This session is: Deploying IPv6 in a Microsoft Enterprise Network

Similar documents
Advanced IPv6 Design and Deployment for

IPv6 Security: How is the Client Secured?

1. Introduction to DirectAccess. 2. Technical Introduction. 3. Technical Details within Demo. 4. Summary

CIRA s experience in deploying IPv6

IPv6 Troubleshooting for Helpdesks

IPv6 en Windows. Juan Jackson Pablo García

DirectAccess in Windows 7 and Windows Server 2008 R2. Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team

IPV6 DEPLOYMENT GUIDELINES FOR. ARRIS Group, Inc.

IPv6 Troubleshooting for Residential ISP Helpdesks

SECURITY IN AN IPv6 WORLD MYTH & REALITY. SANOG XXIII Thimphu, Bhutan 14 January 2014 Chris Grundemann

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date

Secure64. Use cases for DNS64/NAT64

EXAM Recertification for MCSE: Server Infrastructure. Buy Full Product.

NTT - A global IPv6 deployment case study

Matt Ryanczak Network Operations Manager

Behavioral Differences Regarding DNS Queries and Domain Name Resolution in Different OSs

IPv6-only hosts in a dual stack environnment

Installing and Configuring Windows Server 2012

Modern Multi-factor and Remote Access Technologies

Operational Problems in IPv6: Fallback and DNS issues

Real World IPv6 Migration Solutions. Asoka De Saram Sr. Director of Systems Engineering, A10 Networks

Configuring IP Addressing and Services

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

IPv6 Network Security.

IPv6 End Station Addressing: Choosing SLAAC or DHCP Jeff Harrington - NYSERNet

IPv6 Transition Work in the IETF

Microsoft Present and Future

Developing an IPv6 Addressing Plan Guidelines, Rules, Best Practice

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

Deploying IPv6 at Scale As an ISP. Clinton Work Member of the TELUS team October 2015

Dedication Preface 1. The Age of IPv6 1.1 INTRODUCTION 1.2 PROTOCOL STACK 1.3 CONCLUSIONS 2. Protocol Architecture 2.1 INTRODUCTION 2.

Personal Firewall Default Rules and Components

Basic IPv6 WAN and LAN Configuration

IP Gateways. Gdansk University of Technology Mariusz Stankiewicz 24th March 2011

Bring your virtualized networking stack to the next level

LogMeIn Hamachi. Getting Started Guide

IPv6 TRANSITION TECHNOLOGIES

Use Domain Name System and IP Version 6

Joe Davies. Principal Writer Windows Server Information Experience. Presented at: Seattle Windows Networking User Group June 1, 2011

MS-6416: Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

About the Technical Reviewers

6421B - Windows Server 2008 R2 Network Infrastructure

Charter Text Network Design and Configuration

With a little bit of IPv6 magic: Windows 7 DirectAccess

Networking with Windows Server vb. Day(s): 5. Version: Overview

Implementing IPv6 in the Enterprise A Planning Guide

WW HMI SCADA-08 Remote Desktop Services Best Practices

COURSE OUTLINE MOC 20413: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

DNS stub resolver behavior of IPv6 ready hosts

APNIC IPv6 Deployment

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

Bump In Host a Host-based IPv4 to IPv6 Translation

NE-6416D Updating Your Windows Server 2003 Technology Skills to Windows Server 2008

Securing the Transition Mechanisms

Release Version 4.1 The 2X Software Server Based Computing Guide

Qualifying Microsoft Training for Software Assurance Training Vouchers (SATVs)

Deploying IPv6, Now. Christian Huitema. Architect Windows Networking & Communications Microsoft Corporation

Course Outline. Course 6421B : Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

SANS Technology Institute Group Discussion/Written Project. The Rapid Implementation of IPv6 at GIAC Enterprises

Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

CGN Deployment with MPLS/VPNs

Configuring & Troubleshooting Windows 2008 Server 2008 Network Infrastructure

MS-6416D: Updating Your Windows Server 2003 Technology Skills to Windows Server 2008

IPv4/IPv6 Transition Mechanisms. Luka Koršič, Matjaž Straus Istenič

Inside Cisco IT: Making the Leap to IPv6

Updating Your Windows Server 2003 Technology Skills to Windows Server 2008

ProCurve Networking IPv6 The Next Generation of Networking

Building Your Complete Remote Access Infrastructure on Windows Server 2012

Owner of the content within this article is Written by Marc Grote

IPv6 Tunneling Over IPV4

Pluralsight Training Pre-Approved for CompTIA CEUs

IPv6 Preparation and Deployment in Datacenter Infrastructure A Practical Approach

Microsoft Configure and Troubleshoot Windows Server 2008 Network Infrastructure

MS 6421 Configuring and Troubleshooting a Windows Server 2008 Infrastructure

How to Install and Configure the DHCP Service in Windows Server 2008 R2

GB-OS Version 6.2. Configuring IPv6. Tel: Fax Web:

FINANCIAL SERVICES BOARD

MS 50292: Administering and Maintaining Windows 7

IPv6 for SMB s: Easy or Hard?

IPv6 Integration in Federal Government: Adopt a Phased Approach for Minimal Disruption and Earlier Benefits

Campus IPv6 connection Campus IPv6 deployment

R4: Configuring Windows Server 2008 Network Infrastructure

Strategies for Getting Started with IPv6

Microsoft Azure Configuration

Deployment of IPv6 protocol in broadband networks. Dmitry Sakharchuk

IPv6 at the University of Southampton (ECS)

IPv6-Only. Now? Sites. Deutscher IPv6 Kongress June 6/7, 2013 Fr ankfur t /Ger many. Holger.Zuleger@hznet.de

Residential IPv6 IPv6 a t at S wisscom Swisscom a, n an overview overview Martin Gysi

Step-by-Step Guide for Setting Up IPv6 in a Test Lab

Tech-Note Bridges Vs Routers Version /06/2009. Bridges Vs Routers

MS-6421A - Confgure and Troubleshoot a Windows Server 2008 Network Infrastructure

Release Notes. Contents. Release Purpose. Pre-Installation Recommendations. Platform Compatibility. Dell SonicWALL Global VPN Client 4.

2015 Spring Technical Forum Proceedings

Configuration Management: Best Practices White Paper

Attachment #1 Backup Schedule

IPv6 - A Quick Introduction

Deploying IPv6-only Samba 4 Environments

Firewalls und IPv6 worauf Sie achten müssen!

Agency Pre Migration Tasks

Transcription:

This session is: Deploying IPv6 in a Microsoft Enterprise Network Level: 100/200 Abstract: The presentation is focused on the basic deployment items that system and network administrators need to pay attention to for Enterprises networks that are primarily Microsoft focused. Topics covered include default IPv6 behavior of different Windows OS's, when transition technologies are enabled, what Microsoft products will use IPv6 and deployment guide modifications for Exchange, DirectAccess, Forefront UAG and TMG. In addition, if time allows, some design challenges around DHCP and DNS and how Windows 7 will behave vs Apple OSX or Linux implementations. 1

Deploying IPv6 in a Microsoft Enterprise Network Ed Horley Date: April 27, 2011 Attribution-Noncommercial-Share Alike 3.0 Unported Rocky Mountain 2011 IPv6 Summit

Ed Horley ehorley@gw-mail.com Contact Co-Chair CAv6TF ed@cav6tf.org howfunky.com ed@howfunky.com 3

Real Quick: What is NOT covered Justifying or creating a business case Creating a DETAILED deployment plan The arguments for why to do IPv6 (really?) Every weird corner case you can come up with to stump me 4

What we are going to cover: Checklists Microsoft products with IPv6 support Understanding OS behavior with IPv6 Overview of transition technologies Design challenges Long-term considerations Reference links Afterthoughts 5

What everyone really wants to ask is. Can I get the quick outlined solution please? 6

The Snapshot 1. Acquire Provider Independent IPv6 space 2. Do native IPv6 peering or use a tunnel service 3. Get external firewall and external routing working 4. Trial public IPv6 with external DNS and Mail 5. Evaluate transition services as needed 7

The Snapshot 6. Test your applications in a lab 7. Get internal IPv6 routing, DNS & DHCP working 8. Dual stack your servers 9. Provide dual stack to your workstation vlans 10.Deploy VPN dual stacked 8

The Snapshot Diagram IPv6 2000::/3 1 & 2 3 & 4 5 10 Transition Service Mail DNS External Client 6 7, 8 & 9 Internal Server Internal Client Lab RA+SLAAC+DHCPv6 = DHCPv4 9

10 Can you put this in some checklists?

Pre-Deployment Checklist Do an audit of your environment to get: OS Support of IPv6 Network Equipment Support of IPv6 Service Provider Support of IPv6 Hosting Provider Support of IPv6 3 rd Party Partner / Vendor / App Support of IPv6 From all that you can do the next steps: Design and Planning Deployment / Transition Timeline 11

Pre-Design & Planning Checklist Once you know where you are put a design and plan together, it should cover items like: Resources required (people mainly) Training requirements (of those people) Network equipment replacement or upgrades Coordinating with your service and/or hosting provider Determining which 3 rd Party Partner / Vendor / App support of IPv6 you require if any Budget estimates (people and equipment) 12

Design Motto Go Native where you can Credit: Lauren Hogg Tunnel where you must 13

Design Checklist Design: Be specific in what you NEED to be IPv6 and what you WANT to be IPv6 not everything has to run it Move from the edge back to the core if you can leverage transition technologies, dual stack where you can and tunnel where you must Pick forgiving applications to move and test first Use the same SLA s you have built for IPv4 for IPv6 Test 3 rd Party Partner / Vendor / App Support of IPv6 it often (at least now) isn t accurate 14

Planning Checklist Planning: Build a team (network, systems, app, dev, db, finance and those pesky security folks too) give them resources If at all possible, fit the move to IPv6 into your regular change and upgrade process avoid making it an out of band upgrade or one off Training often needs to happen BEFORE design and deployment Knowledge transfer is key bring back the lunch and learns to pass along the IPv6 knowledge 15

Deployment Checklist Deployment: Reference deployment guides (Cisco, Microsoft, etc.) a lot of smart people did a lot of work for you Make sure to test both IPv6 and IPv4 behavior after a change has been made Test your monitoring tools on the lab first (seems obvious lots of heartache here) Test IPv6, then dual stack behavior to see if there is a difference Don t remove IPv4 (for now) unless there is a specific need 16

Can an IPv6 deployment fit in my regular upgrade cycle? That is how you SHOULD deploy IPv6! 17

What Microsoft Products work with IPv6? There are two tiers 18

Microsoft Products with IPv6 Support Windows Server 2008R2, 2008, 2003* Windows 7, Vista, XP* Exchange 2007 & 2010 DirectAccess Forefront UAG/TMG * SharePoint SQL Server 2008 System Center * - Utilizes IPv6 for specific function but has limitations 19

Microsoft Products without IPv6 Support Microsoft Lync Microsoft OCS Xbox 360 20

Is there OS behavior I should look out for? Of course! 21

Understanding OS Behavior with IPv6 IPv4 & IPv6 Dual Stack behavior If both IPv4 and IPv6 addressing are available the majority of OS s will utilize IPv6 first The typically combination is DNS queries happening across IPv4 to resolve a name to IP and getting a AAAA record then use IPv6 to access it Potential for network brokenness if the IPv6 network does NOT route properly (no route, improperly routed, blocked, etc.) 22

Understanding OS Behavior with IPv6 Microsoft has implemented some IPv6 transition services into their OS For Microsoft hosts they will do the following: Global or ULA IPv6 address (SLAAC/RA/DHCPv6 obtained) prefer If the client machine has a public IPv4 address and is non-domain joined the client will do 6to4 ISATAP this has to be explicitly enabled in DNS If none of those work it will fall back to IPv4 Teredo used on non-domain joined clients 23

Windows behavior to watch out for! The deployment guide for Exchange recommends non-domain joined Edge Transport servers The deployment guide for DirectAccess (and therefore Forefront UAG server) implies it has to be the default gateway for all IPv6 traffic If you want to utilize ISATAP you have to explicitly remove it from the Global Query Block List in DNS Teredo is enabled by default it might not be ON but an API call can turn it on 24

Windows behavior to watch out for! While Forefront UAG implements DA it does NOT support native IPv6 on the external side Forefront TMG does NOT support IPv6, there is no published date for support 25

Other OS behavior to watch out for! If you utilize DHCPv6 Windows will behave fine but Linux and OSX might have some issues getting IPv6 DNS resolver information OSX Lion beta has implemented DHCPv6 support, prior versions only support RFC6106/5006? Linux still seems to be holding out for everyone to adopt RFC6106. In my opinion I find it highly unlikely that Microsoft will be supporting that RFC 26

You talk about 6to4, ISATAP and Teredo Do I need to know the transition technologies? 27

Microsoft IPv6 Transition Technologies Microsoft has the following transition technologies implemented in their products, specifically Win7/Vista and Server 2008/r2: 6to4 tunnel IPv6 traffic over IPv4 without having to build an explicit tunnel, uses public relays ISATAP allow dual stack nodes to tunnel on top of IPv4 utilizing an ISATAP router to forward, doesn t require multicast Teredo same function as 6to4 but works behind IPv4 NAT (able to do NAT traversal) NAT64/DNS64 in Forefront UAG convert IPv6 traffic to IPv4 traffic and intercepts DNS queries to modify them from IPv4 entries to IPv6 entries to match the NAT64 entry 28

At this point you are thinking Can What I nod are the off without Design him Challenges? noticing? 29

Design Challenges Common design mistakes: Assuming you need feature parity you want functional parity Assuming you need your entire network running IPv6 That your existing security, logging and monitoring products support IPv6 Challenges Managing and monitoring transition services Microsoft POC/Design docs use ISATAP 30

31 Q & A

My brain hasn t exploded so Can you recap? 32

Thank You! W E A N S W E R T H E C A L L

Long-term Issues Can you see a day when I am only running IPv6? 34

Reference links Microsoft links: Microsoft IPv6 page http://www.microsoft.com/ipv6 IPv6 Source/Dest Address selection process - http://technet.microsoft.com/enus/library/bb877985.aspx Microsoft Infrastructure Planning and Design Guides - http://technet.microsoft.com/en-us/library/cc196387.aspx Microsoft Exchange: Understanding IPv6 Support in Exchange 2010 - http://technet.microsoft.com/en-us/library/gg144561.aspx Cisco links: Cisco Validated Design - http://www.cisco.com/en/us/netsol/ns817/networking_solutions_program_home.html IPv6 Addressing Plan from RIPE: RIPE IPv6 Address Planning Guide - http://www.ripe.net/training/material/ipv6-for- LIRs-Training-Course/IPv6_addr_plan4.pdf 35

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information