Together with SURFnet we met with Harold van Ham and David Schrok, both active in the IPv6 team at the University of Applied Sciences in Breda and talked to them about the steps they took to deploy IPv6 in their network.
Stories about IPv6 adoption tend to be all about spiraling costs, technical obstructions, frustration over getting adequate buy in from decision makers, and a host of other infamous snags and roadblocks. And that’s not all bad. Being vocal about what went wrong in one case helps prevent mistakes being repeated in others. That said, it’s good to throw a success story in the mix from time to time.
Back in 2013, a team at the Avans Hogeschool (University of Applied Sciences) in the Netherlands embarked on the task of deploying IPv6 in their network. Their brief: to roll out IPv6 on a low budget without creating any disruption on their network, and preferably within the space of two years. Here’s how they did it.
Harold van Ham and David Schrok, two members of the IPv6 team at the Avans Hoogeschool
As teaching staff at Avans, the team’s motivation was straightforward. With over 30,000 students enrolled, Avans stands out as one of the leading educational and research institutions for applied sciences in the Netherlands. The aim in making the switch to IPv6 was to give those students the opportunity to learn what IPv6 implementation looks like up close.
Harold van Ham took on the role of project leader: "The project was prompted, in part, by a graduation project from a collegue/student who was in the process of writing his thesis about IPv6 at Avans with the intend to actually implement IPv6. Apart from that, we would like students to have the ability to work with IPv6 in their study/project as well.’
So, with the motivation and much of the necessary skills already in place, the project was triggered and an initial proposal was written up in 2013.
The budget was kept to a minimum from the outset. Since much of the expense behind IPv6 adoption typically comes from labour hours and training, keeping costs low will usually require keeping the number of people involved in check.
In this case, the core team numbered just eight – eight individuals with a diverse mix of skillsets and a strong combined knowledge of what the project would require. The idea was that this team, with support from the wider IT management team at Avans, all of whom were involved and well-informed about IPv6, could complete the project in two years, even despite being busy with their regular work.
Another cost, though much more minor, came from hardware replacement. Through good planning, the team was able to obtain the requisite equipment in the course of the usual process of hardware/software replacement. All they needed to do was make it compulsory that all new equipment be fully IPv6 capable.
With all this in place, the proposal was sent on to the annual budget rounds – at which point the project was placed on hold till 2014. Fast forward to late 2014: the budget was secured and the team were ready to go with a clear project plan.
Consultation with SURFnet
One thing that was clear from early on was that certain aspects of the project called for external expertise. So, the group made the decision to contact SURFnet, who kicked things off by recommending that an IPv6 readiness test be carried out by one of their consultants. The test involved a full inventory check to see what was ready, what was not, and what steps needed to be taken prior to starting implementation.
This preparatory step ended up being indispensable. For instance, it made clear what Avans would need to replace in the ICT infrastructure. Also, importantly, it showed that the network equipment would need to be suitable for both IPv6 and IPv4 (dual stack). Aside from all this, another practical benefit of the readiness scan was that the team could be going into the budget meeting equipped not only with their idea of how to carry out the project, but rather with a set of plans backed up by the SURFnet consultants.
Three phases of design and implementation
The project was divided into three phases: core network first, applications and servers second, desktops third. This was essential if the group was going to be able to adjust and test the network without disruption. As David Schrok, network manager at Avans said: "For every network application you have to research, adjust and test the entire chain on IPv6.”
A key concern through the design phase of the project was the question of how the core network equipment would react. Almost all the equipment was based on one vendor, so the team got them to provide a few systems for testing. The team also anticipated other challenges, such as dealing with the security system running on the core routers.
Indeed, security was a key focus for the team, especially due to certain known security issues with public addresses and IPv6. Lots of measures were taken to strengthen security. But this raised a number of further issues, exposing a number of bugs in the software.
As they embarked on this phase of the project, the team did have one major point in their favour: since Avans had received a decent allocation of IPv4 space, the existing network didn’t rely on NAT. In fact, as a result of this, they were actually able to return IPv4 addresses to SURFnet, cutting their address space down from two to one /16 network.
A key part of the team’s plan was to build a copy of the entire network environment used at the university in Breda, the aim being to have a full test environment in which to start IPv6 deployment. This would allow the team to carry out as much testing as required without causing any disruption whatsoever for end users. “The test phase provided many insights into how IPv6 works. That is the best advice I want to give everyone: use a test environment, a copy of your real environment ", says Schrok.
Applications and servers
As the team turned to applications and servers, it quickly became clear that they would need to prioritise. Rather than trying to tackle the complete list of over 150 applications within Avans, they made a top 10 of the most-used applications. A central goal of the project was to have these ten IPv6 ready. At the top of the list was the Avans website, both public and internal. The list then included learning environment, student administration, DNS, mail, wireless (also treated as an application). The document management system was in top ten, but they didn’t support dual stack.
The process was not without issues. The team faced some DNS related problems, and also issues with mail servers. In fact, when enabling IPv6 in the Exchange test environment that environment broke, so the decision was made to bypass it and go to the cloud. But in general, the problems were minor, with the second phase of the project going quite smoothly.
The desktops were not a problem. All laptops and operating systems the students use, support IPv6 and use IPv6 if available by default. This meant that phases two and three of the project fell into each other in the end.
By February 2015, after testing, the group was ready to start implementing, and in December 2015, they started enabling IPv6. From there, focus shifted to firewalls, core routers (12 of them), IT administration networks, and so on.
As for that goal of zero disruption, whilst there were some very slight lapses, the team succeeded in obtaining its goal. For instance, some public websites stopped working. After implementing on IT networks – started implementing on client networks.
The goal was to implement IPv6, without end users noticing. "We succeeded", says Schrok proudly. "We were able to roll out IPv6 in 2 years time, in addition to our daily work". Approximately half of the network traffic now goes via IPv6. With this, Avans is on place one of all educational and research institutions in the Netherlands in terms of IPv6 use. Both in volume and in ratio, the ratio IPv4/IPv6 traffic.
The project for IPv6 deployment carried out by the team at Avans provides invaluable insights for others planning to make the move to IPv6. The team has already been in contact with other groups, such as Hogeschool Zeeland, who are already deep into their own IPv6 adoption project, and they met with Fontys and the University of Rotterdam to share what they learnt about tackling the deployment of IPv6. What’s more, given the success of the Avans project, SURFnet has been able to produce a best practice document based on the team’s work. What all this shows us is that, as much as we all learn from our mistakes, there’s also a great deal to be derived from our successes. This is vital as the need for IPv6 deployment becomes ever more pressing.