Network Management Recommendations

Introduction

This article focuses on procedures and best practices recommended for use by IPv6 network administrators and managers. A best practices document describes actions or practices that are known to produce good outcomes when followed. When changing the management infrastructure of any network that currently supports Internet Protocol version 4 (IPv4)-only to either:

(1) dual-stack (IPv4 and IPv6 are both supported),
(2) IPv6-only-preferred (existing IPv4-only and dual-stack nodes on a local area network both continue to be supported but all new and updated nodes on the network will be IPv6-only, sometimes referred to as IPv6-mostly access), or
(3) IPv6-only,

there are no easy or quick solutions. The books on network management listed in part 3 of the IPv6 Training Information document referenced in the IPv6 Training and Learning article under the Deployment section provide additional information.

The focus of this article differs from the focus of the IPv6 and IoT Security Best Practices article in the Security section. That article focuses on procedures and best practices recommended for use by both IPv6 network security personnel, and by organizations and individuals deploying and subsequently operating Internet of Things (IoT) devices, in order to detect, prevent, and monitor attempts to use networks or devices connected to networks in unauthorized ways.

Network management and network security in both environments have been the subject of numerous Internet Engineering Task Force (IETF) Request For Comments (RFC) documents, including:

  • RFC 4057 IPv6 Enterprise Network Scenarios,
  • RFC 4942 IPv6 Transition/Coexistence Security Considerations,
  • RFC 6418 Multiple Interfaces and Provisioning Domains Problem Statement
  • RFC 6632 An Overview of the IETF Network Management Standards,
  • RFC 7368 IPv6 Home Networking Architecture Principles,
  • RFC 7381 Enterprise IPv6 Deployment Guidelines
  • RFC 7556 Multiple Provisioning Domain Architecture
  • RFC 8043 Source-Address-Dependent Routing and Source Address Selection for IPv6 Hosts
  • IETF draft document Monitoring Dual Stack/IPv6-only Networks and Services,
  • RFC 8801 Discovering Provisioning Domain Names and Data,
  • RFC 8925 IPv6-Only Preferred Option for DHCPv4,
  • RFC 9099 Operational Security Considerations for IPv6 Networks (which complements RFC 4942), and
  • RFC 9288 Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Borders.

It is interesting to notice how the perspective on network management has changed over time, as shown in the following paragraphs.

Perspective on network management in 2007

These observations in RFC 4942 by the IETF Network Working Group for IPv6 network management are valid for dual-stack network management as well as for network security:

It is important to understand that deployments are unlikely to be replacing IPv4 with IPv6 (in the short term), but rather will be adding IPv6 to be operated in parallel with IPv4 over a considerable period, so that security issues with transition mechanisms and dual stack networks will be of ongoing concern. This extended transition and coexistence period stems primarily from the scale of the current IPv4 network. It is unreasonable to expect that the many millions of IPv4 nodes will be converted overnight. It is more likely that it will take two or three capital equipment replacement cycles (between nine and 15 years) for IPv6 capabilities to spread through the network, and many services will remain available over IPv4 only for a significant period whilst others will be offered either just on IPv6 or on both protocols.

Perspective on network management in 2012

These recommendations were provided by the Planning Guide/Roadmap Toward IPv6 Adoption within the US Government, July, 2012 memorandum. While the policies contained in that memorandum are no longer in effect (the memorandum was rescinded Aug, 2018 by Office of Management and Budget (OMB) Memorandum M-18-23 Shifting From Low-Value to High-Value Work), its recommendations remain valid.

IPv4-based network management systems (NMS) and fault tracing tools must undergo significant change to properly manage IPv6 networks. These would include both equipment and component managers as well as managers of managers (MoM) systems.

Replacing a non-conforming NMS is much more difficult than replacing other hardware or software as it tightly integrates with device software and hardware ports. Testing of all types and configuration of devices should be completed prior to system cutover and turn-up.

Perspective on network management in 2014

As the IETF noted in this reality check in RFC 7149 Software-Defined Networking (SDN): A Perspective from within a Service Provider Environment:

The networking ecosystem has become awfully complex and highly demanding in terms of robustness, performance, scalability, flexibility, agility, etc. This means, in particular, that service providers and network operators must deal with such complexity and operate networking infrastructures that can evolve easily, remain scalable, guarantee robustness and availability, and are resilient to denial-of-service attacks.

Perspective on network management in 2016

When readdressing a network that is already dual-stack or IPv6-only, a new type of challenge arises for network administrators and managers. This article on The Headache of IPv6 Readdressing discusses such a challenge.

Perspective on network management in 2020

This statement is from a policy memorandum (available here) from the Office of the Federal Chief Information Officer:

This memorandum communicates the requirements for completing the operational deployment of IPv6 across all Federal information systems and services, and helps agencies overcome barriers that impede them from migrating to IPv6-only network environments. The strategic intent is for the Federal government to deliver its information services, operate its networks, and access the services of others using only IPv6. … agencies shall: complete the upgrade of public/external facing servers and services (e.g., web, email, DNS, and ISP services) and internal client applications that communicate with public Internet services and supporting enterprise networks to operationally use native IPv6.

Network Management Resources

Specific examples, general recommendations, and product information about network management for those deploying IPv6 in an existing IPv4-only network or transitioning to an IPv6-only network are provided by the following articles, reports, papers, seminars, tutorials, and presentations:

  1. This comprehensive IPv6 Network Management tutorial presented at the Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT) covers both the concepts and best practices of network management and network monitoring for IPv6 networks. It includes extensive examples of specific software use and reference bibliographies.
  2. This IPv6 Network Management Cookbook prepared by the European 6NET project and this later IPv6 Network Management overview presented by the European 6Deploy project cover concepts and best practices of network management, plus some tools developed by the 6NET project. (The European 6NET project completed Jun 2005, followed by the 6DISS project which completed Sept 2007; followed by 6DEPLOY and 6DEPLOY-2 (www.6deploy.eu) which completed Feb 2013. A more recent European IPv6 project was Governments Enabled with IPv6 (GEN6) which completed May 2015. Deliverables and Presentations under the Publications tab of the GEN6 website provide additional material. The next European IPv6 project was IPv6 Framework for European Governments which completed in 2018. Then came the European Union Internet Standards Deployment Monitoring project.)
  3. This article describes how to use SDN to increase the security of Stateless Address Autoconfiguration (SLAAC) and Neighbor Discovery Protocol (NDP) interactions among computers on a Local Area Network.
  4. Some IPv6-specific network management techniques and tools are described in this Are you neglecting IPv6 network management? article.
  5. This Mutually Agreed Norms for Routing Security (MANRS) Initiative for wide-area network operators and this Best Current Operational Practices (BCOP) Implementation Guide for stub networks and small providers.
  6. This BCOP on Minimum Security Requirements for Customer Premises Equipment (CPE) Acquisition document provides guidelines when recommending CPE to end-users.
  7. An extensive list of Network Monitoring Tools (over 500 listings) is maintained by the Stanford Linear Accelerator Center (SLAC) National Accelerator Laboratory. Not all these tools specifically state support for IPv6.
  8. Using the framework of the International Standards Organization (ISO) Fault, Configuration, Accounting, Performance, Security (FCAPS) model for network management, this NetworkWorld article informally discusses software for IPv6 network management.
  9. Using the use case methodology of systems analysis, this article informally discusses employing several performance management use cases to improve network performance.
  10. This Cisco Systems, Inc. white paper offers recommendations for non-IP specific network management, while this white paper offers recommendations for enabling network management via IPv6 transport on a network infrastructure that was previously IPv4-only.
  11. This Federal IPv6 Techtorial presentation hosted by BrightTALK provides a snapshot of network management products and best practices as of May, 2012.
  12. This IPv6 Deployment In Local Area Networks by Samenwerkende Universitaire Reken Faciliteiten Network (SURFNet), April, 2011, provides IPv6 configuration management guidance from the network level down to the individual device level.
  13. This Wikipedia article lists and compares the features of many NMS.
  14. In 2002, the then European 6NET project published this IPv6 Network Management Cookbook. Its recommendations are still valid for any IPv6 network management infrastructure. (See item 2 above for a summary of subsequent European IPv6 deployment project evolution.)