© 2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential 1
 The Internet Protocol
IPv6: Make a Plan

Preserve your IPv4 Investment

Prepare for an orderly IPv6 transition
Prosper through sustained growth

Kumar Reddy
Director, Technical Marketing Engineering
Revenue Recognition Disclaimer

“Many of the products and features

described herein remain in varying stages
of development and will be offered on a
when-and-if-available basis. This roadmap
is subject to change at the sole discretion of
Cisco, and Cisco will have no liability for
delay in the delivery or failure to deliver any
of the products or features set forth in this
document.”

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
3
 Registry Exhaustion Dates

100

90

80

70
Probability (%)

60

50

40

30

20

10

0
Jan 2011 Jul 2011 Jan 2012 Jul 2012 Jan 2013 Jul 2013 Jan 2014 Jul 2014 Jan 2015 Jul 2015

IANA APNIC RIPENCC ARIN LACNIC AFRINIC

© 2010 Cisco and/or its affiliates. All rights reserved.

Source: Geoff Huston, APNIC 4
 V6 in 2010 V6-Enabled V6-Enabled
alpha V6-Enabled
Cloud-based
Ironport Services
cisco.com

V6 Enabled

V6 in iOS 4.0 Departments Functions

Enterprise V6-Enabled
Collaboration
Tools

Workgroups/
Web-enabled teams Consumer V6-Enabled
Devices Software

V6-Enabled V6-Enabled
Image Source: Forrester, “Three Mega Business Trends Will Reshape The Tech Sector”

© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5

Market Factors Driving IPv6 Deployment

IPv4 Address Run-Out National IPv6 Strategies

US Federal/Civilian,
US DoD, China NGI, EU

IPv6
IPv6 OS, Content & Infrastructure Evolution
Applications
SmartGrid, SmartCities
DOCSIS 3.0, 4G/LTE ,IPSO

www.oecd.org: Measuring IPv6 adoption

Presentation_ © 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
C3RS
ID
6
 IPv6 Deployment Strategies by Market

Service Provider

Consumer

Content

Enterprise Public Sector

2001:db8:2ef3:a4f0:65b9:e8ff:f36c:84b0
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
Carrier Grade v6
Boundless service opportunities with Smart Grid, Connected Cities,
Mobile Video, Cloud Computing
Today Private IP 6-over-4 Transitional 4-over-6 All IPv6

Business /
Consumer

IP NGN

Prosper

Prepare

Preserve
Smart Grid Opportunity:
110 million households
= IPv4 = Private IP = IPv6 in US alone
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
1 Sales Certs (USGv6, JITC UCR2008)

2 IPv6 Pilot and Basic Infrastructure

3 IPv6 Internet Presence (websites, remote users, B2B …)

4 IPv6 Islands (Wireless/Consumer devices, Labs …)

5 Internal Data Center, Enterprise Apps

6 Ubiquitous Dual-Stack

7 IPv4 EOL

“Mandated” “Motivated” “Early Adopter” “Mainstream”

1, 2, 3 234 243567 2
Who? Who? Who? Who?
•Government Agencies •Customers with IPv4 address •Companies looking for •Large US/European
•Customers who sell to exhaustion competitive advantage Enterprises
government agencies •Global Enterprises with •Companies using IPv6 to solve •Small-Medium Enterprises
consumer or business business problems
interaction on the public internet •Early adopters preparing for
•Customers with user-provided coexistence
devices on their networks
© 2010 Cisco and/or its affiliates. All rights reserved. 9
IPv6 Co-existence Solutions
IPv4
Dual Stack IPv6

Recommended Enterprise Co-existence strategy

Tunneling
Services
IPv4 over IPv6 IPv6 over IPv4

Connect Islands of IPv6 or IPv4

Business Partners
Translation Services Government Agencies
IPv6 International Sites
Remote Workers
IPv4 Internet consumers

Connect to the IPv6 community

Presentation_ © 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
ID
10
Dual Stack

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
11
 IPv6 using Dual Stack Backbone
IPv6 + IPv4
Dual Stack App IPv4 + IPv6 Edge IPv4 and/or IPv4 edge
Core

CE PE P P PE CE
IPv4

IPv6 IPv4/IPv6 IPv4 configured interface

IPv4 Core
IPv6

Some or all interfaces in cloud

dual configured IPv6 configured interface

 All P + PE routers are capable of IPv4+IPv6 support

 Two IGPs supporting IPv4 and IPv6
 Memory considerations for larger routing tables
 Native IPv6 multicast support
 All IPv6 traffic routed in global space
 Good for content distribution and global services (Internet)
Presentation_ © 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
ID
12
Application Dual Stack Approach
IPv6 Enabled
IPv4 Application Application

TCP UDP TCP UDP

IPv4 IPv6 IPv4 IPv6

0x0800 0x86dd 0x0800 0x86dd Frame

Protocol ID
Data Link (Ethernet) Data Link (Ethernet)

 Dual stack in a device means

Both IPv4 and IPv6 stacks enabled
Applications can talk to both
Choice of the IP version is based on DNS and application preference
 Dual stack at edge does not necessarily mean dual stack backbone
Presentation_ © 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
ID
13
Tunnels

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
14
 Manual Tunnels (RFC 4213 and GRE)
IPv6 IPv6 IPv4 IPv6
Packet Packet Header Packet

Customer IPv6 Network IPv4 Access Network Provider IPv6 Network

200.15.15.1 200.13.13.1
2001:300::1/64 2001:300::2/64
IPv4
Access Network
PE PE
IPv6 Manual Tunnel
IPv6
CE CE
P P
Dual Stack

 6in4 was one of the first transition mechanisms developed for IPv6
Static P2P tunnel, IP protocol type = 41, no additional header, NAT breaks
IPv4 end point address must be routable
IPv6 prefix configured on tunnel interface
 An IPv6 in GRE tunnel solution also exists (not shown)
uses 0x86DD to identify IPv6 payload

 Usual manual point to point tunnel caveats apply

Presentation_ © 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
ID
15
 6 to 4 Tunnels (RFC 3056)
IPv6 IPv6 IPv4 IPv6
Packet Packet Header Packet

IPv6 Network IPv4 Backbone Network IPv6 Network

200.15.15.1 (e0/0) 200.11.11.1 (e0/0)

IPv4
Backbone Network IPv6
IPv6 PE PE
2002:c80b:0b0
2002:c80f:0f01 6 to 4 Tunnel 1
CE CE
P P
2002:c80f:0f01:100::1 2002:c80b:0b01:100::1

 Automatic tunnel method using 2002:IPv4::/48 IPv6 range

IPv4 embedded in IPv6 format eg. 2002:c80f:0f01:: = 200.15.15.1
 No impact on existing IPv4 or MPLS Core (IPv6 unaware)
 Tunnel endpoints have to be IPv6 and IPv4 aware (Dual stack)
 Transition technology – not for long term use
 Intrinsic linkage between destination IPv6 Subnet and IPv4 gateway interface
IPv4 Gateway = Tunnel End point

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
16
ISATAP (RFC 5214)

ISATAP Host A IPv4 Network ISATAP Router 1

E0 IPv6
ISATAP Tunnel Network
206.123.20.100 206.123.31.200
2001:db8:ffff:2::5efe:ce7b:1464 2001:db8:ffff:2::5efe:ce7b:1fc8

 Intra Site Automatic Tunnel Addressing Protocol

Tunnel from a dual stack HOST PC to an IPv6 gateway
 ISATAP hosts use a special IPv6 address format
Rightmost 32 bits of Interface ID contains the host IPv4 address
Leftmost 32 bits of Interface ID contains “0000:5EFE”
 Operates within single administrative domain
 Creates a virtual IPv6 link over an IPv4 backbone
IPv4 network treated as an NBMA link layer
Routers provide ISATAP service
DNS may hold potential router list or ISATAP gateways

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
17
 DMVPN for IPv6
IPv6 IPv6 GRE IPv4 IPv6
Packet Packet Header Next Hop Packet

IPv6 Private Network IPv4 Public Network IPv6 Private Network

IPv4
IPv6 Public Network IPv6
2000:db8:beef:1::/64 PE PE 2000:db8:f00d:1::/64
Dynamic Spoke to Spoke Tunnel
Static Spoke to Hub Tunnel Static Spoke to Hub Tunnel
CE P P CE
SPOKE PE SPOKE

NHRP IPv6
Database 2000:db8:cafe:1::/64
CE
HUB

 Connects private IPv6 islands across public IPv4 cloud

 Public IPv4 network treated as NBMA network
Static hub and spoke topology
Dynamic spoke to spoke topology
 Supports dynamic unicast and multicast routing
Presentation_
ID
© 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
18
 IPv6 VPN 6PE/6VPE (RFC 4659)
IPv6 IPv6 VPN LDP IPv6
Packet Packet Label Label Packet

IPv6/IPv4 Network MPLS IPv4 Backbone IPv6/IPv4 Network

10.1.1.0/24 10.1.2.0/24
2001:db8:beef:1::/64 P P 2001:db8:beef:2::/64
200.10.10.1 200.11.11.1

IPv4 IPv4 IPv4

VRF VRF
IPv6 MPLS IPv6
CE1 6VPE1 6VPE2 CE2
172.16.1.0.0/30 172.16.3.1/30
P P
2001:db8:cafe:1::/64 2001:db8:cafe:3::/64

 6PE connects IPv6 islands over MPLS Core (not shown)

 6VPE adds IPv6 support to IPv4 MPLS VPN feature
 For End Users: VPNv6 is the same as VPNv4 services
 For Providers: Same configuration operation for VPNv4 and VPNv6
 Uses existing IPv4 MPLS infrastructure
Core uses IPv4 control plane (LDPv4, TEv4, IGPv4)
 PEs must support dual stack IPv4+IPv6
 VRF can contain both VPNv4 and VPNv6 routes
Presentation_ © 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
ID
19
LISP Use Cases
IPv6 Migration Support
Connecting IPv6 Islands v6
Needs: v6
IPv4 Enterprise IPv4 island
 Rapid IPv6 Deployment Core Internet xTR IPv4
Enterprise
v6 Core
xTR
 Minimal Infrastructure disruption island v4 v6
v6

LISP Solution:
 LISP encapsulation is Address Family IPv6 Transition Support
v6
agnostic PxTR
v4 v6
IPv6 interconnected over IPv4 core IPv4 Core IPv6
Internet
v6 service IPv4
IPv4 interconnected over IPv6 core xTR Internet
v6
Benefits:
 Accelerated IPv6 adoption IPv6 Access Support v6 home
xTR Network
v4 v6
 Minimal added configurations v6
PxTR
v6 home v6
 No core network changes PxTR IPv4 xTR Network
v6 site access & .
Internet .
 Can be used as a transitional or IPv6 Internet
PxTR
v6 home
Network
xTR
permanent solution

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential Use-Cases
ID
20
Translation

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
21
Prepare - Address Family Translation (AFT)
 Allows access between IPv6 and IPv4 networks (IETF BEHAVE)

Subscribers Provider Internet

IPv6
AFT
(NAT64)

IPv6 Public
IPv6
IPv4

IPv6

IETF BEHAVE working group on AFT for NAT64 and NAT46

Presentation_ © 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
ID
22
Applications Break with Insufficient Ports

Source: Shin Miyakawa, NTT Communications

Presentation_ © 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
ID
23
 Stateful Stateless
IPv6 IPv4
1. Network Internet

IPv4 IPv6
2. Internet Network

IPv4
3. IPv6
Network
Internet

IPv4 Not viable because too

4. Network
IPv6
few IPv4 addresses
Internet

IPv6 IPv4
5. Network Network

6. IPv4 IPv6
Network Network

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
24
Stateless NAT64 – Operation
IPv6 Network IPv4 Network

Src = 2001:db8:100::c000:0202 Src = 192.0.2.2(c000:0202 )

Des = 2001:db8:100::c001:0101 Des = 192.1.1.1(c001:0101)

IPv6 Packet IPv4 Packet
NAT64
Src = 2001:db8:100::c001:0101 Src = 192.1.1.1(c001:0101)

Des = 2001:db8:100::c000:0202 Des = 192.0.2.2(c000:0202)

192.1.1.1
IPv6 Packet IPv4 Packet

GE 0/1/0 GE 0/2/0

2001:db8:100::1 192.0.2.1 IPv4

2001:db8:100::c000:0202 NAT64 Network Application Server
(stateless) or
IPv4 Host
 Host IPv6 address is  Gateway is configured for stateless NAT64 prefix
2001:db8:100::c000:0202 2001:db8:100::/96 on GE0/1/0
 IPv4 translatable address is  GE 0/2/0 is NAT64 enabled and configured with IPv4
192.0.2.2 (i.e. 192.0.2.0/24) address
 Gateway is 2001:db8:100::1  Gateway is configured to perform stateless translation
for 192.0.2.0/24 IPv4 pkts to IPv6 and then direct them
towards GE0/1/0 (on the return path)
Presentation_ © 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
ID
25
Stateful NAT64 + DNS64 Operation

4 3
DNS Response
Synthesized response: (company.com)
2001::A.B.C.D A record (A.B.C.D)
DNS64
2 DNS Request
(company.com)
A/AAAA query
1 DNS Request
(company.com)
Public
IPv4 Internet
IPv4
IPv6

6
NAT64 IPv4 Packet
IPv6 host 5 Source: C.D.E.F
IPv6 Packet Prefix: 2001::/96
2000::100 Destination: A.B.C.D
Source: 2000::100
Destination: 2001::A.B.C.D

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
26
 Translation: Stateful / Stateless

Stateful Stateless
 NAPT (Network Address  NAT is more scalable
and Port Translator)
 NATs can be located
 NAT is less scalable anywhere
 NAT placement related to  IPv4- or IPv6-initiated
network topology connections
 IPv6-initiated connections  1:1 mapping
 1:N mapping one IPv4 address is
consumed for every
Many IPv6 hosts consume 1 participating IPv6 address
IPv4 address

 Limited TCP ports

Presentation_ © 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
ID
27
 IPv6 IPv4

V6-only Hosting/ IPv4

ISP ISP Content
End User CDN
Subscribers

4 6
6 4
Considerations:
Experience, Scale, Cost, Operations, Technology…

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
28
Design

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
29
IPv6 Borderless Network Architecture
Optimized IPv6 Transition
Security
Delivery Technologies MPLS/ IPv4/IPv6 Internet
Core
• IPv6 IPsec • Dual Stack IPv4/IPv6
• EIGRPv6, OSPFv3,
Edge

• IPv6 Firewall Security • V6 over v4 tunnels:

BGPv6
• IPv6 IDS 6vPE/6PE, L3VPNoMGRE,
• PBR
DMVPNv6, Static tunnels
• 6 to 4 translation
 EIGRPv6, OSPFv3, IS-IS
Core

• IPv6 CoPP  Dual Stack IPv4/IPv6

 IPv6 support for VSS  6to4 tunneling
 ISATAP
 ECMP, OSPFv3 GR

 IPv6 PIM-SSM, MLDv2,  IPv6 ACL  Dual Stack IPv4/IPv6

Distribution

Embedded RP  IPv6 ACL Atomic  6vPE/6PE

 IPv6 QoS Commit/Dry Run  6to4 tunneling
 DHCPv6 Relay Agent  uRPF  ISATAP tunnels
 HSRPv6/GLBPv6  IPv6 Ingress Netflow

 IPv6 support for VSS  IPv6 Flexible Netflow

 Stateless Auto configuration  IGMPv3/MLDv2 Snooping  Dual Stack IPv4/IPv6

Access

 IPv6 management:  IPv6 First Hop Security

 ISATAP and static
SNMP, Syslog, SSH,  IPv6 PACL/RA Guard Tunnels
NTPv4, Tacacs+
 IPv6 interface stats
“Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis.
This roadmap is subject to© change
Presentation_ at the
2009 Cisco sole discretion
Systems, ofreserved.
Inc. All rights
Cisco Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of
Confidential
ID the products or features set forth in this document.” 30
 IPv6 Data Center Network Architecture
Translation Point

Internet
Distribution/Core DC
 Dual Stack Edge
Routing protocols
(OPSFv3, ISISv6,
BGPv6..)

…
 IPv6 Mcast
 IPv6 security:
classification, ACL & DC
policing,CoPP Core
 BFD
 Flexible Netflow Firewall
 6VPE
 ECMP
 Interface stats Firewall
 uRPF

L2/L3 Boundary
Towards Access DC
 Dual Stack Agg
 HSRPv6/VRRPv3
 BFD
 SVI Translation Point

…..
 Snooping (MLDv2) 1x10GE per Load
 IGMPv3 Agg SW balancers
 First Hop Security
IPv4
IPv6

IPv4
IPv6
(RA guard)
 PACL/VACL ToR
 IPv6 Management Rack
Racks Access
……………….
1 Racks

Presentation_
ID
© 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
.
Confidential
31
What changes .. examples

 It’s all IP, but some things change

• Applications
In house software may require rewrite to use dual stack - operating systems
have support
Commercial software may be support IPv6, or refresh to new version
• NMS for multi-protocol networks
• Operations and troubleshooting procedures
• Typing IPv6 addresses is really painful
• Address allocation and design

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
32
Sample Real World Issues
• PTMUD
• DNS – unHappy Eyeballs
• 6to4 relays
• Spurious RA’s
• Disabled stacks/enabled stacks
• Unknown IPv6 traffic
• Reachability on the IPv6 Internet
• Device discovery with subnet scans
• Embedded literals

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
33
Next Steps

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
34
 IPv6 Is Not a Rip-and-Replace Proposition

Preserve existing investment

Preserve • Audit and leverage existing IPv6 capabilities

Prepare a migration and deployment

Prepare plan
• Identify and enable critical IPv6 functional areas

Prosper through the transition to IPv6

Prosper Internet
• Enable all systems with dual-stack capabilities
• Grow seamlessly as the Internet transitions to IPv6

IPv6 is the foundation of a lifecycle management discussion

© 2010 Cisco and/or its affiliates. All rights reserved. 35

Enterprise Action Plan
 Start now and position
for growth
 Next Steps:
Assess, Plan, Design Trial,
Train, Roll out

 Map out opportunities to

be IPv6 ready in
planned technology
refresh cycles
 Assess the business
impact for having IPv6
support

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
36
A Phased Approach to IPv6 Adoption
Start with a Phased Plan Aligned
with Your Business Strategy

Identify the highest priority IPv6-critical areas in

1 your network

Perform IPv6 Assessment on highest-priority areas

2 to determine scope of design

Develop an IPv6 design that enables IPv6 to be

3 introduced without disrupting your IPv4 network

Begin IPv6 testing and implementation in pilot mode,

4 then extend over time into production deployment

Repeat for the Next IPv6-Critical Area in Your Network

Presentation_ © 2009 Cisco Systems, Inc. All rights
Ciscoreserved.
Confidential
ID
37
 Cisco first to receive IPv6 Education/Training certification from the
IPv6 Forum
Three Cisco training courses received IPv6 Forum certification
• CCNA, CCNP and CCIE
• Cisco Certified Engineers may use the Certified Engineer logo

USGv6 and IPv6-ready logo certifications

© 2010 Cisco and/or its affiliates. All rights reserved. 38

 June 8 2011 – 00h00-23h59 (UTC)
24-hr IPv6 “Test Flight”
IPv6 access on website’s “front door”
(DNS AAAA Record on www.company.com)
http://isoc.org/wp/worldipv6da
Note: This is not about turning off IPv4!
y/
Coordinated by:

http://isoc.org/wp/worldipv6day

http://isoc.org/wp/worldipv6day/participants
http://supportforums.cisco.com/community/netpro/network-
infrastructure/ipv6-transition

World IPv6 Day:

Jumping In Together
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
For more information

http://www.cisco.com/go/ipv6

Presentation_ © 2009 Cisco Systems, Inc. All rights

Ciscoreserved.
Confidential
ID
40
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
Questions ?