Network Management using IPv6

It's not always a straightforward matter to extend IPv4 tools to manage dual-stack IPv4-IPv6 networks. In this blog we'll look at network device management tasks within the "FCAPS" model framework to help determine IPv6 readiness.

BOOK GIVEAWAY: We're looking to give away 15 copies of Nikhil Sharma's book, IPv6 for Enterprise Networks. Want one?

FCAPS

FCAPS is an acronym for Fault, Configuration, Accounting, Performance, Security.  It's is a model and framework for network management defined by the ISO Telecommunications Management Network. This framework can be used to look at the IT management as a whole ranging from applications, servers, communication devices, etc. 

Fault Analysis

A fault event would result in the network device sending a notification to the network management station (NMS) using SNMP or other proprietary protocols as well as write the error log to a syslog server.  This notification can trigger manual or automatic activities.

A Cisco devices can send SNMP notifications to an IPv6 host.  However, you would need to check the MIBs supported.  RFCs 4292, 4293, 4022 and 4113 provide MIBs that are agnostic to the IP protocol version.  These should be used instead of protocol dependent RFCs for ease of management.

Syslog process on the Cisco device allows the users to capture device logs on a centralized log repository.  Recent Cisco devices (both IOS and NX OS) are capable of sending logs to IPv6 hosts.

The first tool that network administrators use to check connectivity is ping.  ICMPv6 support has been on Cisco devices for a long time.

Configuration Management

Most of the network services needed for the task of collecting and storing configurations and providing services for example TFTP, NTP, etc. are supported over IPv6. 

SNMP based network instrumentation tools need to ensure IPv6 support as outlined in the previous section.

In order to use a HTTP client, URLs with literal IPv6 addresses must be formatted as per RFC 2732.  For example, a device with IPv6 address 2001:db8:cafe:1001::4507 would be represented as http://[2001:db8:cafe:1001::4507].

Telnet and SSH operate the same way as with IPv4 assuming that you are running software that supports IPv6.

Accounting

The goal of this section to gather statistics for users.  These statistics can be for billing purpose as well as provide accountability of “who did what and when”.   Both RADIUS and TACACS support IPv6.  The operation is similar to IPv4.

Performance Management

Capacity planning as well as performance analysis is perhaps the most important function of a network administrator.  The challenge over here is to have the same level of application visibility as was with IPv4.  NetFlow is a great tool to collect performance metrics, however does not have IPv6 support.  Flexible NetFlow on the other hand does have IPv6 support in addition to customizing traffic analysis parameters.

Flexible NetFlow can be used with tools such as Embedded Event Manager (EEM) to send out automated notifications from the device in case of performance degradation.

Capture tools such as SPAN are not aware of the IP protocol and can be used in the same manner to monitor IPv6 traffic.

Existing IP service-level agreements (SLA) would need to be changed to IPv6 in order to monitor and proactively discover end-to-end network performance issues.

Security Management

In terms of access control and policy management with Cisco ACS, Access Control Lists (ACLs) if used would probably need to be configured for IPv6 to provide the same policies as IPv4.

Clearly, network management is a broad topic. But the above should help you get started on where to begin with network management using IPv6.  More in-depth blogs on network management using IPv6 to follow!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)