CERN Accelerating science

Document

IPv6 security checklist for developers

Checklist for developers 

This checklist is the HEPiX Pv6 working group’s current list of issues to be considered. We welcome feedback from developers on the content of this list according to their experiences during the transition. Updates and additions will be made as required.

How to deploy IPv6 at a WLCG Tier-2 site

Introduction

The process of deploying IPv6 at a Tier-2 WLCG site  requires several steps and it has been followed only by a few sites, so far. This document will evolve into a detailed how-to guide for sites to follow, but initially it will contain a sketch of the procedure based on the experience of those sites which already deployed IPv6 in production.

IPv6 deployment steps

Very broadly speaking, the IPv6 deployment will require sites to go through these steps:

Implementation Template

ADDRESS MANAGEMENT

  • Get a public prefix assignment
  • Define addressing plan and assignment rules
  • Add IPv6 support to the address management database and related tools
  • DNS Name resolution policies

PROCUREMENT

  • Public address space
  • Network devices with IPv6 support
  • Software licences for IPv6 support
  • IPv6 Internet upstream

NETWORK EQUIPMENT

How to get write access to this web site

Users with a CERN account:

Users without a CERN account:

 

IPv6 address assignment issues

The basic (and possibly legal) requirement of many institutions is that they be able to authorise the access to the network, and be able to trace actions on the network to an individual (the one who requested such access authorisation).

IPv6 at CERN

More information at http://cern.ch/ipv6

Routing

Since OSPF is the protocol routing IPv4, OSPF3 has been chosen as IGP. The topology of the two protocols will be the same as well as link costs and timers.

Addresses plan

Subscribe to RSS - Document