connectivity colocation cloud services why you can’t ignore ipv6 presented by kirk coviello vp...
TRANSCRIPT
Connectivity Colocation Cloud Services
Why You Can’t Ignore IPv6
Presented by Kirk CovielloVP of Support Services,
Digital West Networks, Inc.
Connectivity Colocation Cloud Services
Agenda
• What is IPv6 and how does it differ from IPv4?
• Why do I need to deal with IPv6 now?• What should I do about IPv6?• How should I go about deploying IPv6?
Connectivity Colocation Cloud Services
What is IPv6?How does it differ from IPv4?
Connectivity Colocation Cloud Services
What is IPv6?
• New numbering scheme for the Internet• Think of the phone book:
www.yahoo.com = 98.139.127.62 • Now, imagine an Area Code Split…
Connectivity Colocation Cloud Services
How does IPv6 differ from IPv4?
• IPv4 Address Range – a 32-bit length divided into 4 “octets”:
0.0.0.0 -> 255.255.255.255
• Sample IPv4 Address:
72.29.161.199
Connectivity Colocation Cloud Services
How does IPv6 differ from IPv4?
• IPv6 Address Range – 128-bit length divided into 8 hexadecimal groups
• Sample IPv6 Address:
2001:48C0:1001:0009:0000:0000:00ac:58ce
2001:48C0:1001:0009:0:0:00ac:58ce
2001:48C0:1001:0009::00ac:58ce
Connectivity Colocation Cloud Services
How does IPv6 differ from IPv4?
• Total “available”* IPv4 addresses:
4,294,967,296
• Total “available” IPv6 addresses:
340,282,366,920,938,463,463,374,607,431,768,211,456 – 340 “undecillion”!!!
(*- not all of these are “usable”)
Connectivity Colocation Cloud Services
IPv6: Bigger, Better, Leaner, Faster
• More address space!• Built with future features in mind (Multicast
and QOS)• Smaller routing tables• Smaller header• Elimination of Network Address
Translation
Connectivity Colocation Cloud Services
A Brief Primer on NAT:
Connectivity Colocation Cloud Services
A Long Time Ago in a Laboratory Far, Far Away…
• IP was originally meant for sharing data, not protecting it
• The Internet was a “closed open” network• IPv6 was in development before NAT• NAT will be unnecessary in the long term
Connectivity Colocation Cloud Services
Why do I need to deal with IPv6 now?
Connectivity Colocation Cloud Services
IPv6 Has Real Benefits
• Quality of Service (QOS) is better• Simplified header = faster processing• Scalability (larger # of addresses)• Simpler to subnet (consistent /64 parcels)• IPv6 is already here…
Connectivity Colocation Cloud Services
You’re soaking in it already!
Connectivity Colocation Cloud Services
Can’t Sleep, Hackers Will Eat Me…
Advertising IPv6 via Toredo
Advertising IPv6 via Toredo
RDP? All right, sure...
Remote Desktop Protocol Connection
Connectivity Colocation Cloud Services
IPv6, Your Firewall, and You:
• IPv6 includes auto-discovery protocol• IPv6 can tunnel over IPv4• IPv6-aware routers will pass this traffic -
unless prevented• Documented cases exist of IPv6
“conversations” entering networks via the Internet based on Toredo and other tunneling protocols
Connectivity Colocation Cloud Services
What should I do about IPv6?
Connectivity Colocation Cloud Services
Please Don’t Do This:
Connectivity Colocation Cloud Services
Other Options?
• Turn OFF IPv6 everywhere?
No.• Turn ON IPv6 everywhere?
No.• Run out and apply for IPv6 space?• Change to an ISP that offers IPv6?
Maybe…
Connectivity Colocation Cloud Services
Network Administrators: Get RILED About IPv6!
• Review – IPv6 Technology• Investigate – Your network topology• Learn – Wireshark or other tools• Evaluate – Your security policies and
options for internal and external IPv6• Deploy – IPv6 where it makes sense
Connectivity Colocation Cloud Services
How should I go about deploying IPv6?
Connectivity Colocation Cloud Services
Divide and Conquer…
• External resources need IPv6 first• Internal resources WILL need it eventually• Start querying your software vendors
NOW about IPv6
Connectivity Colocation Cloud Services
Dual-Stack for Your Convenience:
• Concurrent IPv4 and IPv6 inevitable• Multiple IPv6 transition mechanisms:
(Teredo, ISATAP, 6to4, 6in4, 6over4, etc.)• DNS Records at Digital West started
advertising IPv6 over a year ago
Connectivity Colocation Cloud Services
PPPPPPP…
• Plan to adopt now so that you’re not forced to later
• Check with your ISP to see what they are doing with IPv6
• Check with your hardware vendors:– Routers (SOHO devices not IPv6-aware)– VoIP PBX/Phones– Print Servers
Connectivity Colocation Cloud Services
Why You Don’t Want IPv4 Forever
• Sites and applications with native IPv6 may not behave well with NAT
• Future Internet resources will have IPv6-only
• Connectivity issues due to double or triple NAT (latency/troubleshooting)
Connectivity Colocation Cloud Services
Double NAT = Double Jeopardy
c:\>tracert linode.com -d
Tracing route to linode.com [67.18.186.61] over a maximum of 30 hops:
1 <1 ms * <1 ms 10.43.51.252
2 1 ms <1 ms <1 ms 10.45.253.33
3 <1 ms <1 ms <1 ms 10.62.254.251
4 20 ms 23 ms 45 ms 192.118.32.52
5 47 ms 20 ms 85 ms 207.232.60.250
6 54 ms 24 ms 79 ms 212.143.8.69
7 7 ms 79 ms 11 ms 212.143.8.209
8 89 ms 110 ms 108 ms 212.143.12.75
9 143 ms 240 ms 94 ms 212.143.14.154
10 244 ms 179 ms 95 ms 10.50.1.1 <- Private IP address on the Internet 11 176 ms 80 ms 190 ms 195.66.225.105
12 174 ms 164 ms 157 ms 70.87.255.217
13 187 ms 185 ms 186 ms 70.87.253.189
14 189 ms 194 ms 195 ms 70.87.253.18
15 187 ms 188 ms 190 ms 70.87.253.126
16 187 ms 185 ms 185 ms 70.87.254.78
17 186 ms 184 ms 187 ms 67.18.186.61
Trace complete.
Connectivity Colocation Cloud Services
Digital West - What We Learned
• Plan ahead• Review vendor bug submissions• Document needed steps for
activation/deactivation of everything in test environment
• Test after hours!• Test more with end users – after hours!
Connectivity Colocation Cloud Services
Vigilance Required
• Once IPv6 is deployed, don’t ignore IPv4• Leaving IPv4 in place eternally widens
your footprint
• Take the next step – talk to your IT Department or IT Consulting firm – questions are in your packet!
Connectivity Colocation Cloud Services
Know That You Are Not the First:
Connectivity Colocation Cloud Services
Questions?