AdilsonAparecidoFloren/noNetworkSpecialist

Who am I???

•  Technologist inDataProcessingbyMackenzieUniversityandSpecialist inComputerNetworksbyFASP-FaculdadesAssociadasdeSãoPaulo.

•  CiscoCCSI Instructor,4XCCNA(Rou/ng&Switching,Security,Wireless&Voice),CCDACCAICCNPsince1999atSENACSãoPaulo.

•  University Professor in several Teaching Ins/tu/ons such as FATEC, IFSP,UNICID,FIAPandIBTA.

•  AuthorofIPv6inPrac/cebook-firstbookinPortugueseonthesubject.•  Independent consultant ac/ng in several companies in Network Projectsand training. Instructor of the NIC.br (autonomous) in the BCOP course(Good Opera/onal Prac/ces) configuring BGP in Cisco, Juniper andMikro/krouters.

Adilson Aparecido Florentino Especialista em Redes de Computadores

Agenda

•  Introduc/ontothenewinternetprotocol• ReasonsforIPv4AddressShortage•  Transi/onTechniquesforStack-DualDeployment(IPv4+IPv6)

• UseofCG-NAT-BenefitsandDisadvantages•  IPv6NetworkingandIPv6Rou/ngServices• CurrentscenariooftheuseofIPv6inBrazil

A Brief Introduction to IPv6

2001:0DB8:FACA:B01A:0007:CC1E:0000:0001/64

Amonsterof128heads???

Introduction to the new internet protocol

• ParadigmShid-PrefixesandnomoreAddresses• ManagementofAbundanceXManagementofMisery• ANewProtocolontheInternet-ButNotSoMuch!•  IPv4versusIPv6-Transi/onUn/lwhen???• Opportuni/esandChallenges

•  NeedIPv6Experts•  Bethefirst,thebestorthelargestinIPv6•  Theworldiss/llbasicallyIPv4-toomuchworkahead

New Header - New Implementations

IPv4 IPv6

Most Relevant Changes

• Gigan/cNumberofAddresses:2^128-Morethan340undecons•  ExtensionHeaders:allownewfeaturestobeenteredwithoutchangingthebasicheader

•  Supportforpacketsupto4Gbinsize•  ICMPv6-Protocoltakesoverfunc/onsoftheARP,RARPandIGMPprotocols(inaddi/ontoallfunc/onsalreadysupportedinIPv4)

•  IPv6security-na/vesupportforIPSec-NewBestPrac/cesneedtobeCreated

A Brief Introduction to IPv6

What prefixes to use ... •  HomeUser:from/56to/64•  SimpleApplica/ons:atleastone/64• Companies:/48• PointtoPointLink:/126•  Loopback:/128

InManagementofMisery:DeliverasingleAddress/128-anddynamic-todotorendermore!!!

IPv4 is over! And now ???

Reasons for IPv4 Address Shortage

•  IPv4wasanExperimentalProjectthatGaveItRight!•  IPv6wasthedefini/veversionthatun/ltodaycompaniespushwiththebellyitsadop/on

• WiththecommercialuseoftheInternetfromthesecondhalfofthe90's,IPbegantobelacking

•  Inthe/meofthe"FatCows"theBlocksIPswereverypoorlydistributed

•  TechniquestoextendIPv4Lifespan(mainlyNAT)gavethefalsesensethat"Ipswouldneverend!!!"

IPv4 is over! And now ???

•  "IPocalipse"hasbeenoccurringatvariouslevelsovertheyears:•  IANA-RegionalOffices-AutonomousSystems

• Phase3atLACNIC-OnlynewASNscanrequestnewBlocks•  Restric/vePoli/cs-Itisthefaultofthosewhodidnotvote!

•  TheInternets/lldoesnotknowtowalkonlywithIPv6•  TheEggandChickenDilemma

•  Twopathstofollow:•  blessingorcurse?Heavenorhell?IPv6orCG-NAT?

IPv4 is over! And now ???

•  IPv4andIPv6werenotdesignedto"talk"toeachother•  3Op/onstoestablishthedialog:

•  Dual-Stack•  Tunneling•  Transla/on(NAT-PT)

• Wheneverpossible,implemen/ngDual-Stackisthebestop/on

IPv4 is over! And now ???

•  IsitworthaNATinthehandofwhatflyingIPv6???•  You'llhavetouseNAT,yes!ButifyoudonotimplementIPv6inparallel,thiswillneverend!

•  IfaNATbothersalotofpeople,NAT444bothers,bothers,bothersmuchmore!

•  IPv6wills/llhavetowalkalongsideIPv4forquiteawhile• HTML5canstoptherampantconsump/onofportsandasurvivaltotheNAT

• OldIPv4BlocksAreBeingRecoveredandReused•  Bewareofsecond-handIPs!

There are already people wanting to earn money with IP !!! •  TheIPv4andIPv6BlocksaregrantedinBrazilbyNIC.brandcompaniesmustjus/fyviaFormtheirneed.

•  Iftheynolongerneedthem,theymustreturntheblocks.

•  Itisproventotransferor"sell"thedirectuseintheLACNICregion

•  InotherregionsCommerceisallowed,somecompaniesarealreadyspecializingin"ren/ngblocks"atpriceswellabovethoseprac/cedbyIANAanditsregionaloffices

Use of CG-NAT

100.64.0.0/10

10.0.0.0/8172.16.0.0/12192.168.0.0/16

10.0.0.0/8172.16.0.0/12192.168.0.0/16

CG-NAT - Mapping Example IPPÚBLICO IPPrivado(/27) FaixadePortas

166.237.148.1 100.64.0.0 0 2047166.237.148.1 100.64.0.1 2048 4095166.237.148.1 100.64.0.2 4096 6143166.237.148.1 100.64.0.3 6144 8191166.237.148.1 100.64.0.4 8192 10239166.237.148.1 100.64.0.5 10240 12287166.237.148.1 100.64.0.6 12288 14335166.237.148.1 100.64.0.7 14336 16383166.237.148.1 100.64.0.8 16384 18431166.237.148.1 100.64.0.9 18432 20479166.237.148.1 100.64.0.10 20480 22527166.237.148.1 100.64.0.11 22528 24575166.237.148.1 100.64.0.12 24576 26623166.237.148.1 100.64.0.13 26624 28671166.237.148.1 100.64.0.14 28672 30719166.237.148.1 100.64.0.15 30720 32767166.237.148.1 100.64.0.16 32768 34815166.237.148.1 100.64.0.17 34816 36863166.237.148.1 100.64.0.18 36864 38911166.237.148.1 100.64.0.19 38912 40959166.237.148.1 100.64.0.20 40960 43007166.237.148.1 100.64.0.21 43008 45055166.237.148.1 100.64.0.22 45056 47103166.237.148.1 100.64.0.23 47104 49151166.237.148.1 100.64.0.24 49152 51199166.237.148.1 100.64.0.25 51200 53247166.237.148.1 100.64.0.26 53248 55295166.237.148.1 100.64.0.27 55296 57343166.237.148.1 100.64.0.28 57344 59391166.237.148.1 100.64.0.29 59392 61439166.237.148.1 100.64.0.30 61440 63487166.237.148.1 100.64.0.31 63488 65535

1validIP=32userswith2048portseach. One/24wouldserve

8,192customers

CG-NAT - Important define:

• HowmanyPrivateIPswillbemappedtoeachPublicIP???• HowmanyportswillbemappedtoeachPrivateIP???

•  Itdependsalotontheneed!!!

CG-NAT - Usage Examples

• HotSpot-Restaurant(Target:cellphones)•  1IPValid-260userswith250portseach->65000ports

•  Event-Mee/ngProviders(Target:Cellphones,TabletsandNotebooks)

•  11validIPs:1440userswith500ports

• Residen/alClient(deliveringv6alongwithclient)•  (Target:Cellphones,Tablet,Notebooks,etc.)•  1validIP=32userswith2048portseach

CG-NAT - Important Notes

• CG-NATcanincreaseCPUconsump/on• AllowPrivateEnd100.64.0.0inDNSifyouuseaPrivateServer(ifyouuseGoogle,youdonothaveto!)

• RulesforTCPand/orUDP?TCP,inmostcases• Crea/ngrulesforthetwodoublesthenumberofrules• CreateaScalableCG-NAT-makeitavailableatleasttwiceasmuchasyoucurrentlyneed.

• PreserveLoadBalancing-separateIPsthataresamplesofthedifferentadver/sedblocks

Guard of Records: Important Notes

•  TheCivilRegistryonlyregulatesiden/fica/onoftheorigina/ngportforASNs.•  TheCivilRegistryonlyregulatesiden/fica/onoftheorigina/ngport

•  Andwhoisnot?

Anatelcouldalsorequire...•  HowlongtosavetheLog?•  6months-sugges/onoftheCivilFramework•  HowlongtosavetheLog?•  6months-sugges/onoftheCivilFramework•  3to5years-sugges/onofNIC.br•  3to5years-sugges/onofNIC.br

• ManyoldCPEsinstalled

•  TheOmbudsmanodendoesnothaveremotemanagementofthe•  Somena/onalmanufacturershavenotyetembracedtheIPv6cause

Services Services

someyears

•  HTTP,FTP,DNS,POP3,SMTP,etc.•  HTTP,FTP,DNS,POP3,SMTP,etc.• HaveaTes/ngEnvironment-DonotMakeYourCustomersGuineaPigs!

• GNS3,Unetlab-EVE,PacketTracer-EVE,PacketTracer• WhenIhavetheServiceimplementedinv4andv6,whoanswers• WhenIhavetheServiceimplementedinv4andv6,whoanswersfirst?first?

• DependsonImplementa/on• DependsonImplementa/on

IPv6 Routing onIPv6

• All• All modernrou/ngprotocolssupportIPv6•  OSPFv3,Mul/-Protocol

BGP,RIPng,etc.• Work Stackon -Dual-Rou/ngStack-Dual-Rou/ngv4+v6=NetworkNote10•  DoubleWork Management,:Two

Networks,TwoManagement,TwoTroubleshoots•  Getextraauen/on!support• Doesyour youroutersupportIPv6?Whatdo

youmeanbySupport?•  CapabilityEquivalence:IPv4xIPv6• 

WhatPrefixesAreAnnouncedinIPv4andIPv6?/20-/24or/32-/48• 

Examples of IPv4 and IPv6 Disaggregation Examples of IPv4 and IPv6 InIPv4:1/20InIPv4:

1/202/214/228/2316/2431Prefixes

/20From

InIPv6:InIPv6:

1/322/334/34

65536/48Over130,000possiblepossiblePrefixesFrom/32to

Current scenario of the use of IPv6 in Current scenario of the use of IPv6 in Brazil

•  FromthepointofviewoftheOperatorsandInternetProviders:•  FromthepointofviewoftheOperatorsandInternetProviders:

ThankThank you

AdilsonAparecidoFloren/no

551148714149

5511972765401

hup://www.eamsod.com.brhup://www.nevindersbrasil.com.br

hup://www.eamsod.com.br