IPv6 migration issues part2

1.Persuading CIO/CFO to approve the migration

The first is to persuade the management of the agency to approve the IPv6 migration project. Since IPv6 cannot completely replace the IPv4 network for the time being, it is necessary to keep the IPv4 and IPv6 running in parallel, and the operating costs will be directly related to the finances. Not everyone is a technical expert, and everyone should not be expected to be professional.

As IT professionals, IT is our responsibility to effectively articulate our expertise so that decision makers are not based on fear, confusion or past immaturity, but on making decisions with enough information. Policymakers must have a deep understanding of what is at stake in the migration process and what it means for institutions. This requires thinking from multiple perspectives on relevant matters that policymakers may want to know and are well prepared for questions that may be asked and situations of uncertainty. It should also be made clear that both favourable results and adverse consequences must be illustrated as part of the migration project. We should make appropriate use of communication skills.

Through effective communication, this problem should be easier to deal with. Another suggestion is not only to show policymakers short-term impact (possibly new hardware, training, etc.), but also to illustrate the long-term effects. If the IPv6 deployment is successfully completed, it will bring a lot of advantages in the near future IPv4 and less. This leads to the topic that a shift in this protocol may result in a process of technological implementation that leads to short-term cost growth, which then slowly drops to less than the legacy cost, while bringing higher scalability and other performance.

These are the long-term planning ideas that executives like.

2.Costs

Costs include financial assets, including personnel costs and time costs. For IPv6 migrations, all three are included, but more are people and time costs. In order to complete the project as quickly as possible, a great deal of planning is required to ensure that all work is eventually completed and then the corresponding process is performed according to the plan. Any financial costs, including new devices (routers, switches) or servers, They should be taken into account.

But we will focus on the other two costs, as they are likely to grow significantly in the follow-up. Reasonable staffing in the project is conducive to reducing costs. These people need to have the ability to perform tasks efficiently, have good communication skills, and have a wealth of experience and creativity (which may not be rich except for the IT department, but better than nothing). The faster you write and roll out planning, the less time and personnel you need and the lower the cost. After the IPv6 migration starts, it can be performed synchronously with other ongoing projects, such as PC replacement projects.

As a result, two tasks are performed at the same time to avoid backtracking back to completed projects, resulting in cost savings. When it comes to cost, note that it refers not only to money, but to any resource that may be used.

Time and personnel costs should be considered at all times.

3.Complexity

IPv6 migration will be a more complex process involving all parts of the organization, at least all departments that use computers, and any device that can be networked.

Given that migration is a long-term process, everyone can work together to achieve the best results and make a smooth transition, the complexity of which is obvious. Now, let’s ignore the technical details and focus on complexity. There are several different ways to solve complexity problems, all of which cannot be separated from planning. To ensure that nothing is missing, we must make a plan that details the time node, the device group to be migrated, the priority, and so on.

This allows you to break down complex issues into manageable shards that are easier to handle, and easier to communicate with other members of your organization. One of the main ways to start planning is to audit the environment. This may require a list of inventory devices, a network scan tool, or simply bring all spreadsheets and systems together with the information you need. With a basic overview, you can gain an in-depth understanding of the State of the environment and conduct more detailed studies. When deploying IPv6, it is unlikely that all operations will be completed, and you may need to first select some that will allow you to be in a secure network environment, such as an enterprise applicationTest project in which IPv6 limitations are tested in a simulated environment).

This allows you to optimize some of the operational processes in a real-network environment.

4.Addressing legacy system issues

Legacy systems can basically be defined as old systems. They may lack some common functionality compared to current technologies, but they do not need to be replaced because they play a key or important role in keeping the organization running well.

With the deployment of IPv6, it is important to note that the network environment around legacy applications is changing. When an organization deploys IPv6 using dual-stack technology, devices in the network need to be equipped with both IPv6 and existing IPv4 addresses (called dual-stack technologies). If the device is unable to use the IPv6 address, it will eventually cause a series of problems due to inability to be addressed or normal communication (which can take advantage of tunneling technology, which also generates the corresponding administrative overhead).

You can also force only IPv4 addresses to be used, but as more IPv6-supported systems go online in the network, legacy systems will become even more of a burden. The best way to handle legacy systems is to analyze them in terms of compatibility.

Given the number of equipment, this work may take up a significant amount of human resources. Network auditing is, to some extent, like a simple solution. However, it is unavoidable that an important part of the device is not compatible. By then, IPv6 ‘s deployment plan will be extended to include all of these devices, which need to be planned separately and implemented in parallel with the IPv6 migration.

Determine the compatibility of all devices, the sooner the better, because the timeline will be determined accordingly, while at the same time being better able to define the scope of deployment of IPv6.

5.Cleaning up the current IPv4 inventory

The final issue is dealing with the existing Ipv4 inventory. For many network administrators, steps include buying a new device, implementing a deployment, temporarily hanging the old device for backup, and then abandoning the old device. Inventories should include services such as DNS and DHCP, not just equipment, which are adjusted or completely abandoned in Ipv6. The removal of Ipv4 from the network is the last step of the Ipv6 migration, although it will take a long time to transition before then, so it is still a problem. The best approach is still to enrich the Ipv6 functionality (e.g., Ipv6 reverse lookup, AAAA records, etc.).

Planning remains key to solving this problem. For this issue, the focus is not on planning per se, but on how it is implemented. At this stage, the double stack should have been fully implemented, and all incompatible devices have been replaced or functions running above have been migrated to compatible devices. You can then close the DHCP for Ipv4, and all devices that configure static addresses have removed Ipv4 addresses. The problem is that if a device is lost at this point, it will immediately lose all communication with the network. If you include the number of devices with the same problem, the coverage will become larger. This means you have to solve the DHCP administration/control problem, and if you don’t already have an automated configuration, it’s time to learn.

In addition to proper planning and implementation, there are other ways to address this issue. First, if your goal is to turn Ipv4 off, you can do this through Group Policy or Network Administration tools such as Configuration Distributor. Through IPAM, you can also see if there are still non-Ipv6-compliant devices, and which devices are not using Ipv6 addresses. If your goal is a double stack, then your plan will be more valuable because you are actually running both networks simultaneously. Test/test environments are required and be sure to verify with the manufacturer to prevent the removal of Ipv4 communication methods from devices such as servers and firewalls, leading to a reboot or strange phenomenon. Of course, the downtime must be scheduled, and such operations should not be performed during working hours, no matter what.

More importantly, however, you need to make deployment decisions based on planning. Running Ipv4 and Ipv6 at the same time may make it easier to ensure that the network works as expected, since most systems are intelligent and can use any of the available protocol stacks.For example, if you are running Ipv4 and Ipv6 at the same time, you can easily ensure that the network works as expected. The challenge is to turn off Ipv4 — “incompatible” network factors will show up (for better or worse). Testing is a critical step in any deployment plan. Long-term testing is required to ensure that the deployment of the two stack goes smoothly. Now all you have to do is get it right, and the last step is to remove Ipv4 from the network. Before removing, double-check the backups and all reports to make sure they are accurate, and then you can delete Ipv4 with one key. After ipv4 is removed from the network, the removal of physical inventory equipment has no time to request, cannot communicate with ipv4 addresses, will not function properly, will not pose a threat to the network connection or pose a security risk.

IV、Technology for Transition of Ipv6 Migration

1、Ipv6/Ipv4 double-protocol stack technology

Double stack system is to make the Ipv6 network node have an Ipv4 stack and an Ipv6 stack, and support both Ipv4 and Ipv6 protocols. Ipv6 and Ipv4 are similar network layer protocols, both of which apply to the same physical platform and host the same transport layer protocol, TCP or UDP, If a host supports both the Ipv6 and Ipv4 protocols, then the host can communicate with a host that supports only the Ipv4 or Ipv6 protocols.

2、Tunneling technology

The tunneling mechanism is to encapsulate the Ipv6 packet as data when necessary in the Ipv4 packet, The mechanism for enabling Ipv6 packets to be transmitted over an existing Ipv4 infrastructure, primarily an Ipv4 router. With the development of Ipv6, some backbone networks running Ipv4 are isolated and local Ipv6 networks. In order to realize the communication between these Ipv6 networks, tunneling technology must be adopted. The tunnel is transparent to the source site and the destination site, and at the tunnel entrance, the router encapsulates the Ipv6 data in Ipv4, The source address and destination address of the Ipv4 group are the Ipv4 address of the tunnel entrance and the exit respectively. At the exit of the tunnel, the Ipv6 group is removed and forwarded to the destination site. The advantage of tunneling technology lies in the transparency of the tunnel. The communication between Ipv6 hosts can ignore the existence of the tunnel. The tunnel only acts as a physical channel. Tunnelling technology has been widely used in the early evolution of Ipv4 to Ipv6. However, the tunneling technology cannot realize the communication between the Ipv4 host and the Ipv6 host.

3、Network address translation technology

　　The Network Address Translator ( NAT) technology treats the Ipv4 Address and the Ipv6 Address as internal and global Address, or vice versa. For example, when an internal Ipv4 host wants to communicate with an external Ipv6 host, In the NAT server, the Ipv4 address (equivalent to internal address) is converted to an Ipv6 address (equivalent to a global address), and the server maintains a mapping table of the Ipv4 and Ipv6 addresses. Conversely, when an internal Ipv6 host communicates with an external Ipv4 host, the Ipv6 host maps to an internal address and the Ipv4 host maps to a global address. NAT technology can solve the problem of interworking between Ipv4 host and Ipv6 host.

By Ielab李强伟