Steps in IPv6 Deployment

From Ipv6-techsig

Jump to: navigation, search

1) Check the status of IPv6 support on your networking equipment. This can be done through vendors, or by posting a question to the TechSIG.

2) Gain some low level IPv6 knowledge. I'm sure Nathan has some training material he's happy to make available. Failing that I'm sure that InternetNZ could commit to running regular training while there was a need. Failing all of that... Just lurk on TechSIG and ask questions.

3) Develop an addressing plan. This might seem to be putting the cart before the horse because you don't even have any addresses yet. But you need one in order to get them from APNIC, and it is a good way to get your head around IPv6. I'm happy for people to post draft ones to the list for comment/help. Look at your IPv4 addressing plan and mirror it in IPv6. This is the easiest way to start off. If people have a better idea than shout out. For this documentation step you can use the <insert name for the new unique site local addresses which escapes me now, Nathan?> addresses, and change them when you get some addresses later.Current guidelines from the list look to be:

Allocate a /64 for loopbacks another for linknets. Loopbacks can be /128s which can have the IPv4 prefix inserted in the last 64 bits, eg 192.168.4.2 becomes :0192:0168:0004:0002. Linknets can be /112s with the two ends of the link on different ranges, eg one end on :1 and :2 and the other end on :101 :102, :fffff, :fffe etc.

General Purpose subnets which will have client machines on them look to be /64s /48s and /56s can be allocated to customers if you are an ISP.

4) Decide where you are going to get an upstream connection from. This will depend on what you will be doing for numbers. There are many options. You can get native IPv6 from some NZ providers now (it will almost certainly be tunneled internationally though), or you can choose to tunnel to international locations yourself. Remember, Native is almost always better than Tunneled from a troubleshooting and TE point of view.

5) Get some numbers. FINALLY you get to get some v6. If you're going to be using an upstream ISP within NZ and you are not an APNIC member, then you can go to them and get a block of addresses. This is when your addressing plan from step 3 comes in handy. You just and this to your ISP and they will give you a block which can accomodate this. They should not complain because they can use addressing plans such as this to hand to APNIC for their next allocation. They should hand you out some from their allocation and you'll be able to get started. Remember though that the chance of getting some other upstream to route this block (unless it's a /32) is unlikely. If you intend to heavily multihome, then approaching APNIC might be your best idea.

If you are an APNIC member, then it's off to APNIC for your initial alocation. Here are their current guidelines (from http://www.apnic.net/policy/ipv6-address-policy.html) 

----------------------
5.1. Initial allocation
5.1.1. Initial allocation criteria

To qualify for an initial allocation of IPv6 address space, an
organization must:

   1. Be an LIR
   2. Not be an end site
   3. Plan to provide IPv6 connectivity to organizations to which it will make assignments, 
      by advertising that connectivity through its single aggregated address allocation
   4. Meet one of the two following criteria:
          * Have a plan for making at least 200 assignments to other organizations within two years OR
          * Be an existing LIR with IPv4 allocations from an APNIC or an NIR, 
            which will make IPv6 assignments or sub-allocations to other organizations 
            and announce the allocation in the inter-domain routing system within two years

    Private networks (those not connected to the public Internet) may also
    be eligible for an IPv6 address space allocation provided they meet
    equivalent criteria to those listed above. 


5.1.2. Minimum initial allocation size

Organizations that meet the initial allocation criteria are eligible to
receive a minimum allocation of /32.

----------------------

So you have to either be making 200 assignments within 2 years, or have some existing APNIC allocated IPv4 space. If you do, then it's a /32 for you. Any questions on the forms, see your APNIC host master (they are great people really, buy them a beer at an NZNOG conference) or post to the TechSIG.

6) Populate your addressing document with your new prefix and start looking at your network and routing design. You no doubt have some pretty clued up people in your org when it comes to IPv4. Well these people will need to also be as clued up on IPv6. The best way to start this is to devise a plan to roll out addresses onto your network. Here is an example of such a plan.

a) Put IPv6 loopbacks on all routers which have IPv4 loopbacks b) Put IPv6 linknet addresses on all network links which are numbered out of your current IPv4 netblock (ie dont worry about your upstream peering links) c) Design and deploy an IPv6 IGP routing protocol. If you use OSPF then you're probably going to be looking to deploy OSPFv3. If you use ISIS then you don't need to do anything (I'm an ISIS fan, so it serves all you OSPF users right). If you use EIGRP then you're on your own (Post to TechSIG and we'll work it out)

  • At this stage you should have a network where all of your routers

should be able to talk to each others loopbacks using native IPv6 transport. d) Turn up iBGP peering sessions e) STOP. At this stage you are about to turn up external connectivity. You should be aware that any firewall rules or host based firewalls you have will need to be reconfigured to accomodate your new IPv6 addresses. This is a bit of a large step to go through here. But you should sit down with your current IPv4 security policy and generate/implement an IPv6 one BEFORE you connect yourself to the outside world. e) Turn ip eBGP peering sessions and advertising your aggregate route. Easy ones are WIX and APE. Speak to Citylink if you are already a customer, they have a form you will need to fill out to get IPv6 peering f) STOP. At this stage it's a good point to stop Your core network infrastructure is pretty much done (with the edge still to go) and it's not a bad time to sit back and look at the next stage of the plan.

7) Build list of products and applications, and check IPv6 support plan for each of them. Identify any problem cases (i.e., supplier has no plan) and beat up on them.

8) Enable AAAA records (internally) and dual stack access to DNS. (Think carefully before exporting AAAA records - see Google discussion.)

9) Set up initial management and measurement for IPv6.

10) Enable gateway for Teredo/6to4 access (Tui boxes) (because of Vista).

11) Create test IPv6 web server (www.ipv6.example.co.nz) - progressively duplicate the real site there. Test everything, especially interactive stuff and authentication. Catalogue any applications that need updating. Consider reducing MTU to 1280

12) Dual stack the real web site. (Again, think carefully before exporting AAAA records - see Google discussion.)

Retrieved from "http://wiki.ipv6.org.nz/wiki/Steps_in_IPv6_Deployment"
Personal tools
communication