IPv6 Implementation Hints
_________________________________________________Andy Davidson Thursday 24th November
2011Hurricane Electric BELNET Conference, [email protected] Twitter: @andyd
MotivationBusiness Case
ArgumentsCosts
MotivationBusiness Case
ArgumentsCosts
MethodologyEquipment
ConfigurationInstallation
MethodologyEquipment
ConfigurationInstallation
IANA
RIPENCC ARIN APNIC LACNIC AFRINIC
ISPs ISPs ISPs ISPs ISPs
Users Users Users Users Users
EuropeBroadband ISPsContent DeliveryE-CommerceHosting
v4 Run-Out in Europe
• “Run Out Fairly”• Special rules for final /8 in RIPE-land• Each LIR will be given one single /22• No PI will be assigned
• Probably implemented Q1 2012.• Similar rules in APNIC land and others..
“I don’t need IPv6, I have enough IPv4 to last for a BILLION years”
IPv4 Only Users
IPv4 Only Content
IPv6 Only UsersIPv6 Only Content
NAT Only Users
Dual Stack Users Dual Stack Content
IPv4 Only Users
IPv4 Only Content
IPv6 Only UsersIPv6 Only Content
NAT Only Users
Dual Stack Users Dual Stack Content
“Carrier Grade NAT will save me”
30 Sessions
20 sessions
15 sessions
10 sessions
“Only the network people care”
UsersNAT
Content
Users in same city ?User stats ?ACLs?4G/LTE
Internet of thingsOpportunity
GoogleYahooFacebookAkamaiBBCCisco.com….. hundreds more
Over half of participants left Dual Stack turned onIncluding Youtube’s video engine
199636m users
1% of world
population
_________
20112bn users
30% world population
OPPORTUNITY: Seven Billion People
© V. Tobin - http://www.flickr.com/photos/redfox/5350976603/
“OK, what can I do about it?”
So what am I recommending you do?
• NEVER buy Hardware/Services that are not IPv6 future proof!
• Get connectivity to your network• v6 connectivity to your engineers (address your
workstation)• v6 trials in your lab (address some toy boxes, devel
environment)• v6 connectivity to all users• Dual-stack production for some services• Dual-stack production for all services
How we did it• Don’t do it this way!
• It was 2001 – there was no stable v6 support in any vendor equipment
• In 2006, we found stable and mature IPv6 support so now I recommend dual stack.
rtrrtr rtrrtr
serverserver serverserver
RealIPv4
IP6Tunnel
Since 2006
• Dual Stack– Every backbone link gets an IPv4 and IPv6 address– Every IGP has an IPv4 and IPv6 adjacency– BGP parity
• This is my strong recommendation to you. Overlay networks are not a v6 rollout and mean you need a future v6 native rollout.
Tunnel technology• Transitional technology:– 6in4 (GRE Tunnels) www.tunnelbroker.net
– 6to4 (Auto Tunnel)– Terado (Auto Tunnel)
• Transitional technology poor compared with native, less well supported, overhead to debug, performance impacting.
• But 6in4 static tunnels are a reliable way to get connectivity into your laboratory, or in regions where no v6 native players exist
Buying Equipment and Services
• RIPE-501 is the template• http://www.ripe.net/ripe/docs/ripe-501
• Do *not* buy kit or software without IPv6 support, it would be throwing money away.
• If v6 support is on the roadmap, demand evaluation units for your lab.
• If your lab needs v6, tunnelbroker.net
Addressing school
Typical IPv4 Typical IPv6
Assignment Unit /32 (An Address) /64 (A subnet)
Assignment Policy Scarsity Aggregation
Addresses 4 billion ~350 Unidecilion
NAT NecessaryBroken
Not necessaryNot supported
Addressing Configuration StaticDHCP
StaticStateless AutoconfigDHCP (Weak)DHCP-PD
Like with v4, addressing involves gettingan IP address to a host
ISP Identifier
Customer ID
MyNetworkNumber
Host Part
RA Guard
• Any host can send Router-Advertisements– Problems with Windows ICS boxes– Turn on Terado and advertise a ::/0 path!– Other malicious intent
• Think of RA Guard like DHCP Guard
interface GigabitEthernet0/0 switchport access vlan nn ipv6 nd raguard
show ipv6 nd raguard policy
Thanks for adopting.
cidr-report.org
Modern
history
–
what’s
happened this year?
http://bgp.he.net/report/prefixes#_prefixes
http://bgp.he.net/report/prefixes#_networks
102% increase in 12 months!
80% increase in 12 months!
IPv6 measured at via BGP ASNs with IPv6
http://bgp.he.net/ipv6-progress-report.cgi
Networks Running IPv6We can measure the percentage of networks running IPv6 by comparing theset of ASes in the IPv6 routing table to those in the combined set of IPv4 and IPv6.
IPv4 Ases: 38,889IPv6 ASes: 4,592ASes using only IPv4: 34,394ASes using only IPv6: 97ASes using IPv4 and IPv6: 4,495ASes using IPv4 or IPv6: 38,986Percentage of ASes (IPv4 or IPv6)running IPv6: 11.8%
Date
11.8%
Perc
enta
ge o
f ASN
s ru
nnin
g v6
3.6%
IAN
A Runout
W
6D
World IPv6 Day and real IPv6 traffic World IPv6 Day was about enabling web-based traffic for IPv6
Focus on content providers Web (port 80 & 443 TCP traffic) plotted below
World IPv6 Day and real IPv6 traffic Long term win since W6D in IPv6 traffic levels
That means there are both content and eyeballs in play
Mostly, you need skills
FREE!!FREE!!
ipv6.he.net/certification/T-shirt to Sages.
FREE!!FREE!!
PS: Free stuff drives adoption.
Have a positive IPv6 mindset
Any Questions
Keep In Touch:
Andy [email protected]: @andyd // @henethttp://he.net/
+44 (114) 319 0605
?