Future proofing: Is IPv6 the safest bet

Is this the right time to consider the move to IPv6?Martin Wellsted – Business development directorBT Diamond IPSeptember, 2010

© British Telecommunications plc

With the proliferation of IP based devices there is a shortage of IP

addresses so is this the right time to consider the move to IPv6? This session will outline the choices available to you as well as addressing the pros and cons of becoming and IPv6 trail

blazer.

IP Expo 2010


What is IPAM?


What is IP Address Management?

• IPAM = IP Address Management – IP address inventory (Documentation)– IP policy

• DNS = Domain Name Service – Hostname to IP address

translation– Or IP address to hostname, etc.

• DHCP = Dynamic Host Configuration Protocol– Automatic assignment of IP

addresses to hosts / network devices

Network

IPAM

DHCP DNS


• Complete IPv4 and IPv6 Inventory

• Hierarchical view• Policy based

mgmt• Automatic

allocation• Utilization display• Overlapping

space• Discovery

IPControl Functionalities

• User defined device types

• Role-based access

• Device naming conventions

• Multi-interface• Audit

capabilities• Discovery

• Configuration mgmt

• Domain and zone mgmt

• Server mgmt• Resource Record auto-

generation• Option

dictionaries

• Configuration mgmt

• Scope mgmt• Utilization display• Server mgmt• DHCP

reservations• Option and policy

templates• DHCP failover

DHCP DNS

IPAMAddress

Management

IPAMBlock

Management


Why is IPAM important?


Technology Evolution - Historical Overview

Many disparate networks-static, flat environments• Private lines• Frame Relay• ATM• Internet• Mobile• Applications• Storage


Today’s Networks and IP Address Management

All companies require IPAM No IP, No DNS = No Network • Unique IP addresses and valid DNS

names critical to networks and business applications

• Growing number of devices (IPs) on the typical enterprise network

• Disparate DNS and DHCP Servers are difficult to manage

• CHANGE HAPPENS – New services, locations, acquisitions, markets affect IP assignments

Total Reliance on IPAM


BT Diamond IP Delivers Streamlined IPAMIncreased functionality• Change control• Auditing• Multiple concurrent users• Error-correction• Naming policy enforcement

Room to grow• VoIP, UCC and wireless networks have increased

VLAN and subnet demand

Improved workflow and automation • Importance of email between groups• Manual configuration of spreadsheets

and DNS/DHCP servers • Streamlined workflow • Automated configuration of DNS and

DHCP based on initial IPAM assignment

PLUS…Dedicated appliances• Simplified Management• Enhanced Security• Improved reliability• Comprehensive coverage-full integration

with IP address management (IPAM)


Should I consider IPv6?


Assignment of Public IP Space

• IANA = Internet Assigned Numbers Authority

• Assigns public IP addresses to Regional Internet Registries (RIR)

• RIRs assign to Local Internet Registries (LIR) or companies directly

• Most LIRs are Internet Service Providers


What‘s The Challenge?

• Last IANA IPv4 allocation: 05.06.2011

• Last RIR IPv4 allocation: 05.02.2012

• Projected remaining time until IANA and RIR exhaustion over time (1)

• Projected IANA/RIR consumptions (2)

Source: ipv4.potoaroo.net06.09.2010


IPv4 IP Space comes to an end....IPv4 addresses wear thin

Dylan Bushell-Embling | October 19, 2010 | telecomseurope.net

• The world's supply of free IPv4 address space has fallen to below 5%, and is set to run out early next year, the Number Resource Organization (NRO) has warned.

APAC internet registry APNIC has just been assigned two blocks of IPv4 addresses, leaving just 12 blocks remaining the NRO said. Each block is equivalent to 1/256th of the total IPv4 space of nearly 4.3 billion IP addresses. The final five will be distributed simultaneously to each of the regional internet registries, so only seven remain to be given out normally.

The NRO said that at the current rate of exhaustion, the final five blocks of IPv4 addresses will be allocated in early 2011. “The pressure to adopt IPv6 is mounting. Many worry that without adequate preparation and action, there will be a chaotic scramble for IPv6,” the NRO said in a statement.

• More than 200 million IPv4 addresses have been allocated since January, when the proportion available hit 10%.

• APNIC said Asia Pacific would be particularly hard hit by the exhaustion of IPv4 addresses, because of the region’s rapid pace of growth. Around 45.9% of the IPv6 addresses allocated in the world last year went to the region.

• The world’s five regional registries are expected to allocate over 2,000 IPv6 address blocks this year – a 70% increase from 2009. This compares to just an 8% growth in IPv4 allocations for the year. The NRO said this indicated a strong momentum behind IPv6 adoption.

• Source: telecomseurope.net ; Orignal Author: Dylan Bushell-Embling

http://www.nro.net/media/remaining-ipv4-address-below-5.html

http://www.apnic.net/__data/assets/pdf_file/0010/13060/APNIC_Press_Backgrounder.pdf

http://www.telecomseurope.net/content/telecomseurope.net


What‘s The Challenge?

• IPv4– 32-bit number– 4,3*109 (billion)– Presentation: Decimal (0-255), 4 digits, separator: Period– Example: 68.109.23.126

• IPv6– 128-bit number– 3,4*1038 (undecillion)– Presentation: Hexadecimal, 8 digits, Separator: Colon– Example: 2001:0db8:85a3:08d3:1319:8a2e:0370:7344


Management of IPv6 Address Space• Management of IPv6 address space

– IPv4/IPv6 address inventory; transition planning

• Address assignment– Autoconfiguration– DHCPv6 (Dynamic Host Configuration Protocol) management

• Prefix delegation, IPv6 address assignment (stateful), IPv6 configuration initialization (combined stateful/stateless)

• Name Resolution– DNS (Domain Name System)

• Maps hierarchical domain names to IP addresses

pc.diamondip.com IN AAAA 3ffe:3328:4:3:250:4ff:fe5c:b3f4

• Maps IP addresses to domain names

4.f.3.b.c.5.e.f.f.f.4.0.0.5.2.0.3.0.0.0.4.0.0.0.8.2.3.3.e.f.f.3.ip6.arpa. IN PTR pc.diamondip.com.


IPv6 Pro’s

• Much Larger Address Space• Virtually Unlimited Host Addresses per Prefix• Stateless Autoconfig• Automatic Link-Local Addressing• No More IP Scanning

– With 264 possible host addresses per /64 prefix, performing a ping scan to detect devices is futile.

– From a security perspective, this is a boon for mitigating the automated spread of worms and enumeration attempts.

• No more need for NAT


IPv6 Con’s

• Investment required in IPv6 enabled technologies• Bleeding edge – not tried and tested in the real world• Typing Long Addresses

– Requires the adoption of IP management software– Requires the development of Policy and Practices

• No More IP Scanning– It obsoletes an accounting mechanism on which many

administrators have come to rely. – It also increases the value of DNS servers to attackers.– Mixed environments IPv4 & IPv6 could be difficult


Is there an easy answer?


Well .... Yes and No

• Yes – There are tools out there to help• Yes – it lifts restrictions on IP space• Yes – It improves security• Yes - It improves simplicity

• No – You will have to invest• No – You will have to develop new policies and working

practices• No – you will have to maintain dual environments for the

foreseeable future.


BT’s answerDiamond IP Software Suite

• IPControl– Automated Address Block

Allocation– IP Address Capacity Management– IP Subnets & Devices– Complete IP Inventory– Multi-vendor DHCP/DNS server

configuration and management• Network Services

– DNS and DHCP service– Based on ISC products– Full GUI support of options
