Date post: | 24-Jan-2015 |
Category: |
Technology |
Upload: | gogo6 |
View: | 523 times |
Download: | 1 times |
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Overcoming challenges of deploying IPv6
in the live Enterprise work environment
Tina Tsou (Speaker), Kenneth Durazzo, Wendell Rios
Huawei Technologies
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Agenda
It’s Only IP…Right?
Making the case
Defining success
Testing 360
Planning the Transition
Deployment Details
UCC
Applications / Network
Platforms
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Section 1: Best Practices / Overview
Page 3
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
It’s Only IP… Right?
Should be easy, no?
But what about…
Security policy and devices
Operating systems, Hypervisors
Servers, PCs and smart-devices
Network platforms
Services and Applications
VPN
Application Optimization
UCC
Private and Public Cloud Applications
DNS / DHCP / Printing
Monitoring / Troubleshooting tools
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Making the Case
Business Executives
IPv6 will help us increase IT flexibility for
new applications and communications,
for instance BYOD
CAPex cost should be minimal, OPex
should stay the same
Security Operations
IPv6 is here on the network, in fact all
new OS’s already support it, if you don’t
embrace it, how will you protect the
business?
Application / Server Operations
Many applications and tools already
support IPv6, resulting in minor changes
to existing environment and processes
Business Function Leaders
How this will be non-intrusive to their
users and business goals but be an
enabler to their business (eg: BYOD)
IT
Business
Executives
Security
Operations
Application /
Server
Operations
Business
Function
Leaders
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Defining Success
Business impact definition
What is the scope of deployment? Entire environment? branch, campus or DC?
Phased deployment?
At the Edge? In the Core?
Timeline for cut-over
User QOE for: Applications
Network
What is the desired successful
outcome (exit criteria)?
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Testing 360
Best practices
Set up a lab that mimics your target environment, but not at scale
Perform an inventory of:
Applications
Platforms / Devices
Work with employees to create User-stories / Use-cases for the target
environment
Test, test, test…
Devices / Applications / permutations
Involve security and other operations teams, early and often, even better
if they are part of the testing team
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Planning the Transition
Create the scope of work
Environment
Platforms
Applications
Users, etc
Get training for all impacted personnel for support of
IPv6 and any new systems put in place to support
the environment
Inventory all impacted devices and configurations.
Include wiring plant and HVAC, etc
Create clear documentation and points of contact for
transition activities
All OPS teams must be deeply involved (Sec / App /
Server / Network)
Socialize the scope of work and get buy-in / signatures
for cut-over dates / times
Go live!
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
IPv6 production office networks
Page 9
Enable all
employees to
have IPv6 access
Enable employees
to innovate and
collaborate with
external partners
Explore practical IPv6
deployment and
transition options
Enable product
teams to test
the new
implementations
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Section 2: Network Architecture – IPv6 LAB Network
Page 10
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
IPv6 Network
Page 11
OSPFv3 Static Routing
Santa Clara, CA
CGN @ NE40E
AR
Content Server
CE
Router IPv6
Network
AR
Plano, TX and Santa Clara, CA
IPv6 Network Core
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
CGN and PCP Layout
Page 12
Internet
Client
IPv6 Internet
IPv4 Internet
Port 3
PCP
Port 3
NATCoord
PCP
Port 2
Port 1
Port 2
NON-PCP
P2P Client-1
P2P Client-2
Web Server (VM)
NATCoord Client
UPnP DS-Lite
Private IPv4 Client/IPv4
Web Server IPv4 over IPv6
NAT44
Public IPv4/Internet Client
UPnP/PCP Interworking
Huawei HG553
CPE1
CPE2 CGN
PCP Server
NE40E-X3
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Multicast IPv6 Transition 6-6-4 Case
Page 13
IPv6 IPv6 IPv4
Multicast 4/6 Gateway
Multicast Content Traffic
IPv6
Multicast
Client
RP (IPv4 Multicast
Content Server) IPv6 Multicast
Network
PIM IPv6
IPv6
Receiver
MLD CPE
IPv4 Content Server
IPv4 Multicast Network
IPv4
Content CERNET
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
LightWeight 4over6
Per-subscriber stateful 4 over 6 solution
No IPv4 and IPv6 address coupling
Adopted by CT, FT and DT.
Page 14
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Section 3: Live Production Network
Page 15
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Phase 1 Enterprise Network Transition
Page 16
Challenges:
• Security and compliance
• Multi zone networks based on use.
• Intranet networks highly secured and regulated by Corporate HQ.
• Nothing goes on the network unless approved by Information Security and IT.
• Too much “red tape.”
• Technology
• Existing infrastructure not ready, no IPv6 support.
• Support
• Minimal to none local resources.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Phase 1 Enterprise Network Transition – cont.
Page 17
Strategy:
• Security and compliance
• Solution or Proof of Concept implementation that does not break the rules.
• Technology
• Solution that utilizes existing network – no change in IT infrastructure.
• Support
• Get local Regional IT buy in.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Phase 1 Enterprise Network Transition – cont.
Page 18
Solution and scope: • Deploy IPv6 stub network with dual nic Linux host runing NAT64/DNS64 service.
• IPv6 only host able to access IPv4 rfc1918 resources, i.e. Sharepoint portal, Proxy web server,
and etc; by utilizing NAT64 and DNS64 gateway.
Technology and resources: • Allocate IPv4 rfc1918 network prefix for IPv4 dynamic mapping pool.
• Allocate IPv6 network prefixes:
• 2001:db8:1:ffff::/96 for NAT64/DNS64 service.
• Redhat Linux host with dual network adapters running NAT64/DNS64 service.
• Tayga stateless NAT64 open source application was installed and tested.
• TOTD DNS64 open source application was installed and tested.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Phase 1 Enterprise Network Transition – cont.
cont.
Page 19
• IPv6 NAT64 prefix (well-known or network-specific) is dedicated to mapped IPv4 addresses.
• NAT64 and DNS64 processes use the same prefix.
• Default gateway and DNS server of IPv6 host is the NAT64/DNS64 gateway.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Phase 1 Enterprise Network Transition – cont.
Page 20
Results:
• IPv6 host able to ping and telnet to network devices in IPv4 domain using NAT64 IPv6 prefix.
• IPv6 host able to access resources in IPv4 only domain using Fully Qualified Domain Names.
• IPv6 host able to use web proxy in IPv4 only domain to access Internet websites.
• Web proxy FQDN was hard set in host browser settings.
• IPv6 host able to browse and utilize Sharepoint portal/collaboration tool.
Next Steps:
• Explore and incorporate additional IPv6 technologies.
• DHCPv6
• Deploy architecture to larger scope – Phase 2.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
B R A N C H B
Analog
Fax
IP Phone
PC Client
PSTN/PLMN
EGW
WiFi
ATO
eSpace UC
Page 21
U1980
E1/T1
B R A N C H A
PSTN/PLMN
Analog
Fax
IP Phone
PC Client
IAD
WiFi
P U B L I C N E T W O R K
SSL VPN
SBC
Proxy
PC Client
Soft Phone
Internet
SBC Firewall
IPV4/IPV6
SVN
H E A D Q U A R T E R S
Analog
Fax
IP Phone
PC Client / Soft Phone
PSTN/PLMN
PSTN Gateway
UC Server
U2990 (CALL Control)
Soft
Console
IP
E1/ATO
WiFi/3G
POTS
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
I P v 6 B R A N C H
PSTN/PLMN
EGW
eSpace UC – SIP, RTP(VOIP 1)
Page 22
U1980
I P v 4 B R A N C H
PSTN/PLMN
P U B L I C N E T W O R K
SSL VPN Internet
SBC Firewall
IPV4/IPV6
SVN
H E A D Q U A R T E R S
PSTN/PLMN
UC Server
IPv4/IPv6 dual-stack
IPv4/IPv6 dual-stack SIP
RTP
U29XX
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
I P v 6 B R A N C H
PSTN/PLMN
EGW
eSpace UC – SIP, RTP(VOIP 2)
Page 23
U1980
I P v 4 B R A N C H
PSTN/PLMN
P U B L I C N E T W O R K
SSL VPN Internet
SBC Firewall
IPV4/IPV6
SVN
H E A D Q U A R T E R S
PSTN/PLMN
UC Server
IPv4/IPv6 dual-stack
IPv4/IPv6 dual-stack SIP
RTP
U29XX
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
I P v 6 B R A N C H
PSTN/PLMN
EGW
eSpace UC – SIP, RTP(Conference)
Page 24
U1980
I P v 4 B R A N C H
PSTN/PLMN
P U B L I C N E T W O R K
SSL VPN Internet
SBC Firewall
IPV4/IPV6
SVN
H E A D Q U A R T E R S
PSTN/PLMN
UC Server
IPv4/IPv6 dual-stack
IPv4/IPv6 dual-stack SIP
RTP
U29XX
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
SIP and RTP
Page 25
U29XX
eSpace eSpace
Intranet(IPv6)
UC Server
P2P VOIP
Intranet(IPv6)
U29XX
eSpace eSpace
Intranet(IPv6)
UC Server
Conference
Intranet(IPv6)
SIP
RTP
SIP
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Section 4: Additional Use-Cases
Page 26
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
www.huawei.com permanently launched v6
Page 27
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Huawei: IPv6 Deployment used by IEEE meeting
Page 28
IEEE HOT INTERCONNECT CONFERENCE, Aug 22-24, hosted by Huawei at
Huawei campus on Santa Clara, CA, USA
IPv4/IPv6 Internet
IPv4 AC (Standby)
IPv4 AP
IPv4/IPv6 STA
IPv4/IPv6 Core&Aggregation (Gateway,iStack)
Access Layer
IPv4 AC (Active)
IPv4/IPv6 Firewall (support NAT
for IPv4)
IPv4 IPS/IDS
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
http://www.huawei.com/en/solutions/broader-smarter/hw-
092950-ipv6.htm
Page 29
Additional Reference
Thank you www.huawei.com
Copyright©2011 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.