This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
• 2009 Lot of IPv6 planning going on at the corporate level
http://www.indeed.com/q-ipv6-jobs.html
16 June 2008
IPv6 Drivers• Customers are driving the requirement
−US Federal Government Procurement Mandate June 2008 Issued by the Office of Management and Budget (OMB)• IPv6 support required for networked products – new purchases
−Several governments have similar mandates (in Asia (Japan, China CNGI, Korea, EU)
−3GPP has mandated exclusive use of IPv6 for IMS (IP Multimedia Subsystems). Industry sector like Intelligent Transport System, Digital video broadcasting, smart home consortia have all recommended the use (sometime exclusively) of IPv6.
−Convergence to ALL-IP (NGN (Next Generation Networks), FMC (Fixed to Mobile Convergence), Triple Play and Wireless), non computer devices/ embedded devices, sensors, building safety and security all will require IPv6 as network infrastructure.
• HP is taking an aggressive leadership stance on the IPv6 enablement dates
17 June 2008
HP took an early Lead with IPv6• 1993
− HP helped define the IP Next Generation protocol in the IETF
• 1995 − First Public HP IPv6 demos &
experiments• 1996
− HP 6bone connection active• 1999
− HP Founding member of the IPv6 Forum
− Jim Bound CTO and member of the Board of Directors of IPv6 Forum
− Yanick Pouffary IPv6 Forum Fellow• 2000
− First HP IPv6-enabled server products
• 2001 − HP launched industry leading IPv6
and Mobile IPv6 solution demos• 2002
− HP chairs North American IPv6 Task Force and is Technology Director.
− NAv6TF influences Whitehouse U.S. Cyber Security Office to promote IPv6 leading to US DoD mandating the integration of IPv6 to be ready by Oct 2008 (June 2003)
− HP IT launched a world wide IPv6 test bed
• 2003 − Participating in North American IPv6
interoperability Network Pilot - Moonv6− HP helped define IPv6 ready logo− HP OpenView Network Node Manager IPv6
support− Internal HP IPv6 initiative
• 2004 − NAv6TF works with White House Office of
Management (OMB) leading to June 2005 OMB mandate
− HP IPv6 servers acquire IPv6 ready logo− HP ProCurve IPv6 VLANs support
• 2005− HP was among the first printer companies
to release an IPv6 product− NAv6TF works with OMB to produce OMB
IPv6 transition guidance• 2006
− HP Printer first vendor on the US DoD IPv6 Approved Product list
− HP StorageWorks Division provides a customer statement of support committing support of IPv6 per the US OMB mandate
• 2007− HP Network Automation (HPNA) (Opsware
Network Automation System software) • IPv4 and IPv6 devices discovery
18 June 2008
HP IPv6 support• HP is implementing IPv6 support in stages with the goal of
ensuring a smooth transition and deployment where IPv6-updated products can take advantage of IPv6, without impacting existing functionality.
• HP supports IPv6 across many of its product lines today. • HP platforms support transition mechanisms and gateways to
interoperate with IPv4.• HP has already delivered IPv6 products across:
− HP Business Critical Server and ProLiant platforms (HP-UX, Tru64 UNIX®, OpenVMS, NonStop Server, Linux, and Microsoft® Windows)
− ProCurve high-end switches through its ProVision ASIC offers full support for IPv6 in hardware; ProCurve Switch series 8200, 6200, 5400 and 3500
− HP Enterprise JetDirect and LaserJet printers;− HP Business Technology Optimization Network Management Center
platform and Opsware Network Automation System software, now called HP Network Automation (HPNA)
−Valuable corporate resources exposed• In unmonitored networks
• Application Risks−Reliability in an IPv6 environment
• Financial Risks−Costs of gradual deployment versus
−Sudden urgent response to unexpected event
27 April 8, 2023
Rogue Devices / Networks
• Unauthorized IPv6 devices−Windows Vista, Linux
• Unauthorized Networks−Internal tunnels
• Compromised Perimeter−External tunnels
• Monitoring• Traffic Inspection
What you don’t know will hurt you
Public Internet
PrivateNetwork
Victim
HijackedComputer
Intruder
Private LAN
Public Network
Hacker Tools and Attacks
• IPv6-enhanced versions of old tools−Halfscan6, netcat6, NMAP, Ethereal, Snort, TCPDump
• 6to4DDos• Relayers (can be misused for tunnels and
redirects)−relay6, 6tunnel, nt6tunnel, asybo
• Attacks−2003: W32.HLLW.Raleka
−2005: Troj/Legmir-AT
−2007: W32/Agent.EZM!tr.dldr"Last year IPv6 didn't register in scale, but now it's emerging as a concern on the security side. Attackers are going to try it or use it as a transport mechanism for botnets. IPv6 has become a problem on the operational side.“
Arbor Networks CTO Rob Malan
IPv6 Transition Exposure• IPv6 is available• IPv6 is in use• IPv6 is on many private networks
• Corporate Security−does not monitor IPv6
• Corporate IT−is not familiar with IPv6
• This is irresponsible!
Application Impact• Socket calls (see RFC 3493, RFC 3542)• Are numeric IP addresses manipulated, stored or cached?• Colon-separator used between hostnames and port
numbers?• Accept, parse or manipulate user-provided URLs or
hostnames?− Might contain a numeric IPv6 address) (See RFC 2732)
• Sequential enumeration of address space?− e.g. ping-sweep to scan a subnet
• Assumption that host or interface only has one IP address?• Direct use of layered networking protocols (e.g. DHCP,
ARP, DNS, RIP, OSPF…)?• SNMP collection of IPv4/IPv6 data?
31 April 8, 2023
Potential Triggers• Large-scale security attack• Technical impasse• Address space shortage• Service-provider transition• New geographical market• Government mandate• Supplier/customer/partner requirement
32 April 8, 2023
Financial impact• Investment protection
−Write off new purchases?
• Purchasing criteria can include−Stated IPv6 support
−IPv6 Logo certification
−IPsec, Mobile IP, transition mechanisms …
• Ensure minimal training and awareness• Accelerated deployment costs more than
−IPv6finder• Open Source software, developed by HP
−Sun ’s socket scrubber
• Check with vendors for IPv6 support in commercial products
• Test in your own environment!
Preparation and PlanningIPv6 is inevitable. The key to success is timing.
• Prepare−Assess Security and Management requirements−Assess transition mechanisms−Train staff for roll-out and support−Procure only IPv6 compliant components
• Plan−Analyze the ROI−Identify suitable pilots / early adopters
Summary• IPv6 is about more than Address Space• IPv6 adoption is beginning now
−HP is a leader in IPv6
• IPv6 is still IP−New Network Security Model
−End-to-end security
− Improved Availability
• The market must begin to plan for IPv6 now− It is easy to enable IPv6 in a simple environment
• You can ignore IPv6 but that won’t stop it!
40 June 2008
•What is IPv6?•Why do I need IPv6 when IPv4 is working fine for me?•What are the features and benefits of IPv6?•Are there any alternatives to IPv6?•What do I need to do to be ready for the future?•What is the meaning of IP capable?•How do I transition to IPv6?•What is the HP history with IPv6?
IPv6 FAQs
HP IPv6 Frequently Asked Questions
www.hp.com/network/ipv6
41 June 2008
IPv6 resources• www.IPv6forum.com international IPv6 Forum• www.ipv6ready.org IPv6 Forum IPv6 Ready Logo