• Home

  • Documents

  • AN ENTERPRISE IPV6 MIGRATION TOOLKIT Christian Brown Steve Lotthammer Matt Oswalt
23
AN ENTERPRISE IPV6 MIGRATION TOOLKIT Christian Brown Steve Lotthammer Matt Oswalt

AN ENTERPRISE IPV6 MIGRATION TOOLKIT Christian Brown Steve Lotthammer Matt Oswalt

Tags:

Embed Size (px)

Citation preview

Slide 1

An Enterprise IPv6 Migration ToolkitChristian BrownSteve LotthammerMatt OswaltCHRISTIAN

Hello and welcome to our presentation this evening. My name is Christian Brown, this is Stephen Lotthammer, and this is Matt Oswalt. Were going to talk to you tonight about our IPv4 to IPv6 Migration Toolkit for Enterprise Level entities. Im going to provide you with an overview of our work and why this strategy is necessary, then Matt is going to go into some detail about our work with our research. Steve is going to discuss our other deliverables for this project, and then Ill be back to wrap things up. Sit back and enjoy our presentation.

1The IANA

CHRISTIAN

First, we need to understand the problem facing enterprises today. As you may have read back in February, The Internet Assigned Numbers Authority ran out of Addresses in the IPv4 addressing space. What does this mean?

Project description and intended use.

2

CHRISTIANWell it means that every device that requires an IP Address that is made from now on will not have an IPv4 address. They will have to have an IPv6 address. The IPv6 address space has more than enough room for current and future devices and is now a necessity. Enterprises that wish to communicate with these devices will have to convert their infrastructure to IPv6 as well.3

CHRISTIAN

So the question is, how does an enterprise navigate through the confusing process of converting to an IPv6 infrastructure?

Well, thats where we come in4The IPv6 Migration Toolkit

CHRISTIAN

With our IPv6 Migration Toolkit! What youre looking at here is a logical layout of our Toolkit. It consists of 3 main sections; a Quick Reference guide for a snapshot look at some tools we put together showing different performance testing and evaluations of existing technologies. We hope that enterprises will be able to look at this section and see rather quickly the benefits inherent in IPv6 and what they need to do to quickly bring their infrastructure up-to-date. Steve will go into detail on this section later in the presentation.

A Research Section which provides a more in-depth look at the different technologies available for IPv6 Migration. This section contains information on the different strategies enterprises can use during the process of Migration. Matt will talk about this section in detail shortly.

Finally, there is an appendix section that provides more detail about each aspect of our Toolkit and information on other topics that need to be considered during Migration. These appendices are referenced within the Toolkit and can be used by enterprises to further their understanding of the data we have provided.Im going to turn things over to Matt right now who will discuss the research portion of our Migration Toolkit.

5Research and testing

MATT (start at 230)

To develop this toolkit, work was done that involved researching and implementing many common technologies used in an IPv6 migration. These ranged from IPv6 translation, to tunneling mechanisms, IPv6 vulnerability assessments, and analyzing protocol behavior in a variety of configurations.

Through this research, we were able to look into each technology and develop recommendations for implementing them.6Transitional TechnologiesTranslationIPv6 IPv4 TunnelingIPv6 over IPv4Dual-StackIPv6 + IPv4

MATT

Transitional Technologies are tools that a network engineer can use to ensure a seamless migration to IPv6. There are a variety of transitional technologies, but they all generally fall under three categories:

(pause)

Translation, Tunneling, and Dual-Stack.7Transitional TechnologiesTranslationChanging IP packets on the fly

MATT

Translation is the concept of changing an IPv4 packet to IPv6 and vice versa It can be buggy and insecure but it allows IPv4 only endpoints to communicate with IPv6 only endpoints8Transitional TechnologiesTunnelingIPv4 within IPv6

MATT

Tunneling essentially places IPv6 packets inside IPv4 packets This can be insecure and difficult to manage, but it does allow for some creative network designs during an IPv6 migration to ensure connectivity9Transitional TechnologiesDual-StackRun both IPv6 and IPv4 everywhere

MATT

Dual-Stack This is the ideal state for an IPv6 migration. Its not so much a transitional technology as a goal to be reached. Both IPv6 and IPv4 connectivity are available at every point in the network. However, this requires the infrastructure to basically run two networks.10Transitional TechnologiesDual-Stack where you canTunnel where you mustTranslate if your life depends on it

MATT

After all our research, we concluded that all three technologies are valid tools to use in a migration. However, our recommended best practice is to implement dual-stack wherever possible. Tunneling can be used to connect the dots where dual-stack isnt immediately possible. Translation can be used in only the most specific cases. Our recommendation is to avoid it if possible. It is likely to be more cost-effective to upgrade equipment rather than try to implement translation.11OPNETSimulates the effects of a phased IPv6 migrationGathers performance data on network resources

One of our deliverables included using the OPNET Modeler network simulation software for evaluating and testing a phased IPv6 migration. As sections of the network were migrated, performance data was gathered, which provided an accurate forecast of how a real enterprise network might perform during each phase of an IPv6 rollout.

This is an important intermediate step between the planning and implementation stages of an IPv6 migration.

In this simulation we were able to find that because the infrastructure was essentially supporting two networks, the strain on the network devices increased, but they were able to provide acceptable network performance.12IPv6 - THE NEW AND IMPROVED IPIPv6 isnt just about bigger address spaceSecurityUsabilityPerformance

In terms of security, IPv6 was designed to be 100 percent compatible with the IPSec protocol suite. IPSec works to secure IP communications by providing authentication and encryption for each IP packet of a communication session. Like two puzzle pieces, IPv6 was built to completely fit together with the IPSec suite.

IPv6 also contains new features for enhancing the usability and administration of the network, such as Neighbor Discovery, which identifies other IPv6 devices on the network, Router Advertisements, which allow for automatic discovery of IP information, and Path MTU Discovery, which automatically determines the maximum packet size on a network.

Finally, IPv6 was built from the ground up to have better performance than IPv4. The IPv6 header is more simple, containing fewer fields. This allows routers to make routing decisions much more quickly. Ill now hand it over to Steve to show the data we collected that supports this.13Performance TestingIn live tests IPv6 shows a considerable increase in performance over IPv4.

We tested the performance of IPv4 and IPv6 under various scenarios in order to verify statistics gathered from Cisco and other testing authorities. Our tests corroborate Ciscos data, and we found that IPv6 shows a considerable increase in real-world performance over IPv4. 14Performance Testing

In order to demonstrate the performance differences between IPv4 and IPv6 we created a test network in our lab and used the open source application iPerf to gather throughput data.

Our lab setup consisted of 3 clients and 3 serversWindows XP, Windows 7, and Cent OS connected over gigabit links to a Cisco router.

For the purposes of this presentation we chose to show the data we captured from the Linux distribution, CentOS. The rest of our performance data can be found in our final report and our Migration Toolkit.

15Performance DataCentOSTCP over IPv4

In our first graph you can see the performance of the IPv4 network stack in Cent OS.

Blue represents traffic flowing from the Client to a CentOS serverRed represents traffic from the Client to a Windows 7 ServerAnd Green represents traffic from the Client to a Windows XP server.

On average Cent OS was able to achieve a speed of about 565 Mb/s on IPv416Performance DataCentOSTCP over IPv6

On IPv6 CentOS performs visibly better, achieving an average speed of 666 Mb/s17Performance DataCentOSUDP Comparison

In our tests UDP performance nearly doubledfrom 444 Mb/s on IPv4 (in blue) to 706 Mb/s on IPv6 (in red)

Our data shows that IPv6 truly is the successor to IPv4. In addition to providing a larger address space, IPv6 has been streamlined to provide this increase in performance. Our hope is that enterprise managers could use this data to quickly see some of the benefits in upgrading to IPv6.18OS Ratings

Windows Server

Legend

We also tested common operating systems for their level of compatibility with IPv6.

Here you can see our rating sheet for Windows Server systems.

Each Rating includes a color code, The name of the operating system, the status of that OS and our recommendation along with any implementation steps needed.

A Green rating is for an OS that has full IPv6 support and is ready out of the box.An Orange rating represents an OS that supports only some IPv6 features or only supports IPv6 with manual installation or configuration.A Red rating does not support IPv6 and must be upgraded or replaced before attempting migration.

19OS RatingsTested a variety of Operating Systems for IPv6 compatibility.LinuxCommon DistributionsKernels

In Linux we tested several common distributions as well as the major supported kernel version.

We found that any distribution of linux running kernel version 2.6 or higher includes full IPv6 support.20OS RatingsTested a variety of Operating Systems for IPv6 compatibility.MicrosoftWindows 2000 / 2000 ServerWindows XP / Vista / 7Windows 2003 / R2 / 2008 / R2

In Windows we tested several workstation and server variants of the operating system, from Windows 2000 to present.

Any Windows operating system on Vista/Server 2008 or higher includes a fully functioning IPv6 stack21OS RatingsTested a variety of Operating Systems for IPv6 compatibility.AppleMac OS XMac OS 9

For Apples operating systems we tested OS 9 and a variety of OS 10 versions (including Leopard and Snow Leopard)

All variants of OS 10 above 10.2 support IPv6, however none of them have support for DHCP with IPv6.

These Operating System Readiness Assessments provide administrators with an at-a-glance resource to determine the status of workstations and servers on their networks.22ConclusionIPv6 ToolkitTransitional Technologies ResearchOPNET ModelingPerformance Comparison Testing ChartsOS Ratings

As youve seen through the course of this presentation, our IPv6 Toolkit is designed to help Enterprises with the process of preparing to migrate their infrastructure to IPv6. Weve shown you the items in our toolkit including our Transitional Technologies Research, our OPNET modeling, our Performance Comparison Testing Charts, our OS Ratings and discussed our research findings with you. It is our hope that enterprises will find our kit a useful addition to their arsenal as they move into this new realm of IPv6. Wed now like to open the floor to questions.

OR

We have demonstrated our IPv6 Migration Toolkit and discussed our research findings with you. Wed now like to open up the floor to questions. Thanks for your time.23IPv4 Internet

UCs Network

Tunnel02001:470:1F10:AE3::2/64

Routed /642001:470:1F11:AE3::/64

IPv6 Enablement Proof of Concept

CEAS Networking Lab

DHCP/DHCPv6

IPv4 Internet

UCs Network

Tunnel02001:470:1F10:AE3::2/64

Routed /642001:470:1F11:AE3::/64

IPv6 Enablement Proof of Concept

CEAS Networking Lab

DHCP/DHCPv6


1 IPv6 Address Representation. IPv6 Addressing2 Objectives IPv6 Addressing scheme IPv6 Address Plan IPv6 Address Types IPv6 Address with an Embedded IPv4

1 IPv6 Address Representation. IPv6 Addressing2 Objectives IPv6 Addressing scheme IPv6 Address Plan IPv6 Address Types IPv6 Address with an Embedded IPv4

Documents
IPv6 Introduction What is IPv6 Purpose of IPv6 (Why we need it)Purpose of IPv6 IPv6 Addressing Architecture IPv6 Header ICMP v6 Neighbor Discovery (ND)

IPv6 Introduction What is IPv6 Purpose of IPv6 (Why we need it)Purpose of IPv6 IPv6 Addressing Architecture IPv6 Header ICMP v6 Neighbor Discovery (ND)

Documents
Why IPv6? Roque Gagliano LACNIC. Agenda Initial Concepts. IPv6 History. What is IPv6? Planning IPv6

Why IPv6? Roque Gagliano LACNIC. Agenda Initial Concepts. IPv6 History. What is IPv6? Planning IPv6

Documents
IPv6 Deployment Statistics - Cisco IPv6 Lab6lab.cisco.com/stats/data/IPv6 Adoption Statistics user guide.pdf · IPv6 Deployment Statistics Alain Fiocco, Hugo Kaczmarek ... IPv6 adoption

IPv6 Deployment Statistics - Cisco IPv6 Lab6lab.cisco.com/stats/data/IPv6 Adoption Statistics user guide.pdf · IPv6 Deployment Statistics Alain Fiocco, Hugo Kaczmarek ... IPv6 adoption

Documents
IPv6 Global Status - IPv6 Essentials

IPv6 Global Status - IPv6 Essentials

Technology
Campus IPv6 deploymentCampus IPv6 deployment

Campus IPv6 deploymentCampus IPv6 deployment

Documents
IPv6 at Google (APRICOT 2009) · 2017. 2. 6. · What we have done so far IPv6 network rollout IPv6-only websites ipv6.google.com (Mar 2008) ipv6.google.cn, ipv6.google.co.jp IPv6

IPv6 at Google (APRICOT 2009) · 2017. 2. 6. · What we have done so far IPv6 network rollout IPv6-only websites ipv6.google.com (Mar 2008) ipv6.google.cn, ipv6.google.co.jp IPv6

Documents
IPv6 IPv6 IPv6 IXLeeds 2 Leeds, Yorkshire 12 th September 2012 Martin J. Levy, Director IPv6 Strategy Hurricane Electric IPv6 By Default

IPv6 IPv6 IPv6 IXLeeds 2 Leeds, Yorkshire 12 th September 2012 Martin J. Levy, Director IPv6 Strategy Hurricane Electric IPv6 By Default

Documents
Analysing!Dual!Stack!Behaviour! and!IPv6!Quality!ftp.ines.ro/doc/isp-workshops/IPv6 Presentations... · 2012. 4. 26. · IPv6 SYN+ACK DNS IPv6 IPv6 IPv6 Windows(XP 8.0.1 8.0.115.0.874.121

Analysing!Dual!Stack!Behaviour! and!IPv6!Quality!ftp.ines.ro/doc/isp-workshops/IPv6 Presentations... · 2012. 4. 26. · IPv6 SYN+ACK DNS IPv6 IPv6 IPv6 Windows(XP 8.0.1 8.0.115.0.874.121

Documents
APNIC Tutorial: IPv6 Essentials · Overview • Introduction to IPv6 • IPv6 Protocol Architecture • IPv6 Addressing and Subnetting • IPv6 Host Configuration • Getting your

APNIC Tutorial: IPv6 Essentials · Overview • Introduction to IPv6 • IPv6 Protocol Architecture • IPv6 Addressing and Subnetting • IPv6 Host Configuration • Getting your

Documents
A Brief History of IPv6 @ ARIN Matt Ryanczak Network Operations Manager

A Brief History of IPv6 @ ARIN Matt Ryanczak Network Operations Manager

Documents
1 IPv6 Packet Format. 2 Objectives IPv6 vs IPv4 IPv6 Packet Format IPv6 fields IPv6 and data-link technologies

1 IPv6 Packet Format. 2 Objectives IPv6 vs IPv4 IPv6 Packet Format IPv6 fields IPv6 and data-link technologies

Documents
IPv6 Deployment - APNIC Training · 2017-06-18 · • IPv6 Addressing and Subnetting • IPv4 to IPv6 Transition Technologies • IPv6 Services . IPv6 Security Features • IPsec

IPv6 Deployment - APNIC Training · 2017-06-18 · • IPv6 Addressing and Subnetting • IPv4 to IPv6 Transition Technologies • IPv6 Services . IPv6 Security Features • IPsec

Documents
IPv6 0x05 Types d’adresses IPv6

IPv6 0x05 Types d’adresses IPv6

Documents
IPv6 0x02 TCP/IPv6

IPv6 0x02 TCP/IPv6

Documents
Washington, D.C., and New York Led by Andrea Oswalt

Washington, D.C., and New York Led by Andrea Oswalt

Documents
Homework and Remembering - Stanley G. Oswalt …...Houghton Mifflin Harcourt Publishing Company

Homework and Remembering - Stanley G. Oswalt …...Houghton Mifflin Harcourt Publishing Company

Documents
Southern Sonja N. Oswalt, Tony G. Johnson, Mike Howell ... · Removals: The Southern Regional Perspective Sonja N. Oswalt, Tony G. Johnson, Mike Howell, and James W. Bentley Abstract

Southern Sonja N. Oswalt, Tony G. Johnson, Mike Howell ... · Removals: The Southern Regional Perspective Sonja N. Oswalt, Tony G. Johnson, Mike Howell, and James W. Bentley Abstract

Documents
OSWALT AUGER MIXERSrotomix.com/images/oswalt/Oswalt-Auger-Mixers.pdf · 5 Oswalt® mixers are superior in their ability to mix all types of ration ingredients. When equipped with

OSWALT AUGER MIXERSrotomix.com/images/oswalt/Oswalt-Auger-Mixers.pdf · 5 Oswalt® mixers are superior in their ability to mix all types of ration ingredients. When equipped with

Documents
Irish IPv6 Task Force - Irish IPv6 Task Force IPv6 and Security

Irish IPv6 Task Force - Irish IPv6 Task Force IPv6 and Security

Documents
IPv6@ARIN Matt Ryanczak Network Operations Manager

IPv6@ARIN Matt Ryanczak Network Operations Manager

Documents
179 OSWALT AVE · 2018. 8. 8. · 179 OSWALT AVE BATAVIA, IL 60510. BRIAN LINDGREN MARIA MCNEIL 847.758.9200 x305 847.758.9200 x308 blindgren@browncommercialgroup.com mmcneil@browncommercialgroup.com

179 OSWALT AVE · 2018. 8. 8. · 179 OSWALT AVE BATAVIA, IL 60510. BRIAN LINDGREN MARIA MCNEIL 847.758.9200 x305 847.758.9200 x308 [email protected] [email protected]

Documents
OSWALT Pre and Post Architecture

OSWALT Pre and Post Architecture

Documents
IPv6 Protocol - Employees.orgfranjo/slides/majstor.pdf · • IPv6 Primer • IPv6 Protocol Security • Dual stack approach • Q&A. fmajstor@cisco.com, IPv6 Security 3 IPv4 & IPv6

IPv6 Protocol - Employees.orgfranjo/slides/majstor.pdf · • IPv6 Primer • IPv6 Protocol Security • Dual stack approach • Q&A. [email protected], IPv6 Security 3 IPv4 & IPv6

Documents
Dallas 2014 IPv6 Talk - Texas IPv6 Task Force | IPv6 only, Y'all! · 2015-11-22Dallas 2014 IPv6 Talk - Texas IPv6 Task Force | IPv6 only, Y'all!

Dallas 2014 IPv6 Talk - Texas IPv6 Task Force | IPv6 only, Y'all! · 2015-11-22Dallas 2014 IPv6 Talk - Texas IPv6 Task Force | IPv6 only, Y'all!

Documents
Architecture IPv6 - Colloque IPv6 op

Architecture IPv6 - Colloque IPv6 op

Documents
Southern Sonja N. Oswalt, Tony G. Johnson, Mike Howell ...Sonja N. Oswalt, Tony G. Johnson, Mike Howell, and James W. Bentley Abstract Here, we examine fluctuations in timber harvest

Southern Sonja N. Oswalt, Tony G. Johnson, Mike Howell ...Sonja N. Oswalt, Tony G. Johnson, Mike Howell, and James W. Bentley Abstract Here, we examine fluctuations in timber harvest

Documents
ipv6 ISIS for IPv6

ipv6 ISIS for IPv6

Documents
Module 6: IPv6 Fundamentals. Introduction to IPv6 Unicast IPv6 Addresses Configuring IPv6

Module 6: IPv6 Fundamentals. Introduction to IPv6 Unicast IPv6 Addresses Configuring IPv6

Documents
IPv6 workshop Quito - Quito ---EcuadorEcuador 26th 26th ... · – 6DISS and IPv6 intro – IPv6 addressing – IPv6 associated protocols – IPv6 deployment – Autoconfiguration(stateless,

IPv6 workshop Quito - Quito ---EcuadorEcuador 26th 26th ... · – 6DISS and IPv6 intro – IPv6 addressing – IPv6 associated protocols – IPv6 deployment – Autoconfiguration(stateless,

Documents