What would you say if I told you that one of the most visited websites on the Internet enabled IPv6 connectivity to their site in the course of an afternoon for zero dollars using existing Cisco hardware? How about if I told you that the site was Facebook? Most people would assume I was joking or exaggerating. However, by using LISP, Cisco Certified Internetworking Expert Donn Lee pulled off this seemingly impossible feat and then presented a paper at the North American Network Operators Group (NANOG) about the experience. You can even watch the video here.
What is LISP?
Let’s start by understanding the problem that LISP solves. An IP address serves two distinct functions: It identifies the endpoint host, but also suggests the location because the high order bits identify the network on which the device is located. If you move a device from one subnet to another, the address has to change since the device location changes. The endpoint identification from the previous location gets lost when the device moves, unless some form of tunneling or mobility protocol is employed.
Cisco Locator/ID Separation Protocol (LISP) is routing architecture that provides new semantics for IP addressing. The current IP routing and addressing architecture uses a single numbering space, the IP address, to express two pieces of information:
The way the device attaches to the network
The LISP routing architecture design separates the device identity, or endpoint identifier (EID), from its location, or routing locator (RLOC), into two different numbering spaces. Splitting EID and RLOC functions yields several advantages.
Check out this video for a quick review of LISP.
Although LISP was designed to deal with the route scalability problem in the Internet, it turns out is has the capability to help with the transition to IP Version 6 (IPv6), the next-generation Internet protocol.
The transition to IPv6 is an immediate challenge facing Public Sector, and specifically Federal customers today due to Government mandates and impending IPv4 address exhaustion for consumers of Government services.
Because IPv6 is not backward compatible with IPv4, and because its deployment and operation are different from that of IPv4, development and implementation of an IPv6 transition strategy is imperative. Many techniques exist to ease the transition to IPv6, and the network-based IPv6 transition techniques can be divided generally into three categories: dual-stack IPv4 and IPv6, IPv6 tunneling, and IPv6 translation.
Each approach has its features, benefits, and limitations; they are not all equivalent in terms of cost, complexity, or capabilities. Most likely, a combination of these techniques will provide the best solution. The role that the Locator/ID Separation Protocol (LISP) being developed by Cisco and the IETF can play in IPv6 transition strategies is documented in this Whitepaper.
Incorporating LISP into an IPv6 transition strategy can simplify the initial rollout of IPv6 by taking advantage of the LISP mechanisms to encapsulate IPv6 host packets within IPv4 headers (or IPv4 host packets within IPv6 headers). For example, you can build IPv6 islands and connect them with existing IPv4 Internet connectivity.
LISP is a Cisco innovation that is being promoted as an open standard. Cisco participates in standards bodies such as the IETF LISP Working Group to develop the LISP architecture.
“Wait a minute,” I hear you say, “Didn’t we already run out of IPv4 addresses?”
Yes, you have a good memory: The IPv4 address pool was exhausted in February 2011. The doomsayers and pundits all bemoaned the gloom and doom of the day, and experts gravely predicted the horrors of things to come. IT publications were filled with articles, Twitter exploded with witty remarks about the coming “ARPAgeddon,” and even the mainstream media ran semi-accurate sensationalist articles on the topic.
But then something funny happened. Nothing. The Internet kept working. IPv4 blocks continued to be handed out. The dust settled and most folks went happily about their business. How could this be so? Was it all a bunch of media hype and false alarms? No. February was really the early warning of the problems to come.
In the previous installment of our series of IPv6 security posts, we covered some of the basic things you need to consider when securing your IPv6 network. In this post, we’ll talk about some of the things to consider when performing security testing on your IPv6 product or network. This testing is useful whether you are developing an IPv6 application or simply deploying IPv6 on your network.
Increased Setup Time
Start with an IPv6 environment in which most people do not have a lot of experience. Next throw in the typical dual stack configurations, and it is almost guaranteed that any IPv6 security testing that you perform is likely to take longer than it took you in your IPv4 environment. With dual stack configurations, both IPv4 and IPv6 are viable traffic paths. Therefore, just making sure that your test traffic is actually using IPv6 is one of the first hurdles you will face. So when developing your schedules for performing IPv6 security testing, always allow a little extra time to account for those problems that will almost certainly appear.
Remember the days when going to work meant being stuck at your desk, working on a desktop PC? Thankfully, the proliferation of laptops, tablets, and mobile devices, along with a robust network to support connectivity, has enabled all of us to be on the go and working, at the same time.
With new innovations in Borderless Networks, which are being announced today, an organization’s ability to securely connect anyone, anywhere, with their preferred device, while delivering a high quality experience even to the most resource-intensive multimedia applications, has become even stronger.
So how will these new innovations change the workplace even more? Watch this video to find out, and to learn more details on the enhancements.
Luckily, most of us don’t have a boss like that one in the video. And using our smartphones, we can get some work done on the beach! (Ok, maybe).
As for how the new the Borderless Networks innovations will have an impact—they will deliver solutions in three areas: Security, Management, and Multimedia.
Here are the details, and what the new innovations will mean for our partners: Read More »