gen6 ipv6 data centre transition workbench report citkomm

Author:

Version:

IPV6 TRANSITION IN PRACTICE

WORKBENCH REPORTPre FIA Workshops

GEN6 Governments enabled IPv6

Gerold Gruber

Martin Krengel

07.05.2013

V 1.0

AGENDA

Citkomm

Citkomm as GEN6 pilot partner

Challenges

Easy steps to IPv6

2

3

CITKOMM

WHO WE ARE …

Over 40 years of company history

One of the major municipal

IT service providers in

North Rhine-Westfalia

195 employees

appr. 22 Mio. business volume (2011)

Founded as central data centre

Evolution to system integrator

CITKOMM

CITKOMM

WHERE WE ARE …

4

Dortmund

5

CITKOMM

WHAT WE DO …

Technology

Operating infrastructure

Management of

special applications

Professional support

for applications

Software development

Authentication

6

CITKOMM

WHAT WE DO …

Consulting

Financial accounting

Information technology

Business processes and

organisation

Document management

7

CITKOMM

WHAT WE DO …

Shared Services

Accounting

Personal management

Information technology

8

CITKOMM AS GEN6 PILOT

PROJECT TARGET

Enable the data centre for IPv6

MPLS

Backbone

9

CITKOMM AS GEN6 PILOT

NETWORK OVERVIEW

Internet

sTESTA

DOI

Backbone

DMZ

Application

Backbone

citkomm

Network

iWAN

Customer

Network

10

CITKOMM AS GEN6 PILOT

WHY IT IS POSSIBLE

Implementation as Dual Stack

Keep untouched systems unaffected operational as far as

possible

Using existing systems

Network mostly bases on Linux software routers, no

investment necessary to use up-to-date software

Current installed operating systems in server and client

support IPv6

Legacy technology can be hidden

Terminal services

Backend networks

11

CHALLENGE

IPV6 ADDRESSES

Addresses are available from RIPE NCC

But what is about routing on private trunks?

Allocation of an aggregated IPv6 address space

for the German public administration

National concept for address distribution in public

government "IPv6 address concept and key points of the

organisation“

Addressing is not simply ´re-addressing„ from

existing IPv4 networks

Points for traffic regulation / firewalling necessary

12

CHALLENGE

PROVIDER OFFERING OF IPV6

Provider #1 Provider #2

AS x

13

CHALLENGE

IPV6 ROUTING IN PRIVATE CLOUDS

Routing on private paths using public addresses

No more hiding behind NAT

Several destinations in several networks with several

subnets

Limited memory in small routers can not hold huge routing

tables

Aggregation of subnets is necessary

14

CHALLENGE

BUSINESS APPLICATIONS

Public government use special software

Most suppliers are focussed on one single application

IT-development focuses on the professional user…

…a loooot less on administration or software design

Even less emphasis on network demands, security or

infrastructure innovations

Several Applications base on legacy core or are

still legacy

15

CHALLENGE

PROOFED INVESTMENT

There is no IPv6 ready certificate for

interoperation test

IPv6 enabled in product flyer can mean nearly

everything

Clear demands for procurement of components –

fitting to use case

IPv6 profiles, published by the Federal Office of

Administration

http://www.bit.bund.de/BIT/DE/Beratung/IPv6/BestPractice

/node.html

in German only so far, English translation is inprogress

16

CHALLENGE

WEB APPLICATIONS

Web Modules are restricted to IPv4

IPv4-adresses as “field type”

Restricted field length for session handling / cookies

Late support for IPv6 (Typo3: Nov. 2012)

Workaround

Reverse Proxy to avoid native IPv6 on the server interface

but

Remaining problems on customer IPv6, like e.g. cookie

size

Pay attention on DNS entries, only enable tested sites

17

CHALLENGE

DYNAMIC ROUTING

Internet Access Network and Backbone are

dynamic routed based on OSPF

IPv6 operating on separate daemon

Integration of IPv6 machine by machine as used

Full support in Internet Access Network

Partial support in Backbone

18

FUTURE TEST BED

19

SUMMARY

EASY STEPS FOR IPV6

Develop an IPv6 addressing scheme

Get IPv6 addresses

Enable uplink for IPv6

Enable DNS with IPv6

Enable external Mail with IPv6

Test web services with access based on IPv6

And than

Go ahead with your personal challenges...

Questions ?

Your contact:

www.citkomm.de

20

Gerold Gruber / Martin Krengel

System Operation

sysb@citkomm.de

+49 2371 439 0