A couple of my buddies Shannon McFarland (Cisco) and Ed Horley (Groupware) did a great short video with Jeff Doyle (TCP/IP legend) on the urgency behind IPv6 in the service provider and the enterprise space. Enjoy! Also located in Ed’s post here: http://www.howfunky.com/2013/07/enterprise-ipv6-video-with-jeff-doyle.html Check out Ed’s blog for some great IPv6 deployment tips – especially […]
The Urgency Behind IPv6 Read More »
In the DoD there is a strong requirement for 2-factor authentication in the network. For systems and workstations they use a successful implementation with Public Key Infrastructure (PKI) and a DoD common access card (CAC) which has a client certificate. The user has a PIN; therefore, 2-factor. Nothing like this exists for network devices (routers,
Secure and Affordable 2-factor authentication: Yubikey Read More »
I have recently started working in a datacenter configuring quite a few Nexus 7000 series switches to act mainly as datacenter access switches – mainly making use of the popular features of Virtual Device Contexts (VDCs) and Virtual Port-Channels (vPCs). Well, IPv6 is a key part of the network environment. So for the last week,
Nexus 7000 IPv6 Configuration Pitfalls Read More »
Well, today is the day, or the last day I should say. At midnight tonight, the US Government will have shut the books on yet another Fiscal Year. Although, it’s not finances that has the technology industry glued to government tech news; it’s IPv6 adoption. By the end of FY 2012, the entire US Government
2012 US Government IPv6 Mandate: The Day of Reckoning Read More »
***Updated on 14 May 2014 – regarding NET-IPv6-022, See below*** Thousands of network engineers in the DoD out there looking at implementing IPv6 now have to address a few Security and Technical Implementation Guidance (STIG) items that they used to just annotate as “Not Applicable – NA.” Now, IPv6 security is important. If you are
Cisco IPv6 IOS Hardening – DoD Style Read More »
Last month I presented the case as to why 802.1x authentication is not enough for local network (wired or wireless) security (go back here to read). In this post I will present an alternative: IPv6 Secure Neighbor Discovery (SeND). If you have an IPv6 enterprise, small IPv6 deployment, or a little IPv6 lab then pay
Why 802.1x is Not Enough: How to Implement SeND – Part 2 Read More »
There’s been much debate in the IPv6 community regarding the abysmal support or IPv6 Secure Neighbour Discovery (SeND). To get you up to speed on what IPv6 Secure Neighbour Discovery is think IPv6 + 802.1x-like + ARP security + PKI environment. Later in this blog I’ll show you how to set up an IPv6 SeND
Why 802.1x is Not Enough: Use IPv6 SeND – Part 1 Read More »
Software Defined Networking (SDN) is the new buzzword in IT today. It has become synonymous with things like cloud, cyber security, CDN, and yes even IPv6. The curious thing is that they are all inter-related. Open Flow, which is a specification of the Open Network Foundation, has defined this new phenomenon as something that, “enables
SDN, Open Flow and Cisco ONE: A First Look Read More »
One week ago today (6 June 2012), the Internet Society (ISOC) led the charge on a voluntary initiative called World IPv6 Launch. Participating in this event were: five home router vendors, 77 Internet Service Providers, and 3,013 websites. By signing up as a website or ISP, you were committing to enabling IPv6 on your network
World IPv6 Launch: One Week Out Read More »
Well, it is now roughly four months until the U.S. Federal Government is supposed to have its publicly-facing network services enabled for IPv6 by 30 September 2012 according to the White House directive in 2010. More specifically: Upgrade public/external facing servers and services (e.g. web, email, DNS, ISP services, etc) to operationally use native IPv6
US Government IPv6 Enablement – 4-month Status Check Read More »