SlideShare a Scribd company logo

IPv6 implementation for end users

D
draskolnikova

This document discusses implementing IPv6 for end users on a RouterOS device. It provides a network diagram of a core router connecting two branch routers. Configuration details are given for the core and branch routers to establish IPv6 routing and address prefixes. Router advertisements are configured on the branch routers to assign IPv6 addresses to connected clients. The implementation aims to reduce IPv4 NAT usage by utilizing both IPv4 and IPv6, while providing end-to-end encryption and lower risk of man-in-the-middle attacks for clients.

Internet
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
IPv6 Implementation for End Users (RA) On RouterOS Device
About Me System Engineer Profile: keybase.io/dewangga [hokage@networksninja.net] 0xA028CD70
Transition Problems • IPv6 subnetting ? • Hardware or firmware support ? • We are afraid to deploy new technology ? :-)
Why IPv6? • IPv4 NAT issue on approximately thousand(s) device(s) connected at the same time -- no CGN :-) • Utilize bandwidth usage both IPv4 and IPv6 at the same time. • End-to-end encryption and low-risk man-in-the-middle attack(s)
Limitations • Deployment using RouterOS (MikroTik) • SME (Small-Medium Enterprise) Infrastructure
Net Diagram Branch A Router Branch B Router Branch A Clients Branch B Clients CORE Router CORE Switch2001:6400:dead:beef::/64 2001:6400:dead:beef::2/64 2001:6400:dead:beef::1/64 Branch A: 2001:6400:dead:b33f::/64 Branch B: 2001:6400:dead:b055::/64
Configurations – Core Router [dewangga@core.networksninja.net] > /ipv6 addr add interface=ether2 address=2001:6400:dead:beef::/64 advertise=no [dewangga@core.networksninja.net] > /ipv6 rou add dst-address=2001:6400:dead:b33f::/64 gateway=2001:6400:dead:beef::1 check-gateway=ping add dst-address=2001:6400:dead:b055::/64 gateway=2001:6400:dead:beef::2 check-gateway=ping
Configurations – Router Branch A [dewangga@a.networksninja.net] > /ipv6 addr add interface=ether1 address=2001:6400:dead:beef::1/64 advertise=no add interface=ether2 address=2001:6400:dead:b33f::/64 advertise=no [dewangga@a.networksninja.net] > /ipv6 rou add dst-address=::/0 gateway=fe80::e68d:8cff:fe3f:6732%ether1 check-gateway=ping
Configurations – Router Branch B [dewangga@b.networksninja.net] > /ipv6 addr add interface=ether1 address=2001:6400:dead:beef::2/64 advertise=no add interface=ether2 address=2001:6400:dead:b055::/64 advertise=no [dewangga@b.networksninja.net] > /ipv6 rou add dst-address=::/0 gateway=fe80::e68d:8cff:fe3f:6732%ether1 check-gateway=ping
Configurations – Router Advertisement (A & B) [dewangga@a.networksninja.net] > /ipv6 nd set [ find default=yes ] disabled=yes add advertise-mac-address=no interface=ether2 managed-address-configuration=yes mtu=1500 other-configuration=yes reachable-time=10s retransmit-interval=5s [dewangga@a.networksninja.net] > /ipv6 nd prefix add interface=ether2 prefix=2001:6400:dead:b33f::/64 [dewangga@a.networksninja.net] > /ipv6 nd prefix default set autonomous=no
Clients Configuration • Just enable IPv6 Configuration on your operating system that support ipv6 RA (latest operating system are native IPv6 Support by default) • Client should be received IPv6 from RA (eg: 2001:6400:dead:b33f:5054:ff:fe3d:498f or 2001:6400:dead:b33f:f5a6:5d7b:6647:2bf5)
In GUI :-)
Conclusion • Do NOT do any deployment if you aren't ready yet. Don't leave any vulnerable system exposed to the world wide. • By enabling IPv6 to end user(s), we are helping the operators to reduce usage of CGN and Router CPU Resource because of NAT. • Ensure the scalability, reachability and connectability for end user(s).
Thanks

More Related Content

PDF
Quickassist adapter-8960-8970-brief
Vijaianand Sundaramoorthy
 
PDF
UTM Appliance Fact Sheet
Karthik Ethirajan
 
PDF
05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing
Indonesia Network Operators Group
 
PDF
The Use of IPv6 in IoT
Oliver Müller
 
PDF
DPDK Architecture Musings - Andy Harvey
harryvanhaaren
 
PPTX
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
Robb Boyd
 
PPTX
VF360 OpenVPX Board w. Altera Stratix and TI KeyStone DSP
Sundance Multiprocessor Technology Ltd.
 
DOCX
Cisco wap361, the wireless ac n dual radio wall plate access point with po e
IT Tech
 
Quickassist adapter-8960-8970-brief
Vijaianand Sundaramoorthy
 
UTM Appliance Fact Sheet
Karthik Ethirajan
 
05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing
Indonesia Network Operators Group
 
The Use of IPv6 in IoT
Oliver Müller
 
DPDK Architecture Musings - Andy Harvey
harryvanhaaren
 
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series Switches
Robb Boyd
 
VF360 OpenVPX Board w. Altera Stratix and TI KeyStone DSP
Sundance Multiprocessor Technology Ltd.
 
Cisco wap361, the wireless ac n dual radio wall plate access point with po e
IT Tech
 

What's hot (20)

PPTX
Mellanox's Operational Excellence
Mellanox Technologies
 
PPTX
TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...
Robb Boyd
 
PPTX
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
Robb Boyd
 
PDF
OpenDataPlane - Bill Fischofer
harryvanhaaren
 
PDF
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Linaro
 
PPTX
Making NFV-Based Business Services Secure
ADVA
 
PPTX
Building a Router
Hannes Gredler
 
PDF
TechWiseTV Workshop: Cisco UCS C4200
Robb Boyd
 
PPTX
The Need for Complex Analytics from Forwarding Pipelines
Netronome
 
DOCX
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
IT Tech
 
PDF
Securing your telco cloud
OPNFV
 
PDF
IPV6 - Threats and Countermeasures / Crash Course
Thierry Zoller
 
PDF
Hotplug and Virtio - Tetsuya Mukawa
harryvanhaaren
 
PDF
Microsoft IT's IPv6 Killer App
Oliver Müller
 
PDF
Sky IPv6 Update
Oliver Müller
 
PPTX
Software Defined Network - SDN
Venkata Naga Ravi
 
PPTX
Sundance at the 49th Intelligent Sensing Program
Sundance Multiprocessor Technology Ltd.
 
PPTX
6WINDGate™ - Accelerated Data Plane Solution for EPC and vEPC
6WIND
 
PPTX
6WINDGate™ - Enabling NFV for Telco Architectures
6WIND
 
PPTX
6WIND Virtual Accelerator Product Presentation
6WIND
 
Mellanox's Operational Excellence
Mellanox Technologies
 
TechWiseTV Workshop: Cisco Catalyst 9500 Series High-Performance Switch Archi...
Robb Boyd
 
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
Robb Boyd
 
OpenDataPlane - Bill Fischofer
harryvanhaaren
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Linaro
 
Making NFV-Based Business Services Secure
ADVA
 
Building a Router
Hannes Gredler
 
TechWiseTV Workshop: Cisco UCS C4200
Robb Boyd
 
The Need for Complex Analytics from Forwarding Pipelines
Netronome
 
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
IT Tech
 
Securing your telco cloud
OPNFV
 
IPV6 - Threats and Countermeasures / Crash Course
Thierry Zoller
 
Hotplug and Virtio - Tetsuya Mukawa
harryvanhaaren
 
Microsoft IT's IPv6 Killer App
Oliver Müller
 
Sky IPv6 Update
Oliver Müller
 
Software Defined Network - SDN
Venkata Naga Ravi
 
Sundance at the 49th Intelligent Sensing Program
Sundance Multiprocessor Technology Ltd.
 
6WINDGate™ - Accelerated Data Plane Solution for EPC and vEPC
6WIND
 
6WINDGate™ - Enabling NFV for Telco Architectures
6WIND
 
6WIND Virtual Accelerator Product Presentation
6WIND
 
Ad

Similar to IPv6 implementation for end users (20)

PPTX
Cisco EuroMPI'13 vendor session presentation
Jeff Squyres
 
PDF
IPv6 Security - Myths and Reality
Swiss IPv6 Council
 
PDF
CV Ritesh Dubai
Ritesh Pacheni
 
PPTX
Oracle RAC features on Exadata
Anil Nair
 
PDF
20151207 - iot strategy
Jamie (Taka) Wang
 
DOCX
MUTHUKUMAR Updated Resume
Muthu Kumar
 
PPTX
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
Santhosh Kumar
 
PPTX
BRKDCT-2445
Rohit Agarwalla
 
PPTX
Netsft2017 day in_life_of_nfv
Intel
 
PDF
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PROIDEA
 
PDF
OpenStack Scale-out Networking Architecture
Randy Bias
 
PDF
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
LinuxCon ContainerCon CloudOpen China
 
PDF
18-20180514_SRv6_RIPE.pdf
YunLiu75
 
PDF
CiscoACI-BRKACI-3004presentationUploaded.pdf
LeeHiu1
 
PPTX
2014/09/02 Cisco UCS HPC @ ANL
dgoodell
 
DOCX
Alexei_Plescan - updated
Alexei Plescan
 
PDF
CV_KAhmed
Kafeel Ahmed
 
PPTX
2017 - LISA - LinkedIn's Distributed Firewall (DFW)
Mike Svoboda
 
PPTX
Microsofts Configurable Cloud
Chris Genazzio
 
PDF
Building the SD-Branch using uCPE
Michelle Holley
 
Cisco EuroMPI'13 vendor session presentation
Jeff Squyres
 
IPv6 Security - Myths and Reality
Swiss IPv6 Council
 
CV Ritesh Dubai
Ritesh Pacheni
 
Oracle RAC features on Exadata
Anil Nair
 
20151207 - iot strategy
Jamie (Taka) Wang
 
MUTHUKUMAR Updated Resume
Muthu Kumar
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
Santhosh Kumar
 
BRKDCT-2445
Rohit Agarwalla
 
Netsft2017 day in_life_of_nfv
Intel
 
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PROIDEA
 
OpenStack Scale-out Networking Architecture
Randy Bias
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
LinuxCon ContainerCon CloudOpen China
 
18-20180514_SRv6_RIPE.pdf
YunLiu75
 
CiscoACI-BRKACI-3004presentationUploaded.pdf
LeeHiu1
 
2014/09/02 Cisco UCS HPC @ ANL
dgoodell
 
Alexei_Plescan - updated
Alexei Plescan
 
CV_KAhmed
Kafeel Ahmed
 
2017 - LISA - LinkedIn's Distributed Firewall (DFW)
Mike Svoboda
 
Microsofts Configurable Cloud
Chris Genazzio
 
Building the SD-Branch using uCPE
Michelle Holley
 
Ad

Recently uploaded (20)

PDF
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
PPTX
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
PDF
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
PPTX
innovation process that make everything different.pptx
SoumyadipPaul18
 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
PDF
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
PDF
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PDF
Introduction to the IoT system, how the IoT system works
TinBinh
 
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
innovation process that make everything different.pptx
SoumyadipPaul18
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
artificial intelligence overview of it and more
yafotin445
 
Introduction to the IoT system, how the IoT system works
TinBinh
 

IPv6 implementation for end users

  • 1. IPv6 Implementation for End Users (RA) On RouterOS Device
  • 2. About Me System Engineer Profile: keybase.io/dewangga [hokage@networksninja.net] 0xA028CD70
  • 3. Transition Problems • IPv6 subnetting ? • Hardware or firmware support ? • We are afraid to deploy new technology ? :-)
  • 4. Why IPv6? • IPv4 NAT issue on approximately thousand(s) device(s) connected at the same time -- no CGN :-) • Utilize bandwidth usage both IPv4 and IPv6 at the same time. • End-to-end encryption and low-risk man-in-the-middle attack(s)
  • 5. Limitations • Deployment using RouterOS (MikroTik) • SME (Small-Medium Enterprise) Infrastructure
  • 6. Net Diagram Branch A Router Branch B Router Branch A Clients Branch B Clients CORE Router CORE Switch2001:6400:dead:beef::/64 2001:6400:dead:beef::2/64 2001:6400:dead:beef::1/64 Branch A: 2001:6400:dead:b33f::/64 Branch B: 2001:6400:dead:b055::/64
  • 7. Configurations – Core Router [dewangga@core.networksninja.net] > /ipv6 addr add interface=ether2 address=2001:6400:dead:beef::/64 advertise=no [dewangga@core.networksninja.net] > /ipv6 rou add dst-address=2001:6400:dead:b33f::/64 gateway=2001:6400:dead:beef::1 check-gateway=ping add dst-address=2001:6400:dead:b055::/64 gateway=2001:6400:dead:beef::2 check-gateway=ping
  • 8. Configurations – Router Branch A [dewangga@a.networksninja.net] > /ipv6 addr add interface=ether1 address=2001:6400:dead:beef::1/64 advertise=no add interface=ether2 address=2001:6400:dead:b33f::/64 advertise=no [dewangga@a.networksninja.net] > /ipv6 rou add dst-address=::/0 gateway=fe80::e68d:8cff:fe3f:6732%ether1 check-gateway=ping
  • 9. Configurations – Router Branch B [dewangga@b.networksninja.net] > /ipv6 addr add interface=ether1 address=2001:6400:dead:beef::2/64 advertise=no add interface=ether2 address=2001:6400:dead:b055::/64 advertise=no [dewangga@b.networksninja.net] > /ipv6 rou add dst-address=::/0 gateway=fe80::e68d:8cff:fe3f:6732%ether1 check-gateway=ping
  • 10. Configurations – Router Advertisement (A & B) [dewangga@a.networksninja.net] > /ipv6 nd set [ find default=yes ] disabled=yes add advertise-mac-address=no interface=ether2 managed-address-configuration=yes mtu=1500 other-configuration=yes reachable-time=10s retransmit-interval=5s [dewangga@a.networksninja.net] > /ipv6 nd prefix add interface=ether2 prefix=2001:6400:dead:b33f::/64 [dewangga@a.networksninja.net] > /ipv6 nd prefix default set autonomous=no
  • 11. Clients Configuration • Just enable IPv6 Configuration on your operating system that support ipv6 RA (latest operating system are native IPv6 Support by default) • Client should be received IPv6 from RA (eg: 2001:6400:dead:b33f:5054:ff:fe3d:498f or 2001:6400:dead:b33f:f5a6:5d7b:6647:2bf5)
  • 13. Conclusion • Do NOT do any deployment if you aren't ready yet. Don't leave any vulnerable system exposed to the world wide. • By enabling IPv6 to end user(s), we are helping the operators to reduce usage of CGN and Router CPU Resource because of NAT. • Ensure the scalability, reachability and connectability for end user(s).