Transcript IPv6 deployment in ONE Author: Goran Rumenovski Packet Transport Network Engineer e-mail:[email protected] Co-Author: Vladimir Stefanov Pacek Transport Network Engineer e-mail:[email protected].

IPv6 deployment in ONE
Author: Goran Rumenovski
Packet Transport Network Engineer
e-mail:[email protected]
Co-Author: Vladimir Stefanov
Pacek Transport Network Engineer
e-mail:[email protected]
On 03 Feb 2011 RIPE NCC (Network Coordination
Center) stated that in next period IPv4 address space
will be exausted
http://www.ripe.net/internet-coordination/ipv4exhaustion
What does this mean?
When the RIPE NCC starts to allocate from the last /8 of IPv4 address space, an LIR
may receive only a /22 (1,024 IPv4 addresses), even if they can justify a larger
allocation. No new IPv4 Provider Independent (PI) space will be assigned.
In our company this statement raised an alarm and
pushed us to find solution
SOLUTION:
- NAT IPv4 implementation
- IPv6 deployment
IPV6 development in ONE:
2009: Getting aware about new technology
2010: First Ipv6 Tunnel using tunnel broker and first published web site
2011: IPv6 allocation from RIPE. Native IPv6 peering.Participate in World IPv6
day. 3 star Ripenness
2012: Dual Stack enabled enterprises services. Participation in World IPv6
day. 4 star Ripennes
How to get started:
- IPv6 Discovery
- IPv6 Assestment
- IPv6 Planning and Designing
* dual stack, hybrid, block model
* get your own v6 prefix
- IPv6 Implementation
- Network optimization
IPv6 prefix assignements:
- Service provider (LIR): /32
- Large end user, Organization: /48
- Small end user: /56
- SOHO: /64 or /60
Do not count available hosts per subnet…………..
It doesn’t have sense!!!!
Planning and Designing your own IPv6
infrastructure:
- understanding IPv6 128 bit length format
- addresing by location
(example:2A01:5B8:FEED:HEX1(location)HEX2(desktop/server/DMZ/infrastructure)HEX3&4(Vlan
number)::(host IPv6)/64
- addresing by type
(example:2A01:5B8:FEED:HEX1&2(desktop/server/DMZ/infrastructure)HEX3&4(location)::(host IPv6)/64
Where to go next:
- Test applications
- Evaluate impact on existing infrastructure
- Endure new purchases are IPv6 compatible (HW/SW)
- Train your staff
- Start small- enable your website
* Dual stack
* native IPv6 or NAT-PT (or SLB-PT)
- Enable Internal connectivity. Pilot IPv6 in your network
- Contact your service provider and investigate possibilities for NAT64/DNS64
IPv6 advantage:
- Added adresses
- Stateless autoconfiguration
- Simplifies routing- fewer header fields
- Support IPSec natively
- Improved Mobile IP support
- QoS support-flow label potential
- Native multicast
- Includes anycast
- Backward compatible
- Extensible
IPv6 Transition Techniques
- Dual stack
- Tunnel/Encapsulation
* configured tunnels
* automatic tunnels
6 to 4
ISATAP
Tunnel Broker with TSP
Teredo
* NAT64
- Application layer gateways
* Proxy
* Load balancer
Some security consideration
- Controlling access v4 and v6
- Eliminate undesired traffic
- Configure your IPv4 Firewall to drop protocol 41 to prevent internet hosts
from using IPv6 over IPv4 tunneled traffic
* 6 to 4 (protocol 41), ISATAP (protocol 41)
* Terredo (UDP port 3544)
- Misconfigured network devices and DNS server
- Statefull firewall between private IPv6 hosts and internet
PREPARATION/DEPLOYMENT IN ONE
for IPv6 day 2011 (08 June)
Steps undertaken on eBGP routing equipment
(upstream peering):
Step 1a.
IPv6 BGP implementation to Telekom Slovenia (leader in ipv6
implementation at that time)
interface Port-channel 1.487
description upstream - TelekomSlovenija
ipv6 address 2A00:EE0:5:18::2/64
ipv6 enable
interface Loopback2
description LOOPBACK_ipv6
ipv6 address 2A01:5B8::1/64
ipv6 enable
router bgp 16333
neighbor 2A00:EE0:5:18::1 remote-as 5603
neighbor 2A00:EE0:5:18::1 description IPV6-TELEKOM_SLOVENIJA
PREPARATION/DEPLOYMENT IN ONE
for IPv6 day 2011 (08 June)
Steps undertaken on eBGP routing equipment
(upstream peering):
Step 1b.
IPv6 BGP implementation to Telekom Slovenia (leader in ipv6
implementation at that time)
address-family ipv6
no synchronization
network 2A01:5B8::/32
neighbor 2A00:EE0:5:18::1 activate
neighbor 2A00:EE0:5:18::1 soft-reconfiguration inbound
exit-address-family
ipv6 route 2A01:5B8::/32 Null0 240
#sh bgp ipv6 unicast summary
eighbor
V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2A00:EE0:5:18::1 4 5603 175953 17967 2043948 0 0 5d17h
8967
PREPARATION/DEPLOYMENT IN ONE
for IPv6 day 2011 (08 June)
Steps undertaken on eBGP routing equipment
(upstream peering):
Step 2
IPv6 implementation on CORE routers (static routes)
main bgp router#
ipv6 route 2002::/16 Tunnel102
ipv6 route 2A01:5B8:D910::/48 2A01:5B8:0:1::F
ipv6 route 2A01:5B8:FAAA::/48 2A01:5B8:FAAA:101::1
ipv6 route 2A01:5B8:FEED::/48 2A01:5B8:FEED:101::1
core router#
interface GigabitEthernet1/24
description Link to Yoda ipv6-gateway
no ip address
ipv6 address 2A01:5B8:0:1::1/64
ipv6 enable
default route:
ipv6 route ::/0 2A01:5B8:0:1::2
PREPARATION/DEPLOYMENT IN ONE for IPv6 day
2011 (08 June)
Steps undertaken on routing equipment:
Step 4
Bypass IPv4 infrastructure with 6to4 tunnels
interface Tunnel100
description TUNNEL_IPV6IP_FOR_IT (IPV6_SUBNET_2a01.5b8.feed::/48)
no ip address
ipv6 address 2A01:5B8:FEED:101::2/64
ipv6 enable
tunnel source 217.16.64.24
tunnel destination 212.158.191.162
tunnel mode ipv6ip
IPv6 real connectivity test and
troubleshooting on network equipment
#traceroute ipv6 ipv6.google.com
Translating "ipv6.google.com"...domain server (217.16.69.3) [OK]
Type escape sequence to abort.
Tracing the route to ipv6.l.google.com (2A00:1450:4016:800::1010)
1 2A00:EE0:5:18::1 [AS 5603] 16 msec 16 msec 16 msec
2 2A00:EE0:0:216::2 [AS 5603] 20 msec 32 msec 20 msec
3 de-cix20.net.google.com (2001:7F8::3B41:0:2) [AS 5603] 84 msec 80 msec 76 msec
4 2001:4860::1:0:10 [AS 5603] 36 msec
2001:4860::1:0:11 36 msec
2001:4860::1:0:10 36 msec
5 2001:4860::8:0:3015 [AS 5603] 36 msec 36 msec 36 msec
6 2001:4860::1:0:336C [AS 5603] 136 msec 44 msec 44 msec
7 2001:4860:0:1::535 [AS 5603] 44 msec 44 msec 44 msec
8 2A00:1450:8000:1E::4 [AS 5603] 88 msec 88 msec 88 msec
IPv6 real connectivity test and
troubleshooting on network equipment
ping ipv6 ipv6.google.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A00:1450:4016:800::1010, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms
#ping ipv6 ipv6.on.net.mk
Translating "ipv6.on.net.mk"...domain server (217.16.69.3) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A01:5B8:FAAA::D910:5F4C, timeout is 2 seconds:
.H.H.
Success rate is 0 percent (0/5)
#ping ipv6 ipv6.one.mk
Translating "ipv6.one.mk"...domain server (217.16.69.3) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A01:5B8:FEED:1303::28, timeout is 2 seconds:
!!!!!
- Official participation for World IPv6 day in
2011 (8 June)
http://www.worldipv6day.org/ipv6-enabledwebsites/index.html
IPv6 Enabled Websites
The IPv6 standards have been stable for many years. Networks, websites, equipment and
operating system vendors have been developing and deploying IPv6 during the standards
development process and continue to do so.
Here is a set of websites that have IPv6 enabled today and who have contacted us supporting the
World IPv6 Day effort. You can visit them using IPv6 today:
Show entries
Search:
IPv6 Enabled Websites on.net.mk Showing 1 to 1 of 1 entries
- How to check that portal is ipv6 ready:
1. http://ipv6.one.mk
2.http://ipv6.on.net.mk
3.http://ipv6.google.com
http://ripeness.ripe.net/pies.html
https://labs.ripe.net/Members/becha/ipv6-ripeness-how-to-reach-the-stars
http://eggert.org/meter/ipv6.html
FUTURE PLANS for IPv6 expansion in ONE:
- Dual stack deployment in Packet Mobile (GGSN, SGSN)
- Dual stack deployment for PPPoEusers (BRASs)
- Dual stack deployment on all hosted web portals
First commercial request for deployment of IPV6/IPv4 dual stack
awareness came from Google for their GGC (Google global
cash) nodes deployed in ONE
IPv6 is a must, not an option!!!!
Question remains, will we be ready for IPv6, or we will
wait to be surprised by IPv6?
ACT NOW!!!!!
QUESTIONS
THANK YOU