Professional Documents
Culture Documents
En Route v7 Ch06
En Route v7 Ch06
Chapter 6:
Enterprise Internet
Connectivity
ROUTE v6 Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 1
Chapter 6 Topics
Planning Enterprise Internet Connectivity
Summary
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 2
Planning Enterprise Internet
Connectivity
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 3
Upon completion of this section, you will be able to do the
following:
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 4
Connecting Enterprise Networks to an ISP
Modern corporate IP networks connect to the global
Internet.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 5
Enterprise Connectivity Requirements 1/2
Enterprise connectivity requirements can be categorized as:
Outbound:
Only one-way connectivity outbound from clients to the Internet is required.
Private IPv4 with NAT .
This situation is found in most homes.
Inbound:
Two-way connectivity is needed
Clients external to the enterprise network can access resources in the
enterprise network.
In this case, both public and private IPv4 address space is needed.
Routing and security consideration as well.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 6
Enterprise Connectivity Requirements 2/2
The type of redundancy required includes:
Link redundancy
ISP redundancy
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 7
ISP Redundancy
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 8
Public IP Address Assignment
The Internet Assigned Numbers Authority (IANA) and the
regional Internet registries (RIRs) are involved with public IP
address assignment.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 9
The Internet Assigned Numbers Authority
The IANA is the umbrella organization responsible for
allocating the numbering systems that are used in the
technical standards.
Coordinate the global pool of IPv4 and IPv6 addresses, and provide
them to RIRs.
Coordinate the global pool of autonomous system numbers and
provide them to RIRs.
Manage the Domain Name Service (DNS) root zone.
Manage the IP numbering systems (in conjunction with standards
bodies).
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 10
Regional Internet Registries
RIRs are nonprofit corporations established for the purpose of
administration and registration of IP address space and
autonomous system numbers.
If the customer changes its ISP, the new ISP will give the
customer a new PA address space.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 13
Provider-Independent Address Space
For a multihomed connection, a PI address space is
required.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 16
Upon completion of this section, you will be able to do the
following:
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 17
Configuring a Provider-Assigned IPv4 Address
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 18
DHCP Operation
DHCPDECLINE: A message sent from a client to a server indicating that the address is already in
use.
DHCPNAK: A message sent from a server indicating that it is refusing a clients request for
configuration.
DHCPRELEASE: A message sent from a client indicating to a server that it is giving up a lease.
DHCPINFORM: A message sent from a client indicating that it already has an IPv4 address, but is
requesting other configuration parameters
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 19
Obtaining a Provider-Assigned IPv4 Address
with DHCP
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 20
Configuring a Router as a DHCP Server and
DHCP Relay Agent
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 21
NAT 1/3
NAT includes the following four types of addresses:
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 22
NAT 2/3
When a packet travels from an inside domain to an outside
domain, it is routed first and then translated and forwarded
out the exit interface.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 23
NAT 3/3
The show ip nat translations command is used to verify
which addresses are currently being translated
255
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 24
Configuring Static NAT
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 25
Configuring Dynamic NAT
Chap
ter 6 26
Configuring PAT
Also known as NAT overloading, is the most widely used
form of NAT.
Chapter
6 7
Limitations of NAT
End-to-end visibility issues
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 28
NAT Virtual Interface
As of Cisco IOS Software Release 12.3(14)T Cisco
introduced a new feature, NAT virtual interface (NVI).
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 29
Configuring NAT Virtual Interface 1/3
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 30
Configuring NAT Virtual Interface 2/3
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 31
Configuring NAT Virtual Interface 3/3
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 32
Verifying NAT Virtual Interface 1/3
Chapter
6 2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 33
Verifying NAT Virtual Interface 2/3
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 34
Verifying NAT Virtual Interface 3/3
Chapter
6 35
Establishing
Single-Homed
IPv6 Internet
Connectivity
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 36
Upon completion of this section, you will be able to do the
following:
Describe the various ways that your router can obtain an IPv6
address.
Understand DHCP for IPv6 (DHCPv6) operation and describe the use
of a router as a DHCPv6 server and relay agent.
Manual assignment
Stateless DHCPv6
Stateful DHCPv6
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 38
Manual Assignment
As with IPv4, an IPv6 address can be statically assigned by
a network administrator.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 39
Configuring Basic IPv6 Internet Connectivity 1/2
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 40
Configuring Basic IPv6 Internet Connectivity 2/2
Chapter 6 1
Stateless Address Autoconfiguration
SLAAC provides the capability for a device to obtain IPv6
addressing information without any intervention from the
network administrator.
IPv6 hosts listen for these RAs and use the advertised
prefix, which must be 64 bits long.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 43
Enabling SLAAC
Use the ipv6 address autoconfig [default] interface
configuration command.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 44
DHCPv6 Operation
In the IPv6 world, there are two types of DHCPv6:
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 45
Stateless DCHPv6 1/2
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 46
Stateless DCHPv6 2/2
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 47
Stateful DHCPv6 1/2
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 48
Stateful DHCPv6 2/2
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 49
NAT for IPv6
In IPv4, NAT is typically used to translate private addresses
to public addresses when communicating on the Internet.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 50
NAT64
NAT Protocol Translation (NAT-PT) was the initial
translation scheme for facilitating communication between
IPv6 and IPv4.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 52
IPv6 ACLs
ACLs are often used for security purposes.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 53
IPv6 ACL Characteristics
One change from IPv4 is that IPv6 ACLs are always named
and extended.
For IPv6, there are three implicit rules at the end of each
ACL, as follows:
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 54
Configuring IPv6 ACLs 1/3
-The ACL should block all ICMP echo requests and Telnet requests to the
TFTP server.
-TFTP traffic from the Internet should only be allowed to the TFTP server,
not to other internal hosts.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 55
Configuring IPv6 ACLs 2/3
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 56
Configuring IPv6 ACLs 3/3
-To apply an ACL to a vty line, use the ipv6 access-class ACL-name line
configuration command.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 57
Securing IPv6 Internet Connectivity
Enabling IPv6 Internet connectivity results in several new
attack vulnerabilities in your infrastructure.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 58
Improving Internet Connectivity
Resilience
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 59
Upon completion of this section, you will be able to do the
following:
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 60
Drawbacks of a Single-Homed Internet
Connectivity
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 61
Dual-Homed Internet Connectivity
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 62
Configuring Best Path for Dual-Homed Internet
Connectivity 1/2
Either static routing toward the ISP or BGP with the ISP are
commonly used to route outbound traffic.
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 63
Configuring Best Path for Dual-Homed Internet
Connectivity 2/2
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 64
Multihomed Internet Connectivity 1/2
Establishing a multihomed
environment involves
meeting some requirements:
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 66
Summary
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 67
Read it in the book!
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 68
Chapter 6
2007 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 69