IPv4 to IPv6 Transition and Security
Tavakoli Momtaz, Maryam; Swanson, Michael (2015)
Metropolia Ammattikorkeakoulu
2015
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2015111816763
https://urn.fi/URN:NBN:fi:amk-2015111816763
Tiivistelmä
This document is intended for the use of network administrators and people with a knowledge of networking. It aims to provide guidelines for people intending to migrate to IPv6. The practical implementation can be used in a production environment.
The goal of the project was to implement and transition from IPv4 to IPv6 in a small to medium size network using the best current practices and security. Due to the exhaustion of IPv4 addresses, migration to IPv6 has become a necessity. A native IPv6 network will be time-consuming and expensive to implement, due to the expertise required and the necessity of IPv6 compatible devices.
Security is a vital aspect of the migration process. Due to the unique structure of the IPv6 protocol, new attacks and security concerns arise and some IPv4 attacks still exist. This project evaluated and provided security considerations for the secure deployment of an IPv6 network including extension header threats, first-hop security concerns and IPsec.
Transition mechanisms allow enterprises to adapt to IPv6 while maintaining an existing IPv4 network. This gradual migration minimises the network disruption, as well as offers considerable benefits, such as cost and time-efficiency, scalability and simpler deployment. During this project, two of the most commonly used methods, dual-stacking and tunnelling, were implemented and tested in a laboratory environment. This project was carried out using Cisco routers and switches, and for the end terminals, Windows desktop computers were used.
The project resulted in the creation of two redundant networks, with two completely different transition mechanisms, dual-stack and tunnelling. For each mechanism, various tests and experiments were conducted in order to study the networks performance and to gain a deeper knowledge of the technologies in use.
The goal of the project was to implement and transition from IPv4 to IPv6 in a small to medium size network using the best current practices and security. Due to the exhaustion of IPv4 addresses, migration to IPv6 has become a necessity. A native IPv6 network will be time-consuming and expensive to implement, due to the expertise required and the necessity of IPv6 compatible devices.
Security is a vital aspect of the migration process. Due to the unique structure of the IPv6 protocol, new attacks and security concerns arise and some IPv4 attacks still exist. This project evaluated and provided security considerations for the secure deployment of an IPv6 network including extension header threats, first-hop security concerns and IPsec.
Transition mechanisms allow enterprises to adapt to IPv6 while maintaining an existing IPv4 network. This gradual migration minimises the network disruption, as well as offers considerable benefits, such as cost and time-efficiency, scalability and simpler deployment. During this project, two of the most commonly used methods, dual-stacking and tunnelling, were implemented and tested in a laboratory environment. This project was carried out using Cisco routers and switches, and for the end terminals, Windows desktop computers were used.
The project resulted in the creation of two redundant networks, with two completely different transition mechanisms, dual-stack and tunnelling. For each mechanism, various tests and experiments were conducted in order to study the networks performance and to gain a deeper knowledge of the technologies in use.