Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enabling IPv6 in Corporate Intranet Networks

Published byElizabeth Ly Modified over 9 years ago

Similar presentations

Presentation on theme: "Enabling IPv6 in Corporate Intranet Networks"— Presentation transcript:

1 Enabling IPv6 in Corporate Intranet Networks
Christian Huitema Architect Microsoft Corporation

2 The Opportunity

3 Key Problems Address Shortage
Extrapolating the number of DNS registered addresses shows total exhaustion in But the practical maximum is about 240 M addresses, in

4 Key Problems Address Shortage
Peer to Peer applications require Addressability of each end point Unconstrained inbound and outbound traffic Direct communication between end points using multiple concurrent protocols NATs are a band-aid to address shortage Block inbound traffic on listening ports Constrain traffic to “understood” protocols Create huge barrier to deployment of P2P applications

5 Key Problems Lack of Mobility
Existing applications and networking protocols do not work with changing IP addresses Applications do not “reconnect” when a new IP address appears TCP drops session when IP address changes IPSEC hashes across IP addresses, changing address breaks the Security Association Mobile IPv4 solution is not deployable Foreign agent reliance not realistic NATs and Mobile IPv4? Just say NO

6 Key Problems Network Security
Always On == Always attacked! Consumers deploying NATs and Personal Firewalls Enterprises deploying Network Firewalls NATs and Network Firewalls break end-to-end semantics Barrier to deploying Peer to Peer applications Barrier to deploying new protocols Block end-to-end, authorized, tamper-proof, private communication No mechanisms for privacy at the network layer IP addresses expose information about the user No transparent way to restrict communication within network boundaries

7 The Promise of IPv6 Enough addresses True mobility
64+64 format: 1.8E+19 networks, units assuming IPv4 efficiency: 1E+16 networks, 1 million networks per human 20 networks per m2 of Earth (2 per sqft ) Removes need to stretch addresses with NATs True mobility No reliance on Foreign Agents Better network layer security IPSec delivers end-to-end security Link/Site Local addresses allow partitioning Anonymous addresses provide privacy

8 The Promise of IPv6 Example: Multiparty Conference, using IPv6
Home LAN Internet Home LAN Home Gateway Home Gateway P3 With a NAT: Brittle “workaround”. With IPv6: Just use IPv6 addresses

9 IPv6 in the enterprise ? Why? How? When?
It is not a fad – there really are new scenarios How? It does not require extraordinary investments if you use the right tools! Keeping it secure! When? As soon as the tools are ready, That is, now!

10 IPv6 enterprise scenarios
Extranet applications Replace “double NAT” scenarios by global addressing Enables “station to station” encryption, meeting security requirements for demanding cooperations Mobile users Use Mobile IPv6 for a simpler “VPN” scenario Intranet management Unique addresses for all devices simplifies management, e.g. real-time inventories.

11 IPv6 deployment tool-box
IPv6 stateless address auto-configuration Router announces a prefix, client configures an address 6to4: Automatic tunneling of IPv6 over IPv4 Derives IPv6 /48 network prefix from IPv4 global address Automatic tunneling of IPv6 over UDP/IPv4 Works through NAT, may be blocked by firewalls ISATAP: Automatic tunneling of IPv6 over IPv4 For use behind a firewall.

12 Security Toolbox IPSEC Privacy addresses Scoped addresses
Enabled by global addresses Privacy addresses Protect privacy of internal clients Scoped addresses Contain “local” traffic locally Perimeter firewall, Host firewall Per port policies: open, close, stateful IPSEC policy Without breaking connectivity!

13 Deployment in 3 phases Phase 1, experimentation
Allow developers to port applications Phase 2, initial service Enable local servers Offer connectivity Phase 3, general availability Offer native IPv6 capability

14 Enterprise IPv6, Phase 1 IPv6 Enabling server Hole in IPv4 firewall
ISATAP router, Rudimentary v6 firewall 6to4 connectivity Hole in IPv4 firewall Allow protocol type 41 to 6to4 router (alone) Tunnel IPv6 Locally: ISATAP Connectivity: 6to4 Publish in DNS: AAAA records for IPv6 hosts, servers. Access over IPv4 IPv4 Internet 6to4 V6 Firewall ISATAP IPv4 Firewall IPv4 Network, Unchanged DNS (IPv4) Node Node

15 Enterprise IPv6, Phase 2 IPv6 Upgrade IPv4 firewall
IPv4 Internet Upgrade IPv4 firewall Control both v4 & v6 Incorporate “6to4” function IPv6 capable subnet Connect servers, ISATAP, DNS Grows over time Tunnel IPv6 outside subnet Locally: ISATAP Connectivity: 6to4 Dual mode DNS: Access over IPv4 & IPv6 6to4 IPv4/v6 Firewall Server IPv6 + IPv4 ISATAP IPv4 Network, Unchanged DNS (dual) Node Node

16 Enterprise IPv6, Phase 3 Connect to IPv6 Internet IPv6 capable network
No need for 6to4 ? Renumber, or dual-home IPv6 capable network Upgrade subnets to IPv6 Eventually, remove need for ISATAP. Dual mode DNS, servers: Access over IPv4 and IPv6 6to4 IPv4/v6 Firewall Server Dual IPv6, IPv4 Network ISATAP? DNS (dual) Node Node

17 What is Microsoft doing
Building a complete IPv6 stack in Windows Technology Preview stack in Win2000 Developer stack in Windows XP Deployable stack in .NET Server & update for Windows XP Windows CE .NET Supporting IPv6 with key applications protocols File sharing, Web (IIS, IE), Games (DPlay), Peer to Peer platform, UPnP Building v4->v6 transition strategies Scenario focused tool-box

18 In Summary … We Build Together
Microsoft is moving quickly to enable Windows platforms for IPv6 Up to date information on: Send us feedback and requirements We need your help to move the world to a simple ubiquitous network based on IPv6

19 Call to Action Enterprise
Start deployment now! Network Providers: Build it and they will come Do not settle for NATs for new designs Demand IPv6 support on all equipment Offer native IPv6 services Device Vendors: Design for the simpler, ubiquitous IPv6 internet Application Writers: Don’t wait on the above Use Windows XP and Windows .NET Server NOW!

20

Download ppt "Enabling IPv6 in Corporate Intranet Networks"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.

Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.
Implications and Realities of IPv6 Christian Huitema Architect, Windows ® Networking Microsoft ® Corporation.

Implications and Realities of IPv6 Christian Huitema Architect, Windows ® Networking Microsoft ® Corporation.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
IPv6 at NCAR 8/28/2002. Overview What is IPv6? What’s wrong with IPv4? Features of IPv6 IPv6 will soon be available at NCAR How to use IPv6.

IPv6 at NCAR 8/28/2002. Overview What is IPv6? What’s wrong with IPv4? Features of IPv6 IPv6 will soon be available at NCAR How to use IPv6.
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
December 5, 2007 CS-622 IPv6: The Next Generation 1 IPv6 The Next Generation Saroj Patil Nadine Sundquist Chuck Short CS622-F2007 University of Colorado,

December 5, 2007 CS-622 IPv6: The Next Generation 1 IPv6 The Next Generation Saroj Patil Nadine Sundquist Chuck Short CS622-F2007 University of Colorado,
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.

Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
Implementing IPv6 Module B 8: Implementing IPv6

Implementing IPv6 Module B 8: Implementing IPv6
17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.

17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.
IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.

IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.
Understanding Internet Protocol

Understanding Internet Protocol
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
An Overview of IPv6 Transition/Co-existence Technologies Fernando Gont UTN/FRH LACNOG 2010 Sao Paulo, Brazil, October 19-22, 2010.

An Overview of IPv6 Transition/Co-existence Technologies Fernando Gont UTN/FRH LACNOG 2010 Sao Paulo, Brazil, October 19-22, 2010.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Internet Gateway Device (IGD)

Internet Gateway Device (IGD)
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Similar presentations

Ads by Google