Upload
jorge-marcillo
View
18
Download
1
Tags:
Embed Size (px)
Citation preview
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1BRKRST-130114444_04_2008_c1
An Introduction to IPv6
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2BRKRST-130114444_04_2008_c1
BRKRST-1301
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
2
Why IPv6?
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3BRKRST-130114444_04_2008_c1
A Need for IPv6?
IETF IPv6 WG began in early 90s, to solve addressing growth issues, but
CIDR, NAT,…were developed
IPv4 32 bit address = 4 billion hosts~40% of the IPv4 address space is still unused which is different from unallocated
The rising of Internet connected device and appliance will eventually deplete the IPv4 address space
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4BRKRST-130114444_04_2008_c1
IP is everywhereData, voice, audio and video integration is a reality
Regional registries apply a strict allocation control
So, only compelling reason: More IP addresses
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
3
IP Address Allocation HistoryThe H-D ratio (RFC 3194) is the measure of allocation inefficiency; adjusting the raw numbers from the RIRs to compensate for their historical allocation efficiency of 87%
160192224256 IPv4 Address Pool
IANA RIR IANA Policy - RIRs Allocated Pool for 12-24 Months Distribution
Projections based on Jan 2000 to current their historical allocation efficiency of 87%matches the published IANA pool
1981—IPv4 protocol published1985 ~ 1/16 of total space1990 ~ 1/8 of total space1995 ~ 1/3 of total space2000 ~ 1/2 of total space2005 ~ 1/4 of total space remaining2007 ~ 1/5 of total space remaining
This despite increasingly intense conservation effort See Article in the Internet Protocol Journal
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_8-3/ipj_8-
0326496
128160 Pool TOTAL
ARIN
HistoricRIPEAPNICLACNICAFRINIC
Collective RIR Pool Window
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5BRKRST-130114444_04_2008_c1
PPP/DHCP address sharing NAT (network address translation)CIDR (classless inter-domain routing) plus some address reclamation
Theoretical limit of 32-bit space: ~4 billion devices, Practical limit of 32-bit space: ~250 million devices (RFC 3194)U.S. DoC IPv6 RFC http://www.ntia.doc.gov/ntiahome/ntiageneral/ipv6/commentsindex.html
p _ pj_ pj_3.pdf
Why Not NAT
It was created as a temp solution
NAT breaks the end-to-end modelNAT breaks the end-to-end model
Growth of NAT has slowed down growth of transparent applications
No easy way to maintain states of NAT in case of node failures
NAT break security
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6BRKRST-130114444_04_2008_c1
NAT break security
NAT complicates mergers, double NATing is needed for devices to communicate with each other
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
4
IPv6 Technology
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7BRKRST-130114444_04_2008_c1
IPv4 and IPv6 Header Comparison
Total LengthType of ServiceIHLVersion
IPv4 Header
Flow LabelTraffic ClassVersion
IPv6 Header
Fragment OffsetFlags
PaddingOptions
Destination Address
Source Address
Header ChecksumProtocolTime to Live
Identification
Next Header Hop Limit
Class
Source Address
Payload Length
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8BRKRST-130114444_04_2008_c1
Destination Address
Field’s Name Kept from IPv4 to IPv6
Fields Not Kept in IPv6
Name and Position Changed in IPv6
New Field in IPv6Lege
nd
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
5
Extension Headers
IPv6 Base Header (40 octets)
Base headerNext Header = 0
1st E t i0 or more Extension Headers
IPv6 Packet
N t H d 17 E t Hd L th
Data
1st Extension Header
Next Header = 43
Last Extension Header
Next Header = 17
…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10BRKRST-130114444_04_2008_c1
Next Header = 17 Ext Hdr Length
Ext Hdr Data
MTU Issues
Minimum link MTU for IPv6 is 1280 octets(vs. 68 octets for IPv4)
=> on links with MTU < 1280, link-specificfragmentation and reassembly must be used
Implementations are expected to perform path MTU discovery to send packets bigger than 1280
Minimal implementation can omit PMTU discovery as long as all packets kept ≤ 1280 octets
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12BRKRST-130114444_04_2008_c1
long as all packets kept ≤ 1280 octets
A hop-by-hop option supports transmission of “jumbograms” with up to 232 octets of payload; payload is normally 216
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
6
IPv6 Addressing
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14BRKRST-130114444_04_2008_c1
IPv6 Addressing
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15BRKRST-130114444_04_2008_c1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
7
Addressing Format
16-bit hexadecimal numbers
Numbers are separated by (:)
Representation
Numbers are separated by (:)
Hex numbers are not case sensitive
Abbreviations are possibleLeading zeros in contiguous block could be represented by (::)
Example:
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17BRKRST-130114444_04_2008_c1
2001:0db8:0000:130F:0000:0000:087C:140B
2001:0db8:0:130F::87C:140B
Double colon only appears once in the address
Addressing
Representation of prefix is just like CIDR
In this representation you attach the prefix length
Prefix Representation
In this representation you attach the prefix length
Like v4 address:198.10.0.0/16
V6 address is represented the same way:2001:db8:12::/48
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18BRKRST-130114444_04_2008_c1
Only leading zeros are omitted. Trailing zeros are not omitted
2001:0db8:0012::/48 = 2001:db8:12::/48
2001:db8:1200::/48 ≠ 2001:db8:12::/48
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
8
IPv6 Address Representation
Loopback address representation0:0:0:0:0:0:0:1=> ::10:0:0:0:0:0:0:1 ::1
Same as 127.0.0.1 in IPv4
Identifies self
Unspecified address representation0:0:0:0:0:0:0:0=> ::
Used as a placeholder when no address available
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19BRKRST-130114444_04_2008_c1
Used as a placeholder when no address available
(Initial DHCP request, Duplicate Address Detection DAD)
IPv6—Addressing Model
Addresses are assigned to interfacesChange from IPv4 mode:Change from IPv4 mode:
Interface “expected” to have multiple addresses
Addresses have scopeLink Local
Unique Local
GlobalLink LocalUnique LocalGlobal
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20BRKRST-130114444_04_2008_c1
Global
Addresses have lifetimeValid and preferred lifetime
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
9
Types of IPv6 Addresses
UnicastAddress of a single interface. One-to-one delivery toAddress of a single interface. One to one delivery to single interface
MulticastAddress of a set of interfaces. One-to-many delivery to all interfaces in the set
Anycast
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22BRKRST-130114444_04_2008_c1
Address of a set of interfaces. One-to-one-of-many delivery to a single interface in the set that is closest
No more broadcast addresses
Aggregatable Global Unicast Addresses
Provider Site Host
Aggregatable Global Unicast Addresses Are:
001
64 Bits3 45 Bits 16 Bits
Global Routing Prefix SLA Interface ID
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23BRKRST-130114444_04_2008_c1
Aggregatable Global Unicast Addresses Are:Addresses for generic use of IPv6
Structured as a hierarchy to keep the aggregation
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
10
Global ID 40 Bits
Unique-Local
128 Bits
Interface IDGlobal ID 40 Bits
Subnet ID
16 Bits
Interface ID
1111 110
FC00::/7
7 Bits
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24BRKRST-130114444_04_2008_c1
Unique-Local Addresses Used for: Local communications
Inter-site VPNs
Not routable on the Internet
Remaining 54 Bits
Link-Local
128 Bits
Interface IDRemaining 54 Bits
Link-Local Addresses Used for:
Interface ID
1111 1110 10
FE80::/10
10 Bits
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25BRKRST-130114444_04_2008_c1
Mandatory Address for Communication between two IPv6 device (like ARP but at Layer 3)
Automatically assigned by Router as soon as IPv6 is enabled
Also used for Next-Hop calculation in Routing Protocols
Only Link Specific scope
Remaining 54 bits could be Zero or any manual configured value
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
11
IPv6 Multicast Address
IP multicast address has a prefix FF00::/8 (1111 1111); the second octet defines the lifetime and scope of the multicast addressand scope of the multicast address
8-bit 4-bit 4-bit 112-bit
1111 1111 Lifetime Scope Group-ID
Lifetime Scope
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26BRKRST-130114444_04_2008_c1
0 If Permanent1 If Temporary
1 Node2 Link5 Site8 OrganizationE Global
Some Well Known Multicast Addresses
Address Scope Meaning
FF01::1 Node Local All NodesFF01::1 Node-Local All Nodes
FF02::1 Link-Local All Nodes
FF01::2 Node-Local All Routers
FF02::2 Link-Local All Routers
FF05::2 Site-Local All Routers
FF02::1:FFXX:XXXX Link-Local Solicited-Node
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27BRKRST-130114444_04_2008_c1
Note that 02 means that this is a permanent address and has link scope
More details at http://www.iana.org/assignments/ipv6-multicast-addresses
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
12
FF02 0000 0000 0000 0000 0001 FF17 FC0F
Multicast Mapping over Ethernet
IPv6 Multicast Address
33 33 FF 17 FC 0F
Mapping of IPv6 multicast address to Ethernet
Corresponding Ethernet Address
Multicast Prefix for Ethernet
Multicast
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28BRKRST-130114444_04_2008_c1
pp gaddress is:
33:33:<last 32 bits of the IPv6 multicast address>
Solicited-Node Multicast Address
For each unicast and anycast address configured there is a corresponding solicited-node multicast
Thi i i ll d f t f th l t f ARPThis is specially used for two purpose, for the replacement of ARP, and DAD
Used in neighbor solicitation messages
Multicast address with a link-local scope
Solicited-node multicast consists of prefix + lower 24 bits from unicast, FF02::1:FF:
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29BRKRST-130114444_04_2008_c1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
13
R1#sh ipv6 int e0Ethernet0 is up, line protocol is upIPv6 is enabled, link-local address is FE80::200:CFF:FE3A:8B18
Router Interface
No global unicast address is configuredJoined group address(es):
FF02::1FF02::2FF02::1:FF3A:8B18
MTU is 1500 bytesICMP error messages limited to one every 100 millisecondsICMP redirects are enabledND DAD is enabled, number of DAD attempts: 1ND h bl ti i 30000 illi d
Solicited-Node Multicast Address
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30BRKRST-130114444_04_2008_c1
ND reachable time is 30000 millisecondsND advertised reachable time is 0 millisecondsND advertised retransmit interval is 0 millisecondsND router advertisements are sent every 200 secondsND router advertisements live for 1800 secondsHosts use stateless autoconfig for addresses.
R1#
IPv6 Prefix Allocation Hierarchy and Policy Example
IANA2001::/3
ISP/32ISP
/32
APNIC::/12 to::/23
AfriNIC::/12 to::/23
ARIN::/12 to::/23
LACNIC::/12 to::/23
RIPE NCC::/12 to::/23
ISP/32
ISP/32ISP
/32ISP/32
ISP/32ISP
/32ISP/32
ISP/32ISP
/32ISP/32
ISP/32ISP
/32ISP/32
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33BRKRST-130114444_04_2008_c1
Site/48Site
/48
/32
Site/48
Site/48Site
/48
/32
Site/48
Site/48Site
/48
/32
Site/48
Site/48Site
/48
/32
Site/48
Site/48Site
/48
/32
Site/48
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
14
IPv6 Address Allocation Process
Lowest-Order 64-bit field of unicast address may be assigned in several
Partition of Allocated IPv6 Address Space (Cont.)
be assigned in several different ways:
Auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g., Ethernet address)
Auto-generated pseudo-random number(to address privacy concerns)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35BRKRST-130114444_04_2008_c1
( p y )
Assigned via DHCP
Manually configured
IPv6 Interface Identifier
Cisco uses the EUI-64 format to do stateless auto configuration 00 90 27 17 FC 0Fauto-configuration
This format expands the 48 bit MAC address to 64 bits by inserting FFFE into the middle 16 bits
To make sure that the chosen address is from a niq e Ethernet MAC
00 90 27 FF FE 17 FC 0F
FF FE00 90 27 17 FC 0F
000000U0 Where U=1 = Unique
0 = Not Unique
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36BRKRST-130114444_04_2008_c1
a unique Ethernet MAC address, the universal/local (“u” bit) is set to 1 for global scope and 0 for local scope
0 = Not Unique
02 90 27 FF FE 17 FC 0F
U = 1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
15
ICMPv6 and Neighbor Discovery
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37BRKRST-130114444_04_2008_c1
ICMPv6
Internet Control Message Protocol version 6
RFC 2463RFC 2463
Modification of ICMP from IPv4
Message types are similar (but different types/codes)
Destination unreachable (type 1)
Packet too big (type 2)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38BRKRST-130114444_04_2008_c1
Packet too big (type 2)
Time exceeded (type 3)
Parameter problem (type 4)
Echo request/reply (type 128 and 129)
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
16
Neighbor Discovery
Replaces ARP, ICMP (redirects, router discovery)
Reachability of neighborsReachability of neighbors
Hosts use it to discover routers, auto configuration of addresses
Duplicate Address Detection (DAD)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40BRKRST-130114444_04_2008_c1
Neighbor Discovery
Neighbor discovery uses ICMPv6 messages, originated from node on link local with hop limit of 255
Consists of IPv6 header, ICMPv6 header, neighbor discovery header, and neighbor discovery options
Five neighbor discovery messages1. Router solicitation (ICMPv6 type 133)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41BRKRST-130114444_04_2008_c1
2. Router advertisement (ICMPv6 type 134)
3. Neighbor solicitation (ICMPv6 type 135)
4. Neighbor advertisement (ICMPv6 type 136)
5. Redirect (ICMPV6 type 137)
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
17
Router Solicitation and Advertisement
2 RA1 RS
1—ICMP Type = 133 (RS)
Src = link-local address (FE80::1/10)
Dst = all-routers multicast address (FF02::2)
Query = please send RA
2. RA1. RS
2—ICMP Type = 134 (RA)
Src = link-local address (FE80::2/10)
Dst = all-nodes multicast address (FF02::1)
Data = options, subnet prefix, lifetime, autoconfig flag
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42BRKRST-130114444_04_2008_c1
Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces
Routers send periodic Router Advertisements (RA) to the all-nodes multicast address
Neighbor Solicitation and Advertisement
A B
Neighbor SolicitationICMP type = 135
Src = A Dst = Solicited-node multicast of BData = link-layer address of A Query = what is your link address?
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43BRKRST-130114444_04_2008_c1
A and B can now exchange packets on this link
Neighbor AdvertisementICMP type = 136Src = B Dst = AData = link-layer address of B
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
18
Contents of NS
L2 Destination:L2 multicast address corresponding to targetcorresponding to target IPv6 Solicited Node Address
L3 Source:IPv6 Link-Local Address of source
L3 Destination:Solicited Node Addresscorresponding to target IPv6 address of destination
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44BRKRST-130114444_04_2008_c1
IPv6 address of destination
IPv6 Link-Local Address of destination
Contents of NA
L3 Source:IPv6 Link-Local Address of source
L3 Destination:IPv6 Link-Local Address of destination
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45BRKRST-130114444_04_2008_c1
Link-Layer address requestedIn the NS message
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
19
Multicast Neighbor Solicitation—For Duplicate Address Detection (DAD)
Ethernet Header• Dest MAC is 33-33-FF-52-F9-D8
Tentative IP: FE80::2:260:8FF:FE52:F9D8
Send multicast Neighbor Solicitation
Neighbor Solicitation
Dest MAC is 33 33 FF 52 F9 D8IPv6 Header• Source Address is ::• Destination Address is FF02::1:FF52:F9D8• Hop limit is 255Neighbor Solicitation Header• Target Address is
FE80::2:260:8FF:FE52:F9D8
Host A
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46BRKRST-130114444_04_2008_c1
Host B
Neighbor Solicitation
Host A uses DAD to verify the existence of a duplicate address before assigning the address to its interface.
Multicast Neighbor Advertisement (Response)
Ethernet Header• Destination MAC is 33-33-00-00-00-01IP 6 H d
Tentative IP: FE80::2:260:8FF:FE52:F9D8
N i hb Ad ti t
Host A
IPv6 Header• Source Address is FE80::2:260:8FF:FE52:F9D8• Destination Address is FF02::1• Hop limit is 255Neighbor Advertisement Header• Target Address is FE80::2:260:8FF:FE52:F9D8Neighbor Discovery Option• Target Link-Layer Address is 00-60-08-52-F9-D8
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47BRKRST-130114444_04_2008_c1
Host B
MAC: 00-60-08-52-F9-D8IP: FE80::2:260:8FF:FE52:F9D8
Neighbor Advertisement
Send multicast Neighbor Advertisement
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
20
Redirect
R2
A B
Redirect:Src = R2
R1Src = A Dst IP = 2001:db8:C18:2::1 Dst Ethernet = R2 (default router)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48BRKRST-130114444_04_2008_c1
Redirect is used by a router to signal the reroute of a packet to a better router
Dst = AData = good router = R12001:db8:C18:2::/64
Autoconfiguration
Mac Address:
Larger Address Space Enables:
Sends Network-Type Information
(Prefix, Default Route, …)
Host Autoconfigured Address Is:
Prefix Received + Link-Layer Address
Mac Address: 00:2c:04:00:FE:56
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49BRKRST-130114444_04_2008_c1
The use of link-layer addresses inside the address space
Autoconfiguration with “no collisions”
Offers “plug and play”
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
21
Renumbering
Mac Address:
Sends New Network-Type Information
(Prefix, Default Route, …)
Host Autoconfigured Address Is:
New Prefix Received + Link-Layer Address
Mac Address: 00:2c:04:00:FE:56
Data = Two prefixes:Current prefix (to be deprecated), with short lif ti
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50BRKRST-130114444_04_2008_c1
Larger Address Space Enables:Renumbering, using autoconfiguration and multiple addresses
lifetimesNew prefix (to be used), with normal lifetimes
interface Ethernet0ipv6 nd prefix 2001:db8:c18:1::/64 43200 0ipv6 nd prefix 2001:db8:c18:2::/64 43200 43200
Router Configuration after Renumbering:
Renumbering (Cont.)
ipv6 nd prefix 2001:db8:c18:2::/64 43200 43200
New Network Prefix: 2001:db8:c18:2::/64Deprecated Prefix: 2001:db8:c18:1::/64
interface Ethernet0ipv6 nd prefix 2001:db8:c18:1::/64 at Jul 31 2008 23:59 Jul 20 2008 23:59ipv6 nd prefix 2001:db8:c18:2::/64 43200 43200
or:
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51BRKRST-130114444_04_2008_c1
Host Configuration:
Autoconfiguring IPv6 Hosts
deprecated address 2001:db8:c18:1:260:8ff:fede:8fbepreferred address 2001:db8:c18:2:260:8ff:fede:8fbe
Router Advertisements
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
22
DHCP and DNS for IPv6
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 52BRKRST-130114444_04_2008_c1
DNS Basics
DNS is a database managing Resource Records (RR)Stockage of RR from various types—IPV4 and IPV6:
Start of Authority (SoA)
Name Server
Address—A and AAAA
Pointer—PTR
DNS is an IP applicationIt uses either UDP or TCP on top of IPv4 or IPv6
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53BRKRST-130114444_04_2008_c1
ReferencesRFC3596: DNS Extensions to Support IP Version 6
RFC3363: Representing Internet Protocol Version 6 Addresses in Domain Name system (DNS)
RFC3364: Tradeoffs in Domain Name System (DNS) Support for Internet Protocol version 6 (IPv6)
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
23
IPv4 IPv6
IPv6 and DNS
Hostname to IP address
A record:www.abc.test. A 192.168.30.1
AAAA record: www.abc.test AAAA 2001:db8:C18:1::2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54BRKRST-130114444_04_2008_c1
IP address to hostname
PTR record: 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.c.0.8.b.d.0.1.0.0.2.ip6.arpa PTR www.abc.test.
PTR record:1.30.168.192.in-addr.arpa. PTR
www.abc.test.
DHCPv6
Updated version of DHCP for IPv4
Supports new addressing
Can be used for renumbering
DHCP Process is same as in IPv4, but,
Client first detect the presence of routers on the link
If found, then examines router advertisements to determine if DHCP can be used
If no router found or if DHCP can be used, thenDHCP Solicit message is sent to the All-DHCP-Agents multicast address
Using the link-local address as the source address
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55BRKRST-130114444_04_2008_c1
Using the link local address as the source address
Multicast addresses used:FF02::1:2 = All DHCP Agents (servers or relays, Link-local scope)
FF05::1:3 = All DHCP Servers (Site-local scope)
DHCP Messages: Clients listen UDP port 546; servers and relay agents listen on UDP port 547
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
24
Managing DHCPv6 via Router Advertisement (Stateful Autoconfig)RAs Can Be Used to Control DHCPv6 Client Behavior
DHCPv6-Serv-1
DHCPv6-Relay-3
Core Router
DHCPv6-Relay-1
1. Router Advertisement (RA) sent with “Use Stateful
Autoconfiguration Flag” = ON
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56BRKRST-130114444_04_2008_c1
DHCPv6-Client-1
2. Client sends DHCPv6 SOLICIT
Stateless DHCPv6
Stateless DHCPv6 normally combines stateless autoconfiguration for address assignment, DHCPv6 exchange for all other configuration settingsconfiguration settings.
1. Router Advertisement (RA) sent, containing link prefix, also with “Other
configuration flag” = ONDHCPv6-Serv-1
DHCPv6-Relay-3
Core Router
DHCPv6-Relay-1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57BRKRST-130114444_04_2008_c1
2. Client autoconfigures address based on prefix option in RA, then sends DHCPv6 SOLICIT
DHCPv6-Client-1
DHCPv6-Relay-1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
25
Router AdvertisementCPE
Host
E0E1PE
ISP
Source of RA
User of RA
A Bit M/O Bits
A Operation M/O Operation
PECPE
E10 Don’t Do Stateless
Address Assignment 11 Use Dhcpv6 for Address + Other Config. (i.e., Stateful Dhcpv6)
CPE Do Stateless Address Use Dhcpv6 for Other Config
ISP Provisioning SystemDHCP Client DHCP Server
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58BRKRST-130114444_04_2008_c1
Stateless (RFC2462)RS Are Sent by Booting Nodes to Request RAs for Configuring the Interfaces; Host Autonomously Configures Its Own Link-Local Address
CPE Router Host 1 Do Stateless Address
Assignment 01 Use Dhcpv6 for Other Config. (i.e., Stateless Dhcpv6)
Prefix/Options AssignmentHost
E0E1PE
ISPCPE
1. CPE Sends DHCP Solicit with ORO = PD
2. PE Sends RADIUS Request for the User
3. RADIUS Responds with User’s Prefix(es)
4. PE Sends DHCP REPLY with Prefix Delegation Options
5 CPE Configures Addresses from6. Host Configures
Addresses Based on
ISP Provisioning SystemDHCP Client DHCP Server
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59BRKRST-130114444_04_2008_c1
DHCP ND/DHCPAAA
5. CPE Configures Addresses from The Prefix on Its Downstream Interfaces, and Sends an RA. O-bit Is Set to On
Addresses Based on the Prefixes Received in the RA. As the O-bit Is on, It Sends a DHCP Information-request Message, with an ORO = DNS
7. CPE Sends a DHCP REPLY Containing Request Options
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
26
IPv6 Configurations
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61BRKRST-130114444_04_2008_c1
IOS IPv6 Addressing Examples (1)Manual Interface Identifier
Fast0/0
ipv6 unicast-routing!interface FastEthernet0/0ip address 10.151.1.1 255.255.255.0ip pim sparse-moded l
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62BRKRST-130114444_04_2008_c1
duplex autospeed autoipv6 address 2006:1::1/64ipv6 enableipv6 nd ra-interval 30ipv6 nd prefix 2006:1::/64 300 300!
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
27
r1#sh ipv6 int fast0/0FastEthernet0/0 is up, line protocol is upIPv6 is enabled, link-local address is FE80::207:50FF:FE5E:9460Global unicast address(es):
IOS IPv6 Addressing Examples (1)Manual Interface Identifier
( )2006:1::1, subnet is 2006:1::/64
Joined group address(es):FF02::1FF02::2FF02::1:FF00:1FF02::1:FF5E:9460
MTU is 1500 bytesICMP error messages limited to one every 100 millisecondsICMP redirects are enabled
r1#sh int fast0/0
MAC Address : 0007.505e.9460
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63BRKRST-130114444_04_2008_c1
ND DAD is enabled, number of DAD attempts: 1ND reachable time is 30000 millisecondsND advertised reachable time is 0 millisecondsND advertised retransmit interval is 0 millisecondsND router advertisements are sent every 30 secondsND router advertisements live for 1800 secondsHosts use stateless autoconfig for addresses.
r1#
r1#sh int fast0/0
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 0007.505e.9460 (bia 0007.505e.9460)
IOS IPv6 Addressing Examples (2)EUI-64 Interface Identifier
Fast0/0
ipv6 unicast-routing!interface FastEthernet0/0ip address 10.151.1.1 255.255.255.0ip pim sparse-mode
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64BRKRST-130114444_04_2008_c1
duplex autospeed autoipv6 address 2006:1::/64 eui-64ipv6 enableipv6 nd ra-interval 30ipv6 nd prefix 2006:1::/64 300 300!
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
28
r1#sh ipv6 int fast0/0FastEthernet0/0 is up, line protocol is upIPv6 is enabled, link-local address is FE80::207:50FF:FE5E:9460
IOS IPv6 Addressing Examples (2)EUI-64 Interface Identifier
Global unicast address(es):2006:1::207:50FF:FE5E:9460, subnet is 2006:1::/64
Joined group address(es):FF02::1FF02::2FF02::1:FF5E:9460
MTU is 1500 bytesICMP error messages limited to one every 100 millisecondsICMP redirects are enabledND DAD is enabled number of DAD attempts: 1
r1#sh int fast0/0
FastEthernet0/0 is up, line protocol is up
MAC Address : 0007.505e.9460
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65BRKRST-130114444_04_2008_c1
ND DAD is enabled, number of DAD attempts: 1ND reachable time is 30000 millisecondsND advertised reachable time is 0 millisecondsND advertised retransmit interval is 0 millisecondsND router advertisements are sent every 30 secondsND router advertisements live for 1800 secondsHosts use stateless autoconfig for addresses.
r1#
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 0007.505e.9460 (bia 0007.505e.9460)
IPv6 Routing
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66BRKRST-130114444_04_2008_c1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
29
Static Routing
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67BRKRST-130114444_04_2008_c1
Static Routing
ipv6 route ipv6-prefix/prefix-length {ipv6-address | interface-type interface-number [ipv6-address]} [administrative-distance] [administrative-multicast-distance | unicast | multicast] [tag tag][administrative-multicast-distance | unicast | multicast] [tag tag]
Examples:Forward packets for network 2001:DB8::/32 through 2001:DB8:1:1::1 with an administrative distance of 10Router(config)# ipv6 route 2001:DB8::/32 2001:DB8:1:1::1 10
Default route to 2001:DB8:1:1::1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68BRKRST-130114444_04_2008_c1
Router(config)# ipv6 route ::/0 2001:DB8:1:1::1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
30
RIPng (RFC 2080)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 69BRKRST-130114444_04_2008_c1
Enhanced Routing Protocol SupportRIPng Overview RFC 2080command version must be zero
Address Family Identifier Route Tag
IPv4 Address
command version must be zero
IP 6 fi
Similar characteristics as IPv4Distance-vector, hop limit of 15, split-horizon, multicast based (FF02::9), UDP port (521) etc.
U d t d f t f IP 6
Subnet Mask
Next Hop
Metric
IPv6 prefix
route tag prefix len metric
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 70BRKRST-130114444_04_2008_c1
Updated features for IPv6IPv6 prefix & prefix len
Special Handling for the NHRoute tag and prefix len for NH is all 0. Metric will have 0xFF; NH must be link local
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
31
Enhanced Routing Protocol Support RIPng Configuration and Display
LAN1: 2001:db8:c18:1::/64
Router 2
Ethernet0 = 2001:db8:c18:1:260:3eff:fe47:1530
::/0
Router2#ipv6 router rip RT0
interface Ethernet0ipv6 address 2001:db8:c18:1::/64 eui-64ipv6 rip RT0 enableipv6 rip RT0 default-information originate
LAN1: 2001:db8:c18:1::/64
LAN2: 2001:db8:c18:2::/64
Ethernet0
Ethernet1Router 1
Router2# debug ipv6 ripRouter1#
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71BRKRST-130114444_04_2008_c1
oute # debug p 6 pRIPng: Sending multicast update on Ethernet0 for RT0
src=FE80::260:3eff:fe47:1530dst=FF02::9 (Ethernet0)sport=521, dport=521, length=32command=2, version=1, mbz=0, #rte=1tag=0, metric=1, prefix=::/0
Link-Local src Address
oute #ipv6 router rip RT0
interface Ethernet0ipv6 address 2001:db8:c18:1::/64 eui-64ipv6 rip RT0 enableInterface Ethernet1ipv6 address 2001:db8:c18:2::/64 eui-64ipv6 rip RT0 enable
Multicast All RIP-Routers
Access-List
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 72BRKRST-130114444_04_2008_c1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
32
Cisco IOS Standard Access Lists
Can filter traffic based on source and destination address
When Used for Traffic Filtering, IPv6 Standard Access Control Lists (ACL) Offers the Following Functions:
Can filter traffic inbound or outbound on a specific interface
Can add priority to the ACL
Implicit “deny all” at the end of access list
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 73BRKRST-130114444_04_2008_c1
IPv6 Access-List Example
Filtering outgoing traffic from unique-local source addresses
IPv6 Internet2001:0db8:c18:2::/64
fc00:0:0:2::/64
Ethernet0ipv6 access-list blocksite deny fc00:0:0:2::/64 any ipv6 access-list blocksite permit any any
interface Ethernet0ipv6 traffic-filter blocksite out
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 74BRKRST-130114444_04_2008_c1
Global prefix: 2001:0db8:c18:2::/64Unique-local prefix: fc00:0:0:2::/64
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
33
Deployment
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 75BRKRST-130114444_04_2008_c1
IPv4-IPv6 Transition/Coexistence
A wide range of techniques have been identified and implemented, basically falling into three categories:1. Dual-stack techniques, to allow IPv4 and IPv6 to
co-exist in the same devices and networks
2. Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions
3. Translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 76BRKRST-130114444_04_2008_c1
Expect all of these to be used, in combination
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
34
Dual Stack Approach
Application IPv6-Enable Application
PreferredTCP UDP
IPv4 IPv6
Data Link (Ethernet)
0x0800 0x86dd
TCP UDP
IPv4 IPv6
Data Link (Ethernet)
0x0800 0x86dd Frame Protocol ID
Preferred Method on
Application’s Servers
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 77BRKRST-130114444_04_2008_c1
Dual Stack Node Means:Both IPv4 and IPv6 stacks enabled
Applications can talk to both
Choice of the IP version is based on name lookup and application preference
Cisco IOS Dual Stack Configuration
Dual-Stack
router#ipv6 unicast-routing
Cisco IOS® Is IPv6-Enable:
IPv6 and IPv4 Network
Dual Stack Router
IPv4: 192.168.99.1
IPv6: 2001:db8:213:1::/64 eui-64
interface Ethernet0ip address 192.168.99.1 255.255.255.0ipv6 address 2001:db8:213:1::/64 eui-64
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 79BRKRST-130114444_04_2008_c1
Cisco IOS Is IPv6-Enable:If IPv4 and IPv6 are configured on one interface, the router is dual-stacked
Telnet, Ping, Traceroute, SSH, DNS client, TFTP, etc.
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
35
Tunneling
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 80BRKRST-130114444_04_2008_c1
Tunneling
Some ideas same as beforeGRE, MPLS, IP
Many Ways to Do Tunneling
GRE, MPLS, IP
Native IP over data link layersATM PVC, dWDM Lambda, Frame Relay PVC, Serial, Sonet/SDH, Ethernet
Some new techniquesAutomatic tunnels using IPv4 , compatible IPv6 address,
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 81BRKRST-130114444_04_2008_c1
g p6to4, ISATAP
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
36
Manually Configured GRE Tunnel
IP 4
Dual-Stack Router2
Dual-Stack Router1 IPv4IPv6
NetworkIPv6
Network
Router2Router1
IPv4: 192.168.99.1 IPv6: 2001:db8:800:1::3
IPv4: 192.168.30.1 IPv6: 2001:db8:800:1::2
router1# router2#
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 82BRKRST-130114444_04_2008_c1
interface Tunnel0ipv6 enableipv6 address 2001:db8:c18:1::3/128tunnel source 192.168.99.1tunnel destination 192.168.30.1tunnel mode gre ipv6
interface Tunnel0ipv6 enableipv6 address 2001:db8:c18:1::2/128tunnel source 192.168.30.1tunnel destination 192.168.99.1tunnel mode gre ipv6
Manually Configured IPv6 over IPv4 Tunnel
IP 4
Dual-Stack Router2
Dual-Stack Router1 IPv4IPv6
networkIPv6
network
Router2Router1
IPv4: 192.168.99.1 IPv6: 2001:db8:800:1::3
IPv4: 192.168.30.1 IPv6: 2001:db8:800:1::2
router1# router2#
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 83BRKRST-130114444_04_2008_c1
interface Tunnel0ipv6 enableipv6 address 2001:db8:c18:1::3/127tunnel source 192.168.99.1tunnel destination 192.168.30.1tunnel mode ipv6ip
interface Tunnel0ipv6 enableipv6 address 2001:db8:c18:1::2/127tunnel source 192.168.30.1tunnel destination 192.168.99.1tunnel mode ipv6ip
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
37
6to4 Tunneling
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 84BRKRST-130114444_04_2008_c1
Automatic 6to4 Tunnels
Automatic 6to4 tunnel allows isolated IPv6 domains to connect over an IPv4 network
Unlike the manual 6to4 the tunnels are not point-to-point, they are multipoint tunnels
IPv4 is embedded in the IPv6 address is used to find the other end of the tunnel
Address format is 2002:IPv4 address::
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85BRKRST-130114444_04_2008_c1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
38
Automatic 6to4 Tunnel (RFC 3056)
IPv4IP 6
6to4 Router6to4 Router IPv6 Host B
IPv6 Host A
IP 6
6to4:
IPv4IPv6 Network
192.168.99.1 192.168.30.1Network Prefix:
2002:c0a8:6301::/48Network Prefix:
2002:c0a8:1e01::/48= =
IPv6 Network
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 86BRKRST-130114444_04_2008_c1
Is an automatic tunnel method
Gives a prefix to the attached IPv6 network
/48 /64/16
Public IPv4Address
2002 SLA Interface ID
Automatic 6to4 Tunnel (RFC 3056)
S=2002:c0a8:6301::1D=2002:c0a8:1e01::2
S=2002:c0a8:6301::1D=2002:c0a8:1e01::2
IP 6 H d IP 6 D t IP 6 H d IP 6 D t
IPv4IPv6 Network
Tunnel: IPv6 in IPv4 Packet
IPv6 Host A 6to4 Router
IPv6 Host B6to4 Router
2002:c0a88:6301::1 2002:c0a8:1e01::2192.168.99.1 192.168.30.1
IPv6 Header IPv6 Data IPv6 Header IPv6 Data
IPv6 Network
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 87BRKRST-130114444_04_2008_c1
Tunnel: IPv6 in IPv4 Packet
S(v4)=192.168.99.1D(v4)=192.168.30.1S(v6)=2002:c0a8:6301::1D(v6)=2002:c0a8:1e01::2
IPv4 Header IPv6 Header IPv6 Data
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
39
Automatic 6to4 Configuration
IPv4IPv6 Network
IPv6 Network
6to4 Router2
6to4 Router1
E0 E0Network Network
192.168.99.1 192.168.30.1Network Prefix:2002:c0a8:6301::/48
Network Prefix:2002:c0a8:1e01::/48
= =
router1#interface Ethernet0
router2#interface Ethernet0
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 88BRKRST-130114444_04_2008_c1
ipv6 address 2002:c0a8:6301:1::/64 eui-64Interface Ethernet1ip address 192.168.99.1 255.255.0.0
interface Tunnel0ipv6 unnumbered Ethernet0tunnel source Ethernet1tunnel mode ipv6ip 6to4
ipv6 route 2002::/16 Tunnel0
ipv6 address 2002:c0a8:1e01:1::/64 eui-64Interface Ethernet1ip address 192.168.30.1 255.255.0.0interface Tunnel0ipv6 unnumbered Ethernet0tunnel source Ethernet1tunnel mode ipv6ip 6to4
ipv6 route 2002::/16 Tunnel0
Automatic 6to4 Relay
6to4 6to4
IPv6 Internet
IPv4RelayRouter1
192.168.99.1 192.168.30.1Network Prefix:2002:c0a8:6301::/48
= =
Network Prefix:2002:c0a8:1e01::/48
IPv6 Network
IPv6 Site Network
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 90BRKRST-130114444_04_2008_c1
6to4 Relay: Is a gateway to the rest of the IPv6 Internet
Is a default router
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
40
Automatic 6to4 Relay Configuration
IPv4
6to4 Router1
6to4 Relay
E0
IPv6 Internet
IPv6 Network
192.168.99.1Network Prefix:2002:c0a8:6301::/48 IPv6 Address:
2002:c0a8:1e01::1=
router1#interface Ethernet0ipv6 address 2002:c0a8:6301:1::/64 eui-64Interface Ethernet1
IPv6 Network
Network
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 91BRKRST-130114444_04_2008_c1
Interface Ethernet1ip address 192.168.99.1 255.255.0.0
interface Tunnel0no ip addressipv6 unnumbered Ethernet0tunnel source Ethernet1tunnel mode ipv6ip 6to4
ipv6 route 2002::/16 Tunnel0ipv6 route ::/0 2002:c0a8:1e01::1
Automatic 6to4 Tunnels
Border router must be dual stack with a global IPv4 address
Requirements for 6to4
Interior routing protocol for IPv6 is required
DNS for IPv6
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 92BRKRST-130114444_04_2008_c1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
41
ISATAP Tunneling
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 93BRKRST-130114444_04_2008_c1
Intrasite Automatic Tunnel Address Protocol
RFC 4214
To deploy a router is identified that carriesTo deploy a router is identified that carries ISATAP services
ISATAP routers need to have at least one IPv4 interface and 0 or more IPv6 interface
DNS entries are created for each of the ISATAP routers IPv4 addresses
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 95BRKRST-130114444_04_2008_c1
Hosts will automatically discover ISATAP routers and can get access to global IPv6 network
Host can apply the ISATAP service before all this operation but its interface will only have a link local v6 address until the first router appears
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
42
Intrasite Automatic Tunnel Address ProtocolUse IANA’s OUI 00-00-5E and Encode IPv4 Address as Part of EUI-64
ISATAP is used to tunnel IPv4 within as administrative domain (a
InterfaceIdentifier(64 bits)
IPv4 Address64-bit Unicast Prefix 0000:5EFE:32-bit32-bit
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 96BRKRST-130114444_04_2008_c1
ISATAP is used to tunnel IPv4 within as administrative domain (a site) to create a virtual IPv6 network over a IPv4 network
Supported in Windows XP Pro SP1 and others
IPv6 Campus ISATAP Configuration
Supported in Windows XP Pro SP1 and others
ISATAP connections look like one flat networkISATAP connections look like one flat network
Create DNS “A” record for “ISATAP” = 10.1.1.1
Use Static Config if DNS use is not desired:C:\>netsh interface ipv6 isatap set router 10.1.1.1
Currently ISATAP does not support multicast!!
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 97BRKRST-130114444_04_2008_c1
Currently ISATAP does not support multicast!!
Interface ID
IPv4 Address64-bit Unicast Prefix 0000:5EFE:32-bit32-bit
2001:DB8:C003:111F:0:5EFE:10.1.2.100
ISATAP Address Format:
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
43
Client Configuration (Linux): ISATAP Tunnels
IPv6-enabled
Requires Kernel support
L3 SwitchIPv6 Not Supported
IPv6 L3 Switch/Router
LinuxClient
q ppfor ISATAP—USAGI
Modified IProute package—USAGI
Must configure ISATAP router—not automatic
10.1.1.100—Client IPv4 address2001:DB8:C003:111f:0:5efe:10.1.1.100—IPv6 address
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 98BRKRST-130114444_04_2008_c1
# ip tunnel add is0 mode isatap 10.1.1.100 v4any 30.1.1.1 ttl 64# ip link set is0 up
Router IPHost IP
IPv6Network
IPv4 Network ISATAP Router 1
E0
Automatic Advertisement of ISATAP Prefix
ISATAP Tunnel
ISATAP Host A
NetworkISATAP Tunnel
ICMPv6 Type 133 (RS) IPv4 Source: 206.123.20.100 IPv4 Destination: 206.123.31.200 IPv6 Source: fe80::5efe:ce7b:1464 IPv6 Destination: fe80::5efe:ce7b:1fc8
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 99BRKRST-130114444_04_2008_c1
6 es a o e80 5e e ce b c8Send me ISATAP Prefix ICMPv6 Type 134 (RA)
IPv4 Source: 206.123.31.200 IPv4 Destination: 206.123.20.100 IPv6 Source: fe80::5efe:ce7b:1fc8 IPv6 Destination: fe80::5efe:ce7b:1464ISATAP Prefix: 2001:db8:ffff :2::/64
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
44
Automatic Address Assignment of Host and Router
IPv6Network
IPv4 NetworkE0
ISATAP Tunnel
ISATAP Router 1ISATAP Host A
ISATAP host A receives the ISATAP prefix 2001:db8:ffff:2::/64 from ISATAP Router 1
When ISATAP host A wants to send IPv6 packets to
206.123.20.100 fe80::5efe:ce7b:1464 2001:db8:ffff:2::5efe:ce7b:1464
206.123.31.200 fe80::5efe:ce7b:1fc8 2001:db8:ffff:2::5efe:ce7b:1fc8
NetworkISATAP Tunnel
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 100BRKRST-130114444_04_2008_c1
When ISATAP host A wants to send IPv6 packets to 2001:db8:ffff:2::5efe:ce7b:1fc8, ISATAP host A encapsulates IPv6 packets in IPv4. The IPv4 packets of the IPv6 encapsulated packets use IPv4 source and destination address.
Automatic Configuring ISATAP
IPv4 NetworkE0
ISATAP TunnelIPv6
Network
ISATAP Router 1ISATAP Host A
The tunnel source command must point to an interface with an IPv4 address configured
Configure the ISATAP IPv6 address, d fi t b d ti d j t
ISATAP-router1#!interface Ethernet0ip address 206.123.31.200 255.255.255.0!
ISATAP Tunnel Network
206.123.20.100 fe80::5efe:ce7b:1464 2001:db8:ffff:2::5efe:ce7b:1464
206.123.31.200 fe80::5efe:ce7b:1fc8 2001:db8:ffff:2::5efe:ce7b:1fc8
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 101BRKRST-130114444_04_2008_c1
and prefixes to be advertised just as you would with a native IPv6 interface
The IPv6 address has to be configured as an EUI-64 address since the last 32 bits in the interface identifier is used as the IPv4 destination address
interface Tunnel0ipv6 address 2001:db8:ffff:2::/64 eui-64no ipv6 nd suppress-ratunnel source Ethernet0tunnel mode ipv6ip isatap
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
45
Translation
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 103BRKRST-130114444_04_2008_c1
Legacy Services (IPv4 Only)
NAT–PT
IPv6-Only IPv4-Only S t
Many of the non-routing/switching products do not yet support IPv6 (i.e., content switching modules)
IPv6 Server
Legacy IPv4 Server
Segment
IPv6-EnabledNetwork
Segment
IPv6-onlyHost
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 104BRKRST-130114444_04_2008_c1
NAT-PT (Network Address Translation–Protocol Translation) as an option to front-end IPv4-only server—Note: NAT-PT IS being moved to experimental
Place NAT-PT box as close to IPv4 only server as possible
Be very aware of performance and manageability issues
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
46
Configuring Cisco IOS NAT-PT
NAT-PT enables communication between IPv6-only and IPv4-only nodes
CEF switching in 12.3(14)Ti t f F tEth t0/0
192.168.1.0/24 F0/1
.10
DNS
.100
interface FastEthernet0/0ipv6 address 2001:DB8:C003:1::1/64ipv6 cefipv6 nat
!interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0ipv6 nat prefix 2010::/96ipv6 nat
!ipv6 nat v4v6 source 192.168.1.100 2010::100
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 105BRKRST-130114444_04_2008_c1
2001:DB8:C003:1::/64
F0/0NAT Prefix 2010::/96
2001:DB8:C003:1::10
ipv6 nat v4v6 source 192.168.1.10 2010::10!ipv6 nat v6v4 source route-map MAP1 pool V4POOLipv6 nat v6v4 pool V4POOL 192.168.2.1 192.168.2.10 prefix-length 24!route-map MAP1 permit 10match interface FastEthernet0/0
NAT-PT Packet Flow
NAT-PTIPv4 IPv6NAT-PTInterface
DNS IPv6 Host
Interface
192.168.1.10 2001:DB8:C003:1::10
Src: 2001:DB8:C003:1::10
12
Src: 192.168.2.10
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 106BRKRST-130114444_04_2008_c1
Dst: 2010::10 Dst: 192.168.1.10
3
Src: 192.168.1.10Dst: 192.168.2.10
Src: 2010::10Dst: 2001:DB8:C003:1::10
4
DynamicStatic
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
47
Conclusion
IPv6 is real!
Start now rather than laterP h f th f tPurchase for the future
Start moving legacy application towards IPv6 support
Test, test and then test some more!
Integration can be done per Application (Dual Stack or Tunneled)
Microsoft Vista and Longhorn have IPv6 enabled by default and preferred over IPv4
Things to consider:Don’t assume your favorite vendor/app/gear has an IPv6 plan
Full parity between IPv4 and IPv6 is still a ways off
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 107BRKRST-130114444_04_2008_c1
Watch the standards and policies: http://www.ietf.org and http://www.arin.net/policy/proposals/2006_4.html
Enterprise and SP Deployment Scenarios:ISP IPv6 Deployment Scenarios in Broadband Access Networks (RFC 4779)
Scenarios and Analysis for Introducing IPv6 into ISP Networks (RFC 4029)
IPv6 Enterprise Network Scenarios (RFC 4057)
Procedures for Renumbering an IPv6 Network without a Flag Day (RFC 4192)
Q and A
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 108BRKRST-130114444_04_2008_c1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
48
More Information
CCO IPv6http://www.cisco.com/ipv6
The ABC of IPv6http://www.cisco.com/en/US/products/sw/iosswrel/products_abc_ios_overview.html
IPv6 e-Learning [requires CCO username/password] http://www.cisco.com/warp/customer/732/Tech/ipv6/elearning/
IPv6 Access Serviceshttp://www.cisco.com/warp/public/732/Tech/ipv6/docs/ipv6_access_wp_v2.pdf
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 109BRKRST-130114444_04_2008_c1
ICMPv6 Packet Types and Codes TechNotehttp://www.cisco.com/warp/customer/105/icmpv6codes.html
Cisco IOS IPv6 Product [email protected]
Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press
Check the Recommended Reading flyer for suggested books
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 110BRKRST-130114444_04_2008_c1
Available Onsite at the Cisco Company Store
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
49
Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily.
Don’t forget to activate your Cisco Live virtual account for access to
Receive 20 Passport points for each session evaluation you complete.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
all session material on-demand and return for our live virtual event in October 2008.
Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 111BRKRST-130114444_04_2008_c1 111© 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-130114444_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 112BRKRST-130114444_04_2008_c1