8/8/2011

1

SOSPG1: IPv6, Tomorrow’s Network Here Today.

Mark Brophy, I.T. Director, Rogers Townsend & ThomasJim Small & Craig Weinhold

CDW Advanced Technology Services

Session Overview

• Brief review of the characteristics of IPv4.• Introduction to some of the new characteristics

of IPv6. This will not be a technical deep dive. f f• Brief outline of a possible migration strategy.

• Setting the record strait on a few points.• On to the experts!

– Q&A period with Jim and Craig as they share their real world view and experiences with IPv6 migrations.

“In the beginning…”

God created the Internet and AOL. Now theInternet was formless and empty, (no Facebook)and darkness was over the surface of the deep,and the Spirit of God was hovering over theand the Spirit of God was hovering over therouters.

And God said, “Ping 127.0.0.1,” and there werepackets.

8/8/2011

2

Remember this?• Class A 0-126 (roughly 16 million hosts/network)• Class B 128-191 (65,536 hosts/network)• Class C 192-223 (256 hosts/network)There are only 4,294,967,296 possible unique IPv4 addresses in the entire world.IANA's primary address pool was exhaustedexhausted on February 3, 2011 when the last 5 blocks were allocated to the 5 RIRs. APNIC was the first RIR to exhaust its regional pool on 15 April 2011, except for a small amount of address space reserved for the transition to IPv6, intended be allocated in a restricted process

The Band-Aid

• Network Address Translation.• Private address ranges created.• 10.0.0.0 to 10.255.255.255• 172.16.0.0 172.31.255.255• 192.168.0.0 192.168.255.255

But it broke end to end transmission between hosts.

A Typical IPv4 NetworkLayer 3 Switching

Layer 2 Switching

8/8/2011

3

IPv4• The current version of IP (known as Version 4 or IPv4) has not been substantially

changed since RFC 791 was published in 1981.• The initial design did not anticipate the recent exponential growth of the Internet,

Internet devices and the exhaustion of the IPv4 address space.• IPv4 addresses are become relatively scarce, forcing some organizations to use a

Network Address Translator (NAT) to map multiple private addresses to a single public IP address. While NATs promote reuse of the private address space, they do not support standards-based network layer security or the correct mapping of all higher layer protocols and can create problems when connecting two organizations that use the private address spacethat use the private address space.

• The growth of the Internet and the ability of Internet backbone routers to maintain large routing tables is burdensome. There are routinely over 85,000 routes in the routing tables of Internet backbone routers. The current IPv4 Internet routing infrastructure is a combination of both flat and hierarchical routing.

• The requirement for security at the IP level.• The need for better support for real-time delivery of data—also called quality of

service (QoS).• With more computers and devices using IP, there is a need for a simpler and more

automatic configuration of addresses and other configuration settings that do not rely on the administration of a DHCP infrastructure.

Meet IPv6

IPv6 was developed by the Internet Engineering Task Force (IETF) to and is described in Internet

standard doc ment RFC 2460 p blished in standard document RFC 2460, published in December 1998.

About IPv4 and IPv6

8/8/2011

4

What an IPv6 network might look like.

This is just one out of manymany possibilities of what a networkrunning IPv6 might resemble. Your network may vary.

The 5 Steps to IPv6

Step 1

Step 2

Design

IPv6 Ready

Step 3

Step 4

Step 5

IPv6 Testing

Dual stack

Bye Bye IPv4

The 5 Steps to IPv6

Keep it simple

Design for growth

Work with /48, /52, /56, /60 or /64

8/8/2011

5

Step 1 - Training

IPv6 will affect every single member of an IT Department from Entry Level Help Desk to Application/Web Developers to Senior Network Engineers.

New terminology

• Dual IP stack• IPv4-mapped IPv6 addresses• 6 to 4 Tunneling

T d• Teredo• Stateless Auto Configuration• Stateful Auto Configuration• Sites not Subnets

What’s wrong with this address?

• 207.144.117.193• 10.100.0.240• 192.168.1.19• 169.254.108.53• 192.168.255.1• 127.0.0.1

8/8/2011

6

What’s wrong with this address?

• 207.144.117.193• 10.100.0.240• 192.168.1.19•• 169.254.108.53169.254.108.53•• 192.168.255.1192.168.255.1•• 127.0.0.1127.0.0.1

What’s wrong with this address?

• 2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A• 2001:DB8:0:2F3B:2AA:FF:FE28:9C5A• 2001:0DB8:0000:2F3B:02AG:00FF:FE28:9C5A• ::1

What’s wrong with this address?

• 2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A• 2001:DB8:0:2F3B:2AA:FF:FE28:9C5A• 2001:0DB8:0000:2F3B:02AG:00FF:FE28:9C5A• ::1

8/8/2011

7

Same address, different syntax

• 2001:0DB8:0000:0000:0008:8000:0000:417A• 2001:DB8:0:0:8:8000:0:417A• 2001:DB8::8:8000:0:417A• 2001:DB8:0:0:8:8000::417A• 2001:db8::8:8000:417A

Why? To improve readability.

Network devices

The 5 Steps to IPv6

Operating Systems

Applications

IPv6 Ready Logo Programwww.ipv6ready.org

Redmond’s Stance

• From Microsoft's perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server 2008, or later versions, some components willwill notnot functionfunction.

• http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx

8/8/2011

8

For Example: Turning off IPv6

• Hyper-V cluster - It is not possible to add a new node to an existing cluster.

• TMG server - RRAS breaks.• Exchange - Mailflow & Installation problems.• Direct Access - Does not work.• SBS Server – Exchange services fail to start & network shows

offline. Even if you don not configure your workstations to use IPv6, starting with Vista, Windows tunnels all IPv4 traffic through the IPv6 stack.

Why? -more efficient protocols. Just leave it on but beware. Windows DoS vulnerability.

http://www.youtube.com/watch?v=GA_w87K_Iuo

The 5 Steps to IPv6

IPv6 network device

IPv6 Application

IPv6 User

Testing Status Report

• Network devices: Most of your current network devices have are IPv6 ready. In some products, it may be as simple as just turning on the feature. Massive hardware upgrades should not be in order unless you are running hardware built prior to 2002.

• Most, if not all, major Operating Systems are IPv6 capable.

8/8/2011

9

Source Feature IPv6 supported

Testing Status Report• Applications: Going to be a rough road. A lot

are not there yet and will need to be reviewed. For Instance with Exchange 2010…

Transport

Transport

Transport

Unified Messaging

The 5 Steps to IPv6 cont.

The Bottom Line

• We’re out of IPv4 address space.• •IPv6 must be adopted for continued Internet

growth.• •IPv6 is not backwards compatible with IPv4• •IPv6 is not backwards compatible with IPv4.• •We must maintain IPv4 and IPv6 simultaneously

for many years. • •IPv6 deployment has begun.

8/8/2011

10

On to our Experts

We have some questions of our own prepared, but feel free to join us and ask your own questions.

Without further adoWithout further ado…

Questions

#1If IPv6 has been around since 1998, then there must be plenty of stable products and services running IPv6, right? running IPv6, right?

Questions

#2I've heard some people say IPv6 is more secure than IPv4, while others say it is less secure than IPv4. What is this about?IPv4. What is this about?

8/8/2011

11

Questions

#3I have enough addresses today. Why should I bother implementing IPv6? Should I even be considering implementing IPv6?considering implementing IPv6?

Questions

#4

What’s going on with DHCP? Do we still need it?

Questions

#5

So how much will the transition to IPv6 cost me?

8/8/2011

12

Any other questions?

Other IPv6 Session today

Please check out IPv6: The Ins and Outs ETPG6 at1:30 today for a different IPv6 session by theEmerging Technologies GroupEmerging Technologies Group

Check out the IPv6 demo in vendors area.

THANK YOU FOR ATTENNDING!

References and Light Reading

• Abstract: Introduction to IP Version 6 –Microsoft Corporation Published September 2003, updated January 2008. http://www.microsoft.com/ipv6

• IPv6 for the Reluctant. Mark Minasi, TechEd2009 Europe. • Migrating to IPv6 with Windows Server 2008 R2 and Windows 7, Martijn Bellaard,

TechEd2011• FAQ Internet Society http://www.isoc.org/internet/issues/ipv6_faq.shtml

6• IPv4 Depletion IPv6 Adoption, American Registry for Internet Numbers, Nov. 11, 2010https://www.arin.net/knowledge/v4_deplete_v6_adopt.pdf

• National Institute of Standards and Technology: U.S. Department of Commerce Special Publication 800-119-Guidelines for the Secure Deployment of IPv6, December 2010.

8/8/2011

13

Cool Tools & Sites

• IPv6 Connectivity tool. http://test-ipv6.com• http://www.worldipv6day.org/• Ipv6 Readiness Logo http://www.ipv6forum.com/