Here’s how to start IPv6 migration >> APIs will transform ...

Next >> Next >>

Here’s how to start IPv6 migration >>

APIs will transform IT management >>

EMC battles NetApp for unified storage >>

Table of contents >>

PLUS

networkcomputing.com

FEBRUARY 2011

VPLS and Cisco OTV can transform wide area connections. Which is right for you?

By Jake McTigue

Next

Switch To IPV6IPv4 is over. Now’s the time to lay thegroundwork for an orderly transition to IPv6,and we’ll help you get started. p.13

NETWORKCOMPUTING.COMInterop Las VegasGet up to speed on IT innovations in security, cloudcomputing, virtualization, and more at Interop Las Vegas,May 8-12interop.com/lasvegas

Cloud ConnectLearn how to take your next steps in cloud computing,including security, at Cloud Connect in Santa Clara, Calif.,March 7-10cloudconnectevent.com

IN-DEPTH REPORTSIT Pro Ranking: Data Center NetworkingYour peers evaluate core networking gear from Cisco,Brocade, HP, and morenetworkcomputing.com/dcnetwork

IT Pro Ranking: Alternative Client DevicesFrom tablets to netbooks to thin clients,we identify top vendors and key featuresnetworkcomputing.com/altclient

2011 Backup SurveyWe surveyed 420 IT pros on new backup technology,virtualization, and morenetworkcomputing.com/backup11

COLUMNSPreambleData center automationand integration shouldget easier with APIs p.3

DatagramEMC catches up toNetApp with newproducts that unite NAS and SAN p.4

CONTACTSEditorial and Business Contacts p.18

February 2011 2networkcomputing.com

C O N T E N T SPrevious Next

Next-Gen WANNew services such as VPLSand Cisco’s OTV cantransform your WAN. Wedig into the pros and consof these technologies. p.5

COVER STORY

February 2011 Issue 7


IN THIS ISSUE

Building WAN 2.0 >>

How to switch to IPv6 >>

APIs and IT automation >>

What “unified storage” means >>


PREAMBLE

On a recent trip to Silicon Valley, I had theopportunity to see demos of products includ-ing Cisco’s UCS, Juniper’s Junos Space (a net-work application platform), and Hewlett-Packard’s Intelligent Management Center.What struck me most about all three productsis how much emphasis the vendors put on de-veloping APIs, both for internal use and third-party integration. APIs, and by extension inte-grated products, are going to become muchmore important in your buying decisions.

Cisco, Juniper, and HP aren’t the only equip-ment vendors making their products program-mer-friendly. Arista and Extreme, for example,have APIs and scripting on their equipment.What’s important is that the managementmethods we’re accustomed to—closed man-agement systems, screen scraping (which is er-ror-prone and brittle), and SNMP (which sup-ports only a small subset of switch features andhas poorly written MIBs)—are being replacedby more robust and programmer-friendly inter-faces. These APIs open new opportunities for ITto integrate and manage infrastructure.

To succeed, however, the APIs have to ex-

pose most, if not all, of the switch configura-tion parameters in a way that is programmat-ically simple, reliable, and flexible. That hasn’talways been the case. In my experience, thething I needed to use most on a switch wasthe feature that wasn’t supported by the API.This means the next time you refresh your in-frastructure, you, or someone who under-stands programming, should dig into the APIdocumentation and see what’s covered. Evenif you don’t do any custom integration, goodAPIs make it easier for your vendors or VARs tointegrate their products and services.

APIs For AutomationLanguage-agnostic APIs such as RESTful in-

terfaces are the most flexible because you canchoose the language to implement the clientside of the exchange easily, but it’s up to youto build the low-level state changes and re-sponse codes. By contrast, API libraries deliv-ered from the vendor perform most of thelow-level work for you, but you’re restricted tothe languages the vendor supports.

APIs matter because they open up a world

of automation and management that wouldotherwise be difficult to assemble. For in-stance, one of the more powerful features ofUCS is the stateless nature of the UCS hard-ware and how it’s configured programmati-cally. You can use an API to dynamically definethe hardware, including BIOS version, settings,boot order, World Wide Names, MAC ad-dresses, and other options.

Few data centers are truly single-vendorshops. You may standardize on single-switchor server platform, but no vendor has every-thing you need to run a data center. At thesame time, there’s growing demand for IT toprovision resources faster. Spinning up a VMis just one aspect. The VM has to be broughtup on a hypervisor with available computepower and networking, the application mayhave to be load balanced, and any number ofother steps may be required. The more open,simple, and robust the APIs, the easier prod-uct integration will be.

Mike Fratto is editor of Network Computing. Write to him [email protected].

Mike FrattoAPIs Will Spearhead IT Automation

SubscribeSubscribe

It’s Time To Go Pro!

Network Computing Pro offers detailed research reports that tellyou why and how your peers areadopting emerging technologies.Get more than 400 reports now,plus new ones every week aimedat your IT needs. Subscribe for $199 per year.

Previous Next


IN THIS ISSUE

Building WAN 2.0 >>





DATAGR AM

Enterprise storage providers have long pro-duced single-task devices that did one thingwell. NetApp was king of the NAS space, andEMC ruled the enterprise SAN market. Mostsmaller applications made do with direct- attached RAID shelves.

But then a funny thing happened: iSCSI. Sud-denly, NetApp had a convincing SAN alterna-tive that used commodity Ethernet and PCprocessor hardware. NetApp also found it hada unique differentiator: Its SAN and NAS stor-age systems shared the same hardware andcode base, and could be managed from thesame interface. Thus was born the concept ofunified storage.

Customers appreciated the idea that theycould reallocate resources between the SANand NAS components, and that the same man-agement interface could be used for both. Al-though few companies actually repurposedstorage this way, unified storage became therallying call of the NetApp marketing machine.With Fibre Channel, NAS, and iSCSI all sharingthe same code base and hardware, NetApp became a one-product company.

The unified storage marketing messageworked so well, in fact, that many of NetApp’scompetitors came out with their own so-called unified products.

Some were truly monolithic products offer-ing both SAN and NAS, while others were bun-dles of existing SAN hardware with a NASfront end. Some offered a single interface forconfiguration, monitoring, and management,while others used separate point products foreach of these tasks.

Predictably, this set off a storm of protestfrom NetApp marketing regarding the defini-tion of the term “unified storage.”

What’s In A Name?But the buyers of these systems don’t really

care about definitions. What they care aboutis their experience selecting, purchasing, op-erating, and supporting a storage system.Cobbling together a SAN and NAS storagesystem from two different products—eachwith its own management interface, idio -syncrasies, and hardware—isn’t the kind ofunification that end users want.

The centerpiece of EMC’s recent productlaunch is the new midrange VNX and VNXe ar-rays. These are an evolution of the old Celerra-Clariion NAS and SAN product line, and EMCis pitching them as a unified product.

Through some under-the-hood magic, theVNX runs both Celerra Dart and Clariion Flarestorage stacks within a single storage con-troller. Users will purchase a single piece ofhardware and interact with it through theuser-friendly Unisphere management inter-face, so most will find this an acceptable alter-native to NetApp’s offerings.

Arguing over the definition of a term likeunified storage is worthwhile as long as sub-stantial differences in the experience of endusers exist. Once systems like the new EMCVNX become sufficiently integrated, however,such discussions become academic. NetAppenjoyed a decade of dominance in the unifiedstorage space, but EMC has finally produced acredibly unified product.

Stephen Foskett is principal consultant at Foskett Services.Write to us at [email protected].

Stephen FoskettNetApp, EMC, And ‘Unified Storage’

Previous Next


IN THIS ISSUE

Building WAN 2.0 >>





New technologies such as VPLS and OTV can extendEthernet over the WAN. We help you identify the best path.

Most IT pros support employees scattered all over the map: 90%of respondents to our recent InformationWeek Analytics Next Gen-eration WAN Survey have three or more branch and remote officesites that connect to a central location. Of those, 43% support 16or more sites.

WAN connections are lifelines for far-flung enterprises. They ensurethat business-critical apps are delivered, run voice and data traffic,support backups, and more. While IT has a range of choices for pro-viding robust WAN connectivity, two new options have emerged: Vir-tual private LAN service (VPLS) and Cisco Systems’ Overlay TransportVirtualization (OTV). Both services let companies extend Ethernet

[COVER STORY]Previous Next

ByJake

McTigue

from the LAN to the WAN and enable new busi-ness continuity and disaster recovery options,including the ability to redirect clients on thefly if a primary application server goes down.

We’ll drill into the pros and cons of VPLS andOTV and see how these competing technolo-gies compare.

Ethernet ExtensionBoth VPLS and OTV are capable of extend-

ing Layer 2 Ethernet outside of the data cen-ter. But why would IT want to do this? In gen-eral, because we need to consolidate networkservices across a single Layer 2 Ethernet do-main, and we’re very comfortable using Eth-ernet to provide applications and data serv-ices to users. Expanding the Ethernet domaincan help streamline deployment and provi-sioning of services to branch and remote of-fices by using familiar protocols and tools.

A second value of Ethernet extension is theability to redirect MAC addresses to differenthosts on the LAN, which is supremely usefulfor business continuity and disaster recovery.By building intelligence into Layer 2 MAC ad-dresses, you can make IP addresses at Layer 3portable by controlling which MAC addressbelongs where. This way, by scripting failoverevents in the Ethernet extension equipment,


IN THIS ISSUE

Building WAN 2.0 >>





Get This And All Our Reports

Become a Network Computing Prosubscriber and get our full report,“Next-Gen WAN Options.”

This report includes 34 pages ofaction-oriented analysis, packedwith 19 charts.

What you’ll find:

> Detailed analysis of VPLS and OTV

> Survey results on current andfuture WAN deployments

> Discussion of MPLS, FTTN,SONET, and more

DownloadDownload

Previous Next

Building Trust Around The Globe

When you want to establish trusted relationships

with anyone, anywhere on the internet, turn to Thawte.

Securing Web sites around the globe with:

• strong SSL encryption

• expansive browser support

• multi-lingual customer support

• recognized trust seal in 18 languages

Offering outstanding value, Thawte is for those

who know technology. Secure your site today

with a Thawte SSL Certificate.

www.thawte.com

© 2010 Thawte, Inc. All rights reserved. Thawte, the Thawte logo, and other trademarks, service marks, and designs are registered

or unregistered trademarks of Thawte, Inc. and its subsidiaries and affiliates in the United States and in foreign countries. All other

trademarks are property of their respective owners.

BUILDING WAN 2.0 [COVER STORY]

you can control where a given server appearsto be, and transparently redirect clients tofailover equipment in the event of an outage.For example, say a critical application serverin the Dallas data center goes offline. Clientscan be sent automatically to a server at a sec-ondary site in San Antonio. Note, however, thisrequires expertise in the network engineeringarena, be it VPLS or OTV. Ethernet extensionwon’t make the nuts and bolts of transpar-ently redirecting traffic easy, but it can makeit possible. For more on this, see the February2010 Network Computing digital issue.

Ethernet extension also makes it possible touse products such as VMware’s Storage vMo-tion across a WAN. Storage vMotion can mi-grate virtual machine disk files from onephysical storage array to another without in-terrupting use of the machine. However, be-cause vMotion requires interconnectivity onthe same subnet, Layer 2 Ethernet extensionsare needed to move disk files across the WAN.

Also, Ethernet extension is only one require-ment for Storage vMotion. You’ll need plenty ofbandwidth, too. Storage vMotion requires atleast 622 Mbps between storage volumes. Al-though an overlay such as OTV is transport-ag-nostic and can run on any type of storagemedium, 622-Mbps connectivity speeds are apt


IN THIS ISSUE

Building WAN 2.0 >>





Previous Next

WHAT’S t he BUS INESS PROBLEM?

Copyright © 2011 Qwest. All Rights Reserved.

THREATS TO SECURITY

the QWEST SOLUTION: As network attacks become more sophisticated, you

need to stay vigilant. And Qwest can help. From secure VPN access to intrusion

prevention, Qwest has an entire suite of security solutions to protect you, your

business and your critical data. Solve more problems at qwestsolutions.com.

THREATS SECURITYSECURITY



IN THIS ISSUE

Building WAN 2.0 >>





to be expensive, even in Metro Ethernet config-urations. This type of configuration would re-quire an OC12 carrier at 622.08 Mbps to satisfybandwidth requirements for Storage vMotion.

The monthly bandwidth costs are likely tobe substantially higher over five years thanthe costs of simple SAN-based block-level in-cremental replication and bandwidth consol-idation. Still, if being able to migrate a virtualmachine between data stores without inter-rupting service is a business-critical require-ment, Ethernet extension will be a necessarypart of the solution.

Our survey results show that companieshave a keen interest in VPLS and OTV. Whenwe asked if respondents are consideringnewer WAN services such as these, 43% saidyes. The top driver is to improve general WANperformance. As you’d expect, wringing bet-ter performance out of mission-critical appli-cations also drives interest in these services,as does ensuring the quality of IP voice and

video links and meeting disaster recovery andbusiness continuity requirements.

Evaluating VPLSVPLS is an overlay technology that can be

used to create a multipoint-to-multipoint ex-

tended Ethernet domain. VPLS is most com-monly deployed on an MPLS backbone, but italso can run on top of L2TP or even old-schoolGRE, though it will take some additional effort.Unlike a conventional MPLS VPN, which estab-lishes one label switched path (LSP) in each di-

BUILDING WAN 2.0 [COVER STORY]Previous Next

Data: InformationWeek Analytics Next-Generation WAN Survey of 334 business technology professionals, November 2010

IP VPN

MPLS

Carrier Ethernet

Dark fiber on copper

Frame relay

VPLS

In use Plan to use within 12 months Plan to use within 24 months

82%

58%

14%

30%

34%51%

3% 1%

9%

10%

3%

5%

50% 41%

54%43%

5%

2%

4%

58%30% 4% 8%

No plans

1%

What WAN Services Do You Have In Use Or Planned For Use?


IN THIS ISSUE

Building WAN 2.0 >>





rection over a private carrier network (and shouldn’t beconfused with an IPsec VPN), VPLS functions in an any-to-any configuration. Because of this, VPLS requires fullmesh connectivity to support Ethernet extension.

VPLS networks perform autodiscovery to find otheredge routers within the same VPL identifiers, and thenuse signaling to set up a pseudowire, which emulatesa Layer 2 data link over a packet-switched network. Be-cause pseudowires generally are built over LSPs, fastreroute capabilities guarantee that an inactive LSP willbe switched on in milliseconds should the primary fail.

One caveat: This configuration requires a great dealof memory at edge devices in large deployments.That’s because each edge router must know aboutevery other MAC address on the network. Keeping

15,000 MAC addresses in memory could easily satu-rate standard edge routers.

That said, VPLS is the king of internetworking proto-cols—and the protocol Cisco is competing againstwith its OTV. Because VPLS creates a single Ethernetdomain over a robust back-end infrastructure, it’s easyto move large volumes of data with precision via traf-fic-shaping policies. It’s also easy to dynamically redi-rect IP addresses from geographic site to geographicsite, enabling distributed automatic failover.

However, VPLS isn’t for everyone. It requires top-endrouters and large SONET carrier links. VPLS configu-rations also are complicated to set up and use multi-ple protocols to deal with architectural limitations,which means a dedicated network team is a must for


VPLS vs. OTVCISCO OTV

Improves network utilization and bandwidth capacity

Supports native multihoming of sites

Supports VMware Storage vMotion

Can run over any Layer 2 connection

Expensive to deploy

Requires Cisco Nexus 7000 switches at each site

Requires extensive memory in edge devices

Proprietary protocol

VPLS

Supports large volumes of data movement

Enables dynamic redirect of IP addresses for BC/DR

Supports VMware Storage vMotion

Standardized protocol

Expensive to deploy

May require dedicated staff to operate

Requires extensive memory in edge devices

Best suited for use over MPLS network

Pros

Cons

February 2011 9


IN THIS ISSUE

Building WAN 2.0 >>





production deployments. Because of the re-quired equipment, connectivity, and staffingdemands, VPLS is rarely deployed outsidelarge enterprises, unless the requisite config-uration and maintenance is farmed out to aprovider’s network management team.

Watching OTVOTV is a new technology from Cisco Sys-

tems that, like VPLS, extends Ethernet acrossdiverse transport mechanisms. OTV works on

top of an existing backbone (such as SONETor MPLS) by encapsulating Ethernet framesand routing them via IP.

For OTV to work, Nexus 7000 switches mustreside at each site; they communicate to forma control plane. Once this is complete, trafficheaded from one site to another is encapsu-lated and routed across the intervening IP in-frastructure. OTV accomplishes this routingdynamically by pairing MAC addresses withnext-hop IP addresses. Because OTV is capa-ble of performing this dynamic routing off theshelf, it doesn’t require ancillary protocolssuch as Border Gateway Protocol (BGP) to per-form discovery between edge routers at dif-ferent sites, the way VPLS does.

OTV works over any sort of transport proto-col, while VPLS is designed primarily for MPLS.This means OTV allows for more flexibility inthe underlying WAN circuits.

For example, a company with two large datacenters and dozens of remote sites mightelect to use MPLS between data centers andfiber to the node (FTTN) for branch offices,with OTV running on top of all those links. Thiscreates a single Ethernet domain with inex-pensive branch-office links and high-capacityinter-data-center links, while still supportingdynamic IP address movement.

Furthermore, OTV supports native multihom-ing of sites, while VPLS requires secondary pro-tocols like BGP to meet the same standard.Even with BGP, VPLS can’t aggregate dataacross inactive LSPs, while OTV supports all ac-tive multihoming topologies. In multihomedconfigurations, OTV natively load balancesflows across multiple edge devices. In this area,OTV brings definite benefits over an “equiva-lent” VPLS configuration by providing improve-ments in utilization and bandwidth capacityvia better management of inactive links.

While VPLS can provide nearly the samelevel of functionality as OTV, it’s generally


Data: InformationWeek Analytics Next-Generation WAN Surveyof 334 business technology professionals, November 2010

3 to 5

1 or 2

22%

17%

16 ormore

6 to 1011 to 15

10%

43%

8%

Connected To Home BaseHow many branch or remote office sites connect to your headquarters or primary data center?


IN THIS ISSUE

Building WAN 2.0 >>





necessary to inject additional complexity intothe VPLS network to achieve this. For in-stance, while OTV natively supports hugenumbers of edge devices and multiple VLANsper overlay, accomplishing the same goalwith VPLS requires BGP signaling, hierarchicalVPLS, or QinQ aggregation, which injects sig-nificant complexity (and support costs) intothe mix.

Thus, OTV offers equivalent functionalitycompared with VPLS plus greatly reducedcomplexity, which will translate into cost sav-ings in deployment and ongoing manage-ment. In addition, because of its transport-ag-nostic design, OTV pilot programs can run ontop of existing routed networks without im-mediate redesign, allowing companies to trythe technology without making sweepingchanges to their network architectures.

Yet OTV’s compelling capabilities comewith red flags. Most importantly, OTV is a fea-ture of NX-OS, the operating system thatruns on Cisco Nexus 7000 switches. UnlessCisco decides to release an operating systemupgrade for its 6000-series switches, you’llhave to replace older (yet reliable) switcheswith expensive Nexus 7000 equipment atever y site you want to include in the extended Ethernet domain. In addition to

Previous Next

One-touch access to InformationWeek.

Hand-picked content from the editors, including today’s top stories and breaking news.

Easy, fast navigation.

THE BUSINESS VALUE OF TECHNOLOGY

100% free. Try it today.

What you need to know. Now. InformationWeek on the iPad™

Sponsored by:



IN THIS ISSUE

Building WAN 2.0 >>





the investment, you’ll also be replacingsome of the most important equipment inthe data center—always a dicey proposition,because mistakes made during the change -over will have a direct impact on essentialnetwork traffic.

OTV is also a proprietary implementation—which will come as no surprise to Cisco cus-tomers. The company has a long history ofdeveloping proprietary protocols at all lay-ers of its stack. Cisco says a request for com -ments is in the works, but until OTV is sub-mitted to a standards body, the technologyis in Cisco’s hands. This raises the ever-vex-ing question of whether it’s worth imple-menting proprietary technology in a marketthat’s becoming increasingly open and stan-dards-based.

Finally, there are architectural ramifications.First, by extending Ethernet across large net-works, such as those with 5,000 or morehosts, the MAC address space becomes verycrowded. While this is a liability attached toextended Ethernet in general, OTV’s global-ized Ethernet scheme exacerbates the funda-mental problem of locality. Ethernet was justnot designed to scale to the level we’re dis-cussing. For an Ethernet topology like this towork, MAC addresses must be learned at all

sites, the same way they are with VPLS, whichmeans you must deploy top-end equipmentat all nodes of the network. OTV does, how-ever, handle broadcast traffic natively by con-fining it to its local domain, a problem in VPLSdeployments.

Cisco’s answer to the MAC problem: Seg-ment traffic into VLANs and carry those VLANsonly to sites where they’re relevant. It’s a rea-sonable fix, but it will get you only so far.

Finally, because you build OTV on top ofwhatever links you’re currently using, there isno guarantee of a service-level agreement orquality of service unless such guarantees are

made with the carrier that provides the links.Without SLAs or QoS in place, your next-gen-eration Ethernet domain may not be as ro-bust as you’d like.

The Way ForwardGiven the number of WAN connectivity op-

tions and services available to IT, picking thebest solution is more a matter of identifyingyour needs and then matching those needsto the capabilities of a service, rather than sim-ply buying the “best” system on the market.Take care to understand all your requirementsbefore choosing a service.

When it comes to VPLS vs. OTV, companiesthat are strongly invested in Cisco and alreadyhave Nexus upgrades on the drawing boardare the obvious candidates for OTV adoption.The reduced complexity of deployment andongoing management also sweetens the dealfor these shops.

Companies without a strong commitmentto the Nexus line should give VPLS a closelook. VPLS also may have more appeal tothose that have adopted MPLS for networkconnectivity.

Jake McTigue is the IT manager for Carwild Corp. Write to usat [email protected].


Data: InformationWeek Analytics Next-Generation WAN Surveyof 334 business technology professionals, November 2010

31%

43%26%

Don’tknow

Yes

No

4

Is Your Company Deploying Or Considering A Newer WAN Solution?


IN THIS ISSUE

Building WAN 2.0 >>




Table of contents >>By David Greenfield

IPv4 is exhausted,

but don’t panic.

Here’s your plan for

an orderly transition

to IPv6.

Previous Next

IPv4 addresses have officially run out. Enter IPv6, whichvastly expands the pool of available addresses. The arrival ofIPv6 means that companies must undertake the changeoverbetween the two protocols. The question is when.

“If you don’t have a solid business driver, don’t [deployIPv6],” says Jerry Johnson, CIO of the Pacific Northwest Na-tional Laboratory and himself an IPv6 adopter. “If I had a smallbusiness, I would be leery about stepping into IPv6.” PacificNorthwest is a national laboratory involved with a number ofIT projects, including smart-grid development.

Johnson’s sentiment reflects that of many experts. Most or-ganizations can delay turning on internal IPv6 routing for an-other year if not more, writes Gartner analyst David Willis in areport, “IT Market Clock For Enterprise Networking Infrastruc-ture, 2010.” “Enterprises should plan to provide limited inter-nal IPv6 support by 2012, especially if they plan a broad moveto Windows 7,” Willis writes.

Still, having an adoption deadline a year or more away doesn’t mean IT can ignore it for now. To ensure a smoothtransition, plan now how you’ll address the migration. Themost likely scenario is that enterprises will run dual IPv4

[IPV4 TO IPV6]

Get This And All Our Reports

Become a Network Computing Prosubscriber and get our report,“Deploying IPv6: Gateway To TheNext-Gen Internet.”

This report includes 22 pages ofaction-oriented analysis andthree real-world case studies.

What you’ll find:

> Pros and cons of NAT64 andother IPv4/IPv6 bridges

> Action plans for migration

> Technical design considera-tions for your network

DownloadDownload


IN THIS ISSUE

Building WAN 2.0 >>





and IPv6 systems for the next several years, partic-ularly as they refresh network gear and operatingsystems. So IPv6 compatibility should be a part ofyour criteria for new equipment and software pur-chases. In fact, IPv6 may already be available in yourLAN. Many switches and routers are IPv6 compati-ble. Windows 7 and Windows Server support IPv6,as does Linux.

The other good news is that the migration doesn’thave to happen all at once. Companies should prior-itize their IPv6 deployments. First, ensure Internet-fac-ing equipment is IPv6 compatible. Then enable rout-ing and switching infrastructure gear to run bothIPv4 and IPv6 (known as a “dual stack” architecture).Pay particular attention to the WAN infrastructure:services must be IPv6 compatible—or at least, yourproviders should be able to articulate IPv6 migrationplans. Appliances connecting to those services, suchas WAN optimizers, will also need to be IPv6 compat-ible if they’re to continue to enhance WAN perform-ance. Next come intranets. The last step is enablingnative IPv6 access to the desktop.

Y2K All Over Again?The transition to IPv6 will require an IT effort on the

scale of Y2K. That’s the bad news. The good news isthat it doesn't have a hard-and-fast deadline like Y2K.This is apparent in adoption of IPv6 on the Internet,which has been growing steadily but slowly. In 2008,

a little more than 3% of autonomous systems, whichare routing domains on the Internet, announced IPv6routes. Last year that reached nearly 8%.

Within the enterprise, you have some breathingroom. The primary reason is that most addressingwithin companies today is private, so the exhaustionof IPv4 should have comparatively little impact on in-ternal operations in the immediate future. This freesIT to consider how migration will affect Internet-fac-ing operations, the network, and applications.

The changes wrought by the switch from IPv4 toIPv6 are substantial, starting with the protocol itself.IPv4 addresses are 32-bit. By contrast, IPv6 uses 128-bit numbering. This allows for a vast increase in avail-able addresses (from approximately 4.2 billion underIPv4 to 340 undecillion with IPv6). However, thischange will force companies to review how theymanage IP address assignments. The sheer length ofIPv6 addresses means databases will need to be up-graded so they can support native addresses incanonical form. The use of spreadsheets and manualmanagement of IP assignments, which was feasiblewith IPv4, will need to be reassessed as IPv6’s 128-bitnotation is hardly human-friendly. IP address man-agement software, from vendors such as Infobloxand BlueCat Networks, often optional with IPv4, be-comes increasingly important with IPv6.

Similarly, IT organizations will have to rethink howthey assign and resolve their IP addresses. While IPv4

Previous Next [IPV4 TO IPV6]

February 2011 14

required DHCP to assign IP addresses, IPv6can configure addresses without it. However,IPv6 autoconfiguration is limited to assigningjust IP addresses, but not any of the other el-ements that can be assigned by DHCP, such asDNS domains, DNS server addresses, and timeserver addresses. Likely, IT organizations willwant to use IPv6 in conjunction with DHCP’slatest version, DHCPv6.

As for address resolution, the DNS infrastruc-ture will need to be equipped to deliver bothIPv4 (A Records) and IPv6 (AAAA Records)name resolution for the foreseeable future.This means populating DNS records with IPv6addresses along with existing IPv4 addresses.The DNS host must be able to offer the appro-priate address to clients, and the clients mustbe able to use those addresses.

IPv6 also requires changes that extend be-yond the network layer stack and affect theOSI model up to, but not including, the appli-cation layer. New versions of TCP (TCP6) and

UDP (UDP6) must be loaded on clients. Re-solving an IP address into a MAC address waspreviously done with the Address ResolutionProtocol (ARP); for IPv6, that same processmust now be done with Internet Control Mes-sage Protocol version 6 (ICMPv6).

Each of those layers must be evaluated andtested with the IT organization’s applicationset to ensure compatibility. The same holds

true for operating systems. Though Windows7 supports IPv6, IT organizations should usesimple tests, such as PING and FTP, to makesure the entire stack, DNS, and DHCP operate appropriately.

Similarly, the process of managing andtroubleshooting an IPv6 network will requirea new set of tools—or at least new versionsof old ones. Check your existing crop of ad-ministration and maintenance tools to besure they’re IPv6 compatible, or will be bythe time you’re ready to start IPv6 deploy-ments in earnest.

Network Performance ChallengesIPv6 adoption and migration will require se-

rious effort at the network level. The goodnews is that Layer 2 equipment can remainuntouched in an IPv6/IPv4 world for the timebeing. Ethernet switches will pass IPv6 pack-ets as they do IPv4 packets today.

But Layer 3 equipment—routers, Layer 3


IN THIS ISSUE

Building WAN 2.0 >>





[IPV4 TO IPV6]Previous Next

IPv432-bit address space

4.2 billion addresses (approximately)

Final addresses assigned Feb. 2011

IPv6

128-bit address space

340 undecillion addresses (3.4x1038)

Native support in Windows 7/Server 2008

IPv4 And IPv6 At A Glance


IN THIS ISSUE

Building WAN 2.0 >>





switches, firewalls, and the like—must haveIPv6 implemented. Aside from the support forTCP6 and UDP6, equipment will need ICMPv6,not ICMP. Of course, not every change will beneeded in every piece of equipment, andsome will be dual stack already. Regardless, ITmust verify network compatibility with thesoftware architecture.

Pay particular attention to performance.Testing conducted at University KebangsaanMalaysia by Dr. Rosilah Hassan and KhairilSailan Mohd showed there was about a 1%performance difference between IPv4 andIPv6. Part of this might come back to howvendors implement IPv4 and IPv6 stacks. TheIPv6 stack is generally being supported infirmware, but not yet optimized in silicon,says Pacific Northwest National Laboratory’sJohnson. The firmware migration is an initialstep, but significant deployments of IPv6may require a hardware upgrade if IT organ-izations find the performance difference af-fects service levels.

Another potential issue is that the 40-byteheader of IPv6 is double that of IPv4. This maysignificantly increase the overhead of runningapplications that use small packets, such asvoice and video, says David Hughes, CTO of Sil-ver Peak Systems, a provider of WAN optimiza-

tion equipment. Hughes says his equipment of-fers header compression to address this prob-lem, but only when IPv6 traffic is tunneled in-side IPv4 packets. As of press time, the onlyWAN optimization vendor that claimed to op-timize native IPv6 traffic was Blue Coat Systems.It’s likely other vendors will soon follow suit.

Applications And TunnelingApplications themselves may also be af-

fected by the change to IPv6. MySQL, for ex-ample, has been reported to have problemswith IPv6, as has Outlook Express. Often, ap-plication protocols reference IP addresses, andso will require new versions of those applica-tions for IPv6. Enabling applications to workin an environment that will need to supportIPv6 and IPv4 addresses will, in most cases, call

for a dual-stack architecture. In this approach,one host—typically the server hosting the ap-plication—runs both IPv4 and IPv6. A dual-stack architecture will ease migration as exist-ing clients can continue to run IPv4 addresses,but it positions the IT organization to supportnew clients equipped with IPv6.

A dual-stack architecture will be very usefulfor companies that use applications that relyon Session Initiation Protocol, such as someVoIP systems. SIP softphones are compatiblewith IPv6, but handsets pose a much biggerchallenge, according to Timothy Winters, asenior manager at the University of NewHampshire InterOperability Laboratory, whichis accredited by the National Institute of Stan-dards and Technology, to perform IPv6 com-pliance testing for the U.S. government. Byrunning a dual-stack architecture, organiza-tions can ensure that SIP connections can bemade whether the client on the other end ison IPv4 or IPv6.

Another approach to ensuring that clientswill be able to interact is to run the IPv4/IPv6communications through a translation device,such as NAT64 or NAT-PT (though the IETFsays NAT-PT is no longer desirable “as a gen-eral-purpose translation mechanism”). There’sless migration complexity because clients can


1. Start with Internet-facing systems

2. Implement dual-stack v4 and v6 routers and switches

3. Ensure providers’ WAN services and yourWAN appliances are IPv6 compatible

4. Migrate intranets and user devices

4 Steps To IPv6 Prioritization


IN THIS ISSUE

Building WAN 2.0 >>





connect to the translation device using eitheran IPv4 or IPv6 stack, but this approach can in-troduce challenges. Of particular concern ishow it might break peer-to-peer applications,which require special encapsulations, atten-tion to binding lifetime, and provision ofkeepalives to function properly through aNAT device.

IT architects also can use tunneling to con-nect IPv6 systems. In this scenario, IT enables

IPv6 nodes, usually edge routers, to connectwith other IPv6 routers across an IPv4 net-work. In tunneling, edge routers wrap IPv4packets around IPv6 datagrams so the data-grams can travel across an IPv4 network.

A number of approaches have been pro-posed for tunneling. For example, RFC 3056,also known as 6-to-4, is normally used for site-to-site tunneling, allowing IPv6 sites to com-municate with one another without explicittunnel setup and with minimal router config-uration. However, each router must beequipped with a tunnel broker to create thetunnel, as defined in RFC 3053. Hurricane Elec-tric offers a tunnel broker service for connect-ing to the IPv6 Internet. Other mechanisms include Teredo (RFC 438), a tunneling mecha-nism that allows for NAT traversal; and Intra-Site Automatic Tunnel Addressing Protocol,which lets dual-stack nodes send IPv6 packetsacross an IPv4 network.

Regardless of the specific approach, tun-neling presents a number of concerns for or-ganizations. Externally, IPv6 traffic reachinga Web site through a tunnel will cause theloss of various marketing metrics organiza-tions use to identify visitor information, in-cluding country and company. In addition,none of the mechanisms embed security

protection within the tunnel. Tunnels alsowill present problems for firewalls to screenthe content. And maintaining tunnel per-formance will be more complicated thanwhen running native IPv4 or IPv6. Adminis-trators will need IPv6 tools for visibility intothe tunnel and IPv4 tools for visibility intothe underlying network.

Work Your Way InThe evolution of IPv6 poses new challenges

for IT organizations that extend beyond sim-ply renumbering hosts. IT executives need tolook at how IPv6 will affect operational tools,IP address assignment and administration,and infrastructure. Application compatibilityis a big challenge—especially when it comesto proprietary applications.

IPv6 is inevitable, but you have time to plan.IPv4 and IPv6 can coexist for at least the nextcouple of years, which gives IT organizationsan opportunity to phase in adoption, particu-larly as they refresh hardware and software.Start with external-facing systems and workinward, and test at every stage. You know theswitch is coming; don’t get left in the dark.

David Greenfield is principal at Strategic Technology Analytics.Write to us at [email protected].


IPv6 Tunneling

IPv6 traffic can be sent over IPv4 networks by the use of tunneling. While there are several tunneling mechanisms available, a common method is the use of tunnel brokers in edge routers. The sending router wraps IPv6 datagrams inside IPv4 packets to pass them across an IPv4 network. The receiving router removes the IPv4 wrapper to send the IPv6 traffic to the client.

IPv6-enabled client

IPv6 transmission

IPv6 transmission

IPv6 traffic encapsulated via tunnel broker

Router A with tunnel broker

Router B with tunnel broker

IPv6-enabled client

IPv4 network


NetworkNetworkCFor IT, By ITIN THIS ISSUE

Building WAN 2.0 >>





Previous Next

READER SERVICES

NetworkComputing.comFor IT, By IT

Electronic Newsletter Subscribe toour newsletter at networkcomputing.com/newsletter_sub.php

Events Get the latest on our live events and Netevents at informationweek.com/events

Reports pro.networkcomputing.comfor original research and strategic advice

How to Contact Us networkcomputing.com/contact.php

Editorial Calendar informationweek.com/edcal

Back IssuesE-mail: [email protected]: 888-664-3332 (U.S.) 847-763-9588 (Outside U.S.)

Reprints Wright’s Media, 1-877-652-5295Web: wrightsmedia.com/reprints/?magid=2196E-mail: [email protected]

List Rentals Merit Direct LLCE-mail: [email protected]: (914) 368-1083

Media Kits and Advertising Contactscreateyournextcustomer.com/contact-us

Letters to the Editor E-mail [email protected]. Include name, title, company, city, and daytime phone number.

SubscriptionsWeb: informationweek.com/magazineE-mail: [email protected]: 888-664-3332 (U.S.) 847-763-9588 (Outside U.S.)

Executive VP of Group Sales, InformationWeek Business Technology Network, Martha Schwartz(212) 600-3015, [email protected]

Sales Assistant, Group Sales, Adrienne Darnell(212) 600-3327, [email protected]

SALES CONTACTS—WEST Western U.S. (Pacific and Mountain states) and WesternCanada (British Columbia, Alberta)

Western Regional Director, JohnHenry Giddings(415) 947-6213, [email protected]

Account Director, Matt Stovall(415) 947-6245, [email protected]

District Sales Manager, Rachel Calderon (516) 562-5338, [email protected]

Inside Sales Manager, Vesna Beso (415) 947-6104, [email protected]

Strategic AccountsAccount Director, Sandra Kupiec (415) 947-6922, [email protected]

SALES CONTACTS—EAST Midwest, South, Northeast U.S. and Eastern Canada(Saskatchewan, Ontario, Quebec, New Brunswick)

District Manager, Jenny Hanna(516) 562-5116, [email protected]

District Manager, Michael Greenhut (516) 562-5044, [email protected]

District Manager, Cori Gordon (516) 562-5181, [email protected]

Inside Sales Manager East, Ray Capitelli(212) 600-3045, [email protected]

Strategic Accounts

District Manager, Mary Hyland (516) 562-5120, [email protected]

SALES CONTACTS—NATIONALDr. Dobb’s

Sales Director, Michele Hurabiell(415) 378-3540, [email protected]

SALES CONTACTS—EVENTS Senior Director, InformationWeek Events, Robyn Duda(212) 600-3046, [email protected]

MARKETING VP, Marketing, Winnie Ng-Schuchman(631) 406-6507, [email protected]

Director of Marketing, Sherbrooke Balser (949) 223-3605, [email protected]

Marketing Manager, Monique Luttrell

(949) 223-3609, [email protected]

UBM TECHWEB

Tony L. Uphoff CEO

John Dennehy CFO

David Michael CIO

Bob Evans Sr. VP and Global CIO Director

Joseph Braue Sr. VP, Light Reading Communications Network

Scott Vaughan CMO

John Ecke VP and Group Publisher, InformationWeek Business Technology Network

Ed Grossman Executive VP, InformationWeek Business Technology Network

Beth Rivera Senior VP, Human Resources

David Berlind Chief Content Officer, TechWeb, and Editor in Chief, TechWeb.com

Fritz Nelson VP, Editorial Director, InformationWeek Business Technology Network, and Executive Producer, TechWeb TV

UNITED BUSINESS MEDIA LLCPat Nohilly Sr. VP, Strategic Development and Business Admin.

Marie Myers Sr. VP, Manufacturing

Copyright 2011 United Business Media LLC. All rights reserved.

Rob Preston VP and Editor In [email protected] 516-562-5692

Lorna Garey Content Director, [email protected] 978-694-1681

Sek Leung Associate Art [email protected]

Chris Murphy [email protected] 414-906-5331

Jim Donahue Chief Copy [email protected]

Stacey Peterson Executive Editor, [email protected] 516-562-5933

Mary Ellen Forte Senior Art [email protected]

Business Contacts

Mike Fratto Editor, Network [email protected] 315-464-0231

Andrew Conry-Murray New Products and Business [email protected] 724-266-1310

Here’s how to start IPv6 migration >> APIs will transform ...

Documents

Transcript of Here’s how to start IPv6 migration >> APIs will transform ...