Upload
ir-carmelo-zaccone
View
140
Download
1
Embed Size (px)
Citation preview
5-6-7 october 2011Belnet Workshop
S. Vince – Information Systems ExpertC. Zaccone – Network Systems Expert
Agence Wallonne des Télécommunications : ICT public actor in Wallonia
Main goals :Technology watchAdvisePromote
Targets :SMEPublic sectorCitizens
Who’s AWT ?
2006 :Get our range (2001:06a8:3880::/48)
2008 :All external services availableInternal IPv6 on separate VLAN/SSID
2009 :Dissemination to the public sector (tryout)
2010 :Dual Stack services on DMZKick off Dual Stack LAN (for Users & Guest)
2011 :Workstation OS Migration to Dual Stack
AWT IPv6 History
•Why does AWT have been interested by IPv6 :Demonstration & CuriosityInnovative provider with dual-Stack supportEuropean involvement in next gen internetSince 2011, no more IPv4 !
•1st Step (careful approach in 2008) :No impact on IPv4 productionPriceless DeploymentRecycling of old equipments (with new Firmware)Only 1 new Virtual Machine (Reverse-Proxy & Relay)
•Actual situation (now, evolutional approach) :Dual-Stack ServicesStill using Reverse-Proxy for some old appsIssues for finding a good VPN alternative
Why & How AWT goes v6
A Closer LookInternal Public
Services •Mail•DBMS•IP Storage•Classical computing
ServersEndpoints
•DMZWeb ServersDNSFTPMail (SMTP,POP3,IMAP)
•VPN
Network •vLANs (Private IPs)UtilisateursVisiteursManagement
•Inter-VLANs routing•Inter-VLANs firewalling
•RIPE
•NPAT
•DMZ
•Segments routage P-t-P
Deeper view
FW v4
Belnet & InternetIPv4 & IPv6
Dual Stack
VPNC
Guest
LAN User
DMZ
FW v6
GuestIPv4
DMZ V6
Future view
FW D ual S tackVPN
D irectAcess
Belnet & In ternetIPv4 & IPv6
D ual S tack
G uest
LAN U ser
D M Z
•FW & Routers use 2 ACLs: 1st for v4 and 2nd for v6•Don’t use IP addresses when not necessary prefer hostname•Application server ACL must be adapted (subnet v4 <> v6)•When possible, use dual-stack on the same host Managing different machines (one on v4, the other on v6) could be a mess•Is your management & statistic tools ready for v6 (AWstat, syslog, ...)•ICMP handling & role are not the same in v4 & v6•Your end-user is using v6 without know it : did you know ?•Appliance with v6 enable logo: do you get the same performance ?•Protocol fixup on some appliance are not v6 capable•Dual Stack is good (we think it’s necessary), but v6 only is not realist !
Caveats & Observations
Team Work : IT & Net guys MUST be involved
Good understanding of IPv6 :IPv6 is more than a simple upgrade of IPv4;System migration, re-engineering, configuration must be assumed
Check compatibility issues :ISP readiness (Dual Stack vs 6to4, etc)
Equipments (FW/SW/OS upgrade, renewing)Applications (upgrade, turn around, new code)
Do a Proof of concept (before production phase)Get Certified (IPv6 Forum)
Online Resources :IPv6 Cookbook: awt.be/ipv6
AWT Guidelines
Question(s) ?
Carmelo Zaccone Network Systems [email protected]/778076
Stéphane VinceInformation Systems [email protected]/778071
http://www.awt.behttp://www.ipv6council.be