Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPv6-only in an Enterprise Network

Published byJack Reed Modified over 6 years ago

Similar presentations

Presentation on theme: "IPv6-only in an Enterprise Network"— Presentation transcript:

1 IPv6-only in an Enterprise Network
Microsoft IPv6-only in an Enterprise Network Marcus Keane Network Architect Microsoft

2 Agenda Network Overview Why IPv6-only IPv6-only status and plans
Current Issues A major challenge – and some solutions

3 Network Overview Main Redmond campus - 100+ Buildings
Three regions with smaller campuses and tail sites EMEA, Asia and North America 4 On-premise data centres (down from 11) Most tail-site WAN is carrier MPLS 775+ locations in total ~1.2m devices accessing the network IPv6 dual-stack enabled on most of corporate network

4 IPv6-Only – why? Exhaustion of IPv4 space – including RFC1918 space
Overlapping RFC1918 space Azure Acquisitions Operational complexity of dual-stack This is a compelling incentive Managing two protocols is hard IGPs ACLs Firewall Policies Feature parity on network platforms Support (NOC, Helpdesk, etc.) New IoT demands

5 IPv6-only – status and plans
Current Test bed in IT buildings in Seattle Wireless Guest Wired and wireless network on the corporate network Test IPv6-only segments for Product Groups Europe Redmond Campus and North America Plans Deploy new test networks for Product Groups Enabling infrastructure for guest and corporate networks in the regions Redundant NAT64/DNS64 Piloting dual-stack and IPv6-only VPN

6 Anything slowing us down?
Guest network deployment VPN on IPv6-only continues to be an issue industry-wide Further investigation ongoing Network Platform features Currently include: RDNSS Wireless controller security features New building configuration Heterogenous segments Better telemetry needed Multihoming complexity Mostly at tail-sites More on this

7 Internet First Strategy
One of our strategic initiatives Sites maintain routed connectivity to corporate network Internet traffic offloaded to local egress Routing straightforward (in theory) Policy-based Routing. Operationally difficult Source-destination routing eventually Source-selection becomes challenging The source address the client selects may not be what you want

8 Multihoming problem illustrated
Azure Host 2a01:111:4567:c::1/64 Azure 2a01:111::/32 2001:4898:cafe:b::1/64 Internal Host Corporate Network North America 2001:4898::/32 Corporate Network EMEA 2a01:110::/32 ISP 2001:db8::/32 Announce ::/0 Assign 2001:db8:1234::/48 Assign 2a01:110:abcd::/48 Which source does the client use? Interface assigned: 2a01:110:abcd:a::1/64 2001:db8:1234:f::1/64 Client generates addresses from RA: 2a01:110:abcd:a::abcd/64 2001:db8:1234:f::dcba/64

9 Client source address selection
Existing Options might be: You could (in principle) use NAT66 to overcome the issue Local firewall device must now support this Otherwise ISP must support this – not guaranteed You could just use ISP IP space exclusively – which you now need to import… Use your own IP space exclusively – implies direct EBGP (with public AS) with ISP Using your own IP space and the ISP space seems the right thing

10 Multi-prefix – potential solutions
The kernel of the problem is the intersection of two or more routing domains at the edge Must link destination prefixes with source prefixes Basic solution would require: Multiple RAs with disjoint PIOs and RIOs Described in draft-ietf-rtgwg-enterprise-pa-multihoming Rule 5.5 of RFC6724. How widely implemented? Coordination between routing and ND modules in routers Described in draft-linkova-v6ops-conditional-ras More sophisticated solution requires: Communication of parameters to clients that understand them Provisioning Domains fit the bill

11 Provisioning Domains Formalises the notion of different administrative network domains reachable on the same segment Allows the client to determine configuration parameters specific to each domain Perhaps the most useful bits for an enterprise might be: What prefixes are reachable through this domain Importantly, what source(s) to use to access this domain What DNS zones are reachable through the domain Described in detail in: draft-bruneau-intarea-provisioning-domains Requires much of functionality described in pa-multihoming draft: Multiple RAs, Rule 5.5, etc.

12 Corporate Network EMEA
Provisioning Domains Azure Host 2a01:111:4567:c::1/64 Azure 2a01:111::/32 2001:4898:cafe:b::1/64 Internal Host Corporate Network North America 2001:4898::/32 Corporate Network EMEA 2a01:110::/32 ISP 2001:db8::/32 Announce ::/0 Assign 2001:db8:1234::/48 Assign 2a01:110:abcd::/48 RA 0 PIO:2a01:110:abcd:a::/64 PVD: Corpnet Prefixes reachable: [2001:4898::/32, 2a01:110::/32] DNS Zones: [corp.microsoft.com, otherdomain.com] RA 1 PIO:2001:db8:abcd:a::/64 PVD: ISP Prefixes reachable: [::/0, 2a01:111::/32] DNS Zones: [myisp.com, azure.net, microsoftonline.com, etc.] Interface assigned: 2a01:110:abcd:a::1/64 2001:db8:1234:f::1/64 Client generates addresses from RA: 2a01:110:abcd:a::abcd/64 2001:db8:1234:f::dcba/64

13 Final thoughts Dual-stack is hard IPv6-only might be easier
We still need to solve the multiple prefix issue Solutions such as Provisioning Domains will make using multiple prefixes much easier More flexibility More potential for innovation Please see IPv6 stack updates in Windows 10 Creators Edition:

14 Questions?

15 11/11/ :54 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "IPv6-only in an Enterprise Network"

Similar presentations

Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Understanding Internet Protocol

Understanding Internet Protocol
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
1 IPv6 in CableLabs DOCSIS 3.0 IETF v6ops wg meeting IETF#65 Ralph Droms Alain Durand

1 IPv6 in CableLabs DOCSIS 3.0 IETF v6ops wg meeting IETF#65 Ralph Droms Alain Durand
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Cisco Certified Network Associate CCNA 640-802 Access the WAN Asst.Prof. It-arun.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Cisco Certified Network Associate CCNA Access the WAN Asst.Prof. It-arun.
Implementing IP Addressing Services Accessing the WAN – Chapter 7.

Implementing IP Addressing Services Accessing the WAN – Chapter 7.
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
Module 11: Remote Access Fundamentals

Module 11: Remote Access Fundamentals
CSIS 3723.  We need to create some logic to the environment  We want to keep like devices together  We want to make money leasing the use of the space.

CSIS  We need to create some logic to the environment  We want to keep like devices together  We want to make money leasing the use of the space.
Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91

Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91
Guidance of Using Unique Local Addresses draft-liu-v6ops-ula-usage-analysis-05 draft-liu-v6ops-ula-usage-analysis-05 Bing Liu(speaker), Sheng Jiang, Cameron.

Guidance of Using Unique Local Addresses draft-liu-v6ops-ula-usage-analysis-05 draft-liu-v6ops-ula-usage-analysis-05 Bing Liu(speaker), Sheng Jiang, Cameron.
Post IPv4 “completion” Making IPv6 incrementally deployable by making it backward compatible with IPv4. Alain Durand.

Post IPv4 “completion” Making IPv6 incrementally deployable by making it backward compatible with IPv4. Alain Durand.
Inter-domain Routing Outline Border Gateway Protocol.

Inter-domain Routing Outline Border Gateway Protocol.
Draft-ietf-l3sm-l3vpn-service-model S. Litkowski R. Shakir L. Tomotaki K. D’Souza.

Draft-ietf-l3sm-l3vpn-service-model S. Litkowski R. Shakir L. Tomotaki K. D’Souza.

Similar presentations

Ads by Google