Skip the Transitions, Jump Straight into IPv6

Similar documents
Cloud Networking From Theory to Practice" Ivan Pepelnjak NIL Data Communications"

Automating Network Security

SIIT-DC: IPv4 Service Continuity for IPv6 Data Centres. Tore Anderson Redpill Linpro AS RIPE69, London, November 2014

Data Center Fabrics What Really Matters. Ivan Pepelnjak NIL Data Communications

Virtual Firewalls. Ivan Pepelnjak NIL Data Communications

SIIT-DC: Stateless IP/ICMP Translation for IPv6 Data Centre Environments & SIIT-DC: Dual Translation Mode

SIIT-DC: IPv4 Service Continuity for IPv6 Data Centres. Tore Anderson Redpill Linpro AS 8th Belgian IPv6 Council, Bruxelles, November 2015

Ensuring a Smooth Transition to Internet Protocol Version 6 (IPv6)

IPv6 Preparation and Deployment in Datacenter Infrastructure A Practical Approach

This story appeared on Network World at

How To Connect Ipv4 To Ipv6 On A Ipv2 (Ipv4) On A Network With A Pnet 2.5 (Ipvin4) Or Ipv3 (Ip V6) On An Ipv5

IPv6 deployment starts at the network edge

Real World IPv6 Migration Solutions. Asoka De Saram Sr. Director of Systems Engineering, A10 Networks

DirectAccess in Windows 7 and Windows Server 2008 R2. Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team

Strategies for Getting Started with IPv6

IPv6-Only. Now? Sites. Deutscher IPv6 Kongress June 6/7, 2013 Fr ankfur t /Ger many. Holger.Zuleger@hznet.de

BUILDING A NEXT-GENERATION DATA CENTER

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Strategies for Getting Started with IPv6

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Orchestrating the next generation data center

IPv6-only hosts in a dual stack environnment

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Availability Digest. Redundant Load Balancing for High Availability July 2013

IPv6 Fundamentals, Design, and Deployment

More than just Layer 2-7 Load Balancing Citrix NetScaler & CloudGateway

Telepresence in an IPv6 World. Simplify the Transition

Security implications of the Internet transition to IPv6

Web Drive Limited TERMS AND CONDITIONS FOR THE SUPPLY OF SERVER HOSTING

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc.

Brocade Virtual Traffic Manager and Microsoft Skype for Business 2015 Deployment Guide

IPv4/IPv6 Transition Using DNS64/NAT64: Deployment Issues

Next Generation Network Firewall

Palo Alto Networks. Security Models in the Software Defined Data Center

Use Domain Name System and IP Version 6

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

VMware vcloud Air Networking Guide

vshield Administration Guide

MIT s Current SIP Infrastructure. Mark Silis MIT Information Services and Technology February 2, 2006

Going Hybrid. The first step to your! Enterprise Cloud journey! Eric Sansonny General Manager!

OpenFlow and SDN: hype, useful tools or panacea? Ivan Pepelnjak Chief Technology Advisor NIL Data Communications

安 瑞 科 技 物 聯 網 對 應 用 交 付 器 (ADC) 的 需 求 及 應 用 實 例 徐 乃 丁 博 士 研 發 副 總 裁 / 技 術 長

EXPEDITING ACCESS TO V6 SERVICES: GETTING WEB CONTENT AVAILABLE OVER IPV6 QUICKLY AND AT LOW COST

NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway

Service Offerings. Ensuring IT Resources are available, reliable, scalable & manageable always.

Campus IPv6 connection Campus IPv6 deployment

White Paper A10 Thunder and AX Series Application Delivery Controllers and the A10 Advantage

Cisco-Citrix Alliance

Move over, TMG! Replacing TMG with Sophos UTM

Cisco WebEx Meetings Server

Hybrid Cloud: Overview of Intercloud Fabric. Sutapa Bansal Sr. Product Manager Cloud and Virtualization Group

Unleash the power of Cisco ACI and F5 Synthesis for Accelerated Application deployments. Ravi Balakrishnan Senior Marketing Manager, Cisco Systems

ClusterLoad ESX Virtual Appliance quick start guide v6.3

Transition to IPv6 for Managed Service Providers: Meet Customer Requirements for IP Addressing

VMware vcloud Networking and Security Overview

Securing the Transition Mechanisms

Overlay Networks: Connecting and Protecting Across Regions with Docker. Patrick Kerpan, CEO

Business Values of Network and Security Virtualization

Building a small Data Centre

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

High Availability HTTP/S. R.P. (Adi) Aditya Senior Network Architect

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION

APNIC IPv6 Deployment

MCSE: server infrastructure Syllabus

Roman Hochuli - nexellent ag / Mathias Seiler - MiroNet AG

DECODING SOFTWARE DEFINED NETWORKING (SDN) Nico Siebelink Technical Director Northern Europe

Web Application Firewall

IPv6 Fundamentals: A Straightforward Approach

How To Handle A Power Outage On A Server Farm (For A Small Business)

Configuring Windows Server 2008 Network Infrastructure

Brocade SDN 2015 NFV

A10 Networks IPv6 Overview. November 2011

The Incremental Advantage:

Copyright 2014, Oracle and/or its affiliates. All rights reserved. 2

OpenFlow and Software Defined Networking presented by Greg Ferro. Software Defined Networking (SDN)

vcloud Networking and Security Sales and Partner Use Only What is the VMware vcloud Networking and Security Product?

Container-based Network Function Virtualization for Software-Defined Networks

Virtualized Domain Name System and IP Addressing Environments. White Paper September 2010

IPv4/IPv6 Transition Mechanisms. Luka Koršič, Matjaž Straus Istenič

Load Balancing and Sessions. C. Kopparapu, Load Balancing Servers, Firewalls and Caches. Wiley, 2002.

DMZ Network Visibility with Wireshark June 15, 2010

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Top 10 Reasons Enterprises are Moving Security to the Cloud

13 Courses Quick Guide

msuite5 & mdesign Installation Prerequisites

ServerCentral Cloud Services Reliable. Adaptable. Robust.

Chapter 7. Firewalls

Transcription:

Skip the Transitions, Jump Straight into IPv6 Ivan Pepelnjak (@ioshints, ip@ioshints.info) NIL Data Communications Presentation @ 7. Slovenian IPv6 Summit organized by go6.si

Who is Ivan Pepelnjak (@ioshints) Networking engineer since 1985 Consultant, blogger (blog.ioshints.info), book and webinar author Currently teaching Scalable Web Application Design at University of Ljubljana Focus: Large-scale data centers and network virtualization Networking solutions for cloud computing Scalable application design Core IP routing/mpls, IPv6, VPN 2 NIL Data Communications 2012 Jump Straight into IPv6

IPv6 Webinars on ipspace.net Coming in 2013 IPv6 Security IPv6 Transition Mechanisms Building Large IPv6 Service Provider Networks Upcoming Internet Challenges Service Provider IPv6 Introduction Market Trends in SP Networks Enterprise IPv6 First Steps Availability Live sessions Recordings of individual webinars Yearly subscription 3 NIL Data Communications 2012 Jump Straight into IPv6 Other options Customized webinars ExpertExpress On-site workshops More information @ http://www.ipspace.net/webinars

Past Predictions We ll run out of IPv4 addresses IPv6-only mobile devices Special thanks to Majority of the content will be on IPv6 CGN will be expensive and thus avoided and/or neglected You must take control of your content 4 NIL Data Communications 2012 Jump Straight into IPv6

Content/Clients Dichotomy Source: google.com/ipv6/statistics 5 NIL Data Communications 2012 Jump Straight into IPv6

Content/Clients Dichotomy Source: http://mybroadband.co.za/news/internet/ 56241-shocking-ipv6-revelation-in-south-africa.html Source: google.com/ipv6/statistics 6 NIL Data Communications 2012 Jump Straight into IPv6

IPv6-Enabling a Typical Application Stack Outside Web servers App servers DB servers Typical reasoning Someone high enough asked us to make content available on IPv6 We don t know a thing about this new protocol Deploying IPv6 on load balancers or firewalls is too risky 7 NIL Data Communications 2012 Jump Straight into IPv6

IPv6-Enabling a Typical Application Stack Outside NAT-PT Web servers App servers DB servers Typical reasoning Someone high enough asked us to make content available on IPv6 We don t know a thing about this new protocol Deploying IPv6 on load balancers or firewalls is too risky Let s insert a NAT64 or NAT-PT box in the outside network Don t even think about doing this! 8 NIL Data Communications 2012 Jump Straight into IPv6

Typical Steps IPv4 only Losing control of user experience 9 NIL Data Communications 2012 Jump Straight into IPv6

Typical Steps IPv4 only NAT64 Losing control of user experience Why are we having performance issues? 10 NIL Data Communications 2012 Jump Straight into IPv6

Typical Steps IPv4 only NAT64 SLB64 Losing control of user experience Why are we having performance issues? Darn, we lost client IP addresses 11 NIL Data Communications 2012 Jump Straight into IPv6

Typical Steps IPv4 only NAT64 SLB64 Dual-stack servers Losing control of user experience Why are we having performance issues? Darn, we lost client IP addresses Ouch, this is complex 12 NIL Data Communications 2012 Jump Straight into IPv6

Typical Steps IPv4 only NAT64 SLB64 Dual-stack servers Losing control of user experience Why are we having performance issues? Darn, we lost client IP addresses Ouch, this is complex IPv6-only servers with SLB46 13 NIL Data Communications 2012 Jump Straight into IPv6

Typical Steps IPv4 only NAT64 SLB64 Dual-stack servers Losing control of user experience Why are we having performance issues? Darn, we lost client IP addresses Ouch, this is complex IPv6-only servers with SLB46 IPv6-only data center with NAT46 14 NIL Data Communications 2012 Jump Straight into IPv6

Typical Steps IPv4 only NAT64 SLB64 Dual-stack servers Losing control of user experience Why are we having performance issues? Darn, we lost client IP addresses Ouch, this is complex IPv6-only servers with SLB46 IPv6-only data center with NAT46 No IPv4... in a universe far far away 15 NIL Data Communications 2012 Jump Straight into IPv6

Let Me Recap IPv4 only NAT64 in DMZ SLB64, IPv4-only servers SLB44, SLB66, dual-stack servers SLB46, IPv6-only servers NAT46, SLB66, IPv6-only servers IPv6 only How many migrations do you want to do in the next 5 years? 16 NIL Data Communications 2012 Jump Straight into IPv6

Let Me Recap IPv4 only NAT64 in DMZ SLB64, IPv4-only servers SLB44, SLB66, dual-stack servers SLB46, IPv6-only servers NAT46, SLB66, IPv6-only servers IPv6 only How many migrations do you want to do in the next 5 years? 17 NIL Data Communications 2012 Jump Straight into IPv6

Skip the Migrations: IPv6-Only Data Center Outside NAT46 Web servers App servers DB servers IPv6-only data center, NAT46 on the edge Source IPv4 address mapped into source IPv6 address Stateless L3-only translation (easy scaling and redundancy) End-to-end visibility is retained, no problems with SSL termination Can we do it? 18 NIL Data Communications 2012 Jump Straight into IPv6

IPv6-only Applications Some applications will never be IPv6- ready (ex: SNA applications in COBOL) Check back-end use of IP addresses Make sure you re using DNS names not IP addresses in your code Check IPv4 literals in your URLs Component Operating system Web servers Programming languages Databases Clusters Proxy servers Caching servers Load balancers IPv6-ready? You re running out of excuses ;) 19 NIL Data Communications 2012 Jump Straight into IPv6

State of Data Center Infrastructure Component Cisco Juniper HP Arista Brocade F5 Firewalls Load balancers Core switches Not on VDX ToR switches Don t trust me (or the vendors) do your own performance tests Big offenders: major virtualization vendors No IPv6-enabled virtual firewall (apart from ip6tables and VM appliances) No IPv6 support in VMware vshield or vcloud Director Hint: Microsoft warns against disabling IPv6 on Windows 2008 servers 20 NIL Data Communications 2012 Jump Straight into IPv6

Do We Have the Magic NAT46 Box? Short answer: not yet Implementation options: Stateless NAT64 routing challenges SLB46 with custom NAT rules per-session state TAYGA on Linux Outside NAT46 Data center 21 NIL Data Communications 2012 Jump Straight into IPv6

Sample IPv6-Only Web Site 22 NIL Data Communications 2012 Jump Straight into IPv6

Conclusions The path to IPv6-only data center is usually long and winding Reduce the number of migration steps Aim for early deployment of IPv6-only data center We re not there yet... but you ll never be unless you start moving 23 NIL Data Communications 2012 Jump Straight into IPv6

Special Thanks to Tore Anderson, the original author of the IPv6-only DC concept toreanderson.no/talks/ ripe64.ripe.net/archives/video/37/ ripe64.ripe.net/presentations/67-20120417-ripe64- The_Case_for_IPv6_Only_Data_Centres.pdf 24 NIL Data Communications 2012 Jump Straight into IPv6

Questions? Send them to ip@ipspace.net or @ioshints 25 NIL Data Communications 2012 Jump Straight into IPv6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information