IPv6 Network Management. touch@coe.psu.ac.th

IPv6 Network Management touch@coe.psu.ac.th

Outline Introduction Managing IPv6 networks SNMP over IPv6 Management platforms Management tools IPv6 LAN IPv6 MAN/WAN Examples/Demos

Introduction Manage a network: What is it? A set of functions permitting: Inventory Topology Security Monitoring Reporting...

Introduction IPv6 networks deployed: Most are dual stack LANs (campuses, companies, ) MANs WANs - ISPs IXes Testbeds, pilot networks, production => Management tools are needed Which applications are available for managing these networks? Equipment, configurations, IP services (servers : DNS, FTP, HTTP, )

Introduction SNMP Model:

IPv6 MIBs status MIBs are essential for the network management SNMP-based applications are widely used SNMP relies upon MIBs Need to have MIBs containing IPv6 information Can query IPv4/IPv6 information independent of whether IPv4 or IPv6 is used for transport

Standardization status At the beginning: IPv4 and IPv6 MIBs are separate Today : Unified MIBs are available

IPv6 MIBs implementation Cisco Cisco has long supported IP-MIB and IP-FORWARD MIB in IPv4 CISCO-IETF-IP-MIB and CISCO-IETF-IPFORWARDING-MIB are IPv6 MIBs that are defined as being protocol-independent, but are implemented only for IPv6 objects and tables In Cisco IOS Release 12.2(33)SRC, IP-MIB and IPFORWARD-MIB were updated to RFC 4293 and RFC 4292 standards Information is available from CLI show interface accounting

IPv6 MIBs implementation Juniper The JUNOS IPv6 and ICMPv6 MIB provides support for the JUNOS implementation of IPv6 and ICMPv6 MIB based on (old) RFC 2465 with different counters for IPv4 and IPv6 traffic Or based on filters to collect IPv6 traffic: Eg. Geant monitoring => Expected : unified MIBs implementation

IPv6 MIBs implementation Hitachi Routers (GR2000/GR4000) and Switches (GS4000) support IPv6 standard MIBs: RFC 2452: TCP/IPv6 RFC 2454: UDP/IPv6 RFC 2465: IPv6 RFC 2466: ICMPv6 The unified MIBs are not implemented yet

IPv6 MIBs implementation Net-SNMP Net-SNMP is a suite of applications used to implement SNMP v1,v2c and v3 using both IPv4 and IPv6 Available at http://net-snmp.sourceforge.net IPv6 support from version 5.0 RFC 2452: TCP/IPv6 RFC 2454: UDP/IPv6 RFC 2465: IPv6 RFC 2466: ICMPv6 RFC 3291: textual convention for representing Internet Address

SNMPv3 and IPv6 Simple Network Management Protocol Version 3 (SNMPv3) Protocol had support since RFC 2465 (IPv6 MIB) and later with the update of the IP MIB (included both IPv4 and IPv6) - RFC 4293 Monitoring and management application support has been the long pole By now, most applications support basic SNMPv3 queries over IPv6 (Cisco, Juniper, HP, etc) Microsoft Server 2008 and Windows 7 do not support SNMPv3 at all (support is available in Server 2012 and Windows 8)

NetFlow/SFlow/JFlow and IPv6 All protocol used for NAT table matching, performance monitoring, link utilization, link saturation, etc. NetFlow (Cisco proprietary) Version 9 ONLY Natively will only go over IPv4 On the interface: ipv6 flow ingress ipv6 flow egress Global: ipv6 flow-aggregation cache source-prefix export version 9 export destination 172.16.X.X 2057 mask source minimum 64

NetFlow/SFlow/JFlow and IPv6 NetFlow (Cisco proprietary) - cont. Netflow specific: ipv6 flow-export version 9 ipv6 flow-export destination 10.1.X.X 2055 ipv6 flow-export template options export-stats ipv6 flow-export template timeout 60 ipv6 flow-export template refresh-rate 10 ipv6 flow-aggregation cache protocol-port cache timeout active 1 enabled

NetFlow/SFlow/JFlow and IPv6 SFlow (open standard) SFlow used in more open-oriented devices (HP Procurve, Brocade, Juniper, NEC, Extreme, and Cisco as well) Configurations vary widely depending upon the device JFlow (Juniper proprietary) Version 9 support for IPv6 Require a separate license JFlow (Juniper proprietary) - Configs Global enable: set inline-jflow source address 1.1.1.1

Managing an IPv6 network Dual stack IPv6 networks Native IPv6 Not so common yet Important to keep in mind DS is not forever One IP stack should be removed one day No reasons for network administrators to face the amount of work twice

Dual Stack IP networks Part of the monitoring via IPv4 Connectivity to the equipment Tools to manage it (inventory, configurations, counters, routing info, ) Remaining part needs IPv6 MIBs IPv6 support NetFlow (v9)

Native IPv6 networks Topology discovery (LAN, WAN?) IPv6 SNMP agent SNMP over IPv6 transport

SNMP over IPv6 Cisco: SNMP over IPv6 is shipping in 12.0(27)S1 This version lacks some IPv6 capability Also supported from 12.3(14)T, 12.4M and 12.4T, covering platforms from 1700 to 7500 Syslog over IPv6 is available from 12.4(4)T Hitachi SNMP over IPv6 is available 6WIND SNMP over IPv6 is available

Monitoring tools for IPv6 networks For a LAN: Nagios => Incinga Argus MRTG For a MAN/WAN AS PATH tree Weather map Netflow Rancid Looking Glass

IPv6 LAN management: Nagios Available at www.nagios.org Administration of network: PCs Switches Routers Administration of services: HTTP, FTP, DNS Evolution: new features can be added with plug-ins