IPv6 for the Enterprise

painlosososΛογισμικό & κατασκευή λογ/κού

30 Ιουν 2012 (πριν από 4 χρόνια και 11 μήνες)

256 εμφανίσεις

IPv6 for the
Enterprise

Larissa Shapiro
Suzanne Woolf
Alan Clegg
ISC Webinar
May 4, 2011
Welcome and the Basics


Introduction


Strategic Overview


Why IPv6 for the Enterprise?


Initial Assessments


Some Tactics


What does it mean to
l
support IPv6
z
?


Basic services and how to get there


Q&A
WebEx Logistics


Presentation is about 45 minutes


Questions can be sent to the chat or
Q&A window at any time


Questions will all be answered at close
of session


Slides and WebEx audio archive will
be available at:
http://www.isc.org/webinars
within
two days.
Who is ISC?
Internet  Systems  Consor-um,  Inc.  (ISC)  is  a  non-­‐profit  501(c)(3)  public  benefit  corpora-on  
dedicated  to  suppor-ng  the  
infrastructure  of  the  universal  connected  self-­‐organizing  
Internet
—and  the  autonomy  of  its  par-cipants—by  developing  and  maintaining  core  
produc-on  quality  soGware,  protocols,  and  opera-ons.  
SIE
Changing how
the Security
Communities
Productively
Collaborate
Public Benefit
Expanding the
Internet, rough
consensus, running
code, and Open
Source
DNSSEC
.com is signed,
are you ready?
Get it Done!
IPv6
Its works, It is live,
you
`
re going to
need it. Call the
experts to help
make it happen.
BIND 10
The next big thing
in DNS and DHCP
Open Source
DNS

Quality DNS
Capabilities for
Everyone
ISC Professional
Services

Support Development
Training Consulting
Audit Design
Call in the experts!
Hosted@
Public Benefit
Hosting for the
Common Good
IPv6 for the Enterprise
Considerations for the
Carrier: Why IPv6?



Carriers need IPv6 to sustain growth



No remaining unallocated IPv4


NAT doesn't scale for core transit
networks
Considerations for the
Enterprise: Why IPv6?



What about enterprises?


Interoperability with carriers


Interoperability for infrastructure
services


Support for new devices


Support for new services
IPv6 isn't just IPv4 with
more bits...



Address management



DHCP vs. (or in addition to) autoconf


DNS inverse, dynamic DNS


Subnet management
IPv6 isn't just IPv4 with
more bits...



Transition and co-existence


Dual-stack for internal use


Interfaces with carriers


A place to start: basic services
Assessment....
What Does
l
IPv6 Support
z

Mean?



Network infrastructure


Switches


Routers


Firewalls


Load balancers
What Does
l
IPv6 Support
z

Mean?



End systems


Operating System


Dual-stack


Transition technologies


DHCP, autoconf
What Does
l
IPv6 Support
z

Mean?



Applications


Legacy


Internal


Outward facing
What Does
l
IPv6 Support
z

Mean?



Monitoring and Management


Debugging


Logging


Troubleshooting
What Does
l
IPv6 Support
z

Mean?



Security considerations


Is NAT currently used as a security
feature?


Will more
l
surface area
z
cause
heartache?


What happens when users have perfect
end-to-end visibility?
A Start....
Two US Government
Publications



NIST -
Guidelines for the Secure
Deployment of IPv6


Special Publication 800-119


FCC -
Potential Impacts on
Communications From IPv4
Exhaustion & IPv6 Transition


Working Paper Number 3,
12/2010
US Government
Deployment Stats...
http://usgv6-deploymon.antd.nist.gov/cgi-bin/generate-gov
What it takes to get there...



DNS


e-mail


Web services


l
Web
z
being any service provided over
the Internet, not just port 80 and 443.


applies to in-house and out-sourced
services
IPv6 connectivity – Broad
generalization..



A few words here on quality of
connectivity


Services (and thus users) are sensitive
to variations in quality of connectivity


IPv6 connectivity will probably not be as
good as IPv4 at first


Work with your carriers and partners
IPv6 support for DNS



Authority servers


Turn on IPv6 transport


Add AAAA addresses hosts with IPv6-
ready applications


Some transition technology needs
special DNS support (DNS64, etc.)
IPv6 support for DNS



Recursive


turn on IPv6 transport


Special Considerations


Features to allow easy transition


BIND
`
s
filter-aaaa-on-v4


BIND has supported IPv6 for over a
decade


Most others do as well…


Work with your vendors!
DNS implementations
IPv6 support for e-mail



Depends on DNS



Internal testing recommended first


Don't use your customers as test dummies!


Might 'just work'


Often a commented out option


Consider inbound before outbound...
IPv6 support for Web
services



Assess:


Internal references


By name vs. By address


External dependencies


Google analytics, CDNs, ad providers, etc.


Network quality is key
IPv6 support for Web
services



Incremental deployment


monitoring


complexity


latency/performance
Words of advice...



You probably care about IPv6 even if
you're not out of IPv4 addresses



Don't panic, do plan


You are not alone...
Words of advice...


Incremental deployment will get you
there


Assess what
l
IPv6 support
z
means to
you


Be patient with some teething pains
Wrap-up
and Q&A…



DHCP Feature and Roadmap Planning


May 19
th



DNSSEC Key Management Part 2


June 1st



Other upcoming sessions may include Registry Services,
DNS Anycast, and other topics of interest
Upcoming Web Events
Sign up via www.isc.org

Upcoming IPv6 Training
June  7-­‐9,  Redwood  City,  CA  
June  6-­‐8,  Amsterdam,  The  Netherlands  
August  22-­‐24  ,  Washington  D.C.  
November  21-­‐23,  Cape  Town,  South  Africa  
December  5-­‐7,  Los  Angeles,  CA  
Special Offers for
Attendees


Training seat + Consulting -- $3,500


1 seat at an upcoming IPv6 training course


8 hours of consulting to determine potential issues and
best practice adherence


Valid for 90 days



Consulting + Support -- $7,500
– 8 hours of consulting to determine potential issues and
best practice adherence
– 6 months of basic support for BIND


Valid for 90 days

Coupon codes will be e-mailed out after the session
Questions?

Further Reading
All IETF drafts can be found at
http://www/ietf.org


Guidelines for Using IPv6 Transition Mechanisms
during IPv6 Deployment


draft-arkko-ipv6-transition-guidelines-14.txt


RFC-to-be 6180
IPv4 Run-Out and IPv4-IPv6 Co-Existence
Scenarios


draft-arkko-townsley-coexistence-06.txt
Further Reading
An Annotated Bibliography for IPv4-IPv6 Transition
and Coexistence


draft-jankiewicz-v6ops-v4v6biblio-03.txt
Preparing an IPv6 addressing Plan


http://www.ripe.net/training/material/IPv6-for-LIRs-
Training-Course/IPv6_addr_plan4.pdf


IPv6 CE Router Interoperability Whitepaper
http://www.iol.unh.edu/services/testing/ipv6/

36
36
Thank you for attending…

isc.org