IPv6 – What You IPv6 – What You Need To KnowNeed To Know

Tom HollingsworthTom Hollingsworth

CCNP,CCVP,CCSP, MCSECCNP,CCVP,CCSP, MCSE

What is IP?What is IP?

Internet Protocol version 4 – Internet Protocol version 4 – ARPANetARPANet

IPv4 Address – 192.0.2.22/24IPv4 Address – 192.0.2.22/24 2^32 IPv4 addresses != 4 billion2^32 IPv4 addresses != 4 billion Classful networking – later Classful networking – later

developed into CIDRdeveloped into CIDR Network Address Translation (NAT) Network Address Translation (NAT)

used to extend life of IPv4used to extend life of IPv4

IPv4 – Exit, Stage RightIPv4 – Exit, Stage Right

ICANN/IANA exhaustion occurred ICANN/IANA exhaustion occurred 2/3/20112/3/2011

First RIR to reach depletion – APNIC First RIR to reach depletion – APNIC (8/10/2011)(8/10/2011)

Last projected RIR depletion date – Last projected RIR depletion date – 7/23/20127/23/2012

Rate of consumption at exhaustion Rate of consumption at exhaustion was approx. 4 million addresses per was approx. 4 million addresses per dayday

How Did We Run Out?How Did We Run Out?

Every networked device needs an Every networked device needs an addressaddress

Explosion of networked devicesExplosion of networked devices Desire for connection vs. Need for Desire for connection vs. Need for

addressingaddressing Bad /8 management – 1.0.0.0/8, Bad /8 management – 1.0.0.0/8,

127.0.0.0/8, and Class E127.0.0.0/8, and Class E

Version 6? Where’s Version 6? Where’s Version 5?Version 5?

Version 5 = Stream protocol – Version 5 = Stream protocol – incorporated into IPv6incorporated into IPv6

Version 6 – In development since Version 6 – In development since 19931993

Classless NetworkingClassless Networking 2^128 = 2^128 =

340,282,366,920,938,463,463,374,6340,282,366,920,938,463,463,374,607,07,

431,768,211,456 (340 undecillion) 431,768,211,456 (340 undecillion) addressesaddresses

What Does It Look Like?What Does It Look Like?

IPv4 – 10IPv4 – 10..1010..11..11

IPv6 – IPv6 – 20012001::470470::1f0f1f0f::80c80c::beefbeef::cafecafe::abcdabcd::5454

Link Local – fe80Link Local – fe80::::beefbeef::cafecafe::abcdabcd::5454

IPv6 – In DetailIPv6 – In Detail

Hexadecimal (base 16) addressing – 0-9, Hexadecimal (base 16) addressing – 0-9, a-fa-f

Removed unnecessary header fieldsRemoved unnecessary header fields Removed broadcast in favor of multicastRemoved broadcast in favor of multicast ARP is gone in favor of ICMPv6 and NDARP is gone in favor of ICMPv6 and ND ::1 is the only loopback::1 is the only loopback Much more reliance on DNS for hostsMuch more reliance on DNS for hosts

Hands-Off ConfigurationHands-Off Configuration

IPv6 uses Stateless AutoconfigurationIPv6 uses Stateless Autoconfiguration EUI-64 standard using MAC addressEUI-64 standard using MAC address

Address hiding available for security needsAddress hiding available for security needs Neighbor Solicitation to discover Neighbor Solicitation to discover

addressesaddresses Router Advertisement announces Router Advertisement announces

networknetwork DHCP available, but less needed (only DHCP available, but less needed (only

for DNS resolution)for DNS resolution)

IPv6 Configuration – IPv6 Configuration – Dual Stack or Tunnels?Dual Stack or Tunnels?

6to4 tunnel – each IPv4 has its own 6to4 tunnel – each IPv4 has its own /48 – doesn’t work with NAT or RFC /48 – doesn’t work with NAT or RFC 19181918

Teredo - MS tunnel for use with NATTeredo - MS tunnel for use with NAT ISATAP – allows v4 addresses to ISATAP – allows v4 addresses to

convert to v6, but very complicated convert to v6, but very complicated and relies on DNSand relies on DNS

Dual Stack – Running IPv4 and IPv6 Dual Stack – Running IPv4 and IPv6 simultaneously (expensive)simultaneously (expensive)

Host Readiness – Host Readiness – Windows 7Windows 7

Windows 7 – full IPv6 network stackWindows 7 – full IPv6 network stack Enabled by defaultEnabled by default Full IPv6 DNS record (AAAA) Full IPv6 DNS record (AAAA)

supportsupport

Host Readiness – Host Readiness – Windows XPWindows XP

IPv6 supported in SP2 – Must be IPv6 supported in SP2 – Must be enabledenabled

Does NOT support DNS lookups over Does NOT support DNS lookups over IPv6IPv6

Host Readiness – OS XHost Readiness – OS X

Supported in Jaguar (10.2.x) but Supported in Jaguar (10.2.x) but much better in Snow Leopard much better in Snow Leopard (10.6.x)(10.6.x)

Issues with IPv6 networks being Issues with IPv6 networks being “broken” and not failing to IPv4 as “broken” and not failing to IPv4 as well as DNS server issueswell as DNS server issues

Make sure to be on 10.6.5 or later Make sure to be on 10.6.5 or later for best resultsfor best results

Are My Servers IPv6-ready?Are My Servers IPv6-ready?

Upgrade to Windows Server 2008Upgrade to Windows Server 2008 Snow Leopard 10.6.5 or laterSnow Leopard 10.6.5 or later Verify Linux Kernel supportVerify Linux Kernel support For appliances, check vendor release For appliances, check vendor release

notesnotes

Router ReadinessRouter Readiness

Older equipment doesn’t have Older equipment doesn’t have support for IPv6support for IPv6

Ensure your network equipment is Ensure your network equipment is updatedupdated

IPv6 FirewallsIPv6 Firewalls

IPv6 is a different protocol and IPv6 is a different protocol and requires different rulesrequires different rules

No NAT66 means rules must be No NAT66 means rules must be more detailedmore detailed

Check your firewall vendor to find Check your firewall vendor to find code level for IPv6 supportcode level for IPv6 support

Another good site: Another good site: https://www.icsalabs.com/technology-program/ipv6/ipv6-capable-security-products

What Happens if I Don’t What Happens if I Don’t Use IPv6?Use IPv6?

Major sites are moving to IPv6 Major sites are moving to IPv6 contentcontent Facebook, Google, Netflix, YahooFacebook, Google, Netflix, Yahoo

When IPv4 is depleted, new websites When IPv4 is depleted, new websites will be IPv6-onlywill be IPv6-only

Both protocols needed to access Both protocols needed to access 100% of the Internet going forward100% of the Internet going forward

World IPv6 Day – June 8World IPv6 Day – June 8

Google, Yahoo, and many others are Google, Yahoo, and many others are enabling IPv6 along with IPv4 for 24 enabling IPv6 along with IPv4 for 24 hours as a testhours as a test

About 0.05% of Internet users are About 0.05% of Internet users are expected to have IPv6 related issuesexpected to have IPv6 related issues

Test things out to see how IPv6 Test things out to see how IPv6 works for youworks for you

How can I be ready for How can I be ready for IPv6 today?IPv6 today?

Talk to your ISP and find out their Talk to your ISP and find out their plansplans

Ensure your network equipment is up Ensure your network equipment is up to dateto date

Document your network to make Document your network to make renumbering simple when D-Day renumbering simple when D-Day comescomes

Talk to peers and colleagues to refine Talk to peers and colleagues to refine best recommendationsbest recommendations

Spread the WordSpread the Word

Don’t let stories like this be the face of Don’t let stories like this be the face of IPv6:IPv6:

Web developers have tried to compensate for this problem by creating IPv6 -- a system that

recognizes six-digit IP addresses rather than four-digit ones.

Read more: http://www.foxnews.com/scitech/2011/01/26/

internet-run-ip-addresses-happens-anyones-guess/#ixzz1CFQVefc0

More InformationMore Information

World IPv6 Day - World IPv6 Day - http://isoc.org/wp/worldipv6day/http://isoc.org/wp/worldipv6day/

ARIN IPv6 Information - ARIN IPv6 Information - https://www.arin.net/knowledge/v4-https://www.arin.net/knowledge/v4-v6.htmlv6.html

Microsoft IPv6 Resources - Microsoft IPv6 Resources - http://technet.microsoft.com/en-us/nhttp://technet.microsoft.com/en-us/network/bb530961etwork/bb530961

More InformationMore Information

Apple IPv6 Info - Apple IPv6 Info - http://www.apple.com/server/macosx/tehttp://www.apple.com/server/macosx/technology/networking.htmlchnology/networking.html

IPv6 Wikipedia Page - IPv6 Wikipedia Page - http://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/IPv6

IPv6 enabled address page – IPv6 enabled address page – http://ip6.mehttp://ip6.me

Renumbering a network without a flag Renumbering a network without a flag day - http://tools.ietf.org/html/rfc4192day - http://tools.ietf.org/html/rfc4192