4 research outputs found
Discovering the IPv6 Network Periphery
We consider the problem of discovering the IPv6 network periphery, i.e., the
last hop router connecting endhosts in the IPv6 Internet. Finding the IPv6
periphery using active probing is challenging due to the IPv6 address space
size, wide variety of provider addressing and subnetting schemes, and
incomplete topology traces. As such, existing topology mapping systems can miss
the large footprint of the IPv6 periphery, disadvantaging applications ranging
from IPv6 census studies to geolocation and network resilience. We introduce
"edgy," an approach to explicitly discover the IPv6 network periphery, and use
it to find >~64M IPv6 periphery router addresses and >~87M links to these last
hops -- several orders of magnitude more than in currently available IPv6
topologies. Further, only 0.2% of edgy's discovered addresses are known to
existing IPv6 hitlists
A Brave New World: Studies on the Deployment and Security of the Emerging IPv6 Internet.
Recent IPv4 address exhaustion events are ushering in a new era of
rapid transition to the next generation Internet protocol---IPv6. Via
Internet-scale experiments and data analysis, this dissertation
characterizes the adoption and security of the emerging IPv6 network.
The work includes three studies, each the largest of its kind,
examining various facets of the new network protocol's deployment,
routing maturity, and security.
The first study provides an analysis of ten years of IPv6 deployment
data, including quantifying twelve metrics across ten global-scale
datasets, and affording a holistic understanding of the state and
recent progress of the IPv6 transition. Based on cross-dataset
analysis of relative global adoption rates and across features of the
protocol, we find evidence of a marked shift in the pace and nature
of adoption in recent years and observe that higher-level metrics of
adoption lag lower-level metrics.
Next, a network telescope study covering the IPv6 address space of the
majority of allocated networks provides insight into the early state
of IPv6 routing. Our analyses suggest that routing of average IPv6
prefixes is less stable than that of IPv4. This instability is
responsible for the majority of the captured misdirected IPv6 traffic.
Observed dark (unallocated destination) IPv6 traffic shows substantial
differences from the unwanted traffic seen in IPv4---in both character
and scale.
Finally, a third study examines the state of IPv6 network security
policy. We tested a sample of 25 thousand routers and 520 thousand
servers against sets of TCP and UDP ports commonly targeted by
attackers. We found systemic discrepancies between intended
security policy---as codified in IPv4---and deployed IPv6 policy.
Such lapses in ensuring that the IPv6 network is properly managed and
secured are leaving thousands of important devices more vulnerable to
attack than before IPv6 was enabled.
Taken together, findings from our three studies suggest that IPv6 has
reached a level and pace of adoption, and shows patterns of use, that
indicates serious production employment of the protocol on a broad
scale. However, weaker IPv6 routing and security are evident, and
these are leaving early dual-stack networks less robust than the IPv4
networks they augment.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120689/1/jczyz_1.pd
Enterprise IPv6 Deployment Guidelines
Enterprise network administrators worldwide are in various stages of preparing for or deploying IPv6 into their networks. The administrators face different challenges than operators of Internet access providers, and have reasons for different priorities. The overall problem for many administrators will be to offer Internet-facing services over IPv6, while continuing to support IPv4, and while introducing IPv6 access within the enterprise IT network. The overall transition will take most networks from an IPv4-only environment to a dual stack network environment and potentially an IPv6-only operating mode. This document helps provide a framework for enterprise network architects or administrators who may be faced with many of these challenges as they consider their IPv6 support strategie
RFC 7381: Enterprise IPv6 Deployment Guidelines
Enterprise network administrators worldwide are in various stages of
preparing for or deploying IPv6 into their networks. The
administrators face different challenges than operators of Internet
access providers and have reasons for different priorities. The
overall problem for many administrators will be to offer Internet-
facing services over IPv6 while continuing to support IPv4, and while
introducing IPv6 access within the enterprise IT network. The
overall transition will take most networks from an IPv4-only
environment to a dual-stack network environment and eventually an
IPv6-only operating mode. This document helps provide a framework
for enterprise network architects or administrators who may be faced
with many of these challenges as they consider their IPv6 support
strategies