MFNERC Needs IPv6

Theo Baschak

Infrastructure Group

Overview

  • The Internet is Critical to MFNERC daily operations.
  • The Looming Problem: IPv4 Exhaustion
  • Implications of IPv4 Exhaustion to MFNERC
  • IPv6: The solution
  • Risks Involved
  • What will deploying IPv6 cost?
  • Conclusion and Call for Action

Internet Criticality

  • MFNERC is a Service Provider:
    • School Information System
    • Wapaskwa Virtual Collegiate
    • MFNEDU.org school email
    • Video Conferencing services
  • Internet issues and outages now affect many internal and external staff, and students.
  • E-mail communications also very important to the organization.
    • Example: Spam blacklisting noticed immmediately.

IPv4 Exhaustion

  • IPv4 Exhaustion has been a topic for many years.
    • Already a reality in Europe and Asian IP networks.
    • ARIN hit 1x aggregate /8 left April 23.
    • ARIN was at 2x /8 when we started BGP process in Sept 2013.
  • There will be a point very soon when no more IPv4 addresses are available.
    • Expected to be 2014 or 2015.
  • IPv6 Planned, Tested, and Ready to roll much better place to be than caught with pants down
    • Big Bang implementations risky and costly

Org IP Needs

  • MFNERC has 1x /24 allocated to it from ARIN.
    • 256 IP addresses (minus subnetting overhead)
  • Currently using roughly 40 IP Addresses between Shaw, Commstream, and our BGP.
  • More IP Addresses will be needed for VC Units, and other new MFNERC Services.
    • These all require Public IPs.

Solution: IPv6

  • Base IPv6 specs defined in 1998, 15+ years ago now.
  • Much larger address space:
    • IP version 4:
      • 32 bits
      • ex: 206.220.195.237
      • Smallest ARIN allocation: /24
      • LAN Subnet Size: /24
    • IP version 6:
      • 128 bits
      • ex: 2604:4280:d00d:202:8d45:516d:c5e0:ec67
      • Smallest ARIN allocation: /48
      • Enough for 65536 /64 Networks
      • LAN Subnet Size: /64

Risks

  • Risks of Inaction:
    • Inability to connect to new IPv6 subscribers (students) and content
    • Optics: Falling behind the curve
    • Increased MFNERC network complexity with more NAT
  • Risks of Action:
    • New unknown security risks with new unknown transport protocol
    • Introducing new protocol to network
    • v4/v6 feature parity not entirely there, some things won’t be possible at this time

Deployment Costs

  • Switches: IPv6 ready
  • BGP Routers: IPv6 ready
  • Firewalls: Cisco ASA: IPv6 ready, Watchguard: IPv6 ready
  • OSs:
    • Windows 2008 R2: IPv6 ready
    • Windows 2012: IPv6 ready
    • Windows 7 SP1: IPv6 ready
    • Windows 8: IPv6 ready
    • Win XP: Being phased out rapidly within MFNERC already
  • PBX: NOT IPv6 ready
  • Phones: NOT IPv6 ready
  • Address Space: $500 one time to ARIN, $100/yr to maintain

Conclusion

  • I strongly encourage MFNERC to pursue IPv6 in 2014.

  • Presentation source/download available at github