APAN 24, August 28, 2007, Xi’an

IPv6Deploymentin European Academic

NetworksTim Chown

School of Electronics and Computer ScienceUniversity of Southampton (UK)

tjc@ecs.soton.ac.uk

APAN 24, August 28, 2007, Xi’an

Overview of Talk

• IPv6 deployment in backbone networks• Pushing IPv6 into campuses• Common deployment questions• IPv6 training and 6DISS• Conclusions

APAN 24, August 28, 2007, Xi’an

The 6NET era

• Until 2001, IPv6 deployment in Europe was largely through 6bone-style tunnels, very little native IPv6, or larger trials in site networks

• From 2002-2004 the EU funded a number of IPv6 R&D projects, most notably 6NET (see www.6net.org) and Euro6IX– 6NET focused on IPv6 in academic National

Research Networks (NRENs) and campus sites– Led to wide-scale native dual-stack IPv6

deployment by 2003 in GÉANT and the NRENs

APAN 24, August 28, 2007, Xi’an

IPv6 with GÉANT2

• Today GÉANT2 interconnects the NRENs– IPv6 unicast and multicast supported in the core,

using dual-stack (no IPv6-only networks)– The NRENs support native (unicast) IPv6 and

many support multicast IPv6 (see Stig Venaas’ talk later today)

– Thus the backbone IPv6 capability is good• Thus native IPv6 connectivity now exists:

– For new EU network research projects (e.g.u2010)– To allow interconnection of IPv6 campuses

APAN 24, August 28, 2007, Xi’an

IPv6 Campus Deployment

• The open issue is now deployment of IPv6 into university campus site networks– What are the drivers for deployment?– What are the common issues for those sites?

• To encourage IPv6 adoption, we need to be able to demonstrate positive benefits from deployment– IPv6-enabled university networks are still relatively

rare within the European NRENs– Some examples, like Greek school IPv6 network

APAN 24, August 28, 2007, Xi’an

IPv6 at Southampton

• At our university, we have deployed IPv6 in our computer science department– IPv6 dual-stack since 2003– Cisco routers (6509, 3750), over c.1,500 hosts– All key services (DNS, mail, web etc) enabled– Native connectivity to JANET via regional network– IPv4 service not adversely affected– Some aspects missing, but it works

• Students have developed new applications– E.g. peer-to-peer and multicast (TV/seminars)

APAN 24, August 28, 2007, Xi’an

Common Questions

• A number of common questions arise when speaking to campus administrators:– Why deploy IPv6 in the first place?– What addressing plans should be used?– How are IPv6 addresses managed?– What are the security implications?– What applications are there?– Which transition tools should be used?– Should IPv6-only be used?

• We’ll look at these in the next slides…

APAN 24, August 28, 2007, Xi’an

Why Deploy IPv6?

• Teaching and research?– A good driver, at least for CompSci departments

• Global address space?– Campuses have ample IPv4 address space today

(many have an old Class B /16 IPv4 allocation)– IPv4 allocation pool running out fast (by 2010?) so

an issue for new sites, or existing IPv4 NAT sites wanting public address space

– IPv6 is desirable to talk to other IPv6 networks• A concern is managing both IPv4 and IPv6

APAN 24, August 28, 2007, Xi’an

IPv6 Address Plans?

• How much and where from?– All European NRENs can offer a /48 allocation to

sites, so no problem getting public IPv6 address space for a campus network

• How to use a /48 address block?– Could create a new plan, or make IPv6 subnets

congruent with (the same as) IPv4 subnets– Can use a /64 for all links (no resizing required)

• Some discussion in an IETF draft:– See draft-ietf-v6ops-addcon-05

APAN 24, August 28, 2007, Xi’an

Managing IPv6 Addresses

• In IPv4 a mixture of manual and stateful address assignment (DHCP) is used

• IPv6 offers an additional option:– IPv6 Stateless Autoconfiguration

• Most campus managers prefer to have managed address allocation– Thus DHCPv6 will be important

• DHCPv6 implementations in early stages– ISC DHCPv6 support emerging now– Needs testing in real deployments

• DHCPv6 often still needed with autoconfiguration

APAN 24, August 28, 2007, Xi’an

Security Implications?

• What are the security concerns?• Need to have IPv6 equivalents

– Firewalls, IDS systems, VPN servers, etc• IPv6-specific concerns

– Use of transition tools (e.g. 6to4, Teredo)– New IPv6 features (e.g. NDP, IPv6 extension

headers – see yesterday’s talks)• These need work

– But no reason why they cannot be delivered– Open source firewalls are available

APAN 24, August 28, 2007, Xi’an

Applications?

• IPv6 capability in existing applications?– Core services supported (open source)– Commercial applications missing (e.g. Outlook/Exchange)

• Are there new ‘killer’ applications?– New peer to peer, file sharing systems, etc– Application development simpler– Multicast easier to deploy (see Stig’s talk)– Mobile hosts and networks better supported– Large scale networks (e.g. sensors)

• Benefits have yet to be realised (‘chicken and egg’)

APAN 24, August 28, 2007, Xi’an

Transition Tools?

• The IETF has defined many transition methods (12-15 to draft/RFC status)– Based on dual-stack, tunnels or translation techniques

• Currently recommended to run dual-stack– Which may be IPv4+NAT with global IPv6– Avoid use of internal transition tools (ISATAP, etc)

• Ideally use native connectivity to NREN– Otherwise use manually configured IPv6-in-IPv4 tunnel or

tunnel broker for site connectivity– 6to4 generally not reliable for enterprise use

• Only a small subset of tools are actually needed

APAN 24, August 28, 2007, Xi’an

Run IPv6 only?

• Some sites have asked about running IPv6 only• Possible to do

– e.g. Tromso CompSci department in Norway– Uses translation tools (TRT) to access IPv4 networks– But many commercial IPv6 applications missing, so

generally must use open source applications only– Also, some operating systems lack support for IPv6

transport for certain services (e.g. DNS lookup)– DHCPv6 implementations still emerging

• So still recommending dual-stack– But only works while IPv4 address space remains, or using

IPv4+NAT for dual-stack

APAN 24, August 28, 2007, Xi’an

IPv6 Training

• The importance of training should not be underestimated– For both management and operational staff– Two quite different audiences and messages to deliver

• Some 6NET participants took part in the EU-funded 6DISS project (www.6diss.org), which runs from 2004-2007– Provides a continuation of knowledge and experience

gained in 6NET– Principally targeted at developing regions

• 6DISS supports training and deployment activities

APAN 24, August 28, 2007, Xi’an

6DISS Activities

• The 6DISS project has supported:– Development of e-learning material – Freely available slide sets for training– Delivery of IPv6 (hands-on) workshops– A remote test laboratory (high-end routers)– Train the trainer events– Helpdesk functions– Production of various white papers– All available via project web site (www.6diss.org)

• A deployment-oriented follow-up project is being planned

APAN 24, August 28, 2007, Xi’an

Conclusions

• Backbone NREN networks run native IPv6– Many have done so since at least 2003

• Penetration into campuses is generally (very) low• Need to show that the benefit of deploying IPv6

outweighs the administrative and financial costs– Look for opportunities/possibilities, not excuses

• A number of common questions from administrators– Most can be answered– Some areas for further work (esp. security)

• Early adopters have demonstrated feasibility– Sharing experience is very important