The Road to IPv6. A Campus in Transition from Learning to Educating

Similar documents
DREN IPv6 Implementation Update

Guide to TCP/IP Fourth Edition. Chapter 11: Deploying IPv6

Carl Harris Chief Technology Officer Virginia Tech IT

Enterprise IPv6 Deployment Security and other topics

IPv6 on Campus. The stuff you need to know

IPv6 Deployment at the University of Pennsylvania

Cisco IOS IPv6. Cisco IOS IPv6 IPv6 IPv6 service provider IPv6. IPv6. data link IPv6 Cisco IOS IPv6. IPv6

How to plan and deploy GovWiFi - its IPv6 now! Jul 2013

DREN IPv6 Implementation Update

IPv6 Implementation Best Practices For Service Providers

IPv6 investigation within Informatics. George Ross

IPv6 Enablement for Enterprises. Waliur Rahman Managing Principal, Global Solutions April, 2011

IPv6 in the Enterprise

Considerations and Actions of Content Providers in Adopting IPv6

Tomáš Podermański, Matěj Grégr,

IPv6 in Campus Networks

Chapter 5. Security Components and Considerations.

DREN IPv6 Implementation Update

IPv4/v6 Considerations Ralph Droms Cisco Systems

World IPv6 Launch and Penn

ActualTorrent. Professional company engaging Providing Valid Actual Torrent file for qualification exams.

IPv6: The Ins and Outs. Chris Buechler

IPv6 Bootcamp Course (5 Days)

IPv6 Security. David Kelsey (STFC-RAL) IPv6 workshop pre-gdb, CERN 7 June 2016

Migration Technologies. Dual Stack and Tunneling Using GRE, 6to4, and 6in4.

Cisco Certified Network Associate ( )

IPv6. Internet Technologies and Applications

IPv6 in 2G and 3G Networks. John Loughney. North American IPv6 Forum 2004

Inside Cisco IT: Making the Leap to IPv6

CCNA. Murlisona App. Hiralal Lane, Ravivar Karanja, Near Pethe High-School, ,

CCNA Routing and Switching (NI )

Unit 5 - IPv4/ IPv6 Transition Mechanism(8hr) BCT IV/ II Elective - Networking with IPv6

Learning/Playing with IPv6 at home. Keith Garner, Gradebook Team Lead

Enterprise IPv6, Affecting Positive Change

IPv6 Next generation IP

How Cisco IT Is Accelerating Adoption of IPv6

The case for IPv6-only data centres...and how to pull it off in today's IPv4-dominated world

ENTERPRISE. Brief selected topics. Jeff Hartley, SP ADP SE

IP Addressing Modes for Cisco Collaboration Products

IPv6 Security: Threats and Mitigation

Impact of IPv6 to an NGN and Migration Strategies. Gyu Myoung Lee ETRI

Akamai's V6 Rollout Plan and Experience from a CDN Point of View. Christian Kaufmann Director Network Architecture Akamai Technologies, Inc.

Security Considerations for IPv6 Networks. Yannis Nikolopoulos

Recent IPv6 Security Standardization Efforts. Fernando Gont

TEXTBOOK MAPPING CISCO COMPANION GUIDES

CompTIA Network+ Study Guide Table of Contents

IPv6 Implementation Update DREN and SPAWAR

IPv6 Implementation Update DREN and SPAWAR

Radware ADC. IPV6 RFCs and Compliance

IPv6: What is it? Why does it matter?

IPv6 Community Wifi. Unique IPv6 Prefix per Host. IPv6 Enhanced Subscriber Access for WLAN Access Gunter Van de Velde Public.

IPv6 in the Telco Cloud

CCNA ROUTING & SWITCHING

Configuring a DHCP Server DHCP Operation

IP Addressing Modes for Cisco Collaboration Products

Cisco IT Building an IPv6 Only Network Deploying IPv6 only in SJC23

Practical IPv6 for Windows Administrators

Exam Topics Cross Reference

Akamai's V6 Rollout Plan and Experience from a CDN Point of View. Christian Kaufmann Director Network Architecture Akamai Technologies, Inc.

COPYRIGHTED MATERIAL. Con t e n t s. Chapter 1 Introduction to Networking 1. Chapter 2 Overview of Networking Components 21.

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Why, When & How? Asela Galappattige Sri Lanka Telecom PLC

IPv6 in Internet2. Rick Summerhill Associate Director, Backbone Network Infrastructure, Internet2

Impact of IPv6 On By Default in ISP

Initial motivation: 32-bit address space soon to be completely allocated. Additional motivation:

Recent advances in IPv6 insecurities reloaded Marc van Hauser Heuse GOVCERT NL Marc Heuse

Get the skills to maintain your networks and to diagnose and resolve network problems quickly and effectively.

6 Misconceptions About IPv6. Jen Linkova,

RIPE Network Coordination Centre. IPv6 at RIPE NCC. Mark Dranse Erik Romijn

IPv6 DEPLOYMENT GLOBAL TRANSIT COMMUNICATIONS. Presented by Mark Tinka Chief Network Architect Global Transit Kuala Lumpur, Malaysia

Table of Contents Chapter 1 Tunneling Configuration

DHCPv6 OPERATIONAL ISSUES Tom Coffeen 4/7/2016

Startup Tool TG - Getting Started Guide

It's the economy, stupid: the transition from IPv4 to IPv6

SECURITY IN AN IPv6 WORLD MYTH & REALITY. RIPE 68 Warsaw May 2014 Chris Grundemann

Carrier Grade NAT - Observations and Recommendations. Chris Grundemann North American IPv6 Summit 11 April 2012

IPv6 at Google. Lorenzo Colitti

IPv6 Services over xdsl Networks The GSN Case Study. Athanassios Liakopoulos Slovenian IPv6 Training, Ljubljana, May 2010

[E-BOOK] TO VPN ON MAC SERVER 10 6 PART LIST EBOOK

"Charting the Course... TSHOOT Troubleshooting and Maintaining Cisco IP Networks Course Summary

ODL Summit Bangalore - Nov 2016 IPv6 Design in OpenDaylight

DREN IPv6 Implementation Update

World v6 Launch! will you be ready on June 6 th 2012?

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Internet, Education, and Collaboration of USP. Kazunori Sugiura Sept 9 th 2002

Cisco CCNA (ICND1, ICND2) Bootcamp

IWAN Security for Remote Site Direct Internet Access and Guest Wireless

Configure IPv6 Stack. IPv6 Stack Overview. IPv6 Stack Overview, page 1 IPv6 Prerequisites, page 2 IPv6 Configuration Task Flow, page 2

"Charting the Course... Interconnecting Cisco Networking Devices Accelerated 3.0 (CCNAX) Course Summary

IPv6 Deployment Lessons-Learned and Keys to Success

10 years of IPV6 operations. Joel Jaeggli and a cast of Many

BROCADE S IPV6 SOLUTIONS

IPv6 Feature Facts

RIPE Network Coordination Centre. IPv6 at RIPE NCC. Erik Romijn. Erik Romijn. Tuesday, June 9, 2009

Internet of Things (IOT) Things that you do not know about IOT

Cisco CVR100W Wireless-N VPN Router with Highly Secure Business-Class Connectivity for Small Offices/Home Offices (SOHO)

Using IPv6. Daniel Hagerty

Aaron Hughes, President & CTO 6connect

COURSE OUTLINE: Course: CCNP Route Duration: 40 Hours

IPv6 Security Safe, Secure, and Supported.

Transcription:

The Road to IPv6 A Campus in Transition from Learning to Educating

About Louisiana State University Louisiana s Flagship public university campus located in the capital city of Baton Rouge ~30,000 students ~5,000 faculty/staff Information Technology Services Applications, Support, Help Desk, Security and Policy, Communications, UNI, LONI University Networking and Infrastructure (UNI) Voice/data, cable facilities, server support, NOC, email, DNS/DHCP, data center Louisiana Optical Network Initiative (LONI) Fiber-optic network to connect research institutions in LA/MS to each other and Internet2 and the National LambdaRail

DRIVERS & HISTORY OF IPv6 AT LSU

Drivers for IPv6 at LSU Class B IPv4 exhaustion Wireless Devices NAT Stay ahead of users Our answer to the campus strategic plan o www.lsu.edu/fits Center for Computation & Technology Computer Science Department

Drivers (Continued) Continue leadership trend DNSSEC Multicast IPv6?

History of IPv6 at LSU 2008 Host Internet2 meeting inspires curiosity Request /48 from ARIN LONI peers with IPv6 capable providers 2009 Investigate and design o Dual stack o ITS Building only wired/wireless o Experiment: 802.1x, SLAAC, DHCPv6, DNSv6

History (Continued) 2010 Push to entire campus to promote education and experimentation Testing our addressing scheme Acquire IPAM 2011 Security on radar World IPv6 Day Apply for a /40 from ARIN o Multihome o New addressing scheme

Brief History (Continued) 2012 Security a real focus and concern World IPv6 Launch More education and more adopters o www.lsu.edu o www.eng.lsu.edu o www.law.lsu.edu o grok.lsu.edu Many lessons learned (next slides)

World IPv6 Launch 25% of total traffic IPv6 (Summer)

IPv6 SECURITY

IPv6 Security Run IPv6 on your routers! Same as IPv4 security Border firewall Local host firewalls (more to come) Lock down gear/servers/resources with ACLs Known subnets

IPv6 Security (Continued) Addressing WIN machines on AD o Tunneling protocols off o Privacy addressing off DMCA Tie user to NETREG-ed MAC address Tunneling not supported Campus Firewall Foo Router (a.k.a. black hole)

Host Firewalls Windows 7/Server 2008 Unified Must specify both IPv4 and IPv6 addresses Inadvertent exclusion of IPv4/IPv6 Linux Two separate controlling utilities(iptables and ip6tables) Must configure both for dual-stack network Mac / BSD IPFILTER (ipf) IPFIREWALL (ipfw/ip6fw) Mac OS 10.6 Snow Leopard and below PacketFilter (pf) Mac OS 10.7 Lion and above

First Hop Security Rogue router advertisements (RAs) Bogus RAs Self-created (story) Rogue DHCPv6 servers ACL protection

LESSONS LEARNED

IPv6 Addressing Design 2620:105:b000:2180:949b:72c:127a:e814 LSU Prefix Building ID VLAN Interface ID

IPv6 Addressing Design (Continued) Design VLANs are functional (e.g. user, DMZ, devices) Unique routed instance /52s summarize all /64s in a building Simplified Firewall rules for admins Lessons Adapt scheme to your network architecture Design with security entwined Keep it simple

The Perfect Storm: IPv6 Broken Communication Components Windows machines Large Cisco switch-based routers o 4500s, 6500s Voice VLAN Symptoms 2 IPv6 Addresses (data/voice) IPv6 intra-router communication failure IPv6 inter-router communication success

The Perfect Storm: Before

The Perfect Storm: After

The Perfect Storm (Continued) Solution Manual link-local addresses for VLAN interfaces Long Term Approached Microsoft o NDIS guidelines o No luck Cisco next

DNS Bypassed Access Components NETREG IPv6 DNS server Symptoms Bypass NETREG registration If IPv6 site available o Page Found Else o Page Not Found June 6, 2012 (World IPv6 Launch) o More Page Not Found

DNS Bypassed Access (Continued) Solution Don t advertise IPv6 DNS server Resolve AAAA records via IPv4 DNS server

Whitelisting to Blacklisting Components Dual stack network Dual stack sites: Google, Bing, Facebook, Yahoo Symptoms Sites AAAA records unresolvable by DNS servers Solution (unresolved) Find the source of latency

FUTURE OF IPv6 AT LSU

Concerns Infrastructure all vendors Hardware requires upgrade Software lagging Applications Outsourcing o Security o IPv6 not on roadmap Voice, email, mainframe o Hesitant to change o New security avenues and experiences to develop

Concerns (Continued) Education and outreach Material Development Deeper understanding required Change in culture

Future Developments at LSU DHCPv6 IPv6 VPN IPv6 Multicast Provide vendors testing grounds Radius portal for machine registration Enable first-hop security on more devices Experimental networks: IPv6-only networks IPv6 and SDN networks

We Believe! Jeffry Handal jhandal@lsu.edu (225) 578-1966

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback