On February 2011, IANA has run out of IPv4 addresses. On April 2011, APNIC pool reached the final /8 IPv4 address block. Projected address pool exhaustion for other RIRs varies from the beginning of the 2012 to the end of 2014. This situation pushes organizations to think about transition to IPv6. Unfortunately IPv4 and IPv6 are incompatible protocols that make the transition more difficult and raise new security issues. This paper shares experiences of deploying IPv6 in the university campus network, describes the most significant troubles that we have been faced with and describes the best practices in the practical IPv6 deployment. The article discusses differences in IPv6 and IPv4 networks with focus on the first hop security, autoconfiguration (SLAAC, DHCP, DHCPv6) and different client’s support.
Users in IPv4 networks typically use only one IP address per interface configured either statically or dynamically via DHCPv4 server. Several techniques can be used to detect violation of that policy. However, IPv6 protocol brings new techniques and possibilities to obtain an IPv6 address. New concepts – autoconfiguration, multiple IPv6 addresses per interface or temporary IPv6 addresses providing privacy for end users introduce new challenges for users identification. Network administrators have to collect additional information for user identification from more sources, e.g. DHCPv6 log, routers neighbor cache, Radius logs, syslog etc. This paper presents analysis of IPv6 address assignment used in current networks together with guidelines how to identify a user in IPv6 networks.