Ipv6 Customer Seminar Part3

IPv6 Seminar – Part3
Jean-Marc Barozet
jmb@cisco.com
IOS Technology Group
April, 2011
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Enterprise Deployment
Considerations
Network and Application
Performance
Conclusion
Planning & Deployment
Summary
Campus Deployment
Datacenter Deployment
Self Deployed WAN
SP Managed WAN
Summary
Campus Deployment
Datacenter/Internet Edge
Deployment
Self Deployed WAN
SP Managed WAN
Start with a Phased Plan Aligned with Your Business Strategy
1 Identify the highest priority IPv6-critical areas in your network
2 Perform IPv6 Assessment on high priority areas to determine scope
3 Develop a design that enables IPv6 without disrupting your IPv4 network
4 Test and implement in pilot mode, then extend over time into production
Repeat for the Next IPv6-Critical Area in Your Network

Pre-Deployment Deployment
Phases Phases
•  Establish the network •  Transport considerations

starting point for integration
•  Importance of a network •  Internet Edge (ISP, Apps)
assessment and available tools
•  Campus IPv6 integration
•  Build a pilot or lab environment options
•  Obtain addressing or use ULA •  Data Center integration options
or documentation prefix (in lab)
•  WAN IPv6 integration options
•  Learn the basics (DNS, routing
•  Execute on gaps found in
changes, address assignment)
assessment
Campus
•  Based on Timeframe/Use case
Block
•  Core-to-Edge – Fewer things to touch
•  Edge-to-Core – Challenging but doable
•  Internet Edge – Business continuity
Internet
DC DC/Campus Edge
Aggregation Core
DC
Access ISP ISP
WAN
Servers
Branch Branch
Dual Stack IPv4
IPv6
Recommended Enterprise
Co-existence strategy
Tunneling Services
Connect Islands of IPv6 or
IPv4 IPv4 over IPv6 IPv6 over IPv4
Business Partners
Translation Services Government Agencies
IPv6 International Sites
Connect to the IPv6 Remote Workers
community IPv4 Internet consumers
IPv4 IPv6
Internet Internet
IPv4 Core Dual Stack Core Dual Stack Core Dual Stack Core
Dual Stack
6rd BR LNS Core AFTR 4rd BR

NAT NAT 6↔4
+
v6 Access v4
IPv4 Access over IPv6 Access
4rd or DS-Lite
over
6rd or L2TP
Network
Network
v4 v6
PE
PE
NAT CE CE CE CE
Subscriber Subscriber Subscriber Subscriber Subscriber

Network Network Network Network Network
Carrier Grade NAT IPv6 Rapid Deployment Native IPv6-Only Access Network IPv6-Only Subscriber
Dual Stack
Preserve Prepare Prosper

© 2011 Cisco and/or its affiliates. All rights reserved.
For more info see: http://www.cisco.com/go/cgv6 Cisco Confidential 10
Summary
Campus Deployment
Deployment
Self Deployed WAN
SP Managed WAN
Dual-Stack IPv4/IPv6
IPv6/IPv4 Dual Stack Hosts
•  Dual Stack = Two protocols running at the
same time (IPv4/IPv6)
Access
•  #1 requirement—switching/ routing Layer
platforms must support hardware based L2/L3
forwarding for IPv6
Distribution
3560/3750 + Layer
v6- v6-
4500 Sup6E + Enabled Enabled
6500 Sup32/720 +
Dual Stack
Dual Stack
•  IPv6 is transparent on L2 switches but v6-
Enabled
v6-
Enabled
Core Layer
consider:
L2 multicast—MLD snooping
IPv6 management—Telnet/SSH/HTTP/SNMP v6- v6-
Aggregation
Enabled Enabled Layer (DC)
Intelligent IP services on WLAN
•  Expect to run the same IGPs as with IPv4 Access

Layer (DC)
Dual-stack
Server
Hybrid Model
•  Plan “B” if Layer 3 device can’t support IPv6
but you have to get IPv6 over it
Access
•  Offers IPv6 connectivity via multiple options Layer
Dual-stack
L2/L3
ISATAP
ISATAP
Configured tunnels—L3-to-L3
Distribution
ISATAP—Host-to-L3 Layer
NOT v6- NOT v6-
•  Leverages existing network Enabled Enabled
•  Offers natural progression to

full dual-stack design v6- v6- Core Layer
Enabled Enabled
•  May require tunneling to
less-than-optimal layers
Dual Stack
Dual Stack
(i.e. core layer)
•  Any sizable deployment will be an v6-Enabled v6-Enabled
Aggregation
Layer (DC)
operational management challenge
•  ISATAP creates a flat network (all hosts on
same tunnel are peers) Access
Layer (DC)
•  Provides basic HA of ISATAP tunnels via old
Anycast-RP idea Dual-stack
Server
IPv6 Service Block—Rapid Deployment/Pilot
VLAN 2 VLAN 3 IPv4-only
Campus
•  Provides ability to rapidly deploy IPv6 Block
services without touching existing
network ISATAP
Access
•  Provides tight control of where IPv6 is Layer
deployed and where the traffic flows
(maintain separation of groups/
locations) IPv6 Service Block
•  Get lots of operational experience with
limited impact to existing environment –
Dist.
Layer
Dedicated FW
2
Ideal for Pilot
•  Similar challenges as Hybrid Model –
Lots of tunneling
Core
•  Configurations are very similar to the Layer
Internet
Hybrid Model
ISATAP tunnels from PCs in access layer to service
block switches (instead of core layer—Hybrid)
•  1) Leverage existing ISP block for both
IPv4 and IPv6 access Agg IOS FW
Layer
•  2) Use dedicated ISP connection just
for IPv6—Can use IOS FW or PIX/ASA Access
appliance Layer
Primary ISATAP Tunnel

1
WAN/ISP Block
Secondary ISATAP Tunnel
Data Center Block
Tunneling to the Controller
•  Dual Stack on the hosts
•  Enable IPv6 Bridging per VLAN on

the Controller (centralized
deployment is recommended) Access Points
•  Traffic isolation throughout the Access

campus achieved via LWAPP Layer
LWAPP* encapsulates original Ethernet

frames and transport them across L3 Distribution
Layer
boundaries
•  VLANs is valid from the AP to the

WLAN Controller Core Layer
Wireless Controller
*LWAPP: Lightweight Access Point Protocol

Summary
Campus Deployment
Deployment
Self Deployed WAN
SP Managed WAN
•  Route/Switch design will be similar to
campus based on feature, platform and
connectivity similarities – Nexus, 6500
4900M
•  The single most overlooked and

potentially complicated area of IPv6
deployment
•  Stuff people don’t think about:

NIC Teaming, iLO, DRAC, IP KVM, Clusters
Innocent looking Server OS upgrades – Windows
Server 2008 - Impact on clusters – Microsoft
Server 2008 Failover clusters full support IPv6
(and L3)
•  Internet-facing Data Center
•  Most of the internal and Internet DC

considerations are the same
Biggest Challenges Today
•  Application support for IPv6 – Know what you don’t know
If an application is protocol centric (IPv4):
Needs to be rewritten
Needs to be translated until it is replaced
Wait and pressure vendors to move to protocol agnostic framework
•  Deployment of translation
NAT64 (Stateful for most enterprises)
Apache Reverse Proxy
Windows Port Proxy
3rd party proxy solutions
•  Network services above L3 (A short-term challenge)

SLB, SSL-Offload, application monitoring (probes)
Application Optimization
High-speed security inspection/perimeter protection
Operating Systems Virtualization & Applications
•  Windows 7 •  VMware vSphere 4.1
•  Windows Server 2008/R2 •  Microsoft Hyper-V
•  SUSE •  Microsoft Exchange 2007

SP1/2010
•  Red Hat
•  Apache/IIS Web Services
•  Ubuntu
•  Windows Media Services
•  The list goes on
•  Multiple Line of Business apps
Most commercial applications won’t be your problem

– it will be the custom/home-grown apps
IPv6 IPv4
V6-only Hosting/ IPv4
ISP ISP
End User CDN Content
4 6
6 4
An enterprise with a critical Internet presence, must perform their own dual-stacking or
translation…. Short term, not much traffic (so load-balancing not as critical for v6), but
longer term full SLB 4<->6 or 6<->6 will be necessary… 60% moving to v6 by 2012…
Server Load Balancer Stateful NAT64 Proxy
IPv6 IPv6 IPv6

Internet Internet Internet
IPv6 IPv6 IPv6

-Apache
-MSFT
PortProxy
IPv4 IPv4
IPv4
IPv4-only Host IPv4-only Host IPv4-only Host
•  Two flavors – Stateless and Stateful
draft-ietf-behave-v6v4-xlate-xx (and others associated with that draft)
draft-ietf-behave-v6v4-xlate-stateful-xx
•  Stateless – Not your friend in the enterprise (corner case deployment)

1:1 mapping between IPv6 and IPv4 addresses (i.e. 254 IPv6 hosts-to-254 IPv4 hosts)
Requires the IPv6-only hosts to use an “IPv4 translatable” address format
•  Stateful – What we are after for translating IPv6-only hosts to IPv4-only

host(s)
It is what it sounds like – keeps state between translated hosts
Several deployment models (PAT/Overload, Dynamic 1:1, Static, etc…)
This is what you will use to translate from IPv6 hosts (internal or Internet) to IPv4-only
servers (internal DC or Internet Edge)
NAT64 Service using
Stateless: Available ASR1000
Stateful: Future
Enterprise
Subscribers Datacenters
Provider IP NGN Internet
Private NAT44
IPv4
IPv6 IPv4 IPv4
IPv6
IPv6
XX Millions
of IPv6
GGSN
Smartphones
by 2014
(3G & 4G)
IPv6 Moves out to Subscribers IPv6
IPv6/IPv4 Service
Future using ACE appliance/
module
Enterprise
Subscribers Datacenters
Provider IP NGN Internet
Private NAT44
IPv4
IPv6 IPv4 IPv4
IPv6
IPv6
XX Millions
of IPv6
GGSN
Smartphones
by 2014
(3G & 4G)
IPv6 Moves out to Subscribers IPv6
At a concept level … enable customer to load balance IPv6 client traffic HTTP/s
services that are resolved to IPv6 addresses.
Enable ACE-30 and ACE4710 to

1 comply with IPv6 base profiles for
network devices from DISR and
Cisco Arch. Guidelines
Catalyst Enable Management of IPv6 over IPv4
Server farm
IPv4-to-IPv4 2 interface functionality ACE through
ACE
1 •  CLI on Module/Appliance
•  DM for ACE 4710
•  ANM for ACE-30 and
2 IPv6-to-IPv6 ACE-4710
ANM
3 Enable load balancing of IPv6
3 servers with
i. Sticky
ii. ACLs
iii. Health checks
A dual-stack approach to IPv6 enables ACE to support all deployment models
(NAT, Bridge Mode) with minimal loss of performance for IPv4 traffic.
Server Farm –V4 Server Farm – V6 •  IPv6 on ACE (Earth Release) – Q4/CY11
•  Virtual Dual Stack
•  ALL Deployment Models

One Arm
Two Arm
Routed •  L3 V6-V6 SLB
DSR
Bridged
IPv4-to-IPv4 •  CLI/Configuration Consistency with IPv4

IPv6-to-IPv6
•  Proxy Solution with NAT feature (supports
v6/v4 front-end <-LB-> v4/v6 back-end)
•  No IPv6 Management
•  Solution used by Cisco IT for the World IPv6

IPv4 Clients IPv6 Clients Day – June, 8
•  Program Execution Committed: March 2011
•  SW version: 4.1
•  FCS: 4QCY2011
Key GSS 4.1 IPv6 Features

SLB
4.1 Key IPv6 Features
Datacenter A
GSS
-  AAAA support (DNS Record for Network
IPv6)
-  IPv6 proximity & Sticky
-  KAL User
2001:0DB8:AC10:FE01::
SLB
Datacenter B
Netstat - Client
TCP [2001:db8:beef:10::16]:54640 [2001:db8:cafe:12::5]:80 ESTABLISHED
TCP [2001:db8:beef:10::16]:54641 [2001:db8:cafe:12::5]:80 ESTABLISHED
2001:db8:beef:10::16
Netstat - Proxy
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 10.121.11.125:40475 10.121.11.60:80 ESTABLISHED
2001:db8:cafe:12::5 tcp 0 0 10.121.11.125:40476 10.121.11.60:80 ESTABLISHED
tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54640 ESTABLISHED
tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54641 ESTABLISHED
10.121.11.125
Apache
One-Arm
Apache Dual-Attached
Netstat - Server
TCP 10.121.11.60:80 10.121.11.125:40475 ESTABLISHED
TCP 10.121.11.60:80 10.121.11.125:40476 ESTABLISHED
IPv4-only Web Server
<VirtualHost *:80>
ProxyPass / http://10.121.11.60:80/
ProxyPassReverse / http://10.121.11.60:80/
  Can be treated like an
appliance
One-arm
2001:db8:cafe:12::25
Dual-attached (better perf)
10.121.12.25
  Outside traffic comes in PortProxy
on IPv6—PortProxy to One-Arm
VIP=10.121.5.20
v4 (VIP address on ACE) ACE PortProxy
Dual-Attached
  Traffic is IPv4 to server
IPv4-only Web Server
Boatloads of options
Single Link Dual Links Multi-Homed
Single ISP Single ISP Multi-Region
ISP 1 USA
ISP 1
POP1 POP2 ISP 1 ISP2
Default IPv6
IPv4-only
Route BGP Tunnel BGP
Enterprise Enterprise Enterprise
ISP3 ISP4
Your ISP may not have
IPv6 at the local POP Europe
Summary
Campus Deployment
Deployment
Self Deployed WAN
SP Managed WAN
Non Redundant Redundant Redundant
Links Links & Routers
MPLS MPLS MPLS MPLS MPLS
WAN
•  Dual-Stack if native IPv6 – Tunnels otherwise

•  Site to site Encryption: IPSec VPN (IPv4/IPv6), DMVPN for IPv6
•  Security: IOS Firewall (IPv4/IPv6)
•  Unified Communications – IPv4/IPv6
•  QoS: application or service-dependent instead of protocol (IPv4 or IPv6)
dependent.
•  Application Performance Visibility: Flexible Netflow, NBAR2, IP SLA,
Performance Monitoring, …
Customer Customer Subscriber
Network Network Network
IPv4 Dual Stack

MPLS IPv4 Core
WAN WAN

Using Tunnels Dual Stack IPv4/IPv6 6VPE Core

CE CE
(Recommended) (Recommended)
Manually configured tunnels
IPv6 over GRE Dual Stack CPEs Dual Stack IPv4 / IPv6
LISP Dual Stack Headquarters VPN Service
Carrier Grade
IPSec Tunnels NAT IPv6 Rapid Deployment Dual Stack WAN IPv6-Only Subscriber
Dynamic Multipoint VPN (DMVPN)
For more info see: http://www.cisco.com/go/cgv6

Internet
•  Cisco routers have
supported IPv6 for a long
time
•  Dual-stack should be the
focus of your
implementation.
•  Support for every media/
WAN type you want to use
(Frame Relay, leased-line,
Enterprise
broadband, MPLS, etc…)
Backbone
IPv6 IPv6 VPN LDP IPv6
Packet Packet Label Label Packet
IPv6/IPv4 Network MPLS IPv4 Backbone IPv6/IPv4 Network
10.1.1.0/24 10.1.2.0/24
2001:db8:beef:1::/64 P 2001:db8:beef:2::/64
200.10.10.1 P 200.11.11.1
IPv4 VRF
IPv4
VRF IPv4
IPv6 MPLS IPv6
CE1 6VPE1 6VPE2 CE2
172.16.1.0.0/30 172.16.3.0/30
2001:db8:cafe:1::/64 P P 2001:db8:cafe:3::/64
  6VPE uses existing IPv4 MPLS infrastructure to provide IPv6 VPN

Core uses IPv4 control plane (LDPv4, TEv4, IGPv4)
  PEs must support dual stack IPv4+IPv6
  Offers same architectural features as MPLS-VPN for IPv4
RTs, VRFs, RDs are appended to IPv6 to form VPNv6 address
MP-BGP distributed both VPN address families
BGP NH uses IPv4 to IPv6 mapped address format ::ffff:A.B.C.D
  VRF can contain both VPNv4 and VPNv6 routes
  Solution suitable for IPv6 support to enterprises and government with VPN
SP LISP infrastructure
MR MS
IPv6 IPv6
ETR/ ITR CE
LISP encapsulated
ETR/ ITR CE
Internet IPv4
IPv6 IPv6
Subscribers Provider Subscribers
•  LISP is an alternative to connect islands of IPv6 network over IPv4 network infrastructure
•  No change to existing IPv4-based access infrastructure, allow to transport IPv6 over
existing IPv4 architecture (Broadband, cable, Mobile …)
•  Service components:
•  Managed CE router at customer premise: performing ITR/ETR function
•  SP infrastructure component: hosted Map Resolver, Map Servers
Connecting IPv6 Islands v6
v6
IPv4 Enterprise IPv4 island
Needs: Core Internet xTR IPv4
Enterprise
v6 Core
xTR
  Rapid IPv6 Deployment island v4 v6
v6
  Minimal Infrastructure disruption
LISP Solution: IPv6 Transition Support

v6
  LISP encapsulation is Address Family agnostic PxTR
v4 v6
IPv6 interconnected over IPv4 core IPv4 Core IPv6
Internet
v6 service IPv4
IPv4 interconnected over IPv6 core xTR Internet
v6
Benefits:
  Accelerated IPv6 adoption
IPv6 Access Support v6 home
  Minimal added configurations v4 v6
xTR Network
v6
PxTR
  No core network changes IPv4
v6 home
Network
v6
PxTR xTR
v6 site access & .
  Can be used as a transitional or permanent Internet .
solution IPv6 Internet
PxTR
v6 home
xTR Network
AnyConnect 3.x
For PC, Mac
For Mobile Client
Internet
Client-based SSL
Client-based IPSec
ASA 8.3
Summary
Campus Deployment
Deployment
Self Deployed WAN
SP Managed WAN
Non Redundant Redundant Redundant
Links Links & Routers
MPLS MPLS MPLS MPLS MPLS
MPLS WAN
MPLS Internet MPLS Internet
MPLS + Internet
WAN
Internet Internet Internet
Internet WAN
MPLS pseudowire
IPv4 Internet MPLS IPv4 Core
or VPLS

Using Tunnels Using L2 Pseudowires 6VPE Core

CE CE
IPSec Tunnels L2 VPN Services both Dual Stack IPv4 / IPv6

Dynamic Multipoint VPN (DMVPN) IPv4 and IPv6 traffic VPN Service
Carrier Grade NAT IPv6 Rapid Deployment IPv6-Only Subscriber
For more info see: http://www.cisco.com/go/cgv6

Cisco
IOS Customer
Router AAA
SOHO PE
PE VPN A
Customer A
ISP head office
MPLS-‐VPN
Service
Cable/DSL/
Wifi / 3G
VPN B
Remote Users/ IPSec / SSL
Aggregator PE
Telecommuters
AnyConnect 3.x
Cable/DSL/ Customer B
Wifi / 3G
IP IPSec or Session IP, MPLS or Layer 2 based VPN IP
•  Using tunnel interface only (ASWAN w/ crypto-map not used
anymore)
Multipoint GRE (mGRE) tunnels - Single mGRE interface supports all spokes
(many logical tunnels)
Next Hop Resolution Protocol (NHRP) - Resolves Private IPv6 address to
Public IPv4 NBMA address
IP Security (IPSec) - Optional encryption on mGRE tunnel
•  DMPVPN allows full or partial mesh Managed VPN Service
•  Future:
IPv6 on IPv6 with Windows Client and PI15
All IPv6 over IPv4 with FlexVPN in PI18 – Beginning 2012
•  Application Performance monitoring is a great differentiator for IPv6
•  IPv6 support added as part of Flexible NetFlow (metering) and NetFlow
v9 (exporting) Monitors the IPv6 traffic.
•  Export is over an IPv4 Transport
•  Exporting: NetFlow version 9
Advantages: extensibility
Integrate new technologies/data types quicker (MPLS, IPv6, BGP next hop, etc.)
Integrate new aggregations quicker
Note: for now, the template definitions are fixed
•  Metering: Flexible NetFlow
Advantages: cache and export content flexibility
User selection of flow keys
User definition of the records
Enterprise & aggregation/edge Core
Release 12.0S/
Cisco IOS Software Release 12.2S
FNF IOS-XR
TNF TNF TNF FNF FNF
TNF
FNF
TNF FNF
TNF FNF
Cisco 12000 ASR9000
Catalyst 6K
Catalyst 6K Series CRS-1
Cisco 4500 Cisco Sup2T
Cisco 4500
Cisco 7x00 ASR1000 Sup7 <= Sup5 7600 Series < Sup2T ASIC ASIC
Series QFP based TNF: Traditional NetFlow
NO FNF support Hardware limitation FNF: Flexible NetFlow
Access DataCenter
FNF
Cisco IOS Software Releases FNF
TNF FNF Catalyst 3750X
TNF FNF Next Gen Cat3K
TNF FNF FNF
TNF FNF
TNF FNF
FNF
TNF FNF Cat 6K
Cisco 2800 Cisco 3800 Cisco 7200/ ASR1000 Catalyst 29xx Sup2T
Cisco 18002900 7300 Series QFP based Catalyst 3750
3900 Nexus 7000
Cisco 8001900 Series NO FNF support
Series
Series Series Hardware limitation Nexus 1000V
Flexible NetFlow Routing
Monitor 1 Application DPI (NBAR2)

Application ID MQC/QOS
Record 1
WAAS Express
PfR
MediaNet PerfMon
•  Provide Application visibility in Flexible NetFlow Identity
•  Available on ISR/ISRG2/7200 (IOS 15.0(1)M) NAT
•  Available on ASR1K – IOS XE 3.1.1S IOS Services
SCE Classification
+1200 signatures
Advanced Classification techniques
Innovations
IOS NBAR Classification of IPv6 Native traffic
+150 signatures NBAR2 Classification of Nested IPv6 traffic
Open API 3rd party integration..
  Next Generation DPI engine for Cisco platforms that will provide
advanced application classification and fields extraction capabilities.
•  Common Protocol Library across platforms
Platform independent signatures, combine NBAR and SCE Protocol Library (1200+)
•  Protocol Pack & Licensing

Protocol Pack is a set of protocol signatures and tunables that can be loaded
dynamically on any NBAR2 platforms.
Allow non-disruptive upgrade of signatures independently of the OS image.
•  Advanced Classification Techniques

Support of IPv4, IPv6 and nested traffic (IPv6 transition method, GTP, L2TP,..)
Leverage classification techniques from SCE (Multi-Packet, Lately Use, Behavioral,.)
Simplification of policies with the classification by category/sub-category/attributes
•  Open API for 3rd party Business Logic Integration
•  Supported in IOS Classic, IOS XE and Linux appliances
•  NBAR2 allows network managers to detect native IPv6 traffic as well as
IPv6 traffic encapsulated in IPv4 in their network, in order to apply QOS
policies and to enable advanced IPv6 reporting.
•  NBAR2 can detect IPv6 in IPv4 traffic
Support of ISATAP, 6to4, Teredo, Generic IPv6 in IPv4
Supported on ISR-G2 (15.1(4)M) and ASR1K (IOS XE 3.3.0S)
•  Statefull Application classification for native IPv6 traffic

Supported on ISR-G2 (15.2(2)T) and ASR1K (IOS XE 3.5.0S)
•  Statefull Application classification IPv6 in IPv4 Traffic

•  Advanced Integration with Flexible NetFlow IPv6

IPv6 IPv6 IPv4 IPv6
Packet Packet Header Packet
IPv4 Network IPv6 Network
IPv4
Backbone Network
PE PE
IPv6
CE
P P ISATAP www.mycompany.com
Router
JCLabs06#sh ip nbar protocol-discovery
Last clearing of "show ip nbar protocol-discovery" counters 02:22:58

User has ISATAP started on his Input Output
computer. He starts a HTTP session ----- ------
with www.mycompany.com, which is Protocol Packet Count Packet Count
Byte Count Byte Count
reachable through IPv6 5min Bit Rate (bps) 5min Bit Rate (bps)
5min Max Bit Rate (bps) 5min Max Bit Rate (bps)
------------------------ ------------------------ ------------------------
isatap-ipv6-tunneled 7184 7302
513776 474146
1000 1000
1000 4000
IPv6 IPv6 IPv4 IPv6
Packet Packet Header Packet
IPv4
Backbone Network
PE PE
IPv6
CE
P P ISATAP www.mycompany.com
Router

Router configured to classify
within ISATAP tunnel Input Output
----- ------
Protocol Packet Count Packet Count
JCLabs06(config)# ip nbar classification tunneled-traffic ? 5min Bit Rate (bps) 5min Bit Rate (bps)
6rd Tunnel type 6RD 5min Max Bit Rate (bps) 5min Max Bit Rate (bps)
6to4 Tunnel type 6TO4 ------------------------ ------------------------ ------------------------
isatap Tunnel type ISATAP
http 7184 7302
teredo Tunnel type TEREDO
513776 474146
JCLabs06(config)#ip nbar classification tunneled-traffic isatap 1000 1000
JCLabs06(config)# 1000 4000
IPv6 IPv4
Packet Header
IPv4
NAT64 www.mycompany.com
router

User has native IPv6 on his
computer. He starts a HTTP session Input Output
----- ------
with www.mycompany.com Protocol Packet Count Packet Count
5min Bit Rate (bps) 5min Bit Rate (bps)
5min Max Bit Rate (bps) 5min Max Bit Rate (bps)
------------------------ ------------------------ ------------------------
http 7184 7302
513776 474146
1000 1000
1000 4000
IPv6 IPv4
Packet Header
IPv4
NAT64 www.mycompany.com
router
JCLab06# sh flow monitor APPIPv6 cache format table
Cache type: Permanent

Cache size: 4096
Current entries: 7
High Watermark: 7
Flows added: 7
Updates sent ( 1800 secs) 1
IPV6 SOURCE ADDRESS IPV6 DESTINATION ADDRESS APPLICATION NAME counter bytes long
2A01:E35:8ABF:9510:FA1E:DFFF:FEE1:E789 2A01:E35:8ABF:9510:222:55FF:FEE6:BA98 http 1933
Router 1 Router 2
IPv4 IPv6 Network IPv4
IPSLA Sender IPSLA Responder
IPv4 over IPv6 Tunnel
•  Operations supported for IPv6:

UDP-Jitter, UDP-Echo, ICMP Echo, TCP-Connect
•  On:
12.2(33)SB C10K,C7200,C7300 Series
12.2(33)XNA ASR 1000 Series
12.2(33)SRC C7600 Series
12.4(20)T ISR Series
•  For all other operations, use IPv4 tunneling
WAAS
Branch Office on SRE
WAAS
WAN Appliances Data Center
WAN
WAN
Internet WAAS
VPN
WAAS
Branch Office Express
IPv6 Radar – CY12
NAM Traffic Analyzer
Integrated Management
& Reporting Console
HTTP(S) HTTP(S) HTTP(S)
Cat65xx/C76xx NAM NAM Appliance ISR NAM WAAS NAM

NAM SRE Virtual Blade
SPAN ERSPAN RSPAN NDE CEF VACL WAAS

Packet Capture Flow
Copy Agent
IPv6 Discovery Service
Guidance in the early stages of considering a transition to IPv6
IPv6 Assessment Service

Determine how your network needs to change to support your IPv6 strategy
IPv6 Planning and Design Service

Designs, transition strategy, and support to enable a smooth migration
IPv6 Implementation Service

Validation testing and implementation consulting services
Network Optimization Service

Absorb, manage, and scale IPv6 in your environment
A Phased-Plan Approach for Successful IPv6 Adoption

Broadband Access
IPv6 std, extended, reflexive & IPv6 (RFC 2460) Cisco VSA AAA
enhanced extended ACL, ICMPv6 (RFC 2463)
IPsec AH parsing Radius AAA (RFC 3162)
Secure Neighbor Discovery (RFC 2461) PPPoA, PPPoE, RBE and ATM
IPv6 IPsec – OSPFv3 Stateless Auto-Configuration 1483 encapsulations
authentication, site-to-site Anycast DHCPv6 Prefix Delegation
tunnel, DMVPN
CEFv6/dCEFv6 (RFC3633), DHCPv6 Relay
IPv6 Firewall uRPF Strict & Loose Mode Individual AddressDHCP (RFC
CEFv6 Switched Tunnels 3315)
Integration HSRP & GLBP for IPv6 Generic Prefix
Default Router Selection
Configured & Automatic
Tunnels (RFC 2893)
6to4 (RFC 3056 & 3068) MLDv1, v2, Access Group
IPv6 over GRE/IPv4 (Pr. SW) PIMv2 SM, SSM, Bi-Dir
IPv6 over MPLS (6PE) PIM Embedded RP
IPv6 VPN over MPLS (6VPE) IPv6 MC over IPv4 tunnels
Scope Boundaries
ISATAP
Static mRoutes
NAT-PT (RFC 2765 & 2766)
Group range
IP over IPv6 Tunnels, DMVPN BSR,
Telnet, TFTP, DNS resolver, HTTP(s),
Ping, Traceroute, SSH, NTPv4, SLA
Cisco IP & IP-Forwarding MIBs
RIPng Flexible Netflow for IPv6
OSPFv3 graceful restart, fast conv
SNMP over IPv6
IS-IS & MT IS-IS for IPv6
EIGRP for IPv6 Syslog over IPv6
MP-BGP IPv6 Unicast CNS Agents, Config logger, Netconf, MIPv6 Home Agent
MP-BGP IPv6 Multicast SOAP, TCL Lite Authentication
Policy Based
© 2011 Cisco Routing
and/or its affiliates. All rights reserved. NEMO Cisco Confidential 60
Comprehensive Feature set
IPv6 Routing IPv6 Forwarding
 Routing Protocol :  Unicast and Multicast in HW
OSPFv3, EIGRPv6, BGPv6  Upto 512K IPv6 routes
 VRF-aware services (w/ –XL LC)
 Upto 960 Mpps (7018 and
w/8x10GE-XL)
IPv6 Traffic Visibility IPv6 HA

 IPv6 Ingress Netflow  ISSU
 Flexible Netflow  NSR:OSPFv3, EIGRPv6, BGPv6
 IPv6 Interface stats, counters  HSRPv6
IPv6 QoS IPv6 Multicast

 IPv6 Classification, policing,  MLDv2
queueing  PIM-SSM, PIM-Bidir
 IPv6 PBR, PBR set VRF
 BSR
IPv6 Mgmt and Apps

IPv6 Security  DHCPv6
 IPv6 CoPP  SNMP, Syslog, DNS(AAA),NTPv4,
 IPv6 ACL FTP, Telnet, SSH, NetConf
 uRPF, TrustSec (802.1ae w/ v6)  ICMPv6
 MIBs
•  Free for anyone with Cisco.com IPv6 Support Community
registration
•  Get timely answers to your technical

questions
•  Find relevant technical
documentation Documents Blogs
•  Engage with over 200,000 top
technical experts Ask the Expert Video
•  Seamless transition from discussion
to TAC Service Request (Cisco Mobile Discussions
customers and partners only)
•  Visit the Cisco Support Community
booth in the World of Solutions for
more information
The Cisco Support Community is your one-stop
supportforums.cisco.com community destination from Cisco for sharing current,
real-world technical support knowledge with peers
supportforums.cisco.mobi and experts.
•  New/Updated IPv6 Cisco Sites
http://www.cisco.com/ipv6
http://www.cisco.com/go/ipv6
•  New/Updated IPv6 Enterprise Sites:

http://www.cisco.com/go/ipv6 http://www.cisco.gom/go/entipv6
•  IPv6 Addressing Guide
http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/
Smart_Business_Architecture/BN_Enterprise_IPv6_Addressing_Guide_H2CY10.pdf
•  Cisco Smart Business Architecture (SBA Enterprise):

http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns982/
landing_sBus_archit.html
•  Cisco Network Designs:

http://www.cisco.com/go/designzone
•  Deploying IPv6 in Campus Networks (Just updated):
http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/CampIPv6.html
•  Deploying IPv6 in Branch Networks (Just updated):
http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns816/
landing_br_ipv6.html
•  SRND: Deploying IPv6 in Unified Communications Networks
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/ipv6/ipv6srnd.html
•  IOS IPv6 VOIP implementation Guide

http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6_voip.pdf
•  DNS and BIND, 5th Edition, by Cricket Liu and Paul Albitz, O'Reilly Media, May
2006
•  RFC 3596: DNS Extensions to Support IP Version 6, by S. Thomson, C.
Huitema, V. Ksinant, and M. Souissi, October 2003 (format: TXT=14093 bytes)
(obsoletes RFC 3152 and RFC 1886) (status: Draft Standard)
Coming Soon!!
Deploying IPv6 in Broadband Networks

Adeel Ahmed, Salman Asadullah
ISBN0470193387,
John Wiley & Sons Publications®
Thank you.

Ipv6 Customer Seminar Part3

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ipv6 Customer Seminar Part3

Uploaded by

Copyright:

Available Formats

IPv6 Seminar – Part3

1 Identify the highest priority IPv6-critical areas in your network

2 Perform IPv6 Assessment on high priority areas to determine scope

Repeat for the Next IPv6-Critical Area in Your Network

• Establish the network • Transport considerations

6rd BR LNS Core AFTR 4rd BR

Subscriber Subscriber Subscriber Subscriber Subscriber

Preserve Prepare Prosper

• Expect to run the same IGPs as with IPv4 Access

• Offers natural progression to

Primary ISATAP Tunnel

• Enable IPv6 Bridging per VLAN on

• Traffic isolation throughout the Access

LWAPP* encapsulates original Ethernet

• VLANs is valid from the AP to the

*LWAPP: Lightweight Access Point Protocol

• The single most overlooked and

• Stuff people don’t think about:

• Internet-facing Data Center

• Most of the internal and Internet DC

• Network services above L3 (A short-term challenge)

• Windows 7 • VMware vSphere 4.1

• Windows Server 2008/R2 • Microsoft Hyper-V

• SUSE • Microsoft Exchange 2007

Most commercial applications won’t be your problem

IPv6 IPv6 IPv6

IPv6 IPv6 IPv6

IPv4-only Host IPv4-only Host IPv4-only Host

• Stateless – Not your friend in the enterprise (corner case deployment)

• Stateful – What we are after for translating IPv6-only hosts to IPv4-only

IPv6 IPv4 IPv4

IPv6 IPv4 IPv4

Enable ACE-30 and ACE4710 to

Catalyst Enable Management of IPv6 over IPv4

• Virtual Dual Stack

• ALL Deployment Models

IPv4-to-IPv4 • CLI/Configuration Consistency with IPv4

• Solution used by Cisco IT for the World IPv6

Key GSS 4.1 IPv6 Features

IPv4-only Web Server

IPv4-only Web Server

Enterprise Enterprise Enterprise

MPLS MPLS MPLS MPLS MPLS

• Dual-Stack if native IPv6 – Tunnels otherwise

IPv4 Dual Stack

Customer Customer Subscriber

Using Tunnels Dual Stack IPv4/IPv6 6VPE Core

For more info see: http://www.cisco.com/go/cgv6

IPv6/IPv4 Network MPLS IPv4 Backbone IPv6/IPv4 Network

 6VPE uses existing IPv4 MPLS infrastructure to provide IPv6 VPN

Subscribers Provider Subscribers

LISP Solution: IPv6 Transition Support

MPLS MPLS MPLS MPLS MPLS

MPLS Internet MPLS Internet

Internet Internet Internet

Customer Customer Subscriber

Using Tunnels Using L2 Pseudowires 6VPE Core

IPSec Tunnels L2 VPN Services both Dual Stack IPv4 / IPv6

Carrier Grade NAT IPv6 Rapid Deployment IPv6-Only Subscriber

For more info see: http://www.cisco.com/go/cgv6

IP IPSec or Session IP, MPLS or Layer 2 based VPN IP

• DMPVPN allows full or partial mesh Managed VPN Service

Monitor 1 Application DPI (NBAR2)

• Provide Application visibility in Flexible NetFlow Identity

•  Establish the network •  Transport considerations

•  Expect to run the same IGPs as with IPv4 Access

•  Offers natural progression to

•  Enable IPv6 Bridging per VLAN on

•  Traffic isolation throughout the Access

•  VLANs is valid from the AP to the

•  The single most overlooked and

•  Stuff people don’t think about:

•  Internet-facing Data Center

•  Most of the internal and Internet DC

•  Network services above L3 (A short-term challenge)

•  Windows 7 •  VMware vSphere 4.1

•  Windows Server 2008/R2 •  Microsoft Hyper-V

•  SUSE •  Microsoft Exchange 2007

•  Stateless – Not your friend in the enterprise (corner case deployment)

•  Stateful – What we are after for translating IPv6-only hosts to IPv4-only

•  Virtual Dual Stack

•  ALL Deployment Models

IPv4-to-IPv4 •  CLI/Configuration Consistency with IPv4

•  Solution used by Cisco IT for the World IPv6

•  Dual-Stack if native IPv6 – Tunnels otherwise

  6VPE uses existing IPv4 MPLS infrastructure to provide IPv6 VPN

•  DMPVPN allows full or partial mesh Managed VPN Service

•  Provide Application visibility in Flexible NetFlow Identity

•  Available on ISR/ISRG2/7200 (IOS 15.0(1)M) NAT

•  Available on ASR1K – IOS XE 3.1.1S IOS Services

•  Protocol Pack & Licensing

•  Advanced Classification Techniques

•  Open API for 3rd party Business Logic Integration

•  Supported in IOS Classic, IOS XE and Linux appliances

•  Statefull Application classification for native IPv6 traffic

•  Statefull Application classification IPv6 in IPv4 Traffic

•  Advanced Integration with Flexible NetFlow IPv6

•  Operations supported for IPv6:

•  For all other operations, use IPv4 tunneling

•  Get timely answers to your technical

•  New/Updated IPv6 Enterprise Sites:

•  Cisco Smart Business Architecture (SBA Enterprise):

•  Cisco Network Designs:

•  IOS IPv6 VOIP implementation Guide