IPv6 Deployment in a Service Provider's Data Center Network

Tämä diplomityö on tehty toimeksiantona Capgemini Finland Oy:lle (myöh. Capgemini). Sen tavoitteena on ottaa IPv6-protokolla käyttöön Capgeminin konesaliverkossa niin, että se on saavutettavissa Internetistä IPv4-protokollan lisäksi myös IPv6-protokollalla. Työn ensimmäisessä luvussa kerrotaan lyhyesti siitä, mitkä tämän työn taustat ja tavoitteet ovat sekä minkä ongelman ja osaongelmat se ratkaisee. Toisessa luvussa kerrotaan, mitkä IPv4-protokollan ongelmat ovat ja miksi IPv6-protokolla lopulta korvaa sen. Kolmannessa luvussa esitellään IPv6-protokollaa ja sen tukiprotokollia IETF:n (Internet Engineering Task Force) RFC-dokumenttien (Request For Comments) ja kirjallisuuden pohjalta. Neljännessä luvussa perehdytään lyhyesti IPv6-protokollan tietoturvaan IPv6-käyttöönottoon liittyen ja kerrotaan, millaisia IPv6-transitiomekanismeja on olemassa. Viidennessä luvussa näytetään ensin tyypillinen palvelinkeskuksen konesaliverkon verkkotopologia ja esitellään sen jälkeen Capgeminin konesaliverkon rakenne. Kuudennessa luvussa yhdistetään Capgeminin konesaliverkko Internetiin IPv6-protokollalla ja rakennetaan Capeminin laboratorioon IPv6-testiverkko. Luvussa kehitetään myös konsepti, jolla voidaan provisioida IPv6-protokollalla toimiva www-palvelu Capgeminin konesaliverkossa mahdollisimman helposti ja kustannustehokkaasti. Lopuksi seitsemännessä luvussa käydään läpi IPv6-käyttöönoton tulokset, seuraukset ja siinä esiintyneet haasteet sekä tehdään suunnitelma siitä, mitkä ovat seuraavat askeleet IPv6-protokollan laajemmalle käyttöönotolle Capgeminin konesaliverkossa.This Master's thesis was done for Capgemini Finland Oy (later referred to as Capgemini). The objective of the thesis is to deploy the IPv6 protocol in Capgemini's data center network so that it is reachable from the Internet also via IPv6 in addition to IPv4. In the first chapter of the thesis the background and objectives of the thesis in addition to the problem it solves are discussed. In the second chapter the inadequacy of the IPv4 protocol and the reasons why IPv6 will eventually replace it are explained. In the third chapter the IPv6 base protocol and its supporting protocols are presented based on RFC (Request For Comments) documents published by the IETF (Internet Engineering Task Force) and literature. In the fourth chapter IPv6 security with respect to the IPv6 deployment and IPv6 transition mechanisms are introduced. In the fifth chapter, a typical data center network topology is first shown after which the Capgemini data center network is showcased. In the sixth chapter the Capgemini data center network is connected to the Internet via IPv6 and an IPv6 test network is set up in the Capgemini laboratory. A proof of concept to provision an IPv6 web service in the Capgemini data center network with minimal capital and operational expenditure is also developed. Finally, in the seventh chapter the results, consequences and challenges of the IPv6 deployment are reviewed and a plan is made as to what the next steps for a more comprehensive IPv6 deployment in the Capgemini data center network are

A Brave New World: Studies on the Deployment and Security of the Emerging IPv6 Internet.

Recent IPv4 address exhaustion events are ushering in a new era of rapid transition to the next generation Internet protocol---IPv6. Via Internet-scale experiments and data analysis, this dissertation characterizes the adoption and security of the emerging IPv6 network. The work includes three studies, each the largest of its kind, examining various facets of the new network protocol's deployment, routing maturity, and security. The first study provides an analysis of ten years of IPv6 deployment data, including quantifying twelve metrics across ten global-scale datasets, and affording a holistic understanding of the state and recent progress of the IPv6 transition. Based on cross-dataset analysis of relative global adoption rates and across features of the protocol, we find evidence of a marked shift in the pace and nature of adoption in recent years and observe that higher-level metrics of adoption lag lower-level metrics. Next, a network telescope study covering the IPv6 address space of the majority of allocated networks provides insight into the early state of IPv6 routing. Our analyses suggest that routing of average IPv6 prefixes is less stable than that of IPv4. This instability is responsible for the majority of the captured misdirected IPv6 traffic. Observed dark (unallocated destination) IPv6 traffic shows substantial differences from the unwanted traffic seen in IPv4---in both character and scale. Finally, a third study examines the state of IPv6 network security policy. We tested a sample of 25 thousand routers and 520 thousand servers against sets of TCP and UDP ports commonly targeted by attackers. We found systemic discrepancies between intended security policy---as codified in IPv4---and deployed IPv6 policy. Such lapses in ensuring that the IPv6 network is properly managed and secured are leaving thousands of important devices more vulnerable to attack than before IPv6 was enabled. Taken together, findings from our three studies suggest that IPv6 has reached a level and pace of adoption, and shows patterns of use, that indicates serious production employment of the protocol on a broad scale. However, weaker IPv6 routing and security are evident, and these are leaving early dual-stack networks less robust than the IPv4 networks they augment.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120689/1/jczyz_1.pd

Creation of value with open source software in the telecommunications field

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200