IPv6 experience from a large enterprise - Networkshop44
Transcript of IPv6 experience from a large enterprise - Networkshop44
![Page 1: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/1.jpg)
IPv6: Experience from aLarge Enterprise
Marcus Keane
![Page 2: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/2.jpg)
Marcus KeaneNetwork ArchitectMicrosoft
IPv6: Experience from a Large Enterprise
Microsoft IT
![Page 3: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/3.jpg)
• A very brief history of our IPv6• Our current status• Some issues we encountered• What currently motivates us• Next steps• Ongoing planning
Agenda
![Page 4: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/4.jpg)
• 1999 Microsoft Research looking at IPv6• Limited Microsoft IT involvement
• Acquired ARIN IPv6 /32 prefix 2001:4898::/32• Also connected to 6bone – using 3ffe::/16
• 2005-2006 Microsoft IT started working with IPv6• Restricted deployment to aid development
• 2006-2012 IPv6 collaboration across groups• World IPv6 Day• World IPv6 Launch• Mostly grassroots work
Evolution of our IPv6
![Page 5: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/5.jpg)
• Operating systems IPv6 capable• Most managed systems o/s >= Win8.1
• Transition technologies• ISATAP deprecated in favour of dual-stack
• Security and monitoring• Firewalls IPv6-enabled• Other security components(DLP, IDS, etc.) IPv6-aware• Netflow v9 enabled on routers
• On-premise DCs IPv6 enabled• Internet Access• Peering with AS8075 and Level3• Advertising /48s out of regional /32s• Enabling IPv6 internet to labs on request
Current status of IPv6
![Page 6: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/6.jpg)
• Corporate network• 100% of WAN and Backbone is v6 enabled; IS-IS backbone (OSPFv2/v3 campus)• 63% of managed hosts are v6 enabled• Approximately 50% of corporate access network is native enabled• 6,800 internal v6 routes, 20,000 internal v4 routes
• Example DNS AAAA to A record comparison• This includes teredo…
Current status of IPv6 - continued
EuropeRedmondA – 70009 A – 913,700AAAA – 69,302 AAAA - 654,734
![Page 7: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/7.jpg)
• Increased LAN control plane traffic• ND/ARP• LLMNR, etc.
• Rogue RAs• Fixed by RA-guard
• FIB requirements on routers• Incongruent traffic for IPv6 and IPv4• Fixed by IS-IS
• Miscellaneous operational issues - MPLS, DAD, etc.• User training
Some issues we encountered
![Page 8: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/8.jpg)
• MSIT has no more public IPv4 space• We have no more RFC1918 space• Guest wireless network• Corporate network expansion
• We have overlapping RFC1918 space• Azure and online properties• Acquisitions – Nokia
• This is getting complicated. And expensive
What motivates us now
![Page 9: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/9.jpg)
• Pilot IPv6-only on corporate network• There is an existing small pilot in Redmond, USA• Works for most applications• Still working on some issues – DHCPv6 related
• Pilot IPv6-only on wireless guest network• This works well for iOS/Windows Phone• Still have some issues to solve – Android
• Both using:• DNS64• NAT64
Next steps
![Page 10: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/10.jpg)
Next steps - continued
![Page 11: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/11.jpg)
• Deploy IPv6 to remaining access edge networks• This is being automated
• Convert DC apps• Most DC apps are still using an IPv4 VIP• Convert to IPv6 with evolution of application
• Deploy Global NAT64/DNS64• Start Removing IPv4 from access edge networks• Network-of-Things will have to remain Dual-Stack
Next steps - continued
![Page 12: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/12.jpg)
• DHCPv6 stateful or SLAAC or both?• MPLS for IPv6 – segment routing?• IPv6 Multicast• Network Management
Ongoing planning(and discussion)
![Page 13: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/13.jpg)
Thank YouQuestions?The foregoing represents Microsoft’s approach to moving to IPv6. It is for informational purposes only.
![Page 14: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/14.jpg)
© 2015 Microsoft Corporation. All rights reserved.
![Page 15: IPv6 experience from a large enterprise - Networkshop44](https://reader031.fdocuments.in/reader031/viewer/2022022202/588043b41a28abfd0a8b692f/html5/thumbnails/15.jpg)
Contact
Marcus KeaneNetwork Architect, Microsoft