SlideShare a Scribd company logo

IPv6 on the Interop Network

Download as PPTX, PDF
Network Utility Force, profile picture
Network Utility Force

The document discusses IPv6 adoption on the InteropNET network, including transition strategies used like dual stacking, autoconfiguration so clients can obtain IPv6 addresses, DNS services load balanced across both IPv4 and IPv6, and wireless access points supporting both protocols, with the goal of making internal services fully available over both IPv4 and IPv6. Challenges included ensuring services published AAAA records and coordinated with vendors to support IPv6, and some monitoring of IPv6 attack traffic was also performed.

Technology
1 of 43
Downloaded 118 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
IPv6 on the INTEROPNET Interop, Wednesday, 9 May 2013 Brandon Ross, Routing Team Lead Chief Network Architect, Network Utility Force http://www.netuf.net/ Jeff Enters, Chief Infrastructure Architect, HP http://www.hp.com/services
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
RFC 6540 • Are you aware of this requirement? • Are your nodes IPv6 capable?
IPv6 Support Required for All IP- Capable Nodes – RFC 6540 • “Given the global lack of available IPv4 space, and limitations in IPv4 extension and transition technologies, this document advises that IPv6 support is no longer considered optional.” • “IPv6 support must be equivalent or better in quality and functionality when compared to IPv4 support in a new or updated IP implementation.”
Background • IPv4 depletion is already occurring • IPv6 adoption is accelerating • Most network hardware supports IPv6 • For the most part, dual stack Just Works http://www.potaroo.net/tools IPv4 Free Pool Depletion http://www.ipv6actnow.org/info/statistics/#alloc IPv6 Routing Table Growth
US Feds Lesson Learned The US federal government had a mandate for all public facing web services to support IPv6 by September 30, 2012. 287 of 1494 sites had IPv6 web support by the deadline. Today 961 of 1355 sites support IPv6. That’s over 70%. Not 100%, but far ahead of most other large organizations.Source: http://usgv6-deploymon.antd.nist.gov//
Europe out of Free Pool • Asia (APNIC) effectively ran out of free addresses in April, 2011 • Europe (RIPE) is also out of addresses as of September 14th, 2012 • ARIN predicted to run out of free space in April, 2014 (Geoff Huston, http://www.potaroo.net/tools/ipv4/index.ht ml)
Goals • Network must be fully dual stack (IPv4+IPv6) • All IPv4 services should be reachable over IPv6 • Connections to IPv6-enabled websites should use IPv6 by default • Nothing should break 
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
Building on IPv4, IPv6 addresses contemporary networking needs IPv6 Advantages Overview Features IPv4 IPv6 Address length 32 bits 128 bits NAT Often necessary Not necessary Header size Variable length, 20 bytes + many options Fixed-length, 40 bytes + extension headers Configuration Manual, DHCPv4 Manual, stateless automatic, stateful automatic (DHCPv6) Types of addresses Broadcast, multicast, unicast Multicast, unicast, anycast Addresses per-interface Single Multiple Neighbor discovery, router discovery, Address resolution, NUD, redirects, etc. A variety of separate protocols Neighbor Discovery Protocol (built in) IPsec Optional Integrated QoS Some Better
Unlock the potential of IPv6 IPv6 Operational Advantages • Robust, Effective, Efficient. Unlimited Address space. Extensibility. Optimized for next generation networks. • End to End Services and applications. • Enable Service Automation. • Better Support for QoS. • Enhanced Mobility. • Policy driven operations. • Free manpower from ordinary tasks. • Rapid deployment. • Much more than just a larger addressing space
IPv6 Features useful in Internet facing devices Internet Presence Transition Dual Stack IPv4 and IPv6 – on all publically available servers Translation NAT64 Connectivity Make sure your mBGP is able to advertise and receive both IPv4 and IPv6 Internet route updates Understand how DNS server, OS, and application will interact. Make sure DNS server can store AAAA (IPv6 Address) records. Ensure records can be retrieved over both IPv4 and IPv6 transport. Enable Load balancer for both IPv4 and IPv6 traffic Security Deploy IPv6 Firewall and IDS/IPS IPsec – Now integrated into the IPv6 protocol, but not widely deployed VPN – IPv6 VPN is very similar to IPv4 VPN
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 IPv6 Network Architecture Options Address Allocation choice • Provider Independent versus Provider Aggragatable address allocation scheme Addressing Mechanisms choice • Manual, Stateless autoconfiguration and/or Stateful autoconfiguration Transition Mechanisms choice • Dual Stack to allow coexistence of both IPv6 and IPv4 on the same infrastructure And/or Tunneling and/or Translation IPv6 Internet presence only • BUT do not stop there! Having a longer term plan for full end-to-end IPv6 enablement is the recommended approach Security Concerns • Similar to IPv4 + new IPv6 specific security concerns and need to include access media security Remember IPv6 is almost certainly already in your internal network, just unmonitored!
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 Transition Strategies Three main methods Dual Stack • Provides complete support for IPv4 and IPv6 protocols Tunneling • Encapsulates IPv6 packets in IPv4 headers (and in later IPv4 packets in IPv6 headers) • Requires dual-stack devices at either end of the connection Translation • Translates IPv6 addresses and into IPv4 addresses Campus LAN Wireless LAN Core / DC Remote offices and branches IPv4 Internet WAN IPv6 Internet Example Today State Disconnected from IPv6 Internet
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Simple and widely used. Recommended Strategy Transition Strategies Explained
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Tunneling 6-in-4 or 4-in-6 • One transport protocol is encapsulated as the payload of the other (and vice versa). • + Connect Islands of IPv6 or IPv4 + Compatible across incompatible networks + Recommended for site-to-site • - Security issues with tunneled protocols - Trough FW (FW can’t inspect payload) - Reduced performance - Complicated network management and troubleshooting Simple and widely used. Recommended Strategy Simple and widely used Transition Strategies Explained
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Tunneling 6-in-4 or 4-in-6 • One transport protocol is encapsulated as the payload of the other (and vice versa). • + Connect Islands of IPv6 or IPv4 + Compatible across incompatible networks + Recommended for site-to-site • - Security issues with tunneled protocols - Trough FW (FW can’t inspect payload) - Reduced performance - Complicated network management and troubleshooting Translation Between IPv4 and IPv6 (NAT64/DNS64) • Translates IPv6 names & addresses into IPv4 names & addresses (and vice versa). • + Enables IPv6-only host to communicate with IPv4-only hosts (and vice versa), + No modification to IPv4 or IPv6 end nodes, only at boundary routers • - Application incompatibilities (e.g. VoIP), need for ALG, and has all NAT drawbacks - Increased complexity in network topology - Reduced Performance (dep. on HW) - Complicated troubleshooting Simple and widely used. Recommended Strategy Simple and widely used If you must! Transition Strategies Explained
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
Connectivity and Routing
Autoconfiguration • All client-facing networks use SLAAC to allow clients to auto-assign themselves an IPv6 address and default gateway on the correct subnet – Supported by all IPv6-capable devices Auto-assigned IPv6 address Default Gateway (Link-local from RA)
DNS • All DNS services are provided by DynDNS and load-balanced by F5 • Using anycast to direct traffic to it’s nearest DNS server, either show floor or Denver
InteropNET NOC Services • Goal was to provide all internal services over IPv6 as well as IPv4 • This required coordination with vendors to enable IPv6, make sure services were bound to their IPv6 ports, and publish AAAA records • Most (but not all) services ended up reachable over IPv6
Wireless • InteropNET wireless is provided by Xirrus • Purpose-built VLANs are shared across all APs and all are dual-stack
IPAM
IPv6 Attack Traffic Src. Port Dst. Addr. Dst. Port Seg. Port In 50854 2607:f8b0:4001:c02::bd 443 3 56597 2607:f8b0:400f:800::100a 443 3 56593 2607:f8b0:400f:800::1005 443 3 56598 2607:f8b0:400f:800::1000 443 3 49336 2404:6800:4003:802::1001 443 3 53427 2607:f8b0:400f:800::1000 80 3 49875 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 51154 2607:f8b0:400f:800::100f 80 3 53425 2607:f8b0:400f:800::1006 80 3 49717 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 51654 2607:f8b0:400f:800::1003 443 3 49221 2607:f8b0:400f:801::1006 443 3 49233 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 53616 2a03:2880:10:6f01:face:b00c::5 80 3 63077 2607:f8b0:4001:c02::bd 443 3 53419 2607:f8b0:400f:800::1002 80 3 58448 2607:f8b0:400f:800::1005 443 3 53416 2607:f8b0:400f:801::100e 80 3 60311 2607:f8b0:400f:800::100c 80 3 62773 2607:f8b0:4001:c02::bd 443 3 50390 2607:f8b0:400f:800::1003 443 3 53406 2607:f8b0:400f:800::1009 80 3 62751 2607:f8b0:4001:c02::bd 443 3 62320 2607:f8b0:4001:c02::bd 443 3 62059 2607:f8b0:400f:800::1006 443 3 50117 2001:4860:4007:801::1007 443 3 51679 2607:f8b0:400f:801::100f 443 3
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Results and Statistics • Conclusions
State of Assignments • All of the registries, for the most part, assign initial blocks for  Service provider /32  Enterprise /48
What makes up a good addressing plan? • Depends on the type of network, the size of the network, and problem to be solved • Points to consider  Documentation  Ease of troubleshooting  Aggregation  Standards compliance  Growth  SLAAC  Existing IPv4 addressing plan  Human factors
Algorithmic Approach • Encode every IPv4 address in the network in an IPv6 address 10.10.10.10 (A0A0A0A) 2001:DB8:A0A:A0A::
Link Numbering Issues • OSPFv3 masks this problem, unlike in IPv4 • Separation of addressing from the link state database means that OSPFv3 neighbor relationships will establish, even on links with mismatched addressing and/or masks • Link-local based forwarding prevents address mismatches from being easily detected because traffic flows normally and traceroutes don’t appear too strange
Link Numbering Issues • To detect link numbering errors, look for “Uturn” routing: $ traceroute6 2620:144:B0C:: traceroute to 2620:144:B0C:: (2620:144:b0c::), 30 hops max, 80 byte packets 1 2620:144:8fc:: (2620:144:8fc::) 26.747 ms 26.730 ms 26.716 ms 2 2620:144:b0c::2 (2620:144:b0c::2) 29.137 ms 29.222 ms 29.264 ms 3 2620:144:8fc:: (2620:144:8fc::) 29.355 ms 29.335 ms 29.350 ms 4 2620:144:8fc:: (2620:144:8fc::) 29.438 ms !H 29.433 ms !H 29.413 ms !H Note hop 2 is the misnumbered address. This traceroute should have looked like this: $ traceroute6 2620:144:B0C:: traceroute to 2620:144:B0C:: (2620:144:b0c::), 30 hops max, 80 byte packets 1 2620:144:8fc:: (2620:144:8fc::) 32.473 ms 32.447 ms 32.427 ms
Link Numbering Issues
Link Numbering Issues • Should you number your links at all or just use link-local? • Loopback interfaces usually show up so you know which routers traffic is following, so why waste address space on links?
Link Numbering Issues • Using equal cost multipath? • $ traceroute6 2001:DB8::5:2 • traceroute to 2001:DB8::5:2 (2001:DB8::5:2), 30 hops max, 80 byte packets • 1 2001:DB8::6:1 (2001:DB8::6:1) 22.723 ms 26.730 ms 26.716 ms • 2 2001:DB8::1:1 (2001:DB8::1:1) 80.233 ms * ms 72.173 ms • 3 2001:DB8::5:2 (2001:DB8::5:2) * ms 99.223 ms 29.350 ms • Which link did it take?
Link Numbering Issues • Does your management system use link numbering for monitoring or circuit identification? • Are you really saving any significant addressing by not assigning addresses?
Link Numbering Issues • $ traceroute6 2001:DB8::5:2 • traceroute to 2001:DB8::5:2 (2001:DB8::5:2), 30 hops max, 80 byte packets • 1 2001:DB8::6:1 (2001:DB8::6:1) 22.723 ms 26.730 ms 26.716 ms • 2 2001:DB8::4 (2001:DB8::4) * ms 88.322 ms * ms • 3 2001:DB8::5:2 (2001:DB8::5:2) * ms 90.123 ms 100.110 ms • Better, now we know which link is having issues.
Standards Compliance Networks smaller than /64 can be desirable, especially using /127s for point to point links (RFC 6164) To avoid future breakage, allocate a /64 in your documentation but use the smaller block Similarly, reserve /48s for EVERYTHING you can, there’s no reason to allocate densely, there’s plenty of space If you have a complex network, allocate in a sparse way to enable easy aggregation
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
DUID • When a Windows machine is cloned, you can get two or more machines with the same DHCPv6 Unique IDentifier (DUID) • This DUID is used by the DHCPv6 server to identify the client, so when two clients with the same DUID request IPv6 addresses with DHCPv6, they will both be given the same address • When the second machine receives its address from the DHCPv6 server, it does IPv6 Duplicate Address Detection, determines there is an IP address conflict, and refuses the lease
Rogue RAs • When a client is configured to run 6to4 (an automatic tunneling protocol) and Internet Connection Sharing, it will advertise itself as an IPv6 router by sending out RAs on its wireless interface • Clients receiving such RAs will auto-assign themselves an address in the wrong subnet • Routers are generally configured with RA guard or equivalent on their wired ports • Unfortunately there is no way to block rogue RAs over wireless APs (and some wired switches)
Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
Conclusions • IPv6 works in the real world • There are challenges to implementing IPv6, but nothing show-stopping • Much of the Internet’s content is reachable over IPv6 (and growing fast) including all of Google, FaceBook and 3000 other sites • A much smaller percentage of Internet users have IPv6 connectivity (though this may change quickly with IPv4 depletion)
Learn More! • http://www.getipv6.info/ • http://tunnelbroker.net/ • http://www.sixxs.net/ • http://www.ipv6ready.org • https://www.arin.net/knowledge/ipv6_info_center.html • Contact us: – Brandon Ross, • Chief Network Architect and CEO • Network Utility Force • bross@netuf.net +1-404-635-6667 – Jeff Enters • Chief Infrastructure Architect • HP TS Networking • Jeff.enters@hp.com +1-414-412-3268

More Related Content

PDF
IPv6 Technical Overview: Address Architecture, DHCPv6 and DNS
Network Utility Force
 
PDF
IPv6 Transition Considerations for ISPs
Carlos Martinez Cagnazzo
 
PDF
The Case for IPv6: Paving the Way for the Internet of Things
Network Utility Force
 
PDF
IPv6 Security - Workshop mit Live Demo
Digicomp Academy AG
 
PDF
12.00 - Dr. Tim Chown - University of Southampton
IPv6 Summit 2010
 
PPTX
APNIC Update
APNIC
 
PDF
IPv6 address-planning
Tim Martin
 
PDF
OARC 26: Scoring the Root Server System
APNIC
 
IPv6 Technical Overview: Address Architecture, DHCPv6 and DNS
Network Utility Force
 
IPv6 Transition Considerations for ISPs
Carlos Martinez Cagnazzo
 
The Case for IPv6: Paving the Way for the Internet of Things
Network Utility Force
 
IPv6 Security - Workshop mit Live Demo
Digicomp Academy AG
 
12.00 - Dr. Tim Chown - University of Southampton
IPv6 Summit 2010
 
APNIC Update
APNIC
 
IPv6 address-planning
Tim Martin
 
OARC 26: Scoring the Root Server System
APNIC
 

What's hot (20)

PDF
VNIX-NOG 2021: IPv6 Deployment Update
APNIC
 
PDF
Tutorial: IPv6-only transition with demo
APNIC
 
PPTX
IPv6-strategic-planning-framework
Tim Martin
 
PDF
Introduction of ipv6
KaushikMajumder22
 
PPTX
CommunicAsia 2017: IPv6 deployment architecture for IoT
APNIC
 
PPTX
IPv6 translation methods
Ahmad Hijazi
 
PDF
Successfully Deploying IPv6
Zivaro Inc
 
PDF
Apache NiFi User Guide
Deon Huang
 
PDF
IPv6 Deployment Case on a Korean Governmental Website
APNIC
 
PDF
IPv6 in Mobile Networks
APNIC
 
PDF
IPv6 Enabled WiFi: Planning, Deployment and Best Practices
Network Utility Force
 
PDF
How LinkedIn used TCP Anycast to make the site faster
Shawn Zandi
 
PDF
Apache Nifi Crash Course
DataWorks Summit
 
PDF
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
DataWorks Summit
 
PPT
Simplified IPv6 Subnetting. Understanding What’s What.
SolarWinds
 
PPTX
6421 b Module-04
Bibekananada Jena
 
PPTX
APRICOT 2015 - NetConf for Peering Automation
Tom Paseka
 
PDF
PLNOG 8: Piotr Gierz - Protokół OpenFlow
PROIDEA
 
PDF
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
PROIDEA
 
PPTX
ARIN 36 IETF IPv6 Activities Report
ARIN
 
VNIX-NOG 2021: IPv6 Deployment Update
APNIC
 
Tutorial: IPv6-only transition with demo
APNIC
 
IPv6-strategic-planning-framework
Tim Martin
 
Introduction of ipv6
KaushikMajumder22
 
CommunicAsia 2017: IPv6 deployment architecture for IoT
APNIC
 
IPv6 translation methods
Ahmad Hijazi
 
Successfully Deploying IPv6
Zivaro Inc
 
Apache NiFi User Guide
Deon Huang
 
IPv6 Deployment Case on a Korean Governmental Website
APNIC
 
IPv6 in Mobile Networks
APNIC
 
IPv6 Enabled WiFi: Planning, Deployment and Best Practices
Network Utility Force
 
How LinkedIn used TCP Anycast to make the site faster
Shawn Zandi
 
Apache Nifi Crash Course
DataWorks Summit
 
The First Mile - Edge and IoT Data Collection With Apache Nifi and MiniFi
DataWorks Summit
 
Simplified IPv6 Subnetting. Understanding What’s What.
SolarWinds
 
6421 b Module-04
Bibekananada Jena
 
APRICOT 2015 - NetConf for Peering Automation
Tom Paseka
 
PLNOG 8: Piotr Gierz - Protokół OpenFlow
PROIDEA
 
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
PROIDEA
 
ARIN 36 IETF IPv6 Activities Report
ARIN
 
Ad

Similar to IPv6 on the Interop Network (20)

PPTX
Compatibility between IPv4 and IPv6
Zalak Patel
 
PDF
2012 11-09 facex - i pv6 transition planning-
Eduardo Coelho
 
PPTX
Microsoft Offical Course 20410C_08
gameaxt
 
PDF
A Survey On Next Generation Internet Protocol IPv6
Carrie Romero
 
PDF
Why We Need IPv6
Netwax Lab
 
PPTX
Ipv6
satish 486
 
PDF
IPv6 at LinkedIn
APNIC
 
PDF
Successfully Deploying IPv6
Zivaro Inc
 
PDF
Operational Issues inIPv6 --from vendors' point of view--
Shinsuke SUZUKI
 
PDF
TCP/IP Geeks Stockholm :: Introduction to IPv6
Olle E Johansson
 
PPTX
IPv6 Deployment, Lao ICT Expo 2016
APNIC
 
DOCX
I pv6
Udi Ghosh
 
PPT
IPv6 next generation protocol
Rupshanker Mishra
 
PPTX
Migration of corperate networks from ipv4 to ipv6 using dual stack
praveenReddy268
 
PDF
Implementation of “Traslator Strategy” For Migration of Ipv4 to Ipv6
IJERA Editor
 
PDF
A Scenario-Based Review Of IPv6 Transition Tools
Tye Rausch
 
PPT
Internet Protocol Version 6 By Suvo 2002
suvobgd
 
PPTX
ip v6 subnetting-Ip v6 subnetting and intro
lochanraj1
 
DOCX
RASHMI VT REPORT
Rashmi kumari
 
PDF
btNOG 4: IPv6 deployment - where are we now?
APNIC
 
Compatibility between IPv4 and IPv6
Zalak Patel
 
2012 11-09 facex - i pv6 transition planning-
Eduardo Coelho
 
Microsoft Offical Course 20410C_08
gameaxt
 
A Survey On Next Generation Internet Protocol IPv6
Carrie Romero
 
Why We Need IPv6
Netwax Lab
 
Ipv6
satish 486
 
IPv6 at LinkedIn
APNIC
 
Successfully Deploying IPv6
Zivaro Inc
 
Operational Issues inIPv6 --from vendors' point of view--
Shinsuke SUZUKI
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
Olle E Johansson
 
IPv6 Deployment, Lao ICT Expo 2016
APNIC
 
I pv6
Udi Ghosh
 
IPv6 next generation protocol
Rupshanker Mishra
 
Migration of corperate networks from ipv4 to ipv6 using dual stack
praveenReddy268
 
Implementation of “Traslator Strategy” For Migration of Ipv4 to Ipv6
IJERA Editor
 
A Scenario-Based Review Of IPv6 Transition Tools
Tye Rausch
 
Internet Protocol Version 6 By Suvo 2002
suvobgd
 
ip v6 subnetting-Ip v6 subnetting and intro
lochanraj1
 
RASHMI VT REPORT
Rashmi kumari
 
btNOG 4: IPv6 deployment - where are we now?
APNIC
 
Ad

More from Network Utility Force (9)

PDF
Outdoor Municipal WiFi Case Study
Network Utility Force
 
PPTX
How to Plan and Conduct IPv6 Field Trials
Network Utility Force
 
PDF
IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014
Network Utility Force
 
PPTX
Kinber ipv6-education-healthcare
Network Utility Force
 
PPTX
Introduction to Wide Area Network Routing
Network Utility Force
 
PPTX
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Network Utility Force
 
PPTX
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit
Network Utility Force
 
PDF
Network Utility Force IPv6 training brochure
Network Utility Force
 
PDF
IPv6 Implementation and Migration
Network Utility Force
 
Outdoor Municipal WiFi Case Study
Network Utility Force
 
How to Plan and Conduct IPv6 Field Trials
Network Utility Force
 
IPv6 Migration Infographic with IPv4 Exhaustion Timeline for 2014
Network Utility Force
 
Kinber ipv6-education-healthcare
Network Utility Force
 
Introduction to Wide Area Network Routing
Network Utility Force
 
Roadmap to Next Generation IP Networks: A Review of the Fundamentals
Network Utility Force
 
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit
Network Utility Force
 
Network Utility Force IPv6 training brochure
Network Utility Force
 
IPv6 Implementation and Migration
Network Utility Force
 

Recently uploaded (20)

PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Teaching material agriculture food technology
LiaRayya
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Cloud computing and distributed systems.
kkkkkhan
 
Approach and Philosophy of On baking technology
30anthuong17
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Encapsulation theory and applications.pdf
gurumoop
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 

IPv6 on the Interop Network

  • 1. IPv6 on the INTEROPNET Interop, Wednesday, 9 May 2013 Brandon Ross, Routing Team Lead Chief Network Architect, Network Utility Force http://www.netuf.net/ Jeff Enters, Chief Infrastructure Architect, HP http://www.hp.com/services
  • 2. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
  • 3. RFC 6540 • Are you aware of this requirement? • Are your nodes IPv6 capable?
  • 4. IPv6 Support Required for All IP- Capable Nodes – RFC 6540 • “Given the global lack of available IPv4 space, and limitations in IPv4 extension and transition technologies, this document advises that IPv6 support is no longer considered optional.” • “IPv6 support must be equivalent or better in quality and functionality when compared to IPv4 support in a new or updated IP implementation.”
  • 5. Background • IPv4 depletion is already occurring • IPv6 adoption is accelerating • Most network hardware supports IPv6 • For the most part, dual stack Just Works http://www.potaroo.net/tools IPv4 Free Pool Depletion http://www.ipv6actnow.org/info/statistics/#alloc IPv6 Routing Table Growth
  • 6. US Feds Lesson Learned The US federal government had a mandate for all public facing web services to support IPv6 by September 30, 2012. 287 of 1494 sites had IPv6 web support by the deadline. Today 961 of 1355 sites support IPv6. That’s over 70%. Not 100%, but far ahead of most other large organizations.Source: http://usgv6-deploymon.antd.nist.gov//
  • 7. Europe out of Free Pool • Asia (APNIC) effectively ran out of free addresses in April, 2011 • Europe (RIPE) is also out of addresses as of September 14th, 2012 • ARIN predicted to run out of free space in April, 2014 (Geoff Huston, http://www.potaroo.net/tools/ipv4/index.ht ml)
  • 8. Goals • Network must be fully dual stack (IPv4+IPv6) • All IPv4 services should be reachable over IPv6 • Connections to IPv6-enabled websites should use IPv6 by default • Nothing should break 
  • 9. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
  • 10. Building on IPv4, IPv6 addresses contemporary networking needs IPv6 Advantages Overview Features IPv4 IPv6 Address length 32 bits 128 bits NAT Often necessary Not necessary Header size Variable length, 20 bytes + many options Fixed-length, 40 bytes + extension headers Configuration Manual, DHCPv4 Manual, stateless automatic, stateful automatic (DHCPv6) Types of addresses Broadcast, multicast, unicast Multicast, unicast, anycast Addresses per-interface Single Multiple Neighbor discovery, router discovery, Address resolution, NUD, redirects, etc. A variety of separate protocols Neighbor Discovery Protocol (built in) IPsec Optional Integrated QoS Some Better
  • 11. Unlock the potential of IPv6 IPv6 Operational Advantages • Robust, Effective, Efficient. Unlimited Address space. Extensibility. Optimized for next generation networks. • End to End Services and applications. • Enable Service Automation. • Better Support for QoS. • Enhanced Mobility. • Policy driven operations. • Free manpower from ordinary tasks. • Rapid deployment. • Much more than just a larger addressing space
  • 12. IPv6 Features useful in Internet facing devices Internet Presence Transition Dual Stack IPv4 and IPv6 – on all publically available servers Translation NAT64 Connectivity Make sure your mBGP is able to advertise and receive both IPv4 and IPv6 Internet route updates Understand how DNS server, OS, and application will interact. Make sure DNS server can store AAAA (IPv6 Address) records. Ensure records can be retrieved over both IPv4 and IPv6 transport. Enable Load balancer for both IPv4 and IPv6 traffic Security Deploy IPv6 Firewall and IDS/IPS IPsec – Now integrated into the IPv6 protocol, but not widely deployed VPN – IPv6 VPN is very similar to IPv4 VPN
  • 13. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 IPv6 Network Architecture Options Address Allocation choice • Provider Independent versus Provider Aggragatable address allocation scheme Addressing Mechanisms choice • Manual, Stateless autoconfiguration and/or Stateful autoconfiguration Transition Mechanisms choice • Dual Stack to allow coexistence of both IPv6 and IPv4 on the same infrastructure And/or Tunneling and/or Translation IPv6 Internet presence only • BUT do not stop there! Having a longer term plan for full end-to-end IPv6 enablement is the recommended approach Security Concerns • Similar to IPv4 + new IPv6 specific security concerns and need to include access media security Remember IPv6 is almost certainly already in your internal network, just unmonitored!
  • 14. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 Transition Strategies Three main methods Dual Stack • Provides complete support for IPv4 and IPv6 protocols Tunneling • Encapsulates IPv6 packets in IPv4 headers (and in later IPv4 packets in IPv6 headers) • Requires dual-stack devices at either end of the connection Translation • Translates IPv6 addresses and into IPv4 addresses Campus LAN Wireless LAN Core / DC Remote offices and branches IPv4 Internet WAN IPv6 Internet Example Today State Disconnected from IPv6 Internet
  • 15. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Simple and widely used. Recommended Strategy Transition Strategies Explained
  • 16. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Tunneling 6-in-4 or 4-in-6 • One transport protocol is encapsulated as the payload of the other (and vice versa). • + Connect Islands of IPv6 or IPv4 + Compatible across incompatible networks + Recommended for site-to-site • - Security issues with tunneled protocols - Trough FW (FW can’t inspect payload) - Reduced performance - Complicated network management and troubleshooting Simple and widely used. Recommended Strategy Simple and widely used Transition Strategies Explained
  • 17. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 Dual Stack Use IPv4 or IPv6 • IPv4 and IPv6 protocol stacks implemented on the same device. • + Most simple and recommended approach, network is the same + Applications can select which network protocol to be used • - IPv4-only cannot communicate with IPv6-only - Need to maintain 2 routing tables, 2 firewall rule sets, 2 network management configurations etc.. - Network applications must distinguish between IPv6 and IPv4 peers Tunneling 6-in-4 or 4-in-6 • One transport protocol is encapsulated as the payload of the other (and vice versa). • + Connect Islands of IPv6 or IPv4 + Compatible across incompatible networks + Recommended for site-to-site • - Security issues with tunneled protocols - Trough FW (FW can’t inspect payload) - Reduced performance - Complicated network management and troubleshooting Translation Between IPv4 and IPv6 (NAT64/DNS64) • Translates IPv6 names & addresses into IPv4 names & addresses (and vice versa). • + Enables IPv6-only host to communicate with IPv4-only hosts (and vice versa), + No modification to IPv4 or IPv6 end nodes, only at boundary routers • - Application incompatibilities (e.g. VoIP), need for ALG, and has all NAT drawbacks - Increased complexity in network topology - Reduced Performance (dep. on HW) - Complicated troubleshooting Simple and widely used. Recommended Strategy Simple and widely used If you must! Transition Strategies Explained
  • 18. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
  • 20. Autoconfiguration • All client-facing networks use SLAAC to allow clients to auto-assign themselves an IPv6 address and default gateway on the correct subnet – Supported by all IPv6-capable devices Auto-assigned IPv6 address Default Gateway (Link-local from RA)
  • 21. DNS • All DNS services are provided by DynDNS and load-balanced by F5 • Using anycast to direct traffic to it’s nearest DNS server, either show floor or Denver
  • 22. InteropNET NOC Services • Goal was to provide all internal services over IPv6 as well as IPv4 • This required coordination with vendors to enable IPv6, make sure services were bound to their IPv6 ports, and publish AAAA records • Most (but not all) services ended up reachable over IPv6
  • 23. Wireless • InteropNET wireless is provided by Xirrus • Purpose-built VLANs are shared across all APs and all are dual-stack
  • 24. IPAM
  • 25. IPv6 Attack Traffic Src. Port Dst. Addr. Dst. Port Seg. Port In 50854 2607:f8b0:4001:c02::bd 443 3 56597 2607:f8b0:400f:800::100a 443 3 56593 2607:f8b0:400f:800::1005 443 3 56598 2607:f8b0:400f:800::1000 443 3 49336 2404:6800:4003:802::1001 443 3 53427 2607:f8b0:400f:800::1000 80 3 49875 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 51154 2607:f8b0:400f:800::100f 80 3 53425 2607:f8b0:400f:800::1006 80 3 49717 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 51654 2607:f8b0:400f:800::1003 443 3 49221 2607:f8b0:400f:801::1006 443 3 49233 2607:fae0:1:1:426c:8fff:fe59:5172 22 3 53616 2a03:2880:10:6f01:face:b00c::5 80 3 63077 2607:f8b0:4001:c02::bd 443 3 53419 2607:f8b0:400f:800::1002 80 3 58448 2607:f8b0:400f:800::1005 443 3 53416 2607:f8b0:400f:801::100e 80 3 60311 2607:f8b0:400f:800::100c 80 3 62773 2607:f8b0:4001:c02::bd 443 3 50390 2607:f8b0:400f:800::1003 443 3 53406 2607:f8b0:400f:800::1009 80 3 62751 2607:f8b0:4001:c02::bd 443 3 62320 2607:f8b0:4001:c02::bd 443 3 62059 2607:f8b0:400f:800::1006 443 3 50117 2001:4860:4007:801::1007 443 3 51679 2607:f8b0:400f:801::100f 443 3
  • 26. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Results and Statistics • Conclusions
  • 27. State of Assignments • All of the registries, for the most part, assign initial blocks for  Service provider /32  Enterprise /48
  • 28. What makes up a good addressing plan? • Depends on the type of network, the size of the network, and problem to be solved • Points to consider  Documentation  Ease of troubleshooting  Aggregation  Standards compliance  Growth  SLAAC  Existing IPv4 addressing plan  Human factors
  • 29. Algorithmic Approach • Encode every IPv4 address in the network in an IPv6 address 10.10.10.10 (A0A0A0A) 2001:DB8:A0A:A0A::
  • 30. Link Numbering Issues • OSPFv3 masks this problem, unlike in IPv4 • Separation of addressing from the link state database means that OSPFv3 neighbor relationships will establish, even on links with mismatched addressing and/or masks • Link-local based forwarding prevents address mismatches from being easily detected because traffic flows normally and traceroutes don’t appear too strange
  • 31. Link Numbering Issues • To detect link numbering errors, look for “Uturn” routing: $ traceroute6 2620:144:B0C:: traceroute to 2620:144:B0C:: (2620:144:b0c::), 30 hops max, 80 byte packets 1 2620:144:8fc:: (2620:144:8fc::) 26.747 ms 26.730 ms 26.716 ms 2 2620:144:b0c::2 (2620:144:b0c::2) 29.137 ms 29.222 ms 29.264 ms 3 2620:144:8fc:: (2620:144:8fc::) 29.355 ms 29.335 ms 29.350 ms 4 2620:144:8fc:: (2620:144:8fc::) 29.438 ms !H 29.433 ms !H 29.413 ms !H Note hop 2 is the misnumbered address. This traceroute should have looked like this: $ traceroute6 2620:144:B0C:: traceroute to 2620:144:B0C:: (2620:144:b0c::), 30 hops max, 80 byte packets 1 2620:144:8fc:: (2620:144:8fc::) 32.473 ms 32.447 ms 32.427 ms
  • 33. Link Numbering Issues • Should you number your links at all or just use link-local? • Loopback interfaces usually show up so you know which routers traffic is following, so why waste address space on links?
  • 34. Link Numbering Issues • Using equal cost multipath? • $ traceroute6 2001:DB8::5:2 • traceroute to 2001:DB8::5:2 (2001:DB8::5:2), 30 hops max, 80 byte packets • 1 2001:DB8::6:1 (2001:DB8::6:1) 22.723 ms 26.730 ms 26.716 ms • 2 2001:DB8::1:1 (2001:DB8::1:1) 80.233 ms * ms 72.173 ms • 3 2001:DB8::5:2 (2001:DB8::5:2) * ms 99.223 ms 29.350 ms • Which link did it take?
  • 35. Link Numbering Issues • Does your management system use link numbering for monitoring or circuit identification? • Are you really saving any significant addressing by not assigning addresses?
  • 36. Link Numbering Issues • $ traceroute6 2001:DB8::5:2 • traceroute to 2001:DB8::5:2 (2001:DB8::5:2), 30 hops max, 80 byte packets • 1 2001:DB8::6:1 (2001:DB8::6:1) 22.723 ms 26.730 ms 26.716 ms • 2 2001:DB8::4 (2001:DB8::4) * ms 88.322 ms * ms • 3 2001:DB8::5:2 (2001:DB8::5:2) * ms 90.123 ms 100.110 ms • Better, now we know which link is having issues.
  • 37. Standards Compliance Networks smaller than /64 can be desirable, especially using /127s for point to point links (RFC 6164) To avoid future breakage, allocate a /64 in your documentation but use the smaller block Similarly, reserve /48s for EVERYTHING you can, there’s no reason to allocate densely, there’s plenty of space If you have a complex network, allocate in a sparse way to enable easy aggregation
  • 38. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
  • 39. DUID • When a Windows machine is cloned, you can get two or more machines with the same DHCPv6 Unique IDentifier (DUID) • This DUID is used by the DHCPv6 server to identify the client, so when two clients with the same DUID request IPv6 addresses with DHCPv6, they will both be given the same address • When the second machine receives its address from the DHCPv6 server, it does IPv6 Duplicate Address Detection, determines there is an IP address conflict, and refuses the lease
  • 40. Rogue RAs • When a client is configured to run 6to4 (an automatic tunneling protocol) and Internet Connection Sharing, it will advertise itself as an IPv6 router by sending out RAs on its wireless interface • Clients receiving such RAs will auto-assign themselves an address in the wrong subnet • Routers are generally configured with RA guard or equivalent on their wired ports • Unfortunately there is no way to block rogue RAs over wireless APs (and some wired switches)
  • 41. Agenda • Background and Goals • IPv6 Basics • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Conclusions
  • 42. Conclusions • IPv6 works in the real world • There are challenges to implementing IPv6, but nothing show-stopping • Much of the Internet’s content is reachable over IPv6 (and growing fast) including all of Google, FaceBook and 3000 other sites • A much smaller percentage of Internet users have IPv6 connectivity (though this may change quickly with IPv4 depletion)
  • 43. Learn More! • http://www.getipv6.info/ • http://tunnelbroker.net/ • http://www.sixxs.net/ • http://www.ipv6ready.org • https://www.arin.net/knowledge/ipv6_info_center.html • Contact us: – Brandon Ross, • Chief Network Architect and CEO • Network Utility Force • bross@netuf.net +1-404-635-6667 – Jeff Enters • Chief Infrastructure Architect • HP TS Networking • Jeff.enters@hp.com +1-414-412-3268

Editor's Notes

  • #14:  IPv6 Network Architecture OptionsWhen moving from an IPv4 to IPv6 environment there are several key choices to be made.Do you have Internet access from multiple providers?How to autoconfigure your end hosts?Which transition Mechanisms will you use? Tunneling, Dual Stack, Translation. Which we will cover later on in this webinarEveryone should already be reachable on the IPv6 Internet, but this is not enough, dont stop here.As Yanick already covered IPv6 is already on your internal network and has similar vulnrabilities as IPv4 that need to be addressed.
  • #15: Let’s us now talk about the different transition mechanisms we have at our disposal to address the transition to IPv6. The industry knew from the start that IPv6 was not backward compatible with IPv4, they had to provide some transition tools.There are 3 methodsThe first one is Dual Stack – that is the ability for hosts or routers to support both IPv4 and IPv6The second one is Tunneling – a method using encapsulation of IPv6 inside and IPv4 packet to cross an existing IPv4 network.And the third one Translation – the more complex way to actually translate an IPv6 packet into an IPv4 packet, or vice-versaWe will analyze all these techniques in more detail in the next slide
  • #16: Because IPv6 is not backwards compatible with IPv4, IPv4 hosts and IPv6 hosts cannot communicate directly.With dual stack, a host has both an IPv4 and an IPv6 stack. Applications can use either stack to communicate. Usually there is a default stack for each application or for the system. If the network is unable to establish the connection after a certain time, the network will try the other stack. Trying both IP version in parallel is recommended since trying both protocols in sequence will delay deployment.While dual-stack devices offer the greatest flexibility, the following is also true:An IPv4 address (public or private) must be available for every dual-stack device.Dual-stack routers must maintain two routing tables. Dual-stack nodes require additional memory and CPU power. Each network requires its own routing protocol.Firewalls must be configured with security rules appropriate to each.A DNS resolver capable of resolving both IPv4 and IPv6 addresses is required.All applications must be able to determine whether communication is with an IPv4 or IPv6 peer.Separate network management commands are required.Still, Dual Stack is the recommended transition tools for all networks, as it allows to migrate at the user’s own pace.
  • #17: The concept of tunneling is simple and has been used for a long time.The IPv6 packet is encapsulated in an IPv4 packet. This can happen automatically, or manually. This can happen at the host or a gateway router.When using a gateway router, which is common for Enterprises, IPv6 hosts do not require any changes. The gateway routers will take care of the encapsulation over IPv4 and maintain connectivity point. They also maintain a list of the gateway routers that are closest to IPv6 hosts. It is also possible to create the tunnel at the host itself. This distributes the load over many hosts. This method is prevalent for home connections. One well known method is ISATAP and supported by Microsoft.ISATAP has been proposed by Microsoft. It is not a real IETF standard (Info only) and require specialized protocol to replace ND. It has problems to scale, but because of Microsoft is a major player. The main advantage of IPv6 tunneling over IPv4 is the fact that it allows deploying IPv6 in your network even if the Carrier infrastructure does not support IPv6 yet. In the same way, if you can support full IPv6 in the infrastructure, you can tunnel IPv4 over IPv6.There are many drawbacks though. As the encapsulation is performed in the slow path, there is a performance and latency impact. In addition the IPv4 header increases the packet size and may require fragmentation and multi packet transmissions. Tunneling can be more vulnerable to security attacks. The tunneling masks the real origin of the packets and make debugging and network management.
  • #18: Even with tunneling or dual stack, the fact remains that IPv4 host can only talk to IPv4 servers. Translation is the last mechanism in our tools box. But it is not simple that simple, as addresses appear in all level of the OSI hierarchy, even possibly in the packet data itself. All the drawbacks of NAT exists with this solution. We already covered NAT in depth and will not restate it here.This mechanism should remain a last resort.