Scope of article
This article focuses on the physical and (on a software-defined network) virtual network nodes (like routers, switches, and gateways) that perform or enable the exchange of data between and among wide-area networks (WANs), rather than those network nodes that initiate data exchanges (like computers, smart phones, and sensors). This data exchange originally used Internet Protocol IPv4 and now uses either IPv6 or IPv4. It is also done using wireless broadband (sometimes referred to as fixed-wireless access).
IPv6 WAN Deployment
A network address plan is an essential element in any WAN deployment. See the IPv6 Address Plans article in the Network Management section for more information about IPv6 Address Plans.
Multiprotocol Label Switching (MPLS) is widely used to implement wide-area networks, and will continue to be widely used in the future despite rumors that Software-Defined Wide Area Networking (SD-WAN) is replacing MPLS.
This presentation considers a wide array of topics associated with deploying IPv6 on a WAN. It was presented at the 2013 Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT). This presentation describes some of the transit and peering issues involved in IPv6 enabling a backbone network. This presentation describes some of the solutions to problems that can arise when network nodes are attached to multiple networks simultaneously using provisioning domains (PvDs).
For additional information about IPv6 enabling a backbone network, this presentation entitled Deploying a Production IPv6 Network in 30 Minutes or Less (or its free) was presented at the 46th North American Network Operators’ Group (NANOG46). Since 1998 and continuing to the present, the NANOG has presented in-depth tutorials on a variety of IPv6 deployment topics and offers a wide range of other resources.
This dive into IPv6 implementation presentation may provide more than you wanted to know about IPv6 enabling your network. It was presented at the American Registry for Internet Numbers (ARIN) XXII meeting in 2009. Google maintains its own in-depth IPv6 Knowledge Base specific to IPv6 network design, configuration, and deployment.
Best Current Operational Practices (BCOP) are available for:
General peering and transit configurations
Public peering exchange point configurations
External and internal border gateway configurations.
(Note: A best practices document describes actions or practices that are known to produce good outcomes when followed.)
IPv6 Segment Routing (SR)
The Internet Engineering Task Force (IETF) Request for Comments (RFC) 8986 Segment Routing over IPv6 (SRv6) Network Programming provides an in-depth review of SR concepts. These presentations discuss SR over MPLS networks with IPv6 in a Cisco environment, this presentation discusses it in a Juniper environment, and this paper discusses it in a Linux environment. Information about IPv6 MPLS network deployments using:
6-Provider Edge (6PE) is in this presentation and this later presentation, and
Border Gateway Protocol-4 (BGP) along with RIPng, EIGRPv6, IS-ISv6, and OSPFv3
is in this presentation and this later presentation
while information about MPLS network deployments using:
a. SR and Traffic Engineering Extensions (TE) (SR-TE) is compared with the earlier
Label Distribution Protocol (LDP) and Resource Reservation Protocol with TE (RSVP-TE) side-by-side
approach in this article,
b. Loop Free Alternates (LFA), Remote LFA (RLFA), and their successor Topology-Independent LFA
(TI-LFA) that leverage SR are compared in this article,
c. Label-Switched Paths (LSP), RSVP-TE, and SR protocols are compared in this article, and
d. Several additional network deployment options discussed on the Juniper Networks Routing forum.
Finally, check the Before you Begin article in the Deployment section of the IPv6 Knowledge Base for material from 5G Americas, Alliance for Telecommunications Industry Solutions (ATIS), and Cisco.
Introduction
This two part article focuses on network management procedures and practices recommended for use by IPv6 network administrators and security managers:
Part 1: IPv6 Network Management Recommendations, and
Part 2: Changing Perspectives on the Transition to IPv6.
(Note: A best practices document describes actions or practices that are known to produce good outcomes when followed.)
When changing the management infrastructure of any network that currently supports Internet Protocol version 4 (IPv4)-only to either:
(1) dual-stack (IPv4 and IPv6 are both supported),
(2) IPv6-only-preferred (existing IPv4-only and dual-stack nodes on a local area network both continue to be supported but all new and updated nodes on the network will be IPv6-only, sometimes referred to as IPv6-mostly access), or
(3) IPv6-only,
there are no easy or quick solutions. The books on network management listed in part 3 of the IPv6 Training Information document referenced in the IPv6 Training and Learning article under the Deployment section provide additional information.
Network management and network security in both environments have been the subject of numerous Internet Engineering Task Force (IETF) Request For Comments (RFC) documents, including:
- RFC 4057 IPv6 Enterprise Network Scenarios,
- RFC 4942 IPv6 Transition/Coexistence Security Considerations,
- RFC 6418 Multiple Interfaces and Provisioning Domains Problem Statement,
- RFC 6632 An Overview of the IETF Network Management Standards,
- IETF draft document Monitoring Dual Stack/IPv6-only Networks and Services,
- RFC 7368 IPv6 Home Networking Architecture Principles,
- RFC 7381 Enterprise IPv6 Deployment Guidelines,
- RFC 7556 Multiple Provisioning Domain Architecture,
- RFC 8043 Source-Address-Dependent Routing and Source Address Selection for IPv6 Hosts,
- RFC 8801 Discovering Provisioning Domain Names and Data,
- RFC 8925 IPv6-Only Preferred Option for DHCPv4,
- RFC 9099 Operational Security Considerations for IPv6 Networks (which complements RFC 4942), and
- RFC 9288 Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Borders.
Part 1: IPv6 Network Management Recommendations
General recommendations, specific examples, and product information about network management for those deploying IPv6 in an existing IPv4-only network or transitioning to an IPv6-only network are provided by the following articles, reports, papers, seminars, tutorials, and presentations:
- This comprehensive IPv6 Network Management tutorial presented at the Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT) covers both the concepts and best practices of network management and network monitoring for IPv6 networks. It includes extensive examples of specific software use and reference bibliographies.
- This IPv6 Network Management Cookbook prepared by the European 6NET project and this later IPv6 Network Management overview presented by the European 6Deploy project cover concepts and best practices of network management, plus some tools developed by the 6NET project. (The European 6NET project completed Jun 2005, followed by the 6DISS project which completed Sept 2007; followed by 6DEPLOY and 6DEPLOY-2 (www.6deploy.eu) which completed Feb 2013. A more recent European IPv6 project was Governments Enabled with IPv6 (GEN6) which completed May 2015. Deliverables and Presentations under the Publications tab of the GEN6 website provide additional material. The next European IPv6 project was IPv6 Framework for European Governments which completed in 2018. Then came the European Union Internet Standards Deployment Monitoring project.)
- This article describes how to use SDN to increase the security of Stateless Address Autoconfiguration (SLAAC) and Neighbor Discovery Protocol (NDP) interactions among computers on a Local Area Network.
- Some IPv6-specific network management techniques and tools are described in this Are you neglecting IPv6 network management? article.
- This Mutually Agreed Norms for Routing Security (MANRS) Initiative for wide-area network operators and this Best Current Operational Practices (BCOP) Implementation Guide for stub networks and small providers.
- This BCOP on Minimum Security Requirements for Customer Premises Equipment (CPE) Acquisition document provides guidelines when recommending CPE to end-users.
- An extensive list of Network Monitoring Tools (over 500 listings) is maintained by the Stanford Linear Accelerator Center (SLAC) National Accelerator Laboratory. Not all these tools specifically state support for IPv6.
- Using the framework of the International Standards Organization (ISO) Fault, Configuration, Accounting, Performance, Security (FCAPS) model for network management, this NetworkWorld article informally discusses software for IPv6 network management.
- Using the use case methodology of systems analysis, this article informally discusses employing several performance management use cases to improve network performance.
- This Cisco Systems, Inc. white paper offers recommendations for non-IP specific network management, while this white paper offers recommendations for enabling network management via IPv6 transport on a network infrastructure that was previously IPv4-only.
- This Federal IPv6 Techtorial presentation hosted by BrightTALK provides a snapshot of network management products and best practices as of May, 2012.
- This IPv6 Deployment In Local Area Networks by Samenwerkende Universitaire Reken Faciliteiten Network (SURFNet), April, 2011, provides IPv6 configuration management guidance from the network level down to the individual device level.
- This Wikipedia article lists and compares the features of many NMS.
- In 2002, the then European 6NET project published this IPv6 Network Management Cookbook. Its recommendations are still valid for any IPv6 network management infrastructure. (See item 2 above for a summary of subsequent European IPv6 deployment project evolution.)
Part 2: Changing Perspectives on the Transition to IPv6
It is interesting to observe how the perspective on network management has changed over time during the ongoing transition from IPv4-only to IPv6 networking, as shown by the following (in reverse chronological order):
2023-2024 Perspective on the Transition to IPv6
A series of articles from the American Registry for Internet numbers (ARIN) on the subject of The Business Case for IPv6:
The IPv6-only Enterprise
Crossing the IPv6 Chasm
Operationalizing IPv6: From Theoretical to Practical
Internet vs Intranets.
2020 Perspective on the Transition to IPv6
This statement is from a policy memorandum (available here) from the Office of the Federal Chief Information Officer:
This memorandum communicates the requirements for completing the operational deployment of IPv6 across all Federal information systems and services, and helps agencies overcome barriers that impede them from migrating to IPv6-only network environments. The strategic intent is for the Federal government to deliver its information services, operate its networks, and access the services of others using only IPv6. … agencies shall: complete the upgrade of public/external facing servers and services (e.g., web, email, DNS, and ISP services) and internal client applications that communicate with public Internet services and supporting enterprise networks to operationally use native IPv6.
2016 Perspective on the Transition to IPv6
When readdressing a network that is already dual-stack or IPv6-only, a new type of challenge arises for network administrators and managers. This article on The Headache of IPv6 Readdressing discusses such a challenge.
2014 Perspective on the Transition to IPv6
As the IETF noted in this reality check in RFC 7149 Software-Defined Networking (SDN): A Perspective from within a Service Provider Environment:
The networking ecosystem has become awfully complex and highly demanding in terms of robustness, performance, scalability, flexibility, agility, etc. This means, in particular, that service providers and network operators must deal with such complexity and operate networking infrastructures that can evolve easily, remain scalable, guarantee robustness and availability, and are resilient to denial-of-service attacks.
2012 Perspective on the Transition to IPv6
These recommendations were provided by the Planning Guide/Roadmap Toward IPv6 Adoption within the US Government, July, 2012 memorandum. While the policies contained in that memorandum are no longer in effect (the memorandum was rescinded Aug, 2018 by Office of Management and Budget (OMB) Memorandum M-18-23 Shifting From Low-Value to High-Value Work), its recommendations remain valid.
IPv4-based network management systems (NMS) and fault tracing tools must undergo significant change to properly manage IPv6 networks. These would include both equipment and component managers as well as managers of managers (MoM) systems.
Replacing a non-conforming NMS is much more difficult than replacing other hardware or software as it tightly integrates with device software and hardware ports. Testing of all types and configuration of devices should be completed prior to system cutover and turn-up.
2007 Perspective on the Transition to IPv6
These observations in RFC 4942 by the IETF Network Working Group for IPv6 network management are valid for dual-stack network management as well as for network security:
It is important to understand that deployments are unlikely to be replacing IPv4 with IPv6 (in the short term), but rather will be adding IPv6 to be operated in parallel with IPv4 over a considerable period, so that security issues with transition mechanisms and dual stack networks will be of ongoing concern. This extended transition and coexistence period stems primarily from the scale of the current IPv4 network. It is unreasonable to expect that the many millions of IPv4 nodes will be converted overnight. It is more likely that it will take two or three capital equipment replacement cycles (between nine and 15 years) for IPv6 capabilities to spread through the network, and many services will remain available over IPv4 only for a significant period whilst others will be offered either just on IPv6 or on both protocols.
The Network Management section provide a wide variety of information for individuals and organizations interested in benefitting from the experience of others in planning for Internet Protocol version 6 (IPv6) deployment on and designing, operating, and managing both dual-stack (IPv6 and IPv4) and IPv6-only networks. The Wide-Area Network Deployment article is of particular interest to large enterprises, Internet Service Providers (ISP), Federal government departments and agencies, and academic institutions. In addition to the articles in this section, smaller organizations with a single geographic location may be interested in the way other small organizations have deployed dual-stack networks as described in the references provided by the Smaller Organizations' Process category of the Overview of Process article in the Deployment section.
PHP (Personal Home Page which later became PHP: Hypertext Preprocessor) is a server-side scripting language designed for web development which can also be used as a general-purpose programming language. The PHP language evolved since its creation in 1994 without a written formal specification (up until 2014). Internet Protocol version 6 (IPv6) support in PHP was added along the way, so verify your PHP server was built without the --disable-ipv6 option.
This article describes 25 PHP security best practices for Linux system administrators. A best practices document describes actions or practices that are known to produce good outcomes when followed.
The extensions listed below can be used to add support for IPv6 to PHP programs for specific functions. These are only a few of those available. Many more extensions (over 2,000) are documented on the www.php.net website. Just go to that website, enter “ipv6” in the "Search " box in the upper right hand corner, and click on the pop-up Search php.net for ipv6 that appears just below the "Search " box. Even more can be found using a web search engine.
Developer | Name or Title | Comments or Additional Information | Related Website |
---|---|---|---|
6 Deploy | Implementing IPv6 Applications | PHP, C, Perl, Java programs | http://www.6deploy.eu/workshops/20100621_athens/5%20IPv6%20Software%20Development.pdf |
CodeIgniter | CodeIgniter | PHP framework | https://www.codeigniter.com |
DREN | IPv6 and PTR records | formatting .IP6.ARPA records | IPv6 and PTR Records |
Fix6 | PHP and IPv6 Addresses | Connecting to and listening for IPv6 addresses | https://www.fix6.net/archives/2009/04/24/php-and-ipv6/ |
GITHUB | PHP IPv6 Tools | Validate IPv6 addresses, subnets, and EUI64 | https://github.com/dsp/v6tools |
High on PHP | 5 Tips for Working with IPv6 in PHP | http://www.highonphp.com/5-tips-for-working-with-ipv6-in-php | |
Jeremy Kendall | php-domain-parser | https://github.com/jeremykendall/php-domain-parser | |
Packagist | PHP Composer packages | 30+ IPv6 packages | https://packagist.org/search/?q=ipv6 |
Ray Soucy | IPv6 Address Functions | http://www.soucy.org/project/inet6 | |
Rino Nucarda | Introduction to IPv6 Programming | PHP, C, Perl, Java programs | https://twiki.cern.ch/twiki/pub/EGEE/IPv6FollowUp/Introduction_to_IPv6_programming_C_Java_PHP_perl.pdf |
Multicast was supported on Internet Protocol version 4 (IPv4) networks, but was never widely deployed because of architectural, management and security limitations. Multicast support on IPv6 networks overcame these limitations and is more widely deployed. This article provides information about deploying and configuring IPv6 multicast on internets.
This article is organized into 4 parts:
- Review basic multicast terminology, addressing, and configuration
- Infrastructure applications enabled by IPv6 multicast
- Reference documents for multicast node configuration
- Multicast troubleshooting
1. Review
This article explains basic multicasting concepts and terminology and compares multicast with broadcast and anycast. This article describes the multicast address structure. This presentation further explains multicast terminology, describes multicast addressing and discusses issues to consider when configuring multicast source (root) nodes, receiver (leaf) nodes, and intermediate nodes (routers) populating a multicast distribution tree (MDT). Internet Engineering Task Force (IETF) Request for Comments (RFC) 6308 provides an overview of the Multicast Addressing Architecture and RFC 7371 provides an update to RFC 6308.
Example of a Multicast Distribution Tree
An MDT is an arbitrary group of receivers that have expressed an interest in receiving a data stream from a particular source. This presentation describes the various types of multicast groups, multicast address formats, and the dynamics of joining, leaving, reporting, and querying an MDT. This article describes a deployment of IPv6 multicast in conjunction with MultiProtocol Label Switching (MPLS) Virtual Private Networks (VPNs). This presentation describes a deployment of IPv6 multicast in conjunction with Internet Protocol Security (IPsec). This article discusses the use of IPv6 multicast with Internet Control Message Protocol for IPv6 (ICMPv6) for secure autoconfiguration. This series of articles discuss the use of IPv6 multicast with ICMPv6 for neighbor discovery (the articles are listed in reverse order). In the Security section of the IPv6 Knowledge Base, this article discusses neighbor discovery attacks and this article includes a discussion of neighbor discovery attack mitigations.
For additional details about and limitations when using IPv6 multicast with IPsec, see paragraph 5.3.3 of the National Institute of Standards and Technology Special Publication 800-119, Guidelines for the Secure Deployment of IPv6.
2. Infrastructure applications
Since its earliest deployment on IPv6 networks, multicast has been recognized as an effective technique for video conferencing and content distribution (including by commercial radio and television networks). This presentation shows how IPv6 multicast can simplify the configuration and management of infrastructure applications such as Dynamic Host Configuration Protocol (DHCP), X Display Manager Control Protocol (XDMCP), Network Time Protocol (NTP), as well as less obvious infrastructure applications like Domain Name Service (DNS) protocol [not to be confused with Apple’s Bonjour a.k.a. multicast Domain Name System (mDNS)]. IPv6 multicast can even be used to install an operating system image across multiple computers in parallel, as described in this article. Additional infrastructure applications enabled by IPv6 multicast are mentioned in the Deployment section of this Wikipedia IP Multicast article.
3. Reference documents
The configuration of computer operating systems as receivers to discover or join an MDT were described in the articles and presentations referenced in part 1 above. The details of configuring various router operating systems as intermediate nodes on an MDT appear below:
- Nokia OS
- Extreme Networks NetIron IPv6 Multicast Configuration
- Cisco IOS
- Juniper JUNOS
Selected additional references appear below:
- Internet Assigned Numbers Authority (IANA) IPv6 Multicast Address Space Registry
- Microsoft Windows sockets
- Oracle Solaris (in the IPv6 Multicast Addresses in Depth section)
- java
4. Multicast troubleshooting
Basic troubleshooting tools and techniques are described in this presentation and in paragraphs 6.14 and 6.15 of Nippon Telegraph and Telephone (NTT) Information Sharing Platform Laboratories Deploying IPv6: Problems and Solutions. More advanced troubleshooting techniques with an emphasis on Protocol Independent Multicast Sparse Mode (PIM-SM) routing are described in this article. This article describes troubleshooting techniques for several multicast routing modes.