Protocol IPv6 puts new challenges for network administrators in the context of user identification. Unlike IPv4, an IPv6 address no longer uniquely identifies a user or PC. IPv6 address can be randomly generated and keeps changing in time. The presentation describes the system developed at the Brno University of Technology, … Read More
User Identification in IPv6 Network
Tomas Podermanski, Matej Gregr, Miroslav ŠvédaUsers in IPv4 networks typically use only one IP address per interface configured either statically or dynamically via DHCPv4 server. Several techniques can be used to detect violation of that policy. However, IPv6 protocol brings new techniques and possibilities to obtain an IPv6 address. New concepts – autoconfiguration, multiple IPv6 addresses per interface or temporary IPv6 addresses providing privacy for end users introduce new challenges for users identification. Network administrators have to collect additional information for user identification from more sources, e.g. DHCPv6 log, routers neighbor cache, Radius logs, syslog etc. This paper presents analysis of IPv6 address assignment used in current networks together with guidelines how to identify a user in IPv6 networks.
Deploying IPv6 in University Campus Network – Practical Problems
Tomas Podermanski, Matej GregrIPv4 addresses are still running out. Global IPv4 address pool administered by IANA organization is depleted together with IPv4 pool of APNIC Routing Registry. This situation pushes organizations to think about IPv6 transition. Unfortunately IPv4 and IPv6 are incompatible protocols which raise new security issues and problems with user monitoring and accounting. The article shares experiences of deploying IPv6 on the university campus network and describes the most significant troubles that we have been faced with. It describes and compares differences in first hop security in IPv6 and IPv4 networks. Issues connected with user addressing, accounting and monitoring are also discussed. The experience is mainly based on the deployment of IPv6 on the campus network at Brno University of Technology which is one of the biggest universities in the Czech Republic.
IPv6 Autoconfiguration
Tomas Podermanski, Matej GregrOne of the basic requirements of the IPv6 protocol is support for the autoconfiguration of network nodes. This document details the options for autoconfiguration in current operating systems and gives an overview of these options in IPv6 networks.
IPv6 Address Space
Tomas Podermanski, Matej GregrThis document describes network structure, the ways of creating IPv6 addresses in end-user networks, and the methods used to connect home, corporate and campus networks.
Security concerns and solutions with IPv6
Tomas PodermanskiGrowing number of IPv6 devices in the network would bring new security challenges. Are there any security improvements comparing to IPv4 or IPv6 brings some new security threads. IPv6 have been developed for more than 15 years so far and presentation tries to find the answer if IPv6 cold be … Read More
Fake router detection – practical experience
Matej Gregr6to4 (RFC 3056) is a transition mechanism allowing users to communicate with IPv6 enabled sites and services with minimal manual configuration. Globally unique IPv4 address is the only prerequisite. Together with anycast prefix for 6to4 routers (defined in RFC 3068) provides a simple solution, how even an end site can … Read More
IPv6 Configuration on HP ProCurve Switches
Tomas Podermanski, Vladimír ZáhoříkNew firmware for HP ProCurve switches was released on 15th November 2010. With this step, the manufacturer removed a significant shortcoming of the ProCurve switches – no full support for the IPv6 protocol. Partial IPv6 support was already introduced in earlier versions, but only for device management and filtering (ACL). Version K.15 brings IPv6 routing support in hardware with all features, including support of the OSPFv3 routing protocol. This firmware was released for the L3 switches series 54xx, 81xx – i.e., all switches with the “K” letter in their firmware name. The release number of the new version is 15 (K.15). The current document presents a detailed look at the implementation of IPv6 support. Giving examples, it will be shown that IPv6 configuration is not very complicated. Since for many people practical use of IPv6 is still unknown territory, some differences from IPv4 will be described in more detail below. Management and syntax of IPv6 commands copy the Cisco philosophy to a large degree. Yet, there are some small differences. The procedures below definitely do not represent all IPv6 possibilities in the K.15 firmware or IPv6 configuration possibilities, but are merely a manual to put IPv6 into production on these switches easily and quickly.
- Page 2 of 2
- 1
- 2