. 3 IPv6 addresses ● 2001:620:808::/48 is the official IPv6 subnet assigned to CSCS – Our network may be splitted into 65536 networks (/64) – A plan is needed: for example we can split our subnet in 16 x /52 subnets ● 2001:620:808:0000::/52 = Offices ● 2001:620:808:1000::/52 = Guests ● 2001:620:808:2000::/52 = Lab ● 2001:620:808:3000::/52 = DataCenter ● 2001:620:808:4000::/52 = Networking equipment ● ... ● 2001:620:808:f000::/52 = DMZ – In this case each /52 subnet has up to 4096 networks (/64)
  • 4. 4 IPv6 configuration at CSCS ● Dual Stack approach ● Static addressing for networking equipment and servers ● Dynamic addressing for PC and guest networks – Auto configuration with SLAAC ● But we still rely on DHCPv4 to distribute DNS – Tests ongoing for: ● Distributing DNS via RA (RDNSS, RFC6106) ● DHCPv6
  • 5. 5 IPv6 deployment ● Configure the network part and FW/ACLs – Test ● Configure IPv6 on the systems – Test – At this point the system uses IPv6 and IPv4 for outgoing connections ● Publish the AAAA resource record into the DNS with short TTL – If test is succesful: set normal TTL for the RR AAAA – Now the system is fully IPv6 enabled
  • 6. 6 IPv6 SLAAC ● SLAAC Stateless auto configuration: – Privacy concerns: ● use DHCPv6 or Privacy Extension – How do you track users ? ● Monitoring tools have to be installed ● Example: – arpwatch doesn't work for IPv6
  • 7. 7 IPv6 lessons learned ● Some network devices send out RA even if they shouldn't – Impact: machines get IPv6 global address ● Disable SLAAC autoconfiguration on all the servers ● Rogue RA: – Impact: default gateway changed! No IPv6 connectivity anymore.. ● Filter RA messages at the network level ● IPv6 ACL: be careful not to filter NS/ND messages – Impact: you may break IPv6 connectivity ● On IPv6 ARP is replaced by ICMPv6 NS and ICMPv6 ND messages ● Firewall IPv6 limitations (CLI config needed, WebGUI not ready) ● Services not listening on IPv6. Remember to configure ssh, httpd, etc to listen also on IPv6
  • 8. 8 IPv6 problems at CSCS ● User tracking for auto configured networks ● Reverse dns for auto configured networks – IPAM ? DHCPv6 ? ● Firewall support not yet complete – Next release ? ● Network devices support not complete – Next release ? ● OS support not yet complete (dhcpv6 support, RDNSS, etc.) ● Not enough experience on IPv6 ● Applications support for IPv6 ● IPv6 on non IPv6 enabled networks (6to4, teredo, tunnels,etc.)
  • 9. CSCS next steps ● Consolidate Data Center IPv6 deployment ● Gain experience ● Solve problems !
  • 10. 10 IPv6 tools ● ping6 ● traceroute6 ● IPv6 Monitoring tools: – NDPmon – Ipv6mon – addrwatch – ramond ● IPv6 Security tools: – THC-IPv6 The Hacker Choice Attack Toolkit – Nmap (v 5)
  • 11. Conclusion ● CSCS has already enabled IPv6 – Gaining experience on IPv6 deployment – Problems on IPv6 have a low impact (now) ● DataCenter is ready to support IPv6 – New system with dual stack IPv4/IPv6, where possible. – Some existing systems will get IPv6. ● Still waiting for some features on network device ● Still waiting for more support from OS vendor