An IPv6 presentation on implementation best practices for service providers by Brandon Ross, a certified IPv6 network engineer and Chief Network Architect for Network Utility Force (netuf.net).

1. © 2013 Utilities Telecom Council
Brandon Ross
Chief Network Architect and CEO
Network Utility Force
www.netuf.net
@NetUF
IPv6 Implementation Best Practices
For Service Providers
COMPTEL Webinars powered by Copper Services

2. 1
COMPTEL Webinars powered by Copper Services
RFC 6540
- IPv6 Support Required for All IP-Capable Nodes -
Given the global lack of available IPv4 space, and
limitations in IPv4 extension and transition
technologies, this document advises that IPv6 support is no
longer considered optional. It also cautions that there are
places in existing IETF documents where the term "IP" is
used in a way that could be misunderstood by
implementers as the term "IP" becomes a generic that can
mean IPv4 + IPv6, IPv6-only, or IPv4-only, depending on
context and application.

3. 2
COMPTEL Webinars powered by Copper Services
RFC 6540
• Are you aware of this requirement?
• Are your nodes IPv6 capable?

4. 3
COMPTEL Webinars powered by Copper Services
IPv6 Background
• IPv4 depletion is already occurring
• IPv6 adoption is accelerating
• Most network hardware supports IPv6
• For the most part, dual stack Just Works

5. 4
COMPTEL Webinars powered by Copper Services
IPv4 Free Pool Depletion
http://www.potaroo.net/tools/ipv4/index.html

6. 5
COMPTEL Webinars powered by Copper Services
IPv6 Enabled Networks
http://www.ipv6actnow.org/info/statistics/

7. 6
COMPTEL Webinars powered by Copper Services
US Federal Lesson Learned
- federal government had mandate for all public facing web services
to support IPv6 by September 30, 2012 –
(287 of 1494 sites had IPv6 web support by the deadline)
Today 962 of 1332 sites support IPv6 - over 70%
(far ahead of most other large organizations)
Source: http://usgv6-deploymon.antd.nist.gov//

8. 7
COMPTEL Webinars powered by Copper Services
What next?
“Okay, my organization is convinced it’s time
to begin IPv6 deployment, what do I need to
consider?”

9. 8
COMPTEL Webinars powered by Copper Services
Best Practices
The fundamentals haven’t changed a bit for IPv6, consider:
• Security
• Maintainability
• Scalability
• Performance
• Flexibility

10. 9
COMPTEL Webinars powered by Copper Services
Apply the Fundamentals
What areas need the most attention?
• Addressing plan
• Interconnectivity
• Bootstrapping/AAA
• Security issues
• Staff training
• Transition

11. 10
COMPTEL Webinars powered by Copper Services
IPv6 Address Space is VAST
“IPv6 uses a 128-bit address, allowing 2128, or approximately
3.4×1038 addresses, or more than 7.9×1028 times as many as
IPv4, which uses 32-bit addresses.” (Wikipedia)
That’s 340 Undecillion!
Undecillion is a number with 36 zeros.
We must change our thinking about how to allocate address
space to meet our best practice goals.

12. 11
COMPTEL Webinars powered by Copper Services
State of Assignments
• All of the registries, for the most part, assign initial blocks
for
 Service provider /32
 Enterprise /48

13. 12
COMPTEL Webinars powered by Copper Services
What makes up a good addressing plan?
• Depends on the type of network, the size of the
network, and problem to be solved
• Points to consider
 Documentation
 Ease of troubleshooting
 Aggregation
 Standards compliance
 Growth
 SLAAC
 Existing IPv4 addressing plan
 Human factors

14. 13
COMPTEL Webinars powered by Copper Services
Algorithmic Approaches
• Interop took an algorithmic approach to IPv6
numbering
• Encode every IPv4 address in your network in an
IPv6 address
10.10.10.10 (A0A0A0A)
2001:DB8:A0A:A0A::

15. 14
COMPTEL Webinars powered by Copper Services
Interconnectivity
• Routing protocols have been updated, but the fundamental
concepts remain the same
– Run routing protocols such that they fail when the underlying transport
fails
• That means separate v4 and v6 protocols
– For ease of management, configure IPv4 and IPv6 connectivity to
follow the same paths
– Also use the same routing policies whenever possible
• Ask your Internet traffic peers, suppliers, partners and clients
to begin transporting IPv6 traffic

16. 15
COMPTEL Webinars powered by Copper Services
Bootstrapping/AAA
• Some fundamental changes have been made to the
bootstrap process to join an IPv6 network, all part of the
Neighbor Discovery process
– Router Advertisements (RA) – Tells potential clients about the routers
and prefixes available on the network
– StateLess Address Auto Configuration (SLAAC)
• New in IPv6, allows a device to generate it’s own address
• Supported universally
– Dynamic Host Configuration Protocol v6 (DHCPv6)
• Very similar to v4, can distribute address, DNS server, other information
about the network
• Good support, but far from universal

17. 16
COMPTEL Webinars powered by Copper Services
Security Issues
• Use the same diligence you used for IPv4
• Ask equipment vendors to support specific protections in IPv6
– RA-Guard – prevents an attacker from sending rogue RAs into the
network and becoming a man-in-the-middle
– DHCP-Shield – similar to RA-Guard in that it blocks fake DHCP
servers from giving out false information
• Ensure equipment supports all IPv4 features you use in IPv6
as well such as ACLs, anti-spoof filtering (RPF), etc. Why
should v6 be any different in these areas?
• Where firewalls are needed, ensure your choice of firewall
supports v6 as well as v4.
• NAT is NOT a security feature and v6 doesn’t have it

18. 17
COMPTEL Webinars powered by Copper Services
Staff Training
• Find an experienced organization to provide training
• Service providers require a different level of scalability and
maintainability than enterprise, use a trainer that understands
SP’s unique challenges
• Build a lab, get a tunnel to experiment with IPv6

19. 18
COMPTEL Webinars powered by Copper Services
Transition Technologies
• 3 Types
– Dual Stack
• Hopefully will be the most common
• Simply means running both v4 and v6 at the same time
– Tunneling
• Putting either IPv4 packets inside IPv6 packets or vice versa, depending on the situation
• Can be useful to solve problems in certain areas, but in general, tunneling hurts performance
and should be avoided when possible
• Examples: 6rd, 6in4, 4in6, DS-Lite, MAP
– Translation
• Converting an IPv4 packet into an IPv6 packet or vice versa
• Like in tunnels, can be useful in certain circumstances, especially for rapid deployment of IPv6
on public facing services such as web servers
• Example: NAT64

20. 19
COMPTEL Webinars powered by Copper Services
Conclusions
• IPv6 works in the real world
• There are challenges to implementing IPv6, but nothing
show-stopping
• Much of the Internet’s content is reachable over IPv6 (and
growing fast) including all of Google, FaceBook and 3000
other sites
• A much smaller percentage of Internet users have IPv6
connectivity (though this may change quickly with IPv4
depletion)

21. © 2013 Utilities Telecom Council
bross@netuf.net
Network Utility Force
www.netuf.net
@NetUF
Thank You!
COMPTEL Webinars powered by Copper Services
- download this presentation here:
or here: http://bit.ly/17yKwnj
- meet with us at booth 501