Embed Size (px)
DESCRIPTION
Citation preview
IPv6IPv6Report from the IPv6 Subcommittee of
the StageNet Technical Committee
IPv6 HistoryIPv6 History
• IPv6 was developed because about 1992 it became clear that at the rate that the Internet was growing the world would soon be out of IPv4 numbers.
• In addition to providing more numbers the design of IPv6 includes fixes to issues that became apparent with the widespread usage of IPv4 and it includes new features plus the ability to add more new features in the future.
IPv6 HistoryIPv6 History
• The experimental deployment of IPv6 started in 1995.
• The specifications of the basic protocols were published in RFC 1883 in December 1995 with more specs published in April and August of 1996.
• RFC 2460 published in 1998 obsoletes RFC 1883.
Dual StackDual Stack
• IPv6 was designed to work alongside IPv4 on all network devices. This is often called the “Dual Stack” because devices have both an IPv4 Protocol Stack and an IPv6 Protocol Stack.
• And the strategy to transition from IPv4 to IPv6 is often referred to as the Dual Stack Strategy. During the transition period most hosts will have both an IPv4 and an IPv6 number. The transition period is expected to last many years.
IPv6 HistoryIPv6 History
• Original estimates for when the world would run out of IPv4 numbers varied from 2000 to 2008.
• The wide use of NAT and the slower growth of the Internet after the dot com bubble burst slowed the allocation of IPv4 numbers, giving the world a bit more time before it runs out of IPv4 numbers.
IPv6 HistoryIPv6 History
• Original barriers to implementing IPv6 were that it took a while for PC Operating Systems to support IPv6 and a while for router vendors to support IPv6 in hardware (route as fast as IPv4).
• All three major PC OSs (Linux, Mac OS X, Windows) now support IPv6 and the major router vendors also support IPv6 in many of their routers.
• IPv6 has been implemented more widely in Europe and Asia than in the US.
Windows OS IPv6 HistoryWindows OS IPv6 History
• Windows has supported IPv6 since Windows 2000– Windows 2000 required that a patch be
downloaded, Microsoft considers this a preview or beta.
– Windows XP requires one command to enable IPv6.• IPv6 install• or enable via Network Control Panel
– Windows Vista will ship with IPv6 enabled by default
– Windows Server 2003 has full IPv6 support
Macintosh and LinuxMacintosh and Linux
• Linux support for IPv6 started in 1996 but the 2.4 kernel or later is recommended to avoid some earlier bugs.
• Mac OS X started supporting IPv6 in version 10.2 but full support for IPv6 in many Mac applications first appeared in version 10.3 (Panther).
IPv6 History in North DakotaIPv6 History in North Dakota
• In June of 2002 NDSU hosted a GPN Hands on IPv6 Workshop with equipment provided by Internet2.
• In the Summer of 2003 we learned that StageNet would likely qualify for it’s own block of IPv6 numbers.
• In the Fall of 2003 HECN asked ITD to request a block of IPv6 numbers for StageNet.
IPv6 History in North DakotaIPv6 History in North Dakota
• In late summer 2005 StageNet received a block of IPv6 numbers from ARIN (lawyers and indemnity were involved)
• The IPv6 subcommittee of the StageNet Technical committee was formed in the Fall of 2005. The members of the subcommittee were Bonnie Jundt, Kevin Danielson, CJ Kotta and Bruce Curtis from HECN, Curt Wahl from ITD and Jason Berberich from K12. John Gieser is now the rep from K12.
IPv6 History in North DakotaIPv6 History in North Dakota
• The IPv6 subcommittee met several times via video and submitted a report and recommendations to the StageNet Technical Committee.
• The StageNet Technical Committee accepted the recommendations for the method of IPv6 allocations etc.
• The IPv6 subcommittee is still working on a timeline and some standards documents.
NRONRO
• The next few slides are from the Number Resource Organization and have info on IPv4 and IPv6 number allocations.
Internet Number Resource Status Internet Number Resource Status ReportReport
As of 31 December 2005As of 31 December 2005
Prepared byPrepared by
Regional Internet RegistriesRegional Internet Registries
AFRINIC, APNIC, ARIN, LACNIC and the RIPE NCCAFRINIC, APNIC, ARIN, LACNIC and the RIPE NCC
Dec 2006 Internet Number Resource Report
Status of IPv4 Address Space (/8s)
(48 /8s left March 07)
48
December 2005 Internet Number Resource Report
IPv4 Allocations from RIRs to IPv4 Allocations from RIRs to LIRs/ISPs Yearly ComparisonLIRs/ISPs Yearly Comparison
About 10 /8s allocated per year
How long before we are out of How long before we are out of IPv4 numbers?IPv4 numbers?
• This is not an NRO slide.• From the previous two slides we see that:
– There are 50 /8s left.– 10 /8s are being assigned per year.
• So at the current rate the pool of IPv4 numbers will be exhausted in 5 years.
What if the rate increases?What if the rate increases?
• In 2003 5 /8s were assigned.• In 2005 10 /8s were assigned.• In 2006 10 /8s were assigned.• If the rate doubles to 20 /8s per year in
2007 then we could be out of IPv4 numbers in as little as 2.5 years. 5 /8s assigned in January of 2007 already.
• When Cisco analyzed the same data they projected running out of numbers even sooner.
Cisco’s ProjectionCisco’s Projection
• This graph is from the Cisco White Paper at the link below and it predicts running out of IPv4 numbers about 2008.
– http://www.cisco.com/en/US/products/ps6553/products_white_paper0900aecd8032b2ad.shtml
IPv4 Address Space Exhaustion Predictions Based on the Assignment History of the Past Five Years
• http://209.183.221.252/A%20Guide%20for%20Federal%20Agencies%20Transitioning%20to%20IPv6%200106.pdf
Graph fromGraph from Guide for Federal Guide for Federal Agencies Transitioning to IPv6Agencies Transitioning to IPv6
Bottom LineBottom Line
• Not an NRO slide• We have between 1.5 and 6.5 years before
we run out of IPv4 numbers.• As we get closer to running out of IPv4
numbers they will be more difficult to obtain and there will be an increase in IPv6 only sites.
• IPv6 usage will likely reach a “critical mass” before IPv4 numbers are exhausted.
December 2005 Internet Number Resource Report
IANA IPv6 Allocations to RIRsIANA IPv6 Allocations to RIRs (no of /23s)(no of /23s)
North AmericaAsia
Europe
December 2005 Internet Number Resource Report
IPv6 AllocationsIPv6 AllocationsRIRs to LIRs/ISPsRIRs to LIRs/ISPs
Yearly ComparisonYearly Comparison
December 2005 Internet Number Resource Report
IPv6 Allocations IPv6 Allocations RIRs to LIRs/ISPsRIRs to LIRs/ISPs
Cumulative Total (Jan 1999 – Dec 2005)Cumulative Total (Jan 1999 – Dec 2005)
Europe
Asia
North Ameria
December 2005 Internet Number Resource Report
Links to RIR StatisticsLinks to RIR Statistics
•RIR Stats:http://www.nro.net/statistics/
•Raw Data/Historical RIR Allocations:http://www.aso.icann.org/stats
• http://www.iana.org/assignments/ipv4-address-space
• http://www.iana.org/assignments/as-numbers
• http://www.iana.org/assignments/ipv6-unicast-address-assignments
IPv6 future in North DakotaIPv6 future in North Dakota
• HECN is the first portion of StageNet likely to need IPv6 because many sites that HECN may collaborate with are implementing IPv6.
• China’s equivalent of Internet 2 is IPv6 only.
• The super collider being built in France will have a large number of sensors which will be networked and the sensors will only be addressable by IPv6.
IPv6 future in North DakotaIPv6 future in North Dakota
• Both NDSU and UND are members of Internet2. Part being a member includes participating in Internet2 Initiatives, like IPv6.
IPv6 in Internet2IPv6 in Internet2
• The Internet2 IPv6 Working Group has seen an increase in requests for the Internet2 Hands On IPv6 Workshop.
• This is an indication of increased interest in IPv6 from Internet2 member Universities which makes it quite likely that the number of sites on the previous map will start increasing at a faster rate.
IPv6 Future in North DakotaIPv6 Future in North Dakota
• At least two 2-year tech schools in the Kansas region include IPv6 in their curriculum. They know that their network students will see IPv6 in their jobs within a few years of graduating.
IPv6 future in North DakotaIPv6 future in North Dakota
• The OMB has mandated that Federal Agencies must use IPv6 by June 2008. The HECN has members that collaborate with Federal Agencies like NASA, EROS Data Center etc.
• This also means that vendors will make sure that their products support IPv6 before June 2008 so that they will continue to have a chance of selling to the US Government.
USDA at NDSUUSDA at NDSU
• Currently the USDA has two buildings at NDSU that are connected to the world via a Frame Relay link.
• In the near future these buildings will likely connect to the NDSU network and then their connection to the world will be through NDSU and StageNet.
• If this happens then NDSU will be required to provide IPv6 connectivity to these buildings by June of 2008.
IPv6 future in North DakotaIPv6 future in North Dakota
• NAT causes a problem for widespread use of Desktop Video and also for easy connection of VoIP Phones between HECN, K12 and State Gov. (softphones also). IPv6 solves the issues that NAT creates since each endpoint has a globally unique address.
IPv6 vs NATIPv6 vs NAT
• This is a quote from the Cisco White paper titled IPv6 Access Services– At this point, IPv6-based services are seen as
a differentiator that enables service providers to take advantage of the large IPv6 address space and allows them to better position themselves against the competition. The IPv6 deployments can be seen as an impetus to lower service support costs by eliminating Network Address Translation (NAT), with its negative consequences on applications and its complex behavior.
IPv6 vs NATIPv6 vs NAT•Here is a quote from an article in Network World that is quoting an RTI report.
– IPv6 cost estimates - the ROI: Part 4 3/22/06– http://www.networkworld.com/newsletters/isp/2006/0320isp1.html
Another area where IPv6 could cut costs is in increased network efficiencies caused by the removal of network address translation (NAT) devices. "Enterprise spending on NAT workarounds is quite significant according to estimates from participating stakeholders that range up to 30% of IT-related expenditures," the study says.
IPv6 TimelineIPv6 Timeline
• Here is the present state of the Timeline that the IPv6 Subcommittee is working on.
• Allocate IPv6 ranges to HECN quadrants and sites. (Done.)
• NDSU enables IPv6 on it’s campus and enables an IPv6 connection to Internet2 via the Northern Lights GigaPOP in Minneapolis. (Summer 2006)
IPv6 TimelineIPv6 Timeline
• IPv6 is enabled for VCSU via separate ATM PVC. (Summer 2006)
• IPv6 is enabled in the StageNet HECN Core routers. (Christmas 2006 or Summer 2007)
• IPv6 is turned on for any HECN site that requests it.
IPv6 TimelineIPv6 Timeline
• K12 sites that request IPv6 could be connected via separate PVC or VLAN as VCSU was earlier.
• K12 firewalls and 8e6 Internet filters are configured and upgraded if required to support IPv6. (Summer 2008)
• IPv6 is enabled on the K12 Core Routers.(Summer 2008).
• K12 Core routers are connected to Internet2 via IPv6. (Summer 2008)
IPv6 TimelineIPv6 Timeline
• Any interested K12 site may turn on IPv6 which connects them to Internet2 via IPv6.
• Government Firewalls are configured and upgraded if required to support IPv6.(2007 or 2008)
• IPv6 is enabled in the Government Core routers. (2007 or 2008).
IPv6 TimelineIPv6 Timeline
• The StageNet Internet1 routers peer IPv6 with Sprint. At this point all of the Stagenet core routers in Government, HECN, K12 all have IPv6 connectivity to Internet1. (2007 or 2008).
• Government sites enable IPv6 as requested. (2007 or 2008).
IPv6 TimelineIPv6 Timeline
• Date that all newly purchased hardware that attaches to StageNet must support IPv6. (Match the date in the standards/requirements document.)
• Date that all newly purchased applications that work over the network must support IPv6. (Match the date in the standards/requirements document.)
IPv6 TimelineIPv6 Timeline
• All of StageNet supports IPv6 and has IPv6 enabled. (2009 to 2012?)
• All devices attached to StageNet support IPv6. (In the year 2525 ... if firewalls are still alive. :-)
IPv6 Support RequirementsIPv6 Support Requirements
• ITD will need to train staff to support IPv6 on StageNet.
• Routers must support IPv6, may require upgrades.
• Switches do not require upgrades to support IPv6 Unicast but will require upgrades to support IPv6 Multicast (MLDv2 snooping).
• DNS management software must support IPv6.
IPv6 Support RequirementsIPv6 Support Requirements
• 350 routers at end sites will need to support IPv6.– These routers mostly run 12.2 IOS and will need to
be upgraded to 12.3 or 12.4 to support IPv6.– All of these end site routers have at least 64 MB of
RAM and 16 MB of flash which is sufficient to run 12.3 IOS but not 12.4 which requires 128 MB.
– The oldest routers will need to be replaced in 2010 after which there will be no IOS upgrades. (2620s)
• The bottom line is that these routers will not need a memory upgrade to support IPv6.
IPv6 Support RequirementsIPv6 Support Requirements
• 30 devices in the core of the network including routers and firewalls will need to be upgraded to support IPv6.
• For each of 30 core devices only a software upgrade is required to support IPv6.
CostsCosts
• The major costs are:– Training for staff to support IPv6.– Time required to upgrade IOS versions.– Time required to configure IPv6 in routers.– Time to enter IPv6 DNS entries.
Potential Cost SavingsPotential Cost Savings
• In an earlier slide the potential of saving up to 30% by eliminating NAT was mentioned. On the next slide is another quote from that same article which mentions another possible savings.– IPv6 cost estimates - the ROI: Part 4– 3/22/06– http://www.networkworld.com/newsletters/isp/2006/0320isp1.html
Potential Cost SavingsPotential Cost Savings
•One of the key benefits of IPv6 could be reduced information security costs. "Movement to the use of an end-to-end security model could help save major enterprise costs, both in downtime and preventative measures," the RTI report says. "IPSec, an IP-based security protocol that is more common in IPv6 systems, would likely be a part of this movement."
Risks of Implementing IPv6Risks of Implementing IPv6
• There are no major risks in implementing IPv6.
• Minor Risks– Some early implementors have reported
issues with security but they were mostly failure to properly update ACLs in routers and rules in firewalls etc.• Any security risk is likely more than balanced by
the increased time involved in scanning IPv6 numbers and the likely increased usage of IPSec with IPv6.
Risks of Implementing IPv6Risks of Implementing IPv6
• Minor Risks– Running newer IOS versions in routers.
• Possible bugs.
– Lack of support of IPv6 in network monitoring and management tools.• Many tools already support IPv6, but not all, but
more do every day.
– Lack of support for advanced IOS/router features like netflow in IPv6 etc.
Risks of not Implementing IPv6Risks of not Implementing IPv6
• The largest risk is not being prepared when the world runs out of IPv4 addresses.
• Risk not meeting the needs of Higher Education customers.
Questions?Questions?
• StageNet IPv6 Technical Subcommittee – Bruce Curtis (HECN/NDSU)– Kevin Danielson (HECN/UND)– Bonnie Jundt (HECN/UND)– CJ Kotta (HECN/VCSU)– Curt Wahl (ITD)– John Gieser (K12/Edutech)
