Methods and Tools for Managing IPv6 Networks

1
Methods and Tools for Managing IPv6 Networks
2
Management in IPv6

• Necessary element to achieve the smooth
  transition to the new protocol
• Functionality and Quality are required to be of
  the same level as for IPv4 Networks
• Correct network planning shows the functional
  network areas and the user groups (with their
  needs!) for each one of them
• Management Areas
• Monitoring day to day operations of the network
• Gathering data that will support improvement and
  evolution services
• There are no final solutions for all areas of
  IPv6 management
• Some of the protocols are still under development
• Some necessary tools are still missing

IPv6 Management
2/15
3
IPv6 Deployment Suggestions

• Phase 1
• Network Design
• Define Wide and Local network segments
• Define special areas (due to requirements and
  operations) - VLANs, DMZs etc.
• Define management entities and their areas of
  responsibility
• Network management information flow
• Security requirements
• For users and applications
• For the network itself (protection of the
  management information, protection of network
  devices, security of management procedures)
• Plan the steps to transition to the new protocol.
  Examine the possibility of deploying transition
  mechanisms (for communications between IPv6 areas
  within an IPv4 network and vise-versa)

3/15
4
IPv6 Deployment Suggestions (2)

• Phase 2
• Implementation of a mixed IPv4/IPv6 environment
• Gradual transition of non-critical systems to
  IPv6
• Allows the evaluation of the operation and
  stability of the network devices and non-critical
  systems under IPv6
• Develops the transition procedures
• Disseminates the usages of transition mechanisms
  (tunnels, gateways, etc.) for communications
  between exclusive IPv6 areas
• Phase 3
• Transition of all systems to IPv6
• Exclusive usage of IPv6 in the network
• Maintaining transition mechanisms for legacy
  systems and contacts with IPv4 networks

4/15
5
Management Protocol Standardization

• Main suppliers of networking equipment support
  usage of SNMP over IPv6 and offer agents
• However, management of devices using IPv4
  communications still possible thanks to dual
  stack support
• On general-usage agents there is full SNMP-IPv6
  support on net-snmp that implements the new MIBs
• Small number of applications offering SNMP-IPv6
  support. Openview and CiscoWorks gradually offer
  IPv6 support at the MIB level, but in most cases
  access is over IPv4
• Mew textual conventions support both IPv4 and
  IPv6 for IP representation on the MIBs
• RFC 3291
• Within 2004 the process of unifying IP, TCP and
  UDP tables in both environments has reached
  proposed standard stage

5/15
6
Management Protocol Standardization (2)

• Other management protocols have achieved varying
  level of transition to IPv6
• RADIUS has been standardized in IPv6 (RFC 3162)
  but has shown that it cannot be used in large
  scale networks. Therefore IETF has defined a
  replacement protocol, DIAMETER. Currently there
  is no implementation of Radius over IPv6
• DIAMETER is define in RFC 3588 and has been
  implemented
• COPS and WBEM (Web-Based Enterprise Manager) have
  adapted their data models and the policies to
  support the new protocol and large scale
  deployments. However, curently there are no
  available implementations
• Kerberos V has partially been implemented over
  IPv6

6/15
7
Management Protocol Standardization (3)

• Ciscos Netflow supports IPv6 flow data only in
  version 9
• Supported by IOS 12.3T
• Netflow data collectors are available from Cisco
  and academic sourses

7/15
8
Transition Mechanisms

• They allow the (temporary) coexistence of IPv4
  and IPv6 areas
• Implementations are tunnel-deployment mechanisms
  through network areas not supporting the required
  protocol version. The data packets are
  encapsulated within tunnel packets.
• Additionally, Translation mechanisms between the
  two protocol versions
• Most common mechanisms 6to4, Intra-Site
  Automatic Tunnel Addressing Protocol (ISATAP),
  Dual-stack Transition Mechanism (DSTM)
• They are a special case for IPv6 management
• The require careful planning for
• Their points of deployment in the network
• Access control and user usage policies
• Operation Policies, especially on the issue of
  relaying internal or external traffic through
  6to4 (6to4 relays)

8/15
9
Transition Mechanisms (2)

• There are gaps in the capability to manage them
• They comprise possible security weaknesses
• Its possible to create recourse usage problems
• Their management requirements and procedures are
  not completely clear, yet. However, they use
  encapsulation mechanisms, which are well
  understood in IPv4
• Alternatively they can be basically controlled
  (e.g. accepting their traffic or not) by existing
  security mechanisms (e.g. Firewalls)

9/15
10
Basic Management Tools

• Core Network Management
• ASPath Tree
• (http//carmen.ipv6.tilab.com/ipv6/tools/ASpath-tr
  ee/index.html)
• Looking Glass
• (http//netmon.grnet.gr/lgv6.shtml)
• IPFlow/Netflow
• (http//www.rrt.cr-picardie.fr/7Efillot/nf6/
• http//www.cisco.com/warp/public/732/Tech/nmp/netf
  low/index.shtml)
• Mping
• (http//mping.uninett.no/)
• RIPE Test Traffic (TT) Server with IPv6 Support
• (http//www.ripe.net/ttm/ttm-ipv6.html) NTUA
  tt42
• Cricket
• (http//cricket.sourceforge.net/)
• MRTG

10/15
11
Basic Management Tools

• Local Area Network Management
• Argus
• (http//argus.tcp4me.com/)
• Ethereal
• (http//www.ethereal.com/)
• Multicast Beacon
• (http//dast.nlanr.net/Projects/Beacon/)
• Iperf
• (http//dast.nlanr.net/Projects/Iperf/)
• ntop
• (http//www.ntop.org/)
• General Maagement
• Nagios
• (http//www.nagios.org/)
• RANCID
• (http//www.shrubbery.net/rancid/)

11/15
12
Recommendations on IPv6 management

• Architecture
• The suggested transition procedure can be
  followed when designing and deploying IPv6.
• Management Tools and Procedures Client Networks
• A single tools for network management and
  services monitoring (Argus, Nagios ? Ntop)
• Traffic monitoring tools (MRTG)
• End-to-end performance evaluation tools (Iperf)
• Capability for low level traffic analysis by
  packet capturing (Ethereal)
• Optionally, tools for configuration file
  management (RANCID)

12/15
13
Recommendations on IPv6 management (2)

• Core Networks
• Traffic monitoring (MRTG, Cricket, Nagios)
• Traffic capture and analysis (Netflow v9)
• Network equipment monitoring (Nagios)
• Routing management
• To acquire a picture of the routing policies and
  BGP route tree health (ASpath-tree)
• BGP parameters cannot me monitored by automated
  tools due to the unavailability of IPv6 BGP MIBs
  and appropriate clients to perform such requests

13/15
14
Useful material from the 6NET project

• Available at
• http//www.6net.org/publications/deliverables/
• Deliverables
• D6.3.3 Final Report on IPv6 Management and
  Monitoring Architecture Design, Tools and
  Operational Procedures - Recommendations
• D6.2.4 Final Report on IPv6 Management Tools,
  Developments and Tests
• Additionally
• D6.2.2 Operational Procedures for Secured
  Management with Transition Mechanisms
• D3.5.1 6NET Implementation of Security Plan
  (under development)

14/15
15
(No Transcript)