Cisco - IPv6 Enterprise Deployment Strategy

dingdongboomNetworking and Communications

Oct 27, 2013 (3 years and 9 months ago)

80 views

©
2009
Cisco Systems, Inc. All rights reserv ed.

Presentation_ID

1

IPv6 Enterprise
Deployment Strategy

Benoit Lourdelet, IPv6 Product Manager,
blourdel@cisco.com

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

2

Capturing the IPv6 business opportunity


Status on IPv6 adoption


Impact of IPv4
-
address exhaustion


Enterprise network functions


Making an IPv6 plan



©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

3

V6
-
Enabled


Image Source: Forrester, “Three Mega Business Trends Will Reshape The Tech Sector”

V6 Enabled

V6 in 2010

V6
-
Enabled

V6
-
Enabled

V6
-
Enabled

V6
-
Enabled

V6 in
iOS

4.0

Departments

Functions

Workgroups/

teams

Web
-
enabled

Devices

Consumer

Software

Cloud
-
based

Services

Enterprise

Collaboration

Tools

V6
-
Enabled

V6
-
Enabled

alpha

Ironport

cisco.com

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

4

Impact of IPv4 address pool exhaustion


Enterprises should expect their customers, partners,
and remote employees to have a
mix of connectivity

Public IPv4
-
only

Public IPv4 and IPv6

Shared IPv4
-
only

Shared IPv4 and IPv6

IPv6 only

Enterprises must be ready for this mix

(they cannot select the SP of their users).


The days of one public IPv4 address


for each Internet user are over.





©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

5

Impact of Shared IPv4 Address on
Applications


Applications which could
work poorly or even not at
all
when one side uses a shared IPv4 address

Multiple TCP connections (like AJAX) in parallel

Assuming that one IPv4 address = one user (for logging, for
load balancing, for access control…)

Expecting inbound connections (like active FTP)

Using an application not yet supported by the NAT devices

Enterprises should:


Be conservative for their IPv4 users


Be aggressive for their IPv6 plan

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

6

Dramatic Increase in Enterprise Activity


When the IPv4 pool(s) run out


things keep working but
the Internet stops growing


Enterprise that is or will be expanding into new markets

Growth/Protection


Enterprise that partners with other
companies/organizations doing IPv6


Governments, enterprise partners, contractors

Partnership


Microsoft Windows 7, Server 2008


Microsoft
DirectAccess

OS/Apps


Mergers & Acquisitions


NAT Overlap

Fixing Old
Problems


High Density Virtual Machine environments (Server
virtualization, VDI)


SmartGrid

New Technologies

External

Pressure

Internal

Pressure

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

7

IPv6 Internet Presence (websites, remote users,

B2B …)

IPv6 Islands (Wireless/Consumer devices,

Labs …)

Internal Data Center, Enterprise Apps

Ubiquitous Dual
-
Stack

IPv6 Pilot and Basic Infrastructure

IPv4 EOL

Sales
Certs

(IPv6 Logo,USGv6,
RIPE
-
501)

“Mandated”

1, 2, 3

Who?


Government Agencies


Customers who sell to
government agencies

“Motivated”

2 3 4

Who?


Customers with IPv4 address
exhaustion


Global Enterprises with
consumer or business
interaction on the public internet


Customers with user
-
provided
devices on their networks

“Early Adopter”

2 4 3 5 6 7

Who?


Companies looking for
competitive advantage


Companies using IPv6 to solve
business problems


Early adopters preparing for
coexistence

“Mainstream”

2

Who?


Large US/European
Enterprises


Small
-
Medium Enterprises

1

2

3

5

6

7

4

IPv6 Adoption and Delivery

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

8

IPv6 for
Internet
Presence

How to offer services on the IPv6 Internet?

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

9

What is Internet Presence?


The set of services offered by

the enterprises

Governments

Hospitals

Schools


To their

Customers

Citizens

Patients

students

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

10

Why Should an Enterprise Add an IPv6
Internet Presence?


To be ready for IPv6


Regulations or incentives


To keep applications running


Unique IP address per user


Customers having only IPv6 connectivity

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

11

Multiple Ways to Add IPv6 to Web
Servers


Add native IPv6 to existing web servers:

could require some changes in application scripts & logging


Add a set of IPv6
-
only web servers

More flexibility and independence of IPv4 & IPv6


Address Family Translator (AFT) in load balancer

Accept IPv6 connection from browser

Load balance and connect to server with IPv4


AFT in reverse web proxies

Quite often reverse proxies are used for security anyway

Same scenario as load balancers


AFT in network devices

Currently with NAT
-
PT but scalability issue and deprecated by IETF

Being worked on at the IETF Behave WG

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

12

IPv6 Access to
Internet

How can enterprise internal users access

services on the IPv6 Internet?

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

13

Why Getting IPv6 Access to the Internet?


Get end
-
to
-
end connectivity for all users


Avoid being placed behind a NAT



Customer or partner requiring IPv6


Getting know
-
how and expertise on IPv6


IPv4 connectivity is too expensive

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

14

Adding IPv6 Access for Internal Users


Choice of deployment models

Dual
-
stack:


add IPv6 to all hosts and network devices


recommended approach

Application proxies at the perimeter:


Internal browser connects over IPv4 to proxies


Proxies connects to IPv6 server

Tunneling


add IPv6 only to some hosts and network devices


could be used for pilot phase or in case of legacy devices

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

15

IPv6 in the
Intranet

How can enterprise internal users

use IPv6 for internal services?

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

16

Why Adding IPv6 to all hosts in the intranet?

Even if RFC 1918 is enough for enterprise


Visibility of tunneled IPv6 traffic

To enforce a security policy


Enable IPv6
-
only application

Windows 7
DirectAccess

transport IPv6 only

Windows 2008 Cluster uses IPv6 link
-
local address

Apple Airport management uses IPv6 link
-
local address


Simpler network management without any NAT


Ease of deployment and mobility


Facilitate merging & acquisition (avoiding NAT conflicts)


Be ready to merge/acquire with a IPv6
-
enabled
organization

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

17

Building an IPv6 intranet


Well
-
known and proven designs (dual
-
stack, hybrid, …)

Enterprises have run several protocols in parallel for years
(
DECnet
, AppleTalk, IPX, …)


All OS (Microsoft, Apple, *ix) supports IPv6 for years


Some ‘hidden’ costs

Training of operational staff

Test all applications for IPv6 readiness


While IPv4 will probably disappear from the Internet,

It can be expected that IPv4 will stay longer in the enterprise

(think SNA or
DECnet
)

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

18

Provider
Considerations

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

19

Asking the tough questions !


Dual
-
stack or native IPv6 at each POP


SLA driven just like IPv4 to support VPN, content access

Basic Internet


PA is no good for customers with multiple providers or change them at any pace


PI is new, constantly changing expectations and no “guarantee” an SP won’t do something
stupid like not route PI space


Customers fear that RIR will review existing IPv4 space and want it back if they get IPv6 PI

PI/PA Policy
Concerns


IPv6 provisioning and access to hosted or cloud
-
based services today (existing agreements)


Salesforce.com
, Microsoft BPOS (Business Productivity Online Services), Amazon, Google
Apps

Host/Cloud Apps


Dual
-
stack or native IPv6 at each POP


SLA driven just like IPv4 to support VPN, content access

SLA

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

20

A Phased Approach to
IPv6
Adoption

Repeat for the Next IPv6
-
Critical Area in Your Network

Identify the highest priority IPv6
-
critical
areas in your network

Perform IPv6 Assessment on highest
-
priority areas to determine scope of design

Develop an IPv6 design that enables IPv6 to be
introduced without disrupting your IPv4 network

Begin IPv6 testing and implementation in
pilot mode, then extend over time into
production deployment

Start with a Phased Plan Aligned

with Your Business Strategy

2

3

4

1

©
2009
Cisco Systems, Inc. All rights reserv ed.

Presentation_ID

21

Questions ?

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

22

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

23

Reference Materials


Deploying IPv6 in Campus Networks (
Just updated
):

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Ca
mpIPv6.html



Deploying IPv6 in Branch Networks (
Just updated
):

http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns816/l
anding_br_ipv6.html



New/Updated IPv6 Cisco Sites:

http://www.cisco.com/go/ipv6

http://www.cisco.gom/go/entipv6


Cisco Network Designs:

http://www.cisco.com/go/designzone



Cisco Live Tweet Chat on Enterprise IPv6:
http://bit.ly/a8s2tW



Interop

Las Vegas


Enterprise IPv6 Session


Twitter:@
eyepv6

©
2009 Cisco
Systems, Inc. All rights reserv ed.

TERENA

24

Recommended Reading



Deploying IPv6 in Broadband
Networks
-

Adeel

Ahmed,
Salman

Asadullah

ISBN0470193387
, John
Wiley & Sons Publications
®


Available Now
-

Hardcover/eBook