Beruflich Dokumente
Kultur Dokumente
Host: Co-hosts:
Jonas Tichenor Robb Boyd, Cisco solutions specialist Jimmy Ray Purser, Cisco solutions specialist Executive Summary Segment 1 Why Mess with a Running System? Segment 2 IPv6 for Dummies Layer 2 Deep Dive Segment 3 IPv6 Routing and Transitioning Segment 4 Security Gotchas and QOS Segment 5 Deployment and Conclusion Recommended Resources Acronym Dictionary Host & Co-host Biographies
Jump to:
Executive Summary
What is IPv6? The current Internet Protocol (IP) is version 4. It underpins everything that we do on the Internet. The vast majority of business network applications also uses IP and associated protocols. IP is over thirty years old and it is showing its age. Designed for networks with thousands of nodes it only has 4 billion addresses of which maybe 500 million can realistically be used. Given that the world has a population of over 6 billion people and everything from cars, to phones, to televisions to light switches is being IP enabled it is not surprising that there is a shortage of addresses. Indeed, had it not been for a number of fixes the Internet would have already run out of addresses. Additionally, IPv4 has no security, no mobility, limited quality of service and performance issues; there is clear room for improvement. It is easy to think that the Internet has survived this far and that nothing really needs to be done. Unfortunately, this ignores the stark reality of the situation. The Internet has been living on borrowed time for many years. Without the significant intervention that was taken with the introduction of CIDR (Classless Inter Domain Routing), NAT (Network Address Translation), the dynamic allocation of addresses and Proxy services, the Internet would have ceased to operate and grow years ago. It is only through these techniques that address depletion has been slowed down and the backbone routing table growth has been constrained. The problem is that these techniques can only do so much. NAT is in fact a bottle-neck that breaks the end-to-end connectivity of the Internet. NAT, while essential at present, stops you from using very desirable functions and applications (e.g. IP Security, Mobile IP, Voice over IP VoIP and IP Video on Demand), and NAT is an extra layer of complexity in the network. Organizations find the growing use of private addresses and NAT increasingly complex to manage. Even with these techniques address space is going to run out and routing tables are again exploding in size. In addition to this, attractive new applications cannot operate without global IP addresses and some of the features that IPv4 lacks. Enter the solution - IPv6. IPv6 has 128 bit addresses, giving 2128 3402823669209384624633744607431768211456. With IPv6 there is no need to use the address fixes bolted onto IPv4. In addition to the benefits of a larger address space, IPv6 includes significant technical enhancements in the areas of security, mobility, quality of service and improved performance that simplify network administration, such as: - Simplified header for routing efficiency - Deeper hierarchy and policies for network architecture flexibility, enabling efficient support for routing and route aggregation - Serverless autoconfiguration, easier renumbering, and improved ready-to-use support - Security with mandatory IP Security (IPSec) implementation for all IPv6 devices - Improved support for Mobile IP and mobile computing devices (direct path) - Enhanced multicast support with increased addresses and efficient mechanisms
Internet Protocol defines how computers communicate over a network. IP version 4 (IPv4), the currently prevalent version, contains just over four billion unique IP addresses, which is not enough to last indefinitely. IPv6 is a replacement for IPv4, offering far more IP addresses and enhanced security features. ARIN and the other RIRs have distributed IPv6 alongside IPv4 since 1999. So far, ARIN has issued both versions in tandem and has not advocated one over the other, though it has closely monitored distribution trends with the understanding that the IPv4 available resource pool would continue to diminish. With only 19% of IPv4 address space remaining, however, ARIN is now compelled to advise the Internet community that migration to IPv6 is necessary for any applications that require ongoing availability of contiguous IP number resources.
Jeff Doyle Blog Address Depletion Much Sooner than Expected: http://edge.networkworld.com/community/?q=node/14969&docid=8648 ARIN Warns of IPv4 Depletion http://www.arnnet.com.au/index.php/id;1883973296;fp;4194304;fpid;1 China's broadband users only second to US http://www.chinaknowledge.com/news/news-detail.aspx?id=8340
IPv4 Address Depletion Imminent; ARIN Board Chairman to Recommend Migration to IPv6 at Burton Group Catalyst Conference North America http://new.marketwire.com/2.0/release.do?id=741953&k=arin
Recommended Resources
*Multiple resources and links referenced above
Acronym Dictionary
*Scroll down for IPv6 specific acronyms. ASA Adaptive Security Appliance CSA Cisco Security Agent CSC Content Security and Control Services Module (for use within the ASA) CSM Cisco Security Manager DTM Distributed Threat Mitigation ICS Incident Control System IPS Intrusion Prevention System IDS Intrusion Detection System IPSEC VPN Virtual Private Network technology that leverages a client on the endpoint to establish the private, encrypted connection. ISR Integrated Services Router MARS Monitoring, Analysis and Response System NAC Network Admission Control NCM Network Compliance Manager SDN Self-Defending Network NetFlow - open but proprietary network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information. (Wikipedia) SSL VPN Often referred to as Clientless VPN that, in contrast to IPSEC, uses the encryption built into the browser to set up a secure, remote connection. SSM Security Services Module located within the ASA that allows the addition of an IPS module or a CSC (Content Security and Control Services ModuleAnti-X Edition of the ASA)
IPv6 Acronyms/Glossary
IANA Internet Assigned Numbers Authority - The Internet Assigned Numbers Authority (IANA) is the entity that oversees global IP address allocation, DNS root zone management, and other Internet protocol assignments. It is operated by ICANN. APNIC - The Asia Pacific Network Information Centre (APNIC) is the Regional Internet Registry for the Asia-Pacific region. RIR Regional Internet Registry - organization overseeing the allocation and registration of Internet number resources within a particular region of the world. Resources include IP addresses (both IPv4 and IPv6) and autonomous system numbers (for use in BGP routing). ARIN American Registry for Internet Numbers (ARIN is an RIR) LIR - A local Internet registry (LIR) is an organization which has received an IP address allocation from a regional Internet registry (RIR), and which may assign parts of this allocation to its own customers. A LIR is thus typically an Internet service provider. To become a LIR, membership of a RIR is required. ICANN Internet Corporation for Assigned Names and Numbers - The tasks of ICANN include managing the assignment of domain names and IP addresses. To date, much of its work has concerned the introduction of new generic top-level domains. The technical work of ICANN is referred to as the IANA function; the rest of ICANN is mostly concerned with defining policy. CIDR - Classless Inter-Domain Routing (CIDR, pronounced "cider") was introduced in 1993 and is the latest refinement to the way IP addresses are interpreted. It replaced the previous generation of IP address syntax, classful networks. It allowed increased flexibility when dividing ranges of IP addresses into separate networks and thereby promoted: More efficient use of increasingly scarce IPv4 addresses. Greater use of hierarchy in address assignments (prefix aggregation), lowering the overhead of the Internet-wide inter-domain routing.
Anycast is a network addressing and routing scheme whereby data is routed to the "nearest" or "best" destination as viewed by the routing topology. The term is intended to echo the terms unicast, broadcast and multicast. In unicast, there is a one-to-one association between network address and network endpoint: each destination address uniquely identifies a single receiver endpoint. In broadcast and multicast, there is a one-to-many association between network addresses and network endpoints: each destination address identifies a set of receiver endpoints, to which all information is replicated. In anycast, there is also a one-to-many association between network addresses and network endpoints: each destination address identifies a set of receiver endpoints, but only one of them is chosen at any given time to receive information from any given sender.
Biographies
Jonas Tichenor, Host of TechWiseTV Jonas joined the Cisco Interaction Network as host of Techwise TV in August of 2006. His experience as anchor for the show comes from an award-winning career in the world of broadcast journalism. Jonas began as a writer and producer for the FOX affiliate in Tampa Bay in 1996. He quickly became an on-air talent and started to climb the ranks and markets of news until being signed as a NBC Network news reporter in the highly desirable San Francisco Bay Area. Jonas is the recipient of several Associated Press awards, two Edward R. Murrow Awards for broadcast excellence, he is an Emmy Award winner and 9 times Emmy Award nominee.
Robb Boyd Co-host of TechWiseTV and Cisco security specialist Robb is the security specialist on Ciscos TechWiseTV, part of the Cisco Interaction Network and Ciscos National Speakers Bureau. Robb is a certified by ISC2 as a Certified Information Systems Security Professional and by the SANS Institute with the GIAC (Global Information Assurance Certification) Security Essentials Certification (GSEC). Robb was one of the first field specialists in Ciscos Emerging Technologies group that was eventually re-named as Advanced Technologies. Charged with assisting Ciscos field sales people to communicate a security message to their customers, Robb was then asked to repeat that success with the Cisco Partner Community. Robb was subsequently recognized for building security partners that won awards for Security Partner of the Year, Global Security Partner of the Year and Most Innovative Partner of the Year. He has been consistently requested around the nation as a security speaker and made numerous contributions to the training of Ciscos Commercial field and channel sales and engineering teams.
Jimmy Ray Purser, Co-host of TechWiseTV and Cisco networking specialist Jimmy Ray conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as NetWorld+Interop, CeBIT, ZoomIT, Comdex, HP World and numerous regional events. His topic of choice is network security and security penetration testing. Purser has been an active participant of the information technology (IT) community for more than 15 years, with particular emphasis on local area network (LAN) and wide area network (WAN) infrastructure and security. He is an active member in the IEEE. He has designed, installed and tested numerous networks for Fortune 500 companies, the United States Military, Internet-based businesses, universities and other education institutions around the world. He is a hands on engineer that loves getting into the thick of it. He also writes many articles, whitepapers and other periodicals. Before joining Cisco, Jimmy Ray was a Master Level Field Pre Sales Solution Architect at HP. Jimmy Ray holds a Masters of Science degree in Electrical Engineering. He is a licensed Professional Engineer in the State of Wisconsin. Jimmy Ray holds two U.S. Patents on network security algorithms and continues to develop for the IPv6 end to end network.