IPV6an introduction to transition planning
Eduardo Coelhohttp://coelho.pro.br
TOPICS (1)
• why you have to plan before the deployment
• the framework
• whats wrong with ipv4?
• dual stack deployment strategy
• router advertisements and the plug-and-play philosophy
• choosing the equipments
TOPICS (2)
• IPv6 addressing
• DNS settings delivery issues
• legacy devices
• transition protocols
• security concerns
• final suggestions
WHY YOU HAVE TO PLAN BEFORE THE DEPLOYMENT
• accept planning as part of IT culture as it should always have been (ps: if you`re already there, great!)
• your planning can act as a decision-making tool
• including be ready to defend investment choices
• documenting helps delegate and check compliance
• feel you are on top of the changing environment
THE FRAMEWORK
• a simple framework for the changes
• get to know (conheça)
• plan (planeje)
• test (teste)
• implement (implemente)
WHAT’S WRONG WITH IPV4
• lack of enough host addresses
• NAT issues and lack of end-to-end connectivity
• note: you should pay attention to the opportunities that comes with ipv6 deploy
DUAL STACK DEPLOYMENT PHILOSOPHY
• ipv4 is not compatible with ipv6
• the deployment of ipv6 is meant to be made world-wide in parallel to already functioning ipv4 networks
• while the traffic on internet and intranets shift to v6, transition protocols will help most equipment to remain connected
THE PLUG-AND-PLAY PHILOSOPHY
• plug-and-play as a principle
• that makes ipv6 more plug-and-play
• reduced router processing
• better connectivity auto-healing
• mobility is supported
• multicast gains momentum
CHOOSING THE EQUIPMENTS
• be ready to update and test all your equipment
• when buying new equipment, consider the updating capabilities and the manufacturer update policies
• watch for JITC (Defense Information Systems Agency/Joint Interoperability Test Command) compatibility
• watch for ipv6ready compatibility (an ipv6forum initiative)
• pay special attention to routers
IPV6 ADDRESSING
• global unicast
• link local
• unique local
• anycast, multicast, reserved and special
DNS SETTINGS DELIVERY
• llmnr
• stateless dhcp6 vs dns-ra
• watch for windows non-compliance to rfc6106
• naming is now more important than with ipv4, due to human difficulty manually handling ipv6 addresses
LEGACY DEVICES
• identify which devices wont be able to talk ipv4
• identify which devices wont be able to talk ipv6
• make choices based on the need for devices which wont operate with dual ip stack
TRANSITION PROTOCOLS (1)
• there a lot of transitional protocols, including some drafts
• be careful about equipment support
• avoid transitional protocols when possible, due to security concerns (possible firewall traversal and datagram data obfuscation)
• isps may offer dual stack connectivity or transparent tunneling
TRANSITION PROTOCOLS (2)
• recommended transitional protocols:
• initial transition: 6to4 (auto), teredo (auto, ipv4 nat support)
• intrasite, initial transition: isatap
• final transition: 4in6 (manual, rfc2473)
• other tunnels: 6in4 (manual, broker based), 6over4 (requires ipv4 multicast, hard to comply), nat64 (translation protocol)
SECURITY CONCERNS
• rogue routers
• rogue dhcp servers
• sniffing
• spoofing
• tunneling obfuscation
FINAL SUGGESTIONS
• carefully choose isp offering
• define network-level addressing plan and enforce requirements
• have a clear plan for naming and dhcp
• consider deprecating ipv4-only devices
• prefer dual-stack devices
REFERENCESUnique Local Addresshttp://en.wikipedia.org/wiki/Unique_local_address
Unique Local Unicast Addresseshttp://tools.ietf.org/html/rfc4193
Deprecating Site Local Addresseshttp://tools.ietf.org/rfc/rfc3879.txt
IPv6 Support in Home Routershttp://msdn.microsoft.com/en-us/library/windows/hardware/gg463251.aspx
Prefix delegationhttp://en.wikipedia.org/wiki/Prefix_delegation
Requirements for IPv6 Prefix Delegationhttp://tools.ietf.org/html/rfc3769
IPv6 Prefix Options for DHCP version 6http://www.ietf.org/rfc/rfc3633.txt
IP Version 6 Addressing Architecturehttp://tools.ietf.org/html/rfc4291
Internet powers flip the IPv6 switch (FAQ)http://news.cnet.com/8301-1001_3-57445316-92/internet-powers-flip-the-ipv6-switch-faq/
IPv6-capable devices: Make sure they are readyhttp://www.techrepublic.com/blog/networking/ipv6-capable-devices-make-sure-they-are-ready/2522
IPv6 Ready Logo Programhttps://www.ipv6ready.org
IPv6: When do you really need to switch?http://www.zdnet.com/blog/networking/ipv6-when-do-you-really-need-to-switch/2444
Portal IPv6 NIC.brhttp://ipv6.br
IPv6http://en.wikipedia.org/wiki/IPv6
IPv6 transition mechanismshttp://en.wikipedia.org/wiki/IPv6_transition_mechanisms
Comparison of IPv6 support in operating systemshttp://en.wikipedia.org/wiki/Comparison_of_IPv6_support_in_operating_systems
Internet Protocol Version 6 Address Spacehttp://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml
Router Advertisement (radvd) configurationhttp://wiki.openwrt.org/doc/uci/radvd
Does Win7 or W2K8 server support RFC 6106?http://social.technet.microsoft.com/Forums/en-US/ipv6/thread/5757980a-5983-4efc-a5f3-27687b90fe41/
Delivering DNS via IPv6 Routerhttp://www.itdojo.com/2011/05/02/delivering-dns-via-ipv6-router-advertisements/