Saturday, 16 July 2011

IPv6

 Well, this week I attended the IPv6 course provided by RIPE for LIRs. I hadn't really done any advanced reading or anything in particular before the course, so wasn't sure what to expect.

First a bit of background, at work we have IPv6 enabled on a lot of the network, and slowly progressing to get it tested and ready for deployment. On world IPv6 day we tried to prepare people within the organisation, but didn't really get very far, and I still believe that a lot of people in the company don't believe or think IPv6 is real, or something to be considered. I have to admit, I was a little like this, but know that I need to get up to speed pretty quickly on it!

So along I went to the RIPE course, and wow was I shocked. It was really hard work, and you have to almost totally change your point of view. I've dealt with RIPE and handling IPv4 address-space for around 8 or 9 years now, from my previous jobs where I setup an LIR, came up with address plans, administered the RIPE db. Basically the whole course was based around forgetting what you did with IPv4 and to change your way of thinking.

The main change, is when it comes to address preservation. Whilst you still only dish out what blocks you think are justified, etc, you don't worry as much about the number of IPs or subnets given out, and are encouraged to give out slightly more if you can see a requirement.

For example, the smallest allocation you give out is a /64. That equates to 18,446,744,073,709,551,616 (18 quintillion) addresses. So even for your router link or point-to-point connections, you assign those a /64. Thats probably the bit that I found most tricky to get my head around. Whereby you would normally assign a /30 in IPv4 as you only need the two usable IP addresses, in IPv6 you would assign the /64 and simply use 0000:0000:0000:0001 and 0000:0000:0000:0002 as the addresses (I haven't shortened those or anything, before the pedants point it out!). So apart from that big difference, you then get onto other things.

Such as, how many IP addresses would you give to home DSL users? Would you give them a /64 which you'd argue would be enough for them to never run out of. BUT look at it a different way. What if they wanted further networks BEHIND their link /64. So for example, they had a kitchen network, that their new IP-based fridge resides within, and that fridge has temperature sensors, proximity or other things. You'd probably put that into its own subnet, and then route that over your DSL /64 link network. So, perhaps you would give home users something like a /56 (which is what RIPE suggested), that lets them have 256 /64 networks at home, which again should be hugely over-planned, but would be sensible based around future needs (Think, home alarm systems on one subnet, smart water meters/electricity/gas, home automation, IP-based TV, etc)

The next struggle, is the actual addresses themselves. We're very used to the 4-quad addresses with IPv4, and generally a lot of people can remember these (well I certainly can, I can give out addresses for the company such as DNS, monitoring, core routers, etc, from memory). Well that isn't going to happen with IPv6, you might remember bits of the address but probably not all

Then, you get onto how are you going to implement IPv6 in your network. There are various 6 to 4 techniques, or methods of providing IPv6 space (6in4, 6to4, 6RD, NAT64, DS-Lite) these are all ways of implementing but without running natively. Ideally running dual-stacked is how you want to go, and thats how we're implementing at present, with the odd combination of 6to4 via Toredo when you're in an IPv4 only environment and want to tunnel and get to your IPv6 network. The other key thoughts are how to implement to your customers, as you don't really want to NAT64 or do evil tunneling to your customers, so really you want to work towards dual-stack on your customer connections and then allow the CPE to do IPv6 natively, that makes it clean, but then how do those clients get to somewhere thats only IPv4? You have to run some DNS tricks or otherwise allow them to get to the rest of the IPv4 world. Not simple!

There are lots more foibles and things to add to this, so this is just a starting point. I'll continue to add more as more comes along and as I test out and try out what I've learnt. Along with how to write IPv6 addresses, as there are various shortcuts. But for now all i need to remember is the Onyx IPv6 allocation of 2001:4dc0::/32 double colons indicate suppressing 0's in IPv6 space, so you can shortly the addresses! Neat.

 

No comments:

Post a Comment