Campus IPv6 Introduction - University of Wisconsin System

Download Report

Transcript Campus IPv6 Introduction - University of Wisconsin System

2008-09-26
IPv6 at the University
of Wisconsin
Hopefully 79,228,162,514,264,337,593,543,950,336
IP addresses will be enough for a while.
A subset of the UW IPv6 Task Force:
Dale W. Carder - DoIT Network Svcs.
Bob Plankers - DoIT Sys Engineering
Steve Barnet - IceCube
Agenda
• Quick overview & introductions
– Jurgen
• IPv6 Networking Crash Course
– Dale
• Technology issues
– Bob
• End-User issues
– Steve
• Questions
– Jurgen or Al, moderator
Why are we here?
- IPv4 resources, shared by campus,
are running out.
- IPv4 address space, shared by the
world, is running out.
- The need for the true, global,
unencumbered, end-to-end
connectivity we have today will
continue to exist.
What is this IPv6 thing?
• “Just another protocol”
–
(remember appletalk, decnet, ipx, etc?)
• A Method to continue to give all
internet endpoints a globally
unique address in the future.
• Not a drop-in replacement for
IPv4. In fact, it’s natively
incompatible with IPv4! (FAIL)
Addressing Structure
“96 more bits, no magic”
• IPv4 address
– 32 bits
– “dotted quad” format
– 128.104.181.26
• IPv6 address
– 128 bits
– hexadecimal format
– 2607:f388:e:100:217:f2ff:fe0a:bdf6
No Native Compatibility between the two.
IPv6 Subnet features
• All Subnets are the same, fixed size,
supporting a nearly “unlimited” number of
hosts.
• UW holds an ISP-size allocation, which
allows for theoretically 4 billion subnets.
• This means we can give “a lot” UW entities
“a lot” of subnets. One Example method:
2607:f388:0143:1001:0217:02ff:fe0a:bdf6
UW
Dept ID
Dept subnet ID
Host ID
IPv6 host addressing features
• Automatic address, based on MAC
address
–
–
MAC: 00:17:f2:0a:bd:f6
IPv6: 2607:f388:e:100:217:f2ff:fe0a:bdf6
• Static assigned addresses
- 2607:f388:ab:2ef::53
• “Privacy” addresses
- clients change address every day
• Shorthand notation
2607:f388:ab:2ef::1 equals
2607:f388:00ab:02ef:0000:0000:0000:0001
IPv6 / IPv4 coexistence
• Did I mention they are incompatible?
- However, you can run both at the same
time. This is called “Dual Stack”.
• An IPv6 enabled host checks DNS and
prefers using IPv6 when it can
> dig ricotta.doit.wisc.edu any
ricotta.doit.wisc.edu.
ricotta.doit.wisc.edu.
14340
10341
IN
IN
AAAA
A
2607:f388:e:100:217:f2ff:fe0a:bdf6
144.92.67.161
IPv4 / IPv6 Coexistence (cont)
• The most reasonable deployment
model for campus would be to run
dual stack.
• Hosts will need to run v6 to get
around NAT, or talk to regions of
the world without v4. This will
be critical for servers.
• Hosts will need to run v4
indefinitely to talk to “legacy”
v4-only hosts, applications, lab
equipment, etc.
DHCP & DNS in v6
• Hosts don’t have to use DHCP,
although it’s still useful to get
DNS server info via DHCP
• DHCP can still be used for static
host assignment.
• Since host IPv6 addresses are
messy, DNS will become more
important.
• You may want to consider using
dynamic dns from the dhcp server.
IPv6 on the UW network
today
• We have our address space, and a
preliminary allocation plan.
• Core routers are running v6 today.
• Some testing has occurred.
• Firewalling is a weak link.
• Integration into AANTS will take
some time.
End of dale’s content
• The next slides are stuff I
had lying around
• toss them or make new ones
• whatever
Why UW must adopt IPv6
at some point
• IPv6 will be the only method left
for true end-to-end connectivity
• Collaboration with entities beyond
North America
• To be competitive
• Business Continuity
IPv6 timeline
• Right now there are a few people
trying to reach us via IPv6.
• At some point, there will be
people who will only be able to
reach us via IPv6.
• IPv6 will probably be the only way
to ensure global reachability.
• Campus Backbone Ready
IPv6 Roadblocks
•
•
•
•
•
3rd Party Application Support
Numerous Backend Systems
Legacy Systems
Staff Training
Transition Issues
• Need to make IPv6 a Requirement on
all new Software/System
acquisitions.
IPv6 Planning
• Task force stuff
Other stuff
• Host support
- native support in MacOS,
Vista, Unixen
- it’s there, but not on by
default in XP
Security
• OMFG, really?
Steal more content
from the Michaels
• http://net.doit.wisc.edu/~dwc
arder/HARE-v6%202008-0827.pdf