IPv6 and the Enterprise (Workshop) · Title: IPv6 and the Enterprise (Workshop) Author: Wilhelm...
Transcript of IPv6 and the Enterprise (Workshop) · Title: IPv6 and the Enterprise (Workshop) Author: Wilhelm...
IPv6 and the Enterprise
(Workshop)
Wilhelm Boeddinghausiubari GmbH
Benedikt StockebrandStepladder IT Training+Consulting GmbH
RIPE 75October 2017
Dubai, United Arab Emirates
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 1/18
About Us
• Trainers and Consultants
• 10+ years of IPv6 experience each
• Extensive experience with IPv6 deployments
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 2/18
Scope of this Talk
• Enterprise environments
• Client networks
• Large number of nodes
• Limited skills
• BYOD
• IoT
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 3/18
Part I
Common Misconceptions
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 4/18
Lessons Learned So Far (Or Not) Common Misconceptions
• IPv6 unavoidable
• Don’t procrastinate
• IPv6 is not “IPv4 with longer addresses”. . .
• IPv6 is a management problem
• “IPv6 Deployment” vs. IPv4 Retirement
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 5/18
The “Official” TCP/IP Stack Common Misconceptions
ApplicationLayer
TransportLayer
NetworkLayer
LinkLayer
DNS SSH SMTP IMAP HTTP · · ·
TCP UDP · · ·
IP(v4)
IGMP ICMP
IPv6
MLD ICMP6
Ethernet PPP WLAN · · ·
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 6/18
The “Real” TCP/IP Stack Common Misconceptions
Physical+Link Layer
Application Layer
Transport LayerNetwork Layer
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 7/18
The “Really Real” TCP/IP Stack Common Misconceptions
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 8/18
The “Really Real” TCP/IP Stack Common Misconceptions
Users, Developers, Admins
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 8/18
The “Really Real” TCP/IP Stack Common Misconceptions
Users, Developers, Admins
(Non-technical) Management
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 8/18
The “Really Real” TCP/IP Stack Common Misconceptions
Users, Developers, Admins
(Non-technical) Management
Politics
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 8/18
First Things First Common Misconceptions
• Procurement
• Test/Training Environment
• Train people
• “Spy” network
• Inventarize for IPv6
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 9/18
Making a Plan Common Misconceptions
• IPv6 is highly unpredictable
• Risk driven management
• Incremental deployment vs. Big Bang
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 10/18
The Top Troublemakers Common Misconceptions
• Highly vertical software
• Find and fix early
• A management problem
• Really a lot of detail work
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 11/18
Dealing with the Troublemakers Common Misconceptions
• Upgrade
• Replace
• Terminal servers
• Dedicated IPv4-provided subnets
• Provide IPv4 as needed (details on Wednesday)
• Avoid large scale dual-stacking
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 12/18
Part II
Your Questions?
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 13/18
DHCP vs. SLAAC? Your Questions?
• SLAAC for Layer 3
• Stateless DHCP for Layer 7
• RDNSS+DNSSL for Android
• Stateless DHCP for Windows before Creators Update
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 14/18
Microsegmentation Your Questions?
• Do it. Seriously.
• Separate by security privileges
• Point-to-point can make sense
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 15/18
Address Plan Your Questions?
• Overall goals• Simplicity• Comprehensiveness• Flexibility
• Prefixes
1. Use no more than 1/8 or 1/16 of your allocation2. Allocate aggregate prefixes by “site”3. Allocate by security profile
• Interface IDs• Suggestion: Global counter(s)• Suggestion: Separate ranges for routers and hosts• Don’t reuse
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 16/18
Part III
Epilogue
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 17/18
Contacts Epilogue
Wilhelm Boeddinghaus Benedikt Stockebrand
iubari GmbH Stepladder ITTraining+Consulting GmbH
http://www.iubari.de/ http://www.stepladder-it.com/
[email protected] [email protected]
Copyright c© 2017 W. Boeddinghaus, B. Stockebrand 18/18