ipv6 address management for ipv6 assessment, deployment ......• ipam lifecycle – block/subnet...
TRANSCRIPT
![Page 1: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/1.jpg)
IPAM: Why a spreadsheet won’t cut it for IPv6 address management Tim Rooney
Product management director
![Page 2: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/2.jpg)
Topics
• What is IP[v6] address management?
• IPv6 block allocation
• IPv6 host assignment
• Configuring DNS and DHCP
• The cost of spreadsheets
• How can IPAM help streamline my deployment?
2
![Page 3: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/3.jpg)
• Manage IPv6 address space in the context of IPv4
network and routing topology
– Hierarchical allocation of multiple IPv6 blocks/subnets
– Subnet host and address pool tracking
– DNS domain IP address space management
• Manage configuration of DHCP and DHCPv6
configurations in accordance with the address plan
• Manage configuration of DNS zones and host resource
records in accordance with the address plan
Today with IPv4, many use spreadsheets to manage address space
and text files, scripts or MMC for DNS/DHCP configuration
3
IPv6 address management
![Page 4: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/4.jpg)
Spreadsheet heaven
4
![Page 5: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/5.jpg)
Spreadsheet heaven
5
![Page 6: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/6.jpg)
Spreadsheet heaven?
6
![Page 7: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/7.jpg)
Spreadsheet purgatory
7
![Page 8: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/8.jpg)
Spreadsheet hell? – not yet!
8
![Page 9: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/9.jpg)
IPv6 address assignment
• Obtaining IPv6 address space
– Regional Internet Registry/ISP
– Unicast Local Address (ULA) space
• IPv6 address allocation
– Hierarchical
– Association with IPv4 space
• Node level
– Address assignment policy
– Autoconfiguration
– DHCPv6 pools
– DNS zones and resource records
Enterprise
Divisional
Node
IPv6 Subnets
Regional
IPv6 Subnet IPv6 Subnet Site
Interface ID
(128 – n – m bits)
Subnet ID
(m bits)
Global Routing Prefix
(n bits)
![Page 10: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/10.jpg)
IPv6 address allocation
• Sparse (RFC 3531)
– Allocate SubnetID counting right to left
– 1000 0000, 0100 0000, 1100 0000
(80, 40, c0, 20, a0, …)
– Top level allocations – “room for growth”
• Best fit
– Allocate smallest available candidate block
– Optimizes address allocation efficiency
• Prefix delegation
– DHCPv6 protocol to allocate prefixes
Interface ID
(128 – n – m bits)
Subnet ID
(m bits)
Global Routing Prefix
(n bits)
![Page 11: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/11.jpg)
IPv4-IPv6 address association
• Trade-off correlation vs. privacy
NYC
Philly San Fran
Denver DHCPv6
server
DHCPv6
server
172.21.0.0/23
172.21.2.0/24 172.21.3.0/24
172.21.4.0/23
DHCP
server
DHCP
server
fd0e:6a7::/64
fd0e:6a8::/64
fd0e:6aa::/64
fd0e:6a9::/64
fd0e:6a8::172:21:2:34
172.21.2.34
![Page 12: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/12.jpg)
Host IPv6 address assignment methods
• Static
– Manually configure an IPv6 address
• DHCPv6 – “stateful”
– Similar to DHCPv4
• SLAAC – Stateless address autoconfiguration
– Prefix based on router advertisement
– Interface ID derivation based on MAC
• Combination 0 1 0 0 0 1 1 0 1 1 1 1 1 0 1 0 1 0 0 1 0 0 1 0 0 0 0 1 0 1 1 1 0 1 0 0 0 1 1 0 0 0 1 1 0 1 0 1
6 2 E 8 4 9 A C 5 F 6 2
0 1 0 0 0 1 1 0 1 1 1 1 1 0 1 0 1 0 0 1 0 0 1 0 0 0 0 1 0 1 1 1 0 1 0 0 0 1 1 0 0 1 1 1 0 1 0 1
6 2 E 8 4 9 A E 5 F 6 2
0 1 0 0 0 1 1 0 1 1 1 1 1 0 1 0 1 0 0 1 0 0 1 0 0 0 0 1 0 1 1 1 0 1 0 0 0 1 1 0 0 1 1 1 0 1 0 1
6 2 e 8 4 9 a e 5 f 6 2
1 1 1 1 1 1 1 1 0 1 1 1 1 1 1 1
f f f e
1 0 0 0 0 0 1 0 1 1 0 1 0 1 0 1 0 1 0 0 0 1 1 0 1 1 1 1 1 0 1 0 0 0 0 1 1 1 0 1 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0
0 1 0 d b 8 2 0 5 f 6 2 a b 4 1
MAC Address
Bit flip
Prefix from RA
2001:db8:5f62:ab41:ae62:e8ff:fe49:5f62
![Page 13: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/13.jpg)
SLAAC availability via router advertisements
Flag O=0 O=1
M=0 No DHCPv6 DHCPv6 for configuration
information only
M=1 DHCPv6 for address and
configuration information
DHCPv6 for address and
configuration information
![Page 14: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/14.jpg)
• Potential capital requirement
– DHCPv6 on separate server from IPv4 DHCP
• Address assignment policy
– SLAAC
– SLAAC with DHCPv6
– DHCPv6 without SLAAC
• Address privacy vs. stability
– Difficulty with “reserving” addresses in DHCPv6
• DHCP redundancy
– Split scopes with preference option
– Failover protocol in progress in IETF DHC WG
14
DHCPv6 deployment considerations
![Page 15: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/15.jpg)
Back to the spreadsheet
15
![Page 16: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/16.jpg)
Insert IPv6 column
16
![Page 17: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/17.jpg)
• DHCPv6 policies
– Subnets, prefixes, options
• DUID matching
DHCP for IPv6 deployment considerations
17
![Page 18: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/18.jpg)
• Forward domains
– Commonly the same, e.g., btdiamondip.com
• Reverse domains
– Zones required for DNS administrative delegation
within network scope
– ip6.arpa zone(s)
• Resource records
– AAAA, PTR required for navigability to hosts
– Publishing AAAA will encourage IPv6 connectivity
– Other RRTypes – CNAME, DHCID, SRV, etc.
18
DNS association with the IPv6 address plan
![Page 19: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/19.jpg)
IPv6 DNS Resource Record Types
• AAAA = IPv6 address
host.btdiamondip.com IN AAAA 2001:db8:b7::a8e1
• PTR = pointer 1.e.8.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.b.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
IN PTR host.btdiamondip.com
Easier:
$ORIGIN 0.0.0.0.7.b.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
1.e.8.a.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR host.btdiamondip.com
2001:db8:b7::a8e1
1.e.8.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.b.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
Expand
Reverse
2001:0db8:00b7:0000:0000:0000:0000:a8e1
1e8a:0000:0000:0000:0000:7b00:8bd0:1002
Domain-ize
![Page 20: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/20.jpg)
Source and destination address selection
• RFC 3484 algorithm input:
– Candidate source addresses - based on sending host’s
configured IPv4 and IPv6 addresses
– Destination addresses – derived from DNS queries* for types A
& AAAA (getaddrinfo() sockets call)
* Name resolution may alternatively be provided by hosts.txt file, other naming
systems or NetBIOS lookups for Windows systems
![Page 21: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/21.jpg)
DNS implications of address selection
• Major host OSs will attempt to connect via IPv6 first
• Provision of AAAA records for a host will trigger querying
dual-stack hosts to connect via IPv6 if possible
• Provision of A records for a host will provide an alternate
connection address should IPv6 not be feasible
• Policy table best match will drive source-destination
address selection
![Page 22: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/22.jpg)
• Delegating reverse zones
• Managing PTRs in reverse zones
• Managing AAAA in forward zones
22
DNS for IPv6 deployment considerations
![Page 23: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/23.jpg)
• Free?
• IPAM lifecycle
– Block/subnet allocations, renumbering
– Host address assignment
– DHCP, DHCPv6 server configuration
• Pools, prefixes, options, policies, client classing
– DNS server configuration
• Zones, resource records
• Cost of provisioning time, error detection & correction
– Duplicate allocations and assignments
– Miscorrelation spreadsheet DHCP/v6 server configuration
– Miscorrelation spreadsheet DNS server configuration
• Cost of [mis-]management
– Auditing IP space, accountability, multi-user, reporting
The cost of spreadsheets
23
![Page 24: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/24.jpg)
• IPv6 subnet allocation and host
assignment via mouse clicks, not typing
hex!
– Automated ip6.arpa. domain creation
– Automated IPv6 host assignment via templates
– Track dual stack hosts
– Automated AAAA/PTR record creation
– Deployment of configurations to DHCP/DNS
servers
IPv6 address management
24
![Page 25: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/25.jpg)
IPv6 deployment – High level process
• Deployment planning
– Discovery, assessment, design
– Timeline and budget
• Managing deployment
– Resource allocation
– Plan execution
• Post-deployment
– Managing your IPv4-IPv6 network
![Page 26: IPv6 address management for IPv6 assessment, deployment ......• IPAM lifecycle – Block/subnet allocations, renumbering – Host address assignment – DHCP, DHCPv6 server configuration](https://reader034.vdocuments.site/reader034/viewer/2022051510/5fec50f742fc584c63732f26/html5/thumbnails/26.jpg)
IPAM a critical ingredient to IPv6 deployment
• Baseline current IPv4 address allocations
– Various discovery mechanism enable documentation and
baselining of current IPv4 foundation on which to deploy IPv6
• Define IPv6 address plan
– Logical containers and automated block allocation facilitate
development of IPv6 address plan as overlay on IPv4 baseline
• Track your addressing plan during deployment
– Use of block states enables pre-allocations then “in-production”
states
• Manage IPv4-IPv6 space ongoing
– Intuitive management of dual stack networks
Discover/
Baseline
Plan
Deployment
Execute
Deployment
Manage
IPv4/IPv6
Network