ipv6-strategic-planning-framework
TRANSCRIPT
IPv6 Strategic Planning Details
YOUR ORG ID
Architectural Model
Planning and coordination is required from many across the organization, including …
Network engineers & operators Security engineers Application developers Desktop / Server engineers Web hosting / content developers Business development managers …
Create a project team & plan Identify business value, requirements & impacts Assess equipment & applications for IPv6 Begin training & develop training plan Develop the architectural solution Obtain a prefix and build the address plan Define an exception process for legacy systems Update the security policy Deploy IPv6 trials in the network Test and monitor your deployment
IPv6 Planning Steps
Project Manager (PM) Executive Sponsor Team Member Team Member Team Member Across IT
Security Server Admins Desktop Support Application Developers
IPv6 Project Team
Create Executive Briefing Assign key IT resources, Project Manager (PM)
Build the team Document the process
Aligned to overall IT strategy Develop timeline
Define measurable Align to lifecycle management
Include IPv6 as part of upcoming projects Vendor selection, RFP’s, cloud, SDN, etc..
IPv6 Project Plan
The adoption of IPv6 worldwide provides a practically unlimited number of device addresses
Globalization has necessitated the need to communicate with customers and branch offices in regions that had only IPv6 accessibility
ARIN, the North American address authority has exhausted its public IPv4 address allocation
As IPv6 is adopted worldwide, Public Internet resources will be transitioning to IPv6
Ability to provide IPv6 support to current and potential I-NET customers
Benefits of IPv6
"You don’t need a business case for IPv6. It’s a business continuity solution.” – IPspace.net
Communications with agencies and partners using IPv6 security framework
Our Internet providers and peers currently support IPv6 IPv6 features more efficient routing and improved data
transmission speeds Our network infrastructure is IPv6 ready
Benefits of IPv6 Cont.
8
Must be low-cost and low-risk Must co-exist with existing IPv4 infrastructure Must allow access to public IPv4 Internet Must be incrementally deployable Must understand the cost of adding a new services Must not impact existing services. Nobody should know the integration occurred
Requirements for any IPv6 Transition Strategy
Need of large volume of devices that have to be readdressed Need of security rules and functions to be addressed (IPv6 maturity in
security products) Requirement of Staff with technical knowledge of IPv6 Possibility of attack as the attackers might have more expertise with IPv6
than an organization in the early stages of deployment. Need of good understanding of addressing impact on hardware requirement Requirement of Audit of any associated services and devices that may be
impacted by IPv6 transition. Difficulty in detecting and managing unknown or unauthorized IPv6 assets
on existing IPv4 production networks.
Challenges in migration from IPv4 to IPv6
A key and mandatory step to evaluate the impact of IPv6 integration May be split in several phases
Infrastructure – networking devices and services systems Applications, servers, storage, services, clients Hardware type, memory size, interfaces, CPU load… Software version, features enabled, license type… Known limitations, best practices, etc…
Defined set of features per device’s category for a specific environment Break down into “places in the network” for a more accurate assessment
Core, data center, Internet edge, WAN, wired access, wireless access Cost analysis and time lines
Readiness Assessment
10
Core & Distribution Access Layer ISP Applications Host OS’s Security devices (FW, IPS, SEIM)
IPv6 Assessment Results
Pre architecture deployment team training Onsite Online Confernece, Cisco Live, Task Force
Security team Application developers Expertise garnered by the initial deployment team is spread
throughout the organization Server Admin’s, desktop support, operations
IPv6 Training Plan
PI vs. PA, spanning RIR geography Infrastructure addressing Dual Stack Network, subnet planning ULA vs. Global Host assignment (SLAAC or DHCPv6) Multi home, multi provider (BGP)
IPv6 Architectural Strategy
Windows XP Mainframe Printers
Exception Plan for Legacy Devices
Do you support dual stack peering? Do you have a separate (SLA) for IPv6? Do you support BGP peering over IPv6? Do you have a FULL IPV6 route table? What is the maximum prefix length?
What about DNS…
Checking in with the ISP
Similarities to IPv4 ICMPv6 (PTB, NA, NS) Extension Headers Bogons BCP38, RFC2827 Access layer (Wired & Wireless)
Update to Security Policy
Internal phase Core, Distribution Access (Wired, Wireless) WAN Data Center
External Phase Carrier, provider capabilities Web, Mail, DNS, SLB Security (FW, IPS, Edge Router)
IPv6 Deployment Phases
Security Event Incident Management (SEIM) NOC, network management tools Configuration management database Handheld Testing tools (LanDroid, IPv6 toolkit) Wireshark IPAM, DHCPv6, Radius logs Server logs
Testing & Monitoring IPv6
Legacy IP as a service Removing support for legacy IP More test and monitor
Sunsetting IPv4