Department of Defense
High Performance Computing Modernization Program

This article focuses on policies and practices recommended for use by network administrators and managers. The focus of this article differs from the focus of the Best Practices article in the Security section. That article focuses on tools and techniques that can be used to detect, prevent, or monitor attempts to use networks in unauthorized ways.

When changing a network management infrastructure, there are no easy or quick solutions. While IPv6 network security has been the subject of numerous Internet Engineering Task Force (IETF) Request For Comments (RFC) documents, including:

  • IETF RFC 4942, IPv6 Transition/Coexistence Security Considerations,
  • IETF RFC 7381 Enterprise IPv6 Deployment Guidelines, and
  • IETF RFC draft-ietf-opssec-v6-17 Operational Security Considerations for IPv6 Networks,

this observation in RFC 4942 by the IETF Network Working Group is also valid for IPv6 network management:

It is important to understand that deployments are unlikely to be replacing IPv4 with IPv6 (in the short term), but rather will be adding IPv6 to be operated in parallel with IPv4 over a considerable period, so that security issues with transition mechanisms and dual stack networks will be of ongoing concern. This extended transition and coexistence period stems primarily from the scale of the current IPv4 network. It is unreasonable to expect that the many millions of IPv4 nodes will be converted overnight. It is more likely that it will take two or three capital equipment replacement cycles (between nine and 15 years) for IPv6 capabilities to spread through the network, and many services will remain available over IPv4 only for a significant period whilst others will be offered either just on IPv6 or on both protocols.

What follows are some broad general recommendations and then some specific examples, recommendations, and product information for IPv6 network management.

Some broad general recommendations for IPv6 network management are:

IPv4-based network management systems (NMS) and fault tracing tools must undergo significant change to properly manage IPv6 networks. These would include both equipment and component managers as well as managers of managers (MoM) systems. Service order and network provisioning systems (NPS) are used in the configuration (provisioning), rollout and turn-up of equipment and services in the network. Network management systems, which are integrated with NPSs, then manage the operation and reconfiguration of the systems in the production environment.

Network Management considerations include:

  • No dependencies on IPv4 transport or services but can utilize either transport protocol
  • Ability to utilize IPv6 neighbor discovery, ND cache or SNMP MIBS, or other methods to perform network mapping if allowed within security policies
  • Upgraded for the latest IPv6 and dual-stacked Management Information Bases (MIBs)
  • Database and/or storage structures upgraded for IPv6 and dual stack mode
  • GUI and documentation upgraded for IPv6 and dual stack.

Replacing a non-conforming NMS is much more difficult than replacing other hardware or software as it tightly integrates with device software and hardware ports. Testing of all types and configuration of devices should be completed prior to system cutover and turn-up.

Some specific examples, recommendations, and product information for IPv6 network management are provided by these tutorials, papers, and presentations:

  1. This comprehensive IPv6 Network Management tutorial presented at the Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT) covers both the concepts and practices of network management and network monitoring for IPv6 networks. It includes extensive examples of specific software use and reference bibliographies.
  2. This IPv6 Network Management overview presented by the European 6Deploy project covers concepts and practices of network management, plus some tools developed by the earlier 6NET and 6DISS projects. (The European 6NET project completed Jun 2005, followed by the 6DISS project which completed Sept 2007; followed by 6DEPLOY and 6DEPLOY-2 (www.6deploy.eu) which completed Feb 2013. A more recent European IPv6 project was Governments Enabled with IPv6 (GEN6) which completed May 2015. Deliverables and Presentations under the Publications tab of the GEN6 website provide additional material. The current European IPv6 project is IPv6 Framework for European Governments.)
  3. Some IPv6 network management techniques and tools are described in the article IPv6 Network Management by Scott Hogg.
  4. An extensive list of Network Monitoring Tools (over 500 listings) is maintained by the Stanford Linear Accelerator Center (SLAC) National Accelerator Laboratory. Not all these tools specifically state support for IPv6.
  5. Using the framework of the International Standards Organization (ISO) Fault, Configuration, Accounting, Performance, Security (FCAPS) model for network management, this NetworkWorld article informally discusses software for IPv6 network management.
  6. Although written for the home network, the recommendations contained in Best Practices for Keeping Your Home Network Secure also apply when administering user systems in the workplace.
  7. This Cisco Systems, Inc. white paper offers recommendations for non-IP specific network management, while this white paper offers recommendations for enabling network management via IPv6 transport on an infrastructure that was previously IPv4-only.
  8. This Federal IPv6 Techtorial presentation hosted by BrightTALK provides a snapshot of network management products and best practices as of May, 2012.
  9. This IPv6 Deployment In Local Area Networks by Samenwerkende Universitaire Reken Faciliteiten Network (SURFNet), April, 2011, provides IPv6 configuration management guidance from the network level down to the individual device level.
  10. This Wikipedia article lists and compares the features of many NMS.
  11. Published in 2002, the then European 6NET project, later called 6DISS, 6DEPLOY, 6DEPLOY-2, and then GEN6 (see item 2 above), published this IPv6 Network Management Cookbook. Its recommendations are still valid for any IPv6 network management infrastructure. 

Top