260 likes | 580 Views
IPv6 deployment in ONE. Author: Goran Rumenovski Packet Transport Network Engineer e-mail:goran.rumenovski@one.mk Co-Author: Vladimir Stefanov Pacek Transport Network Engineer e-mail:vladimir.stefanov@one.mk.
IPv6 deployment in ONE Author: Goran RumenovskiPacket Transport Network Engineere-mail:goran.rumenovski@one.mkCo-Author: Vladimir StefanovPacek Transport Network Engineere-mail:vladimir.stefanov@one.mk
On 03 Feb 2011 RIPE NCC (Network Coordination Center) stated that in next period IPv4 address space will be exaustedhttp://www.ripe.net/internet-coordination/ipv4-exhaustionWhat does this mean?When the RIPE NCC starts to allocate from the last /8 of IPv4 address space, an LIR may receive only a /22 (1,024 IPv4 addresses), even if they can justify a larger allocation. No new IPv4 Provider Independent (PI) space will be assigned.
In our company this statement raised an alarm and pushed us to find solutionSOLUTION:- NAT IPv4 implementation- IPv6 deployment
IPV6 development in ONE:2009: Getting aware about new technology2010: First Ipv6 Tunnel using tunnel broker and first published web site2011: IPv6 allocation from RIPE. Native IPv6 peering.Participate in World IPv6 day. 3 star Ripenness2012: Dual Stack enabled enterprises services. Participation in World IPv6 day. 4 star Ripennes
How to get started:- IPv6 Discovery- IPv6 Assestment- IPv6 Planning and Designing * dual stack, hybrid, block model * get your own v6 prefix- IPv6 Implementation- Network optimization
IPv6 prefix assignements:- Service provider (LIR): /32- Large end user, Organization: /48- Small end user: /56- SOHO: /64 or /60Do not count available hosts per subnet…………..It doesn’t have sense!!!!
Planning and Designing your own IPv6 infrastructure:- understanding IPv6 128 bit length format- addresing by location (example:2A01:5B8:FEED:HEX1(location)HEX2(desktop/server/DMZ/infrastructure)HEX3&4(Vlan number)::(host IPv6)/64- addresing by type(example:2A01:5B8:FEED:HEX1&2(desktop/server/DMZ/infrastructure)HEX3&4(location)::(host IPv6)/64
Where to go next:- Test applications- Evaluate impact on existing infrastructure- Endure new purchases are IPv6 compatible (HW/SW)- Train your staff- Start small- enable your website * Dual stack * native IPv6 or NAT-PT (or SLB-PT)- Enable Internal connectivity. Pilot IPv6 in your network- Contact your service provider and investigate possibilities for NAT64/DNS64
IPv6 advantage:- Added adresses- Stateless autoconfiguration- Simplifies routing- fewer header fields- Support IPSec natively- Improved Mobile IP support- QoS support-flow label potential- Native multicast- Includes anycast- Backward compatible- Extensible
IPv6 Transition Techniques- Dual stack- Tunnel/Encapsulation * configured tunnels * automatic tunnels 6 to 4 ISATAP Tunnel Broker with TSP Teredo * NAT64- Application layer gateways * Proxy * Load balancer
Some security consideration- Controlling access v4 and v6- Eliminate undesired traffic- Configure your IPv4 Firewall to drop protocol 41 to prevent internet hosts from using IPv6 over IPv4 tunneled traffic * 6 to 4 (protocol 41), ISATAP (protocol 41) * Terredo (UDP port 3544)- Misconfigured network devices and DNS server- Statefull firewall between private IPv6 hosts and internet
PREPARATION/DEPLOYMENT IN ONE for IPv6 day 2011 (08 June)Steps undertaken on eBGP routing equipment (upstream peering):Step 1a.IPv6 BGP implementation to Telekom Slovenia (leader in ipv6 implementation at that time)interface Port-channel 1.487 description upstream - TelekomSlovenija ipv6 address 2A00:EE0:5:18::2/64 ipv6 enable interface Loopback2 description LOOPBACK_ipv6 ipv6 address 2A01:5B8::1/64 ipv6 enablerouter bgp 16333 neighbor 2A00:EE0:5:18::1 remote-as 5603neighbor 2A00:EE0:5:18::1 description IPV6-TELEKOM_SLOVENIJA
PREPARATION/DEPLOYMENT IN ONE for IPv6 day 2011 (08 June)Steps undertaken on eBGP routing equipment (upstream peering):Step 1b.IPv6 BGP implementation to Telekom Slovenia (leader in ipv6 implementation at that time)address-family ipv6no synchronization network 2A01:5B8::/32 neighbor 2A00:EE0:5:18::1 activate neighbor 2A00:EE0:5:18::1 soft-reconfiguration inbound exit-address-family ipv6 route 2A01:5B8::/32 Null0 240 #sh bgp ipv6 unicast summaryeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd2A00:EE0:5:18::1 4 5603 175953 17967 2043948 0 0 5d17h 8967
PREPARATION/DEPLOYMENT IN ONE for IPv6 day 2011 (08 June)Steps undertaken on eBGP routing equipment (upstream peering):Step 2 IPv6 implementation on CORE routers (static routes)main bgp router#ipv6 route 2002::/16 Tunnel102ipv6 route 2A01:5B8:D910::/48 2A01:5B8:0:1::Fipv6 route 2A01:5B8:FAAA::/48 2A01:5B8:FAAA:101::1ipv6 route 2A01:5B8:FEED::/48 2A01:5B8:FEED:101::1core router# interface GigabitEthernet1/24 description Link to Yoda ipv6-gateway no ip address ipv6 address 2A01:5B8:0:1::1/64 ipv6 enable default route:ipv6 route ::/0 2A01:5B8:0:1::2
PREPARATION/DEPLOYMENT IN ONE for IPv6 day 2011 (08 June)Steps undertaken on routing equipment:Step 4 Bypass IPv4 infrastructure with 6to4 tunnels interface Tunnel100 description TUNNEL_IPV6IP_FOR_IT (IPV6_SUBNET_2a01.5b8.feed::/48) no ip address ipv6 address 2A01:5B8:FEED:101::2/64 ipv6 enable tunnel source tunnel destination tunnel mode ipv6ip
IPv6 real connectivity test and troubleshooting on network equipment#traceroute ipv6 ipv6.google.comTranslating "ipv6.google.com"...domain server ( [OK]Type escape sequence to abort.Tracing the route to ipv6.l.google.com (2A00:1450:4016:800::1010) 1 2A00:EE0:5:18::1 [AS 5603] 16 msec 16 msec 16 msec 2 2A00:EE0:0:216::2 [AS 5603] 20 msec 32 msec 20 msec 3 de-cix20.net.google.com (2001:7F8::3B41:0:2) [AS 5603] 84 msec 80 msec 76 msec 4 2001:4860::1:0:10 [AS 5603] 36 msec 2001:4860::1:0:11 36 msec 2001:4860::1:0:10 36 msec 5 2001:4860::8:0:3015 [AS 5603] 36 msec 36 msec 36 msec 6 2001:4860::1:0:336C [AS 5603] 136 msec 44 msec 44 msec 7 2001:4860:0:1::535 [AS 5603] 44 msec 44 msec 44 msec 8 2A00:1450:8000:1E::4 [AS 5603] 88 msec 88 msec 88 msec
IPv6 real connectivity test and troubleshooting on network equipmentping ipv6 ipv6.google.comType escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2A00:1450:4016:800::1010, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms#ping ipv6 ipv6.on.net.mkTranslating "ipv6.on.net.mk"...domain server ( [OK]Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2A01:5B8:FAAA::D910:5F4C, timeout is 2 seconds:.H.H.Success rate is 0 percent (0/5)#ping ipv6 ipv6.one.mkTranslating "ipv6.one.mk"...domain server ( [OK]Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2A01:5B8:FEED:1303::28, timeout is 2 seconds:!!!!!
- Official participation for World IPv6 day in 2011 (8 June)http://www.worldipv6day.org/ipv6-enabled-websites/index.htmlIPv6 Enabled WebsitesThe IPv6 standards have been stable for many years. Networks, websites, equipment and operating system vendors have been developing and deploying IPv6 during the standards development process and continue to do so.Here is a set of websites that have IPv6 enabled today and who have contacted us supporting the World IPv6 Day effort. You can visit them using IPv6 today:Show entriesSearch: IPv6 Enabled Websites on.net.mk Showing 1 to 1 of 1 entries - How to check that portal is ipv6 ready:1. http://ipv6.one.mk2.http://ipv6.on.net.mk3.http://ipv6.google.com
http://ripeness.ripe.net/pies.html https://labs.ripe.net/Members/becha/ipv6-ripeness-how-to-reach-the-stars http://eggert.org/meter/ipv6.html
FUTURE PLANS for IPv6 expansion in ONE:- Dual stack deployment in Packet Mobile (GGSN, SGSN) - Dual stack deployment for PPPoEusers (BRASs)- Dual stack deployment on all hosted web portalsFirst commercial request for deployment of IPV6/IPv4 dual stack awareness came from Google for their GGC (Google global cash) nodes deployed in ONE
IPv6 is a must, not an option!!!!Question remains, will we be ready for IPv6, or we will wait to be surprised by IPv6?ACT NOW!!!!!