State of R&E IPv6 Deployment: Successes and Setbacks

Similar documents
IPv6 Deployment Lessons-Learned and Keys to Success

IPv6 Implementation Update DREN and SPAWAR

IPV6 Deployment Experiences or what s it really like hearing IPv6 IPv6 IPv6 every day

IPv6 Implementation Update DREN and SPAWAR

Meeting the OMB FY2012 Objective: Experiences, Observations, Lessons-Learned, and Other Thoughts

IPv6 on Campus. The stuff you need to know

IPv4 Exhaustion at ARIN

IPv6 Deployment Experiences. John Jason Brzozowski

Computer Networks. Course Reference Model. Topic. Error Handling with ICMP. ICMP Errors. Internet Control Message Protocol 12/2/2014.

Akamai's V6 Rollout Plan and Experience from a CDN Point of View. Christian Kaufmann Director Network Architecture Akamai Technologies, Inc.

Akamai's V6 Rollout Plan and Experience from a CDN Point of View. Christian Kaufmann Director Network Architecture Akamai Technologies, Inc.

IETF 81 World IPv6 Day Operators Review

DREN IPv6 Implementation Update

14 January 2013 Presented by: Kevin L. Jones Agency IPv6 Transition Manager

Why do we really want an ID/locator split anyway?

DNSSEC Signing Experiences. Michael Sinatra, UC Berkeley Internet2 Member Meeting 3 November 2010

IPv6 Migration Framework Case of Institutions in Ethiopia

Lunch with John Curran. President and CEO, ARIN

SaaS Providers. ThousandEyes for. Summary

IPv6 Deployment Survey. Based on responses from the global RIR community during July Maarten Botterman

When Shoestrings Snap

Enterprise IPv6 Deployment Perspectives from US Government

Ivano Guardini Telecom Italia Lab March 2002

IPv6 Deployment Survey. Based on responses from the RIPE community during June 2009 Maarten Botterman RIPE 59, Lisbon, 6 October 2009

IPv6 World View and World IPv6 Day A global view of IPv6 commercial readiness

IPv6 Deployment Experiences

DREN IPv6 Implementation Update

IPv4 Depletion and IPv6 Adoption Today. Richard Jimmerson

Global IPv6 Summit Beijing, China. Vint Cerf MCI April 13, 2004

Business Objects Product Suite

Feeling the Brady Bunch s Pain

IPv4 End of Life Proposals in the RIRs

IPv6 Only. Pete Stevens Mythic Beasts Ltd. mythic beasts

Beyond the IPv4 Internet. Geoff Huston Chief Scientist, APNIC

The Science DMZ as a Security Architecture

How to Re-evaluateYour MPLS Service Provider

IPv6: The Ins and Outs. Chris Buechler

IPv6: Are we really ready to turn off IPv4?

How to Really Secure the Internet

IPv6 deployment status: Where are we now and way forward. Miwa Fujii APNIC

IPv6 Enablement for Enterprises. Waliur Rahman Managing Principal, Global Solutions April, 2011

RESEARCH DATA DEPOT AT PURDUE UNIVERSITY

The IPv6 Deployment in Taiwan Academic Network

Enterprise IPv6, Affecting Positive Change

QOS Quality Of Service

IPv6 Transition Progress

ThousandEyes for. Application Delivery White Paper

IPv6 Readiness in the Communication Service Provider Industry

Post IPv4 completion. Making IPv6 deployable incrementally by making it. Alain Durand

IPv6 at Google. Lorenzo Colitti

The Road to IPv6. A Campus in Transition from Learning to Educating

Open Connect: Starting from a Greenfield (a mostly Layer 0 talk) Dave Temkin 06/01/2015

Enterprise IPv6 Deployment Security and other topics

Next Generation IPv6 Cyber Security Protection Through Assure6i TM Product Line

CONCEPTION ON TRANSITION METHODS: DEPLOYING NETWORKS FROM IPV4 TO IPV6

WHITE PAPER. Best Practices for Web Application Firewall Management

A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management

DREN IPv6 Implementation Update

Deployment of IPv6 at Ss. Cyril and Methodius University in Skopje Goce Gjorgjijoski

M0n0wall and IPSEC March 20, 2004 Version 1.1 Francisco Artes

Migration Technologies. Dual Stack and Tunneling Using GRE, 6to4, and 6in4.

Python Scripting For ArcGIS Free Download PDF

Dual-Stack Connections in 3GPP Networks. Jari Arkko and Fredrik Garneij, Ericsson

Addressing the Barriers to IPv6 Adoption - Barriers to IPv6 Adoption: Overview and Categories

Solving the Routing Scalability Problem -- The Hard Parts. Jari Arkko APRICOT 2007, Bali, Indonesia

Installing and Configuring the Voice UPB Bridge updated 1-Jan-2019

Achieving the Science DMZ

Introduction to The Internet

Networking updates: CHECO CIO meet ing


Central platform for business-wide, standardized Conversion of documents to PDF and PDF/A

USGv6: US Government. IPv6 Transition Activities 11/04/2010 DISCOVER THE TRUE VALUE OF TECHNOLOGY

Table of Contents. Cisco How NAT Works

IPv6 Terra Experience.

IPv6 is an Innovation Opportunity

Workshop on the IPv6 development in Saudi Arabia 8 February 2009; Riyadh - KSA

A Better Approach to Leveraging an OpenStack Private Cloud. David Linthicum

A Software Defined Approach to Unified IPv6 Transition

BUSTED! 5 COMMON MYTHS OF MODERN INFRASTRUCTURE. These Common Misconceptions Could Be Holding You Back

IP Mobility vs. Session Mobility

Copyright 2004 OCCAID. All rights reserved.

How HomeAway uses Node.js to Rev Operations to Scale and Tame Acquisition Woes

APNIC input to the Vietnam Ministry of Information and Communications ICT Journal on IPv6

Questions for Decision Makers

A strategy for IPv6 adoption

10 years of IPV6 operations. Joel Jaeggli and a cast of Many

Netalyzr Updates. Christian Kreibich (ICSI), Nicholas Weaver (ICSI), and Vern Paxson (ICSI & UC Berkeley) Netalyzr Updates

Victra A Verizon Authorized Retailer

NC Education Cloud Feasibility Report

IPv6 Implementation Best Practices For Service Providers

International Big Science Coming to Your Campus Soon (Sooner Than You Think )

6 Misconceptions About IPv6. Jen Linkova,

Network Defenses 21 JANUARY KAMI VANIEA 1

An Introduction to IPv6

IPv6 & Internet Governance Developments. CANTO Nate Davis, Chief Operating Officer

Move beyond BYOD to Mobile Workspace with Cisco and Citrix

Comcast IPv6 Trials NANOG50 John Jason Brzozowski

It s s The End Of The World As We Know It

APNIC Operations IPv6 Challenges

Close Your File Template

Transcription:

State of R&E IPv6 Deployment: Successes and Setbacks Michael Sinatra, Network Engineer ESnet Network Engineering Group ARIN 29 Vancouver, BC April 23, 2012

Overview Background What s right with IPv6 adoption in EDU and GOV? What s wrong with IPv6 adoption in EDU and GOV? Why is this happening? What am I doing to fix it? 4/23/12 2

Background: Different Models EDUs have different models for network support. Model I: Centralized network (and security) management. Possibly border firewalls and security policy. Model II: (Mostly) centralized network management, security generally decentralized (departmental firewalls or virtual contexts). Model III: Completely decentralized. Central network group is backbone ISP for the rest of the enterprise. GOV models (mainly national labs) Model I: Open network, very little (if any) classified info. Model II: Different layers of security between classified and nonclassified networks and visitor nets. (Red/Yellow/Green) In both cases, Model II (ironically) can be the best for v6 uptake. 4/23/12 3

EDU IPv6 deployment matrix IPv4 only Clients IPv4 only Very little v6 adoption Infrastructure v6-capable UC Berkeley Services IPv6 adoption UCLA WPI SDSMT U of Maine Major services (www, email) are dual- stack IPv6 adoption Client networks IPv6 capable LSU Eutopia Virginia Tech

Background: GOV mandates September 30, 2012: All public facing services must be natively dual-stack (no tunnels but proxies are okay). Some agencies are interpreting this to mean email and www, but it really refers to all public-facing sites. September 30, 2014: All backed systems in support of all public services must be natively dual-stack (no more proxies!). 4/23/12 5

GOV success stories Veterans Administration has been very aggressive in deploying and evangelizing IPv6 and is actively assisting other agencies. DREN has been a big success. Now bills itself as an IPv6 network with legacy IPv4 support. IRS (the IRS??) has a comprehensive lessons-learned site and even came up with a (sort of) witty acronym: GEEKV6. National Labs: Plugging forward with the mandates; some doing better than others. 4/23/12 6

EDU Success Stories Virginia Tech: Eyeball success UCLA: Public-facing service success (for a Model III) UC Berkeley: Wireless eyeballs SDSMT, WPI, Maine 4/23/12 7

So what s the problem? GOV and EDU CIOs very concerned about security. Generally paramount on their radar. They hear that IPv6 creates more security problems (wrong). They hear that their IDSes and Firewalls don t support IPv6 (or don t do it as well as IPv4). (Probably right.) GOV CIOs being pushed by mandates; EDU CIOs not. GOV and EDU CIOs also enamored with the Cloud. Need to reduce costs; looking to outsource. Seem to understand that the network is very important for network-based services, but seem to take it for granted. Network is a substrate that just works. It s mature and basically complete. Now we need to worry about services above the network. 4/23/12 8

So what s the problem? Results: While EDUs were initially on the forefront of IPv6 deployment, things have stagnated somewhat. Internet2 announced with great fanfare a cloud agreement with Box (formerly box.net). No IPv6 support. à This is an organization that has been giving IPv6 workshops for more than 10 years! (I attended my first in February 2002.) Cool new SSH replacement/overlay called mosh. Works on bad, high-latency connections! Automatically reconnects! Doesn t support IPv6! (But they are working on it ) IPv6 still an afterthought in many cases. Not much movement on my matrix slide or on Mark Prior s IPv6 Survey website. 4/23/12 9

Dang, there s still a lot of red in here! 4/23/12 10

EDU Organization Central networking group is the ISP for both the students/faculty and the Enterprise. IPv6 is a network problem. Systems and (especially applications people don t need to pay attention. Network often funded differently than central systems and applications. No incentive for IPv6 beyond the network. Complacency: Wow! I'm at NYU so I think we have a block of ipv4 addresses big enough to last till about 202012. user johnmcdonnell on reddit thread as to why mosh doesn t yet support IPv6 (yet another example of complacency!). Note! This user appears to be a grad student and does not represent the views of the central IT department. But he does appear to be a techsavvy user. 4/23/12 11

EDU organization In other words, outside of the central networking group, there is little interest in IPv6. And moreover, you can t trust those network engineers! Besides, they re mean and they don t like us. They all hang out together and laugh at us systems people as we walk by. CIOs not focused on fixing a substrate they don t see as broken. See more risks to deploying IPv6 than to not deploying IPv6. 4/23/12 12

Technical issues Before it was support for IPv6 at all. Now it s lack of feature parity, and that s still biting us! Load balancers that throw away IPv6 MTU messages. Firewalls and IDSes. Management tools (or lack thereof). We re getting close, but there are a few final pieces that need to go into place. What about our own tools? 4/23/12 13

Technical issues Don t you hate seeing this? if ($_=~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/) { I go through and spray all of our scripts with IPv4 assumption bug repellent spray. There are libraries that do this for you and they work with IPv4 AND IPv6!! perl: Net::IP and NetAddr::IP python: IPy Note that Postgresql has a data type inet that magically handles both IPv4 and IPv6 addresses. No fuss, no muss! The tools are there, but we need to change the way we think! 4/23/12 14

So what am I doing? Educate CIOs and managers. Since they are motivated by risk, explain the risks of not deploying IPv6 to balance the risks they already know about. Security (yes, security): Unknown tunnels, NAT obfuscation, etc. Eyeball networks needing access to IPv6-only resources. (Scientific instruments in Asia, etc.) Access to your information networks. (Wealthy donors in Asia, students in developing countries, etc.) Even if you think you have a lot of address space, your probably don t. (Mobile/wireless growth, HPCCs, more and more networked devices.) 4/23/12 15

So what am I doing? Train users and sysadmins: Putting something on the network means dual-stacking it from day one. Dev and QA nets must be IPv6 as well as production. New services must be developed with IPv6 from day one. IPv6 cannot be an afterthought. à Provide examples of pain and additional costs of grafting IPv6 onto a service that didn t have it from the beginning. Unfortunately, I have many in my bag of tricks. 4/23/12 16

References http://www.mrp.net/ipv6_survey.html http://www.reddit.com/r/programming/comments/s2hpx/ mosh_ssh_for_2012/ Another good quote from the above: It's hardly for 2012 when it doesn't support IPv6 yet. 4/23/12 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback