IPv6 Deployment: IPv6 Deployment North American Global IPv6 Summit June 24-27 2003
Jim Bound
Chair IPv6 Forum Technical Directorate / Chair North American IPv6 Task Force
Hewlett Packard Fellow
Chris Mitchell
North American IPv6 Task Force Advisory Council / Microsoft Corporation - Lead Program Manager: Windows Networking and Communications
Introduction: Introduction Review common perceptions of IPv6
Justification for IPv6
Current IPv6 realities
Review deployment options available
Discuss current deployment solutions
Perceptions of IPv6: Perceptions of IPv6 Common perceptions:
Security concepts are often viewed as vastly different from current practices
Often described and viewed as a complete replacement of the current Internet
Reasons for IPv6 have been eliminated by the development of Network Address Translation (NAT)
Implications:
Benefits of IPv6 often overlooked or questioned
Companies often have “Wait and see attitude”
Requires a business justification
Justification: Justification There are a number of stated justifications
Security from avoidance of NAT
Routing
Stateless Address Configuration
Others……….
For End Users and IT Professionals justification comes from new experiences or capabilities
Example:
Review from today’s Keynote:
Pervasive Collaborative Computing experiences
Real-Time Communications (RTC)
Collaboration
Shared experiences
These experiences are better with peer to peer communication
Networks are more efficient using distributed models
Software updates can be retrieved from closest peer or server rather than from central location
Is IPv6 necessary?
Current challenges: Current challenges The development and deployment of new experiences is difficult:
NATs deployed within networks (Enterprises, Branch offices, WiFi Hotspots, etc.)
Networks have a mix of private and public IP addresses
Firewalls prevent end to end connectivity
IT/Network administrators have to engineer point solutions to enable communication between applications and/or computers
Developers need to be network experts in order to develop successful applications
Mobility is increasing but not supported in the network
Users frustrated with broken experiences
IPv6 meets the challenges: IPv6 meets the challenges Enables next generation network-based applications without additional expense or expertise
Enables deployment of these applications without major investment in new network infrastructure
IPv6 addresses many of the challenges with today’s networks:
Global addressing (IPv6 has 1038 addresses)
Scaling well beyond IPv4 3 billion public endpoints
Allocations allow ISPs to provision many public addresses
Eliminates requirement for NATs and private addresses
Restores connectivity as appropriate
Secure
Anonymous addresses provide privacy across multiple sessions
IPSec enables host-based authentication and security at the IP layer to augment edge-based security or obscurity
Mobile solution
Mobile IPv6 solution does not require additional infrastructure or server-side routing
Meeting the challenges, today! : Meeting the challenges, today! Applications and solutions are shipping
Microsoft ThreeDegrees and Peer-to-Peer software development kit require IPv6 connectivity
Real-Time communication and Video streaming applications offered by Agora, Microsoft and others
Vendors are shipping commercial solutions:
Checkpoint, Nokia, Ericsson, Agora, WindRiver, Hitachi, Juniper, Cisco, NEC, Fujitsu, Yamaha, Hexago and more
Operating systems that support IPv6 platform solutions include AIX, HP-UX, True64, Windows XP and 2003, OpenVMS, NSK, Solaris, FreeBSD, NetBSD, Linux and more
Key takeaway: solutions and applications are available now
Independent Software Vendors and IT Professionals should take advantage of the support in core network infrastructure to build better tools and solutions for customers
NOTE: The vendor list is not exhaustive but rather a sample; most vendors have IPv6 support today; if a vendor is not listed you should ask them
Deployment state: Deployment state Currently:
IPv6 deployments are often equated to full native support of IPv6-only
Several IPv6-only or native backbones, test networks and services are in production today
Mainstream customers and ISPs are not moving to IPv6 native due to a lack of customer demand and application support
Moving forward:
Deployment of IPv6 will happen with customer need
Deployment solutions need to be flexible and range from end-user to IT professional
How will IPv6 deployments occur?: How will IPv6 deployments occur? Option 1: Transition and co-existence
Lower barrier to entry; network can change gradually
Legacy applications and services co-exist
Additional overhead and management are concerns
Option 2: Centralized deployment or Cutover
Simpler network, management
All applications must be upgraded
All tools, infrastructure and support systems must be upgraded or updated
Option 3: Hybrid
Begin with transition and co-existence automatically with applications
Transition technologies allow Developers to use IPv6 now!
Enable centralized deployments by getting full IPv6 support into all vendor hardware, software and tools
Typical deployment options: Typical deployment options Managed deployment
Enable IPv6 native or Tunnels within managed network
Use central automatic deployment solution like ISATAP
Automatic deployment
IPv6 installed or enabled with applications
Use well known services like Teredo, Tunnel Broker, or other transition mechanism
Managed deployment: Managed deployment Description:
Managed deployment is centralized and owned IT manager or engineer
Technology can require some configuration and must be manageable
Availability:
Lot of options available to IT managers:
Dual stack (i.e. native IPv6 and IPv4)
6to4 Tunneling
ISATAP Tunneling
Native IPv6 with DSTM or NAT-PT
Network Equipment providers also support these technologies, for example:
Cisco, Hitachi, Juniper, 6WIND, and NEC
Automatic deployment: Automatic deployment Description:
Enable applications to depend on connectivity
Requires simple, zero configuration experience for end users
Must work in a variety of network topologies
May not work for all scenarios
Availability:
A few solutions available:
Teredo Tunneling
Host-based 6to4 Tunneling
Tunnel Broker
Example, Microsoft is shipping 6to4, ISATAP and Teredo in operating systems and with applications
All are made available to applications written (WinSock, DPlay, .NET Framework and RPC) to use IPv6
Solutions: Dual stack: Solutions: Dual stack All major router vendors support native dual stack:
Cisco = IOS 12.0S;12.2T/S;12.3M depending on hardware series; see www.cisco.com for specifics
To enable IPv6:
enable
configure terminal
interface type number
ipv6 enable
exit
ipv6 unicast-routing
Hitachi = GR2000; see www.internetworking.hitachi.com for specifics
To enable IPv6:
Configure the port, example:
line e1 ethernet 0/0
IP e1 3ffe:501:811:ff01::/64
RA interface e1
Juniper = All M-series platforms; see www.juniper.net for specifics
To enable IPv6:
Configure an IPv6 address into “Inet6” configuration
Configure router discovery under “protocols”
NEC = BlueFire routers and switches; see www.cng.nec.com for specifics
To enable IPv6:
(config)#interface vlan 1
(conf-vlan-1)#ipv6 enable
(conf-vlan-1)#interface vlan 2
(conf-vlan-2)#ipv6 enable
(conf-vlan-2)#exit
(config)#ipv6 unicast-routing
6WIND = 6WINDgate, edge, and NMS see www.6wind.com for specifics
Solutions: Tunneling: Solutions: Tunneling 6to4 Tunneling
Several router vendors support 6to4: Cisco, Hitachi, NEC, 6WIND
ISATAP Tunneling
ISATAP can be enabled on:
Cisco IOS 12.2(15)T
Enabled using configure command line interface
Microsoft Windows Server 2003 (www.microsoft.com/ipv6)
See ISATAP section in your IPv6/IPv4 Coexistence and Migration whitepaper included in your gift bag
Linux ISATAP (http://v6web.litech.org/isatap/)
Kernel 2.4.x with ISATAP (USAGI)
Modified IPRoute package (USAGI)
Radvd with ISATAP support (router only)
Teredo Tunneling
Teredo tunneling is a Internet draft:
Available on Windows XP SP1 with Advanced Networking pack
Enables IPv6 connectivity from behind existing IPv4 NAT devices
See http://www.ietf.org/internet-drafts/draft-huitema-v6ops-teredo-00.txt for more information
Solutions: Native IPv6 to IPv4: Solutions: Native IPv6 to IPv4 When native IPv6 becomes ubiquitous (or aggressive plan for Native IPv6) within a network there are a few options available to continue accessing “Legacy” networks without supporting Dual-Stack
DSTM:
Dual Stack Transition Mechanism (DSTM) allows IPv6 hosts within a network to access IPv4 Hosts by obtaining IPv4 addresses (using DHCPv6) within a dominant IPv6 native network, to avoid the use of IPv4 infrastructure or NAT, to communicate with IPv4 Hosts.
Supported on FreeBSD 3.4 and 4.x (KAME) and Linux
www.ipv6.rennes.enst-bretagne.fr/dstm/
NAT-PT:
NAT-Protocol Translation (NAT-PT) allows IPv6 hosts within a network using NAT-PT to access IPv4 devices via the NAT-PT enabled device
Supported on Cisco IOS 12.2T; NEC BlueFire
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide_chapter09186a00801179e2.html
Training, references and resources: Training, references and resources Training:
Cisco: Online Training materials available
Juniper: Class for configuring IPv6 in JUNOS
Tonex: IPv6 Fundamentals (onsite training)
Sunny Connection: IPv6 overview and Market Analysis
Microsoft: Updated Academic Learning Series TCP Title to contain IPv6 fundamentals releasing November 2003
Native6Group IPv6 Training Courses
Publications and references:
IPv6 Essentials written by Silvia Hagen published by O'Reilly & Associates (ISBN 0-5960-0125-8)
Understanding IPv6 written by Joseph Davies published by Microsoft Press (ISBN 0-7356-1245-5)
Development resources:
Microsoft:
MSDN: .Net Framework and WinSock reference guides
P2P SDK (overview tomorrow afternoon by Todd Manion)
Linux:
Several resources available
FreeBSD:
FreeBSD.org and others have v6 source and information
IPv6 Forum and NAv6TF
www.ipv6forum.com and www.nav6tf.org
Contact your vendors
Summary: Summary IPv6 Deployment will happen with applications and use of applications
Transition and co-existence technologies are available and can be used by application developers to restore connectivity
Managed deployments can begin now with existing infrastructure in most situations