IPv6 Enabled WiFiPlanning, Deployment and Best Practices

www.netuf.net

twitter: @netuf

© 2011 - 2014 Network Utility Force, LLC.

wired and wireless network architecture, design, engineering, deployment and training

Introduction❖ Project Background

❖ Deployment Overview

❖ IPv6 Planning, Deployment and Best Practices

© 2011 - 2014 Network Utility Force, LLC.

Douglasville❖ Founded in 1875 as the railroad arrived in the area

❖ 20 miles west of Atlanta

❖ 32,000 residents

❖ Downtown Douglasville is listed on the National Register of Historic Places

© 2011 - 2014 Network Utility Force, LLC.

Google Grant❖ No outdoor WiFi

❖ Lack of hotspots

❖ Google reached out to Mayor Harvey Persons regarding their community outreach program and proposed offerings

❖ Google, Mayor Persons and the Douglasville IT department worked together with the Google team to find and hire a network engineering firm to build the municipal WiFi network

❖ Created the foundation for future WiFi expansion and wireless offerings for the city

© 2011 - 2014 Network Utility Force, LLC.

Impact to Douglasville

© 2011 - 2014 Network Utility Force, LLC.

Deployment Overview❖ Over 100 acres, across three separate locations (downtown, Hunter

Memorial and Jessie Davis parks - approximately 50 APs)❖ Both indoor and outdoor WiFi, as well as wireless backhaul❖ Traffic is active, consistent and growing at sporting events, parades, and

outdoor concerts, as well as within their community centers❖ IPv6 traffic accounts for approximately 30% of total network traffic

© 2011 - 2014 Network Utility Force, LLC.

Key Hardware

© 2011 - 2014 Network Utility Force, LLC.

Aerohive AP170: 37 Aerohive AP330: 8 Ubiquiti AF24: 6

Downtown

© 2011 - 2014 Network Utility Force, LLC.

Hunter Park

© 2011 - 2014 Network Utility Force, LLC.

Jessie Davis Park

© 2011 - 2014 Network Utility Force, LLC.

Deployment Pictures

© 2011 - 2014 Network Utility Force, LLC.

Backhaul Link Capacity

© 2011 - 2014 Network Utility Force, LLC.

Network Use

© 2011 - 2014 Network Utility Force, LLC.

Why Did We Deploy IPv6

© 2011 - 2014 Network Utility Force, LLC.

IoT Demands IPv6

© 2011 - 2014 Network Utility Force, LLC.

It’s Not Just Our Predictionhttp://www.potaroo.net/tools/ipv4/

© 2011 - 2014 Network Utility Force, LLC.

IPv6 is Faster

© 2011 - 2014 Network Utility Force, LLC.

Lee Howard, IPv6 Performance Bonus: https://www.youtube.com/watch?v=Ftoy2tp4kDM

IPv6 Traffic Volume (Akamai)

© 2011 - 2014 Network Utility Force, LLC.

RFC 6540- IPv6 Support Required for All IP-Capable Nodes -

Given the global lack of available IPv4 space, and limitations in IPv4 extension and transition technologies, this document advises that IPv6 support is no longer considered optional. It also cautions that there are places in existing IETF documents where the term "IP" is used in a way that could be misunderstood by implementers as the term "IP" becomes a generic that can mean IPv4 + IPv6, IPv6-only, or IPv4-only, depending on context and application.

© 2011 - 2014 Network Utility Force, LLC.

Additional Considerations❖ Maintainability

❖ Scalability

❖ Performance

❖ Flexibility

© 2011 - 2014 Network Utility Force, LLC.

What were the steps❖ Identify needs and resources

➢ IPv6 addresses➢ Capable Suppliers➢ Systems support➢ Staff training

❖ Create deployment plan❖ Test it all in a lab❖ Deploy a beta test network with friendly users❖ Deploy incrementally❖ Follow up with continuous monitoring and improvements

© 2011 - 2014 Network Utility Force, LLC.

What were the results

© 2011 - 2014 Network Utility Force, LLC.

What’s My IPv6 Roadmap

❖ Addressing plan

❖ Interconnectivity

❖ Bootstrapping/AAA

❖ Security

❖ Training

❖ Transition Technologies

© 2011 - 2014 Network Utility Force, LLC.

Addressing Plan● Depends on the type of network, the size of the network, and problem to be

solved● Points to consider

○ Documentation○ Ease of troubleshooting○ Aggregation○ Standards compliance○ Growth○ SLAAC○ Existing IPv4 addressing plan○ Human factors

© 2011 - 2014 Network Utility Force, LLC.

Interconnectivity● Routing protocols have been updated, but the fundamental concepts

remain the same○ Run routing protocols such that they fail when the underlying transport

fails■ That means separate v4 and v6 protocols

○ For ease of management, configure IPv4 and IPv6 connectivity to follow the same paths

○ Also use the same routing policies whenever possible● Ask your Internet traffic peers, suppliers, partners and clients to begin

transporting IPv6 traffic

© 2011 - 2014 Network Utility Force, LLC.

Bootstrapping/AAA● Some fundamental changes have been made to the bootstrap process to

join an IPv6 network, all part of the Neighbor Discovery process○ Router Advertisements (RA) – Tells potential clients about the routers

and prefixes available on the network○ StateLess Address Auto Configuration (SLAAC)

■ New in IPv6, allows a device to generate it’s own address■ Supported universally

○ Dynamic Host Configuration Protocol v6 (DHCPv6)■ Very similar to v4, can distribute address, DNS server, other

information about the network■ Good support, but far from universal

© 2011 - 2014 Network Utility Force, LLC.

Security● Use the same diligence you used for IPv4● Ask equipment vendors to support specific protections in IPv6

○ RA-Guard – prevents an attacker from sending rogue RAs into the network and becoming a man-in-the-middle

○ DHCP-Shield – similar to RA-Guard in that it blocks fake DHCP servers from giving out false information

● Ensure equipment supports all IPv4 features you use in IPv6 as well such as ACLs, anti-spoof filtering (RPF), etc. Why should v6 be any different in these areas?

● Where firewalls are needed, ensure your choice of firewall supports v6 as well as v4

● NAT is NOT a security feature and v6 doesn’t have it

© 2011 - 2014 Network Utility Force, LLC.

Training● Find an experienced organization to provide training

© 2011 - 2014 Network Utility Force, LLC.

Transition Technologies● 3 Types

○ Dual Stack■ most common■ Simply means running both v4 and v6 at the same time

○ Tunneling■ Putting either IPv4 packets inside IPv6 packets or vice versa, depending on the

situation■ Can be useful to solve problems in certain areas, but in general, tunneling hurts

performance and should be avoided when possible■ Examples: 6rd, 6in4, 4in6, DS-Lite, MAP

○ Translation■ Converting an IPv4 packet into an IPv6 packet or vice versa■ Like in tunnels, can be useful in certain circumstances, especially for rapid

deployment of IPv6 on public facing services such as web servers■ Example: NAT64

© 2011 - 2014 Network Utility Force, LLC.

Lab Testing● Build a lab● Stock it with the identical equipment you have in the field● Replicate identical configurations and software versions of what is in the

field● Can’t afford to buy all that equipment?

○ Make a vendor do it○ Hire a network engineering firm

© 2011 - 2014 Network Utility Force, LLC.

Conclusions● IPv6 works in the real world and the traffic volume is increasing● IPv6 is faster● There are challenges to implementing IPv6, but nothing show-stopping● Much of the Internet’s content is reachable over IPv6 (and growing fast) including all

of Google, FaceBook and 3000+ other websites● Approximately 30% of Douglasville’s network traffic is 30% - up 10% from just about

6 months ago● A smaller percentage of Internet users have IPv6 connectivity (though this may

change quickly with IPv4 depletion)

© 2011 - 2014 Network Utility Force, LLC.

Resources● ARIN.net

● ipv6forum.com

● internetsociety.org/deploy360/ipv6

● ipv6actnow.org

● Lee Howard, IPv6 Performance Bonus:

○ https://www.youtube.com/watch?v=Ftoy2tp4kDM

● Lee Howard, Total Cost of Ownership (TCO) of IPv6:

○ https://www.youtube.com/watch?v=vXf8ZIew1j0

● ripe.net

● potaroo.net/tools/ipv4

● gogo6.com

● netuf.net/p/ipv6.html (infographic)

© 2011 - 2014 Network Utility Force, LLC.