Guide to TCP/IP Fourth Edition Chapter 11: Deploying IPv6
Objectives Explain IPv6 deployment requirements and considerations Plan an IPv6 deployment, including success criteria, architectural decisions, migration techniques, and the many tasks that must be completed Deploy IPv6 by establishing an IPv6 test/pilot network, migrate applications, upgrade IPv4-only hosts to IPv4/IPv6, and create a tunneled IPv6 environment using 6to4, Teredo, or ISATAP 2
Understanding IPv6 Deployment IPv6 deployments Use a new network layer or routed protocol Way software accesses the network needs to be updated Organizations have been slow to adopt IPv6 IPv4 is also very mature from a security vulnerability standpoint Nature of networking makes upgrades more complicated 3
Planning an IPv6 Deployment Success criteria List of conditions used to define whether an activity has completed successfully or not Architectural decisions Concerning protocols, hardware, tools, and so on 4
Success Criteria Why are you deploying IPv6? Answer to this question usually has a significant impact on how and what you deploy Reason for deploying IPv6 may determine your due dates and project funding 5
Architectural Decisions Interior routing protocol You will need to convey reachability information about all those IPv6 addresses between routers in your network Exterior gateway protocol (EGP) Most commonly used EGP is Border Gateway Protocol (BGP) External connections Substantially similar to IPv4 from a connectivity and security perspective 6
Architectural Decisions (cont d.) Router hardware and software selection Selecting a router vendor for an IPv6 network Substantially similar process to selecting a router vendor for an IPv4 network Addressing schemes Ability to easily summarize subnets Ability to easily construct firewall rules and access lists Ability to easily identify by function or location 7
Architectural Decisions (cont d.) Stateful versus stateless autoconfiguration Stateful address autoconfiguration is accomplished via DHCPv6 Stateless autoconfiguration enables you to perform minimal configuration on the router You can also use a combination of the two Quality of service (QoS) Basically the same as diffserv in IPv4 as far as decisions about marking and scheduling of packets You can assign per-hop behaviors based on flows 8
Architectural Decisions (cont d.) Security Securing network protocols Encrypting everything No perimeter Tools At the time of this writing, the tools available are fairly minimal Other network hardware Many of the network devices in your environment will still not support IPv6 9
Migration and Transitioning Techniques Tunneling Types 6to4 ISATAP Teredo Configured (manual) or automatic tunnels Translation Includes techniques that involve a middleman or intermediary that speaks both IPv4 and IPv6 NAT-PT and NAPT-PT RFC 6145 describes stateless IP/ICMP translation 10
Migration and Transitioning Techniques (cont d.) 11
Migration and Transitioning Techniques (cont d.) 12
Dual stack Migration and Transitioning Techniques (cont d.) Current clear front-runner for most IPv4-to-IPv6 transitions It is possible to use DNS to make many applications prefer IPv6 Combining techniques and a phased migration Break migration up in two ways By device By phase 13
Migration and Transitioning Techniques (cont d.) 14
Tasks Inventory computers and network infrastructure elements Information Technology Infrastructure Library (ITIL) May already have an up-to-date inventory of all the devices attached to the network Inventory applications Challenge: identify what constitutes an application Acquire IPv6 addresses After you make the decision about whether to multihome or not 15
Tasks (cont d.) Work with providers Easiest and least expensive course of action would be to run IPv6 with same IPv4 provider Remediate software and servers Will determine how long you have to maintain dual stack, tunnels, or translation services Create a test lab Use a sandbox to test the network devices Test applications and models 16
Tasks (cont d.) 17
Tasks (cont d.) Update routers One of the core components of the transition You will probably update each router multiple times Update virtual network devices Test them to ensure that they can handle the IPv6 features Update DNS Upgrade your DNS server software to a version that supports IPv6 18
Tasks (cont d.) Update to DHCPv6 (optional) Research and evaluate DHCPv6 servers and what features they support Update tools Protocol analyzers Monitors SLA managers Configuration management databases (CMDBs) and managers Terminal servers and out-of-band (OOB) gateways IP address management (IPAM) 19
Deploying and Using IPv6 Common tasks involved in deploying IPv6 20
Establish an IPv6 Test/Pilot Network Fundamental functions to provide in the lab A way to get to the lab Method of injecting routes WAN simulator Traffic simulator Sniffer and protocol analyzer Instances of each server type and client type Configuration repository 21
Establish an IPv6 Test/Pilot Network (cont d.) Testing you ll do in this lab involves three main phases Evaluate the many brands and models of network devices Reconfigure the lab using the exact models you selected Use the lab to test servers and applications 22
Start Migrating Applications A few things that need to be done: Make sure the application people track any changes they make to the infrastructure Track any changes to requirements 23
Upgrade IPv4-Only Hosts to IPv4/IPv6 Consider how you will make the change consistently on similar device Command-line interface (CLI) versus graphical user interface (GUI) If needed, install IPv6 Each interface receives an IPv6 link-local address and possibly others Look at the default settings, including privacy 24
Upgrade IPv4-Only Hosts to IPv4/IPv6 (cont d.) 25
Upgrade IPv4-Only Hosts to IPv4/IPv6 (cont d.) 26
Upgrade IPv4-Only Hosts to IPv4/IPv6 (cont d.) 27
Upgrade IPv4-Only Hosts to IPv4/IPv6 (cont d.) If needed, change the policy table that controls the order of selection Create a configuration file Use this file to make a script that you can run on similar hosts 28
Upgrade IPv4-Only Hosts to IPv4/IPv6 (cont d.) 29
Upgrade IPv4-Only Hosts to IPv4/IPv6 (cont d.) 30
Create a Tunneled IPv6 Environment Using 6to4 6to4 tunnel Configured netsh interface ipv6 add v6v4tunnel command Three parameters: Tunnel name Address of local end of tunnel Address of remote end of tunnel 31
Create a Tunneled Environment Using ISATAP Configure an ISATAP router Need a dual-stack box capable of forwarding traffic Enable ISATAP by entering the command netsh interface ipv6 isatap set router <x.x.x.x> Enable forward traffic with the command netsh interface ipv6 set interface <y> forwarding=enabled advertise=enabled Add the routes you want the router to advertise 32
Create a Tunneled Environment Using ISATAP (cont d.) 33
Create a Tunneled Environment Using ISATAP (cont d.) Add a name record for ISATAP to DNS Add an entry in the \etc\hosts file for ISATAP and skip the DNS configuration step For Windows hosts still using NetBIOS, put the entry into WINS If you use DNS, add the A record (not AAAA) for a hostname of ISATAP in your domain that points to the IPv4 address of the router Run dnscmd /config /globalqueryblocklist wpad 34
Create a Tunneled Environment Using ISATAP (cont d.) Configure ISATAP on the clients Tell the client the ISATAP router address using netsh interface ipv6 isatap set router <x.x.x.x> 35
Exploring Some Network Administration Tasks Understanding routing tables Use netsh interface ipv6 show route command Understanding multicast addresses Use netsh interface ipv6 show joins command Test IPv6 connectivity by pinging IPv6 addresses DHCP-related commands ipconfig /release6 and ipconfig /renew6 36
Exploring Some Network Administration Tasks (cont d.) 37
Exploring Some Network Administration Tasks (cont d.) 38
Exploring Some Network Administration Tasks (cont d.) 39
Summary IPv6 deployments use a Network layer or routed protocol differently than IPv4 deployments do The Network layer protocol functionality on hosts is mostly deployed as software IPv4 software is mature, and most IPv4 drivers are relatively defect free IPv6 deployment planning includes the creation of success criteria and architectural decisions 40
Summary (cont d.) Migration techniques include tunneling, translation, dual stack, or a combination of these techniques and a phased migration You should create a checklist of tasks to accomplish during an IPv6 deployment It s important to establish an IPv6 test lab or pilot network before deploying IPv6 41