IPV6 – STATE OF AFFAIRS
IPv6 adoption has been slow in the corporate world. Despite global IPv6 traffic increasing with 500% since the World IPv6 Launch on 6 June 2012 , the percentage of users accessing Google over IPv6 has not yet reached 18%. Other major website owners and internet providers report similar numbers.
The slow global adoption of IPv6 is largely due to every IPv6 setup being dual stack, supporting both IP4 and IPv6. Migration from IPv4 to IPv6 therefore does not mean replacing IPv4 with IPv6 but, instead, enabling IPv6 in addition to IPv4. This configuration allows network administrators to start benefiting from IPv6 while still running IPv4. It also means that until that time in the future where everyone is on IPv6, everyone will still need to have IPv4.
One of the challenges involved for the network administrator in migrating to IPv6 is quantifying the effort and costs of IPv6 migration, as well as planning how to approach the task. Migration to IPv6 is not simple and requires a solid and transparent process. However, with proper IP Address Management (IPAM) tools, and information on the existing IPv4 infrastructure, the effort becomes manageable.
This white paper shows how the IPAM features in Micetro by Men&Mice can be used to implement a holistic approach to IPv6 migration, making the process more transparent for network managers, as well as providing a critical tool to aid in the transition process.
KNOWING THE NETWORK
In order to start the planning process, network managers need to know the number and types of devices on their networks. They need to know the number of IPv4 addresses in use, as well as which devices are, and which are not, IPv6 compatible. In many organizations, this information is kept in separate data formats in different applications (spreadsheets, databases, inventory anagement systems). As a result, these disparate systems are not sufficient to give the network managers an overview of the ‘IPv6 readiness’ of their network.
Micetro’s strong and consistent IP Address Management system supports both IPv4 and IPv6 networks. In addition to the network topology and the individual IP Addresses, any amount of property fields (e.g. metadata or custom fields) can be collected, stored and displayed, along with networks and IP Addresses. Property fields can be linked with external data sources (like databases or inventory systems) to merge important data into one, unified view of the network.
PREPARING FOR IPV6
Micetro's IPAM features are used to obtain an overview of the existing IPv4 network. The system automatically shows all IP addresses it can find in DNS zones (A and AAAA records) and DHCP scopes.
Statically managed IP addresses can be imported from external data sources - such as databases or spreadsheets - and the network discovery feature of the IPAM Module finds IP addresses that are in use, but not documented anywhere, either by reading ARP data from routers or using ping.
When planning a migration to IPv6, you need to know the state of each network segment with regard to IPv6 compliance. For that purpose, it is recommended the user create a “property field” (e.g. metadata or custom fields) in Micetro called, “IPv6 Test Status” for both IP ranges (network segments) and devices (IP addresses). This field should be able to contain a value from a predefined list.
• IPv6 test pending: The device or network has not been tested for IPv6 compliance so far. This should be the default value for this field. • Not IPv6 compliant: The device/network is not IPv6 compliant - devices need to be replaced with new equipment. In modern networks, this condition should be rare. • Partly IPv6 compliant: The device/network is not IPv6 compliant, but can be made compliant with an upgrade of hardware or software. • Fully IPv6 compliant: The device/network is fully IPv6 compliant, but not configured for IPv6. • Ready for IPv6 migration: The device/network is fully IPv6 compliant and fully configured for an IPv6 migration.
DIVIDE AND CONQUER
Micetro by Men&Mice has a finely grained, role-based access control system. Fully integrated with Microsoft Active Directory, Micetro allows you to manage groups through AD, while granting access rights and building up roles and responsibilities through the UI. Specific users and groups on specific networks will only see the objects to which he or she has access. Write access can be restricted to the properties of a network or device.
Advanced tracking and logging and clearly defined role-based access allow the manager of an IPv6 migration project to delegate the task of IPv6 compliance checking to local network administrators, while maintaining executive control.
With delegated responsibilities, local administrators can check their network equipment and devices, and update the IPv6 status fields in Micetro accordingly. Each network manager can work asynchronously on the task, making the overall process of migration much more efficient.
PROPAGATING THE RESULTS
Using the Workflow feature of Micetro, an extension is called each time the “IPv6 Status” property value of an IP range or device changes. The extension compares the status of this field for all devices in a range and all IP ranges on a given network. The “IPv6 Status” value of an IP range changes according to the corresponding value for its devices. Changes propagate up the hierarchy in Micetro.
The status of the compliance testing efforts can be seen in the Men & Mice user interfaces.
Similar to the field “IPv6 Test Status”, another property field for IP ranges and devices is created, called “IPv6 Migration Status”. Possible values are:
• Migration pending • Partially migrated (only for IP ranges, not for devices) • Fully IPv6-enabled
Networks can be migrated individually. Migration here does not mean replacing IPv4 with IPv6, but rather enabling IPv6 in addition to IPv4. IPv6 will, in most cases, be enabled in the network backbone. From there it can expand outward to perimeter networks.
It is also possible to enable IPv6 on the perimeter and tunnel the IPv6 traffic over IPv4 networks using transition technologies such as ISATAP, 6to4, or Teredo.
Similar to the testing phase, the migration efforts can be performed asynchronously, leaving the local administrators to control the speed of the migration, while still allowing for a global overview of the migration progress.
The extension used with the Workflow Extension feature keeps track of the values in the property field, “IPv6 Migration Status,” and propagates the status up the hierarchical tree of the network.
IPV6 FUTURE READY?
Cisco Analytics predict that networked devices will number 27.1 billion in 2021, up from 17.2 billion in 2016. This means that where today, on average, there is one IT person per 200 devices, in 2020 there will be one IT person per 1 million devices.
On top of the growth in networked devices, the overall increase in IP traffic is set to triple, with mobile data traffic proportionately increasing sevenfold from 2016 to 2021.
The world officially ran out of the 4.3 billion available IP4 addresses in February 2011. A combination of internet cleanups, reorganization and IPv4 recycling has prevented the adoption of IPv6 from becoming an immediate crisis. Yet, as the internet further penetrates underdeveloped markets, the predicted, unprecedented increases in global IP traffic and networked devices are set to cause a renewed thrust towards IPv6.
In the meantime, the practical impact of adopting IPv6 with IPv4 still in use means that organizations not only have to contend with a gigantic increase in devices, IP addresses and end users, but also have to maintain dual-stack IPv4 and IPv6 deployments simultaneously – at least until that indeterminate time in the future when an IPv6-only world will make IPv4 obsolete.
The move to IPv6 is accelerating the speed of technological disruption, adding to the rapidly increasing complexity of network management. At the same time, network availability has become a dominant force in determining business growth and profitability. The key to keeping up with this elevated momentum of disruptive change is to ensure teams have the tools needed to maintain system adaptability at every level of network management, starting from the network backbone up.
MICETRO BY MEN&MICE
Men&Mice designs and builds software to manage, monitor and control the critical infrastructure of large, and growing, networks. Micetro, our flagship product, builds a sophisticated layer of non-intrusive, non-disruptive bridges on top of a company’s DNS and DHCP network infrastructure, consolidating DNS and DHCP functionality and the management of the IP address database in one, feature-rich, unified interface.
Tried and tested through decades of expert deployment, Micetro’s unique, back-end agnostic, overlay architecture is used to run some of the world’s largest corporate networks, and is currently the only DNS, DHCP and IP Address Management solution capable of granting seamless control and administration of Windows, Unix/Linux, Cisco and cloud operating platforms under a single pane of glass.