You are on page 1of 49

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

An Introduction to IPv6

BRKRST-1301

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Why IPv6?

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

A Need for IPv6?


IETF IPv6 WG began in early 90s, to solve addressing growth issues, but
CIDR, NAT,were developed

IPv4 32 bit address = 4 billion hosts


~40% of the IPv4 address space is still unused which is different from unallocated The rising of Internet connected device and appliance will eventually deplete the IPv4 address space

IP is everywhere
Data, voice, audio and video integration is a reality Regional registries apply a strict allocation control

So, only compelling reason: More IP addresses


BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

IP Address Allocation History


The H-D ratio (RFC 3194) is the measure of allocation inefficiency; adjusting the raw numbers from the RIRs to compensate for their historical allocation efficiency of 87% matches the published IANA pool
1981IPv4 protocol published 1985 ~ 1/16 of total space 1990 ~ 1/8 of total space 1995 ~ 1/3 of total space 2000 ~ 1/2 of total space 2005 ~ 1/4 of total space remaining 2007 ~ 1/5 of total space remaining

256 192 160 128 96 64 32 0

IANA Policy - RIRs Allocated Pool for 12-24 Months Distribution 224 Projections based on Jan 2000 to current

IPv4 Address Pool


Collective RIR Pool Window IANA Pool

RIR TOTAL ARIN

Historic

RIPE APNIC LACNIC AFRINIC

This despite increasingly intense conservation effort

See Article in the Internet Protocol Journal


http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_8-3/ipj_8p _ pj_ pj_ 3.pdf

PPP/DHCP address sharing NAT (network address translation) CIDR (classless inter-domain routing) plus some address reclamation

Theoretical limit of 32-bit space: ~4 billion devices, Practical limit of 32-bit space: ~250 million devices (RFC 3194) U.S. DoC IPv6 RFC http://www.ntia.doc.gov/ntiahome/ntiageneral/ipv6/comme ntsindex.html
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Why Not NAT


It was created as a temp solution NAT breaks the end-to-end model Growth of NAT has slowed down growth of transparent applications No easy way to maintain states of NAT in case of node failures NAT break security NAT complicates mergers, double NATing is needed for devices to communicate with each other

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

IPv6 Technology

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

IPv4 and IPv6 Header Comparison


IPv4 Header
Version IHL Type of Service Total Length Flags Fragment Offset Version

IPv6 Header
Traffic Class Flow Label

Identification Time to Live Protocol

Header Checksum

Payload Length

Next Header

Hop Limit

Source Address Destination Address Options Padding

Source Address

Legend

Fields Name Kept from IPv4 to IPv6 Fields Not Kept in IPv6 Name and Position Changed in IPv6 New Field in IPv6

Destination Address

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Extension Headers
Base header Next Header = 0 Extension E t i Header Next Header = 43 Last Extension Header Next Header = 17 1st

IPv6 Base Header (40 octets) 0 or more Extension Headers Data

IPv6 Packet

N tH Next Header d = 17

E t Hdr Ext Hd Length L th Ext Hdr Data

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

10

MTU Issues
Minimum link MTU for IPv6 is 1280 octets (vs. 68 octets for IPv4)
=> on links with MTU < 1280, link-specific fragmentation and reassembly must be used

Implementations are expected to perform path MTU discovery to send packets bigger than 1280 Minimal implementation can omit PMTU discovery as long as all packets kept 1280 octets A hop-by-hop option supports transmission of jumbograms with up to 232 octets of payload; payload is normally 216
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

12

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

IPv6 Addressing

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

14

IPv6 Addressing

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

15

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Addressing Format
Representation 16-bit hexadecimal numbers Numbers are separated by (:) Hex numbers are not case sensitive Abbreviations are possible
Leading zeros in contiguous block could be represented by (::) Example: 2001:0db8:0000:130F:0000:0000:087C:140B 2001:0db8:0:130F::87C:140B Double colon only appears once in the address

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

17

Addressing
Prefix Representation Representation of prefix is just like CIDR In this representation you attach the prefix length Like v4 address:
198.10.0.0/16

V6 address is represented the same way:


2001:db8:12::/48

Only leading zeros are omitted. Trailing zeros are not omitted
2001:0db8:0012::/48 = 2001:db8:12::/48 2001:db8:1200::/48 2001:db8:12::/48
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

18

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

IPv6 Address Representation


Loopback address representation
0:0:0:0:0:0:0:1=> ::1 0:0:0:0:0:0:0:1 Same as 127.0.0.1 in IPv4 Identifies self

Unspecified address representation


0:0:0:0:0:0:0:0=> :: Used as a placeholder when no address available (Initial DHCP request, Duplicate Address Detection DAD)

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

19

IPv6Addressing Model
Addresses are assigned to interfaces
Change from IPv4 mode:

Interface expected to have multiple addresses Addresses have scope


Link Local Unique Local Global Global Unique Local Link Local

Addresses have lifetime


Valid and preferred lifetime

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

20

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Types of IPv6 Addresses


Unicast
Address of a single interface. One-to-one One to one delivery to single interface

Multicast
Address of a set of interfaces. One-to-many delivery to all interfaces in the set

Anycast
Address of a set of interfaces. One-to-one-of-many delivery to a single interface in the set that is closest

No more broadcast addresses

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

22

Aggregatable Global Unicast Addresses


Provider 3 45 Bits Site 16 Bits Host 64 Bits

Global Routing Prefix

SLA

Interface ID

001

Aggregatable Global Unicast Addresses Are:


Addresses for generic use of IPv6 Structured as a hierarchy to keep the aggregation

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

23

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Unique-Local
128 Bits
Global ID 40 Bits 1111 110 FC00::/7 Subnet ID 16 Bits Interface ID

7 Bits

Unique-Local Addresses Used for:


Local communications Inter-site VPNs Not routable on the Internet

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

24

Link-Local
128 Bits
Remaining 54 Bits 1111 1110 10 FE80::/10 Interface ID

10 Bits

Link-Local Addresses Used for:


Mandatory Address for Communication between two IPv6 device (like ARP but at Layer 3) Automatically assigned by Router as soon as IPv6 is enabled Also used for Next-Hop calculation in Routing Protocols Only Link Specific scope Remaining 54 bits could be Zero or any manual configured value
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

25

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

10

IPv6 Multicast Address


IP multicast address has a prefix FF00::/8 (1111 1111); the second octet defines the lifetime and scope of the multicast address

8-bit

4-bit

4-bit

112-bit

1111 1111 Lifetime


0 1

Lifetime

Scope

Group-ID

Scope
If Permanent If Temporary
1 2 5 8 E

Node Link Site Organization Global


26

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

Some Well Known Multicast Addresses


Address FF01::1 FF02::1 FF01::2 FF02::2 FF05::2 FF02::1:FFXX:XXXX Scope Node Local Node-Local Link-Local Node-Local Link-Local Site-Local Link-Local Meaning All Nodes All Nodes All Routers All Routers All Routers Solicited-Node

Note that 02 means that this is a permanent address and has link scope More details at http://www.iana.org/assignments/ipv6-multicast-addresses

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

27

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

11

Multicast Mapping over Ethernet


IPv6 Multicast Address FF02 0000 0000 0000 0000 0001 FF17 FC0F

Corresponding Ethernet Address Multicast Prefix for Ethernet Multicast

33

33

FF

17

FC

0F

Mapping pp g of IPv6 multicast address to Ethernet address is:


33:33:<last 32 bits of the IPv6 multicast address>

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

28

Solicited-Node Multicast Address


For each unicast and anycast address configured there is a corresponding solicited-node multicast Thi This i is specially i ll used df for t two purpose, f for th the replacement l t of f ARP ARP, and DAD Used in neighbor solicitation messages Multicast address with a link-local scope Solicited-node multicast consists of prefix + lower 24 bits from unicast, FF02::1:FF:

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

29

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

12

Router Interface
R1#sh ipv6 int e0 Ethernet0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::200:CFF:FE3A:8B18 No global unicast address is configured Joined group address(es): FF02::1 FF02::2 Solicited-Node Multicast Address FF02::1:FF3A:8B18 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable h bl ti time i is 30000 milliseconds illi d ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. R1#
BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

30

IPv6 Prefix Allocation Hierarchy and Policy Example


IANA 2001::/3

AfriNIC ::/12 to::/23

APNIC ::/12 to::/23

ARIN ::/12 to::/23

LACNIC ::/12 to::/23

RIPE NCC ::/12 to::/23

ISP ISP ISP/32 /32 /32

ISP ISP ISP/32 /32 /32

ISP ISP ISP/32 /32 /32

ISP ISP ISP/32 /32 /32

ISP ISP ISP/32 /32 /32

Site Site /48 Site /48 /48


BRKRST-1301 14444_04_2008_c1

Site Site /48 Site /48 /48


Cisco Public

Site Site /48 Site /48 /48

Site Site /48 Site /48 /48

Site Site /48 Site /48 /48


33

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

13

IPv6 Address Allocation Process


Partition of Allocated IPv6 Address Space (Cont.)
Lowest-Order 64-bit field of unicast address may be assigned in several different ways:
Auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g., Ethernet address) Auto-generated pseudo-random number (to address p ( privacy y concerns) ) Assigned via DHCP Manually configured

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

35

IPv6 Interface Identifier


Cisco uses the EUI-64 format to do stateless auto configuration auto-configuration This format expands the 48 bit MAC address to 64 bits by inserting FFFE into the middle 16 bits
00 00 90 90 27 FF 00 90 27 FF FE FE 17 FC 0F 27 17 FC 17 0F FC 0F

To make sure that the chosen 1 = Unique address is from 000000U0 Where U= 0 = Not Unique a unique niq e Ethernet MAC U=1 address, the universal/ local (u bit) is set to 1 02 90 27 FF FE 17 FC 0F for global scope and 0 for local scope

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

36

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

14

ICMPv6 and Neighbor Discovery

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

37

ICMPv6
Internet Control Message Protocol version 6 RFC 2463 Modification of ICMP from IPv4 Message types are similar (but different types/codes)
Destination unreachable (type 1) Packet too big (type 2) Time exceeded (type 3) Parameter problem (type 4) Echo request/reply (type 128 and 129)
BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

38

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

15

Neighbor Discovery
Replaces ARP, ICMP (redirects, router discovery) Reachability of neighbors Hosts use it to discover routers, auto configuration of addresses Duplicate Address Detection (DAD)

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

40

Neighbor Discovery
Neighbor discovery uses ICMPv6 messages, originated from node on link local with hop limit of 255 Consists of IPv6 header, ICMPv6 header, neighbor discovery header, and neighbor discovery options Five neighbor discovery messages
1. Router solicitation (ICMPv6 type 133) 2. Router advertisement (ICMPv6 type 134) 3. Neighbor solicitation (ICMPv6 type 135) 4. Neighbor advertisement (ICMPv6 type 136) 5. Redirect (ICMPV6 type 137)
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

41

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

16

Router Solicitation and Advertisement

1 RS 1.

2 RA 2.

1ICMP Type = 133 (RS) Src = link-local address (FE80::1/10) Dst = all-routers multicast address (FF02::2) Query = please send RA

2ICMP Type = 134 (RA) Src = link-local address (FE80::2/10) Dst = all-nodes multicast address (FF02::1) Data = options, subnet prefix, lifetime, autoconfig flag

Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces Routers send periodic Router Advertisements (RA) to the all-nodes multicast address
BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

42

Neighbor Solicitation and Advertisement


A B

Neighbor Solicitation ICMP type = 135 Src = A Dst = Solicited-node multicast of B Data = link-layer address of A Query = what is your link address? Neighbor Advertisement ICMP type = 136 Src = B Dst = A Data = link-layer address of B

A and B can now exchange packets on this link


BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

43

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

17

Contents of NS
L2 Destination: L2 multicast address corresponding to target IPv6 Solicited Node Address

L3 Source: IPv6 Link-Local Address of source

L3 Destination: Solicited Node Address corresponding to target IPv6 address of destination IPv6 Link-Local Address of destination

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

44

Contents of NA

L3 Source: IPv6 Link-Local Address of source L3 Destination: IPv6 Link-Local Address of destination

Link-Layer address requested In the NS message

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

45

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

18

Multicast Neighbor Solicitation


For Duplicate Address Detection (DAD)

Ethernet Header 33-33-FF-52-F9-D8 33 FF 52 F9 D8 Dest MAC is 33 IPv6 Header Source Address is :: Destination Address is FF02::1:FF52:F9D8 Hop limit is 255 Neighbor Solicitation Header Target Address is FE80::2:260:8FF:FE52:F9D8

Host A
Tentative IP: FE80::2:260:8FF:FE52:F9D8

Send multicast Neighbor Solicitation


Neighbor Solicitation

Host A uses DAD to verify the existence of a duplicate address before assigning the address to its interface.
Host B
BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

46

Multicast Neighbor Advertisement


(Response)

Ethernet Header Destination MAC is 33-33-00-00-00-01 IP 6 Header IPv6 H d Source Address is FE80::2:260:8FF:FE52:F9D8 Destination Address is FF02::1 Hop limit is 255 Neighbor Advertisement Header Target Address is FE80::2:260:8FF:FE52:F9D8 Neighbor Discovery Option Target Link-Layer Address is 00-60-08-52-F9-D8

Host A
Tentative IP: FE80::2:260:8FF:FE52:F9D8

N i hb Advertisement Neighbor Ad ti t

MAC: 00-60-08-52-F9-D8 IP: FE80::2:260:8FF:FE52:F9D8

Host B
BRKRST-1301 14444_04_2008_c1

Send multicast Neighbor Advertisement

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

47

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

19

Redirect
A B R2

R1

Src = A Dst IP = 2001:db8:C18:2::1 Dst Ethernet = R2 (default router) Redirect: Src = R2 Dst = A Data = good router = R1

2001:db8:C18:2::/64

Redirect is used by a router to signal the reroute of a packet to a better router


BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

48

Autoconfiguration

Mac Address: 00:2c:04:00:FE:56 Host Autoconfigured Address Is: Prefix Received + Link-Layer Address Sends Network-Type Information (Prefix, Default Route, )

Larger Address Space Enables:


The use of link-layer addresses inside the address space Autoconfiguration with no collisions Offers plug and play

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

49

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

20

Renumbering

Mac Address: 00:2c:04:00:FE:56 Host Autoconfigured Address Is: New Prefix Received + Link-Layer Address Sends New Network-Type Information (Prefix, Default Route, ) Data = Two prefixes: Current prefix (to be deprecated), with short lif ti lifetimes New prefix (to be used), with normal lifetimes

Larger Address Space Enables:


Renumbering, using autoconfiguration and multiple addresses

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

50

Renumbering (Cont.)
Router Configuration after Renumbering:
interface Ethernet0 ipv6 nd prefix 2001:db8:c18:1::/64 43200 0 ipv6 nd prefix 2001:db8:c18:2::/64 43200 43200

or:
interface Ethernet0 ipv6 nd prefix 2001:db8:c18:1::/64 at Jul 31 2008 23:59 Jul 20 2008 23:59 ipv6 nd prefix 2001:db8:c18:2::/64 43200 43200

New Network Prefix: 2001:db8:c18:2::/64 Deprecated Prefix: 2001:db8:c18:1::/64 Router Advertisements Host Configuration: Autoconfiguring IPv6 Hosts
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved.

deprecated address 2001:db8:c18:1:260:8ff:fede:8fbe preferred address 2001:db8:c18:2:260:8ff:fede:8fbe

Cisco Public

51

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

21

DHCP and DNS for IPv6

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

52

DNS Basics
DNS is a database managing Resource Records (RR)
Stockage of RR from various typesIPV4 and IPV6: Start of Authority (SoA) Name Server AddressA and AAAA PointerPTR

DNS is an IP application
It uses either UDP or TCP on top of IPv4 or IPv6

References
RFC3596: DNS Extensions to Support IP Version 6 RFC3363: Representing Internet Protocol Version 6 Addresses in Domain Name system (DNS) RFC3364: Tradeoffs in Domain Name System (DNS) Support for Internet Protocol version 6 (IPv6)
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

53

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

22

IPv6 and DNS


IPv4 IPv6

Hostname to IP address

A record:
www.abc.test. A 192.168.30.1

AAAA record:
www.abc.test AAAA 2001:db8:C18:1::2

IP address to hostname

PTR record:
1.30.168.192.in-addr.arpa. PTR www.abc.test.

PTR record:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.c.0. 8.b.d.0.1.0.0.2.ip6.arpa PTR www.abc.test.

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

54

DHCPv6
Updated version of DHCP for IPv4 Supports new addressing Can be used for renumbering DHCP Process is same as in IPv4, but, Client first detect the presence of routers on the link If found, then examines router advertisements to determine if DHCP can be used If no router found or if DHCP can be used, then
DHCP Solicit message is sent to the All-DHCP-Agents multicast address Using the link-local link local address as the source address

Multicast addresses used:


FF02::1:2 = All DHCP Agents (servers or relays, Link-local scope) FF05::1:3 = All DHCP Servers (Site-local scope) DHCP Messages: Clients listen UDP port 546; servers and relay agents listen on UDP port 547

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

55

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

23

Managing DHCPv6 via Router Advertisement (Stateful Autoconfig)


RAs Can Be Used to Control DHCPv6 Client Behavior

1. Router Advertisement (RA) sent with Use Stateful Autoconfiguration Flag = ON DHCPv6-Serv-1 Core Router DHCPv6-Relay-3 DHCPv6-Relay-1

DHCPv6-Client-1

2. Client sends DHCPv6 SOLICIT

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

56

Stateless DHCPv6
Stateless DHCPv6 normally combines stateless autoconfiguration for address assignment, DHCPv6 exchange for all other configuration settings settings.
1. Router Advertisement (RA) sent, containing link prefix, also with Other configuration flag = ON DHCPv6-Serv-1 Core Router DHCPv6-Relay-3 DHCPv6-Relay-1

DHCPv6-Client-1 2. Client autoconfigures address based on prefix option in RA, then sends DHCPv6 SOLICIT
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

57

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

24

Router Advertisement
PE ISP ISP Provisioning System E1
DHCP Client

CPE E0
DHCP Server

Host

Source of RA
PE CPE Router

User of RA
CPE E1 Host

A Bit A
0 1

M/O Bits M/O


11 01

Operation
Dont Do Stateless Address Assignment Do Stateless Address Assignment

Operation
Use Dhcpv6 for Address + Other Config. (i.e., Stateful Dhcpv6) Use Dhcpv6 for Other Config Config. (i.e., Stateless Dhcpv6)

Stateless (RFC2462) RS Are Sent by Booting Nodes to Request RAs for Configuring the Interfaces; Host Autonomously Configures Its Own Link-Local Address
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

58

Prefix/Options Assignment
PE ISP ISP Provisioning System E1
DHCP Client 1. CPE Sends DHCP Solicit with ORO = PD 3. RADIUS Responds with Users Prefix(es) 2. PE Sends RADIUS Request for the User 4. PE Sends DHCP REPLY with Prefix Delegation Options 5 CPE Configures Addresses from 5. The Prefix on Its Downstream Interfaces, and Sends an RA. O-bit Is Set to On 7. CPE Sends a DHCP REPLY Containing Request Options

CPE E0
DHCP Server

Host

6. Host Configures Addresses Based on the Prefixes Received in the RA. As the O-bit Is on, It Sends a DHCP Information-request Message, with an ORO = DNS

AAA
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

DHCP

ND/DHCP
59

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

25

IPv6 Configurations

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

61

IOS IPv6 Addressing Examples (1)


Manual Interface Identifier

Fast0/0

ipv6 unicast-routing ! interface FastEthernet0/0 ip address 10.151.1.1 255.255.255.0 ip pim sparse-mode d l duplex auto speed auto ipv6 address 2006:1::1/64 ipv6 enable ipv6 nd ra-interval 30 ipv6 nd prefix 2006:1::/64 300 300 !

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

62

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

26

IOS IPv6 Addressing Examples (1)


Manual Interface Identifier
r1#sh ipv6 int fast0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::207:50FF:FE5E:9460 Global unicast address(es): ( ) 2006:1::1, subnet is 2006:1::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 MAC Address : 0007.505e.9460 FF02::1:FF5E:9460 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled r1#sh int fast0/0 number of DAD attempts: 1 ND DAD is enabled, FastEthernet0/0 up, line milliseconds protocol is up ND reachable timeis is 30000 Hardware is AmdFE, address (bia 0007.505e.9460) ND advertised reachable time is is0007.505e.9460 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 30 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. r1#
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

63

IOS IPv6 Addressing Examples (2)


EUI-64 Interface Identifier

Fast0/0

ipv6 unicast-routing ! interface FastEthernet0/0 ip address 10.151.1.1 255.255.255.0 ip pim sparse-mode duplex auto speed auto ipv6 address 2006:1::/64 eui-64 ipv6 enable ipv6 nd ra-interval 30 ipv6 nd prefix 2006:1::/64 300 300 !

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

64

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

27

IOS IPv6 Addressing Examples (2)


EUI-64 Interface Identifier
r1#sh ipv6 int fast0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::207:50FF:FE5E:9460 Global unicast address(es): 2006:1::207:50FF:FE5E:9460, subnet is 2006:1::/64 Joined group address(es): FF02::1 MAC Address : 0007.505e.9460 FF02::2 FF02::1:FF5E:9460 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds r1#sh int fast0/0 ICMP redirects are enabled FastEthernet0/0 is number up, line protocol is up ND DAD is enabled enabled, of DAD attempts: 1 Hardware is AmdFE, address is 0007.505e.9460 (bia 0007.505e.9460) ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 30 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. r1#
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

65

IPv6 Routing

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

66

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

28

Static Routing

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

67

Static Routing
ipv6 route ipv6-prefix/prefix-length {ipv6-address | interface-type interface-number [ipv6-address]} [administrative-distance] [administrative-multicast-distance | unicast | multicast] [tag tag]

Examples:
Forward packets for network 2001:DB8::/32 through 2001:DB8:1:1::1 with an administrative distance of 10
Router(config)# ipv6 route 2001:DB8::/32 2001:DB8:1:1::1 10

Default route to 2001:DB8:1:1::1


Router(config)# ipv6 route ::/0 2001:DB8:1:1::1

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

68

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

29

RIPng (RFC 2080)

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

69

Enhanced Routing Protocol Support RIPng Overview RFC 2080


command version must be zero Route Tag IP 6 prefix IPv6 fi command version must be zero Address Family Identifier IPv4 Address Subnet Mask Next Hop Metric route tag prefix len metric

Similar characteristics as IPv4


Distance-vector, hop limit of 15, split-horizon, multicast based (FF02::9), UDP port (521) etc.

Updated U d t df features t f for IP IPv6 6


IPv6 prefix & prefix len

Special Handling for the NH


Route tag and prefix len for NH is all 0. Metric will have 0xFF; NH must be link local
BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

70

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

30

Enhanced Routing Protocol Support RIPng Configuration and Display


::/0 Router 2 Ethernet0 = 2001:db8:c18:1:260:3eff:fe47:1530 LAN1: 2001:db8:c18:1::/64 Ethernet0 Router 1 Ethernet1 LAN2: 2001:db8:c18:2::/64
Router2# ipv6 router rip RT0 interface Ethernet0 ipv6 address 2001:db8:c18:1::/64 eui-64 ipv6 rip RT0 enable ipv6 rip RT0 default-information originate

Router1# oute # ipv6 router rip RT0 interface Ethernet0 ipv6 address 2001:db8:c18:1::/64 eui-64 ipv6 rip RT0 enable Interface Ethernet1 ipv6 address 2001:db8:c18:2::/64 eui-64 ipv6 rip RT0 enable

Router2# oute # debug ipv6 p 6 rip p RIPng: Sending multicast update on Ethernet0 for RT0 src=FE80::260:3eff:fe47:1530 dst=FF02::9 (Ethernet0) sport=521, dport=521, length=32 command=2, version=1, mbz=0, #rte=1 tag=0, metric=1, prefix=::/0

Multicast All RIP-Routers


BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Link-Local src Address


71

Access-List

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

72

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

31

Cisco IOS Standard Access Lists


When Used for Traffic Filtering, IPv6 Standard Access Control Lists (ACL) Offers the Following Functions:
Can filter traffic based on source and destination address Can filter traffic inbound or outbound on a specific interface Can add priority to the ACL Implicit deny all at the end of access list

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

73

IPv6 Access-List Example


Filtering outgoing traffic from unique-local source addresses
2001:0db8:c18:2::/64 fc00:0:0:2::/64
ipv6 access-list blocksite deny fc00:0:0:2::/64 any ipv6 access-list blocksite permit any any interface Ethernet0 ipv6 traffic-filter blocksite out

IPv6 Internet

Ethernet0

Global prefix: 2001:0db8:c18:2::/64 Unique-local prefix: fc00:0:0:2::/64

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

74

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

32

Deployment

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

75

IPv4-IPv6 Transition/Coexistence
A wide range of techniques have been identified and implemented, basically falling into three categories:
1. Dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and networks 2. Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions 3. Translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices

Expect all of these to be used, in combination

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

76

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

33

Dual Stack Approach


Application IPv6-Enable Application

TCP

UDP

TCP

UDP

Preferred Method on Applications Servers Frame Protocol ID

IPv4

IPv6

IPv4

IPv6

0x0800

0x86dd

0x0800

0x86dd

Data Link (Ethernet)

Data Link (Ethernet)

Dual Stack Node Means:


Both IPv4 and IPv6 stacks enabled Applications can talk to both Choice of the IP version is based on name lookup and application preference
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

77

Cisco IOS Dual Stack Configuration


router# ipv6 unicast-routing

Dual Stack Dual-Stack Router IPv6 and IPv4 Network


IPv4: 192.168.99.1

interface Ethernet0 ip address 192.168.99.1 255.255.255.0 ipv6 address 2001:db8:213:1::/64 eui-64

IPv6: 2001:db8:213:1::/64 eui-64

Cisco IOS Is IPv6-Enable:


If IPv4 and IPv6 are configured on one interface, the router is dual-stacked Telnet, Ping, Traceroute, SSH, DNS client, TFTP, etc.

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

79

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

34

Tunneling

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

80

Tunneling
Many Ways to Do Tunneling Some ideas same as before
GRE, MPLS, IP

Native IP over data link layers


ATM PVC, dWDM Lambda, Frame Relay PVC, Serial, Sonet/SDH, Ethernet

Some new techniques


Automatic tunnels using g IPv4 , compatible p IPv6 address, 6to4, ISATAP

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

81

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

35

Manually Configured GRE Tunnel


Dual-Stack Router1 IPv6 Network Dual-Stack Router2 IPv6 Network IPv4: 192.168.30.1 IPv6: 2001:db8:800:1::2

IP 4 IPv4

IPv4: 192.168.99.1 IPv6: 2001:db8:800:1::3

router1# interface Tunnel0 ipv6 enable ipv6 address 2001:db8:c18:1::3/128 tunnel source 192.168.99.1 tunnel destination 192.168.30.1 tunnel mode gre ipv6

router2# interface Tunnel0 ipv6 enable ipv6 address 2001:db8:c18:1::2/128 tunnel source 192.168.30.1 tunnel destination 192.168.99.1 tunnel mode gre ipv6

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

82

Manually Configured IPv6 over IPv4 Tunnel


Dual-Stack Router1
IPv6 network

IP 4 IPv4

Dual-Stack Router2
IPv6 network

IPv4: 192.168.99.1 IPv6: 2001:db8:800:1::3

IPv4: 192.168.30.1 IPv6: 2001:db8:800:1::2

router1# interface Tunnel0 ipv6 enable ipv6 address 2001:db8:c18:1::3/127 tunnel source 192.168.99.1 tunnel destination 192.168.30.1 tunnel mode ipv6ip

router2# interface Tunnel0 ipv6 enable ipv6 address 2001:db8:c18:1::2/127 tunnel source 192.168.30.1 tunnel destination 192.168.99.1 tunnel mode ipv6ip

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

83

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

36

6to4 Tunneling

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

84

Automatic 6to4 Tunnels


Automatic 6to4 tunnel allows isolated IPv6 domains to connect over an IPv4 network Unlike the manual 6to4 the tunnels are not point-topoint, they are multipoint tunnels IPv4 is embedded in the IPv6 address is used to find the other end of the tunnel Address format is 2002:IPv4 address::

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

85

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

37

Automatic 6to4 Tunnel (RFC 3056)


IPv6 Host A IP 6 IPv6 Network Network Prefix: 2002:c0a8:6301::/48 = = 192.168.99.1 6to4 Router IPv4 192.168.30.1 Network Prefix: 2002:c0a8:1e01::/48 6to4 Router IP 6 IPv6 Network IPv6 Host B

6to4:
Is an automatic tunnel method Gives a prefix to the attached IPv6 network
2002
/16
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved.

Public IPv4 Address


/48

SLA
/64

Interface ID

Cisco Public

86

Automatic 6to4 Tunnel (RFC 3056)


S=2002:c0a8:6301::1 D=2002:c0a8:1e01::2 IP 6 Header IPv6 H d IPv6 Host A IP 6 Data IPv6 D t 6to4 Router IPv4 S=2002:c0a8:6301::1 D=2002:c0a8:1e01::2 IP 6 Header IPv6 H d 6to4 Router IP 6 Data IPv6 D t IPv6 Host B

IPv6 Network 2002:c0a88:6301::1 192.168.99.1

IPv6 Network 192.168.30.1 2002:c0a8:1e01::2

Tunnel: IPv6 in IPv4 Packet IPv4 Header IPv6 Header IPv6 Data

S(v4)=192.168.99.1 D(v4)=192.168.30.1 S(v6)=2002:c0a8:6301::1 D(v6)=2002:c0a8:1e01::2


BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

87

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

38

Automatic 6to4 Configuration


6to4 Router1 IPv6 Network Network Prefix: 2002:c0a8:6301::/48 =
router1# interface Ethernet0 ipv6 address 2002:c0a8:6301:1::/64 eui-64 Interface Ethernet1 ip address 192.168.99.1 255.255.0.0 interface Tunnel0 ipv6 unnumbered Ethernet0 tunnel source Ethernet1 tunnel mode ipv6ip 6to4 ipv6 route 2002::/16 Tunnel0

E0

IPv4

6to4 Router2
E0

IPv6 Network Network Prefix:

192.168.99.1

192.168.30.1 2002:c0a8:1e01::/48 =
router2# interface Ethernet0 ipv6 address 2002:c0a8:1e01:1::/64 eui-64 Interface Ethernet1 ip address 192.168.30.1 255.255.0.0 interface Tunnel0 ipv6 unnumbered Ethernet0 tunnel source Ethernet1 tunnel mode ipv6ip 6to4 ipv6 route 2002::/16 Tunnel0

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

88

Automatic 6to4 Relay


IPv6 Internet 6to4 Router1 IPv6 Network 6to4 Relay IPv6 Site Network

IPv4

Network Prefix: 2002:c0a8:6301::/48

192.168.99.1

192.168.30.1 Network Prefix: 2002:c0a8:1e01::/48

6to4 Relay:
Is a gateway to the rest of the IPv6 Internet Is a default router

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

90

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

39

Automatic 6to4 Relay Configuration


6to4 Router1 IPv6 Network
E0

IPv4

6to4 Relay

IPv6 Internet IPv6 Network

192.168.99.1 Network Prefix: 2002:c0a8:6301::/48 =


router1# interface Ethernet0 ipv6 address 2002:c0a8:6301:1::/64 eui-64 Interface Ethernet1 ip address 192.168.99.1 255.255.0.0 interface Tunnel0 no ip address ipv6 unnumbered Ethernet0 tunnel source Ethernet1 tunnel mode ipv6ip 6to4 ipv6 route 2002::/16 Tunnel0 ipv6 route ::/0 2002:c0a8:1e01::1
BRKRST-1301 14444_04_2008_c1

IPv6 Address: 2002:c0a8:1e01::1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

91

Automatic 6to4 Tunnels


Requirements for 6to4 Border router must be dual stack with a global IPv4 address Interior routing protocol for IPv6 is required DNS for IPv6

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

92

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

40

ISATAP Tunneling

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

93

Intrasite Automatic Tunnel Address Protocol


RFC 4214 To deploy a router is identified that carries ISATAP services ISATAP routers need to have at least one IPv4 interface and 0 or more IPv6 interface DNS entries are created for each of the ISATAP routers IPv4 addresses Hosts will automatically discover ISATAP routers and can get access to global IPv6 network Host can apply the ISATAP service before all this operation but its interface will only have a link local v6 address until the first router appears
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

95

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

41

Intrasite Automatic Tunnel Address Protocol


Use IANAs OUI 00-00-5E and Encode IPv4 Address as Part of EUI-64
64-bit Unicast Prefix 0000:5EFE:
32-bit

IPv4 Address
32-bit

Interface Identifier (64 bits)

ISATAP is used to tunnel IPv4 within as administrative domain (a site) to create a virtual IPv6 network over a IPv4 network Supported in Windows XP Pro SP1 and others

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

96

IPv6 Campus ISATAP Configuration


Supported in Windows XP Pro SP1 and others ISATAP connections look like one flat network Create DNS A record for ISATAP = 10.1.1.1 Use Static Config if DNS use is not desired: C:\>netsh interface ipv6 isatap set router 10.1.1.1 Currently ISATAP does not support multicast!!
ISATAP Address Format: 64-bit Unicast Prefix 0000:5EFE: 32-bit Interface ID IPv4 Address 32-bit

2001:DB8:C003:111F:0:5EFE:10.1.2.100
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

97

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

42

Client Configuration (Linux): ISATAP Tunnels


Linux Client L3 Switch IPv6 L3 IPv6 Not Supported Switch/Router

IPv6-enabled Requires q Kernel support pp for ISATAPUSAGI Modified IProute packageUSAGI Must configure ISATAP routernot automatic

10.1.1.100Client IPv4 address 2001:DB8:C003:111f:0:5efe:10.1.1.100IPv6 address

Host IP

Router IP

# ip tunnel add is0 mode isatap 10.1.1.100 v4any 30.1.1.1 ttl 64 # ip link set is0 up

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

98

Automatic Advertisement of ISATAP Prefix


ISATAP Host A IPv4 Network ISATAP Tunnel ISATAP Router 1 E0 IPv6 Network

ICMPv6 Type 133 (RS) IPv4 Source: 206.123.20.100 IPv4 Destination: 206.123.31.200 IPv6 Source: fe80::5efe:ce7b:1464 IPv6 6 Destination: es a o fe80::5efe:ce7b:1fc8 e80 5e e ce b c8 Send me ISATAP Prefix

ICMPv6 Type 134 (RA) IPv4 Source: 206.123.31.200 IPv4 Destination: 206.123.20.100 IPv6 Source: fe80::5efe:ce7b:1fc8 IPv6 Destination: fe80::5efe:ce7b:1464 ISATAP Prefix: 2001:db8:ffff :2::/64

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

99

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

43

Automatic Address Assignment of Host and Router


ISATAP Host A IPv4 Network ISATAP Tunnel 206.123.20.100 fe80::5efe:ce7b:1464 2001:db8:ffff:2::5efe:ce7b:1464 ISATAP Router 1 E0 IPv6 Network

206.123.31.200 fe80::5efe:ce7b:1fc8 2001:db8:ffff:2::5efe:ce7b:1fc8

ISATAP host A receives the ISATAP prefix 2001:db8:ffff:2::/64 from ISATAP Router 1 When ISATAP host A wants to send IPv6 packets to 2001:db8:ffff:2::5efe:ce7b:1fc8, ISATAP host A encapsulates IPv6 packets in IPv4. The IPv4 packets of the IPv6 encapsulated packets use IPv4 source and destination address.
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

100

Automatic Configuring ISATAP


ISATAP Host A IPv4 Network ISATAP Tunnel 206.123.20.100 fe80::5efe:ce7b:1464 2001:db8:ffff:2::5efe:ce7b:1464
ISATAP-router1# ! interface Ethernet0 ip address 206.123.31.200 255.255.255.0 ! interface Tunnel0 ipv6 address 2001:db8:ffff:2::/64 eui-64 no ipv6 nd suppress-ra tunnel source Ethernet0 tunnel mode ipv6ip isatap

ISATAP Router 1 E0 IPv6 Network

206.123.31.200 fe80::5efe:ce7b:1fc8 2001:db8:ffff:2::5efe:ce7b:1fc8 The tunnel source command must point to an interface with an IPv4 address configured Configure the ISATAP IPv6 address, and d prefixes fi t to b be advertised d ti d j just t as you would with a native IPv6 interface The IPv6 address has to be configured as an EUI-64 address since the last 32 bits in the interface identifier is used as the IPv4 destination address

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

101

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

44

Translation

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

103

Legacy Services (IPv4 Only)


NATPT IPv6-Only Segment IPv6-only Host IPv4-Only S Segment t Legacy IPv4 Server

IPv6-Enabled Network

IPv6 Server

Many of the non-routing/switching products do not yet support IPv6 (i.e., content switching modules) NAT-PT (Network Address TranslationProtocol Translation) as an option to front-end IPv4-only serverNote: NAT-PT IS being moved to experimental Place NAT-PT box as close to IPv4 only server as possible Be very aware of performance and manageability issues
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

104

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

45

Configuring Cisco IOS NAT-PT


NAT-PT enables communication between IPv6-only and IPv4-only nodes CEF switching in 12.3(14)T
DNS
interface i t f F FastEthernet0/0 tEth t0/0 ipv6 address 2001:DB8:C003:1::1/64 ipv6 cef ipv6 nat ! interface FastEthernet0/1 ip address 192.168.1.1 255.255.255.0 ipv6 nat prefix 2010::/96 ipv6 nat ! ipv6 nat v4v6 source 192.168.1.100 2010::100 ipv6 nat v4v6 source 192.168.1.10 2010::10 ! ipv6 nat v6v4 source route-map MAP1 pool V4POOL ipv6 nat v6v4 pool V4POOL 192.168.2.1 192.168.2.10 prefix-length 24 ! route-map MAP1 permit 10 match interface FastEthernet0/0
105

.10 192.168.1.0/24

.100
F0/1

NAT Prefix 2010::/96

F0/0

2001:DB8:C003:1::/64 2001:DB8:C003:1::10
BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

NAT-PT Packet Flow


IPv4 Interface
DNS 192.168.1.10 2 Src: 192.168.2.10 Dst: 192.168.1.10 3 Src: 192.168.1.10 Dst: 192.168.2.10
Cisco Public

NAT-PT

IPv6 Interface
IPv6 Host
2001:DB8:C003:1::10

1 Src: 2001:DB8:C003:1::10 Dst: 2010::10 4 Src: 2010::10 Dst: 2001:DB8:C003:1::10


106

Dynamic Static
BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

46

Conclusion
IPv6 is real! Start now rather than later
P h Purchase f for the th future f t Start moving legacy application towards IPv6 support Test, test and then test some more!

Integration can be done per Application (Dual Stack or Tunneled) Microsoft Vista and Longhorn have IPv6 enabled by default and preferred over IPv4 Things to consider:
Dont assume your favorite vendor/app/gear has an IPv6 plan Full parity between IPv4 and IPv6 is still a ways off Watch the standards and policies: http://www.ietf.org and http://www.arin.net/policy/proposals/2006_4.html

Enterprise and SP Deployment Scenarios:


ISP IPv6 Deployment Scenarios in Broadband Access Networks (RFC 4779) Scenarios and Analysis for Introducing IPv6 into ISP Networks (RFC 4029) IPv6 Enterprise Network Scenarios (RFC 4057) Procedures for Renumbering an IPv6 Network without a Flag Day (RFC 4192)

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

107

Q and A

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

108

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

47

More Information
CCO IPv6
http://www.cisco.com/ipv6

The ABC of IPv6


http://www.cisco.com/en/US/products/sw/iosswrel/products_abc_ios_overview.html

IPv6 e-Learning [requires CCO username/password]


http://www.cisco.com/warp/customer/732/Tech/ipv6/elearning/

IPv6 Access Services


http://www.cisco.com/warp/public/732/Tech/ipv6/docs/ipv6_access_wp_v2.pdf

ICMPv6 Packet Types and Codes TechNote


http://www.cisco.com/warp/customer/105/icmpv6codes.html

Cisco IOS IPv6 Product Manager


pgrosset@cisco.com

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

109

Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press Check the Recommended Reading flyer for suggested books

Available Onsite at the Cisco Company Store


BRKRST-1301 14444_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

110

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

48

Complete Your Online Session Evaluation


Give us your feedback and you could win fabulous prizes. Winners announced daily. Receive 20 Passport points for each session evaluation you complete. Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Dont forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008. Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

111

BRKRST-1301 14444_04_2008_c1

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

112

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

49

You might also like