IPv6 The World, and You

want to deploy ipv6 or some of the common reasons not to deploy ipv6 i'm going to have a high level over technical overview of ipv6 a few slides that say well this is ipv6 this is only bitser and things like that i'm going to talk about deployment and security concerns and actually my security concerns will probably be intermixed through all the slides i'm a network engineer primarily i but a lot a lot of things i'm talking about are security focused things that if i was a security expert i would be concerned about and then i'm going to talk a little bit about how we're going with ipv6 how deployment is going and a little bit about world ipv6 day

which was last year and then world ipv6 launch which is coming up real soon now so i did this presentation to some uh totally non-technical people so i have a couple of introductory slides that i i did for these people and i'll throw them in but anyway i present i've raised this presentation xg for excessive geekiness now after after seeing the last presentation this really doesn't apply i mean if he can come anyplace be kicked out it's got to be here some viewers may be offended by excessively technical nature of this presentation viewer discretion is advised so also one of my basic slides is ipv4 is internet protocol version 4. this is the legacy internet protocol

that almost everyone is using exclusively so and then there's this thing called ipv6 which is the internet protocol version 6. this is the next generation internet protocol that everyone should be using but isn't so let me ask how many people here actually have ipv6 in their network today do you have ipvs configured on your routers do you have is it up on your website no different okay but but does your company have ipv6 on their lead website no no okay okay we're getting there perfectly happy to move it if they ever get around to turning the website on yeah yeah yeah um yeah okay so i'm counting two people what dual stack is idv6 so when you say

okay so i'm trying to avoid trick questions sure questions come later um like pure ipv6 or dual stacks yeah dual stack i mean pure ipv6 nobody i don't think very many people at all are

so i'm counting two people here who actually have ipv6 up and running on their network so my definitions still apply and it probably will apply for some time but we only stood up for ipv6 state okay hey look you're here well that's good so a lot of people brought up for ipv6 day last year and promptly turned it back off so what does this think about okay ipv6 so when internet was designed it was a research project which means a lot very few numbers of users not a lot of addresses and in early 1990s the internet started growing at an insane rate for a research project and became obvious that there really just weren't enough addresses

to go around with ipv4 i mean gee there were only four billion addresses and they were really poorly allocated so to address this the ietf the internet engineering task force chartered an effort to build the next generation internet protocol which would have more addresses and it became known as ipv6 and was announced in 1994 so the good news is that ipv6 represents some of the best engineering thoughts of 1994. the bad news is the ipv6 represents some of the best engineering thoughts of 1994 so the internet was a much different place in 1994 very different it was much smaller the ipv4 internet has essentially been following the whole growth of the internet and there have been security attacks

you know some which have been detected before they became issues some not those have been addressed now ipv6 has had relatively almost non-existent deployments since 1994. so you have what we'll call ipv4 which has been addressed as far security issues for ipv6 there are security issues definitely waiting for us here and it's much better than it was let's say three or four years ago but there's still issues out there so oh yeah so i saw a presentation in 1996 by the one of the developers of ipv6 named steve deering and he said well geez you should expect routers will be supporting ipv6 any day now you'll have widespread deployment of ipv6 within two years one of the favorite quotes

i've heard i think i saw in the back of a one of the ipv6 books is that we have been in the imminent state of imminent deployment within two years for the last 15 years it just hasn't happened so what did happen in in 1994 uh this concept of nat was very new network address translation and the whole idea of having a router which can essentially you have private addresses behind this snap box this was huge as far as reducing the need for uniquely unique ipv4 addresses you have whole organizations that are hidden behind that's the veteran's administration is hidden behind uh has all their addresses hidden behind that and we're talking you know 100 and some thousand employees you know

thousands i want to say hundreds if not thousands of routers you also have something called classless internet domain routing which is it's unimaginable to think that you're not you didn't at one point you did you couldn't do this but in 1994 this was very hard you had something called classed class routing i want to say where you had a class a address a class b address a class c address and a class d address a class a was a slash eight i want to say the first 64 or so 0.0.0.02 through 64.0.0.0 it might be 96. i don't remember these could only be slash eights so you so in your subnet you could only have like

a million addresses it was very hard to break up these these class this class format i worked for att at the time and my office mate was actually holding the addressing for the internal r d internet at bell labs and he didn't know how to break up the slash eight so they were sitting on the slash eight they were doing nothing with it because they didn't know what to do with it class's inner domain routing made it easy to break up slash h in the slash 16 24. that was also a huge deal as far as making it easier to deploy ip addresses that you've really already had access to so that helps that slowed the need for ipv6

another thing happened that happened with the dot com crash so he had insane growth and that kind of stopped around 2000 that slowed things down as a result the need for ipv6 has been stalled for a long time and which brings us up to today so ayanna is known as that the internet numbers association um they hand out ip addresses they've handed out all their ip addresses to what are known as regional address registries the asia registry has run out of addresses aaron should run out in 2013. ripes should run out sometime the sum ripe is europe they should run out sometime this summer and the other two have until 2014. so we're reaching the

point where ipv4 addresses are becoming extremely scarce and i'll leave it at that there's there are certainly ways of trying to buy addresses uh there was actually a very interesting talk at the ipv6 summit last month that talked about well if an address is let's say less than 42 dollars you should buy do ipv4 addresses to go but beyond that look at dual stack and that if the addresses go beyond another threshold you should sell ipv4 addresses a very interesting talk so why might you want to deploy ipv6 well it's all about needing more addresses if essentially you're you want to do a major deployment you want let's say you're you're a new isp you want a slash 16

you go to aaron they say huh we don't you're not getting slash 16. you have to figure something else out ipv6 is certainly the option or an option i'd recommend you could also do things like nat and stuff like that but i'm not recommending that anything else that requires lots of addresses ipv6 is really ideal um so an example of this is mobile networking so mobile networking you have an address which travels with a mobile device across i want to say networks this requires a lot of i want to say background addresses i'm not an expert on mobile but essentially it requires a lot of addresses ipv6 is perfect for mobile networking there's another example i've heard of a

boeing developing airplanes with lots of ip addresses ipv6 makes allocation of these addresses relatively easy and you also have scoped addressing ipv6 eliminates the requirement for nat resulting in a cleaner end to end solution meaning that you don't have boxes that essentially need to