ipv6 for it leaders-2016-06-22 v2 - pmi mile hi -...
TRANSCRIPT
6/21/2016 1© 2016 Global Technology Resources, Inc. All Rights Reserved.
IPv6 Transition Planning for IT Business LeadersJune 22, 2016
Scott HoggCTO GTRI, Chair Emeritus RMv6TF, IPv6 COE Infoblox
CCIE #5133, CISSP #4610
IPv4 Internet Growth
• IPv4 address depletion is occurring around the world.
• “The Internet is running out of phone numbers”.
– IANA free pool of IPv4 address space depleted February 3, 2011
– APNIC extinguished its supply of IPv4 addresses on April 15, 2011
– RIPE NCC reached their final /8 on September 14, 2012
– ARIN reached their final /8 on April 23, 2014, complete exhaustion on September 24, 2015
• The Internet population will continue to become more densely populated.
• IPv4 address blocks will become increasingly fragmented due to address transfers between organizations.
• Lack of available Internet addresses is restricting innovation of Internet technologies.
• Does your organization have enough IPv4 address to sustain operations indefinitely?
6/21/2016 2© 2016 Global Technology Resources, Inc. All Rights Reserved.
IPv4 Address Exhaustion
6/21/2016 3© 2016 Global Technology Resources, Inc. All Rights Reserved.
Source: http://www.potaroo.net/tools/ipv4/
Internet Population Growth
• 7 Billion people on Earth, over 7 Billion mobile devices
6/21/2016 4© 2016 Global Technology Resources, Inc. All Rights Reserved.Source: http://www.internetworldstats.com/stats.htm
4B people are still not connected to the Internet
Cisco Visual Networking Index (VNI)
6/21/2016 5© 2016 Global Technology Resources, Inc. All Rights Reserved.
http://www.cisco.com/go/vnihttp://www.cisco.com/web/solutions/sp/vni/vni_forecast_highlights/index.html
Internet Protocol Version 6
• IPv6 is the next generation computer network protocol for use on the Internet and within private networks.
• IPv6 is a standard defined by the Internet Engineering Task Force (IETF) and was first specified in the mid-to-late-90s. IPv6 has had more than a decade to mature and it is now ready for mass deployment and Internet use.
• IPv6 is designed to replace IPv4 but IPv6 is a different protocol than IPv4 yet they can both coexist. You can use both versions simultaneously making systems “bilingual”. Dual-Stack/Dual-Protocol
• We are in an awkward period where IPv4 address exhaustion is occurring yet we have not migrated to IPv6.
• Organizations that connect to the Internet now need to learn about IPv6 and prepare their systems to communicate using this protocol.
6/21/2016 6© 2016 Global Technology Resources, Inc. All Rights Reserved.
Business Case for IPv6
• Reasons why an organization would want to deploy IPv6:
– Desire to share their information and
communicate with the broadest Internet
population
– The Internet now uses both IP versions
– Communicate with customers, partners,
vendors, suppliers, employees, everyone
– Maintaining business continuity and
business relevancy
– Avoiding technology obsolescence6/21/2016 7© 2016 Global Technology Resources, Inc. All Rights Reserved.
TCP/IP Protocol Stack
Application Layer
TransportLayer
Internet Layer
Link Layer Ethernet T1/E1/T3/E3WirelessSONET
SDH
IPv4 IPv6
ARP
ICMP
IGMP
TCP UDP SCTPH
TT
P(S
)
SS
H
SM
TP
TF
TP
DH
CP
DN
S
SIP
WebR
TC
TLS
/SS
L
SN
MP
BG
P
DCCP
6/21/2016 9© 2016 Global Technology Resources, Inc. All Rights Reserved.
ICMPv6
NDP MLD
6/21/2016 10© 2016 Global Technology Resources, Inc. All Rights Reserved.
Dual IP Stacks Model
• Dual-Stack Architecture – RFC 1933
• Choice of the IP version is based on name lookup, application or operating system preference
• IPv4 and IPv6 packets flow in Ethernet like “ships in the night”
Application
Data Link (EthernetII)
TCP UDP
IPv4 IPv6
0x86dd0x0800
Node-to-Node Communications
• For two nodes to communicate they must support one common protocol
• An IPv4-only node cannot communicate with an IPv6-only node
6/21/2016 11© 2016 Global Technology Resources, Inc. All Rights Reserved.
IPv4-Only Dual Protocol IPv6-Only
IPv4-Only Yes (IPv4) Yes (IPv4) No
Dual Protocol Yes (IPv4) Yes (IPv6, IPv4) Yes (IPv6)
IPv6-Only No Yes (IPv6) Yes (IPv6)
Dual-Stack Transition
• Organizations use IPv4 today and will add
IPv6 as a separate protocol, run them in
parallel for many years, and after many
years, start to disable IPv4
6/21/2016 12© 2016 Global Technology Resources, Inc. All Rights Reserved.
IPv4 Deployment
IPv6 Deployment
Time
Dual-Protocol Operations
• In a dual-protocol environment there are many tasks that will need to be performed twice (once for each IP version)
– IP Address Management, DNS, DHCP/DHCPv6
– Firewall policies – two objects and rules
– Router/switch – configure and maintain two IP routing protocols
– Server configuration – all nodes need two addresses
– End-to-end testing
– Application testing
• Consider the CAPEX and OPEX as you make the transition6/21/2016 13© 2016 Global Technology Resources, Inc. All Rights Reserved.
IPv6-Only
• This is not easily achievable because most of the content on the Internet is IPv4-only. This would require NAT64/DNS64 to access but only applications that use DNS may work.
• There are many systems in environments that are IPv4-only
– Game consoles (PS3, Xbox 360/Live, Wii)
– Printers, Tivo, BlueRay, IP cameras
– UPSs, KVMs, iLO
– Windows XP/Win2k3 use IPv4 for DNS queries
• RFC 6586 - Experiences from an IPv6-Only Network
• RFC 7404 - Using Only Link-Local Addressing inside an IPv6 Network
6/21/2016 15© 2016 Global Technology Resources, Inc. All Rights Reserved.
Benefits of IPv6-Only
• Reduced OPEX costs by running only a single IP protocol
• IPv6 addressing (operations) is simpler
– No NAT makes everything better
• Reduced dependence on increasingly expensive IPv4 addresses
– If you know you are going to need more IPv4, buy it now
– Sell your public IPv4 at the peak price
• No need to purchase and maintain CGN/LSN systems
• In some cases IPv6 performs better than IPv4
6/21/2016 16© 2016 Global Technology Resources, Inc. All Rights Reserved.
https://community.infoblox.com/t5/IPv6-Center-of-Excellence/IPv4-Address-Trading-for-Fun-and-Profit/ba-p/3496
Is IPv6 Faster Than IPv4?
• There are now several studies analyzing if IPv6 is faster than IPv4.
– Google’s 2010 paper titled “Evaluating IPv6 Adoption in the Internet”
• Geoff Huston of APNIC at NANOG 66
– 6to4 and Teredo are responsible for most of the connection failures
– He concluded that native IPv6 can be as-fast as IPv4
• Paul Saab at Facebook has shows data from Mobile Proxygenthat shows IPv6 is faster for them.
– “Facebook says it has seen users’ News Feeds loading 20 percent to 40 percent faster on mobile devices using IPv6”.
• Hurricane Electric (HE) Global IPv6 Deployment Progress Report
– “Percentage of IPv6 rDNS Nameservers where IPv6 is as fast or faster than IPv4 (within 1ms): 74.9%”
6/21/2016 17© 2016 Global Technology Resources, Inc. All Rights Reserved.
6/21/2016 18© 2016 Global Technology Resources, Inc. All Rights Reserved.
Planning for IPv6
• Everyone must understand the importance of IPv6 to the organization– Map IPv6 Features/Advantages to areas in your Enterprise
Architecture– Show how IPv6 will aid or transform your organization
• Leadership must buy into the process• Strong Project Managers are required to guide the
transition– IPv6 is not a Project but a Program
– It spans many technical domains and spans years
• Organize your plan based on IT environment• Phases of the transition
– Internet Edge First, ISP Interconnect– Internet-facing services– Core/WAN– Access Networks
Enterprise IPv6 Deployment Guidelines
• Enterprise IPv6 Deployment Guidelines (RFC 7381), October 2014
• Preparation and Assessment Phase
– Program Planning, Inventory Phase, Training,
Security Policy, Routing, Address Plan, Tools
Assessment
• External Phase
– Connectivity, Security, Monitoring, Servers and
Applications, NPT
• Internal Phase
– Security, Network Infrastructure, End-user Devices,
Corporate Systems
• IPv6 Only
6/21/2016 19© 2016 Global Technology Resources, Inc. All Rights Reserved.
Enterprise IPv6 Deployment Guidelines
• IETF RFC 7381 provides guidance -Section 2 covers planning
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Enterprise Assumptions . . . . . . . . . . . . . . . . . 5
1.2. IPv4-Only Considerations . . . . . . . . . . . . . . . . 5
1.3. Reasons for a Phased Approach . . . . . . . . . . . . . . 6
2. Preparation and Assessment Phase . . . . . . . . . . . . . . 7
2.1. Program Planning . . . . . . . . . . . . . . . . . . . . 7
2.2. Inventory Phase . . . . . . . . . . . . . . . . . . . . . 8
2.2.1. Network Infrastructure Readiness Assessment . . . . . 8
2.2.2. Application Readiness Assessment . . . . . . . . . . 9
2.2.3. Importance of Readiness Validation and Testing . . . 9
2.3. Training . . . . . . . . . . . . . . . . . . . . . . . . 10
2.4. Security Policy . . . . . . . . . . . . . . . . . . . . . 10
2.4.1. IPv6 Is No More Secure Than IPv4 . . . . . . . . . . 10
2.4.2. Similarities between IPv6 and IPv4 Security . . . . . 11
2.4.3. Specific Security Issues for IPv6 . . . . . . . . . . 11
2.5. Routing . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.6. Address Plan . . . . . . . . . . . . . . . . . . . . . . 14
2.7. Tools Assessment . . . . . . . . . . . . . . . . . . . . 16
6/21/2016 20© 2016 Global Technology Resources, Inc. All Rights Reserved.
6/21/2016 21© 2016 Global Technology Resources, Inc. All Rights Reserved.
IPv6 Transition Office
• Building a transition office requires a team approach
• Organizing a cross-functional team (people, process,
technology)
• Regular/Frequent meetings with IPv6 stakeholders to
coordinate IPv6 migration activities
Your
Organization
IPv6
Transition OfficeVendors
IPv6 Community
IETF
ARIN
Customers
IPv6 Planning Steps
6/21/2016 22© 2016 Global Technology Resources, Inc. All Rights Reserved.
1. Evaluate effects on business model
2. Establish IPv6 project team
3. Establish IPv6 training strategy
4. Decide IPv6 architectural solution
5. Develop exception strategy
6. Assess network hardware and software readiness
7. Obtain IPv6 prefix(es)
8. Develop security policy
9. Test application software and services
10. Develop procurement plan
11. Execute plans Source: Cisco BRKRST2311
Agile Methodology for IPv6
• Agile approach to project management and software development
– 2001 Manifesto for Agile Software Development
– Principles behind the Agile Manifesto
• Some organizations may try to consider everything when embarking on IPv6
• It can be an iterative process with “sprint” milestones
• Applying Agile Methodology to IPv6 Deployment– Infoblox IPv6 COE Blog, 8/12/15
– http://community.infoblox.com/t5/IPv6-Center-of-Excellence/Applying-
Agile-Methodology-to-IPv6-Deployment/ba-p/3507
6/21/2016 23© 2016 Global Technology Resources, Inc. All Rights Reserved.
6/21/2016 24© 2016 Global Technology Resources, Inc. All Rights Reserved.
IPv6 Transition Timeline
201620142012201020082006
IPv4 Address Depletion
IPv6 Drivers
IPv6 Constraints
Mandated Federal Transition
Dual-protocol OS Deployments
DNS/DHCPv6/DDNS Products
IPv6 Security Products
IT Technology Refresh Cycle
IPv6-Capable Vendor Products
Service Provider IPv6 Offerings
CGN/LSN Deployments
Transition Planning
6/21/2016 25© 2016 Global Technology Resources, Inc. All Rights Reserved.
IPv6 Design Strategy
• Consider your organizational structure and current network topology
• IPv6 will use some of the same topology and traffic patterns
– IPv4 makes heavy use of Unicast and client/server flows
– IPv6 will eventually add more Mobile and Peer-to-Peer traffic flows
• Plan your deployment and addressing based on your current topology and future growth
– The physical topology won’t change with IPv6’s introduction
• Your IPv6 security architecture will be similar to your current protection measures
– The perimeter security model is still valid with IPv6
Enterprise IPv6 Deployment Guidelines
• IETF RFC 7381 provides guidance -Section 3 & 4 covers deployment
• Start with the External phase then move to the Internal phase
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Preparation and Assessment Phase . . . . . . . . . . . . . . 7
3. External Phase . . . . . . . . . . . . . . . . . . . . . . . 17
3.1. Connectivity . . . . . . . . . . . . . . . . . . . . . . 18
3.2. Security . . . . . . . . . . . . . . . . . . . . . . . . 19
3.3. Monitoring . . . . . . . . . . . . . . . . . . . . . . . 20
3.4. Servers and Applications . . . . . . . . . . . . . . . . 20
3.5. Network Prefix Translation for IPv6 . . . . . . . . . . . 21
4. Internal Phase . . . . . . . . . . . . . . . . . . . . . . . 21
4.1. Security . . . . . . . . . . . . . . . . . . . . . . . . 22
4.2. Network Infrastructure . . . . . . . . . . . . . . . . . 22
4.3. End-User Devices . . . . . . . . . . . . . . . . . . . . 23
4.4. Corporate Systems . . . . . . . . . . . . . . . . . . . . 24
6/21/2016 26© 2016 Global Technology Resources, Inc. All Rights Reserved.
IPv6 ACT NOW (RIPE NCC)
6/21/2016 34© 2016 Global Technology Resources, Inc. All Rights Reserved.
Source: http://www.ipv6actnow.org/info/statistics/
Google IPv6 Statistics
6/21/2016 35© 2016 Global Technology Resources, Inc. All Rights Reserved.
Source: http://www.google.com/ipv6/statistics.html#
Comcast IPv6 Deployment
6/21/2016 37© 2016 Global Technology Resources, Inc. All Rights Reserved.
Source: http://www.comcast6.net/
Verizon Wireless IPv6 Deployment
6/21/2016 38© 2016 Global Technology Resources, Inc. All Rights Reserved.
http://www.internetsociety.org/deploy360/blog/2014/06/verizon-wireless-passes-50-ipv6-deployment/
http://www.worldipv6launch.org/measurements/
T-Mobile USA IPv6 Deployment
6/21/2016 39© 2016 Global Technology Resources, Inc. All Rights Reserved.
http://www.worldipv6launch.org/measurements/
Sprint Wireless IPv6 Deployment
6/21/2016 40© 2016 Global Technology Resources, Inc. All Rights Reserved.
Source: http://www.worldipv6launch.org/apps/ipv6week/measurement/images/graphs/SprintWireless.png
AT&T Wireless IPv6 Deployment
6/21/2016 41© 2016 Global Technology Resources, Inc. All Rights Reserved.
Source: http://www.worldipv6launch.org/apps/ipv6week/measurement/images/graphs/AT&TWireless.png
British Sky Broadcasting (BSkyB)
6/21/2016 42© 2016 Global Technology Resources, Inc. All Rights Reserved.
http://www.worldipv6launch.org/latest-ipv6-network-operator-measurements/
NIST ANTD IPv6 Statistics
6/21/2016 43© 2016 Global Technology Resources, Inc. All Rights Reserved.Source: http://usgv6-deploymon.antd.nist.gov/
IPv6 Deployment Aggregated Status
6/21/2016 44© 2016 Global Technology Resources, Inc. All Rights Reserved.Source: http://www.vyncke.org/ipv6status/
Akamai IPv6 Adoption Visualization
6/21/2016 45© 2016 Global Technology Resources, Inc. All Rights Reserved.
https://www.akamai.com/us/en/our-thinking/state-of-the-internet-report/state-of-the-internet-ipv6-adoption-visualization.jsp
6/21/2016 46© 2016 Global Technology Resources, Inc. All Rights Reserved.
Summary
• IPv6 is not a passing fad. IPv6 is an eventuality and is inevitable.
• The global IPv6 transition is already underway.• An IPv6-enabled Internet already exists and IPv6
Internet content exists.• Your network and host OS infrastructure is already
IPv6 capable. It is just a matter of enabling it.• Service providers have initial IPv6 services and are
continuing to expand their deployments.• Organizations are migrating to IPv6 to communicate
with the broadest range of Internet users.• You should be planning to transition to IPv6 sooner
rather than later to preserve Internet business continuity.
6/21/2016 47© 2016 Global Technology Resources, Inc. All Rights Reserved.
Rocky Mountain IPv6Task Force
• Regional “chapter” of North American IPv6 Task Force and, therefore, the IPv6 Forum
• Our Charter
– Provide Education on IPv6 and its benefits
– Promotion of IPv6 technology
– Research and Development and showcase IPv6 technology and services
– Put on local IPv6-focused events
– Work to further the use of IPv6 with a regional focus
• Annual Rocky Mountain IPv6 Summit
– Download presentations from first 8 years of events
– www.RMv6TF.org
– https://www.youtube.com/channel/UC0ZRZIvwE_Ak0
nfzgbgYMHw/feed
NetworkWorld Blog
6/21/2016 48© 2016 Global Technology Resources, Inc. All Rights Reserved.
http://www.networkworld.com/blog/core-networking-and-security/http://www.networkworld.com/author/scott-hogg/
Infoblox IPv6 Center of Excellence
6/21/2016 49© 2016 Global Technology Resources, Inc. All Rights Reserved.
https://community.infoblox.com/t5/IPv6-Center-of-Excellence/bg-p/IPv6
GTRI’s IPv6 Transition Services
6/21/2016 50© 2016 Global Technology Resources, Inc. All Rights Reserved.
• IPv6 Inventory and Assessment Services– Documentation of your current inventory and determination of
IPv6 compatibility
– Data gathering expertise using manual and automated utilities
– Inventory data aggregation and review
• IPv6 Training– Education for your teams to help them learn IPv6 technologies
– IPv6 training tailored to specific IT job functions and roles
– Classroom hands-on training taught at your location
• IPv6 Transition Planning– Custom-tailored transition planning for your IPv6 migration, tied to
your enterprise architecture
– Detailed and technical transition planning documents
– IPv6 address planning and documentation
GTRI’s IPv6 Transition Services
6/21/2016 51© 2016 Global Technology Resources, Inc. All Rights Reserved.
• IPv6 Application Assessment– Software assessments leveraging COTS tools and our extensive
experience
– Review of your operating system constraints for IPv6 adoption
• IPv6 Experimentation and Laboratory Testing– Systems testing in our IPv6 lab (DNS, routing, security, load
balancers, applications)
– Perform IPv6 product testing, IPv6 security testing
• IPv6 Deployment– Deployment of dual-stack and other IPv6 transition techniques
– Dual Stack DNS servers and IPv6 security deployment
• IPv6 Troubleshooting– In depth troubleshooting of dual-stack application behavior
6/21/2016 52© 2016 Global Technology Resources, Inc. All Rights Reserved.
Questions and Answers
Q:&
A:[email protected] Mobile: [email protected] @scotthogg