IPAM

If you are putting together your IPv6 address plan, you'll need to consider how you should allocate subnets from the IPv6 block you received from your ISP or Internet Registry. In fact you should consider how to design the structure of your IPv6 allocation hierarchy to simplify ongoing network management once deployment has begun.  The first step entails defining how much address space is required across and into the depths of your IP network to provide IPv6 address capacity for those devices requiring it. You can use your current IPv4 address allocation record as a guide to define the active utilization of your IPv4 address space. Once you've defined where you require IPv6 addresses, you'll next need to define how to perform your allocations. One approach is to simply allocate /64 subnets directly from your base ISP allocation, using a sparse, best-fit or random allocation approach.  This single-tier allocation approach may work fine for small networks, but for modest to...

We've just published a free online IPv6 subnet calculator for your use and enjoyment. For the uninitiated, a subnet is a subdivision or allocation of a larger address block. Subnetting is necessary to enable an organization to carve up the address block received from its ISP into subdivisions across the organization in order to provide IP address capacity to end devices requiring IP network access. In many enterprises, the subnetting process involves tiers or layers to better map to the organization's routing structure, security policies, applications' routing requirements, or other reasons. Thus in the simplest case, an organization choosing to use the private 10.0.0.0/8 space, they may choose to allocate bits 9-16 to the top layer of its address hierarchy. This would yield 256 subnets, starting from 10.0.0.0/16, 10.1.0.0/16, 10.2.0.0/16, on up to 10.255.0.0/16. Each /16 could in turn be further subdivided using bits 17-24 to create 256 subnets for each of the 256 /16 blo...

As we have done several times over the years, we are planning another webinar series offering educational material regarding IPAM technologies including IPv6, DNSSEC and IDNA. The full webinar lineup , dates and times, and brief synopses are posted on the BT Diamond IP website. Register for any number of topics you're interested in. When planning such a series, we certainly have no shortage of topic ideas. IPv6 as always remains of high interest from the Internet community at large. We ran an intensive 5-webinar IPv6 series about a year ago, and these webinars are still relevant and posted for playback on the BT Diamond IP website. So this time around, I selected three different IPv6 webinar topics.  The first seeks to relate IPv6 to "managers," which yes as the title unfortunately implies, is somewhat "dumbed down" technically in terms of describing IPv6, but it also includes topics related to how IPv6 can impact one's business. I'll discuss the...

It's been a few months since I've posted due to the urgency to finish my new IPv6 book, a death in the family and a period of abnormally onerous work requirements (always getting in the way!). My new book, co-authored with Michael Dooley is entitled, IPv6 Deployment and Management, ISBN-10: 1118387291/ISBN-13:978-1118387207, and will be available within the month. Mike and I were motivated to write this book given the myriad questions we received from customers, prospects, and acquaintances about how to go about IPv6 deployment. Certainly having worked with IPv4 and IPv6 from an IPAM perspective for several years, we were able to share our experiences. However, there's much more to deploying IPv6 than managing the IPv4-IPv6 address space! So we set out to learn about the broader aspects of IPv6 deployment thanks to extensive research and interaction with some of our colleagues, and we discovered that it touches every aspect of the IP network. And given that I've never...

With all the IPv6 fanfare and press leading up to World IPv6 Launch this past June 6th, after which things quieted down, I've been wondering, has anything happened since? According to ongoing research  conducted by the England Chapter of the Internet Society published on the RIPE NCC website , most countries worldwide have experienced higher IPv6 penetration as measured in August, 2012 vs. June, 2012. In fact, the U.S. experienced the largest percentage increase in IPv6 penetration over the period, leaping from 6.17% to 11.46%! The research project is dubbed the IPv6 Matrix Project, and full details about the project can be found on its website . In a nutshell, the system attempts an "IPv6 crawl" by looking up DNS records for the top one million websites (and then some) according to Alexa. The system uses DNS results to initiate connection attempts to email, web and time servers. The IPv6 Matrix website home page displays a world map, which I assume displays the very ...

I used the metaphor of dominos in a prior post to illustrate the close inter-relationship among IPv4 address suppliers, namely IANA, each of the Regional Internet Registries (RIRs) and Internet Service Providers (ISPs). Up til now, the "initial domino" fell with IANA depleting its available IPv4 space in early February, 2011. This event was followed only two months later by the APNIC, the RIR serving the Asia Pacific region, to fall next when it reported that it had entered the final phase of its IPv4 allocation policy with only its final /8 of IPv4 space remaining. Today, the European RIR, the RIPE NCC, announced that it too has now begun making allocations from its final /8 of IPv4 address space. The clock is ticking on IPv4 address space. Unfortunately, it's inevitable. IPv4 space will no longer be available for allocation anywhere at a time in the not too distant future. Even if you have plenty of IPv4 address space, the complexion of the Internet will continue to m...

On the heels of my most recent post asking, " How many IPv6 eyeballs are you missing? ," I now pose the analogous question for DNSSEC. Do your DNS servers receive queries requesting authenticated resource record data for your namespace? If so, and you have not signed your zones, then DNSSEC validators' requests for authentication will go unfulfilled. And their DNS caches they are attempting to protect from poisoning will go unprotected, not to mention the integrity of your DNS namespace. An attacker "impersonating" your namespace could redirect browsers to the attackers' website for example by providing DNS resolvers with falsified query answers using cache poisoning attacks such as those publicized by Dan Kaminsky . On the other hand, if hardly any resolvers (i.e., caching servers) initiating queries on the Internet even perform DNSSEC validation, signing your zones will offer value only to a small number of deployed validators and no value to non-validat...