German Roadshow IPv6 in Germany s Public Administration. Heinz-werner.schuelting@devoteam.com

Similar documents
Network and Addressing Design for IPv6 Transition

NTT - A global IPv6 deployment case study

ZAV Germany a member of the European EURES-Network

TABLE OF CONTENTS. Section 5 IPv Introduction Definitions DoD IPv6 Profile Product Requirements...

Living & Working in Germany. Sabine Seidler, Welcome to Germany!

GEN6 Roadshow in Berlin: Coconut war : IPv6 cloud services in high load scenarios

Turin, October Mr. Betz, Tilman and Mrs. Bümmerstede, Julia. Living and Working in Germany

EU Cross-border e-id & Safety Services Antonio Skarmeta Gómez Universidad de Murcia. IPv6@GOV workshop Brussels, January, 2013

IPv6 Broadband and Cable NANOG46 John Jason Brzozowski

IPv6 Migration Challenges for Large Service Providers

6WiN IPv6 in the DFN

MOBILE VIDEO WITH MOBILE IPv6

Cost and Activity Accounting in the German Surveying Administrations

ITL BULLETIN FOR JANUARY 2011

Internationalisation and Health Care Export S. von Bandemer University of Applied Sciences, Gelsenkirchen Institute Work and Technology, Science Park

Using IPsec VPN to provide communication between offices

APRICOT-APAN 2011, Hong Kong IPv6 Transition Conference 22 February C. K. Ng

IPv6 Tunneling Over IPV4

Internet Operations and the RIRs

F5 Silverline DDoS Protection Onboarding: Technical Note

ENTERPRISE CONNECTIVITY

Strategies for Getting Started with IPv6

BT 21CN Network IPv6 Transformation

IPv6 The Big Picture. Rob Evans, Janet

IPv6 deployment status & Migration Strategy

This chapter covers four comprehensive scenarios that draw on several design topics covered in this book:

Residential IPv6 IPv6 a t at S wisscom Swisscom a, n an overview overview Martin Gysi

LONG: Laboratories Over Next Generation Networks.

CRISIS, CONSOLIDATION AND FISCAL FEDERALISM IN GERMANY IMPLEMENTATION OF THE DEBT BRAKE AND THE STABILITY COUNCIL

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

Lessons and Insights from

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009

Constructing High Quality IP Core Network

Basic IPv6 WAN and LAN Configuration

How will the Migration from IPv4 to IPv6 Impact Voice and Visual Communication?

Introduction to The Internet

CIRA s experience in deploying IPv6

ELEC3030 (EL336) Computer Networks. How Networks Differ. Differences that can occur at network layer, which makes internetworking difficult:

LOAD BALANCING WITH SDN/NFV

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

ProCurve Networking IPv6 The Next Generation of Networking

Preparing VoIP and Unified Communications Systems for IPv6 Technical Summary September 2014

Enterprise Network Simulation Using MPLS- BGP

6CHOICE Role of collaborative experiments in IPv6 deployment plans. Dr. Sathya Rao Telscom/ETSI, Switzerland

Selected Facts and Figures about Long-Term Care Insurance

An Introduction to Orange IPv6 Strategy

Next Generation Internet Address (IPv6) Transition Plan

IEEE GLOBECOM 2009 Deploying IPv6 at AT&T

Uli Bornhauser - Peter Martini - Martin Horneffer Scalability of ibgp Path Diversity Concepts

Interconnecting IPv6 Domains Using Tunnels

Peering in Hong Kong. Che-Hoo CHENG CUHK/HKIX

Introduction to The Internet. ISP/IXP Workshops

IPv6 CPE Device Development and Deployment. APNIC 32 Busan, South Korea Aug. 30 th 2011

ABC SBC: Securing and Flexible Trunking. FRAFOS GmbH

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Daniel O. Awduche, MBA, PhD.

Firewalls und IPv6 worauf Sie achten müssen!

Parlay VoXip Voice over IP Gateway ISDN /VoIP (SIP) conversion + advanced call routing features. Unique Voice over IP Gateway / ISDN to SIP converter

CITS1231 Web Technologies. Client, Server, the Internet, and the Web

Whitepaper IPv6. OpenScape UC Suite IPv6 Transition Strategy

State of Berlin. Investor Presentation. June Page 1. Land Berlin/Thie

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

IPv6 over IPv4/MPLS Networks: The 6PE approach

IPv6 Deployment in a Global IT Service Company

SANS Technology Institute Group Discussion/Written Project. The Rapid Implementation of IPv6 at GIAC Enterprises

A Case Study Design of Border Gateway Routing Protocol Using Simulation Technologies

Improving the Microsoft enterprise. network for public cloud connectivity

Adaptive-Mesh for Mobile Core Networks. Edge-controlled multi-service core network by Optimum Communications Services, Inc.

The LHC Open Network Environment Kars Ohrenberg DESY Computing Seminar Hamburg,

IAB IPv6 Multi-Homing BOF. Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI

Passive Measurement in CSTNET

Stateful Network Address Translators (NAT) Xiaohu Xu Dean Cheng IETF75, Stockholm

Dual Training at a Glance. Last update: 2007

TAXONOMY OF TELECOM TERMS

The Egyptian IPv6 TF

Call Centers in Berlin

Framework Contract no: DI/ Authors: P. Wauters, K. Declercq, S. van der Peijl, P. Davies

Ensuring a Smooth Transition to Internet Protocol Version 6 (IPv6)

Jarkko Kuisma

Demonstrating the high performance and feature richness of the compact MX Series

IPv6, Perspective from small to medium ISP

Policy Implementation and Experience Report. Leslie Nobile

IPv6 Practices on China Mobile IP Bearer Network

Current status and the future direction of IPv6 in Japan. November, 2011 IPv4 Address Exhaustion Task Force, Japan

Computer Networks III

Sprint Global MPLS VPN IP Whitepaper

Virtual Privacy vs. Real Security

ALLNET ALL-VPN10. VPN/Firewall WLAN-N WAN Router

Using LISP for Secure Hybrid Cloud Extension

Verizon Managed SD WAN with Cisco IWAN. October 28, 2015

Modern Firewalls Security Management in Local Networks

Public electronic procurement in Germany

CPE requirements and IPv6. Ole Trøan, February 2010

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address

Towards a virtualized Internet for computer networking assignments

Unit 5: Quer durch Deutschland. Auf geht's! Cultural Targets

TCP and UDP with Bigger Addresses (TUBA), A Simple Proposal for Internet Addressing and Routing

Transcription:

German Roadshow IPv6 in Germany s Public Administration Heinz-werner.schuelting@devoteam.com

IPv6 in Germany s Public Administration IPv6 enabling of Government Infrastructures Management of the IPv6 address space Routing

IPv6 in Government Networks (1) Networks of the Central Government Netze des Bundes (NdB, Networks of the Central Government) was designed based on a IPv6-Infrastructure prepared for the new generation of IP-Addresses und -Technologies Informationsverbund Bonn-Berlin (IVBB, Information Network Bonn- Berlin): 2009: Request to the service provider of IVBB, to implement only IPv6 enabled components in the future Krypto-Infrastructure is not IPv6-enabled. Replacement planned within the IVBB-CR SiReKo (Sichere Regierungs-Kommunikation, Secure Government Communication). Informationsverbund der Bundesverwaltung / Bundesverwaltungsnetz (IVBV/BVN, Network of the central administration): the central network components were proved to be IPv6 enabled, Migration to IPv6 was planned during this year. 3

IPv6 in Government Networks (2) Networks of Municipalities Citkomm: Enabling a municipal datacenter's network and infrastructure for IPv6 within GEN6 project IPv6 was successful added and proved to the network concept for autonomous system (AS) integration Successful external validation of AS-concept Transition of DOI network access point to IPv6 Detailed concept and implementation of test network for application evaluation Enabling WAN-link to Fraunhofer FOKUS test bed based on WAN gateway implementation Enabling further services in WAN gateway Gateway connection for national TESTAng gateway opened for tunnel communication (IPv6 over IPv4) at national gateway 4

Terminal DOI security DOI operations IPv6 in Government Networks (3) Interconnection Network DOI DOI application e-government and DOL applications (e.g. 115, registration, civil status matters) DOI services DNS P Secure email P PKI Video conferencing (P) Networks of Federal States Local administration networks Federal administration networks Access to EU Firewalls Crypto Systems DOI services (basic and added-value services) DOI backbone IPv4/IPv6 dual stack IPv6-enabled infrastructure DOI transport IPv4/IPv6 Dual Stack Backbone P Central services P 1 Security Ggateway P Crypto System (intermediate version P, final version with dual stack end of 2014)

Management of the IPv6 address space Implementation of SubLIRs 11 SubLIRs are in operation 8 federal states have no operative SubLIR In Operation Sub-LIR DOI Sub-LIR NdB Sub-LIR NRW Kommunen Sub-LIR Berlin Sub-LIR Niedersachsen Sub-LIR Meck.-Vorpommern Sub-LIR Bayern Sub-LIR Schleswig-Holstein Sub-LIR Hamburg Sub-LIR Hessen Sub-LIR Sachsen 6

Management of the IPv6 address space Challenges: A significant part of addresses are not (yet) announced to the internet. Some addresses and responsibilities cannot be published (e.g. in the RI-DB) The address space based on long-term considerations. Therefore the address plan contains reserves, i.e. at the beginning the HD Ratio is small compared with the RI requirements. On the other hand, implementation of the address plan shows that the present /26 will be too small. Solution approach Adjustment of the corresponding RI Policies 589, 513 to the requirements of the public administration. Proposal was prepared and discussed with RI, common approach with EU and member states planned

Status and Plan Assignment of a /26 (plan /19) address space de.government First local IPv6 Pilots of the de.government address space Start Piloting IPv6 in DOI Start Implementation of SubLIRs Going into operations of IPv6 in DOI Completion of the implementation of the LIR de.government Implementation of Dual Stack Complete Implementation of SubLIRs Q4/09 Q3/10 Q4/10 Q2/11 Q4/12 Q4/11 Q4/14 Q4/15??

Allokation de.government: /26 Routing /32 Splits the /26 in 64 /32 blocks Target: well structured networks Transparent networks, hierarchical routing (with some well defined exceptions) Each /32 will be implemented locally (i.e. per federal state) by the corresponding Sub-LIR

Routing Internal Routing 3 IT-NetzG: For data communication between the central government and the federal states the interconnection network (=DOI) has to be used. Can IPc6 routing support the implementation of this law? (de.gov addresses will be routed over government networks) Municipalities are not necessarily connected to a state network Certain institutions of (different) federal states (part of the corresponding SubLIR) may be connected by a separate network Many services are only reached over the internet What is the normal case and what is the exception? DOI M1-1 M1-2 St2 NWx Internet NWy M2-1 Solution approach Routing concept in preparation SubLIR 1 SubLIR 2

Routing External Routing (1) Different local networks (e.g. networks of federal states) have their own Internet access. Local announcement of the /32s (and possibly of smaller adress spaces) Central Internet Access Point Firewall Internet Routing of small address spaces is not ensured DOI Border: Router A Solution approach Routing agreements with ISPs ( green cloud ) Central routing instance (Routingfallschirm) Possibly central announcement of the /26 DOI Enlargement of the address space (see above) Firewall Concept in preparation local ISP Border Router B U1 U2 U3 11

External Routing (2) Routing Routing umbrella, first step: Monitoring of misrouted packets Monitoring

External Routing (3) Routing Routing umbrella, second step: Rerouting of misrouted packets

IPv6 in Germany s Public Administration Discussion & Questions Mail: HeinzWerner.Schuelting@bmi.bund.de Heinz-Werner.Schuelting@devoteam.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information