Guide to TCP/IP Fourth Edition Chapter 11: Deploying IPv6

Guide to TCP/IP Fourth Edition

Chapter 11:Deploying IPv6

2

Objectives

• Explain IPv6 deployment requirements and considerations

• Plan an IPv6 deployment, including success criteria, architectural decisions, migration techniques, and the many tasks that must be completed

• Deploy IPv6 by establishing an IPv6 test/pilot network, migrate applications, upgrade IPv4-only hosts to IPv4/IPv6, and create a tunneled IPv6 environment using 6to4, Teredo, or ISATAP

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

3

Understanding IPv6 Deployment

• IPv6 deployments – Use a new “network layer” or “routed” protocol

• Way software accesses the network needs to be updated

• Organizations have been slow to adopt IPv6

• IPv4 is also very mature from a security vulnerability standpoint

• Nature of networking makes upgrades more complicated


4

Planning an IPv6 Deployment

• Success criteria– List of conditions used to define whether an activity

has completed successfully or not

• Architectural decisions – Concerning protocols, hardware, tools, and so on


5

Success Criteria

• Why are you deploying IPv6?– Answer to this question usually has a significant

impact on how and what you deploy

• Reason for deploying IPv6 may determine your due dates and project funding


Architectural Decisions

• Interior routing protocol– You will need to convey reachability information

about all those IPv6 addresses between routers in your network

• Exterior gateway protocol (EGP)– Most commonly used EGP is Border Gateway

Protocol (BGP)

• External connections– Substantially similar to IPv4 from a connectivity and

security perspective

6© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Architectural Decisions (cont’d.)

• Router hardware and software selection– Selecting a router vendor for an IPv6 network

• Substantially similar process to selecting a router vendor for an IPv4 network

• Addressing schemes– Ability to easily summarize subnets– Ability to easily construct firewall rules and access

lists– Ability to easily identify by function or location



• Stateful versus stateless autoconfiguration– Stateful address autoconfiguration is accomplished

via DHCPv6– Stateless autoconfiguration enables you to perform

minimal configuration on the router– You can also use a combination of the two

• Quality of service (QoS)– Basically the same as diffserv in IPv4 as far as

decisions about marking and scheduling of packets– You can assign per-hop behaviors based on flows



• Security– Securing network protocols– Encrypting everything– No perimeter

• Tools– At the time of this writing, the tools available are

fairly minimal

• Other network hardware– Many of the network devices in your environment will

still not support IPv6


10

Migration and Transitioning Techniques

• Tunneling– Types

• 6to4

• ISATAP

• Teredo

– Configured (manual) or automatic tunnels

• Translation– Includes techniques that involve a middleman or

intermediary that speaks both IPv4 and IPv6

– NAT-PT and NAPT-PT

– RFC 6145 describes stateless IP/ICMP translation


11

Migration and Transitioning Techniques (cont’d.)


12



13


• Dual stack– Current clear front-runner for most IPv4-to-IPv6

transitions– It is possible to use DNS to make many applications

prefer IPv6

• Combining techniques and a phased migration– Break migration up in two ways

• By device

• By phase


14



15

Tasks

• Inventory computers and network infrastructure elements– Information Technology Infrastructure Library (ITIL)

• May already have an up-to-date inventory of all the devices attached to the network

• Inventory applications– Challenge: identify what constitutes an application

• Acquire IPv6 addresses– After you make the decision about whether to

multihome or not


16

Tasks (cont’d.)

• Work with providers– Easiest and least expensive course of action would

be to run IPv6 with same IPv4 provider

• Remediate software and servers– Will determine how long you have to maintain dual

stack, tunnels, or translation services

• Create a test lab– Use a sandbox to test the network devices– Test applications and models


Tasks (cont’d.)


Tasks (cont’d.)

• Update routers– One of the core components of the transition– You will probably update each router multiple times

• Update virtual network devices– Test them to ensure that they can handle the IPv6

features

• Update DNS– Upgrade your DNS server software to a version that

supports IPv6


19

Tasks (cont’d.)

• Update to DHCPv6 (optional)– Research and evaluate DHCPv6 servers and what

features they support

• Update tools– Protocol analyzers

– Monitors

– SLA managers

– Configuration management databases (CMDBs) and managers

– Terminal servers and out-of-band (OOB) gateways

– IP address management (IPAM)


20

Deploying and Using IPv6

• Common tasks involved in deploying IPv6


21

Establish an IPv6 Test/Pilot Network

• Fundamental functions to provide in the lab– A way to get to the lab– Method of injecting routes– WAN simulator– Traffic simulator– Sniffer and protocol analyzer– Instances of each server type and client type– Configuration repository


22

Establish an IPv6 Test/Pilot Network (cont’d.)

• Testing you’ll do in this lab involves three main phases– Evaluate the many brands and models of network

devices– Reconfigure the lab using the exact models you

selected– Use the lab to test servers and applications


23

Start Migrating Applications

• A few things that need to be done:– Make sure the application people track any changes

they make to the infrastructure– Track any changes to requirements


24

Upgrade IPv4-Only Hosts to IPv4/IPv6

• Consider how you will make the change consistently on similar device– Command-line interface (CLI) versus graphical user

interface (GUI)

• If needed, install IPv6

• Each interface receives an IPv6 link-local address and possibly others

• Look at the default settings, including privacy


25

Upgrade IPv4-Only Hosts to IPv4/IPv6 (cont’d.)


26



27



28


• If needed, change the policy table that controls the order of selection

• Create a configuration file– Use this file to make a script that you can run on

similar hosts


29



30



31

Create a Tunneled IPv6 Environment Using 6to4

• 6to4 tunnel– Configured netsh interface ipv6 add v6v4tunnel command

– Three parameters:• Tunnel name

• Address of local end of tunnel

• Address of remote end of tunnel


32

Create a Tunneled Environment Using ISATAP

• Configure an ISATAP router– Need a dual-stack box capable of forwarding traffic– Enable ISATAP by entering the command netsh interface ipv6 isatap set router <x.x.x.x>

– Enable forward traffic with the command netsh interface ipv6 set interface <y> forwarding=enabled advertise=enabled

– Add the routes you want the router to advertise


33

Create a Tunneled Environment Using ISATAP (cont’d.)


34


• Add a name record for ISATAP to DNS– Add an entry in the \etc\hosts file for ISATAP and

skip the DNS configuration step– For Windows hosts still using NetBIOS, put the entry

into WINS– If you use DNS, add the A record (not AAAA) for a

hostname of ISATAP in your domain that points to the IPv4 address of the router

– Run dnscmd /config /globalqueryblocklist wpad


35


• Configure ISATAP on the clients– Tell the client the ISATAP router address using netsh interface ipv6 isatap set router <x.x.x.x>


36

Exploring Some Network Administration Tasks

• Understanding routing tables– Use netsh interface ipv6 show route

command

• Understanding multicast addresses– Use netsh interface ipv6 show joins

command

• Test IPv6 connectivity by pinging IPv6 addresses

• DHCP-related commands– ipconfig /release6 and ipconfig /renew6


37

Exploring Some Network Administration Tasks (cont’d.)


38



39



Summary

• IPv6 deployments use a Network layer or routed protocol differently than IPv4 deployments do

• The Network layer protocol functionality on hosts is mostly deployed as software

• IPv4 software is mature, and most IPv4 drivers are relatively defect free

• IPv6 deployment planning includes the creation of success criteria and architectural decisions


Summary (cont’d.)

• Migration techniques include tunneling, translation, dual stack, or a combination of these techniques and a phased migration

• You should create a checklist of tasks to accomplish during an IPv6 deployment

• It’s important to establish an IPv6 test lab or pilot network before deploying IPv6


Documents

Guide to TCP/IP Fourth Edition Chapter 11: Deploying IPv6