what-when-how

In Depth Tutorials and Information

Enterprise Network Services Design (IPv6)

The network services module is a relatively new element to the campus design. As campus network planners begin to consider
migration to dual-stack IPv4/IPv6 environments, and continue to integrate more sophisticated Unified Communications services, a
number of challenges lie ahead. It will be essential to integrate these services into the campus smoothly—while providing the appropriate
degree of operational change management and fault isolation. The campus network also needs to continue to maintain a flexible and
scalable design. For example, IPv6 services can be deployed through an interim tunnel-based overlay that enables IPv6 devices to tunnel
over portions of the campus not yet

IPv6-enabled. Such an interim approach enables a faster introduction of new services without requiring a networkwide, hot cutover.
Examples of functions recommended to be located in a services module include

■ Centralized wireless controllers: These controllers provision and control access points across the entire campus.

■ Centralized IPv6 Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel termination from the enterprise campus
to the network services module: This creates a tightly controlled overlay tunnel network on top of the existing network. Like all
tunneling technologies, running multiple ISATAP tunnels to different segments in the network increases network administration
complexity along with making it extremely difficult to manage and troubleshoot.

■ Unified Communications services (Cisco Unified Communications Manager, gateways): To enable Unified Communications
services, enterprises deploy call managers and other voice gateway devices in the services block for centralized management.

■ Policy gateways: The policy gateways provide user authentication and authorization along with network access control (NAC)
functions. Typical policy gateways include authentication, authorization, and accounting (AAA) servers, access control servers (ACS),
and NAC profilers.

Table 2-3 Service and Features Provided by Access Layer Switches

Service Requirements Features

Enabling voice/video applications: Power over Ethernet and QoS marking, policing, queuing Application
visibility services: Flexible NetFlow
Collaboration services
Mobility services: Unified wired/wireless location services

Virtualization services: VLAN, VRF-Lite

Automation services Auto Smartports, Smart CallHome

Access control: 802.1x and port security Control Plane Policing (CoPP), DHCPv6 Relay, IPv6 Router
Security services
Guard, IPv6 port access control list (PACL)

Resiliency Stateful Switchover (SSO), Non-Stop Forwarding (NSF), In Service Software Upgrade (ISSU)

Intelligent network control PVST+, Rapid PVST+, EIGRP, OSPF, DTP, PAgP/LACP, UDLD, FlexLink, Portfast, UplinkFast,
services BackboneFast, LoopGuard, BPDUGuard, RootGuard

Next post: Enterprise Data Center Network Design (IPv6)

Previous post: Enterprise Campus Network Design (IPv6)

Related Links
IPv6 for Enterprise Networks
IPv4 Address Exhaustion and the Workaround Options (IPv6)
IPv6 Market Drivers
Commonly Asked Questions About IPv6