Adressing IPv6 strategy
-
Upload
orange-business-services -
Category
Technology
-
view
1.632 -
download
1
description
Transcript of Adressing IPv6 strategy
IPv6
December 2011
2 IPv6
agenda
drivers
challenges
recommendations
services
section 1 enterprise drivers
4 IPv6
external drivers
IPv4 @ depletion
governmental push
mix of connectivity
5 IPv6
IPv4 @ depletion
IP@ continuous demand
– e.g.: Asian countries– 57% world population – 24% Internet penetration rate,
(+100 M users/y)
Internet registries policy (APNIC/RIPE/ARIN etc.)
– preserve latest IPv4 resources– drastically change in allocation policy– difficult to get public IPv4 addresses
IPv6 natural choice for Internet growth
– 3.4x1038 IP addresses – or 5x1028 IP@ for each of the 6.5
billions of people
IPv4@ is depleted at worldwide level (IANA) first RIR depletion (Asia-APNIC): May 2011
6 IPv6
source: Geoff Huston, APNIC
likelih
ood
of
exhaust
ion
IANA APNIC RIPENCC ARIN LACNIC AFRINIC
100
90
80
70
60
50
40
30
20
10
0
Jan 2011 Jul 2011 Jan 2012 Jul 2012 Jan 2013 Jul 2013 Jan 2014 Jul 2014 Jan 2015 Jul 2015
close date
IPv4 @ forecasts
7 IPv6
governmental pushcompetitiveness and economical development USA
– federal agencies will move their public Web services to IPv6 by September 2012– request to support IPv6 internally and application IPv6 compatible– request to their partners to support IPv6 to exchange
China
– Chinese incumbent IPv6 commercial trials launch in 2012; plan to retire IPv4 by 2015
– partners asking for IPv6 compatibility– China Next Generation Internet (CNGI)
India
– Department of Telecommunications IPv6 conformance request for service provider
– call for 2012 deadline on IPv6 deployment Japan
– provider with strong IPv6 position– DSL service/video service– services starting to be cheaper with IPv6
in specific areas Europe
– action plan to push IPv6 adoption (May 2008)
8 IPv6
mix of connectivity IPv6 is developing and ISP introduces translation mechanism as well to
rationalize remaining IPv4 addresses; on residential side, one public IPv4 address will be shared among several customers
enterprises should expect their customers, partners, suppliers and remote employees to have a mix of connectivity
cnx. heterogeneity IPv4 IPv6
IPv4 only
IPv4 shared
IPv6 + IPv4 shared
IPv4 + IPv6 (dual stack)
IPv6
better served via end-to-end IPv6 connectivity
used by ISP to rationalize latest IPv4@
NAT limitations issue
applications could work poorly or even not at all when one side uses a shared IPv4 address
customers/partners/suppliers may request IPv6 connectivity
need to develop IPv6 Internet presence
six internal drivers
10 IPv6
public addresses
context: difficult to get new IPv4 @ block
need additional public addresses for new projects or extensions
– shared IPv4 @ solution has caveats (performance, application, security)
– enterprises using provider-independent (PI) addresses– IP @ reallocation
– decrease scalability– short term heavy investment
– enterprises using provider-aggregated (PA) addresses– provider will reach its limits for providing IPv4 @ (2012-
2015?) e.g.: customer needs additional public IP @ in 220 sites for
partners (simpler than NAT, which would induce complexity and potential partner application restrictions)
security
IPv6 is on by default in major OS
– Microsoft does not recommend disabling IPv6
security concern
– IPv6 can be a backdoor on a secured IPv4 network
e.g.: Teredo (tunneling IPv6 over UDP)
– internal users want to get P2P over IPv6
– firewall just sees IPv4 UDP traffic – firewall control can be bypassed– unauthorized traffic can be
received– inbound is allowed: hackers can
penetrate remote users/devices can be dual
stack; does IPv4 IPSec VPN prevent inbound IPv6?
IPv6 control and protection will pass through its visibility and therefore integration
11 IPv6
12 IPv6
VPN environment
IPv6 can solve private architecture issues
– addressing plan not always optimum– eliminate private addressing
overlap between subsidiaries– private addressing (RFC 1918)
becomes insufficient – facilitate network merge – renumbering and reallocation can be
heavy tasks– invest in long-term solution
clean and easy network management
– eliminates NAT issues and corresponding operational complexity
– enables network simplification for large companies
– provides unique host addressing
13 IPv6
assessment and growth expertise
IPv6 is unavoidable
IPv6 planning/activation may require a lot of time
growth expertise reduces costs of integration
– evaluate the use of IPv6 configurations and coexistence with IPv4
– evaluate network and application-related performance
– understand the impact on operations and support in production environment
e.g.: test and evaluate IPv6, to prepare for network consolidation
– reduce costs of supporting two diverse networks
– consolidation of technology, applications and vendors
– reduction/elimination of duplicate or redundant tools, processes
– offer additional services to support internal clients
14 IPv6
machine-to-machine
IPv6 is the cornerstone of the “Internet of things”
– an (almost) unlimited addressing capacity
– advanced self-configuration capabilities
– IP is ubiquitous and scalable
– IPv6 is lightweight
– IPv6-enabled sensor technology is already available
– new services: more proactive, closer to the customer and aware of situation
15 IPv6
new project or extension
OS with IPv6 and no IPv6 security
addressing not optimal (overlap, limitation)
network merge and simplification
addressing capacity, self-configuration capabilities
new services
internal mandatetechnical leadership
IPv6 planning and activation may require time
reduce costs of integration
internal driverssummary
IP@ need
expertise
readiness security
M2M VPN issue
IPv6
16 IPv6
risks and implications if enterprises don't adequately address IPv6 now
remote users won’t be able to connect to the IPv4 corporate network
– when on an IPv6 or IPv4 shared Internet service provider: IPSec will not be supported on provider NAT
missed business opportunities if your product does not support IPv6
IPv6-enabled devices (tablets, PCs, smartphones) connecting to the corporate network could create security concerns
inability to convey product information or accept orders from customers on Internet IPv6 (e-commerce, Website, extranet)
– service provider potential translation only covers http, not secured or specific B2B protocol
if your partners/suppliers/customers migrate to IPv6, will you still be able to communicate or be authorized to continue working with them? (e.g., the U.S. federal agencies)
section 2 customer challenges
18 IPv6
is it IPv6 time for enterprises?
maintain business continuity and growth during the evolution
assess IPv6 business impacts and opportunities
safeguard information security
ensure application and network readiness
need to be prepared and have a mitigation plan
time to define an IPv6 plan
wwwmy site
v6 only
v4 only
IPv4 sold out
IPv6 available
X
OS IPv6
19 IPv6
IPv6 integration challenge areas
IPv6 integration challenges vary from one organization to another
– size, IT infrastructure, in-house software, various present technologies, policies, processes, future needs, etc.
involve cross-functional ICT staffs
securitymaintenanceprocurementapplication developmentprocess
interface, chassis
operating systemsnetwork monitoringmanagement
applications incl. in-house software
servers firewall
shared infrastructureservices
IP devices
software
hardware
assessment
assessments andplanning
trainingupgrade and configuration
testingIPv4/IPv6 coexistence mgt.resource
section 3 our recommendations
21 IPv6
Orange recommendations
define IPv6 plan
start integrating IPv6
– smooth and progressive approach
– based on defined integration objectives
– part of your infrastructure lifecycle
no risk to integrate IPv6
– IPv4 and IPv6 coexist one-off migration of the whole
infrastructure to IPv6 is often not realistic
– technical and financial challenges
22 IPv6
define IPv6 integration objectives
value of integration
– ensure security– develop Internet IPv6-facing
presence (commercial or leadership)
project goal
– enhanced security with IPv6 support
– make Website accessible from Internet IPv6
project scope
– geographically, site types, services, elements
time dependencies
– internal: e.g., other infrastructure projects
– external: e.g., product readinessbuild a project team
23 IPv6
IPv6 consultinggo for a smooth and tailored transition
Orange Business Services can help you build your IPv6 strategy
IPv6 readiness assessment
– understand the current situation (incl. applications)
– define the level of effort to move to IPv6 (resources, HW, SW, etc.)
– list the business advantages
– build a vision on the way to go (technical challenges and architecture)
– identify security risks and how to mitigate them
– estimate project costs go phase
– identify project team
– implement and manage project
section 4 our IPv6 strategy and network offer
Orange Business Services IPv6 strategy
deployed IPv6 in our IP VPN and Internet services (April 2009)
anticipate IPv4 @ depletion
support and create innovative services
leader in machine-to-machine
share IPv6 opportunities and challenges with customers
promote wider deployment and use of IPv6
stimulate the global innovation environment
25 IPv6
26 IPv6
IPv6 option with Orange VPN
flexible and without additional equipment
– dual stack IPv4/IPv6 WAN interface for a smooth transition
– native IPv6 implemented in our backbone: any-to-any connectivity
– identical IPv4/IPv6 IPVPN service (same classes of service)
designed to facilitate the introduction of IPv6
– site-by-site subscription
– existing IPv4 VPN remains unchanged
worldwide availability: 130+ countries first global provider on the global
managed IP VPN market
27 IPv6
availability and next steps
availability
– Business VPN product – worldwide availability (+130
countries) – Internet in France– on Cisco Orange Business Services
managed routers– leased line, SDSL, Ethernet access
roadmap and next steps (2011-2012)
– Internet direct international (Q3 2011) – access types to ADSL– move towards full IPv6
industrialization and generalization
28 IPv6
leader in IPv6 expertisewith more than 15 years of IPv6 experience
1994: member of IETF workgroups
2002: deployment of a native IPv6 international commercial network “OpenTransitv6” (Asia, U.S., Europe)
2004: first managed IPv6 customer network
2008: Orange IPv6 program launch
2009: IPv6 IP VPN launch; first global provider on the global managed IP VPN market
2010: IPv6 consulting launch
please visit:www.ipv6.orange-business.com with IPv6 or IPv4 enterprise briefing
please download:highlights #5highlights #8IPv6 factsheet
thank you
Orange, the Orange mark and any other Orange product or service names referred to in this material are trade marks of Orange Personal Communications Services Limited. © Orange Personal Communications Services Limited.
France Telecom Group restricted.