IPv6 Implementation Hints

_________________________________________________Andy Davidson Thursday 24th November

2011Hurricane Electric BELNET Conference, Brusselsadavidson@he.net Twitter: @andyd

MotivationBusiness Case

ArgumentsCosts

MotivationBusiness Case

ArgumentsCosts

MethodologyEquipment

ConfigurationInstallation

MethodologyEquipment

ConfigurationInstallation

IANA

RIPENCC ARIN APNIC LACNIC AFRINIC

ISPs ISPs ISPs ISPs ISPs

Users Users Users Users Users

EuropeBroadband ISPsContent DeliveryE-CommerceHosting

v4 Run-Out in Europe

• “Run Out Fairly”• Special rules for final /8 in RIPE-land• Each LIR will be given one single /22• No PI will be assigned

• Probably implemented Q1 2012.• Similar rules in APNIC land and others..

“I don’t need IPv6, I have enough IPv4 to last for a BILLION years”

IPv4 Only Users

IPv4 Only Content

IPv6 Only UsersIPv6 Only Content

NAT Only Users

Dual Stack Users Dual Stack Content

IPv4 Only Users

IPv4 Only Content

IPv6 Only UsersIPv6 Only Content

NAT Only Users

Dual Stack Users Dual Stack Content

“Carrier Grade NAT will save me”

30 Sessions

20 sessions

15 sessions

10 sessions

“Only the network people care”

UsersNAT

Content

Users in same city ?User stats ?ACLs?4G/LTE

Internet of thingsOpportunity

GoogleYahooFacebookAkamaiBBCCisco.com….. hundreds more

Over half of participants left Dual Stack turned onIncluding Youtube’s video engine

199636m users

1% of world

population

_________

20112bn users

30% world population

OPPORTUNITY: Seven Billion People

© V. Tobin - http://www.flickr.com/photos/redfox/5350976603/

“OK, what can I do about it?”

So what am I recommending you do?

• NEVER buy Hardware/Services that are not IPv6 future proof!

• Get connectivity to your network• v6 connectivity to your engineers (address your

workstation)• v6 trials in your lab (address some toy boxes, devel

environment)• v6 connectivity to all users• Dual-stack production for some services• Dual-stack production for all services

How we did it• Don’t do it this way!

• It was 2001 – there was no stable v6 support in any vendor equipment

• In 2006, we found stable and mature IPv6 support so now I recommend dual stack.

rtrrtr rtrrtr

serverserver serverserver

RealIPv4

IP6Tunnel

Since 2006

• Dual Stack– Every backbone link gets an IPv4 and IPv6 address– Every IGP has an IPv4 and IPv6 adjacency– BGP parity

• This is my strong recommendation to you. Overlay networks are not a v6 rollout and mean you need a future v6 native rollout.

Tunnel technology• Transitional technology:– 6in4 (GRE Tunnels) www.tunnelbroker.net

– 6to4 (Auto Tunnel)– Terado (Auto Tunnel)

• Transitional technology poor compared with native, less well supported, overhead to debug, performance impacting.

• But 6in4 static tunnels are a reliable way to get connectivity into your laboratory, or in regions where no v6 native players exist

Buying Equipment and Services

• RIPE-501 is the template• http://www.ripe.net/ripe/docs/ripe-501

• Do *not* buy kit or software without IPv6 support, it would be throwing money away.

• If v6 support is on the roadmap, demand evaluation units for your lab.

• If your lab needs v6, tunnelbroker.net

Addressing school

Typical IPv4 Typical IPv6

Assignment Unit /32 (An Address) /64 (A subnet)

Assignment Policy Scarsity Aggregation

Addresses 4 billion ~350 Unidecilion

NAT NecessaryBroken

Not necessaryNot supported

Addressing Configuration StaticDHCP

StaticStateless AutoconfigDHCP (Weak)DHCP-PD

Like with v4, addressing involves gettingan IP address to a host

ISP Identifier

Customer ID

MyNetworkNumber

Host Part

RA Guard

• Any host can send Router-Advertisements– Problems with Windows ICS boxes– Turn on Terado and advertise a ::/0 path!– Other malicious intent

• Think of RA Guard like DHCP Guard

interface GigabitEthernet0/0 switchport access vlan nn ipv6 nd raguard

show ipv6 nd raguard policy

Thanks for adopting.

cidr-report.org

Modern

history

–

what’s

happened this year?

http://bgp.he.net/report/prefixes#_prefixes

http://bgp.he.net/report/prefixes#_networks

102% increase in 12 months!

80% increase in 12 months!

IPv6 measured at via BGP ASNs with IPv6

http://bgp.he.net/ipv6-progress-report.cgi

Networks Running IPv6We can measure the percentage of networks running IPv6 by comparing theset of ASes in the IPv6 routing table to those in the combined set of IPv4 and IPv6.

IPv4 Ases: 38,889IPv6 ASes: 4,592ASes using only IPv4: 34,394ASes using only IPv6: 97ASes using IPv4 and IPv6: 4,495ASes using IPv4 or IPv6: 38,986Percentage of ASes (IPv4 or IPv6)running IPv6: 11.8%

Date

11.8%

Perc

enta

ge o

f ASN

s ru

nnin

g v6

3.6%

IAN

A Runout

W

6D

World IPv6 Day and real IPv6 traffic World IPv6 Day was about enabling web-based traffic for IPv6

Focus on content providers Web (port 80 & 443 TCP traffic) plotted below

World IPv6 Day and real IPv6 traffic Long term win since W6D in IPv6 traffic levels

That means there are both content and eyeballs in play

Mostly, you need skills

FREE!!FREE!!

ipv6.he.net/certification/T-shirt to Sages.

FREE!!FREE!!

PS: Free stuff drives adoption.

Have a positive IPv6 mindset

Any Questions

Keep In Touch:

Andy Davidsonadavidson@he.netTwitter: @andyd // @henethttp://he.net/

+44 (114) 319 0605

?