IPv6 Microsegmentation

Overall rating: 4.75 Instructor: 4.67 Materials: 4.83 more …

Layer-2 security (aka first-hop security) is as problematic in IPv6 as it was in IPv4 almost a decade ago. We need to fight the same problems that we had to solve in IPv4 world (DHCP spoofing, ND spoofing instead of ARP spoofing) and a few new ones unique to the IPv6 world (rogue RAs, fragmented headers).

What if we'd stop relying on large failure domains built with 40-year-old technology that still emulates thick coaxial cable (Ethernet), admit that many network edge devices support IPv6 routing as well as L2 forwarding, and limit Ethernet to where it was designed to be used: data link layer between adjacent devices.

Is it possible to build a layer-3-only IPv6 network without assigning a /64 prefix to every host and exploding the IPv6 forwarding tables? This webinar explores alternative solutions that work well in large-scale production environments.


This webinar is part of IP version 6 roadmap and accessible with standard subscription

Start now Access content


The webinar covers the following topics:

  • Overview of IPv6 layer-2 security challenges
  • Layer-3-only IPv6 networks
  • IPv6 microsegmentation on mobile, DSL and Carrier Ethernet networks
  • Data Center considerations
  • Hypervisor-based IPv6 microsegmentation
  • Layer-3-only data center networks

About the Author

Ivan PepelnjakIvan Pepelnjak (CCIE#1354 Emeritus) has been designing, deploying, operating and troubleshooting IP-based enterprise and service provider networks since 1990. He’s the author of EIGRP and MPLS books published by Cisco Press, numerous articles and highly praised webinars, including Building Large IPv6 Service Provider Networks, IPv6 Security and IPv6 Transition Mechanisms.

His blog, where you'll find numerous data center- and IPv6-related articles, is usually considered one of the best technology-focused internetworking blogs.

More about Ivan Pepelnjak