Why You Can’t Ignore IPv6

Connectivity Colocation Cloud Services

Why You Can’t Ignore IPv6

Presented by Kirk CovielloVP of Support Services,

Digital West Networks, Inc.


Agenda

• What is IPv6 and how does it differ from IPv4?

• Why do I need to deal with IPv6 now?• What should I do about IPv6?• How should I go about deploying IPv6?


What is IPv6?How does it differ from IPv4?


What is IPv6?

• New numbering scheme for the Internet• Think of the phone book:

www.yahoo.com = 98.139.127.62 • Now, imagine an Area Code Split…


How does IPv6 differ from IPv4?

• IPv4 Address Range – a 32-bit length divided into 4 “octets”:

0.0.0.0 -> 255.255.255.255

• Sample IPv4 Address: 72.29.161.199



• IPv6 Address Range – 128-bit length divided into 8 hexadecimal groups

• Sample IPv6 Address:2001:48C0:1001:0009:0000:0000:00ac:58ce2001:48C0:1001:0009:0:0:00ac:58ce2001:48C0:1001:0009::00ac:58ce



• Total “available”* IPv4 addresses: 4,294,967,296

• Total “available” IPv6 addresses:340,282,366,920,938,463,463,374,607,431,768,211,456 – 340 “undecillion”!!!

(*- not all of these are “usable”)


IPv6: Bigger, Better, Leaner, Faster

• More address space!• Built with future features in mind (Multicast

and QOS)• Smaller routing tables• Smaller header• Elimination of Network Address

Translation


A Brief Primer on NAT:


A Long Time Ago in a Laboratory Far, Far Away…

• IP was originally meant for sharing data, not protecting it

• The Internet was a “closed open” network• IPv6 was in development before NAT• NAT will be unnecessary in the long term


Why do I need to deal with IPv6 now?


IPv6 Has Real Benefits

• Quality of Service (QOS) is better• Simplified header = faster processing• Scalability (larger # of addresses)• Simpler to subnet (consistent /64 parcels)• IPv6 is already here…


You’re soaking in it already!


Can’t Sleep, Hackers Will Eat Me…

Advertising IPv6 via Toredo

Advertising IPv6 via Toredo

RDP? All right, sure...

Remote Desktop Protocol Connection


IPv6, Your Firewall, and You:

• IPv6 includes auto-discovery protocol• IPv6 can tunnel over IPv4• IPv6-aware routers will pass this traffic -

unless prevented• Documented cases exist of IPv6

“conversations” entering networks via the Internet based on Toredo and other tunneling protocols


What should I do about IPv6?


Please Don’t Do This:


Other Options?

• Turn OFF IPv6 everywhere?No.

• Turn ON IPv6 everywhere?No.

• Run out and apply for IPv6 space?• Change to an ISP that offers IPv6?

Maybe…


Network Administrators: Get RILED About IPv6!

• Review – IPv6 Technology• Investigate – Your network topology• Learn – Wireshark or other tools• Evaluate – Your security policies and

options for internal and external IPv6• Deploy – IPv6 where it makes sense


How should I go about deploying IPv6?


Divide and Conquer…

• External resources need IPv6 first• Internal resources WILL need it eventually• Start querying your software vendors

NOW about IPv6


Dual-Stack for Your Convenience:

• Concurrent IPv4 and IPv6 inevitable• Multiple IPv6 transition mechanisms:

(Teredo, ISATAP, 6to4, 6in4, 6over4, etc.)• DNS Records at Digital West started

advertising IPv6 over a year ago


PPPPPPP…

• Plan to adopt now so that you’re not forced to later

• Check with your ISP to see what they are doing with IPv6

• Check with your hardware vendors:– Routers (SOHO devices not IPv6-aware)– VoIP PBX/Phones– Print Servers


Why You Don’t Want IPv4 Forever

• Sites and applications with native IPv6 may not behave well with NAT

• Future Internet resources will have IPv6-only

• Connectivity issues due to double or triple NAT (latency/troubleshooting)


Double NAT = Double Jeopardy

c:\>tracert linode.com -dTracing route to linode.com [67.18.186.61] over a maximum of 30 hops: 1 <1 ms * <1 ms 10.43.51.252 2 1 ms <1 ms <1 ms 10.45.253.33 3 <1 ms <1 ms <1 ms 10.62.254.251 4 20 ms 23 ms 45 ms 192.118.32.52 5 47 ms 20 ms 85 ms 207.232.60.250 6 54 ms 24 ms 79 ms 212.143.8.69 7 7 ms 79 ms 11 ms 212.143.8.209 8 89 ms 110 ms 108 ms 212.143.12.75 9 143 ms 240 ms 94 ms 212.143.14.154

10 244 ms 179 ms 95 ms 10.50.1.1 <- Private IP address on the Internet 11 176 ms 80 ms 190 ms 195.66.225.105 12 174 ms 164 ms 157 ms 70.87.255.217 13 187 ms 185 ms 186 ms 70.87.253.189 14 189 ms 194 ms 195 ms 70.87.253.18 15 187 ms 188 ms 190 ms 70.87.253.126 16 187 ms 185 ms 185 ms 70.87.254.78 17 186 ms 184 ms 187 ms 67.18.186.61Trace complete.


Digital West - What We Learned

• Plan ahead• Review vendor bug submissions• Document needed steps for

activation/deactivation of everything in test environment

• Test after hours!• Test more with end users – after hours!


Vigilance Required

• Once IPv6 is deployed, don’t ignore IPv4• Leaving IPv4 in place eternally widens

your footprint

• Take the next step – talk to your IT Department or IT Consulting firm – questions are in your packet!


Know That You Are Not the First:


Questions?

Why You Can’t Ignore IPv6

Documents

Transcript of Why You Can’t Ignore IPv6