2009 Cisco Systems, Inc. All rights reserved. Presentation_ID 1
IPv6 Enterprise Deployment Strategy Benoit Lourdelet, IPv6 Product
Manager, [email protected]@cisco.com
Slide 2
2009 Cisco Systems, Inc. All rights reserved. TERENA 2
Capturing the IPv6 business opportunity Status on IPv6 adoption
Impact of IPv4-address exhaustion Enterprise network functions
Making an IPv6 plan
Slide 3
2009 Cisco Systems, Inc. All rights reserved. TERENA 3
V6-Enabled Image Source: Forrester, Three Mega Business Trends Will
Reshape The Tech Sector V6 Enabled V6 in 2010 V6-Enabled V6 in iOS
4.0 Departments Functions Workgroups/ teams Web-enabled Devices
Consumer Software Cloud-based Services Enterprise Collaboration
Tools V6-Enabled alpha Ironport cisco.com
Slide 4
2009 Cisco Systems, Inc. All rights reserved. TERENA 4 Impact
of IPv4 address pool exhaustion Enterprises should expect their
customers, partners, and remote employees to have a mix of
connectivity Public IPv4-only Public IPv4 and IPv6 Shared IPv4-only
Shared IPv4 and IPv6 IPv6 only
Slide 5
2009 Cisco Systems, Inc. All rights reserved. TERENA 5 Impact
of Shared IPv4 Address on Applications Applications which could
work poorly or even not at all when one side uses a shared IPv4
address Multiple TCP connections (like AJAX) in parallel Assuming
that one IPv4 address = one user (for logging, for load balancing,
for access control) Expecting inbound connections (like active FTP)
Using an application not yet supported by the NAT devices
Slide 6
2009 Cisco Systems, Inc. All rights reserved. TERENA 6 Dramatic
Increase in Enterprise Activity When the IPv4 pool(s) run out
things keep working but the Internet stops growing Enterprise that
is or will be expanding into new markets Growth/Protection
Enterprise that partners with other companies/organizations doing
IPv6 Governments, enterprise partners, contractors Partnership
Microsoft Windows 7, Server 2008 Microsoft DirectAccess OS/Apps
Mergers & Acquisitions NAT Overlap Fixing Old Problems High
Density Virtual Machine environments (Server virtualization, VDI)
SmartGrid New Technologies External Pressure Internal Pressure
Slide 7
2009 Cisco Systems, Inc. All rights reserved. TERENA 7 IPv6
Internet Presence (websites, remote users, B2B ) IPv6 Islands
(Wireless/Consumer devices, Labs ) Internal Data Center, Enterprise
Apps Ubiquitous Dual-Stack IPv6 Pilot and Basic Infrastructure IPv4
EOL Sales Certs (IPv6 Logo,USGv6, RIPE-501) Mandated 1, 2, 3 Who?
Government Agencies Customers who sell to government agencies
Motivated 2 3 4 Who? Customers with IPv4 address exhaustion Global
Enterprises with consumer or business interaction on the public
internet Customers with user-provided devices on their networks
Early Adopter 2 4 3 5 6 7 Who? Companies looking for competitive
advantage Companies using IPv6 to solve business problems Early
adopters preparing for coexistence Mainstream 2 Who? Large
US/European Enterprises Small-Medium Enterprises 1 2 3 5 6 7 4 IPv6
Adoption and Delivery
Slide 8
2009 Cisco Systems, Inc. All rights reserved. TERENA 8 IPv6 for
Internet Presence How to offer services on the IPv6 Internet?
Slide 9
2009 Cisco Systems, Inc. All rights reserved. TERENA 9 What is
Internet Presence? The set of services offered by the enterprises
Governments Hospitals Schools To their Customers Citizens Patients
students
Slide 10
2009 Cisco Systems, Inc. All rights reserved. TERENA 10 Why
Should an Enterprise Add an IPv6 Internet Presence? To be ready for
IPv6 Regulations or incentives To keep applications running Unique
IP address per user Customers having only IPv6 connectivity
Slide 11
2009 Cisco Systems, Inc. All rights reserved. TERENA 11
Multiple Ways to Add IPv6 to Web Servers Add native IPv6 to
existing web servers: could require some changes in application
scripts & logging Add a set of IPv6-only web servers More
flexibility and independence of IPv4 & IPv6 Address Family
Translator (AFT) in load balancer Accept IPv6 connection from
browser Load balance and connect to server with IPv4 AFT in reverse
web proxies Quite often reverse proxies are used for security
anyway Same scenario as load balancers AFT in network devices
Currently with NAT-PT but scalability issue and deprecated by IETF
Being worked on at the IETF Behave WG
Slide 12
2009 Cisco Systems, Inc. All rights reserved. TERENA 12 IPv6
Access to Internet How can enterprise internal users access
services on the IPv6 Internet?
Slide 13
2009 Cisco Systems, Inc. All rights reserved. TERENA 13 Why
Getting IPv6 Access to the Internet? Get end-to-end connectivity
for all users Avoid being placed behind a NAT Customer or partner
requiring IPv6 Getting know-how and expertise on IPv6 IPv4
connectivity is too expensive
Slide 14
2009 Cisco Systems, Inc. All rights reserved. TERENA 14 Adding
IPv6 Access for Internal Users Choice of deployment models
Dual-stack: add IPv6 to all hosts and network devices recommended
approach Application proxies at the perimeter: Internal browser
connects over IPv4 to proxies Proxies connects to IPv6 server
Tunneling add IPv6 only to some hosts and network devices could be
used for pilot phase or in case of legacy devices
Slide 15
2009 Cisco Systems, Inc. All rights reserved. TERENA 15 IPv6 in
the Intranet How can enterprise internal users use IPv6 for
internal services?
Slide 16
2009 Cisco Systems, Inc. All rights reserved. TERENA 16 Why
Adding IPv6 to all hosts in the intranet? Even if RFC 1918 is
enough for enterprise Visibility of tunneled IPv6 traffic To
enforce a security policy Enable IPv6-only application Windows 7
DirectAccess transport IPv6 only Windows 2008 Cluster uses IPv6
link-local address Apple Airport management uses IPv6 link-local
address Simpler network management without any NAT Ease of
deployment and mobility Facilitate merging & acquisition
(avoiding NAT conflicts) Be ready to merge/acquire with a
IPv6-enabled organization
Slide 17
2009 Cisco Systems, Inc. All rights reserved. TERENA 17
Building an IPv6 intranet Well-known and proven designs
(dual-stack, hybrid, ) Enterprises have run several protocols in
parallel for years (DECnet, AppleTalk, IPX, ) All OS (Microsoft,
Apple, *ix) supports IPv6 for years Some hidden costs Training of
operational staff Test all applications for IPv6 readiness
Slide 18
2009 Cisco Systems, Inc. All rights reserved. TERENA 18
Provider Considerations
Slide 19
2009 Cisco Systems, Inc. All rights reserved. TERENA 19 Asking
the tough questions ! Dual-stack or native IPv6 at each POP SLA
driven just like IPv4 to support VPN, content access Basic Internet
PA is no good for customers with multiple providers or change them
at any pace PI is new, constantly changing expectations and no
guarantee an SP wont do something stupid like not route PI space
Customers fear that RIR will review existing IPv4 space and want it
back if they get IPv6 PI PI/PA Policy Concerns IPv6 provisioning
and access to hosted or cloud-based services today (existing
agreements) Salesforce.com, Microsoft BPOS (Business Productivity
Online Services), Amazon, Google Apps Host/Cloud Apps Dual-stack or
native IPv6 at each POP SLA driven just like IPv4 to support VPN,
content access SLA
Slide 20
2009 Cisco Systems, Inc. All rights reserved. TERENA 20 A
Phased Approach to IPv6 Adoption Repeat for the Next IPv6-Critical
Area in Your Network Identify the highest priority IPv6-critical
areas in your network Perform IPv6 Assessment on highest- priority
areas to determine scope of design Develop an IPv6 design that
enables IPv6 to be introduced without disrupting your IPv4 network
Begin IPv6 testing and implementation in pilot mode, then extend
over time into production deployment Start with a Phased Plan
Aligned with Your Business Strategy 2341
Slide 21
2009 Cisco Systems, Inc. All rights reserved. Presentation_ID
21 Questions ?
Slide 22
2009 Cisco Systems, Inc. All rights reserved. TERENA 22
Slide 23
2009 Cisco Systems, Inc. All rights reserved. TERENA 23
Reference Materials Deploying IPv6 in Campus Networks (Just
updated):
http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Ca
mpIPv6.html
http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Ca
mpIPv6.html Deploying IPv6 in Branch Networks (Just updated):
http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns816/l
anding_br_ipv6.html
http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns816/l
anding_br_ipv6.html New/Updated IPv6 Cisco Sites:
http://www.cisco.com/go/ipv6 http://www.cisco.gom/go/entipv6
http://www.cisco.com/go/ipv6http://www.cisco.gom/go/entipv6 Cisco
Network Designs: http://www.cisco.com/go/designzone
http://www.cisco.com/go/designzone Cisco Live Tweet Chat on
Enterprise IPv6: http://bit.ly/a8s2tWhttp://bit.ly/a8s2tW Interop
Las Vegas Enterprise IPv6 Session Twitter:@eyepv6
Slide 24
2009 Cisco Systems, Inc. All rights reserved. TERENA 24
Recommended Reading Deploying IPv6 in Broadband Networks - Adeel
Ahmed, Salman Asadullah ISBN0470193387, John Wiley & Sons
Publications Available Now- Hardcover/eBook