Jan 272012
 
Spend 30 minutes with IPv6 every Friday!

Add an extra entrance to your network - run public services dual stack. Picture by OEJThis week I’ve been in IPv6-related meetings three evenings. Tonight, I’ll be trying to avoid talking about IPv6 with my family or show any more slides (I guess they already had enough). Before that, we all need to spend 30 minutes on our IPv6 skills and learn a bit more. After a few Fridays with very technical content, I’ll move up the stack and try to give you an outline of how to approach the IPv6 project within your organization by not starting an IPv6 project.
Spend 30 minutes on IPv6 every Friday, roll up your sleeves and read on!

You choose: use a IPv6 SEP (Somebody-elses-problem) field or start now

As an IT manager, you can select one of two possible approaches. The first one is to avoid the issue, since you have no budget for it and no demand from the organization.  Which user reports an issue related to IPv6 and seriously, has any manager asked for IPv6 support in a development project? Just avoid IPv6 and it will be sorted out by someone else. The Douglas Adams’ SEP field is very handy in regards to IPv6 and has been in use for many years.

If you select this strategy, you’ll be forced to ask for an extra addition to your IT budget a few years from now when the lack of IPv6 support hurts the business. Your staff can’t reach important services on the net and Internet users can’t reach your services. This is when your management instructs you very clearly that this will have to be solved yesterday at no extra cost.

An alternative route is to start now and integrate IPv6 in every project, not making it a special task force. All new equipment, all new integration projects, all new development projects needs IPv6 support. Get your public services connected with IPv6 first and then continue with internal systems, backend platforms and all the rest. Don’t Panic. But start now. Here’s one way to structure your IPv6 Project – and avoid making it a separate IPv6 project. Start small, then integrate it within all the other projects.

1. Make your staff IPv6-compatible

Learning IPv6 is not hard and there are a lot of online-resources and free presentations. Make sure you send a few people to trainings and then use them internally as IPv6 evangelists, using the free material to start IPv6 discussions and teach the others at the level they need. IPv6 is not hard to learn, but it is still a new network protocol that needs some attention.

Links:

2. Get IPv6 network addresses

Ask your ISP and your hosting provider for IPv6. If they don’t deliver, add another provider or switch provider to get IPv6. For the lab, set up a couple of free tunnels. Not getting IPv6 from your provider is not an excuse to delay the IPv6 project. IPv6 is available everywhere now. Do not accept long delays from your ISP. Remember that this is a new network and you can get IPv4 from one provider and IPv6 from another.

Links:

3. Require IPv6

Don’t buy new equipment in 2012 without support for IPv6. Period. If you do, make sure you cover the whole cost this year, because there is a huge risk that you will have to replace it very soon. Since this is something all vendors are aware of you will see some equipment where product sheets and powerpoint slides claims that the product or service support IPv6, but the delivery does not. Test, test, test. Go back to bullet #1 and make sure that your organization knows how to test.

4. Add IPv6-support for public services

After learning IPv6 and testing, you need to start with your public services. The World IPv6 Launch June 6th 2012  is not far away. This affects at least DNS, E-mail and your web server. You want to make sure that you are available for all of Internet, not just the IPv4 part. Stay connected!

Links:

5. Activate dual stacks on the firewall

IPv6 security is not far away form IPv4 security – but there are some differences. Make sure that your security infrastructure support IPv6 – mail filters, firewall, VPN servers and rules in switches and other infrastructure devices. Start doing this as part of the regular security review and maintenance work and keep working on it.

6. Check your digital partners

Your IT systems probably doesn’t work standalone, they’re interconnected with others. This also affects many public sites that are integrated with third-party systems. Check outsourcing partners, cloud services, reseller systems – everything. You want to make sure that these systems migrate to IPv6. It’s not as critical as the public Internet services – but it will be at some point. Better start the discussions now and integrate IPv6 when systems upgrade or are replaced. It’s a complicated puzzle, so take it slowly.

7. Start adding IPv6 to the office network

Adding IPv6 to the office network is simple. Just turn it on and keep it on. All desktop systems support IPv6 today. Many printers support IPv6. You do not have to throw out IPv4-only devices, but don’t add new ones. When you are done with the desktops you can start adding print servers and other internal servers with IPv6 only. Keeep it simple.

IPv6 Only - are you crazy? No, all web site and application developers need to test that!8. Move some computers to IPv6 only

To make sure you’ve done things right, move some computers to IPv6 only – especially in the IT department. This is the only way to make sure that IPv6 support works. If everyone runs dual stack you have no control over the IPv6 part – and won’t notice if DNS only works on IPv4 and doesn’t support IPv6 – or some other network service. Testing the web site regularly on IPv6 only is important, just to check that there’s no ajax, captcha or some other external service added that only supports IPv4.

9. Benefit from IPv6

With IPv6 you can have many subnets so setting up VPNs and integrating offices will be much easier – it’s all done on standard IPv6 addresses and no private stuff with NATs between. You will get a very large address space – use it. When traversing the Internet between offices you can still get the real end point addresses and set up security rules properly. It will take some time until we all fully grasp all the benefits and think the IPv6 way.

10. Don’t panic.

There is urgency to get the project off the ground, but your business will likely not collapse if every desktop doesn’t have IPv6 support next week. Make sure IPv6 is part of every IT project and don’t make it a special huge project that rolls on by itself while the rest of the projects base their work on the old IPv4 way of networking. Start now and put all your 128 bits on the effort!

 

As always I appreciate feedback, tweets and e-mail. And remember that rule 10 is the most important. Have fun learning IPv6 and then treat is a normal part of the network work. If you don’t include IPv6 in your networking projects, you’re not working with the Internet any more. The Internet of today is IPv4 and IPv6  – the global network we all use.

Have a great IPv6 Friday!

/Olle

 

Sorry, the comment form is closed at this time.