IPv6 Migration 21 Nov2008
-
Upload
peter-hj-van-eijk -
Category
Technology
-
view
2.623 -
download
0
description
Transcript of IPv6 Migration 21 Nov2008
IPv6 integrationstrategiesNovember 25, 2008
Peter van Eijkhttp://petersgriddle.nethttp://digitalinfrastructures.nl
© Digital Infrastructures 2 Nov 25, 2008
© Digital Infrastructures 3 Nov 25, 2008
The IP address evolution
Source: Wikipedia
© Digital Infrastructures 4 Nov 25, 2008
Why did we want IPv6 in the first place? More addresses:
But: NAT makes 24+24 = 48 bits addresses, which is >60.000* more than public IP addresses (145.15.15.X + 10.A.B.C)
Better security: Better than NAT? New technology = new bugs and leaks
New applications: QoS, VoIP, IPTV Routers ready for prime time?
No NAT needed No NAT: no walled garden… No provider independence?
Easier address allocation DHCP is proven technology, why bother?
More customer revenue (ARPU)? Where? Who? How?
© Digital Infrastructures 5 Nov 25, 2008
Who has the real address space problem? [no, maybe] Retail consumer: no.
Will want IPv4 connectivity for next 20+ years Organisations: maybe?
If by IPv6 you can avoid renumbering with every reorganisation
ISP: maybe? Where is the paying customer? More support issues
© Digital Infrastructures 6 Nov 25, 2008
Who has the real address space problem? [could be, wannabe] We can always use RFC 1918 (10.X.X.X)
addresses, can we? Unless we need millions of them. Double NAT??
Class A exhaustion is the real problem Large ISPs are moving on this
Unless we need private partner networks Unless we need to merge and renumber
Deploying millions of connected devices RFID tags?, sensors, machine to machine Mobile handsets
© Digital Infrastructures 7 Nov 25, 2008
How hard is integration with IPv6?IPv6 integration project
=Y2K : check all Operating Systems +€ : review all applications for the
use of IP addresses -/-deadline : there is no rush
This ‘formula’ suggests that the integration project is going to cost a lot, and last very long
In 1965 people drove left in Sweden, in 1967 on the right hand side. How did they migrate? City by city?
© Digital Infrastructures 8 Nov 25, 2008
IPv6 integration is a chain problem
First: everybody spends money (implement dual stack IPv6)
Then: some pick the rewards (more address space, phase out IPv4)
© Digital Infrastructures 9 Nov 25, 2008
Every component of the chain has to migrate (simplistic view)
CPE ServersISP, WANUser equipment
IPv4
IPv6
IPv4
IPv6
IPv4 eraIPv4 era
IPv6 eraIPv6 era
Ga-te-way
Ga-te-way
Ga-te-way
Ga-te-way
© Digital Infrastructures 10 Nov 25, 2008
Current state of affairs
© Digital Infrastructures 11 Nov 25, 2008
IPv4 addresses per inhabitant USA 4.7 : 1 NL 1 : 1 China 1 : 17 India 1 : 165
World (‘end state’) 1 : 2
© Digital Infrastructures 12 Nov 25, 2008
What is there?
Windows XP and Vista are dual stack (IPv4/v6 on one network card)
Most new mobile phones Server OS mostly OK
Backbone routers +/- CPE (ADSL & Cable modems in progress)
© Digital Infrastructures 13 Nov 25, 2008
IPv6 0.1% of traffic
600 Mbit/sec @ AMS/IX
Daily and weekly patterns suggest home users take the lead
© Digital Infrastructures 14 Nov 25, 2008
IPv6 versus IPv4 traffic growth on AMS-IX
Parity in 2010?
© Digital Infrastructures 15 Nov 25, 2008
Airport Extreme as SoHo gateway drives adoption
Google measurements suggest IPv6 capability 50% by 2013
© Digital Infrastructures 16 Nov 25, 2008
© Digital Infrastructures 17 Nov 25, 2008
What is not there?
Mature and proven technology ISP OSS/BSS and other applications Enough skilled people Business case (mostly)
© Digital Infrastructures 18 Nov 25, 2008
Reasons to migrate
© Digital Infrastructures 19 Nov 25, 2008
Cases
Comcast: needs 100 M addresses; double NAT is too complex to engineer and run
NATO: auto configuring mobile (vehicle) networks
SME: avoid double NAT over VPN Microsoft: Peer to peer security model requires
unique identities Mobile operators; car manufacturers: acquiring
address space; NAT is a battery drain
© Digital Infrastructures 20 Nov 25, 2008
Typical IPv6 adopters
Research & Universities Providers of new services
IMS, P2P, Mobile Operators, Car telematics Very large and complex networks
multimillion nodes and/or double NAT Small/Medium enterprises
VPN over Cable/DSL -> double NAT Dark horse: Adoption of new MS collaboration,
serverless collaboration ? Private interconnection between organisations
Public IP space for this is hard to get -> double NAT
© Digital Infrastructures 21 Nov 25, 2008
How to migrate
© Digital Infrastructures 22 Nov 25, 2008
What should you do (top prio)?
Specify IPv6 capabilities in all RFP Pilot projects Upgrade network management to dual
stack, which will give you visibility on your evolving IPv6 network
© Digital Infrastructures 23 Nov 25, 2008
Possible logical approach for non-ISP organisations1. Acquire IPv6 space
preferably provider independent (PI)
2. Set up pilot3. Dual stack servers (€)4. Upgrade all apps
start with firewall and network mgt (€€)
5. Upgrade company IP backbone (€€€) Tunnel into public IPv6, migrate to dual-stack ISP
6. Migrate clients to IPv6 (€€) Proxy firewall will NAT for external IPv4 websites
© Digital Infrastructures 24 Nov 25, 2008
Possible logical approach for ISPs
1. Begin ASAP with dual stack CPEIPv4 CPE is tomorrows legacy
2. Upgrade OSS/BSS and administrative systems
3. IPv6 in the backbone to CPE Home network IPv4 (192.168.X.X) NAT at CPE, which is already there
© Digital Infrastructures 25 Nov 25, 2008
Possible logical approach for 3GPP providers
1. Provision dual stack UEIPv4 UE is tomorrows legacy
2. Upgrade OSS/BSS and administrative systems
3. IPv6 in the backbone to access concentrator
© Digital Infrastructures 26 Nov 25, 2008
Lessons learned
Early planning makes for cheap migrationPurchasingTraining/ and recruitingDo pilotsMake address space plan
Dual stack backbone, single stack terminal Note: dual stack network is more redundant against
configuration glitches
© Digital Infrastructures 27 Nov 25, 2008
Lessons learned: IPv6 challenges
Trained people: operators, engineers? Limited IPv6 security and management
software High-end load balancers not mature Cheap IPv6 CPE? Software and standards for mobility
(roaming) not mature enough yet
© Digital Infrastructures 28 Nov 25, 2008
Possible end-state for IPv6
CPE Hosting, V4 (+V6)ISP, WAN
SOHO: V4 (+V6)
IPv4
IPv6
Corporate: V6
Mobile: V6
V4-V6 NAT
© Digital Infrastructures 29 Nov 25, 2008
Skeleton adoption project plan
Elaborate needs and possibilities, strategic expectations Establish roadmap, scope and urgency High-level integration plan Preparation phase
Specify IPv6 in purchasing standards Build up IPv6 competencies in selected staff Start pilot projects
Preproduction phase Dual stack network management and infrastructural services (DNS) IPv6 connectivity for limited number of users
Expansion phase Plan dual stack for all servers, realization of strategic benefits
Implementation and handover to operations
© Digital Infrastructures 30 Nov 25, 2008
Possible steps on policy level
Important policy measures any public administration can take:Make government websites IPv6 readySponsor case studies into secured
communication between organizations. Both activities will have increased
competency levels as one of their benefits.
© Digital Infrastructures 31 Nov 25, 2008
The ‘bait’
http://www.ipv6experiment.com/ We're taking 10 gigabytes of the most popular "adultentertainment" videos from one of the largest subscription websites on the internet, and giving away access to anyone who can connect to it via IPv6. No advertising, no subscriptions, no registration.
If you access the site via IPv4, you get a primer on IPv6, […] If you access the site via IPv6 you get instant access to "the
goods".
© Digital Infrastructures 32 Nov 25, 2008
More information
English report [email protected] Dutch report
http://www.ecp.nl/download/Rapport_IPv6_7_maart_2007_definitief.pdf
Dutch newsletter on IT management www.digitalinfrastructures.nl (Computable column), or mail [email protected]
Subscribe to http://petersgriddle.net “What’s cooking on the net?”
Further reading:http://www.bgpexpert.com/presentations/overstapv6.pdf
http://petersgriddle.net/2006/10/ipv6-has-heartbeat-but.html
http://www.ipv6.org/