1 Operational Security Considerations for IPv6 Networks K. Chittimaneni, E. Vyncke, M. Kaeo RIPE65, September 27, 2012 Amsterdam, Netherlands.

Slides:

Advertisements

Similar presentations

IPv6 Multihoming without Network Address Translation draft-ietf-v6ops-multihoming- without-ipv6nat-00.

Advertisements

A Near Term Solution for Home IP networking (HIPnet) draft-grundemann-homenet-hipnet RIPE 66 – Dublin – 14 May 2013 Chris Grundemann, Chris Donley, John.

Jan Žorž Story about RIPE-501 and RIPE-554 1

EE 545 – BOGAZICI UNIVERSITY. Agenda Introduction to IP What happened IPv5 Disadvantages of IPv4 IPv6 Overview Benefits of IPv6 over IPv4 Questions -

Draft-vandevelde-v6ops-harmful-tunnels-01.txt 1 Are they the future of the Internet? Non-Managed Tunnels Considered Harmful Gunter Van de Velde, Ole Troan,

ABFAB Architecture Jim Schaad August Cellars. Previous Updates -01 – Resolved a number of review comments in the tracker -02 – Expanded Section 2 – Architecture.

Privacy and Security for the HES Gateway Presentation and discussion for SC25 WG1 By: Ludo Bertsch and Tim Schoechle Arlington, USA April 24, 2013 SC25/WG1-N1620.

IPv6 Addressing – Status and Policy Report Paul Wilson Director General, APNIC.

Embedding IPv6 Margaret Wasserman Principal Technologist, Wind River Co-Chair IETF IPv6 and IPv6 Operations WGs Internet Society (ISOC) Trustee.

IETF 80: NETEXT Working Group – Logical Interface Support for IP Hosts 1 Logical Interface Support for IP Hosts Sri Gundavelli Telemaco Melia Carlos Jesus.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

IPv6 Interim Policy Draft RIPE 42 Amsterdam, The Netherlands 1 May 2002.

Turkey IDA Info-Day PM Session, September 25, 2003 CIRCA 1 CIRCA : The IDA Collaborative Software Tool Grzegorz Ambroziewicz European Commission - DG Enterprise.

Internet Service Provisioning Phase - I August 29, 2003 TSPT Web:

Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF.

IPv6 Home Networking Architecture - update IETF homenet WG Interim meeting Philadelphia, 6 th Oct 2011 draft-chown-homenet-arch-00.

Expert Training Presentation September 2013 Rev 3 Instant Queue Manager Enterprise Click to Chat.

APNIC Update Paul Wilson Director General. APNIC RIR for Asia Pacific –IP address allocation and management –Open policy development Support for Internet.

Large Space IPv4 Trial Usage Program for Future IPv6 Deployment ACTIVITIES UPDATE Vol.3 14 th APNIC Meeting / Policy SIG September 4th, 2002 at Kokura.

DCN: March 7, 2005 IETF 62 - Minneapolis, MN Media Independent Handover Services and Interoperability Ajay Rajkumar Chair, IEEE

Draft-mickles-v6ops-isp-cases-01.txt September 19, 2002 Cleveland Mickles V6OPS ISP Breakout Session.

BCOP on Anti-Spoofing Long known problem Deployment status Reason for this work Where more input needed.

Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6- security-03 Eric Vyncke Mark Townsley

Recommendations of Unique Local Addresses Usages draft-ietf-v6ops-ula-usage-recommendations-02 draft-ietf-v6ops-ula-usage-recommendations-02 Bing Liu(speaker),

BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.

Consultation on Policy Documentation Adam Gosling APNIC 40 Policy SIG 10 September 2015.

Autonomic Prefix Management in Large-scale Networks ANIMA WG IETF 91, November 2014 draft-jiang-anima-prefix-management Sheng Jiang Brian Carpenter Qiong.

Draft-vandevelde-v6ops-addcon-00.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor) Tim Chown Ciprian Popoviciu IETF 65, March.

NAT64 Operational Experiences draft-chen-v6ops-nat64-experience-01 IETF 83- Paris, Mar 2012 Gang Chen, China Mobile Zhen Cao, China Mobile Cameron Byrne,

1 Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6-security-00.txt Mark Townsley Eric Vyncke November.

IETF 81: V6OPS Working Group – Proxy Mobile IPv6 – Address Reservations 1 Reserved IPv6 Interface Identifier for Proxy Mobile IPv6 Sri Gundavelli (Cisco)

Node Information Queries July 2002 Yokohama IETF Bob Hinden / Nokia.

Jason Brandes Senior Consultant at Integro StoredIQ Expert Chris McHenry VP of Technologies at Integro Auto-Classification Expert.

Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91

6lowpan ND Optimization draft Update Samita Chakrabarti Erik Nordmark IETF 69, 2007 draft-chakrabarti-6lowpan-ipv6-nd-03.txt.

Status of L3 PPVPN Working Group Documents November 2003 Ross Callon Ron Bonica Rick Wilder.

12/8/2015 draft-blb-mpls-tp-framework-01.txt A framework for MPLS in Transport networks draft-blb-mpls-tp-framework-01.txt Stewart Bryant (Cisco), Matthew.

IPv6 Operation Study Group in Japan March 5, 2002 Akihiro Inomata/Fujitsu Limited Chair of IPv6 Operation Study Group.

1 FOCUS ON THE CUSTOMER Support without SLA Based on the EPAM – ZOETIS partnership ROMAN VITYK – EPAM SYSTEMS AARON HAYDO – ZOETIS AUGUST 4, 2015.

Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation.

HOMEGATE IPv6 Issues IETF76 November Overview Lack of widespread availability of IPv6-capable home gateways impacts IPv6 service enablement Specifications.

RIPE-501bis Merike Kaeo Sander Steffann Jan Žorž.

Rob Blokzijl, RIPE 64, April 2012 IPv4 Maintenance Policy.

Balanced Security for IPv6 CPE draft-ietf-v6ops-balanced-ipv6-security-01 IETF89 London M. Gysi, G. Leclanche, E. Vyncke, R. Anfinsen.

GEONET Brainstorming Document. Content Purpose of the document Brainstorming process / plan Proposed charter Assumptions Use cases Problem description.

Moving towards an IRS WG Charter Ross Callon IETF 85, Atlanta.

IP(v4) Address Transfers. Background IPv4 shortage is looming – IPv4 demand will outlast unallocated pool (2012) – IPv6 deployment by this time is not.

APNIC IPv6 Allocation Update IPv6 SIG APNIC 14, Kitakyushu, Japan 4 September 2002.

A Optimal Load-balance mechanism for NAT64 (OL-NAT) draft-chen-behave-olnat-01 Gang Chen; Hui Deng;

Michael G. Williams, Jeremey Barrett 1 Intro to Mobi-D Host based mobility.

IANA RIPE 65 Amsterdam, Sep 2012 Elise Gerich, VP IANA Leo Vegoda, Manager IP Numbers.

Extension of the MLD proxy functionality to support multiple upstream interfaces 1 Luis M. Contreras Telefónica I+D Carlos J. Bernardos Universidad Carlos.

Security Risk Analysis Dr. Lo’ai Tawalbeh Prepared for: The Arab Academy for Business and Financial Sciences (AABFS)-2007.

Project Communication Management Manage Communications - Inputs Inputs Communications Management Plan Work Performance Reports Enterprise Environmental.

Homenet Routing IETF 83, Paris Acee Lindem, Ericsson.

IETF 61 draft-ooms-v6ops-bgp-tunnel-04.txt Connecting IPv6 Islands over IPv4 MPLS using IPv6 Provider Edge Routers (6PE) Francois Le Faucheur -

1 Brian Carpenter Sheng Jiang IETF 85 November 2012 Next steps for 6renum work.

Cisco Public 1 Eric Vyncke, Distinguished Engineer Cisco Systems

Draft-ietf-v6ops-addcon-01.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor), Tim Chown, Ciprian Popoviciu, Olaf Bonness,

1 Mark Townsley Cisco Fellow and Co-Chair of the IETF Homenet Working Group.

draft-baker-opsawg-firewalls

RIPE IPv6-wg and Renumbering

LACNOG BCOP WG.

Internet Governance Hui

draft-dharinigert-ccamp-dwdm-if-lmp-06

Media Independent Handover Services and Interoperability

Requirements for IPv6 Routers draft-ietf-v6ops-ipv6rtr-reqs

APNIC Survey 2018 RIPE 77 – Amsterdam.

NAT (Network Address Translation)‏

Open Discussion Questions in re: the Roadmap

Presentation transcript:

1 Operational Security Considerations for IPv6 Networks K. Chittimaneni, E. Vyncke, M. Kaeo RIPE65, September 27, 2012 Amsterdam, Netherlands

Document Intro Why write this? Consolidated document for IPv6 security best practices What does it cover? Generic Security Considerations - Addressing Architecture- Link-Layer Security - Control Plane Security- Routing Security - Logging/Monitoring - Transition/Coexistence Technologies - General Device Hardening Enterprise Specific Security Considerations ISP Specific Security Considerations Residential Specific Security Considerations 2

Want Operator Updates Is anyone using RTBH and uRPF for IPv6? What are most effective logging mechanisms and possible issues to be resolved? What are ND/RA rate limiting parameters that are deployed? Is anyone using SeND / CGA? Overall review to get most up-to-date deployment best practices 3

ToDo Solicit feedback from global ops communities Continue to work with v6ops and homenet WGs to avoid overlaps or conflictsv6ops homenet 4

5 Q&A THANK YOU!