Internet and Technology for Education
Alabama Research and Education Network
Introduction to IPv6
James Duncan, Senior Network Engineer
james@asc.edu
Statewide Network
Provides Internet, Internet2
and Connectivity for K-12
and Higher Education
1
Disclaimer
IPv6 is a subject I could dedicate a day to and
still not cover everything. The following is
intended to be an abbreviated introduction.
Feel free to talk to me after class, but you may
have to tell me when to stop talking.
…and contrary to popular opinion regarding
IPv4, the sky is indeed NOT falling; but that
doesn’t mean it won’t!
IPv4 Depletion and
IPv6 Adoption Today
Community Use Slide Deck
Courtesy of ARIN
4
History of the Internet Protocol
• Internet Protocol version 4 (IPv4)
–
–
–
–
Developed for the original Internet (ARPANET) in 1978
4 billion addresses
Deployed globally & well entrenched
Allocated based on documented need
• Internet Protocol version 6 (IPv6)
– Design began in 1993 when IETF forecasts showed IPv4
depletion between 2010 and 2017
– 340 undecillion addresses
– Completed, tested, and available since 1999
– Used and managed similar to IPv4
5
IPv4 and IPv6 Comparison
IP version
IPv4
IPv6
Deployed
1981
1999
Address Size
32-bit number
128-bit number
Address
Format
Dotted Decimal Notation:
192.0.2.76
Hexadecimal Notation:
2001:0DB8:0234:AB00:
0123:4567:8901:ABCD
Number of
Addresses
232 = 4,294,967,296
2128 =
340,282,366,920,938,463,
463,374,607,431,768,211,456
Examples of
Prefix
Notation
192.0.2.0/24
10/8
2001:0DB8:0234::/48
2600:0000::/12
(a “/8” block = 1/256th of total IPv4 address
space = 224 = 16,777,216 addresses)
6
Regional IPv4 Depletion
• Each RIR will run out of IPv4 address space
– APNIC reached its final /8 on 15 April 2011
– RIPE NCC reached its final /8 on 14 Sep 2012
– ARIN ??*
– LACNIC ??*
– AfriNIC ??*
*impossible to predict due to nature of requests
7
ARIN’s IPv4 Inventory
ARIN still has IPv4 addresses remaining
IPv4 inventory
published on
ARIN’s website:
www.arin.net
Updated daily
@ 8PM ET
8
ARIN’s IPv4 Countdown Plan
• Process for final IPv4 requests
– Divided into 4 phases
– Length of each could vary
• Global policy to return space to IANA
• Faster depletion due to:
– Large requests
– Policy changes
X.XX
https://www.arin.net/resources/request/ipv4_countdown.html
9
Interest in IPv6
ARIN IPv6 Address Requests
10
World IPv6 Launch
Many top websites, Internet
service providers, and home
networking
equipment manufacturers
permanently enabled IPv6
for their products and
services on
6 June 2012
www.worldipv6launch.org
Status of IPv4 on AREN
• Large pool of unused IPv4 addresses
• Should be enough to manage until IPv6
transition is complete
• Restrictive policy for new IPv4 allocations
Status of IPv6 on AREN
• 2607:F808::/32 assigned to ASA
• Core network and offices since February 2010.
• Receive full IPv6 routing table from all of our ISPs
• Recent changes:
•Monitoring system supports IPv6
• IPv6 DNS Server deployed
•www.asc.edu now on IPv6
• ip.asc.edu, ipv4.asc.edu, ipv6.asc.edu
•AETA 2012 is live on IPv6! Browse the
above links from the Internet Café.
IPv6 for AREN Clients
• Standard allocation will be a /48
• 65,536 /64 subnets
• Content Filter DOES NOT support IPv6 (yet)
• BIG ISSUE
• Erate & CIPA require filtering
• Vendors need to see demand to implement IPv6
• AREN network equipment ready in most cases
• Cisco 2900 or ME3400 are ready
• Cisco 2800 or 2600 require upgrade
• Cisco ASA 5500 may need memory upgrade
• Which do you have? Email ipv6@asc.edu
14
Prepare for IPv6
• The good news
– Lots more addresses
– IPv6 adoption = easier & more efficient network
management
– Designed with security in mind
• The bad news
– We’ve all got some work to do
15
Everyone needs an IPv6 Plan
• Each organization
must decide on a
unique IPv6
deployment plan
right for them
– Timeline will vary
– Investment level will vary
16
How can you get started?
• Dual-Stack your networks
– IPv6 not backwards compatible with IPv4
– Both will run simultaneously for years
• Servers must be reachable via both IPv4
and IPv6
– Mail
– Web
– Applications
• Do you operate a website?
-
Ensure content will be available to all customers,
even new Internet users with an IPv6-only address
17
How can you prepare?
• Talk to your ISP about IPv6 services
– You want access to the entire Internet
• ISPs must connect customers via
IPv4-only, IPv4/IPv6, & Via IPv6-only
• Must plan for IPv4/IPv6
transition services
– Many transition technologies available
• Research options
• Make architectural decisions
18
What else can you do?
• Audit your equipment and software
– Are your devices and applications IPv6
ready?
• Encourage vendors to support IPv6
– If not already, when will IPv6 support
be part of their product cycle?
• Get training for your staff
– Free resources available
AREN Support
• AREN FAQ & Common Pitfalls list started
• Limited to AREN deployment experience
• Please provide feedback to help us build this
• ipv6@asc.edu setup to field questions about IPv6.
• When we find a content filter solution that supports
IPv6, we will start encouraging K12 systems to
connect to us with a dual stack.
Common Pitfalls
• Existing Firewall rules (IPv4) do NOT apply!
• IPv6 autoconfig will turn things on before you’re ready
• If you don’t implement DHCPv6, you can be tracked!
• Most OS’s use v6 by default. Mac OSX analyzes v6 and v4
to determine which is best. Can be difficult to troubleshoot.
More Common Pitfalls
• Try typing 2607:F808:0F00:F426:0FAA:0FCC:CC1E:0001
without making a typo. Now try finding that typo.
• Class Trivia Question:
What is the next IP address after
2607:F808::9
That’s RIGHT!
2607:F808::A
Getting Started on your network
• Pick a small network to start with
• AREN started with IPv6 in engineering offices
• Pick a classroom without wireless that’s nearby?
• Before deploying to a new area, bring
equipment to this “test” area and make sure it
works.
• Don’t fool yourself. When running a dual-stack,
it’s hard to know if you’re using IPv6 or IPv4. Use
tools like tcpdump and wireshark to be sure.
Madison County Schools IPv6
2607:F808:0000:0000:0000:0000:0000:0000
ARIN Assigned
To AREN
MCS Assigns
To Schools
Assigned to devices
on each LAN
AREN Assigns
To Our Clients
Develop an Allocation Strategy
2607:F808::/32 – AREN’s Address Space
2607:F808::/48 – Madison County School’s allocation
2607:F808:0000:F00D/64 – The cafeteria subnet? You need a plan.
AREN IPv6 Allocation Strategy
2607:F808:
Which region?
0 = Huntsville
4 = Birmingham
8 = Montgomery
C = Mobile
…
Makes route
location and
aggregation easier.
0000
What type of client?
0 = K12
4 = Postsecondary
6 = Other
8 = College/Univ.
C = Govt.
F = AREN Internal
…
Makes content filter
policies easier?
:0000:0000:0000:0000:0000
Assigned using modified
bisection algorithm:
00 = First Assignment
80 = Second Assignment
40 = Third Assignment
C0 = Fourth Assignment
…
Idea is reserve room for
each client to grow their
space contiguously.
Good & Bad News
• Most servers and user equipment will self-assign an
EIU-64 IPv6 address as soon as they hear an IPv6
router advertisement.
Good news: Easy to get everyone on IPv6 quickly
Bad news: One command on your router could open
your entire network up to hackers if your firewall
isn’t ready.
More Bad news: EIU-64 uses your MAC address.
DHCPv6 is random and therefore less traceable and
more secure.
User Device Support for IPv6
• If IPv6 is available, most user devices will prefer it
over IPv4.
• Microsoft Windows - XP and newer support IPv6
•XP requires a “netsh” command to get started
• Mac OSX supports IPv6
• DHCPv6 not supported until 10.7 (Lion)
• 10.7 (Lion) analyzes v4 versus v6 and takes the
“better” path.
• Linux supports IPv6
27
Your IPv6 Check List
IPv6 address space
Content Filter
IPv6 connectivity (native or tunneled)
Operating systems, software, and
network management tool upgrades
Router, firewall, and other hardware
upgrades
IT staff and customer service training
28
Learn More
www.ARIN.net
www.GetIPv6.info
www.TeamARIN.net
http://www.InternetSociety.org/
Deploy360/
http://www.NANOG.org/archives/
Thank You
James Duncan
Senior Network Engineer
Alabama Research and Education Network
800-338-8320 james@asc.edu
Email ipv6@asc.edu if you have questions about connecting to AREN using IPv6