IPv6

December 2011

2 IPv6

agenda

drivers

challenges

recommendations

services

section 1 enterprise drivers

4 IPv6

external drivers

IPv4 @ depletion

governmental push

mix of connectivity

5 IPv6

IPv4 @ depletion

IP@ continuous demand

– e.g.: Asian countries– 57% world population – 24% Internet penetration rate,

(+100 M users/y)

Internet registries policy (APNIC/RIPE/ARIN etc.)

– preserve latest IPv4 resources– drastically change in allocation policy– difficult to get public IPv4 addresses

IPv6 natural choice for Internet growth

– 3.4x1038 IP addresses – or 5x1028 IP@ for each of the 6.5

billions of people

IPv4@ is depleted at worldwide level (IANA) first RIR depletion (Asia-APNIC): May 2011

6 IPv6

source: Geoff Huston, APNIC

likelih

ood

of

exhaust

ion

IANA APNIC RIPENCC ARIN LACNIC AFRINIC

100

90

80

70

60

50

40

30

20

10

0

Jan 2011 Jul 2011 Jan 2012 Jul 2012 Jan 2013 Jul 2013 Jan 2014 Jul 2014 Jan 2015 Jul 2015

close date

IPv4 @ forecasts

7 IPv6

governmental pushcompetitiveness and economical development USA

– federal agencies will move their public Web services to IPv6 by September 2012– request to support IPv6 internally and application IPv6 compatible– request to their partners to support IPv6 to exchange

China

– Chinese incumbent IPv6 commercial trials launch in 2012; plan to retire IPv4 by 2015

– partners asking for IPv6 compatibility– China Next Generation Internet (CNGI)

India

– Department of Telecommunications IPv6 conformance request for service provider

– call for 2012 deadline on IPv6 deployment Japan

– provider with strong IPv6 position– DSL service/video service– services starting to be cheaper with IPv6

in specific areas Europe

– action plan to push IPv6 adoption (May 2008)

8 IPv6

mix of connectivity IPv6 is developing and ISP introduces translation mechanism as well to

rationalize remaining IPv4 addresses; on residential side, one public IPv4 address will be shared among several customers

enterprises should expect their customers, partners, suppliers and remote employees to have a mix of connectivity

cnx. heterogeneity IPv4 IPv6

IPv4 only

IPv4 shared

IPv6 + IPv4 shared

IPv4 + IPv6 (dual stack)

IPv6

better served via end-to-end IPv6 connectivity

used by ISP to rationalize latest IPv4@

NAT limitations issue

applications could work poorly or even not at all when one side uses a shared IPv4 address

customers/partners/suppliers may request IPv6 connectivity

need to develop IPv6 Internet presence

six internal drivers

10 IPv6

public addresses

context: difficult to get new IPv4 @ block

need additional public addresses for new projects or extensions

– shared IPv4 @ solution has caveats (performance, application, security)

– enterprises using provider-independent (PI) addresses– IP @ reallocation

– decrease scalability– short term heavy investment

– enterprises using provider-aggregated (PA) addresses– provider will reach its limits for providing IPv4 @ (2012-

2015?) e.g.: customer needs additional public IP @ in 220 sites for

partners (simpler than NAT, which would induce complexity and potential partner application restrictions)

security

IPv6 is on by default in major OS

– Microsoft does not recommend disabling IPv6

security concern

– IPv6 can be a backdoor on a secured IPv4 network

e.g.: Teredo (tunneling IPv6 over UDP)

– internal users want to get P2P over IPv6

– firewall just sees IPv4 UDP traffic – firewall control can be bypassed– unauthorized traffic can be

received– inbound is allowed: hackers can

penetrate remote users/devices can be dual

stack; does IPv4 IPSec VPN prevent inbound IPv6?

IPv6 control and protection will pass through its visibility and therefore integration

11 IPv6

12 IPv6

VPN environment

IPv6 can solve private architecture issues

– addressing plan not always optimum– eliminate private addressing

overlap between subsidiaries– private addressing (RFC 1918)

becomes insufficient – facilitate network merge – renumbering and reallocation can be

heavy tasks– invest in long-term solution

clean and easy network management

– eliminates NAT issues and corresponding operational complexity

– enables network simplification for large companies

– provides unique host addressing

13 IPv6

assessment and growth expertise

IPv6 is unavoidable

IPv6 planning/activation may require a lot of time

growth expertise reduces costs of integration

– evaluate the use of IPv6 configurations and coexistence with IPv4

– evaluate network and application-related performance

– understand the impact on operations and support in production environment

e.g.: test and evaluate IPv6, to prepare for network consolidation

– reduce costs of supporting two diverse networks

– consolidation of technology, applications and vendors

– reduction/elimination of duplicate or redundant tools, processes

– offer additional services to support internal clients

14 IPv6

machine-to-machine

IPv6 is the cornerstone of the “Internet of things”

– an (almost) unlimited addressing capacity

– advanced self-configuration capabilities

– IP is ubiquitous and scalable

– IPv6 is lightweight

– IPv6-enabled sensor technology is already available

– new services: more proactive, closer to the customer and aware of situation

15 IPv6

new project or extension

OS with IPv6 and no IPv6 security

addressing not optimal (overlap, limitation)

network merge and simplification

addressing capacity, self-configuration capabilities

new services

internal mandatetechnical leadership

IPv6 planning and activation may require time

reduce costs of integration

internal driverssummary

IP@ need

expertise

readiness security

M2M VPN issue

IPv6

16 IPv6

risks and implications if enterprises don't adequately address IPv6 now

remote users won’t be able to connect to the IPv4 corporate network

– when on an IPv6 or IPv4 shared Internet service provider: IPSec will not be supported on provider NAT

missed business opportunities if your product does not support IPv6

IPv6-enabled devices (tablets, PCs, smartphones) connecting to the corporate network could create security concerns

inability to convey product information or accept orders from customers on Internet IPv6 (e-commerce, Website, extranet)

– service provider potential translation only covers http, not secured or specific B2B protocol

if your partners/suppliers/customers migrate to IPv6, will you still be able to communicate or be authorized to continue working with them? (e.g., the U.S. federal agencies)

section 2 customer challenges

18 IPv6

is it IPv6 time for enterprises?

maintain business continuity and growth during the evolution

assess IPv6 business impacts and opportunities

safeguard information security

ensure application and network readiness

need to be prepared and have a mitigation plan

time to define an IPv6 plan

wwwmy site

v6 only

v4 only

IPv4 sold out

IPv6 available

X

OS IPv6

19 IPv6

IPv6 integration challenge areas

IPv6 integration challenges vary from one organization to another

– size, IT infrastructure, in-house software, various present technologies, policies, processes, future needs, etc.

involve cross-functional ICT staffs

securitymaintenanceprocurementapplication developmentprocess

interface, chassis

operating systemsnetwork monitoringmanagement

applications incl. in-house software

servers firewall

shared infrastructureservices

IP devices

software

hardware

assessment

assessments andplanning

trainingupgrade and configuration

testingIPv4/IPv6 coexistence mgt.resource

section 3 our recommendations

21 IPv6

Orange recommendations

define IPv6 plan

start integrating IPv6

– smooth and progressive approach

– based on defined integration objectives

– part of your infrastructure lifecycle

no risk to integrate IPv6

– IPv4 and IPv6 coexist one-off migration of the whole

infrastructure to IPv6 is often not realistic

– technical and financial challenges

22 IPv6

define IPv6 integration objectives

value of integration

– ensure security– develop Internet IPv6-facing

presence (commercial or leadership)

project goal

– enhanced security with IPv6 support

– make Website accessible from Internet IPv6

project scope

– geographically, site types, services, elements

time dependencies

– internal: e.g., other infrastructure projects

– external: e.g., product readinessbuild a project team

23 IPv6

IPv6 consultinggo for a smooth and tailored transition

Orange Business Services can help you build your IPv6 strategy

IPv6 readiness assessment

– understand the current situation (incl. applications)

– define the level of effort to move to IPv6 (resources, HW, SW, etc.)

– list the business advantages

– build a vision on the way to go (technical challenges and architecture)

– identify security risks and how to mitigate them

– estimate project costs go phase

– identify project team

– implement and manage project

section 4 our IPv6 strategy and network offer

Orange Business Services IPv6 strategy

deployed IPv6 in our IP VPN and Internet services (April 2009)

anticipate IPv4 @ depletion

support and create innovative services

leader in machine-to-machine

share IPv6 opportunities and challenges with customers

promote wider deployment and use of IPv6

stimulate the global innovation environment

25 IPv6

26 IPv6

IPv6 option with Orange VPN

flexible and without additional equipment

– dual stack IPv4/IPv6 WAN interface for a smooth transition

– native IPv6 implemented in our backbone: any-to-any connectivity

– identical IPv4/IPv6 IPVPN service (same classes of service)

designed to facilitate the introduction of IPv6

– site-by-site subscription

– existing IPv4 VPN remains unchanged

worldwide availability: 130+ countries first global provider on the global

managed IP VPN market

27 IPv6

availability and next steps

availability

– Business VPN product – worldwide availability (+130

countries) – Internet in France– on Cisco Orange Business Services

managed routers– leased line, SDSL, Ethernet access

roadmap and next steps (2011-2012)

– Internet direct international (Q3 2011) – access types to ADSL– move towards full IPv6

industrialization and generalization

28 IPv6

leader in IPv6 expertisewith more than 15 years of IPv6 experience

1994: member of IETF workgroups

2002: deployment of a native IPv6 international commercial network “OpenTransitv6” (Asia, U.S., Europe)

2004: first managed IPv6 customer network

2008: Orange IPv6 program launch

2009: IPv6 IP VPN launch; first global provider on the global managed IP VPN market

2010: IPv6 consulting launch

please visit:www.ipv6.orange-business.com with IPv6 or IPv4 enterprise briefing

please download:highlights #5highlights #8IPv6 factsheet

thank you

Orange, the Orange mark and any other Orange product or service names referred to in this material are trade marks of Orange Personal Communications Services Limited. © Orange Personal Communications Services Limited.

France Telecom Group restricted.