340 likes | 350 Views
Learn about the challenges faced by the University of Wisconsin in managing the allocation of IPv4 addresses, and their transition to IPv6 due to the scarcity of IPv4 resources.
E N D
Dave Parter, Assistant Director, Computer Science, University of Wisconsin Perry Brunelli, Director, Network Services, University of Wisconsin A Closer Look at IPv4 Allocation Requests: Managing a Now-Scarce Resource
IPv4 Exhaustion Counter http://inetcore.com/project/ipv4ec/
About the University of Wisconsin Founded in 1848 and the flagship campus of the UW-System Main campus situated on 935 acres Total enrollment in Fall 2006 was 41,465 Undergraduate students totaled 28,462 Graduate students numbered 8,832 Professional students totaled 2,579 Employ over 2000 faculty R1 Research university Annual research expenditures exceed $900M Academic program offers 135 undergraduate majors, along with 151 master's degree programs and 107 doctoral programs
Where we came from . . . Networking was more decentralized: Strong network presence since early 1980s (through good cooperation, some planning and a lot of good luck) Decentralized network: - Central IT delivered network to each building/department - Each department purchased their own network equipment No official standards for hardware, network design, services, bandwidth - no plan for IPv4 address assignments
Gaining Consensus: _____________________________________ Understanding the technologist perspective Managing meaning Make partners part of the process very early
Gaining Consensus: Everyone Hates Us_____________________________________ Understanding the technologist perspective Managing meaning Make partners part of the process very early
Where we are Equipment purchases centrally managed Configurations centrally managed 24x7 network monitoring / support Redundancy / emergency stock Lab used to test gear / configurations
Authorized Agent Network Tool Suite (AANTS) • Rich tool suite developed as part of the new network in order to allow department IT staff to quickly get information, configure, reconfigure, and test the network. • Tools include: • Port use auditor • Firewall blade configuration • Network Statistics • IP Investigator Tool
Network Advisory Group • Informal – open to all interested campus partners • Provide guidance on all network issues • Representatives in the loop on major decisions / acquisitions • More active role in policy and planning issues
The following data is online at: http://stats.net.wisc.edu/ipusage
Pressures • IPv4 addressing is inherently inefficient • Network equipment & topographical restraints • Explosion of Wireless • VPN • Departmental usage growth (temporarily) stagnant • Scientific Computing
IPv4 allocation issues • Late Spring 2008: NetEng raised the issue of IPv4 allocation/scarcity with NAG, recommended reclamation. • NAG thought that was a good idea, but no details were discussed. • Summer 2008: NetEng draft reclamation project plan included IP allocation rules -- OBJECTION! • That is "campus" policy and should not be set by NetEng. • NAG IPv4 allocation policy team formed. • Fall 2008: IPv4 allocation policy team sets goal of interim policy approved and in place by Jan 1 (ambitious).
“By acting now, we can avoid pain andfail gracefully”Dale Carder • Waste reclamation • Private addressing • Redesign wireless networks • Allocation due diligence • Allocation Policy & Authority • Start transition to IPv6
Network Advisory Group’s Role in IP issues • Formed and participated in several subgroups addressing IP concerns: • IPv6 • RFC1918 • Reclaiming IP Numbers • IP Allocation Committee
IPv6 Committee • Executive Summary • The demand for additional IPv4 addresses on campus continues to grow due to new buildings, building expansions, server clusters, virtualization, and a rapid increase in the use of handheld WiFi devices. As the global pool of IPv4 addresses decreases, we will no longer be able to obtain additional IPv4 allocations from ARIN (American Registry of Internet Numbers). We estimate that UW-Madison could exhaust its available IPv4 address space in 2011 and as a result are assuming that a transition to IPv6 will be required.
IPv6 Committee - continued • We recommend that DoIT proactively deal with this issue by launching a formal internal project to assess the IPv6 readiness of our own systems. In addition to understanding the impacts to our systems, this project would enable DoIT to take a leadership role for campus by developing knowledge and expertise thus enabling us to assist other campus departments with this issue.
RFC 1918 • RFC 1918 address space describes several blocks of IP addresses that can be reused within different administrative domains. RFC 1918 space cannot be routed to the internet at large. • By defining the appropriate set of applications for which RFC1918 is OK to use [things that do not need direct public internet communication], a network may be able to reclaim a portion of their public routed IP space for other uses.
RFC 1918 • Opportunities for use of private IP space: • Cluster computing, where all external network connections are handled by a server with a public IP address. • Network management • A/V, HVAC controller systems • Printers • Backend services • Specialized lab equipment (microscopes, etc)
RFC 1918 – What we are doing • Defined the scope of the campus enterprise for which coordination of RFC1918 space occurred. • After soliciting input to minimize overlap with current usage, we chose to centrally administer 10.128.0.0/11. • We must strictly adhere to external routing protocols [static, BGP] for entities outside our administrative domain [currently use OSPF in some spots where we should not]
Reclaiming IP Numbers • Began August of 08 • At start had 19 or 20 /24's available • As of today we have 32 /24’s • Working on 3 /22s in the next month • Majority of staff receptive to working with us
IP Allocation Committee • The Committee will include a minimum membership of: • One (1) technical staff representative from the DoIT Network Services department • One (1) technical staff representative from other campus organization(s) • Two (2) At-large members from the campus • One (1) designated representative of the office of the CIO
IP Allocation Committee • Do what is best for the University • Transparency • Everyone should understand the policy, process, and decisions • Fairness • No favorites: decisions are made based on what is best for the University
Interim IP Allocation Policy Principles • IP address space is a campus resource • Stewardship of this resource, and responsibility for efficient and equitable allocation is assigned to the office of the CIO • The allocation, approval and appeals process must be transparent, flexible, timely and responsive
Interim IP Allocation Policy Principles • The allocation process must consider and balance the competing resource issues of IP address space constraints and limited staff time, impact on projects and operations, network complexity, and budget for all involved organizations. • Due to the limited availability of IPv4 addresses, conservation of existing address resources will be given high priority.
IP Allocation Committee • Standing committee to work with NetEng, CIO and campus • Oversee and monitor ongoing allocation process, review allocations and make recommendations to CIO
Teredo • Teredo is a network (tunneling) protocol designed to enable computers on a protected network or network behind a firewall running network address translation (NAT) to connect to IPv6 computers around the world. • The protocol encapsulates IPv6 packets within IPv4 packets such that communication can be routed through NAT devices and on the commodity IPv4 Internet. • A Teredo server is intended to be a temporary, transition technology given the long term goal to have all computers natively using IPv6.
Teredo • The service is built entirely on open source software that includes: • Quagga an open-source routing engine that supports multiple protocols, including OSPF. OSPF is used to run the anycast service. The Quagga configuration commands are very similar to familiar Cisco router commands. • Miredo is open-source Teredo IPv6 tunneling software, for Linux operating systems. It includes functional implementations of all components of the Teredo specification (client, relay and server) and is developed to provide IPv6 connectivity even from behind NAT devices. • SNMP or simple network management protocol is open-source software that enables monitoring and collecting traffic statistics on service utilization and service health information.
What did you think? • Your input is important to us! • Click on “Evaluate This Session” on the Enterprise 2009 program page. • Contacts: • Dave Parter - dparter@cs.wisc.edu • Perry Brunelli – brunelli@doit.wisc.edu