© 2012 Cisco and/or its affiliates. All rights reserved. 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1

Deployment Experiences with IPv6 Kumar Reddy Director, Technical Marketing Engineering Cisco Systems With thanks to: Andrew Yourtchenko, Alok Wadhwa, Mayur Brahmankar, Jon Woolwine

© 2012 Cisco and/or its affiliates. All rights reserved. 2 © 2012 Cisco and/or its affiliates. All rights reserved. 2

Dual Stack

Inside – Out •  Globalization •  Technology Leadership •  Industry mandate •  BYOD-Security-Visibility •  Flatten management plane

Dual-Stack Enterprise IPv4 Internet

Outside – In •  Internet Evolution •  Business Continuity •  B2C, B2B

IPv4 Enterprise IPv6 Internet

http://www.cisco.com/en/US/netsol/ns817/networking_solutions_program_home.html

© 2012 Cisco and/or its affiliates. All rights reserved. 4

•  Secured broad executive support •  Progress requires multi-functional teams – not just a networking problem •  Pursuing Outside-In and Inside-Out in parallel

•  Coordinated equipment upgrades and software updates with fleet upgrade program

•  Made sure common client configurations were tested •  Made operational changes e.g. IPv6-specific security mechanisms and

monitoring solutions for IPv6 traffic •  To date

•  Provided IPv6 access in approximately one-third of global offices – tunnel access for interim connectivity

•  IPv6-enabled 100% of the core network •  Observed Happy Eyeballs (RFC 6555) in action •  Observed IPv6 attacks •  Monitor worldwide usage with 6lab.cisco.com/stats

© 2012 Cisco and/or its affiliates. All rights reserved. 5

38,98% of WiFi devices were Apple devices (13,53% iPhone, 7,28% iPad), 30,56% Intel devices 45,4% are doing 802.11n (up to 144Mbps on 2,4GHz band), 37,25% are doing 802.11n (300Mbps / 5GHz), 13,88% are doing 802.11g (54Mbps / 2,4GHz), 3,47% are doing 802.11a (54Mbps / 5GHz)

Example from IPv6 World Congress, Jan 2012

© 2012 Cisco and/or its affiliates. All rights reserved. 6

2 privacy addresses

© 2012 Cisco and/or its affiliates. All rights reserved. 7 © 2012 Cisco and/or its affiliates. All rights reserved. 7

Early experiences with IPv6-only WiFi on 2001:db8::d06:f00d/64

© 2012 Cisco and/or its affiliates. All rights reserved. 8

•  Scope Series of experiments inside Cisco and at Public Conferences (e.g. Cisco Live) with IPv6-only WiFi Core network dual-stacked Access to ‘legacy’ Internet through a NAT64 Tried both dedicated and shared Access Points with a “try me” IPv6 SSID

•  Logistics Volunteer based support – Red T-shirts offered as incentive Each event was contained within a (very large) conference room, floor or campus building Email alias and wiki for support and report issues, findings – limited publicity Kept list of applications that worked/didn’t work (user-reported) Kept traffic statistics

•  To know more http://blogs.cisco.com/borderless/ipv6-at-ciscolive-san-diego/

Dual stack topology

© 2012 Cisco and/or its affiliates. All rights reserved. 10

Measure: Unique MACs with IPv6 LL address IPv6 global address IPv6 with global EUI address IPv4 global address Measurements de-duplicate privacy addresses

* Between IPv6 World Congress, Jan 2012 And Cisco Live US: June 2012 Dual stack capable : IPv4 global + IPv6 LL IPv6 using : IPv6 global

Dual stack-capable devices increased from 47.5% to 77.5%

IPv6-using devices increased by 87.3%

In 6 months *:

© 2012 Cisco and/or its affiliates. All rights reserved. 11

•  Network and client issues •  Different OS policies generate new privacy addresses at different times •  DHCPv6 not supported on some OS [versions] •  Some mobile OS’ don’t support IPv6-only at all – at best workaround with IPv4 + ACL •  Network devices still need IPv4 too •  Happy Eyeballs implementation varies across platforms/browsers •  Subtle First Hop/RA timer interactions •  Certain devices have a high sensitivity to SSID switching (with dual stack too) •  Very few mobile clients support IPv6 on radio interfaces

•  Our network setup •  An old IPv4 multicast filter impacted RA distribution •  Our DNS server address is not easy to remember (next time use eg. 2001:DB8::53)

•  User Experience •  Many users couldn’t tell if they were using IPv6 or not

•  Test-ipv6.com, IPvFOO, IPv6 toolkit app etc are useful •  Poor user experience == frequent disconnects and long wait to associate •  Recorded 160 applications tried by users (at internal events) •  Generally collaboration applications broke through NAT64

© 2012 Cisco and/or its affiliates. All rights reserved. 12

•  Before IPv6 turn on A fair amount of selling is still required to overcome fear of the unknown Knowledge of IPv6 outside core group(s)/enthusiasts can be superficial

•  Support No shortage of volunteers (T-shirt effect?) and lots of enthusiasm but actual support provided by small groups of usual suspects Real debug/troubleshooting skills are poorly distributed – this needs to change

•  Dual stack Worked well

•  IPv6 only See subtle network / client interactions And not so subtle stack differences And uncover old design “short-cuts” And need changes e.g. security and management planes And there are bugs to fix

© 2012 Cisco and/or its affiliates. All rights reserved. 13

Thank You