150 likes | 284 Views
Georgios Koutepas, NTUA “IPv6 Technology and Advanced Services” Oct. 19, 2004. Methods and Tools for Managing IPv6 Networks. Management in IPv6. Necessary element to achieve the smooth transition to the new protocol
E N D
Georgios Koutepas, NTUA “IPv6 Technology and Advanced Services” Oct. 19, 2004 Methods and Tools for Managing IPv6 Networks
Management in IPv6 • Necessary element to achieve the smooth transition to the new protocol • Functionality and Quality are required to be of the same level as for IPv4 Networks • Correct network planning shows the functional network areas and the user groups (with their needs!) for each one of them • Management Areas: • Monitoring day to day operations of the network • Gathering data that will support improvement and evolution services • There are no “final” solutions for all areas of IPv6 management • Some of the protocols are still under development • Some necessary tools are still missing IPv6 Management 2/15
IPv6 Deployment Suggestions Phase 1 • Network Design • Define Wide and Local network segments • Define “special” areas (due to requirements and operations)- VLANs, DMZs etc. • Define management entities and their areas of responsibility • Network management information flow • Security requirements: • For users and applications • For the network itself (protection of the management information, protection of network devices, security of management procedures) • Plan the steps to transition to the new protocol. Examine the possibility of deploying transition mechanisms (for communications between IPv6 areas within anIPv4network and vise-versa) 3/15
IPv6 Deployment Suggestions (2) Phase 2 • Implementation of a mixedIPv4/IPv6 environment • Gradual transition of non-critical systems to IPv6 • Allows the evaluation of the operation and stability of the network devices and non-critical systems under IPv6 • Develops the transition procedures • Disseminates the usages of transition mechanisms(tunnels, gateways, etc.)for communications between exclusiveIPv6 areas Phase 3 • Transition of all systems to IPv6 • Exclusive usage of IPv6 in the network • Maintaining transition mechanisms for legacy systems and contacts with IPv4 networks 4/15
Management Protocol Standardization • Main suppliers of networking equipment support usage of SNMP over IPv6 and offer agents • However, management of devices using IPv4 communications still possible thanks to dual stack support • On general-usage agents there is full SNMP-IPv6 support on net-snmp that implements the new MIBs • Small number of applications offering SNMP-IPv6 support. Openview and CiscoWorks gradually offer IPv6 support at the MIB level, but in most cases access is over IPv4 • Mew textual conventions support both IPv4 and IPv6 forIP representation on the MIBs • RFC 3291 • Within 2004 the process of unifying IP, TCP and UDP tables in both environments has reached “proposed standard” stage 5/15
Management Protocol Standardization (2) • Other management protocols have achieved varying level of transition to IPv6: • RADIUS has been standardized in IPv6 (RFC 3162) but has shown that it cannot be used in large scale networks. Therefore IETF has defined a replacement protocol, DIAMETER. Currently there is no implementation of Radius over IPv6 • DIAMETER is define in RFC 3588 and has been implemented • COPS and WBEM (Web-Based Enterprise Manager) have adapted their data models and the policies to support the new protocol and large scale deployments. However, curently there are no available implementations • Kerberos V has partially been implemented over IPv6 6/15
Management Protocol Standardization (3) • Cisco’s Netflow supports IPv6 flow data only in version 9 • Supported by IOS 12.3T • Netflow data collectors are available from Cisco and academic sourses 7/15
Transition Mechanisms • They allow the (temporary…) coexistence of IPv4 and IPv6 areas • Implementations are tunnel-deployment mechanisms through network areas not supporting the required protocol version. The data packets are encapsulated within tunnel packets. • Additionally, Translation mechanisms between the two protocol versions • Most common mechanisms: 6to4, Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), Dual-stack Transition Mechanism (DSTM) • They are a special case for IPv6 management • The require careful planning for: • Their points of deployment in the network • Access control and user usage policies • Operation Policies, especially on the issue of “relaying” internal or external traffic through 6to4 (6to4 relays) 8/15
Transition Mechanisms (2) • There are “gaps” in the capability to manage them • They comprise possible security weaknesses • It’s possible to create recourse usage problems • Their management requirements and procedures are not completely clear, yet. However, they use “encapsulation” mechanisms, which are well understood in IPv4 • Alternatively they can be basically controlled (e.g. accepting their traffic or not) by existing security mechanisms (e.g. Firewalls) 9/15
Basic Management Tools • Core Network Management • ASPath Tree (http://carmen.ipv6.tilab.com/ipv6/tools/ASpath-tree/index.html) • Looking Glass (http://netmon.grnet.gr/lgv6.shtml) • IPFlow/Netflow (http://www.rrt.cr-picardie.fr/%7Efillot/nf6/ http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml) • Mping (http://mping.uninett.no/) • RIPE Test Traffic (TT) Server with IPv6 Support (http://www.ripe.net/ttm/ttm-ipv6.html) – NTUA: tt42 • Cricket (http://cricket.sourceforge.net/) • MRTG 10/15
Basic Management Tools • Local Area Network Management • Argus (http://argus.tcp4me.com/) • Ethereal (http://www.ethereal.com/) • Multicast Beacon (http://dast.nlanr.net/Projects/Beacon/) • Iperf (http://dast.nlanr.net/Projects/Iperf/) • ntop (http://www.ntop.org/) • General Maagement • Nagios (http://www.nagios.org/) • RANCID (http://www.shrubbery.net/rancid/) 11/15
Recommendations on IPv6 management • Architecture • The suggested transition procedure can be followed when designing and deploying IPv6. • Management Tools and Procedures – Client Networks • A single tools for network management and services monitoring (Argus, Nagios ή Ntop) • Traffic monitoring tools (MRTG) • End-to-end performance evaluation tools (Iperf) • Capability for low level traffic analysis by packet capturing (Ethereal) • Optionally, tools for configuration file management (RANCID) 12/15
Recommendations on IPv6 management (2) • Core Networks • Traffic monitoring(MRTG, Cricket, Nagios) • Traffic capture and analysis(Netflowv9) • Network equipment monitoring (Nagios) • Routing management • To acquire a picture of the routing policies and BGP route tree health (ASpath-tree) • BGP parameters cannot me monitored by automated tools due to the unavailability of IPv6 BGP MIBs and appropriate clients to perform such requests 13/15
Useful material from the 6NET project Available at: http://www.6net.org/publications/deliverables/ Deliverables: D6.3.3 Final Report on IPv6 Management and Monitoring Architecture Design, Tools and Operational Procedures - Recommendations D6.2.4 Final Report on IPv6 Management Tools, Developments and Tests Additionally: D6.2.2 Operational Procedures for Secured Management with Transition Mechanisms D3.5.1 6NET Implementation of Security Plan (under development) 14/15