HP 635n HP Jetdirect Print Servers - Practical IPv6 Deployment for Printing an - Page 24

Preparing the Intranet for IPv6

Get HP 635n - JetDirect IPv6/IPsec Print Server PDF manuals and user guides
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals

Page 24 highlights

in DNS records for those Vista clients. Also keep in mind that a non link local IPv6 addresses can appear on your Vista clients by simply adding an IPv6 router to your network - which may not be what the IT Administrator wanted! Assuming there are not any IPv6 network reachability issues, let's make sure we understand the difference between these two commands: • "FTP 2001:DB8:128::21b:78FF:FE0A:5D9A" • "FTP mfp3.remote.example.internal" The first command fails and the second command passes because, unbeknownst to the user, the second command switches to use IPv4 after the IPv6 connection fails. This leads us to a second important point about IP Neutral services - there should be no difference in the service capability when accessed over IPv6 as compared to IPv4. Why? In most cases, users will be using name resolution rather than explicit IP addresses (mainly because after typing in one IPv6 address explicitly, you'll never want to type in another one). Therefore, the user will be typing in a name because it is much easier. As we have seen throughout this whitepaper, the name resolution algorithms are dependent on many variables and these variables control whether IPv6 or IPv4 is selected without the user's knowledge. Imagine a web server that served up different content for a user depending on whether IPv4 was used or IPv6 was used when the user has no idea what IPv4 or IPv6 even refers to! For example, a web browser on one client machine could display different content from a web browser on another machine, even though the name in the URL was exactly the same - one machine's name resolution chose IPv4 and another machine's name resolution chose IPv6. Clearly, this behavior would not be desired. What have we learned in this section? Well, if the network administrator decides to configure the company's routers with IPv6, suddenly IPv6 SLAAC takes over and all IPv6 enabled devices get a non link local IPv6 address in addition to the link local IPv6 address they have. Basically, all these devices now have 3 IP addresses - an IPv4 address, a link local IPv6 address, and a non link local IPv6 address. If an IPv6 enabled device is integrated into the Active Directory and supports the kerberized DNS update mechanism, then most likely the IPv6 addresses are in DNS, which could lead to reachability issues. Preparing the Intranet for IPv6 Using Unique-Local IPv6 addresses provides for a lot of flexibility for the Intranet. The great benefit of the Unique-Local addressing is that it allows a customer to develop the following: • IPv6 Expertise • IP Neutral Application Testing and Deployment • IPv6 Security Evaluations Within the Intranet As a customer's experience grows, they may be able to begin to convert some subnets over to IPv6 only and relinquish IPv4. When the day comes to connect to the IPv6 Internet, a customer can do so with the knowledge and experience. When the IPv6 Internet is brought in, a customer will need to begin what could be a painful renumbering process (moving from a Unique-Local IPv6 prefix to a Global IPv6 address prefix). Until that day, we can get by just fine by using Unique Local IPv6 addressing. (NOTE: Network Address Translation (NAT) may also be a solution to get from a Unique Local IPv6 address to a Global IPv6 Address. However, NAT is frowned upon by most if not all IPv6 proponents). This whitepaper will not discuss intranet tunneling methods such as ISATAP. The primary reason is that Vista and Longhorn will be shipping with IPv6 enabled and operational along with IPv4 and most environments have not migrated to IPv6 at all. This means that the initial transition mechanism will be 24

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
24
in DNS records for those Vista clients.
Also keep in mind that a non link local IPv6 addresses can
appear on your Vista clients by simply adding an IPv6 router to your network – which may not be
what the IT Administrator wanted!
Assuming there are not any IPv6 network reachability issues, let’s make sure we understand the
difference between these two commands:
“FTP 2001:DB8:128::21b:78FF:FE0A:5D9A”
“FTP mfp3.remote.example.internal”
The first command fails and the second command passes because, unbeknownst to the user, the
second command switches to use IPv4 after the IPv6 connection fails.
This leads us to a second
important point about IP Neutral services – there should be no difference in the service capability
when accessed over IPv6 as compared to IPv4.
Why?
In most cases, users will be using name
resolution rather than explicit IP addresses (mainly because after typing in one IPv6 address explicitly,
you’ll never want to type in another one).
Therefore, the user will be typing in a name because it is
much easier.
As we have seen throughout this whitepaper, the name resolution algorithms are
dependent on many variables and these variables control whether IPv6 or IPv4 is selected without the
user’s knowledge.
Imagine a web server that served up different content for a user depending on
whether IPv4 was used or IPv6 was used when the user has no idea what IPv4 or IPv6 even refers to!
For example, a web browser on one client machine could display different content from a web
browser on another machine, even though the name in the URL was exactly the same – one machine’s
name resolution chose IPv4 and another machine’s name resolution chose IPv6.
Clearly, this
behavior would not be desired.
What have we learned in this section?
Well, if the network administrator decides to configure the
company’s routers with IPv6, suddenly IPv6 SLAAC takes over and all IPv6 enabled devices get a non
link local IPv6 address in addition to the link local IPv6 address they have.
Basically, all these
devices now have 3 IP addresses – an IPv4 address, a link local IPv6 address, and a non link local
IPv6 address.
If an IPv6 enabled device is integrated into the Active Directory and supports the
kerberized DNS update mechanism, then most likely the IPv6 addresses are in DNS, which could
lead to reachability issues.
Preparing the Intranet for IPv6
Using Unique-Local IPv6 addresses provides for a lot of flexibility for the Intranet.
The great benefit of
the Unique-Local addressing is that it allows a customer to develop the following:
IPv6 Expertise
IP Neutral Application Testing and Deployment
IPv6 Security Evaluations Within the Intranet
As a customer’s experience grows, they may be able to begin to convert some subnets over to IPv6
only and relinquish IPv4.
When the day comes to connect to the IPv6 Internet, a customer can do so
with the knowledge and experience.
When the IPv6 Internet is brought in, a customer will need to
begin what could be a painful renumbering process (moving from a Unique-Local IPv6 prefix to a
Global IPv6 address prefix).
Until that day, we can get by just fine by using Unique Local IPv6
addressing.
(NOTE: Network Address Translation (NAT) may also be a solution to get from a Unique
Local IPv6 address to a Global IPv6 Address.
However, NAT is frowned upon by most if not all IPv6
proponents).
This whitepaper will not discuss intranet tunneling methods such as ISATAP.
The primary reason is
that Vista and Longhorn will be shipping with IPv6 enabled and operational along with IPv4 and most
environments have not migrated to IPv6 at all.
This means that the initial transition mechanism will be