IPv6 Management Methods and Tools for Managing IPv6 Networks Georgios Koutepas, NTUA “IPv6 Technology and Advanced Services” Oct. 19, 2004.

Slides:

Advertisements

Similar presentations

Migration Considerations and Techniques to MPLS-TP based Networks and Services Nurit Sprecher / Nokia Siemens Networks Yaacov Weingarten / Nokia Siemens.

Advertisements

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.

Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.

IPv6 Planning and Implementation at PSU.  1986 – PSU gets Class B network ( ) & 5 Class C networks  1988 – Department of Computer.

IPv6-The Next Generation Protocol RAMYA MEKALA UIN:

IPv4 Run Out and Transitioning to IPv6 Marco Hogewoning Trainer, RIPE NCC.

Enabling IPv6 in Corporate Intranet Networks

Understanding Internet Protocol

Deployment Considerations for Dual-stack Lite draft-lee-softwire-dslite-deployment-00 Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed.

1 Integration of IPv6 Services. 2 Integration of IPv6 Services The Ubiquitous Internet Large Address Space Auto-Configuration Enhanced Mobility.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Agenda SNMP Review SNMP Manager Management Information Base (MIB)

Introduction An introduction to the software and organization of the Internet Lab.

1 Issue Definition*: 6RD and IPv6 allocation policy Jan Žorž (Go6 Institute Slo) Mark Townsley (Cisco) *Or, Why we had to wake up on Friday to be here?

1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Network Management Concepts and Practice Author: J. Richard Burke Presentation by Shu-Ping Lin.

Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Chapter 14 Managerial issues in networking. Overview Network design Network management – Hardware – Software Technology standards Role of government and.

Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.

Characterizing the Existing Internetwork PART 1

CSE 8343 Group 3 Advanced OS Inter Operability Between IPv4 and IPv6 Team Members Aman Preet Singh Rohit Singh Nipun Aggarwal Chirag Shah Eugene Novak.

IPv6 Deployment Plan The Global IPv6 Summit 2001.

Chapter 6: Packet Filtering

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

Common Devices Used In Computer Networks

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.

Guide to TCP/IP Fourth Edition

IPv6 and IPv4 Coexistence Wednesday, October 07, 2015 IPv6 and IPv4 Coexistence Motorola’s Views for Migration and Co-existence of 3GPP2 Networks to Support.

Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

BEHAVE BOF (Behavior Engineering for Hindrance AVoidancE) Cullen Jennings Jiri Kuthan.

Guide to TCP/IP Fourth Edition Chapter 11: Deploying IPv6.

IPv6, the Protocol of the Future, Today Mathew Harris.

IPv6 for ISP Industry Sify Technologies Ltd Somasundaram Padmanabhan Network Engineering IPv6 Awareness Workshop.

Securing IPv6 Ken Renard WareOnEarth Communications, Inc.

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.

SNMP Simple Network Management Protocol SNMP Simple Network Management Protocol Haris Ribic.

IPv6 transition strategies IPv6 forum OSAKA 12/19/2000 1/29.

Ch 6: IPv6 Deployment Last modified Topics 6.3 Transition Mechanisms 6.4 Dual Stack IPv4/IPv6 Environments 6.5 Tunneling.

Draft-chown-v6ops-campus-transition-03 IPv6 Campus Transition Scenario Description and Analysis Tim Chown University of Southampton (UK)

Athanassios Liakopoulos Greek Research & Technology Network / GRNET Athens, October 19, 2004 Athens, October 19 th,

Athanassios Liakopoulos Greek Research & Technology Network / GRNET Athens, October 19, 2004 Athens, October 19 th,

W&L Page 1 CCNA CCNA Training 3.4 Describe the technological requirements for running IPv6 in conjunction with IPv4 Jose Luis Flores /

Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation.

IPv6 - The Way Ahead Christian Huitema Architect Windows Networking & Communications

17/10/031 Euronetlab – Implementation of Teredo

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

IPv6 Transition Mechanisms - 6DISS Workshop - 5 March 2006 IPv6 Transition Mechanisms, their Security and Management Georgios Koutepas National Technical.

Routing Loop Attack Using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations (RFC 6324) Po-Kang Chen Oct 19,

© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Campus Network Design.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

Moving IPv6 Documents to Draft Standard IETF 53 Minneapolis, MN March 18th, 2002.

OPEN SOURCE NETWORK MANAGEMENT TOOLS

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Copyright © 2006 Juniper Networks

* Essential Network Security Book Slides.

A Unified Approach to IP Segment Routing

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Presentation transcript:

IPv6 Management Methods and Tools for Managing IPv6 Networks Georgios Koutepas, NTUA “IPv6 Technology and Advanced Services” Oct. 19, 2004

IPv6 Management 2/15 Management in IPv6 Necessary element to achieve the smooth transition to the new protocol –Functionality and Quality are required to be of the same level as for IPv4 Networks Correct network planning shows the functional network areas and the user groups (with their needs!) for each one of them Management Areas: –Monitoring day to day operations of the network –Gathering data that will support improvement and evolution services There are no “final” solutions for all areas of IPv6 management –Some of the protocols are still under development –Some necessary tools are still missing

IPv6 Management3/15 IPv6 Deployment Suggestions Phase 1 Network Design –Define Wide and Local network segments –Define “special” areas (due to requirements and operations) - VLANs, DMZs etc. –Define management entities and their areas of responsibility –Network management information flow –Security requirements: For users and applications For the network itself (protection of the management information, protection of network devices, security of management procedures) –Plan the steps to transition to the new protocol. Examine the possibility of deploying transition mechanisms (for communications between IPv6 areas within an IPv4 network and vise-versa)

IPv6 Management4/15 IPv6 Deployment Suggestions (2) Phase 2 Implementation of a mixed IPv4/IPv6 environment Gradual transition of non-critical systems to IPv6 –Allows the evaluation of the operation and stability of the network devices and non-critical systems under IPv6 –Develops the transition procedures –Disseminates the usages of transition mechanisms (tunnels, gateways, etc.) for communications between exclusive IPv6 areas Phase 3 Transition of all systems to IPv6 Exclusive usage of IPv6 in the network –Maintaining transition mechanisms for legacy systems and contacts with IPv4 networks

IPv6 Management5/15 Management Protocol Standardization Main suppliers of networking equipment support usage of SNMP over IPv6 and offer agents –However, management of devices using IPv4 communications still possible thanks to dual stack support –On general-usage agents there is full SNMP-IPv6 support on net-snmp that implements the new MIBs –Small number of applications offering SNMP-IPv6 support. Openview and CiscoWorks gradually offer IPv6 support at the MIB level, but in most cases access is over IPv4 Mew textual conventions support both IPv4 and IPv6 for IP representation on the MIBs –RFC 3291 –Within 2004 the process of unifying IP, TCP and UDP tables in both environments has reached “proposed standard” stage

IPv6 Management6/15 Management Protocol Standardization (2) Management Protocol Standardization (2) Other management protocols have achieved varying level of transition to IPv6: –RADIUS has been standardized in IPv6 (RFC 3162) but has shown that it cannot be used in large scale networks. Therefore IETF has defined a replacement protocol, DIAMETER. Currently there is no implementation of Radius over IPv6 –DIAMETER is define in RFC 3588 and has been implemented –COPS and WBEM (Web-Based Enterprise Manager) have adapted their data models and the policies to support the new protocol and large scale deployments. However, curently there are no available implementations –Kerberos V has partially been implemented over IPv6

IPv6 Management7/15 Management Protocol Standardization (3) Cisco’s Netflow supports IPv6 flow data only in version 9 –Supported by IOS 12.3T –Netflow data collectors are available from Cisco and academic sourses

IPv6 Management8/15 Transition Mechanisms They allow the (temporary…) coexistence of IPv4 and IPv6 areas –Implementations are tunnel-deployment mechanisms through network areas not supporting the required protocol version. The data packets are encapsulated within tunnel packets. –Additionally, Translation mechanisms between the two protocol versions –Most common mechanisms: 6to4, Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), Dual-stack Transition Mechanism (DSTM) They are a special case for IPv6 management The require careful planning for: –Their points of deployment in the network –Access control and user usage policies –Operation Policies, especially on the issue of “relaying” internal or external traffic through 6to4 (6to4 relays)

IPv6 Management9/15 Transition Mechanisms (2) There are “gaps” in the capability to manage them –They comprise possible security weaknesses –It’s possible to create recourse usage problems –Their management requirements and procedures are not completely clear, yet. However, they use “encapsulation” mechanisms, which are well understood in IPv4 –Alternatively they can be basically controlled (e.g. accepting their traffic or not) by existing security mechanisms (e.g. Firewalls)

IPv6 Management10/15 Basic Management Tools Core Network Management –ASPath Tree ( –Looking Glass ( –IPFlow/Netflow ( –Mping ( –RIPE Test Traffic (TT) Server with IPv6 Support ( – NTUA: tt42 –Cricket ( –MRTG

IPv6 Management11/15 Basic Management Tools Local Area Network Management –Argus ( –Ethereal ( –Multicast Beacon ( –Iperf ( –ntop ( General Maagement –Nagios ( –RANCID (

IPv6 Management12/15 Recommendations on IPv6 management 1.Architecture –The suggested transition procedure can be followed when designing and deploying IPv6. 2.Management Tools and Procedures – Client Networks –A single tools for network management and services monitoring (Argus, Nagios ή Ntop) –Traffic monitoring tools (MRTG) –End-to-end performance evaluation tools (Iperf) –Capability for low level traffic analysis by packet capturing (Ethereal) –Optionally, tools for configuration file management (RANCID)

IPv6 Management13/15 Recommendations on IPv6 management (2) 3.Core Networks –Traffic monitoring (MRTG, Cricket, Nagios) –Traffic capture and analysis (Netflow v9) –Network equipment monitoring (Nagios) –Routing management To acquire a picture of the routing policies and BGP route tree health (ASpath-tree) BGP parameters cannot me monitored by automated tools due to the unavailability of IPv6 BGP MIBs and appropriate clients to perform such requests

IPv6 Management14/15 Useful material from the 6NET project Available at: Deliverables: D6.3.3Final Report on IPv6 Management and Monitoring Architecture Design, Tools and Operational Procedures - Recommendations D6.2.4Final Report on IPv6 Management Tools, Developments and Tests Additionally: D6.2.2Operational Procedures for Secured Management with Transition Mechanisms D3.5.16NET Implementation of Security Plan (under development)

IPv6 Management Questions...;