Jun 012012
Spend 30 minutes with IPv6 every Friday!

It’s June and less than a week to World IPv6 Launch. Exciting!

During this week I’ve been doing SIP trainings in Germany. Meeting advanced network and system engineers for a week, discussing all kind of things between the fiber and the user. IPv6 is of course a natural part of these discussions. I’m very happy to notice a big change when traveling and meeting these gurus – from total ignorance and zero knowledge a few years ago I now frequently end up in discussions about DHCP-PD, ULAs or other things related to IPv6. There’s not only knowledge out there, but also experience from labs and implementations. That makes me very happy! There are many people on the net that shares knowledge and tries to help others to learn based on their own experiences. This Friday, I’ll show you a few examples.

Microsoft’s experiences from IPv6 on the corporate network

Microsoft WindowsA colleague and security expert, Hasain Alshakarti, pointed me to a  document published by Microsoft in April this year – Case Study: How Microsoft IT has Deployed IPv6 on the Microsoft Corpnet. This document is good reading for everyone, regardless if you use Microsoft products or not. They discuss the IPv6 work that started in 2001, for a long time providing IPv6 only for development and engineers that needed it and requested it. Now everyone has IPv6 access. They also point out that there’s no goal to run IPv6 single stack, short or long term.
One problem is that 3rd party vendors of routers and applications hasn’t been able to deliver IPv6 support on the same level as IPv4 or better. This has delayed and still delays the IPv6 implementation.

“Applications should initiate connections regardless of the version of IP and provide equivalent support for input and storage of IPv6 addresses. For example, typical application support problems include using older WinSock IPv4-specific APIs, using IPv4 addresses and associated 32-bit storage structures within the code of the application, UI support for only IPv4 address configuration, application security based only on IPv4 addresses, reliance on WINS simple names, and database schema that does not allow storage of the 128-bit IPv6 addresses. “

Cisco has also published a shorter blog entry, but still worth reading: Preparing for world IPv6 Launch by Jon Woolwine (Apr 2012).

The status of IPv6 in Linux: Getting better for every release!

Tore Andersson at Redpill Linpro in Norway has been very involved in World IPv6 day and tests that lead to that event. On Google+ Tore wrote a short piece on the status of IPv6 in new releases of Fedora Linux and Ubuntu.

“Fedora 17 was released yesterday, and Ubuntu 12.04 last month. The timing right ahead of World IPv6 Launch is perfect; IPv6 support on the Linux desktop has never been better! Thanks to a series of improvements in the GNOME NetworkManager used by both Fedora and Ubuntu, IPv6 is now fully supported out of the box on both wired and wireless Ethernet connections, specifically:

  • No dependency on IPv4 – they will connect just as happily to IPv6-only networks as to IPv4-only or dual-stacked networks
  • Support for SLAAC
  • Support for the RDNSS Option (RFC 6106).- Support for DHCPv6, both statless Information-Only and stateful IA_NA.

I will have to redo my earlier tests that I published in a Slideshare presentation. If you search for IPv6 on Slideshare.net you will find many good presentations made by people that just want to share their knowledge with you. Like the presentation named “How IPv6 Will Kill Telecom – And What We Need To Do About It” by Dan York. Or this presentation about PHP Frameworks with IPv6. I really would like to be able to read more of that, but understand that many PHP frameworks still assume IPv4.

IPv6 getting traction – which worries law enforcement

Another piece of news that have been rolling around the twitter feeds the last days is that it’s not only the system and network engineers that need to learn the new Internet Protocol. Law enforcement also needs to follow the new trend and understand how this works. Cnet writes about FBI getting worried.

“Once IPv6 is near-universally adopted, it’s likely to prove a boon to police, a fact that some law enforcement representatives privately acknowledge. That’s because each device — tablets, phones, refrigerators, lawn-mowing robots, and so on — will sport its own unique Internet address.”

The article goes on and describes how Carrier Grade Nat log files can help law enforcement. For many people, this is probably a reason to switch over to native IPv6 single-stack as quick as possible to avoid the CGN systems. The article continues to discuss the effects of having IPv6 available in all IPv6 implementations. I think they should probably follow my advice and read Microsoft’s report where they state that they have no firewall, but instead forces all computers to use IPsec to reach the services the need internally and from remote locations. IPsec will be a natural part of the network regardless of IPv4 or IPv6.

The Cnet article refers to a presentation at Nanog 53 called “The impact of IPv4/IPv6 Interworking on Lawful Intercept” written by Yi Liu and Jennifer Joy, ATT Chief Security Office, ATT Labs. If you work with a service provider this is good reading and a good starting point for discussion.

To summarize: Lab with IPv6, start working with your implementation and participate online, share your experience and contribute to the global knowledge base! There are IPv6 Wikis you can start with. On twitter, use the #IPv6 hash tag. See you out there on the IPv6 highway!