CERN IT Department CH-1211 Genève 23 Switzerland t IPv6 Deployment Project 2 April 2012

Slides:

Advertisements

Similar presentations

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

Advertisements

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

1 May, 2007: American Registry for Internet Numbers (ARIN) “advises the Internet community that migration to IPv6 numbering resources is necessary for.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

IPv6 Planning and Implementation at PSU.  1986 – PSU gets Class B network ( ) & 5 Class C networks  1988 – Department of Computer.

IPv4 Depletion IPv6 Adoption 3 February /8s Remaining.

Implementing IPv6 Module B 8: Implementing IPv6

IPv4 & IPv6 Coexistence & Migration Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

Module 4: Configuring Network Connectivity

IPv6 Network Security.

IPv6 at CERN Update on Network status David Gutiérrez Co-autor: Edoardo MartelliEdoardo Martelli Communication Services / Engineering

Understanding Internet Protocol

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.

Module 4: Configuring Network Connectivity

An Engineering Approach to Computer Networking

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Lecture Week 7 Implementing IP Addressing Services.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

Windows Server 2008 Chapter 8 Last Update

Agenda Network Infrastructures LCG Architecture Management

資管 Lee Lesson 11 Coexistence and Migration. 資管 Lee Lesson Objectives Coexistence and migration overview Coexistence mechanisms ◦ Dual Stack ◦ Tunneling.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.

Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.

Coexistence and Migration

IPv6 Home Networking Architecture - update IETF homenet WG Interim meeting Philadelphia, 6 th Oct 2011 draft-chown-homenet-arch-00.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Implementing IP Addressing Services Accessing the WAN – Chapter 7.

Configuring DNS and DHCP Chapter 20 powered by DJ 1.

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

IPv6 at the University of Wisconsin Hopefully 79,228,162,514,264,337,593,543,950,336 IP addresses will be enough for a while. A subset of the UW IPv6 Task.

IPv6 – What You Need To Know Tom Hollingsworth CCNP,CCVP,CCSP, MCSE.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

1 Objectives Identify the basic components of a network Describe the features of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)

IPv6 transition strategies IPv6 forum OSAKA 12/19/2000 1/29.

The Implementation of 6TALK Yong-Geun Hong The 1 st GLOBAL IPv6 Summit in AP

Ch 6: IPv6 Deployment Last modified Topics 6.3 Transition Mechanisms 6.4 Dual Stack IPv4/IPv6 Environments 6.5 Tunneling.

IP Version 6 ITL. © 2003 Hans Kruse & Shawn Ostermann, Ohio University 2 Information Sources Christian Huitema, “IPv6, The New Internet Protocol”,

1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Dynamic Host Configuration Protocol (DHCP)

W&L Page 1 CCNA CCNA Training 3.4 Describe the technological requirements for running IPv6 in conjunction with IPv4 Jose Luis Flores /

WEEK 11 – TOPOLOGIES, TCP/IP, SHARING & SECURITY IT1001- Personal Computer Hardware System & Operations.

1 Objectives Discuss the basics of Dynamic Host Configuration Protocol (DHCP) Describe the components and processes of DHCP Install DHCP in a Windows Server.

Post IPv4 “completion” Making IPv6 incrementally deployable by making it backward compatible with IPv4. Alain Durand.

CERN IT Department CH-1211 Genève 23 Switzerland t Migration from ELFMs to Agile Infrastructure CERN, IT Department.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

1 Objectives Identify the basic components of a network Describe the features of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)

CERN IT Department CH-1211 Genève 23 Switzerland t SL(C) 5 Migration at CERN CHEP 2009, Prague Ulrich SCHWICKERATH Ricardo SILVA CERN, IT-FIO-FS.

1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

COMP1321 Digital Infrastructure Richard Henson March 2016.

IPv4 shortage and CERN 15 January 2013

LESSON Networking Fundamentals Understand IPv4.

Internet ProtoCOL Version 6 I/II

IPv6 Deployment: Business Cases and Development Options

IPv6 deployment at CERN - status update -

Introducing To Networking

LESSON 3.3_A Networking Fundamentals Understand IPv6 Part 1.

Implementing IP Addressing Services

Design Unit 26 Design a small or home office network

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.

Implementing IP Addressing Services

An Engineering Approach to Computer Networking

Presentation transcript:

CERN IT Department CH-1211 Genève 23 Switzerland t IPv6 Deployment Project 2 April 2012

CERN IT Department CH-1211 Genève 23 Switzerland t 2 Summary Why IPv6? What is IPv6? CERN IPv6 Network Service v4/v6 coexistence risks IT-CS work plan Implications for network users Progressing together

CERN IT Department CH-1211 Genève 23 Switzerland t 3 Why IPv6?

CERN IT Department CH-1211 Genève 23 Switzerland t 4 IPv4 ends IPv4 address pool soon depleted

CERN IT Department CH-1211 Genève 23 Switzerland t 5 IPv4 exhaustion predictions

CERN IT Department CH-1211 Genève 23 Switzerland t 6 IPv4 exhaustion consequences In general: - Problematic for new players to join the IPv4 Internet => part of the Internet will be v6 only - Difficult to deploy new large services based on IPv4 (virtualization, clouds, mobile devices...) => users hidden behind layers of NAT (CGN, Carrier Grade NAT) For CERN: IPv6 necessary to reach all CERN remote users and to deploy new large scale services

CERN IT Department CH-1211 Genève 23 Switzerland t 7 What is IPv6?

CERN IT Department CH-1211 Genève 23 Switzerland t 8 IPv6 in a nutshell 2001:1458:a137:b138:c000:d000:e000:f001/64 Site Subnet Host Length bits, written in 8 groups of 4 hexadecimal digits - 64 bits for network address, 64 bits for host address (recommendation) - typical major site allocation: /32. It gives 2^32 subnets available (the whole IPv4 address space). Every subnet has 2^64 host addresses available. - NAT not available

CERN IT Department CH-1211 Genève 23 Switzerland t 9 Transition strategies Many NAT/Tunneling “solutions”: DUAL-STACK: Dual Stack: only viable solution Address Translator IPv4/IPv6 bridge IPv4 Internet IPv6 Internet IPv4 NetworkIPv6 Internet DEPRECATED

CERN IT Department CH-1211 Genève 23 Switzerland t 10 CERN IPv6 Service

CERN IT Department CH-1211 Genève 23 Switzerland t 11 Strategy IPv6 ≥ IPv4 The CERN IPv6 service must be at the same level of the IPv4 service. Plus the advantages peculiar to IPv6.

CERN IT Department CH-1211 Genève 23 Switzerland t 12 Service Description - Dual Stack - One IPv6 address assigned to every IPv4 one - Identical performance as IPv4, no degradation - Common provisioning tools for IPv4 and IPv6 - Same network services portfolio as IPv4 - Common security policies for IPv4 and IPv6 - Connectivity to IPv6 only systems!

CERN IT Department CH-1211 Genève 23 Switzerland t 13 CERN IPv6 prefixes Public prefix 2001:1458::/32 (globally routed, full Internet connectivity) Local prefix FD01:1458::/32 (private addresses like , no Internet connectivity)

CERN IT Department CH-1211 Genève 23 Switzerland t 14 IPv6 User services At least one IPv6 sub-prefix per physical subnet, public and/or local. Subnet size: /64 (i.e. 64 bits for the network address, 64 bits for the host address) Available host addresses per subnets: 2 64 (recommended size) / :1458:0201:0E00::/64

CERN IT Department CH-1211 Genève 23 Switzerland t 15 Infrastructure management Keep control to ensure stability and security Addresses assigned from the Network DB (LANDB): - IPv6 addresses assigned by DHCPv6 servers. Static or Dynamic assignments based on the MAC address (same principles as IPv4). Avoid Risks: - IPv6 autoconfiguration disabled.

CERN IT Department CH-1211 Genève 23 Switzerland t 16 Network Services DNS, DHCPv6, Radius and NTP will be available over the IPv6 network. The existing IPv4 DNS, Radius and NTP servers will provide the IPv6 services. DHCPv6 and DHCP(v4): two services running on the same physical server.

CERN IT Department CH-1211 Genève 23 Switzerland t 17 LANDB - LANDB central repository for all network information - IPv6 is now the main navigation source - New schema has been introduced on 25 th of March 2012 keeping the compatibility with existing applications and queries

CERN IT Department CH-1211 Genève 23 Switzerland t 18 Monitoring IPv6 will be monitored as the equivalent IPv4 counterpart But initial monitoring not at the same level as IPv4 (upcoming missing features).

CERN IT Department CH-1211 Genève 23 Switzerland t 19 Security The same IPv4 security policies will be applied to the IPv6 service. Every existing IPv4 firewall and CNIC rules will be extended with IPv6 information. Firewall rules concerning host addresses: the IPv6 opening counterpart will be activated only when the host administrator will declare the server IPv6 ready. Dear WEBREQ: my device is now IPv6 ready, please apply IPv6 security policies

CERN IT Department CH-1211 Genève 23 Switzerland t 20 Coexistence risks

CERN IT Department CH-1211 Genève 23 Switzerland t 21 client application's behavior The choice of the IP protocol to be used is up to the client application or operating system, based on the DNS reply and its own settings. Being the name of a server independent by the applications it runs, all the applications must be listening on both protocols

CERN IT Department CH-1211 Genève 23 Switzerland t 22 Server not listening If the DNS returns a IPv6 address for a server that is not listening over IPv6, delays may occur: I want to see CERN DNS server edh.cern.ch is either: IPv6 2001:1458:8001::68 IPv EDH WEB server IPv4 only Dear client, here is the EDH page...20 to 180 seconds later... No IPv6 reply yet? Let's try TCP port 80 then My application prefers IPv6; connect to 2001:1458:8001::68 TCP port 80...

CERN IT Department CH-1211 Genève 23 Switzerland t 23 Control by DNS Servers cannot decide which IP protocol the client will use. IPv6 can be avoided by the DNS not returning the IPV6 address I want to see DNS server Although I'd prefer IPv6, I'll connect to TCP port 80 For the time being edh.cern.ch is only IPv

CERN IT Department CH-1211 Genève 23 Switzerland t 24 LANDB flag: IPv6 ready The DNS device name.cern.ch will be resolved only with the IPv4 address until the user declares to LANDB to be IPv6 ready via WEBREQ. IPv6 ready means: - IPv6 connectivity is OK - all the server's applications are listening on both IPv4 and IPv6 protocols Consequences: - IPv6 security openings activated - name.cern.ch returns IPv4 and IPv6 addresses (A and AAAA records)

CERN IT Department CH-1211 Genève 23 Switzerland t 25 LANDB flag: Not IPv6 ready Not IPv6 ready means: - Still testing IPv6 or Client-Only machine Consequences: - No IPv6 security openings - different DNS names (name.cern.ch for IPv4 and name.ipv6.cern.ch for IPv6)

CERN IT Department CH-1211 Genève 23 Switzerland t 26 Issue with remote sites If broken IPv6 connectivity, clients will wait up to 180secs before falling back to IPv4 If only degraded IPv6 connectivity, fall back will never occur Client's perception: there's a server issue Remote site CERN IPv4: OK IPv6: KO INTERNET

CERN IT Department CH-1211 Genève 23 Switzerland t 27 Deployment Plan

CERN IT Department CH-1211 Genève 23 Switzerland t 28 IPv6 deployment plan - Testing of network devices: completed - IPv6 Testbed for CERN users: available - New LANDB schema: in production - Addressing plan in LANDB: in production - Provisioning tools (cfmgr and csdbweb): on going - Network configuration: on going - Network services (DNS, DHCPv6, Radius, NTP) - User interface (webreq) - User training - IPv6 Service ready for production in Q1 2011Q2 Today 2011Q3 2021Q1 2012Q1

CERN IT Department CH-1211 Genève 23 Switzerland t 29 Implications for Network Users

CERN IT Department CH-1211 Genève 23 Switzerland t 30 Everybody is concerned “It shouldn't matter to an application whether it runs over IPv4 or IPv6. Unfortunately, for many applications, it does matter” IPv6 affects: - Operating Systems - Server applications - Client applications - Closed hardware (printers, PLCs..) - Operational teams - Security matters -...

CERN IT Department CH-1211 Genève 23 Switzerland t 31 System managers Most recent versions of Windows, Linux and MacOS support IPv6. Installation of a DHCPv6 client may be necessary. Upgrade/replace old OSes with no/broken IPv6 support. Local firewall configuration

CERN IT Department CH-1211 Genève 23 Switzerland t 32 Application managers In house and open source applications (i.e. CDB, QUATTOR, LEMON, CASTOR, GridFTP, EDH...): - understand IPv6 addresses - connect/listen over IPv6 and IPv4 Commercial applications (i.e. Oracle, LSF, printers, PLCs...): - Ask vendors to implement IPv6 support - Upgrade the applications

CERN IT Department CH-1211 Genève 23 Switzerland t 33 Developers Make applications protocol agnostic: - connect to names and not to numerical addresses - avoid protocol specific actions (ARP replaced by Network Discovery Protocol, broadcast no longer exist...) If working with numerical addresses, beware: - syntax has changed [2001:db8:1234:abcd::cafe]:80 - the IPv6 header is bigger than the IPv4 one - new DNS AAAA record - hosts will have multiple v6 addresses

CERN IT Department CH-1211 Genève 23 Switzerland t 34 Resources for Developers Recommendations and Code checker: Implementing IPv6 applications: Application aspects of IPv6 transitions: Socket interface extensions for IPv6: Fast Fallback algorithm:

CERN IT Department CH-1211 Genève 23 Switzerland t 35 IPv6 Forum

CERN IT Department CH-1211 Genève 23 Switzerland t 36 CERN IPv6 Forum Representatives from: - each IT group - each department - each experiment Place for: - knowing about IPv6 deployment status - use of the IPv6 testbed - sharing of information and knowledge - giving feedback and propose enhancements Mailing list:

CERN IT Department CH-1211 Genève 23 Switzerland t 37 IPv6 Testbed

CERN IT Department CH-1211 Genève 23 Switzerland t 38 Testbed setup - Two dual stack IPv4/IPv6 services, one in LCG and one in GPN - Autoconfiguration in the first stage, DHCPv6 when all options will be available - DNS service over IPv6 - Global IPv6 connectivity via a statically configured statefull firewall - Servers running Virtual Machines with IPv6 capabilities

CERN IT Department CH-1211 Genève 23 Switzerland t 39 Testbed setup IPv6 firewall LCG IPv4/IPv6 router IPv4/IPv6 Virtual Machines IPv4/IPv6 Dual-Stack network IPv4 firewall IPv4/IPv6 Virtual Machines GPN IPv4/IPv6 router IPv6 only network IPv4 only network IPv4 Internet IPv6 Internet CERN network

CERN IT Department CH-1211 Genève 23 Switzerland t 40 How to get an IPv6/v4 VM - Be part of the egroup ipv6-testbed-users - Login to the Virtual Machine Manager - Click on Request Virtual Machine - Fill the form with the necessary information - Choose the Host Group: "IT-CS\IPv6 testbed\LCG" for LCG domain (v4 address /16, LHCOPN access to the Tier1s) "IT-CS\IPv6 testbed\GPN" for GPN domain (v4 address /16, normal campus machine)

CERN IT Department CH-1211 Genève 23 Switzerland t 41 Conclusions

CERN IT Department CH-1211 Genève 23 Switzerland t 42 Conclusions - IPv6 is necessary - Implementation already started - It will take time - It will be expensive - New operational problems will arise - Everybody is concerned

CERN IT Department CH-1211 Genève 23 Switzerland t 43 More information: