IPV6an introduction to transition planning

Eduardo Coelhohttp://coelho.pro.br

TOPICS (1)

• why you have to plan before the deployment

• the framework

• whats wrong with ipv4?

• dual stack deployment strategy

• router advertisements and the plug-and-play philosophy

• choosing the equipments

TOPICS (2)

• IPv6 addressing

• DNS settings delivery issues

• legacy devices

• transition protocols

• security concerns

• final suggestions

WHY YOU HAVE TO PLAN BEFORE THE DEPLOYMENT

• accept planning as part of IT culture as it should always have been (ps: if you`re already there, great!)

• your planning can act as a decision-making tool

• including be ready to defend investment choices

• documenting helps delegate and check compliance

• feel you are on top of the changing environment

THE FRAMEWORK

• a simple framework for the changes

• get to know (conheça)

• plan (planeje)

• test (teste)

• implement (implemente)

WHAT’S WRONG WITH IPV4

• lack of enough host addresses

• NAT issues and lack of end-to-end connectivity

• note: you should pay attention to the opportunities that comes with ipv6 deploy

DUAL STACK DEPLOYMENT PHILOSOPHY

• ipv4 is not compatible with ipv6

• the deployment of ipv6 is meant to be made world-wide in parallel to already functioning ipv4 networks

• while the traffic on internet and intranets shift to v6, transition protocols will help most equipment to remain connected

THE PLUG-AND-PLAY PHILOSOPHY

• plug-and-play as a principle

• that makes ipv6 more plug-and-play

• reduced router processing

• better connectivity auto-healing

• mobility is supported

• multicast gains momentum

CHOOSING THE EQUIPMENTS

• be ready to update and test all your equipment

• when buying new equipment, consider the updating capabilities and the manufacturer update policies

• watch for JITC (Defense Information Systems Agency/Joint Interoperability Test Command) compatibility

• watch for ipv6ready compatibility (an ipv6forum initiative)

• pay special attention to routers

IPV6 ADDRESSING

• global unicast

• link local

• unique local

• anycast, multicast, reserved and special

DNS SETTINGS DELIVERY

• llmnr

• stateless dhcp6 vs dns-ra

• watch for windows non-compliance to rfc6106

• naming is now more important than with ipv4, due to human difficulty manually handling ipv6 addresses

LEGACY DEVICES

• identify which devices wont be able to talk ipv4

• identify which devices wont be able to talk ipv6

• make choices based on the need for devices which wont operate with dual ip stack

TRANSITION PROTOCOLS (1)

• there a lot of transitional protocols, including some drafts

• be careful about equipment support

• avoid transitional protocols when possible, due to security concerns (possible firewall traversal and datagram data obfuscation)

• isps may offer dual stack connectivity or transparent tunneling

TRANSITION PROTOCOLS (2)

• recommended transitional protocols:

• initial transition: 6to4 (auto), teredo (auto, ipv4 nat support)

• intrasite, initial transition: isatap

• final transition: 4in6 (manual, rfc2473)

• other tunnels: 6in4 (manual, broker based), 6over4 (requires ipv4 multicast, hard to comply), nat64 (translation protocol)

SECURITY CONCERNS

• rogue routers

• rogue dhcp servers

• sniffing

• spoofing

• tunneling obfuscation

FINAL SUGGESTIONS

• carefully choose isp offering

• define network-level addressing plan and enforce requirements

• have a clear plan for naming and dhcp

• consider deprecating ipv4-only devices

• prefer dual-stack devices

REFERENCESUnique Local Addresshttp://en.wikipedia.org/wiki/Unique_local_address

Unique Local Unicast Addresseshttp://tools.ietf.org/html/rfc4193

Deprecating Site Local Addresseshttp://tools.ietf.org/rfc/rfc3879.txt

IPv6 Support in Home Routershttp://msdn.microsoft.com/en-us/library/windows/hardware/gg463251.aspx

Prefix delegationhttp://en.wikipedia.org/wiki/Prefix_delegation

Requirements for IPv6 Prefix Delegationhttp://tools.ietf.org/html/rfc3769

IPv6 Prefix Options for DHCP version 6http://www.ietf.org/rfc/rfc3633.txt

IP Version 6 Addressing Architecturehttp://tools.ietf.org/html/rfc4291

Internet powers flip the IPv6 switch (FAQ)http://news.cnet.com/8301-1001_3-57445316-92/internet-powers-flip-the-ipv6-switch-faq/

IPv6-capable devices: Make sure they are readyhttp://www.techrepublic.com/blog/networking/ipv6-capable-devices-make-sure-they-are-ready/2522

IPv6 Ready Logo Programhttps://www.ipv6ready.org

IPv6: When do you really need to switch?http://www.zdnet.com/blog/networking/ipv6-when-do-you-really-need-to-switch/2444

Portal IPv6 NIC.brhttp://ipv6.br

IPv6http://en.wikipedia.org/wiki/IPv6

IPv6 transition mechanismshttp://en.wikipedia.org/wiki/IPv6_transition_mechanisms

Comparison of IPv6 support in operating systemshttp://en.wikipedia.org/wiki/Comparison_of_IPv6_support_in_operating_systems

Internet Protocol Version 6 Address Spacehttp://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml

Router Advertisement (radvd) configurationhttp://wiki.openwrt.org/doc/uci/radvd

Does Win7 or W2K8 server support RFC 6106?http://social.technet.microsoft.com/Forums/en-US/ipv6/thread/5757980a-5983-4efc-a5f3-27687b90fe41/

Delivering DNS via IPv6 Routerhttp://www.itdojo.com/2011/05/02/delivering-dns-via-ipv6-router-advertisements/