Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aarnet Australia's Academic and Research Network Glen Turner 2011-07-14 IPv6 birds of a feather meeting QUESTnet 2011 IPv6 — the elevator pitch.

Published byHannah McBride Modified over 7 years ago

Similar presentations

Presentation on theme: "Aarnet Australia's Academic and Research Network Glen Turner 2011-07-14 IPv6 birds of a feather meeting QUESTnet 2011 IPv6 — the elevator pitch."— Presentation transcript:

1 aarnet Australia's Academic and Research Network Glen Turner 2011-07-14 IPv6 birds of a feather meeting QUESTnet 2011 IPv6 — the elevator pitch

2 IPv6: fixes the bugs in IPv4 ● Better addressing – Bigger, 32b → 128b, /64 in every subnet – Better, Multiple addresses per interface – No special cases like broadcast addresses ● Automated configuration – Not manual, no special servers – Multiple routers, with automatic failover – Zero configuration access to local services ● Secure communications – IPSec ● Class of service – Differentiated Services

3 IPv4: address exhaustion ● There are no IPv4 addresses left – This has been the case for ages, and is why each ADSL customer gets a /32 rather than a /24 ● NAT is the answer 150.101.30.44/32 192.168.1.0/24 ISP Site

4 IPv4 address exhaustion ● Increasingly not enough IPv4 addresses for a /32 for each customer – Price is currently over $10 per IP address ● Again, “carrier class” NAT is the answer 10.0.0.1/32 192.168.1.0/24 ISP Site Global addressing Local addressing

5 How does NAT work? ● Inspect outgoing traffic – Collect (src_addr, src_port, dst_addr, dst_port) ● Re-write src_addr to my exterior interface, find an unused source port on my exterior interface and re-write src_port to that ● Record these addresses and ports in the expectation table (10.1.1.1, 10000, 202.158.201.38, 80) (150.101.30.33, 20000, 202.158.201.38, 80) (150.101.30.33, 20000, 10.1.1.1, 10000, 202.158.201.38, 80)

6 How does NAT work? ● Inspect incoming traffic ● Is the incoming (src_addr, src_port, dst_addr, dst_port) in the expectation table? ● Re-write the dst_addr and dst_port to the original values in the table (202.158.201.38, 80 10.1.1.1, 10000) (202.158.201.33, 80 150.101.30.33, 20000) (150.101.30.33, 20000, 10.1.1.1, 10000, 202.158.201.38, 80)

7 NAT has benefits ● Deep packet inspection – A necessary part of NAT – But a DPI firewall can also work without altering the data passing through it, and is more robust when doing so ● Address re-numbering – The disconnect between exterior and interior address allows easy change of exterior address – IPv6 is designed for convenient renumbering – Most universities here should approach APNIC for provider-independent addressing

8 NAT is not a good answer ● The owner of the NAT chooses the helper modules – I am a phone company too, do I really want to assist H.323 and SIP users? ● No global visibility at all – Everyone is a client, because no-one can run a server – How do new services get developed in the first place?

9 IPv6 restores the Internet as it was ● End-to-end visibility of addresses ● Plenty of addresses – Every home can have a /64

10 Global IPv4 addresses are precious ● Financially – A /16 has a considerable financial value – And thus open to fraud, especially where registry records are not up-to-date ● For evil – A globally-visible address is a rendevous point for behind-NAT services that need to find each other – So insecure machines on global IPv4 addresses are a high-priority target

11 You might be running IPv6 now ● 6to4 and Teredo tunnels are automatically started by some operating systems ● Terminate these tunnels before they pass through your firewall, then firewall sees the real traffic IPv6 in IPv4 IPv 6 IPv6 in IPv4 IPv 6

12 Deployment strategies ● Need to be tailored to your network and organisation ● General approach is “core out” – Connect network core to IPv6 – Basic network services, such as stateless DHCP – Monitoring – Firewall – Teredo and 6to4 tunnel providers ● Then – Public services: web, SMTP ● Then – Declare victory

13 Deployment strategies, con'd ● Dual IPv6/IPv4 to the average client takes a little more work – Performance of negative caching of DNS AAAA records – Acceptance testing – Education and training of technical support staff ● But the experience seems to be that this part is less work than expected

14 Challenges to IPv6 deployment ● Stateless autoconfiguration – IP addresses have been dynamic for a long time, but a lot of sites have forgone dynamic addressing to retain accounting systems ● Lack of deep support in middle-boxes – Most firewalls now claim IPv6 support – But few have feature-for-feature IPv4-IPv6 support ● eg: few support OSPFv3 ● Lack of comprehensive acceptance testing and monitoring – Fear of breakage when deploying IPv6 on SOE – Lack of alerts when breakage occurs

15 aarnet Australia's Academic and Research Network Glen Turner 2011-07-14 IPv6 birds of a feather meeting QUESTnet 2011 IPv6 — the elevator pitch

Download ppt "Aarnet Australia's Academic and Research Network Glen Turner 2011-07-14 IPv6 birds of a feather meeting QUESTnet 2011 IPv6 — the elevator pitch."

Similar presentations

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.

Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
Implementing IPv6 Module B 8: Implementing IPv6

Implementing IPv6 Module B 8: Implementing IPv6
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Transitioning to IPv6.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Transitioning to IPv6.
1 Teredo - Tunneling IPv6 through NATs Date: 2003-10-31 Speaker: Quincy Wu National Chiao Tung University.

1 Teredo - Tunneling IPv6 through NATs Date: Speaker: Quincy Wu National Chiao Tung University.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
An Overview of IPv6 Transition/Co-existence Technologies Fernando Gont UTN/FRH LACNOG 2010 Sao Paulo, Brazil, October 19-22, 2010.

An Overview of IPv6 Transition/Co-existence Technologies Fernando Gont UTN/FRH LACNOG 2010 Sao Paulo, Brazil, October 19-22, 2010.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.

Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
Campus IPv6 Deployment Phillip Deneault WPI Network Security Officer 1.

Campus IPv6 Deployment Phillip Deneault WPI Network Security Officer 1.
Objectives Configure routing in Windows Server 2008 Configure Network Address Translation 1.

Objectives Configure routing in Windows Server 2008 Configure Network Address Translation 1.

Similar presentations

Ads by Google