Upload
rollin
View
50
Download
0
Embed Size (px)
DESCRIPTION
Cisco IPv6 Solutions Integration & Co-Existence. Benoit Lourdelet Technology Product Management, NSSTG [email protected]. Agenda. IPv6 Rationales IPv6 Protocol overview General Deployment Concepts Enterprise Deployment Service Provider Deployment. IPv6 Rationales. - PowerPoint PPT Presentation
Citation preview
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Cisco IPv6 Solutions Integration & Co-Existence
Benoit Lourdelet
Technology Product Management, NSSTG
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
Agenda
IPv6 Rationales IPv6 Protocol overview General Deployment Concepts Enterprise Deployment Service Provider Deployment
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
IPv6 Rationales
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
What is IPv6? Basic Perspectives
The End-User PerspectiveApplications & Services focusApplications & Services focus
Integration per application modelIP Agnostic
The End-User PerspectiveApplications & Services focusApplications & Services focus
Integration per application modelIP Agnostic
The Network Manager Perspective Infrastructure focusInfrastructure focus
Stable specifications, commercial implementations
Cost of deployment and operation
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
Key Aspects Reminder
IPv6 is NOT a feature. It is about the fundamental IP network layer model developed for end-to-end services and network transparency
Deployments of production IPv6 infrastructures are under way, the time has come to move our focus to edge, access and usage
6Bone is phasing out, 6NET is closed,…
Today’s IPv6 deployment drivers do not rely on uncovering the “future killer application” anymore, they focus instead on:
Performing the same as on IPv4 but on a larger scale
Operational cost savings or simpler network models when deploying applications
Leading the innovation
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
WHEREAS, community access to Internet Protocol (IP) numbering Resources has proved essential to the successful growth of the Internet; and,
WHEREAS, ongoing community access to Internet Protocol version 4 (IPv4) numbering resources can not be assured indefinitely; and,
WHEREAS, Internet Protocol version 6 (IPv6) numbering resources are available and suitable for many Internet applications,
BE IT RESOLVED, that this Board of Trustees hereby advises the Internet community that migration to IPv6 numbering resources is necessary for any applications which require ongoing availability from ARIN of contiguous IP numbering resources; and,
BE IT ORDERED, that this Board of Trustees hereby directs ARIN staff to take any and all measures necessary to assure veracity of applications to ARIN for IPv4 numbering resources; and,
BE IT RESOLVED, that this Board of Trustees hereby requests the ARIN Advisory Council to consider Internet Numbering Resource Policy changes advisable to encourage migration to IPv6 numbering resources where possible.
ARIN (ARIN Board of Trustees) 7 May 2007
Breaking news
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
Market Drivers IPv4 address pool exhaustion – 2010-2015?
National IT strategyU.S. Federal – OMB memo called for IPv6 infra in June 2008Japan, Korea,…China Next Generation Internet (CNGI) projectEuropean Commission sponsored projectsEmerging countries IPv6 Task Force, ie: India, Africa,…
Microsoft Windows Vista & Longhorn releasesAnd other O.S. or applications
Next Gen. Broadband: DOCSIS 3.0, Quad Play with HDTV,…
Mobile SP – 3G/4G/WiMax, IP NGN IMS, IP/TV on Mobiles
Networks in Motion
Networked Sensors,…
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
IPv6 Integration – Per Application Model
As soon as the infrastructure is IPv6 capable…IPv6 integration can follow a non-disruptive “per application” model
Today, all O.S.
are Dual-Stack
New Generation of Internet Appliances
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
U-2010 – IPv6 Public Safety Framework
SatelliteSatelliteSatelliteSatelliteGPRS/3GGPRS/3GGPRS/3GGPRS/3G
RadioRadioRadioRadio WiMaxWiMaxWiMaxWiMax
WiFiWiFiWiFiWiFi
Wireless Network InfrastructuresWireless Network InfrastructuresWireless Network InfrastructuresWireless Network Infrastructures
SensorsSensorsSensorsSensorsVoiceVoiceVoiceVoice VideoVideoVideoVideo DataDataDataData
TimeTimeSynchSynchTimeTime
SynchSynchLocalizationLocalizationLocalizationLocalization ManagementManagementManagementManagement
Instant Instant MessengerMessenger
Instant Instant MessengerMessenger
DirectoryDirectoryservicesservicesDirectoryDirectoryservicesservices
• Secure environmentSecure environment• Bi-directional communicationsBi-directional communications
PublicPublicInformationInformation
PublicPublicInformationInformation
CrisisCrisisManagementManagement
CrisisCrisisManagementManagement
Bio-Ecological Health
Terrorism Rescue
Transportation disaster
Natural disaster
PrivatePrivatePrivatePrivate
GovernmentGovernment
Fixed Network InfrastructuresFixed Network InfrastructuresFixed Network InfrastructuresFixed Network Infrastructures
PublicPublicBroadbandBroadband
IPv6 - Common Networking Infrastructure EnablerIPv6 - Common Networking Infrastructure Enabler
FirstFirstRespondersResponders
FirstFirstRespondersResponders
• IP MobilityIP Mobility•Ad-Hoc NetworksAd-Hoc Networks
• TraceabilityTraceability• Community of InterestCommunity of Interest
Risk ProfilesRisk Profiles
DVB-HDVB-HDVB-HDVB-H
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
IPv6 Protocol overview
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
IPv4 & IPv6 Header Comparison
Version IHLType of Service
Total Length
Identification FlagsFragment
Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options Padding
Version Traffic Class Flow Label
Payload Length Next Header Hop Limit
Source Address
Destination Address
IPv4 HeaderIPv4 Header IPv6 HeaderHeader
- field’s name kept from IPv4 to IPv6
- fields not kept in IPv6
- Name & position changed in IPv6
- New field in IPv6Leg
end
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
IPv6 HeaderNext Header = 6 (TCP)
TCP header & payload
IPv6 HeaderNext Header = 43 (Routing)
TCP header & payload
Routing HeaderNext Header = 6 (TCP)
Authentication HeaderNext Header = 6 (TCP)
IPv6 HeaderNext Header = 43 (Routing)
Routing HeaderNext Header = 51 (AH)
TCP header & payload
IPv6 Packet Structure – RFC 2460
• IPv6 hardware forwarding must be able to parse all fields to read about option headers and L4 details for packet filtering and monitoring • Ref. http://www.cisco.com/en/US/products/ps6553/products_white_paper0900aecd8054d37d.shtml
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
Address Allocation
The allocation process is defined by the 5 Registries: IANA allocates 2000::/3 as Global Unicast [RFC 4291]Registries get ::/12 prefix(es) from IANA [formerly /23] under new policy - http://www.icann.org/announcements/announcement-12oct06.htm Registry allocates a /32 prefix [formerly /35] to IPv6 ISP and othersThen policies recommend that the ISP allocates a /48 prefix to each customer (or potentially /64)http://www.ripe.net/ripe/docs/ipv6policy.htmlhttp://www.icann.org/announcements/ipv6-report-06sep05.htm New Policy to assign PI and IX prefixes as /48
2001 0DB8
ISP prefixSite prefix
LAN prefix
/32 /48 /64
Interface ID
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
IP ServiceIP Service IPv4 SolutionIPv4 Solution IPv6 SolutionIPv6 Solution
Mobile IP with Direct Routing
DHCP
Mobile IP
IGMP/PIM/Multicast BGP
IP Multicast MLD/PIM/Multicast BGP, Scope Identifier
Mobility
AutoconfigurationServerlessServerless,,
ReconfigurationReconfiguration,, DHCPDHCPServerlessServerless,,
ReconfigurationReconfiguration,, DHCPDHCP
IPv6 Technology Scope
32-bit, Network Address Translation
128-bit, MultipleScopes
Addressing Range
Quality-of-Service Differentiated Service, Integrated Service
Differentiated Service, Integrated Service
Security IPSec Mandated, works End-to-End
IPSec
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
Introducing Local Network Protection for IPv6
IPv4 Network Address Translation (NAT) is widely deployed and its success is due to the fact that today’s Internet is primarily running Client/Server applications.
No reason to treat NAT as evil, better to analyze “Market’s perceived benefits of IPv4 NAT”, then educate how similar benefits can be achieved with IPv6
Topology hiding, addressing autonomy, simple security,…
Local Network Protection for IPv6A set of IPv6 techniques that may be combined on an IPv6 site to simplify and protect the integrity of its network architecture, without the need for Address Translation
http://www.ietf.org/internet-drafts/draft-ietf-v6ops-nap-06.txt
SiSi
InternetIPv6 Global & ULA address space
Explicit Context Based Access Control
DHCPv6 Prefix Delegation
AccessSiSi
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
General Deployment
Concepts
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17
IPv6 – Planning Steps
Q1
Q2
Q3
Q4
2008Q1
Q2
Q3
Q4
20072005Q1
Q2
Q3
Q4
2006Q1
Q2
Q3
Q4
2009 201x
Address planning
Network AssessmentCost Analysis
Deploying
Training
Production
Testing
Identifying the business
case
How long is needed for each phase of an IPv6 deployment project?
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
The Scope of IPv6 Deployment
P r
o v
i s
i o
n i n
g &
M o
n i t
o r
i n
gP
r o
v i s
i o
n i n
g &
M o
n i t
o r
i n
g
Peer to Peer(ie: Instant Messenger)
Peer to Peer(ie: Instant Messenger)
Multimedia(Video Conf)
Multimedia(Video Conf)
InformationServices
InformationServicesServer to ClientServer to Client
BroadbandNetworks
BroadbandNetworks
Provider Edge
Provider Edge
Enterprise WAN
Enterprise WANCampusCampus
Integration & Co-ExistenceIntegration & Co-Existence
IPv6 Forwarding & Routing protocols (RIPng, EIGRP, OSPFv3, IS-ISv6, MP-BGP4)
IPv6 Forwarding & Routing protocols (RIPng, EIGRP, OSPFv3, IS-ISv6, MP-BGP4)
FrameRelay
PPPHDLC
POSIP ATMFE
GE, 10GEWireless
xDSLCable, FTTH
Op
era
tion
s a
nd
Tra
inin
gO
pera
tion
s a
nd
Tra
inin
g
IPv6 Services – The Cisco IOS EmphasisIPv6 Services – The Cisco IOS Emphasis
Provider Core
Provider Core
IPv4-IPv6TranslationIPv4-IPv6
TranslationSecuritySecurityMulticastMulticastQoSQoS InstrumentationInstrumentation
IPv6 over MPLS(AToM, 6PE/6VPE)IPv6 over MPLS(AToM, 6PE/6VPE)
IPv6 over IPv4 Tunnels(Configured, 6to4, ISATAP, GRE)IPv6 over IPv4 Tunnels(Configured, 6to4, ISATAP, GRE)
Native IPv4 & IPv6Cisco IOS is Multi-Protocol
Since Day 1
Native IPv4 & IPv6Cisco IOS is Multi-Protocol
Since Day 1
MobilityMobility
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
Network Assessment A key and mandatory step to evaluate the impact of IPv6
integration
May be split in several phasesInfrastructure – networking devices
Hosts, Servers and applications
Must be as complete as possible to allow upgrade costs evaluation and planning
Hardware type, memory size, interfaces, CPU load,…
Software version, features enabled, license type,…
Difficult to complete if a set of features is not defined per device’s category for a specific environment
IPv6-capable definition, knowledge of the environment and applications, design goals
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
IPv6 Addressing Considerations
Understand the IPv6 addressing model
Several IETF related documents (RFC 4291 (3513), 3041, 3056, 3879, 4007, 4193, 4214…)
IANA and Registries policies and prefix allocation rules
http://www.arin.net/policy/nrpm.html#ipv6
Internal rules
Develop an addressing plan
Leverage hierarchical addressing system within network, for route aggregation and consolidation at the core
Address are assigned to interfaces as on IPv4, but interfaces expected to have multiple addresses
Address type, scope and lifetimeUnicast, Anycast, MulticastValid and preferred lifetime – RFC 4192 on Renumbering
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21
Education
It is a very important aspect of planning. Knowledgeable staff would make better decisions in planning the deployment. The sooner it is initiated the less expensive and more valuable it is.
Many education options:
Formalized training used to train-the-trainer.
Global resources- 6Bone(http://www.6bone.net) - IPv6 Forum (http://www.ipv6forum.com) - IPv6 Task Force (http://www.ipv6tf.org)
North- America (http://www.nav6tf.org) Europe (http://www.ipv6tf.org/meet/tf/eutf.php) Japan (http://www.v6pc.jp/en/index.html)
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
Education (cont.)
Many education options:
Reference Projects- 6DISS (http://www.6diss.org) - 6NET (http://www.6net.org) - Euro6IX (http://www.euro6ix.org) - Moonv6 (http://moonv6.sr.unh.edu)
Cisco resources- Partner e-Learning Connection: http://www.cisco.com/warp/public/10/wwtraining/pec/peclogin.html - Cisco Learning Connection: http://www.cisco.com/en/US/learning/le31/le46/learning_customer_e-learning_connection_tool_launch.shtml
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23
Enterprise Deployment
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24
Deployment Scenario for Enterprises
Environment ScenarioCisco IOS support
WAN IPv6 services available from ISP Dual Stack Yes
Dedicated Data Link layers, eg. LL, ATM & FR PVC, dWDM
LambdaDual Stack Yes
No IPv6 services from ISP or experimentation – few sites
Configured Tunnels
Yes
No IPv6 services from ISP or experimentation – many sites,
any to any communication6to4 Yes
Campus L3 infrastructure – IPv6 capable Dual Stack Yes
L3 infrastructure – not IPv6 capable, or sparse IPv6 hosts
populationISATAP Yes
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25
Campus IPv6 Deployment OptionsDual-stack IPv4/IPv6
Requires switching/routing platforms to support hardware based forwarding for IPv4 and IPv6
IPv6 is transparent on L2 switches except for multicast - MLD snooping
IPv6 management—Telnet/SSH/HTTP/SNMP
Requires robust control plane for both IPv4 and IPv6
Variety of routing protocols—The same ones in use today with IPv4
Requires support for IPv6 multicast, QoS, infrastructure security, etc…
IPv4 and IPv6 control planes and data planes must not impact each other (See RST-3301)
DistributionLayer
AccessLayer
CoreLayer
AggregationLayer (DC)
IPv6 Server
L2/L3
v6-Enabled
v6-Enabled
v6-Enabled
v6-Enabled
IPv6/IPv4 Dual Stack
AccessLayer (DC)
DualStack
Du
al Stack
Du
al Stack
Du
al Stack
Du
al Stack
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26
Campus IPv6 Deployment OptionsHybrid Model
Offers IPv6 connectivity via multiple optionsDual-stackConfigured tunnels – L3-to-L3ISATAP – Host-to-L3
Leverages existing network Offers natural progression to full dual-stack
design May require tunneling to less-than-optimal
layers (i.e. Core layer) ISATAP creates a flat network (all hosts on
same tunnel are peers)Create tunnels per VLAN/subnet to keep same segregation as existing design (not clean today)
Provides basic HA of ISATAP tunnels via old Anycast-RP idea
ISATAP does not support IPv6 Multicast Configured tunnels do support IPv6
Multicast
Dual-stackServer
L2/L3
v6-Enabled
v6-Enabled
v6-Enabled
Not v6-Enabled
v6-Enabled
Not v6-Enabled
Hybrid Model
DistributionLayer
AccessLayer
CoreLayer
AggregationLayer (DC)
ISA
TA
P T
un
nel
AccessLayer (DC)
Co
nfig
ure
d T
un
nel
Du
al Stack
Du
al S
tac
k
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27
Campus IPv6 Deployment OptionsIPv6 Service Block – An Interim Approach
ISATAP
IPv6 Service Block
Inte
rne
t
Dedicated FW
IOS FW
Data Center Block
Red VLAN
WAN/ISP Block
Provides ability to rapidly deploy IPv6 services without touching existing network
Provides tight control of where IPv6 is deployed and where the traffic flows (maintain separation of groups/locations)
Provides basic HA of ISATAP ISATAP tunnels from PCs in Access
layer to service Block switches In this example configured tunnels are
used from Data Center to Service Block Dependency on ISATAP alienates IPv6
multicast applications 1) Leverage existing ISP block for both
IPv4 and IPv6 access 2) Use dedicated ISP connection just for
IPv6 – Can use IOS FW or PIX/ASA appliance
Primary ISATAP Tunnel
Secondary ISATAP Tunnel
Equal-cost Configured Tunnel (Mesh)
AccessLayer
DistributionLayer
IPv4-onlyCampusBlock
CoreLayer
AggLayer
Blue VLAN
2
1
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28
IPv6 Enabled BranchTake Your Pick – Mix-and-Match
Internet
HQ
Dual-StackIPSec VPN (IPv4/IPv6)IOS Firewall (IPv4/IPv6)Integrated Switch (MLD-snooping)
Branch Single Tier
HQ
Internet Frame
Branch Dual Tier
Dual-StackIPSec VPN or Frame RelayIOS Firewall (IPv4/IPv6)Switches (MLD-snooping)
Branch Multi-Tier
Dual-StackIPSec VPN or MPLS (6PE/6VPE)Firewall (IPv4/IPv6)Switches (MLD-snooping)
HQ
Internet MPLS
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 29
Tunnel(s)
Cisco VPN Client in IPv6 environment
IPsec VPNIPv6-in-IPv4 Tunnel
Remote User
IPv4 IPSec Termination(PIX/ASA/IOS VPN/Concentrator)
Internet CorporateNetwork
Firewall Dual-Stack server
IPv6 Traffic
IPv4 Traffic
IPv6 Tunnel Termination
IPv6 LinkIPv4 Link
RequirementCisco IOS release with either Configured or ISATAP tunnelsCisco VPN Client 4.x
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 30
Cisco IPv6 Security SolutionsIPv6 Firewall• IOS Firewall 12.3T, 12.4, 12.4T• PIX 7.x• ASA 5500 series• FWSM 3.x
IPsec – Secure Connectivity• IPv6 over IPv4 IPsec tunnels• IPv4 dynamic IPSec to protect IPv6 over IPv4 tunnels with dynamic IPv4 end point• IPv6 IPSec Authentication for OSPFv3• IPv6 IPsec Tunnel Router-to-Router
Packet filtering – Threat protection• Standard, reflexive, extended access control list• Enhanced extended ACL – filtering on Routing Type• Hardware e-ACL filtering capabilities (CRS-1, C12K, C7600, C6500,…) including parsing option headers
IPv6 IPSec HW Encryption• 7200 VAM2+ SPA• ISR AIM VPN• next gen. 5G IPsec VPN SPA
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31
Looking at IPv6 Network Management
Network Management evolution needs to be integrated in the IPv6 deployment strategyIn a dual-stack network, both IPv4 and IPv6
environments must be managed with the best optimization to decrease the cost of operations
3 areas to considerInstrumentation (MIBs, Netflow record, IP
SLA,…)
New IP MIBs, RFC 4001 compliancy
Network Protocol (SNMP, TFTP, Syslog, Telnet, SSH,…over IPv6)
NMS & Applications for IPv6
DNS/DHCP server (CNR 6.2), Netflow Collector 5.x, Ciscoworks LMS 2.5 (Topology, User Tracking,…)
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 32
Cisco SJCInternal Net Cisco SJC
DMZ
Cisco IT IPv6 Deployment
IPv4Internet
IPv6InternetAddress
Management& DNS
Network Monitoring
HostDMZ Tunnel
Router
IPv4Firewall
IPv6 Firewall & Tunnel Termination
Router(incl. ISATAP)
Cisco GlobalNetwork
IPv4 Internet Access Router
Lab
Lab
Lab
Development Labs
DMZ Lab
DMZ Development
Lab
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 33
ISP Deployment
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 34
IPv6 Deployment Scenario for ISP
Environment ScenarioCisco IOS support
Access
Few customers, no native IPv6 service form the PoP or Data
link is not (yet) native IPv6 capable, ie: Cable Docsis
Tunnels Yes
Native IPv4-IPv6 services between aggregation and end-
usersDual Stack Yes
Dedicated circuits – IPv4 – IPv6 Dual Stack Yes
Core Native IP – Core is IPv6 aware Dual Stack Yes
MPLS – Core is IPv6 unaware 6PE/6VPE Yes
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 35
Dual Stack IPv4-IPv6
802.11 Hot-Spot
Dual-Stack CoreDual-Stack Core
IPv6 Broadband UsersIPv6 Broadband Users
IPv6 IX
PeeringPeering
DSLDSL, Cable, CableFTTHFTTH
Aggregation
ISP’s
6to4 RelayCourtesy Service
EnterpriseDual-Stack orDual-Stack orDedicated L2 circuitsDedicated L2 circuits
IPv6 IX Peering
IPv6 Transit services
IPv6 enables on Core Routers
IPv6 services to Enterprise customers
IPv6 services to Home Users
Additional Services
6to4 relay courtesy service
IPv6 Multicast for streaming (Triple Play)
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 36
IPv6 over MPLS Infrastructure
Service Providers have already deployed MPLS in their IPv4 backbone for various reasons
MPLS/VPN, MPLS/QoS, MPLS/TE, ATM + IP switching
Several IPv6 over MPLS scenarios
IPv6 Tunnels configured on CE (no impact on MPLS)
IPv6 over Circuit_over_MPLS (no impact on IPv6)
IPv6 Provider Edge Router (6PE) over MPLS & IPv6 VPN over MPLS (6VPE) with IPv6 Provider Edge Router (6PE) over MPLS & IPv6 VPN over MPLS (6VPE) with no impact on MPLS coreno impact on MPLS core
Native IPv6 MPLS (require full network upgrade)
Upgrading software to IPv6 Provider Edge Router (6PE)Low cost and risk as only the required Edge routers are upgraded or installedAllows IPv6 Prefix delegation by ISP
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 37
Minimum Infrastructure Upgrade for 6PE
GE
GE GE
IPv6 Server
6PE router
Cisco 7600Sup.720 as 6PE
Data Center IPv6 Network
MPLS/IPv4
MPLS Coreup to OC-192
GE
IPv4 Server
NAT-PTOnly IPv6 segment
•6PE – RFC 4798 – defined by Cisco and available from IOS •MPLS/IPv4 Core Infrastructure is IPv6-unaware• PEs are updated to support Dual Stack/6PE • IPv6 reachability exchanged among 6PEs via iBGP (MP-BGP)• IPv6 packets transported from 6PE to 6PE inside MPLS
FTTH
MP-iBGP session6PE router v6
v4/v6
v4
CE
POPDSL
POP
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 38
IPv6 Integration on MPLS VPN infrastructure
MPLS/IPv4 Core Infrastructure is IPv6-unaware
PEs are updated to support Dual Stack/6VPE
IPv6 VPN can co-exist with IPv4 VPN – same scope and policies
6VPE – RFC 4659 – Cisco authored for IPv6 VPN over MPLS/IPv4 infrastructure
Cisco IOS 12.2(33)SRB on 7600, IOS-XR 3.5 on C12000
Site-1
Site-2PE1 PE2
P2P1
CE2
VRF red
VRF red
CE1
iGP-v4 (OSPF, ISIS) LDP-v4
MP-eBGP sessionAddress-family IPv4Address-family IPv6 MP-eBGP session
Address-family IPv4Address-family IPv6
Dual-stack network
Dual-stack network
Dual stack server
Dual-stackipv4 addresses: 10.100/16ipv6 addresses: 2001:100::/64
vrfAddress-family IPv4Address-family IPv6
2001:101::/6410.101/16
2001:201::/6410.201/16
MP-iBGP sessionAddress-family VPNv4Address-family VPNv6
vrf definition site1 rd 100:1 route-target import 100:1 route-target export 100:1 address-family ipv4 address-family ipv6!interface ethernet0/0vrf forwarding site1ip address 10.100.1.2 255.255.0.0ipv6 address 2001:100::72b/64
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 39
Cisco IOS IPv6 Broadband Access Solutions
VideoIPv6 Multicast
DistributedComputing (GRID)
Enterprise
Internet
ISP A
PSTN
Dial
DSLAM
DSL
802.11
Access
Ethernet
DOCSIS 3.0 proposalCable
Mobile RAN
NAS
BAS
Head-end
Layer 2 Encapsulation(s)
ATM RFC 1483 Routed or Bridged (RBE)PPP, PPPoA, PPPoE, Tunnel (Cable)
Dual-Stack or MPLS (6PE) Core IPv4/IPv6
IPv4/IPv6Firewall
PIX, IOS FW
IPv6 Prefix PoolsIPv6 Radius(Cisco VSA and RFC 3162)DHCPv6 Prefix DelegationStateless DHCPv6DHCPv6 RelayGeneric Prefix
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 40
Prefix/Options Assignment
CPEPE
ISP
Host
ISP provisioning system
DHCP ND/DHCPAAA
(1) CPE sends DHCP solicit with ORO = PD
(2) PE sends RADIUS request for the user(3) RADIUS responds with
user’s prefix(es)(4) PE sends DHCP REPLY with
Prefix Delegation options(5) CPE configures addresses from the prefix on its downstream interfaces, and sends an RA. O-bit is set to on
(6) Host configures addresses based on the prefixes received in the RA. As the O-bit is on, it sends a DHCP INFORMATION-REQUEST message, with an ORO = DNS(7) CPE sends a DHCP REPLY
containing request options
DHCP Client DHCP Server
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 41
Summary
The End-User PerspectiveIP version needs to be transparentIP version needs to be transparent
The End-User PerspectiveIP version needs to be transparentIP version needs to be transparent
Markets Perspective
IPv6 enables innovation, scalability and IPv6 enables innovation, scalability and simplicitysimplicity
Software Developer Perspective Applications must be “Applications must be “IP agnosticIP agnostic””
Network Manager Perspective Infrastructure Infrastructure must be deliver IPv6 up to the edge/access must be deliver IPv6 up to the edge/access
layerlayer
Network Manager Perspective Infrastructure Infrastructure must be deliver IPv6 up to the edge/access must be deliver IPv6 up to the edge/access
layerlayer
Ensure an orderly and secured transition Ensure an orderly and secured transition using Cisco IPv6 Solutionsusing Cisco IPv6 Solutions
Ensure an orderly and secured transition Ensure an orderly and secured transition using Cisco IPv6 Solutionsusing Cisco IPv6 Solutions
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 42
Q and A
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 43
More Information
CCO IPv6 - http://www.cisco.com/ipv6 Cisco IPv6 Solutions
http://www.cisco.com/en/US/tech/tk872/technologies_white_paper09186a00802219bc.shtml
IPv6 Application Noteshttp://www.cisco.com/warp/public/732/Tech/ipv6/ipv6_techdoc.shtml
Cisco IOS IPv6 manuals http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_vcg.htm
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 44