IPv6 and the Enterprise

(Workshop)

Wilhelm Boeddinghausiubari GmbH

Benedikt StockebrandStepladder IT Training+Consulting GmbH

RIPE 75October 2017

Dubai, United Arab Emirates

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 1/18

About Us

• Trainers and Consultants

• 10+ years of IPv6 experience each

• Extensive experience with IPv6 deployments

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 2/18

Scope of this Talk

• Enterprise environments

• Client networks

• Large number of nodes

• Limited skills

• BYOD

• IoT

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 3/18

Part I

Common Misconceptions

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 4/18

Lessons Learned So Far (Or Not) Common Misconceptions

• IPv6 unavoidable

• Don’t procrastinate

• IPv6 is not “IPv4 with longer addresses”. . .

• IPv6 is a management problem

• “IPv6 Deployment” vs. IPv4 Retirement

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 5/18

The “Official” TCP/IP Stack Common Misconceptions

ApplicationLayer

TransportLayer

NetworkLayer

LinkLayer

DNS SSH SMTP IMAP HTTP · · ·

TCP UDP · · ·

IP(v4)

IGMP ICMP

IPv6

MLD ICMP6

Ethernet PPP WLAN · · ·

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 6/18

The “Real” TCP/IP Stack Common Misconceptions

Physical+Link Layer

Application Layer

Transport LayerNetwork Layer

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 7/18

The “Really Real” TCP/IP Stack Common Misconceptions

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 8/18

The “Really Real” TCP/IP Stack Common Misconceptions

Users, Developers, Admins

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 8/18

The “Really Real” TCP/IP Stack Common Misconceptions

Users, Developers, Admins

(Non-technical) Management

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 8/18

The “Really Real” TCP/IP Stack Common Misconceptions

Users, Developers, Admins

(Non-technical) Management

Politics

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 8/18

First Things First Common Misconceptions

• Procurement

• Test/Training Environment

• Train people

• “Spy” network

• Inventarize for IPv6

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 9/18

Making a Plan Common Misconceptions

• IPv6 is highly unpredictable

• Risk driven management

• Incremental deployment vs. Big Bang

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 10/18

The Top Troublemakers Common Misconceptions

• Highly vertical software

• Find and fix early

• A management problem

• Really a lot of detail work

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 11/18

Dealing with the Troublemakers Common Misconceptions

• Upgrade

• Replace

• Terminal servers

• Dedicated IPv4-provided subnets

• Provide IPv4 as needed (details on Wednesday)

• Avoid large scale dual-stacking

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 12/18

Part II

Your Questions?

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 13/18

DHCP vs. SLAAC? Your Questions?

• SLAAC for Layer 3

• Stateless DHCP for Layer 7

• RDNSS+DNSSL for Android

• Stateless DHCP for Windows before Creators Update

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 14/18

Microsegmentation Your Questions?

• Do it. Seriously.

• Separate by security privileges

• Point-to-point can make sense

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 15/18

Address Plan Your Questions?

• Overall goals• Simplicity• Comprehensiveness• Flexibility

• Prefixes

1. Use no more than 1/8 or 1/16 of your allocation2. Allocate aggregate prefixes by “site”3. Allocate by security profile

• Interface IDs• Suggestion: Global counter(s)• Suggestion: Separate ranges for routers and hosts• Don’t reuse

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 16/18

Part III

Epilogue

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 17/18

Contacts Epilogue

Wilhelm Boeddinghaus Benedikt Stockebrand

iubari GmbH Stepladder ITTraining+Consulting GmbH

http://www.iubari.de/ http://www.stepladder-it.com/

boeddinghaus@iubari.de bs@stepladder-it.com

Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 18/18