1. IPv6 Planning and Implementation at PSU

2.  1986 – PSU gets Class B network (128.118.0.0) & 5 Class C networks 192.5.157-.161  1988 – Department of Computer Science and Engineering get Class B network (130.203.0.0)  1991 – PSU gets additional Class B network (146.186.0.0) & additional Class C network (192.112.253.0)  2001 – PSU gets a /17 network (66.71.0/0/17)  2006 – PSU gets IPv6 prefix 2610:8::/32

3.  PSU Public Prefix 2610:8::/32  4,294,967,296 /64 subnets  PSU ULA fd0b:7cdb:aefd::/48  Unique Local Address – local routed addresses  PSU Central Services for IPv6  DNS  NTP  Web Servers  Wiki  IPv6 Subnets issued to PSU organizations by request

4.  Earth and Mineral Sciences, Earth Engineering Sciences – 17 Public  Huck Institute – 4 Public  Computer Science & Engineering – 3 Public, 2 ULA  Eberly College of Science – 2 Public, 1 ULA  Advanced Vehicle Technology Design Group – 1 Public  College of Education – 1 Public, 2 ULA  Arts & Architecture – 1 Public

5.  No perceived advantages of IPv6  Required replacement of network equipment not supporting IPv6  Difficulty of compliance with PSU computing policy AD-20 Deans and Administrative Officers are responsible for: Ensuring technical or procedural means are in place to facilitate determining the User ID responsible for unauthorized activity in the event of a security incident.

6.  US Government mandate for public/external servers to use native IPv6 by end of FY 2012  International use of IPv6 only networks due to exhaustion of IPv4 addresses  Expanding international presence of Penn State requiring IPv6 compliant services  Use of IPv6 only in expanding 3G/4G networks – Expanding mobile environment  Availability of IPv6 support in all levels of network equipment – Does NOT deal with budget limitations only provides additional options

7.  The logging/tracing of IPv6 addresses has not dramatically improved  NDPmon still appears as the only open available resource  Not updated since 2009  Requires a presence on each IPv6 subnet  DHCPv6 is an option but not supported by all routers and clients. Could log issued addresses  SLAC is supported by all. We are back to NDPmon.  There is always Static Addressing…  Clients can use multiple address techniques

8.  Penn State does not presently require IPv6 support for network connectivity, but it may set a policy requiring IPv6 support  At present there is no recommendation on how to comply with AD-20, but there is also no special allowance for IPv6  Move forward providing IPv6 access to public services within other University units  Work towards solutions that allow extension of IPv6 to all users

9.  Presently - Directly interconnect 2 COE Hub locations via fiber creating one network  Presently - Implement firewall cluster sharing a single configuration  Future - Move all public facing central servers to current server vlan  Future - Move oldest public facing DNS server to the server vlan  Future - Implement native IPv6 on the server vlan  Future – Activate Dual-Stack on public servers

10.  To implement IPv6 across the entire College of Engineering would utilize 30+ IPv6 subnets and the associated monitoring equipment.  Develop procedures to accommodate College users with need for IPv6 before full implementation  Educational/Research requirement  Mobile device  Evaluate security extensions for IPv6  Avoid IPv6 tunneling  Rogue router announcements

11. Contact Information: Jim Carras jfc2@psu.edu (814) 863-4425 NCTS in the College of Engineering The Pennsylvania State University 152-B Hammond Building University Park, PA 16802