1、 ETSI GR IP6 001 V1.1.1 (2017-06) IPv6 Deployment in the Enterprise Disclaimer The present document has been produced and approved by the IPv6 Integration (IP6) ETSI Industry Specification Group (ISG) and represents the views of those members who participated in this ISG. It does not necessarily rep
2、resent the views of the entire ETSI membership. GROUP REPORT ETSI ETSI GR IP6 001 V1.1.1 (2017-06) 2 Reference DGR/IP6-0001 Keywords Internet, IoT, IPv6, Mobile, NFV, SDN ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 62
3、3 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content
4、of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document
5、 Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB
6、/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanica
7、l, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Sta
8、ndards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protect
9、ed for the benefit of its Members GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI GR IP6 001 V1.1.1 (2017-06) 3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g3Executive summary 4g31 Scope 5g32 References 5g32.1 Normative
10、references . 5g32.2 Informative references 5g33 Abbreviations . 6g34 IPv6-enabled Enterprise . 7g34.1 Introduction 7g34.2 Guiding principles 8g34.3 IPv6 Transition strategies . 9g34.3.1 Setting the scene . 9g34.3.2 Dual-Stack 10g34.3.3 IPv6 only. 10g34.3.4 Tunnelling . 11g34.3.5 Enterprise Network S
11、egments. 11g34.4 Enterprise Design Considerations - Building a cross functional team . 11g34.5 Preparation and Assessment Phase . 11g34.6 IPv6 address plan . 13g34.6.1 Setting the scene . 13g34.6.2 To use or not to use ULA (Unique Local IPv6 Unicast Addresses) . 13g34.6.3 Understanding the differenc
12、es between IPv4 and IPv6 addressing schemes. . 14g34.6.4 Address Management . 14g34.7 Routing considerations . 14g34.8 IPv6 Data Centre 15g34.9 Building an IPv6 Internet Presence 16g34.9.1 Setting the scene . 16g34.9.2 The network edge . 16g34.9.3 Web . 16g34.9.4 VPN 17g34.9.5 DNS 17g34.9.6 NAT 17g3
13、4.9.7 Multihoming . 18g34.9.8 Email . 18g34.10 Cloud 18g34.11 Management . 19g34.12 Security 20g34.12.1 Setting the scene . 20g34.12.2 First Hop Security . 20g35 Lessons learned: IPv6 touches everything . 20g36 Conclusions 21g3Annex A: Authors Essential, or potentially Essential, IPRs notified to ET
14、SI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the exi
15、stence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI c
16、laims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations
17、 associated with those trademarks. Foreword This Group Report (GR) has been produced by ETSI Industry Specification Group (ISG) IPv6 Integration (IP6). Modal verbs terminology In the present document “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpre
18、ted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Executive summary The present document outlines the motivation for the deployment of IPv6 within
19、enterprises, the objectives, the benefits, the risks, the challenges, the technology guidelines, the different choices that arise when designing IPv6-only or dual-stack enterprise network, step-by-step process, the addressing plan, and the milestones. With the growing number of users and the prolife
20、ration of smart devices and things, IPv4 address space exhaustion is a major Information and Communications Technology (ICT) issue. The current IPv4-based Internet can no longer sustain the explosive growth of ICT. Any organization that relies on the Internet to any extent need to be prepared, need
21、to support IPv6. The move to IPv6 is inevitable, there is no alternative plan at this time. IPv6 is the cornerstone of our connected society. IPv6 offers important business and technical advantages. While all/most existing IPv4-based infrastructures will continue to work after the last IPv4 address
22、is issued, enterprises may be tempted to put off transitioning to IPv6 till some later date. However postponing the inevitable can put an enterprise at a competitive disadvantage. The present document provides guidelines and recommendations on IPv6 deployment in the enterprise. ETSI ETSI GR IP6 001
23、V1.1.1 (2017-06) 5 1 Scope The present document outlines the motivation for the deployment of IPv6 in enterprises, the objectives, the benefits, the risks, the challenges, the technology guidelines, the different choices that arise when designing IPv6-only or dual-stack enterprise network, step-by-s
24、tep process, the addressing plan, and the milestones. 2 References 2.1 Normative references Normative references are not applicable in the present document. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-sp
25、ecific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long t
26、erm validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 IETF RFC 1918: “Address Allocation for Private Internets“. i.2 IETF RFC 3493: “Basic Socket Interface Extensions for I
27、Pv6“. i.3 IETF RFC 4193: “Unique Local IPv6 Unicast Addresses“. i.4 IETF RFC 3531: “A Flexible Method for Managing the Assignment of Bits of an IPv6 Address Block“. i.5 IETF RFC 3542: “Advanced Sockets Application Program Interface (API) for IPv6“. i.6 IETF RFC 4193: “Unique Local IPv6 Unicast Addre
28、sses“. i.7 IETF RFC 4380: “Teredo: Tunneling IPv6 over UDP through Network Address Translations“. i.8 IETF RFC 5375: “The Locator/ID Separation Protocol (LISP)“. i.9 IETF RFC 6146: “Stateful NAT64: - Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers“. i.10 IETF RFC 6296: “IP
29、v6 to IPv6 Network Prefix Translation“. i.11 IETF RFC 6555: “Happy Eyeballs: Success with Dual-Stack Hosts“. i.12 IETF RFC 7239: “Forwarded HTTP Extension“. i.13 RIPE NCC: “Requirements for IPv6 in ICT Equipment“. NOTE: Available at https:/ i.14 IETF ID draft-troan-homenet-sadr-01: IPv6 Multihoming
30、with Source Address Dependent Routing (SADR)“. i.15 DomainKeys Identified Mail. NOTE: Available at https:/en.wikipedia.org/wiki/DomainKeys_Identified_Mail. ETSI ETSI GR IP6 001 V1.1.1 (2017-06) 6 i.16 IETF RFC 6145: “IP/ICMP Translation Algorithm“. 3 Abbreviations For the purposes of the present doc
31、ument, the following abbreviations apply: AAAA DNS resource records (RRs) IPv6 address record ACL Access Control List AFT Address Family Translation ARP Address Resolution Protocol ALG Application-aware LogicAV Audio/Video BCP Best Current Practices BGP Border Gateway Protocol BIND Berkeley Internet
32、 Name Domain BYOD Bring your own device CDN Content Delivery Network CG-NAT Carrier-grade NAT (Network Address Translation) CPU Central Processing Unit DHCP Dynamic Host Configuration Protocol DNS Domain Name System ERP Enterprise Resource Planning FQDN Fully qualified domain name GR Group Report HT
33、TP HyperText Transfer Protocol ICMP Internet Control Message Protocol ICT Information and Communications Technology IETF Internet Engineering Task Force IGP Interior Gateway Protocol IoT Internet of Things IP Internet Protocol IPAM IP Address Management IPS Intrusion Prevention Systems IPsec Interne
34、t Protocol Security IPv4 Internet Protocol version 4 IPv6 Internet Protocol version 6 ISATAP Intra-Site Automatic Tunnel Addressing Protocol ISC Internet Systems Consortium ISG Industry Specification Group IS-IS Intermediate System to intermediate System ISP Internet Service Provider LISP Locator/Id
35、entifier Separation Protocol LLMNR Link-Local Multicast Name Resolution Protocol LOB Line of Business MAC Media Access Conrol address MIB Management information base MiM Man-in-the-Middle MTA Mail Transfer AgentsNAT Network Address Translation ND Neighbour Discovery NPTv6 Network Prefix Translation
36、OS Operating System OSX Mac OS X NOTE 1: Unix-based graphical operating system developed and marketed by Apple Inc. NOTE 2: Mac OS X is a trademark of Apple Inc., registered in the U.S. and other countries. PA Provider aggregatable PI Provider independentRDNSS Recursive DNS Server ETSI ETSI GR IP6 0
37、01 V1.1.1 (2017-06) 7 RIPE Rseaux IP Europens RIR Regional Internet Registry RR Resource Record SADR Source Address Dependent Routing SIEM Security Incident and Event Management SLAAC Stateless Address Auto Configuration SLB Server Load Balancer SMTP Simple Mail Transfer Protocol SNMP Simple Network
38、 Management Protocol SSDP Simple Service Discovery Protocol SSL Secure Sockets Layer TCP Transmission Control Protocol UDP User Datagram Protocol ULA Unique Local IPv6 Unicast Addresses VLAN Virtual Local Area Network VPN Virtual Private Network WAN Wide Area Network 4 IPv6-enabled Enterprise 4.1 In
39、troduction When IPv4 emerged as the standard Internet protocol in the 1980s for the “Internet“, the address space - some four billion IP addresses - seemed more than adequate. Today it is clearly no longer the case. The world has moved from IP enabled to IP dependent. As of 2015 more than 83 percent
40、 of the worlds population no longer has access to a “public Internet address.“ In North America, Latin America, Asia, and Europe, the IPv4 address pool is already entirely depleted. With the growing number of users and the proliferation of smart devices and things, IPv4 address space exhaustion is a
41、 major Information and Communications Technology (ICT) issue. The current IPv4-based Internet can no longer sustain the explosive growth of ICT. Any organization that relies on the Internet to any extent needs to be prepared to support IPv6. IPv6 needs to be adopted globally across all parts of the
42、Internet ecosystem. Global service providers and mobile operators are already deploying IPv6 in order to keep the Internet growing. IPv6 is allowing them to continue to grow their businesses and deliver the services that all of todays e-commerce is based on. The move to IPv6 is inevitable, there is
43、no alternative plan at this time. IPv6 is the cornerstone of our connected society. IPv6 offers important business and technical advantages. Among them: higher performance, enhanced mobility, automated management, built-in multicasting for multimedia applications, enhanced security, simplified admin
44、istration and many more. Indeed, many enterprises have already determined that IPv6 is a much better networking tool than its predecessor, and it offers much greater capabilities for future technologies developed for networking platforms. Because all/most existing IPv4-based infrastructures will con
45、tinue to work after the last IPv4 address is issued, enterprises may be tempted to put off transitioning to IPv6 till some later date. Postponing the inevitable, however, can put an enterprise at a competitive disadvantage. As more and more customers operate in an IPv6 world, companies supporting on
46、ly IPv4 risk being shut out of high-growth markets because they are unable to reach, or be reached by, these customers. The fallacy in this position is that maintaining IPv4-only communications can put enterprises at a competitive disadvantage. Seamless, pervasive connectivity is an integral part of
47、 doing business today. IPv6 enables the enterprise and the global Internet to keep growing in a secure and open manner, and to scale toward the demand of new applications and, literally, billions of connected devices, while streamlining operations and provisioning. Enterprises deploying IPv6-enabled
48、 services are in a better position to capture the market changes, be more competitive, increase their growth potential, and provide for improved business continuity. ETSI ETSI GR IP6 001 V1.1.1 (2017-06) 8 Of particular note is the fact that regardless of an organizations IPv6 preference, its custom
49、er base is currently deploying it. As consumers and customers adopt IPv6, enterprises will need to ensure that their own technology assets align with how their customers prefer to do business. As the shift to online shopping has already shown, customers will continue to buy from companies that do business on their terms. Meeting the needs of the customer base (many of which already have an IPv6-connected device) should be an imperative for all organizations. Today, enterprises should already have
