Last week my colleagues and I were excited to deliver a 4-hour lab on IPv6 Security at Cisco Live London 2013. The training enabled students to correctly identify, classify, and deter or prevent the nefarious IPv6-specific behaviors. They did so by configuring network threat defense, countermeasures, and controls that were implemented and deployed on infrastructure devices as well as validate their effectiveness. Some of the nefarious behaviors included IPv6 spoofing, using IPv6 in IPv4 tunneling to bypass, and DDoS using IPv6 packets. This IPv6 security training was first delivered at Cisco Live USA 2012, where 19 students participated in the class. At Cisco Live London, we welcomed 21 Cisco Customers, giving them access to our lab-hosted equipment to practice and complete tasks covered during class. What follows are some key observations about our training in London as compared to our training in the U.S.:

  • European students seemed to have deployed IPv6 in their production networks more than their American counterparts, most of whom were only piloting IPv6 in their environment.
  • Both American and European students were concerned with the issues introduced by IPv6 and wanted to deploy countermeasures to protect their networks accordingly.
  • Students who participated in the London session had more IPv6 knowledge and were able to grasp IPv6 security concepts and protections faster than students in previous trainings.
  • While our American students hailed from various sectors, including Enterprise, Service Provider, and the public sector, our European students typically came from Enterprise and Service Provider sectors.

I should point out that the above observations cannot be used to safely, or accurately extrapolate conclusions about IPv6 status quo in Europe as compared to the U.S., as they’re only based on our training student samples—a narrow sampling at best. That said, Google’s statistics and Akamai’s traffic reports indicate that IPv6 user adoption is higher overall in North America compared to Europe.

What I can say is that at the completion of the course in London, we believe our students were more prepared to effectively implement and deploy basic inherent security features and techniques for identifying, classifying, deterring, and detecting attacks, threats, and nefarious behaviors specific to IPv6. These features include Flexible NetFlow, IPv6 ACLs, RTBH, NBAR, and more.

We hope the lab was as fun for our customers as it was for us, and we look forward to delivering it again next year!

Our next IPv6 training lab will take place in March at the CanSecWest conference in Vancouver, BC.

Hope to see you there!

Remember to check out the Cisco Security Intelligence Operations (SIO) Portal for all things related to Cisco Security collateral, documentation, best practices and other useful information to help customers protect and their networks!


Panos Kampanakis

Product Manager

Security & Trust Organization