310 likes | 508 Views
Why IPAM for the transition to IPv6?. Jos de Klein Professional Services Manager Europe jklein@bluecatnetworks.com. Another Day at the Airport. http:// www.satnews.com / cgi -bin/ display_story.cgi?number =1143127680. Analysts’ Take on BlueCat.
E N D
Why IPAM for the transition to IPv6? Jos de Klein Professional Services Manager Europe jklein@bluecatnetworks.com
Another Day at the Airport http://www.satnews.com/cgi-bin/display_story.cgi?number=1143127680
Analysts’ Take on BlueCat “Strong Positive in 2012”Highest possible rating 2nd year in a row. “Go-to DDI vendor for enterprise I&O because of its ease-of-use solutions” Source 2012 DDI Marketscope, Gartner Research, Inc., April, 2012. Source An Infrastructure Can Only Be As Efficient As DNS, DHCP, and IP Address Management, Forrester Research, Inc., December, 2011.
Evolution of IP Address Management (IPAM) Spreadsheet Manually assigned and tracked • IP Address Management • (IPAM) • Name Resolution • (DNS) • IP Address Assignment • (DHCP) • Homegrown Tools • Self developed individual tools • Leverage Bind, MS or others • IPAM • Centralized full management of DNS and DHCP • IPv6, DNSSEC & Web-based IPAM
What is IPAM ? IPAM IP Inventory Subnet Allocation Multi-Core Architecture DNS DHCP Services
IPAM Implementation • Push DNS and DHCP configurations toAdonis/Windows® • Pull DHCP lease and DDNS updates fromAdonis/Windows®
About Apple > 280 retail stores worldwide DHCP for employees and customers Key Objective Optimal use of IP address space (result: 20min DHCP leases) About their Deployment 2 x Proteus 5000 Centralized IPAM 640+ Adonis XMBs 2 XMBs per store with DHCP failover Apple
BYOD Begins with Device Registration BlueCat Networks & Yale University
Why? Device Change is Exponential Total # of Devices Onboarded Time
Gartner’s Take on BYOD… It’s about balancing conflicting goals: • Social (keep employees happy) • Business (keep processes running effectively) • Financial (manage costs) • Risk management (stop bad things from happening) Doing nothing is not an option.
How it works Bring Your Own Device Register Your Own Device Connect Your Device
BlueCat = Span of Control and Visibility Mobile Device Management Device Onboarding Device Offboarding Network Access Control Device and User Auditing Span of Control and Visibility
Getting Connected to All ✔ IPv6 IPv4/IPv6 IPv4 IPv4 Only
Why was IPv6 Developed? • Growth of Internet – new users coming online • Need for simpler auto configuration (without requiring DHCP) • Better integration of beneficial services and features including QoS and IPSec (no NAT!) • Advanced Multicasting, no Broadcasting • Chance to create a more efficient protocol from the top-down (fixed headers, hierarchical addressing) • IPv6 Mobility supports mobile IP, not loose sessions
IPv6 Address Structure 2001:DB8:1234:ABCD:1322:0000:FE44:0566 • Prefix identifies the network (and subnet) portion of an IPv6 address • Interface ID represents the host portion • IPv6 address is 128 bits (8 x 16 bits/4hex) • IPv4 address is 32 bits (4 x 8 bits/decimal)
Flexible Subnetting (example) • Simplest method of subnetting • Increments at the hex nibble • Each Hexadecimal nibble (country and city) provides 16 /64 networks (24) • Two nibbles (subnets) provide 256 /64 networks (28) 2001:DB8:1234: 1 8 1A /64 Country City Subnet
No Broadcasting in IPv6 ! • Neighbor Discovery (RFC 4861) – no ARP • Used to contact neighboring nodes and routers • Message types include: • Neighbor Solicitation • Neighbor Advertisement • Router Solicitation • Router Advertisement • Duplicate Address Detection (DAD) - to verify uniqueness of IPv6 address
IPv6 Prefix – 3 IP Addressesper Device 2001:DB8:1234:ABCD:1322:0000:FE44:0566 • A node’s prefix depends on how it is assigned: • Global Prefixis allocated by a RIR or provider 2000::/3 • Unique Local prefix is usually randomly generated by the organization FC00::/7 • A Link Local prefix is always FE80::
Link Local Unicast Addresses X FE80::1 X FE80::1 FE80::3 FE80::2
Unique Local and Global IPv6 routing 2001:DB8:EFAB::1 2001:DB8:ABCD::1 FD00:ABCD::1 FD00:ABCD::5
Types of IPv6 Autoconfiguration • Stateless (SLAAC) – node auto-generates addresses based on prefixes received from a router (security concerns, it uses the MAC address) • Stateful DHCPv6 –IP address and options from DHCPv6 server – e.g. use IPAM • Both– address via SLAAC, options via DHCPv6 also known as Stateless DHCPv6 – e.g.useIPAM • Node can use either method
IPAM and DNS - Forward Zones • AAAA (pronounced quad A) resolves DNS names to IPv6 addresses • The IPv6 address can be written in its full or abbreviated form When using dig for a AAAA, type AAAA at the end of the dig statement
Discover IPv4 Data with BlueCat Create reconciliation policies to ensure IPAM data accuracy Capture router connected to IP address Track DNS and MAC address details for IP Detect reclaimable, unknown and updatable IP addresses to stay current with network Capture switch port details for each IP address
Discover IPv6 with BlueCat Track IP to device to router/switch port Discover IPv6 devices MAC address and FQDN are discovered Track IP to device to router/switch port
Document IPv6 Space with BlueCat Track details and metadata for IP Networks IPv6 Network Discovery to verify IPv6 data integrity Map business logic to IPv6 data through Smart Tagging Configure access rights to delegate control over IPv4 and IPv6 space Track all changes to IPv4 and IPv6 data
Track IPv4 and IPv6 with BlueCat Track dual-stacked hosts from the IPv4 or IPv6 address…
Conclusion:Implementing IPv6 Requires IPAM • Organizations need to look at implementing DNS, DHCP and IPAM together (Investigate vendors that do all three) • DNS is a must for IPv6 go-live • DHCPv6 is a must for IPv6 go-live • IPAM is important to help smoothen the transition