1

Migra(ontoIPv6-Bhutan:PolicyandRegula(on

2

Businesscon*nuity(esp.4G,IoT)IPv6inIPv4onlynetwork(Securityrisks)Economicdecision–InvestinIPv6VsProlongIPv4IPv6isgrowingrapidlyResourcesandbestprac*cesavailablePolicyandregulatorysupport

IPv6migration:TheWhy?questionsofstakeholders

Convincingdecisionmakersinstakeholders–Amajorchallenge

Whoarethesestakeholders?

-Ministry,Regulatoryauthority,e-Governmentagencies,Telecomserviceproviders,Contentdevelopersandproviders,Standardizationagencies,IPaddressallocationagencies,

Developmentagencies,AcademiaandTrainingProviders,Telecomresearchorganizations,Datacentreproviders,Internetexchangeproviders,Equipmentimporters,Typeapprovalagencies,Enterpriseswithownnetworks,EndUsers……..

4

Singapore:IPv6Adop(onGuideReport-I

ReportpreparedbyanalysysmasonandTechMahindraforIDASingaporeavailableathGp://www.ida.gov.sg/images/content/Technology/Technology_Level1/ipv6/download/IPv6Adop(onGuideforSingapore.pdf

5

Focusareasiden-fiedinthereport Planning

Network Applica-ons

Skills

Services/products

Singapore:IPv6AdoptionGuideReport-II

6Source:OECDPresenta(on;MeasuringDeploymentofIPv6,KarinePerset

Countryexperiences

LaoPDR

Mongolia

Cambodia

Bhutan(2017)

TrainingonIPv6deploymentandIPv6InfrastructureSecuritySpecializedtechnicaladvicetointerestedtelecomoperatorsRecommendationsonIPv6deployment

8

IPv6migration-ExperiencesStakeh

olde

rengagem

enta

ndstocktake • Currentstatus

andplansofgovernmentagenciesandenterprises,telecomoperators),contentdevelopersanddevicemanufacturersonthestatusofIPv6deploymentandfutureplan• Engagingstakeholdersinacommondialogue• Survey

Policy,TaskForce,Regula(

onand

Roadm

ap • IncludeIPv6

adop-onaspartofthena-onaltelecommunica-on/ICTpolicy• IPv6taskforce• IPv4toIPv6na-onalroadmap• Standardsandinteroperability• IXPsforIPv6peering

Governmen

tleade

rship • Setdeadlines

fordeploymentofIPv6withinallGovernmentAgenciesandprocurementprocesses• Monitoringmechanism

TelecomIndu

stryand

Business • Enterprise

publicfacingcontentneedstosupportIPv6• Startmigra-ontoIPv6withintheirinternalnetworks• Recommenda-ons/guidelinesforIPv6addressplans• EquipmentwhichistypeapprovedneedstobeIPv6capableasfaraspossible• Prepareanimplementa-onplanforIPv6intheirownnetworks• Transi(ontechnologies

IPv6Security

• DevelopanIPv6SecurityGuidelineinconsulta-onwiththeIPv6taskforce

HumanCapacity

Building • Buildhuman

capacityonIPv6transi-onmechanismincludingsecurity

Source:RoadmapassistancesbyAPNICandITU

9

Keyelementsofgovernmentaction•Establishingorsuppor(ngna(onalIPv6transi(ontaskforces(o`eninconjunc(onwithmul(stakeholdergroupsorRIRs);•Establishingna(onal“roadmaps”withbenchmarksand(metablesforIPv6deployment;•Manda(ngthatgovernmentagenciesadoptIPv6technologyfortheirnetworks,websitesorservices;•Promo(ngtheuseofIPv6ingovernment-fundededuca(onal,scienceandresearchnetworks;and•Promo(ngoverallawarenessofthetransi(onthroughsedngupwebsites,hos(ngworkshopsorforums,andsednguptrainingprogrammes.

10

Governmentspromo,ngIPv6deployment(examples)

11

GovernmentspromotingIPv6deployment(examples)

12

GovernmentspromotingIPv6deployment(examples)

Promo(onofIPv6IPv6deploymentanduseInteragencyTaskForceFunding

13

Singapore:IPv6TransitionProgramme

Source:hGp://www.ida.gov.sg/Technology/20110414104645.aspx

The IPv6 Transi(on Programme is a na(onal effort spearheaded by IDA in itsroleasthena(onalplannerforInfocommdevelopment,toaddresstheissueofIPv4 (Internet Protocol version 4) exhaus(on and to facilitate the smoothtransi(on of the Singapore Infocomm ecosystem to IPv6 (Internet Protocolversion6).Developed by the Singapore IPv6 Task Force, it involves a two-prongedapproachtodriveIPv6adop(oninthena(onaswellasencouragetheefficientuseoftheremainingpoolofIPv4addressestominimisetherisksofdeple(on

Developingreferencespecifica(onsandtransi(onguides

Engagingstakeholders

DevelopingIPv6capabili(es

EstablishinganIPv6Marketplace

SedngupIPv6industryexemplars

Others

14

IPv6Roadmap(example-India)

15

PreambleNTP-2012recognisesfuturis(crolesofInternetProtocolVersion6(IPv6)anditsapplica(onsindifferentsectorsofIndianeconomy.Objec,vesAchievesubstan(altransi(ontonewInternetProtocol(IPv6)inthecountryinaphasedand(meboundmannerby2020andencourageanecosystemforprovisionofasignificantlylargebouquetofservicesonIPplalorm.TelecomEnterpriseDataServices,IPv6CompliantNetworksandFutureTechnologiesTorecognizetheimportanceofthenewInternetProtocolIPv6tostartofferingnewIPbasedservicesonthenewprotocolandtoencouragenewandinnova(veIPv6basedapplica(onsindifferentsectorsoftheeconomybyenablingpar(cipatoryapproachofallstakeholders.Toestablishadedicatedcentreofinnova(ontoengageinR&D,specializedtraining,developmentofvariousapplica(onsinthefieldofIPv6.Thiswillalsoberesponsibleforsupporttovariouspoliciesandstandardsdevelopmentprocessesinclosecoordina(onwithdifferentinterna(onalbodies.

India:NTP2012andIPv6

17

GovernmentspromotingIPv6deployment(exampleIndia)

GovernmentOrganisa,ons:•  TheGovernmentorganisa(onsshouldprepareadetailedtransi(onplanfor

completetransi(ontoIPv6(dualstack)byDecember2017basedonthenetworkcomplexity&equipment/technologicallifecycles.TheplanshouldbepreparedlatestbyDecember2013andaccordinglytherequiredbudgetaryprovisionsshouldbemadeintheirdemandforgrant.

•  Forthispurpose,itisrecommendedthatadedicatedtransi(onunitineachorganisa(onshouldbeformedimmediatelytofacilitateen(retransi(on.

•  AllnewIPbasedservices(likecloudcompu(ng,datacentresetc.)tobeprovisionedfor/bytheGovernmentorganisa(onsshouldbeondualstacksuppor(ngIPv6trafficwithimmediateeffect.

•  ThepublicinterfaceofallGovernmentprojectsfordeliveryofci(zencentricservicesshouldbedualstacksuppor(ngIPv6trafficlatestby01-01-2015.ThereadinessofGovernmentprojectsinturnwillactasacatalystforprivatesectortransi(onfromIPv4toIPv6.

18

Governmentspromo,ngIPv6deployment(exampleIndia)

GovernmentOrganisa,ons:•  TheGovernmentorganisa(onsshouldprocureequipmentswhicharealsoIPv6

Ready(DualStack)andgofordeploymentofIPv6ready(DualStack)networkswithendtoendIPv6supportedapplica(ons.TheequipmentshouldbeeitherTECcer(fiedorIPv6ReadyLogocer(fied.

•  TheGovernmentorganisa(onsshouldgoforIPv6basedinnova(veapplica(onsintheirrespec(veareaslikesmartmetering,smartgrid,smartbuilding,smartcityetc.

•  TheGovernmentorganisa(onsshoulddevelopadequateskilledIPv6trainedhumanresourceswithintheorganisa(onthroughperiodictrainingsoveraperiodofonetothreeyearstohaveaseamlesstransi(onwithminimumdisrup(on.

•  TheIPv6shouldbeincludedinthecurriculumoftechnicalcoursesbeingofferedbyvariousins(tutes/collegesacrossthecountry.

19

GovernmentspromotingIPv6deployment(exampleIndia)

ServiceProviders:EnterpriseCustomers•  Allnewenterprisecustomerconnec(ons(bothwirelessandwireline)providedbyService

Providersonora`er01-01-2014shallbecapableofcarryingIPv6trafficeitherondualstackoronna(veIPv6.

•  Regardingtheexis(ngenterprisecustomerswhicharenotIPv6ready,theServiceProvidersshalleducateandencouragetheircustomerstoswitchovertoIPv6.

RetailCustomers(Wireline)•  Allnewretailwirelinecustomerconnec(onsprovidedbyServiceProvidersonora`er01-01-2017

shallbecapableofcarryingIPv6trafficeitherondualstackoronna(veIPv6.•  TheServiceProvidersshallendeavortoprogressivelyreplace/upgradetheServiceProviders

ownedCPEswhicharenotIPv6readyasperthefollowing(melines:•  Replacement/upgrada(onof25%ofCPEsbyDecember2014.•  Replacement/upgrada(onof50%ofCPEsbyDecember2015.•  Replacement/upgrada(onof75%ofCPEsbyDecember2016.•  Replacement/upgrada(onof100%ofCPEsbyDecember2017.RegardingthecustomerownedCPEswhicharenotIPv6ready,theServiceProvidersshalleducateandencouragetheircustomerstoreplace/upgradesuchCPEstoIPv6readyones.

20

GovernmentspromotingIPv6deployment(exampleIndia)

RetailCustomers(Wireless)•  AllnewLTEcustomerconnec(onsprovidedbyServiceProviderswitheffectfrom01-01-2017shall

becapableofcarryingIPv6trafficeitherondualstackoronna(veIPv6.•  AllnewGSM/CDMAcustomerconnec(onsprovidedbyServiceProvidersonora`er01-01-2017

shallbecapableofcarryingIPv6trafficeitherondualstackoronna(veIPv6Content&Applica(onProviders:•  Allcontents(e.g.websites)andapplica(onsprovidersshouldendeavourtoadoptIPv6(dualstack)

by01-01-2017.’

•  Thecompletefinancialecosystemincludingpaymentgateways,financialins(tu(ons,banks,insurancecompaniesetc.shouldendeavourtoadoptIPv6(dualstack)by01-01-2017.’

•  Theen(re‘.in’domainshouldendeavourtoadoptIPv6(dualstack)by01-01-2017.’

21

GovernmentspromotingIPv6deployment(exampleIndia)

EquipmentManufacturers:•  Allmobilephonehandsets/datacarddongles/tabletsandsimilardevicesusedforinternetaccess

suppor(ngGSM/CDMAversion2.5GandabovesoldinIndiaonora`er30-06-2014shallbecapableofcarryingIPv6trafficeitherondualstack(IPv4v6)oronna(veIPv6.

•  AllwirelinebroadbandCPEssoldinIndiaonora`er01-01-2014shallbecapableofcarryingIPv6trafficeitherondualstackoronna(veIPv6.

CloudCompu(ng/DataCentres:•  Allpubliccloudcompu(ngservice/datacentresprovidersshouldendeavourtoadoptIPv6(dual

stack)latestby01-01-2017.

TelecomServiceProvider-Migration

Exis(ngNetwork:AuditandAssessment

Exis(ngNetwork

Op(miza(on

ProcuringIPv6Address

Space

DevelopingIPv6Address

Plan

DeploymentonNetwork

SeekingIPv6Transit

EnablingCustomers/End-Users

Source:Dr.PhilipSmith,RoadmapsassistancesbyAPNICandITU

23

IPv6relatedstandards(Non–exhaustive)

Table 8: List of IETF RFCs related to IPv6 SecurityIETFRFC

Title

IETFRFC3964(2004)IETFRFC4593(2006)IETFRFC4795(2007)IETFRFC4861(2007)IETFRFC4942(2007)IETFRFC5942(2010)IETFRFC5969(2010)IETFRFC6106(2011)IETFRFC6333(2011)IETFRFC6434(2011)

SecurityConsiderationsfor6to4.GenericThreatstoRoutingProtocols.Link-LocalMulticastNameResolution(LLMNR).NeighborDiscoveryforIPversion6(IPv6).IPv6Transition/CoexistenceSecurityConsiderations.IPv6SubnetModel:TheRelationshipbetweenLinksandSubnetPrefixes.IPv6RapidDeploymentonIPv4Infrastructures(6rd)–ProtocolSpecification.IPv6RouterAdvertisementOptionsforDNSConfiguration.Dual-StackLiteBroadbandDeploymentsFollowingIPv4Exhaustion.IPv6NodeRequirements.

IETFRFC6618(2012) MobileIPv6SecurityFrameworkUsingTransportLayerSecurityforCommunicationbetweentheMobileNodeandHomeAgent

IETFRFC6686(2013) ProblemStatementforRenumberingIPv6HostswithStaticAddressesinEnterpriseNetworks

IETFRFC6879(2013) IPv6EnterpriseNetworkRenumberingScenarios,Considerations,andMethods

IETFRFC6883(2013) IPv6GuidanceforInternetContentProvidersandApplicationServiceProviders

IETFRFC6889(2013) AnalysisofStateful64TranslationIETFRFC6946(2013) ProcessingofIPv6"Atomic"FragmentsIETFRFC6980(2013) SecurityImplicationsofIPv6FragmentationwithIPv6NeighborDiscoveryIETFRFC7059(2013) AComparisonofIPv6-over-IPv4TunnelMechanismsIETFRFC7113(2014) ImplementationAdviceforIPv6RouterAdvertisementGuard(RA-Guard)IETFRFC7123(2014) SecurityImplicationsofIPv6onIPv4NetworksIETFRFC7283(2014) HandlingUnknownDHCPv6MessagesIETFRFC7368(2014) IPv6HomeNetworkingArchitecturePrinciplesIETFRFC7381(2014) EnterpriseIPv6DeploymentGuidelinesIETFRFC7526(2015) DeprecatingtheAnycastPrefixfor6to4RelayRoutersIETFRFC7527(2015)IETFRFC7610/BCP199(2015)IETFRFC7707(2016)IETFRFC7721(2016)IETFRFC7739(2016)IETFRFC7824(2016)

EnhancedDuplicateAddressDetectionDHCPv6-Shield:ProtectingagainstRogueDHCPv6ServersNetworkReconnaissanceinIPv6NetworksSecurityandPrivacyConsiderationsforIPv6AddressGenerationMechanismsSecurityImplicationsofPredictableFragmentIdentificationValuesPrivacyConsiderationsforDHCPv6

24

IPv6InfrastructureSecurity(ITU-TX.1037)

NetworkDevices(Router,Switch,NATdevice)

Clients,servers,andotherenddevices(EndNodes,DHCP,DNS)

SecuritydevicessuchasfirewallsandIDSDevices(IntrusionDetec(onSystem,Firewall)

25

KeyissuestoconsiderinBhutan

•  Policy,legisla(onandregula(oncluster•  Ins(tu(on,stakeholderengagementandcoordina(oncluster•  Technology(hardwareandso`ware),standards,typeapproval,

infrastructure,andinteroperabilitycluster•  Securitycluster•  Assessment,pilot,tes(nganddeploymentcluster•  Knowledge,awarenessandskillscluster•  Procurementandfinancialcluster

BhutanTelecommunica,onsandBroadbandPolicy2014

DevelopIPv6migra(onplan

26ITUASPRO

ThankYou