enterprise deployment at cisco, the enterprise by kumar reddy at gogonet live! 3 ipv6 conference
Post on 18-Nov-2014
458 Views
Preview:
DESCRIPTION
TRANSCRIPT
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1
Deployment Experiences with IPv6 Kumar Reddy Director, Technical Marketing Engineering Cisco Systems With thanks to: Andrew Yourtchenko, Alok Wadhwa, Mayur Brahmankar, Jon Woolwine
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 © 2012 Cisco and/or its affiliates. All rights reserved. 2
Dual Stack
Inside – Out • Globalization • Technology Leadership • Industry mandate • BYOD-Security-Visibility • Flatten management plane
Dual-Stack Enterprise IPv4 Internet
Outside – In • Internet Evolution • Business Continuity • B2C, B2B
IPv4 Enterprise IPv6 Internet
http://www.cisco.com/en/US/netsol/ns817/networking_solutions_program_home.html
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
• Secured broad executive support • Progress requires multi-functional teams – not just a networking problem • Pursuing Outside-In and Inside-Out in parallel
• Coordinated equipment upgrades and software updates with fleet upgrade program
• Made sure common client configurations were tested • Made operational changes e.g. IPv6-specific security mechanisms and
monitoring solutions for IPv6 traffic • To date
• Provided IPv6 access in approximately one-third of global offices – tunnel access for interim connectivity
• IPv6-enabled 100% of the core network • Observed Happy Eyeballs (RFC 6555) in action • Observed IPv6 attacks • Monitor worldwide usage with 6lab.cisco.com/stats
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
38,98% of WiFi devices were Apple devices (13,53% iPhone, 7,28% iPad), 30,56% Intel devices 45,4% are doing 802.11n (up to 144Mbps on 2,4GHz band), 37,25% are doing 802.11n (300Mbps / 5GHz), 13,88% are doing 802.11g (54Mbps / 2,4GHz), 3,47% are doing 802.11a (54Mbps / 5GHz)
Example from IPv6 World Congress, Jan 2012
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
2 privacy addresses
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 © 2012 Cisco and/or its affiliates. All rights reserved. 7
Early experiences with IPv6-only WiFi on 2001:db8::d06:f00d/64
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
• Scope Series of experiments inside Cisco and at Public Conferences (e.g. Cisco Live) with IPv6-only WiFi Core network dual-stacked Access to ‘legacy’ Internet through a NAT64 Tried both dedicated and shared Access Points with a “try me” IPv6 SSID
• Logistics Volunteer based support – Red T-shirts offered as incentive Each event was contained within a (very large) conference room, floor or campus building Email alias and wiki for support and report issues, findings – limited publicity Kept list of applications that worked/didn’t work (user-reported) Kept traffic statistics
• To know more http://blogs.cisco.com/borderless/ipv6-at-ciscolive-san-diego/
Dual stack topology
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Measure: Unique MACs with IPv6 LL address IPv6 global address IPv6 with global EUI address IPv4 global address Measurements de-duplicate privacy addresses
* Between IPv6 World Congress, Jan 2012 And Cisco Live US: June 2012 Dual stack capable : IPv4 global + IPv6 LL IPv6 using : IPv6 global
Dual stack-capable devices increased from 47.5% to 77.5%
IPv6-using devices increased by 87.3%
In 6 months *:
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
• Network and client issues • Different OS policies generate new privacy addresses at different times • DHCPv6 not supported on some OS [versions] • Some mobile OS’ don’t support IPv6-only at all – at best workaround with IPv4 + ACL • Network devices still need IPv4 too • Happy Eyeballs implementation varies across platforms/browsers • Subtle First Hop/RA timer interactions • Certain devices have a high sensitivity to SSID switching (with dual stack too) • Very few mobile clients support IPv6 on radio interfaces
• Our network setup • An old IPv4 multicast filter impacted RA distribution • Our DNS server address is not easy to remember (next time use eg. 2001:DB8::53)
• User Experience • Many users couldn’t tell if they were using IPv6 or not
• Test-ipv6.com, IPvFOO, IPv6 toolkit app etc are useful • Poor user experience == frequent disconnects and long wait to associate • Recorded 160 applications tried by users (at internal events) • Generally collaboration applications broke through NAT64
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
• Before IPv6 turn on A fair amount of selling is still required to overcome fear of the unknown Knowledge of IPv6 outside core group(s)/enthusiasts can be superficial
• Support No shortage of volunteers (T-shirt effect?) and lots of enthusiasm but actual support provided by small groups of usual suspects Real debug/troubleshooting skills are poorly distributed – this needs to change
• Dual stack Worked well
• IPv6 only See subtle network / client interactions And not so subtle stack differences And uncover old design “short-cuts” And need changes e.g. security and management planes And there are bugs to fix
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Thank You
top related