Cisco Blogs


Cisco Blog > Architect & DE Discussions

Touching / Seeing / Feeling IPv6 in the World of Solutions at Cisco Live Milan

As Cisco Live Europe 2014 draws to a close I wanted to reflect on what has (for me) been a personal campaign to raise the visibility of IPv6 in the World of Solutions / WoS (the demonstration / show floor of the event)

Last year at Cisco Live London I heard some comments that there was not enough IPv6 in the WoS. I decided to see if I could encourage Cisco Business Units and Partners to enable demonstrations for Dual Stack operation and highlight that fact. I wrote previously we would be “awarding” an “IPv6 Enabled Logo” to all Cisco and Partner demonstrations that took the step of enabling Dual Stack and highlighting the same fact.

How did we fare ? Cisco Live 2014 Milano showcased over 15 IPv6 enabled demonstrations including two which were enabled as “IPv6 only”. These were spread between Cisco and Partner booths and were mainly marked with the newly created green “IPv6 Enabled Logo”.

Screen Shot 2013-12-18 at 18.47.38

I personally visited a number:

Read More »

Tags: , , , , ,

IPv6 First Hop Security (FHS) concerns

There are a growing number of large-scale IPv6 deployments occurring within enterprise, university, and government networks. For these networks to succeed, it is important that the IPv6 deployments are secure and the quality of service (QoS) must rival the existing IPv4 infrastructure. An important security aspect to consider is the local links (Layer 2). Traditional Layer 2 security differs between IPv4 and IPv6 because instead of using ARP—like IPv4—IPv6 moves the traditional Layer 2 operations to Layer 3 using various ICMP messages

IPv6 introduces a new set of technology link operations paradigms that differ significantly from IPv4. The changes include more end nodes that are permitted on the link (up to 2^64) and increased neighbor cache size on end nodes and the default router, which creates more opportunities for denial of service (DoS) attacks. There are also additional threats to consider in IPv6 including threats with the protocols in use, a couple of which are listed below:

  • Neighbor Discovery Protocol (NDP) integrates all link operations that determine address assignment, router discovery, and associated tasks.
  • Dynamic Host Configuration Protocol (DHCP) can have a lesser role in address assignment compared to IPv4.

Finally, non-centralized address assignment in IPv6 can create challenges for controlling address misuse by malicious hosts.

For more information on FHS concerns. read the new IPv6 FHS whitepaper.

Tags: , , ,