Ittechtips.com’s Blog

Hi,

On the behalf of Ittechtips.com, I’m proud to introduce the Cisco IPv6 Video Accelerated Training Course.

This newly constructed course is simply “the Ultimate source of knowledge” for  understanding and mastering the Cisco IPv6 Network Design and Implementation techniques. It contains over 3,000 videos; and each video is no longer than 3 minutes and packed with extremely useful information, these videos will teach you everything that is currently possible related to designing, building, deploying Cisco IPv6 Networks.

I’m also proud to introduce the IPv6 Video Lab Workbook

It contains over 40 Labs that are designed; to help you “quickly” understand the Cisco IOS Commands and Modes, that are currently being used to configure and implement the most common types of IPv6 networks. To learn more about these two amazing products click here: www.ciscoipv6ittechtips.com

A new study by MI2G Global Risk Specialists points out highly integrated the world economy has become with the Internet. This underlies highlights the importance of the IPv6 Internet upgrades we have been working on  are to ensure operational continuity of the Internet after IPv4 address exhaustion. Internet addressing, scaling, and operations directly impacts the global economy and will cause a major economic problem if we begin to lose the ability to communicate effectively.  This study estimates that: 

“Over 1% damage to GDP of a developed country such as Switzerland for every one week of Internet blackout is a reflection of how reliant modern business and society have become on Internet technologies. It is very interesting for us to observe that ETH has independently arrived at a similar approach to ourselves in developing economic damage models for large scale Internet attacks,” said, DK Matai, Executive Chairman, MI2G. “We are pleased to announce our intention to collaborate with Swiss Federal Institute of Technology Zürich (ETH) to develop more refined economic damage models for Internet attacks and their lingering commercial fallout in the years ahead.” 

Looking at this data and US GDP data we can see that the US produces 1.9%  of GDP per week so a 1% loss would be over 1/2 of production that week – about 250 Billion a week in lost productivity. Our economy is increasing tied to eCommerce, unified communications, and netcentric business systems - making Internet continuity a business continuity issue. That’s why total global value of eCommerce is one of the trends I track on “IPv6 Trends and Adoption Timelines“

In a commercial sample scenario presented by ETH, when an Internet Service Provider with an annual revenue of CHF 2.81 billion is hit by 24 hours of Internet outage, the total economic loss is projected to be CHF 32.99 million or 1.2% of annual revenue. The breakdown is as follows:

1. Downtime Loss = Degraded Productivity + Loss of Revenue = CHF 292,000
2. Disaster Recovery = CHF 5.2 million
3. Liability = CHF 15 million
4. Customer Loss = CHF 12.5 million

The top Internet leadership has been warning us that  IPv6 Transition is an  Issue of Business Continuity: 

“The technical stuff for IPv6 is done. IPv6 is ready. This is a business issue in the internet service industry. The ISP community round the world needs to pay attention… They are persisting in the ‘nobody is asking for this’ mentality.  They are not valuing business continuity as they should.  When they finally wake up, there is going to be a mad scramble for IPv6 and they won’t implement it properly”.   - Vinton Cerf, September 30, 2008 interview with “The Times Online”. 

In case you don’t know who Vinton “Vint” Cerf is, or if he is a reliable source, he’s the American computer scientist who is the “person most often called the father of the Internet.” His contributions have been recognized repeatedly, with honorary degrees and awards that include the National Medal of Technology, the Turing Award, and the Presidential Medal of Freedom. Vint is considered the leading candidate for the new Federal CTO position under the Obama administration. 

What are other top leaders in the Internet community saying?

• “In order to sustain the impressive speed of Internet innovation and ensure a healthy Internet economy for the future, we recommend that content providers make their services available over IPv6,” - Axel Pawlik, Managing Director RIPE NCC. 
• “.. With only 19% of IPv4 address space remaining, ARIN is now compelled to advise the Internet community that migration to IPv6 is necessary for any applications that require ongoing availability of contiguous IP number resources.” –ARIN Board 2007
• “If deployment <of IPv6> is delayed, the future growth and global connectivity of the Internet will be negatively impacted.” –Internet Society (ISOC) FAQ on IPv4/v6

Now, if a failure to migrate to IPv6 in time creates a major operational problem for the Internet that will impact the nation’s economic future, is IPv6 transition, as John Curran, ARIN Chairman and COO of ServerVault has warned the US Defense and Intel community, a “national security issue”?   If so, we better have a timeline and a plan together for transition…

Original article was written by Mr. Dave Green of Command Information and can be found here http://www.commandinformation.com/blog/?p=86

Google has taken the advice of the Internet Engineering Task Force (IETF) engineers, American Registry for Internet Numbering (ARIN) (John Curran and company), Google’s own famous “Internet Evangelist” Vint Cerf,  and others that getting external facing servers working on IPv6 is a business continuity issue.There have been numerous warnings from the top experts in the Internet community about the consequences of Internet growth and the need to switch to IPv6:

• “In order to sustain the impressive speed of Internet innovation and ensure a healthy Internet economy for the future, we recommend that content providers make their services available over IPv6,” - Axel Pawlik, Managing Director RIPE NCC. 
• “.. With only 19% of IPv4 address space remaining, ARIN is now compelled to advise the Internet community that migration to IPv6 is necessary for any applications that require ongoing availability of contiguous IP number resources.” –ARIN Board 2007
• “If deployment <of IPv6> is delayed, the future growth and global connectivity of the Internet will be negatively impacted.” –Internet Society (ISOC) FAQ on IPv4/v6
• “.. in 2011, IPv6 must be in use by public-facing servers” –John Curran, ARIN Chairman, COO ServerVault  
•  “.. the Internet has been evolving, and IPv6 is the next major revolution that has to happen soon. ” –Vint Cerf, Internet Pioneer

John Curran, ARIN Chairman and COO of ServerVault, at a meeting of US Defense and Intel Internet engineers, went further to suggest that IPv6 transition is beyond an eBusiness continuity issue:

“<IPv6 transition> is a national economic policy issue and will be a national security policy issue within two years” 

As you can see in this picture, Google has been running their IPv6 service as a separate part of the Google space, and we connect across native IPv6 connections from the desktops in our Command Information network. (2610:F8::/32 is our address)  

However, more interesting than their IPv6-access site, is that they have installed an “invisible widget” on regular IPv4 Google to test IPv6 connectivity readiness of a portion of their users trying to connect to their production Google search portal. The widget directs a background process to exchange data with ipv4.ipv6-exp.l.google.com or dualstack.ipv6-exp.l.google.com to gather data on IPv6 connectivity. Lorenzo Colitti of Google revealed the experiment and the statistics they have been gathering at the European Internet Protocol Registry (RIPE) meeting at the end of October. Our enineers Joe Klein, TJ Evans, and others have analyzed their data and found a few interesting facts:

 
•  Less that 1% of Google users today have useful IPv6 connectivity (and prefer IPv6)
• 0.09% of IPv6 users have broken connectivity - most likely they don’t have both IPv6 connections and a AAAA capable DNS server serving IPv6 records. We can fix that with proper DNS implementations and IPv6 connection engineering
• All users with MS Vista, Apple Mac OSX Leopard, Windows Mobile smartphones, and modern Unix/Linux OSs have native IPv6-capable systems with IPv6 turned on - unless they have purposely disabled it. What’s holding them back is the lack of ‘last mile’ support infrastructure, and with IPv6 tunneling in these OS’s thats mostly a lack of IPv6 DNS implementation.
•  At least a million distinct IPv6 hosts out there have accessed Google during the test period
• The country with the most IPv6-ready users is Russia is the most IPv6-connected country -  the U.S. is #5 behind France, Ukraine, and Norway
• The most common connection type is 6to4 tunnels - which implies that sucessful IPv6 users are not behind NAT gateways and have native IPv4 connections that can run 6to4
• Apple has the most IPv6 connected computers - Joe commented that that’s probably the combination of Apple PCs with Apple Airport Extreme home network gateways - which support IPv6

 

 

 

The full report is available here: www.ripe.net/ripe/meetings/ripe-56/presentations/Colitti-IPv6_at_Google.pdf

The takeaway from all of this? Google has taken the plunge and is well positioned for the 2012 number crunch pain by already having external IPv6 connectivity on their WWW and DNS servers. Organizations sucessfully running external IPv6 servers are the IETF, ARIN, RIPE, IPv6 Forum, ICANN, Command Information. and many more. It seems that the major IPv6 transition advocates are heeding their own advice and sucessfully “eating their own dogfood” to show that IPv6 transition is not as difficult as many believe.

In closing, here are a few interesting snapshots of the Google data:

 Original article was written by Mr. Dave Green of Command Information and can be found here http://www.commandinformation.com/blog/?p=85

What are the trends pressuring us into IPv6 adoption, making it a business continuity issue for continued Internet operations and growth? We have been tracking several trends  like IPv4 address depletion which are well known, while others may be less obvious. Here are several of the major trends:

• -IPv4 Address block depletion
• -Growth of the routing tables in the Internet core
• -The growth of the number of Internet subnets
• -The growth of IPv6 Internet subnets
• -The growth of the ‘Internet of Things’ - thin devices, sensors, etc. communicating to each other on the Internet
• -The growth of eCommerce and its impact to the worldwide economy

An overlay of these trends show that there will be an increasing gap beginning in approximately 2011 where there will be more “operational pain” as the current IPv4 Internet will have major scaling problems, causing operational issues until IPv6 catches up everywhere in approximately 2015.

For years, there have been many warnings from the top experts in the Internet community about these trends:

• “In order to sustain the impressive speed of Internet innovation and ensure a healthy Internet economy for the future, we recommend that content providers make their services available over IPv6,” - Axel Pawlik, Managing Director RIPE NCC. 
• “.. With only 19% of IPv4 address space remaining, ARIN is now compelled to advise the Internet community that migration to IPv6 is necessary for any applications that require ongoing availability of contiguous IP number resources.” –ARIN Board 2007
• “If deployment <of IPv6> is delayed, the future growth and global connectivity of the Internet will be negatively impacted.” –Internet Society (ISOC) FAQ on IPv4/v6
• “.. in 2011, IPv6 must be in use by public-facing servers” –John Curran, ARIN Chairman, COO ServerVault  
•  “.. the Internet has been evolving, and IPv6 is the next major revolution that has to happen soon. ” –Vint Cerf, Internet Pioneer

What is a simple enterprise network upgrade plan, to truly “Operationalize IPv6”, that will stay just ahead of these trends in a cost effective way? Here’s Command Information’s suggested timeline:

2008-2009:

o   Change your procurement to require IPv6-capable applications, IT infrastructure, and IT service – and actually test for conformance! This step allows you to use regular tech refresh to really get IPv6-optimized IT components in place by 2012, and pushes your vendors to actually build them!

o   Train your IT staff on IPv6 security and network operations, and ensure your support contractors are experts in IPv6

o   Create your IPv6 transition plan – and be sure to address security compliance and IPv6 in strategic IT technology implementation

By 2010:

o   Get your external facing servers and application (web portals, e-mail, DNS, etc…) working on production-grade IPv6 connections

o   Get your IPv6 security/IA plan in place and activated. IPv6 may already be running in your enterprise and IPv6 tunneling bypasses most current firewalls and IA infrastructure.

2010 - 2011

o   Pilot IPv6 ISP connections in to your enterprise – after your v6 security infrastructure  is in place and tested!

o   Pilot native IPv6 connections to users on your operational network

o   Pilot IPv6 user and desktop applications via new common desktop and server builds.

o   “Operationalize” IPv6 throughout your enterprise, slice by slice, to ensure that all applications, IT systems, and software within your enterprise are running IPv6 NLT Q4  2011

Original article was written by Mr. Dave Green of Command Information and can be found here http://www.commandinformation.com/blog/?p=80

Domain Name System (DNS) is perhaps the most critical application running on the Internet since most every other applications utilizes it to look up IP addresses associated with domain names. The recent US Federal Government OMB M-08-23 memorandum “Securing the Federal Government’s Domain Name System Infrastructure“ mandates US Government Agencies to upgrade their DNS servers for DNS Security (DNSSec) cryptographic authentication and data integrity services by December 2009.

This update will be combined with a requirement to serve IPv6 AAAA records, and the combination of the two cause DNS performance to drop to about 33% of current levels - maybe worse if you have an older server. DNSSEC will require both servers and resolvers/validators to do more work, but the projected impact depends on where the particular component is in relation to the DNS.  Authoritative servers do not, for the most part, generate signatures during runtime, but will be constructing larger replies to queries (especially negative replies). To mitigate this risk, Federal agencies should add more DNS server capability, increase the network bandwidth assigned to service DNS servers, and seek out DNS server implementations with increased memory, processor speed, and optimized architecture for serving these new requirements. More information on DNSSec impact is available from:

Command Information is currently evaluating DNS servers for optimization with IPv6 AAAA records and DNSSec. Currently the following vendors are undergoing evaluation by our CommandReady team:

• Exploring the Overhead of DNSSEC” (PDF file)  
• NIST DNS Security Site
• RFC 4641 DNSSec Operational Procedures

• Infoblox DNSOne

• InfoWeapons SolidDNS

 Vendors of other products should add their product name to this blog and contact us if they need product development or validation services.

Original article was written by Mr. Dave Green of Command Information and can be found here http://www.commandinformation.com/blog/?p=76

How does “supply chain optimization” equate to “green technology”, and how is IPv6 involved? Supply chain optimization solutions help automate supply chains operations, making them more efficient, eliminating unnecessary waste, warehouse surplus storage costs, and shipping cost, and as an additional benefit - more energy efficient and environmentally friendly operations. There are several ways to apply information technology to cutting costs and greening the supply chain. These include optimizing the physical supply chain process, eliminating unneeded storage/warehousing, pinpointing shipping to reduce transportation costs, and lowering energy usage in the manufacturing process. Most manufacturing companies can deploy sensors, process automation controllers, transportation automation systems, and asset tracking solutions to substantially reduce energy cost and pollution in production, transportation, and inventory storage costs in supply channels.   Supply chain monitoring can be combined with modeling and simulation to help factor in the cost and benefits of alternative transportation methods, fuel costs, and carbon-trading decisions. Think Netcentric automation, controllers, sensors, and decision systems and you start to understand the power of connecting everything across the emerging “IPv6 Internet of things.”  IPv6, on top of a few key technologies like M2MXML, web-services (SOAP+XML), SOA, and Zeroconfiguration services discovery, is what we call the 6SenseIT^TM framework for creating netcentric system of applications, sensors, asset tracking, and system controllers involved in green supply chain.  

Need an example of how to apply green supply chain? Here’s a few:

· By monitoring point of sales, trending sales with location based information, and optimizing for just-in-time production and pinpointed shipping, most supply chains can lower the cost and green impact of getting products to the points of consumption while improving delivery times and customer service.

·Wal-Mart is utilizing sensors and IT tools to measure the amount of energy used to create products throughout its supply chain, including the procurement, manufacturing, and distribution process to make its entire supply chain more energy efficient.

· SC Johnson’s transportation-logistics optimization project led to eliminating 2000 trucks and reducing 168,000 gallons of fuel consumed annually by sub-optimal product transportation.

Supply chain optimization doesn’t just apply to the manufacturing and shipping industries, it is a useful tool for reducing cost and ‘greening’ operations in sectors such as government, military logistics, education and services delivery.

If you’re involved in network operations, architecture planning, or IPv6 address  management for a Federal agency this blog post covers an issue you should understand about IPv6 multi-homing. Many organizations depend upon multihomed Internet connectivity to support critical applications and pursue the “holy grail of “five 9s” or 99.999% uptime. One popular approach for adding fault tolerance and physical diversity to improve Internet connectivity is to connect to more than one Internet service provider (ISP), a technique called multi-homing. Multi-homing eliminates a single point of failure by providing two or more ISP connections to help ensure continuous connectivity. However, your multi-homing strategy and IPv6 addressing must be carefully planned to ensure that you actually improve connectivity for your company. We see many government agencies and commercial enterprises, who’s IT staff and consultants are not familiar with these subtleties, getting the wrong IPv6 allotments to support effective enterprise multi-homing, especially when the organization has multiple physical locations. I recently saw some US Federal agencies present their IPv6 migration strategy at the DGI “Realizing IPv6” Conference and I realized that their addressing and multi-homing strategies are probably not compatible and may cause future problems with the TIC Initiative. I’ve asked TJ Evans,  one of our top consultants on addressing and routing, to comment on the problem:

———–

TJ Evans comments:

• Many agencies are getting a /32, “ISP-sized allocation” which they can break into a huge number of internal subnets and , able to be advertised the aggregated address space out to multiple ISPs  from their
  Enterprise headquarters.
• However – if an enterprise has multiple locations – like mot geographically diverse agencies, a problem arises in that you cannot advertise less-than the whole /32 without possibly running afoul of the “forced aggregation” world of the we live in today in the Internet core. 
• This means that your traffic may get delivered to SiteB when it is really destined for SiteA, and it is up to you to establish your own Intranet  routing backbone between the sites to shuttle this traffic to the correct site
• As we have learned from our own transition and multi-site multihoming strategy – we would have been better off with a large provider-independent IPv6 allocation of something like a /44 than our original ISP-sized /32
  •  /32 = no way to break this up between multiple sites
  •  /44 = 4 bits of “subnetting”, yielding multiple /48s for up to 16 regional offices

————
If you get a /48 Provider Independent (PI) address assignment, you can be facing the same problem. Like many of the IPv6 best practices, we’re actively developing these techniques as we go, since Command Information has done actual Enterprise IPv6 rollouts for ourselves,  commercial enterprise & ISP clients, and government agencies. We often know of these emerging  issues long before you may see it documented into industry best practice guidance.

So – what do you do to address this issue if you  need to modify your address allocation? Our best advice is to engage consultants, whoever you can find, that have actual operational and hands-on experience with designing and operating IPv6 enterprise and carrier networks. It’s cheaper in the long run to engage someone who can share the answers in the back of the book to architect your next-generation IT solutions and train your in-house staff/contractors . . . or open the book at page one and start reading….. 

With the thousands of IPv6 controlled lights dimming over the 2008 Olympics, the long march on the road to IPv6 continues as the Olympic IPv6 Workout enters history. The early objective of full commercial deployment for 2008 proved elusive and more realistic goals were set and met with success. Not wasting any time, the starting shot toward commercial deployment followed on the heels of the closing ceremony with the august 25th NDRC announcement urging the vigorous promotion of a commercial trial, increasing the number of IPv6 trial users to 500,000 by 2010 and to start mass production of IPv6 equipment. A logical next phase, indeed, as the IPv6 only CNGI has a 40 city coverage and massive bandwidth, but is still underutilized, while the old commercial IPv4 internet is sometimes bursting at the seams. Even in China it takes time to see the ISP’s seriously start the transition on their commercial networks.

Exactly five years ago, in august 2003, NDRC launched the bidding process for CNGI which was deployed a year later and included all major carriers and CERnet, China’s Education and Research Network. It would be prudent to assume that the new objective of 500,000 trial users by 2010 will be achieved; after all, with 210 million internet users, China pole vaulted past the USA, not to mention that China also holds the number one title in mobile with 560 million subscribers.

Does this mean that the USA is hopelessly behind in IPv6 deployment as has been so often postulated? Not so sure. Prodded more than a little bit by the DoD and DoC mandates and even more so by the 20 billion dollar of Networx contracts, all major ISP’s in the USA have announced full commercial support of IPv6 by 2009-2010. The well publicised Comcast cable network IPv6 deployment, the Bechtel corporate IPv6 initiative or the Archrock sensor network products extend the effort beyond the traditional ISP environment and into the whole ecosystem.

Japan who is the undisputed leader in domestic commercial IPv6 deployment and IPv6 enabled end devices, has not yet started a real effort to translate this early advantage into successful export product lines. There is also still a chance that Europe will surprise everybody as they now offer a most competitive telecom market place. A total outsider could even surprise everybody.

The IPv6 finish line could be reached in another four years in London, let the Games continue.