1 / 42

What to Expect When Expecting IPv6

What to Expect When Expecting IPv6. Tim Helming Director of Product Management Corey, Nachreiner, CISSP, Sr. Network Security Strategist ,. Welcome to WatchGuard’s IPv6 Webinar Series!. 3. 1. 4. 2. What To Expect from IPv6. You’re here because v6 matters to you.

alexandraj
Télécharger la présentation

What to Expect When Expecting IPv6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What to ExpectWhen Expecting IPv6 Tim Helming Director of Product Management Corey, Nachreiner, CISSP, Sr. Network Security Strategist ,

  2. Welcome to WatchGuard’s IPv6 Webinar Series! 3 1 4 2 What To Expect from IPv6

  3. You’re here because v6 matters to you

  4. Part 1: Current IPv6 Readiness

  5. IPv6 Readiness

  6. Remember this? Hasn’t changed much! Source: Elise Gerich, IANA/ICANN

  7. WIPv6D: Native v6 traffic nearly doubled! …to… Source: http://asert.arbornetworks.com/2011/06/world-ipv6-day-final-look-and-wagons-ho/

  8. ISP IPv6 Readiness Varies Greatly

  9. Bottom Line: More Detail in Part 2 today!

  10. Part 2: Three Steps to IPv6

  11. Three Steps to Implementing IPv6

  12. Research and Discovery

  13. Find the Answer to Three Questions

  14. The State of IPv6 Among ISPs Migration to IPv6 is possible in all of these scenarios… only the “how” changes. Your ISP is your gateway to the Internet. As such, the IPv6 migration strategies available to you depend heavily on what IPv6 services your ISP offers today.

  15. Real-World IPv6 Readiness: An ISP Survey • RFC 6036: Emerging Service Provider Scenarios for IPv6 Deployment

  16. ISP Survey Trends and Highlights • Estimated IPv4 depletion 2015 • 93% plan Dual-stack backbone • 40% run or plan to run 6to4 relay • CPE often doesn’t support IPv6 • Prefixes offered: • /48 most common • /64 (especially among mobile) • /56 • /52, /60 sometimes

  17. A Quick Look at N. American ISPs

  18. Hurricane Electric is a global Internet backbone provider (and transit ISP), with a specific focus on IPv6

  19. RECAP: IPv6 Hierarchical Addressing Interface ID Global Routing Prefix Prefix SLA ID 2561:1900:4545:0003:0200:F8FF:FE21:67CF RIR NIR/LIR

  20. IPv6 Subnetting • CIDR only (slash notation) • No concept of subnet masks • / followed by prefix size (decimal number 1-128) 2001:1900:4545:0003:0200:F8FF:FE21:67CF 2001:1900:4545::/48 = /16 /32 /48 2001:1900:4545:0000:0000:0000:0000:0000 - 2001:1900:4545:FFFF:FFFF:FFFF:FFFF:FFFF CIDR to range tool: http://www.ultratools.com/tools/ipv6CIDRToRange

  21. Regional Internet Registry (RIR) • Current ARIN • IPv6 Blocks: • 2001:0400::/23 • 2001:1800::/23 • 2001:4800::/23 • 2600:0000::/12 • 2610:0000::/23 2001:1856:4A5f::/64

  22. Local Internet Registry (LIR) • ARIN IPv6 Block: • 2001:1800::/23 ISP A ISP C ISP B • ISP IPv6 Blocks: • ISP A • 2001:1800::/32 • ISP B • 2001:1801::/32 • ISP C • 2001:1802::/32 2001:1800:1234::/64 2001:1802:1234::/64

  23. The Multi-Homed Issue: PA vs. PI 2001:4911::/32

  24. Map Your Network • You should identify: • Your core infrastructure (routers, switches, etc) • Security devices • Hosts and OSs on your network • Enumerate you DNS and DHCP servers • Your application servers (Public & Private) • Other networks devices (printers, NAS, etc..) Nmap can help!

  25. What Needs an Upgrade? • Place in three buckets: • No support • Partial support • Full support (w/dual-stack) Devices lacking support will require eventual upgrade or transition services The goal of the previous network enumeration process is to figure out what supports IPv6 and what does not.

  26. Planning and Migration Strategies

  27. Planning and Migration Strategy This info will help you choose a migration strategy:

  28. IPv6 Transition Technologies • Dual-Stack: IPv4 and IPv6 run together on all/most devices. Dual-Stack routing devices can handle translation, if necessary • Tunneling: Allow IPv6 devices to communicate over an IPv4 network via tunnels (a lot like VPN) • Manual: Require configuration. More control, thus more secure • Automatic: Little setup. May sneak out your network • Tunnel Brokers: Companies that offer easy IPv6 tunneling services • Translation: Re-writing one protocol packets to another protocol (IPv6 to IPv4, and vice versa). • Application-specific proxies: Translation only for specific services (web, email, etc). IPv6 client connects to proxy server, it makes IPv4 connection to a service…

  29. Common Tunneling and Translation Protocols

  30. Three Migration Strategies

  31. A Simplified Network Internet ISP IPv4 Core Network IPv4 Network (LAN) IPv4 Network (DMZ) IPv4 Network

  32. IPv6 Tunnel broker or endpoint Core Migration Internet ISP IPv6 ISP IPv4 ISP • IPv6 Routers (or Dual-stack) IPv4 Core Network IPv6 Core Network • Dual-stack Routers IPv4 Network (LAN) IPv4 Network (DMZ) IPv4 Network

  33. Application Server Migration Internet ISP Depending on ISP capabilities, Tunneling or Translation services used for IPv6 Internet access. IPv4 Core Network IPv4 Network (LAN) IPv4 Network (DMZ) IPv4 Network IPv4/IPv6 Network

  34. Client-side Migration Internet ISP Again, Tunneling or Translation services used where needed IPv4 Core Network IPv4 Network (LAN) IPv4 Network (DMZ) IPv4 Network IPv4/IPv6 Network

  35. Implementation and Transition

  36. IPv6 Deployment: Eating the Elephant “[IPv6 deployment] is very much an ’eating the elephant’ problem, but at one mouthful at a time, it appears to be surprisingly easy. Just do it, bit by bit."

  37. From Islands to Oceans Even if you converted to full IPv6 tomorrow, you will still need translation tech until everyone does IPv6 Internet IPv6 Network IPv4 Ocean IPv6 Ocean IPv4 network IPv6 Island IPv4 Island IPv4 Island

  38. Expect a Long-term Transition Phase

  39. Wrapping Up

  40. It’s Up To You!

  41. Resources for further reading: • “0 to IPv6 in 3 Months” Case Study (PDF): goo.gl/jpnX7 • ARIN Number Resource Policy: http://goo.gl/G5fse • World IPv6 Day Experiences: http://goo.gl/kGeQa • RFC 6036 - Emerging Service Provider Scenarios for IPv6 Deployment: http://goo.gl/WSMzR • IPv4-to-IPv6 Transition Strategies: http://goo.gl/8GOzJ • IPv6 Transition Strategies: http://goo.gl/U5iV6 • IPv6 Calculator Tools: http://goo.gl/OqDw5

  42. Thank You!

More Related