Enterprises rarely switch over from IPv4 to IPv6 in one step. Generally, companies will run dual-stack for a time, where both IPv4 and IPv6 are available on devices. This doesn’t solve most of the problems IPv6 was designed to solve, so we will discuss the benefits and drawbacks of:
- Dual-stack
- NAT44
- Dual-stack Lite
- NAT64/DNS64
- 464xlat
- MAP-T
- MAP-E
- IPv6-Only
Nalini Elkins & Michael Ackermann
The agenda topics include:
- Discuss how a good address plan makes security and routing policy easier,
- Consider numbering your LAN segment, SSID, or VLAN,
- Consider numbering for sites, backbone, links,
- Consider how to remember your addresses for diagnostics and troubleshooting, and
- Look at plans that other enterprises have done.
Nalini Elkins & Michael Ackermann
The agenda topics include:
- Review the important prefixes needed for an IPv6 address plan,
- Discuss how a good address plan makes security and routing policy easier,
- Consider numbering your LAN segment, SSID, or VLAN,
- Consider numbering for sites, backbone, links,
- Consider how to remember your addresses for diagnostics and troubleshooting, and
- Look at plans that other enterprises have done.
Nalini Elkins & Michael Ackermann
The agenda topics include:
- Stateless Autoconfiguration
- ICMPv6
- Neighbor Discovery
- Neighbor Solicitation / Advertisement
- Router Solicitation / Advertisement
- Multicast Listener Discovery
Nalini Elkins & Michael Ackermann
The agenda topics include:
- Stateless Autoconfiguration
- ICMPv6
- Neighbor Discovery
- Neighbor Solicitation / Advertisement
- Router Solicitation / Advertisement
- Multicast Listener Discovery
Nalini Elkins & Michael Ackermann
To be successful in implementing and understanding IPv6 networks, you need to first understand the IPv6 address methodology which is, in many ways, a fundamental change from the IPv4 paradigm. In this introduction, you will become familiar with what is different as well as what is the same with IPv6.
- Public and private addresses
- IPv6 Prefixes
- IPv6 Address Structure
- IPv6 Interface ID
- IPv6 Addressing and Address Allocation Methods (stateless, statefull)
- Address types, unicast, multicast, anycast
- Address categories: global, site local, link local
- Unique Local Unicast addresses
- Zero compression
- Special addresses (loopback, unspecified, IPv4 mapped IPv6)
- Broadcast address elimination
This webinar will be followed by a hands-on lab to illustrate the concepts shown. You do not need any equipment to participate. We will send full instructions so that if you wish, you may do the same commands / exercises but this is entirely optional.
Presented by Nalini Elkins.
To be successful in implementing and understanding IPv6 networks, you need to first understand the IPv6 address methodology which is, in many ways, a fundamental change from the IPv4 paradigm. In this introduction, you will become familiar with what is different as well as what is the same with IPv6.
- Public and private addresses
- IPv6 Prefixes
- IPv6 Address Structure
- IPv6 Interface ID
- IPv6 Addressing and Address Allocation Methods (stateless, statefull)
- Address types, unicast, multicast, anycast
- Address categories: global, site local, link local
- Unique Local Unicast addresses
- Zero compression
- Special addresses (loopback, unspecified, IPv4 mapped IPv6)
- Broadcast address elimination
This webinar will be followed by a hands-on lab to illustrate the concepts shown. You do not need any equipment to participate. We will send full instructions so that if you wish, you may do the same commands / exercises but this is entirely optional.
Presented by Nalini Elkins.
Unwanted and illegal robocalls continue to be both one of the largest communications-related nuisances (particularly since many of us are home to get them all day…) and are commonly used to defraud victims using social security, warranty and other scams. Fighting these unwanted calls has proven to be hard and is likely to require a combination of approaches that may also hasten the end of the traditional circuit-switched public switched telephone network. I’ll describe why unwanted robocalls are probably harder to curtail than spam emails and what techniques may help. I’ll focus particularly on calling number authentication, standardized by the IETF and ATIS in the STIR and SHAKEN working groups. STIR/SHAKEN offer a good case study that protocol standards are necessary, but need to be augmented by additional organizational infrastructure and operational practices to be successful. However, calling number authentication combined with simple call filters may only offer a temporary respite from unwanted calls unless other holes in the call delivery chain are plugged that allow shady operators to place millions of calls.
Prof. Henning Schulzrinne, Levi Professor of Computer Science at Columbia University, received his Ph.D. from the University of Massachusetts in Amherst, Massachusetts. MTS at AT&T Bell Laboratories; associate department head at GMD-Fokus (Berlin), before joining the Computer Science and EE departments at Columbia University. He served as chair of Computer Science from 2004 to 2009 and as Engineering Fellow, Technical Advisor and Chief Technology Officer of the Federal Communications Commission (FCC) from 2010 until 2017.
Protocol standards co-developed by him, including RTP, RTSP and SIP, are now used by almost all Internet telephony and multimedia applications. Fellow of the ACM and IEEE.
How security will be handled in IPv6 is a question asked by many. Myths abound. In this session, we will start to look at:
• NAT is not a firewall (security by obscurity)
• Complexities introduced by multiple stacks
• Risks introduced by not considering IPv6
• Reconn attacks and defense
• Local network attacks and defense
• Unauthenticated NDP (similar to ARP)
• Cache table exhaustion and ping-pong attacks
• Rogue device attachments
• Mitigations
• Extension Headers
• ICMPv6
This is only a start. In the following year, we plan to do a more detailed investigation of this critical area. There will be follow-on webcasts. In the survey to enterprises, many people said that this was a topic they considered very important.
Nalini Elkins is the President of the Industry Network Technology Council. She is also the CEO and Founder of Inside Products, Inc. Nalini is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she is a formidable businesswoman. She has been the founder or co-founder of three start-ups in the high-tech arena.
Encrypted DNS has been a hot topic for discussion in the world of Internet standards this past year. Its potential impact on enterprise networks has been a prominent part of that discussion. This webinar will explain the two methods for encrypting DNS (DNS over HTTPS and DNS over TLS, known as DoH and DoT), the perceived advantages of each over the other and of encrypting DNS in general, and the potential threats and dangers encrypted DNS presents to enterprise networks. We will then examine the publicly-stated implementation strategies of Google, Apple, Microsoft, and Mozilla as it relates to operating system and browser support for encrypted DNS. The presentation will end with recommendations and advice for how enterprise networks may adjust to the presence of applications and operating systems with support for encrypted DNS inside their networks.
Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman, Chief Executive Officer and Cofounder of award-winning Farsight Security, Inc. He was inducted into the Internet Hall of Fame in 2014 for work related to DNS. Dr. Vixie is a prolific author of open source Internet software including BIND, and of many Internet standards documents concerning DNS and DNSSEC. In addition, he founded the first anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991).
Dr. Vixie served on the ARIN Board of Trustees from 2005 to 2013, as ARIN Chairman in 2008 and 2009, and was a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). He operated the ISC’s F-Root name server for many years, and is a member of Cogent’s C-Root team. Dr. Vixie is a sysadmin for Op-Sec-Trust. He earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010. Dr. Vixie is a highly sought-after keynote speaker and has spoken at conferences around the world.