Cisco IPv6 Solutions Integration & Co-Existence

Patrick Grossetete Product Management, NSSTG [email protected]

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

1

Agenda







Presentation_ID

IPv6 Rationales IPv6 Protocol overview General Deployment Concepts Enterprise Deployment Service Provider Deployment Appendix—For Reference Only

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

2

IPv6 Rationales

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

3

What is IPv6? Basic Perspectives The Network Manager Perspective Infrastructure focus Stable specifications, commercial implementations Cost of deployment and operation

The End-User Perspective Applications & Services focus Integration per application model IP Agnostic Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

4

Key Aspects Reminder
IPv6 is NOT a feature. It is about the fundamental IP network layer model developed for end-to-end services and network transparency
Deployments of production IPv6 infrastructures are under way, the time has come to move our focus to edge, access and usage 6Bone is phasing out, 6NET is closed,…


Today’s IPv6 deployment drivers do not rely on uncovering the “future killer application” anymore, they focus instead on: Performing the same as on IPv4 but on a larger scale Operational cost savings or simpler network models when deploying applications Leading the innovation

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

5

Market Drivers
IPv4 address pool exhaustion – 2010-2015?
National IT strategy U.S. Federal – OMB memo called for IPv6 infra in June 2008 Japan, Korea,… China Next Generation Internet (CNGI) project European Commission sponsored projects Emerging countries IPv6 Task Force, ie: India, Africa,…


Microsoft Windows Vista & Longhorn releases And other O.S. or applications


Next Gen. Broadband: DOCSIS 3.0, Quad Play with HDTV,…
Mobile SP – 3G/4G/WiMax, IP NGN IMS, IP/TV on Mobiles
Networks in Motion
Networked Sensors, ie: Cisco AIRS solution Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

6

IPv6 Integration – Per Application Model Today, all O.S. are Dual-Stack


As soon as the infrastructure is IPv6 capable…IPv6 integration can follow a non-disruptive “per application” model

New Generation of Internet Appliances Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

7

Advanced Incident Response System Building is a “Smart Building” wired with IPv6 sensors – accessed by IPR commander Emergency Site

IRP connected to cloud via mobile PAN router

Biometric Sensor Data

Mobile Command Post MIPv6

Hastily Formed Network WiMAX/WiFi/3G/Satellite

Environmental Sensor Data (Modular)

IRP Commander can monitor IRP while deployed, in real time

IRP Monitoring Dashboard

Multiple WLAN clouds deployed running native IPv6

IRP

IRP are MIPv6 user connected back to IRP network via HA

Sensor nodes are Local Fixed Nodes (LFN) attached to PAN Mobile router with NEMO

8

FOSE 2007 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

03/21/2007 8

IPv6 Protocol overview

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

9

IPv4 & IPv6 Header Comparison IPv4 Header Version

IHL

Type of Service

Identification

IPv6 Header

Total Length

Flags

Version

Traffic Class

Fragment Offset Payload Length

Time to Live

Protocol

Flow Label

Next Header Hop Limit

Header Checksum

Source Address

Source Address

Destination Address

Legend

Options

Padding

- field’s name kept from IPv4 to IPv6

Destination Address

- fields not kept in IPv6 - Name & position changed in IPv6 - New field in IPv6

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

10

IPv6 Packet Structure – RFC 2460 IPv6 Header Next Header = 6 (TCP)

TCP header & payload

IPv6 Header Next Header = 43 (Routing)

Routing Header Next Header = 6 (TCP)

IPv6 Header Next Header = 43 (Routing)

Routing Header Next Header = 51 (AH)

TCP header & payload

Authentication Header

Next Header = 6 (TCP)

TCP header & payload

• IPv6 hardware forwarding must be able to parse all fields to read about option headers and L4 details for packet filtering and monitoring • Ref. http://www.cisco.com/en/US/products/ps6553/products_white_paper0900aecd8054d37d.shtml Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

11

Address Allocation /32 2001

/48

0DB8

/64 Interface ID

ISP prefix Site prefix LAN prefix
The allocation process is defined by the 5 Registries: IANA allocates 2000::/3 as Global Unicast [RFC 4291] Registries get ::/12 prefix(es) from IANA [formerly /23] under new policy http://www.icann.org/announcements/announcement-12oct06.htm Registry allocates a /32 prefix [formerly /35] to IPv6 ISP and others Then policies recommend that the ISP allocates a /48 prefix to each customer (or potentially /64) http://www.ripe.net/ripe/docs/ipv6policy.html http://www.icann.org/announcements/ipv6-report-06sep05.htm New Policy to assign PI and IX prefixes as /48 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

12

How to get an IPv6 Address?
How to get address space? Real IPv6 address space now allocated by AFNIC, APNIC, ARIN, LACNIC and RIPE to ISP IPv6 IX


6Bone

3FFE::/16 – Phased out on 06/06


6to4 tunnels

2002::/16


Enterprises get their IPv6 address space from: Registry if able to justify /32 Their ISP who allocates /48 Provider Independent – /48 (in 03/07, only available ARIN, APNIC) ULA – private address

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

13

IPv6 Technology Scope IP Service

IPv4 Solution

IPv6 Solution

Addressing Range

32-bit, Network Address Translation

128-bit, Multiple Scopes

Autoconfiguration

DHCP

Serverless Serverless,, Reconfiguration Reconfiguration,, DHCP

Security

IPSec

IPSec Mandated, works End-to-End

Mobility

Mobile IP

Mobile IP with Direct Routing

Quality-of-Service

Differentiated Service, Integrated Service

Differentiated Service, Integrated Service

IP Multicast

IGMP/PIM/Multicast BGP

MLD/PIM/Multicast BGP, Scope Identifier

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

14

Introducing Local Network Protection for IPv6 DHCPv6 Prefix Delegation IPv6 Global & ULA address space

Internet

Access Si

Si

Explicit Context Based Access Control


IPv4 Network Address Translation (NAT) is widely deployed and its success is due to the fact that today’s Internet is primarily running Client/Server applications.
No reason to treat NAT as evil, better to analyze “Market’s perceived benefits of IPv4 NAT”, then educate how similar benefits can be achieved with IPv6 Topology hiding, addressing autonomy, simple security,…


Local Network Protection for IPv6 A set of IPv6 techniques that may be combined on an IPv6 site to simplify and protect the integrity of its network architecture, without the need for Address Translation http://www.ietf.org/internet-drafts/draft-ietf-v6ops-nap-06.txt Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

15

General Deployment Concepts

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

16

IPv6 – Planning Steps 2005

2006

2007

2008

Q Q Q Q 1 2 3 4

Q Q Q Q 1 2 3 4

2009

201x

Q Q Q Q Q Q Q Q 1 2 3 4 1 2 3 4

Identifying the business case Network Assessment Cost Analysis Training Address planning Testing Deploying

Production

How long is needed for each phase of an IPv6 deployment project? Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

17

Information Information Services Services

Operations and and Training Training Operations

Server Server to to Client Client

Campus Campus

Enterprise Enterprise WAN WAN

Multimedia Multimedia

Peer Peer to to Peer Peer

(Video (Video Conf) Conf)

(ie: (ie: Instant Instant Messenger) Messenger)

Provider Provider Edge Edge

Provider Provider Core Core

Broadband Broadband Networks Networks

Integration Integration & & Co-Existence Co-Existence IPv6 IPv6 over over IPv4 IPv4 Tunnels Tunnels (Configured, (Configured, 6to4, 6to4, ISATAP, ISATAP, GRE) GRE)

Native Native IPv4 IPv4 & & IPv6 IPv6 Cisco Cisco IOS IOS is is Multi-Protocol Multi-Protocol Since Since Day Day 1 1

IPv6 IPv6 over over MPLS MPLS ((AToM, AToM, 6PE/6VPE 6PE/6VPE))

IPv6 IPv6 Services Services – – The The Cisco Cisco IOS IOS Emphasis Emphasis QoS QoS

Mobility Mobility

Multicast Multicast

Security Security

Instrumentation Instrumentation

IPv4-IPv6 IPv4-IPv6 Translation Translation

P rr oo vv ii ss ii oo nn ii nn gg & &M M oo nn ii tt oo rr ii nn gg P

The Scope of IPv6 Deployment

IPv6 IPv6 Forwarding Forwarding & & Routing Routing protocols protocols (RIPng, (RIPng, EIGRP, EIGRP, OSPFv3, OSPFv3, IS-ISv6, IS-ISv6, MP-BGP4) MP-BGP4) Frame Relay Presentation_ID

PPP HDLC

© 2006 Cisco Systems, Inc. All rights reserved.

POSIP Cisco Confidential

ATM

FE GE, 10GE

Wireless

xDSL Cable, FTTH 18

Network Assessment
A key and mandatory step to evaluate the impact of IPv6 integration
May be split in several phases Infrastructure – networking devices Hosts, Servers and applications


Must be as complete as possible to allow upgrade costs evaluation and planning Hardware type, memory size, interfaces, CPU load,… Software version, features enabled, license type,…


Difficult to complete if a set of features is not defined per device’s category for a specific environment IPv6-capable definition, knowledge of the environment and applications, design goals Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

19

Cost Estimate of upgrading Network Devices Hardware

Software

Minimal Operation

Cost

Full replacement

Full upgrade

Local intervention

Very high

Limited upgrade; for instance, memory size, line card, supervisor engine

Full upgrade

Local intervention

High to Medium

No change

Full upgrade

Local or remote intervention

Medium to minimal, depending on the need to purchase an upgraded license

No change

No change, Configuration only

Local or remote intervention

Minimal

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

20

IPv6 Addressing Considerations
Understand the IPv6 addressing model Several IETF related documents (RFC 4291 (3513), 3041, 3056, 3879, 4007, 4193, 4214…) IANA and Registries policies and prefix allocation rules http://www.arin.net/policy/nrpm.html#ipv6 Internal rules
Develop an addressing plan Leverage hierarchical addressing system within network, for route aggregation and consolidation at the core
Address are assigned to interfaces as on IPv4, but interfaces expected to have multiple addresses
Address type, scope and lifetime Unicast, Anycast, Multicast Valid and preferred lifetime – RFC 4192 on Renumbering Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

21

Education It is a very important aspect of planning. Knowledgeable staff would make better decisions in planning the deployment. The sooner it is initiated the less expensive and more valuable it is. Many education options:
Formalized training used to train-the-trainer.
Global resources IPv6 Forum (http://www.ipv6forum.com) IPv6 Task Force (http://www.ipv6tf.org) 6DISS (http://www.6diss.org) & 6NET (http://www.6net.org) Cisco resources – www.cisco.com/ipv6 Partner e-Learning Connection: http://www.cisco.com/warp/public/10/wwtraining/pec/peclogin.html Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

22

Enterprise Deployment

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

23

Deployment Scenario for Enterprises

WAN

Campus

Presentation_ID

Environment

Scenario

Cisco IOS support

IPv6 services available from ISP

Dual Stack

Yes

Dedicated Data Link layers, eg. LL, ATM & FR PVC, dWDM Lambda No IPv6 services from ISP or experimentation – few sites No IPv6 services from ISP or experimentation – many sites, any to any communication

Dual Stack

Yes

Configured Tunnels

Yes

6to4

Yes

L3 infrastructure – IPv6 capable

Dual Stack

Yes

L3 infrastructure – not IPv6 capable, or sparse IPv6 hosts population

ISATAP

Yes

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

24

Campus IPv6 Deployment Options Dual-stack IPv4/IPv6 IPv6/IPv4 Dual Stack
Requires switching/routing platforms to support hardware based forwarding for IPv4 and IPv6

Access Layer

v6Enabled


Requires robust control plane for both IPv4 and IPv6

v6Enabled

Distribution Layer

Core Layer

Dual Stack

v6-Enabled

Dual Stack


IPv4 and IPv6 control planes and data planes must not impact each other (See RST-3301)

L2/L3

Dual Stack

Variety of routing protocols—The same ones in use today with IPv4


Requires support for IPv6 multicast, QoS, infrastructure security, etc…

Dual Stack

IPv6 management— Telnet/SSH/HTTP/SNMP

Dual Stack


IPv6 is transparent on L2 switches except for multicast - MLD snooping

v6-Enabled

Aggregation Layer (DC) Access Layer (DC)

IPv6 Server

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

25

Campus IPv6 Deployment Options Hybrid Model Hybrid Model
Offers IPv6 connectivity via multiple options Dual-stack Configured tunnels – L3-to-L3 ISATAP – Host-to-L3

Access Layer


May require tunneling to less-thanoptimal layers (i.e. Core layer)
ISATAP creates a flat network (all hosts on same tunnel are peers)

v6-Enabled


ISATAP does not support IPv6 Multicast
Configured tunnels do support IPv6 Multicast Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Dual Stack


Provides basic HA of ISATAP tunnels via old Anycast-RP idea

v6Enabled

Dual Stack

Create tunnels per VLAN/subnet to keep same segregation as existing design (not clean today)

Not v6Enabled

Configured Tunnel


Offers natural progression to full dualstack design

ISATAP Tunnel


Leverages existing network

L2/L3 v6Enabled

Not v6Enabled

v6-Enabled

Distribution Layer

Core Layer

Aggregation Layer (DC) Access Layer (DC)

Dual-stack Server

26

Campus IPv6 Deployment Options IPv6 Service Block – An Interim Approach Red VLAN

Blue VLAN

IPv6 Service Block Distribution Layer

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Dedicated FW

Core Layer

IOS FW

Agg Layer

2

1

Secondary ISATAP Tunnel

Presentation_ID

ISATAP

Access Layer

Primary ISATAP Tunnel Equal-cost Configured Tunnel (Mesh)

IPv4-only Campus Block

Internet


Provides ability to rapidly deploy IPv6 services without touching existing network
Provides tight control of where IPv6 is deployed and where the traffic flows (maintain separation of groups/locations)
Provides basic HA of ISATAP
ISATAP tunnels from PCs in Access layer to service Block switches
In this example configured tunnels are used from Data Center to Service Block
Dependency on ISATAP alienates IPv6 multicast applications
1) Leverage existing ISP block for both IPv4 and IPv6 access
2) Use dedicated ISP connection just for IPv6 – Can use IOS FW or PIX/ASA appliance

WAN/ISP Block Data Center Block 27

IPv6 on a Campus – ISATAP Tunnels IPv6 Prefix ::/64

Native IPv6

0000:5EFE:

IPv4 Addr.

32-bit 32-bit Interface ID

IPv6 in IPv4 ISATAP ISATAP router IPv4 + IPv6 ISATAP

IPv6 Internet/Intranet Cisco IOS 12.3M/T 12.2S Cat.6500

IPv6 Data Center

Dual-Stack Host

Network

Dual-Stack Host

• Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) – IETF Draft – Automatic Tunnels created dynamically based on embedded IPv4 addresses – IPv6 Unicast only • Primarily intended for communication between [sparse] IPv6 hosts within a site with no native IPv6 infrastructure but an ISATAP router • IPv6 hosts connect to virtual IPv6 link – that may spread several IPv4 subnets – to directly communicate between each others. • IPv6 hosts reach the IPv6 Internet through an ISATAP router Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

28

IPv6 Data Center Integration Layers Core

Aggregation


Design will be similar to Campus based on feature, platform and connectivity similarities
IPv6 for SAN is supported in SAN-OS 3.0

Access

Edge

Core

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential


Major issue in DC with IPv6 today – NIC Teaming (completely missing in NIC/Server vendor implementations)
Watch status of IPv6 support from App, Grid, DB vendors (don’t assume)
Check status of appliances/modules

29

IPv6 Enabled Branch Take Your Pick – Mix-and-Match Branch Single Tier

Branch Dual Tier

Branch Multi-Tier

HQ

HQ

HQ Internet

Internet

MPLS

Frame

Internet

Dual-Stack IPSec VPN (IPv4/IPv6) IOS Firewall (IPv4/IPv6) Integrated Switch (MLD-snooping) Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Dual-Stack IPSec VPN or Frame Relay IOS Firewall (IPv4/IPv6) Switches (MLD-snooping) Cisco Confidential

Dual-Stack IPSec VPN or MPLS (6PE/6VPE) Firewall (IPv4/IPv6) Switches (MLD-snooping) 30

Cisco VPN Client in IPv6 environment Tunnel(s) Remote User

IPv4 IPSec Termination (PIX/ASA/IOS VPN/ Concentrator)

IPv6 Traffic IPv4 Traffic IPv4 Link

Internet

IPv6 Tunnel Termination

IPv6 Link

Corporate Network Firewall

IPsec VPN IPv6-in-IPv4 Tunnel

Dual-Stack server

Requirement Cisco IOS release with either Configured or ISATAP tunnels Cisco VPN Client 4.x Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

31

Cisco IPv6 Security Solutions IPv6 Firewall

IPv6 IPSec HW Encryption

• IOS Firewall 12.3T, 12.4, 12.4T • PIX 7.x • ASA 5500 series • FWSM 3.x

• 7200 VAM2+ SPA • ISR AIM VPN • next gen. 5G IPsec VPN SPA

IPsec – Secure Connectivity

Packet filtering – Threat protection

• IPv6 over IPv4 IPsec tunnels • IPv4 dynamic IPSec to protect IPv6 over IPv4 tunnels with dynamic IPv4 end point • IPv6 IPSec Authentication for OSPFv3 • IPv6 IPsec Tunnel Router-to-Router

• Standard, reflexive, extended access control list • Enhanced extended ACL – filtering on Routing Type • Hardware e-ACL filtering capabilities (CRS-1, C12K, C7600, C6500,…) including parsing option headers

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

32

Looking at IPv6 Network Management


Network Management evolution needs to be integrated in the IPv6 deployment strategy In a dual-stack network, both IPv4 and IPv6 environments must be managed with the best optimization to decrease the cost of operations




3 areas to consider Instrumentation (MIBs, Netflow record, IP SLA,…) New IP MIBs, RFC 4001 compliancy Network Protocol (SNMP, TFTP, Syslog, Telnet, SSH,…over IPv6) NMS & Applications for IPv6 DNS/DHCP server (CNR 6.2), Netflow Collector 5.x, Ciscoworks LMS 2.5 (Topology, User Tracking,…)

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

33

Cisco IT IPv6 Deployment Development Labs Network Monitoring Host

Lab

DMZ Tunnel Router

Lab

Cisco SJC Internal Net

Cisco Global Network

Cisco SJC DMZ IPv4 Firewall

Lab Address Management & DNS

Presentation_ID

IPv4 Internet

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

IPv6 Firewall & Tunnel Termination Router (incl. ISATAP)

DMZ Lab IPv4 Internet Access Router DMZ Development Lab

IPv6 Internet

34

ISP Deployment

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

35

IPv6 Deployment Scenario for ISP Scenario

Cisco IOS support

Tunnels

Yes

Dual Stack

Yes

Dedicated circuits – IPv4 – IPv6

Dual Stack

Yes

Native IP – Core is IPv6 aware

Dual Stack

Yes

MPLS – Core is IPv6 unaware

6PE/6VPE

Yes

Environment

Access

Core

Presentation_ID

Few customers, no native IPv6 service form the PoP or Data link is not (yet) native IPv6 capable, ie: Cable Docsis Native IPv4-IPv6 services between aggregation and endusers

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

36

Dual Stack IPv4-IPv6 Enterprise DualDual-Stack or Dedicated L2 circuits 6to4 Relay Courtesy Service Aggregation

DSL, DSL, Cable FTTH

Dual-Stack Core IPv6 Broadband Users


IPv6 IX Peering
IPv6 Transit services
IPv6 enables on Core Routers

802.11 Hot-Spot


IPv6 services to Enterprise customers
IPv6 services to Home Users

Peering ISP’s


Additional Services 6to4 relay courtesy service

IPv6 IX

IPv6 Multicast for streaming (Triple Play) Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

37

IPv6 over MPLS Infrastructure
Service Providers have already deployed MPLS in their IPv4 backbone for various reasons MPLS/VPN, MPLS/QoS, MPLS/TE, ATM + IP switching


Several IPv6 over MPLS scenarios IPv6 Tunnels configured on CE (no impact on MPLS) IPv6 over Circuit_over_MPLS (no impact on IPv6) IPv6 Provider Edge Router (6PE) over MPLS & IPv6 VPN over MPLS (6VPE) with no impact on MPLS core Native IPv6 MPLS (require full network upgrade)
Upgrading software to IPv6 Provider Edge Router (6PE) Low cost and risk as only the required Edge routers are upgraded or installed Allows IPv6 Prefix delegation by ISP Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

38

Minimum Infrastructure Upgrade for 6PE DSL

POP

6PE router

v6

6PE router

MP-iBGP session

CE v4/v6

POP

v4 MPLS Core up to OC-192

Data Center IPv6 Network Only IPv6 segment

FTTH GE

NAT-PT GE IPv4 Server

GE

MPLS/IPv4

GE

Cisco 7600 Sup.720 as 6PE

•6PE – RFC 4798 – defined by Cisco and available from IOS •MPLS/IPv4 Core Infrastructure is IPv6-unaware • PEs are updated to support Dual Stack/6PE • IPv6 reachability exchanged among 6PEs via iBGP (MP-BGP) • IPv6 packets transported from 6PE to 6PE inside MPLS

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

IPv6 Server

39

IPv6 Integration on MPLS VPN infrastructure Dual-stack ipv4 addresses: 10.100/16 ipv6 addresses: 2001:100::/64

Dual-stack network

Address-family IPv4 Address-family IPv6

P1

Site-1 2001:101::/64 10.101/16

vrf

CE1

P2

PE1

Dual-stack network

PE2

MP-eBGP session Address-family IPv4 Address-family IPv6

2001:201::/64 10.201/16

MP-iBGP session

MP-eBGP session

Address-family VPNv4 Address-family VPNv6

Address-family IPv4 Address-family IPv6




MPLS/IPv4 Core Infrastructure is IPv6-unaware




PEs are updated to support Dual Stack/6VPE


IPv6 VPN can co-exist with IPv4 VPN – same scope and policies 6VPE – RFC 4659 – Cisco authored for IPv6 VPN over MPLS/IPv4 infrastructure

Site-2

VRF red

iGP-v4 (OSPF, ISIS) LDP-v4

VRF red




CE2

Dual stack server

vrf definition site1 rd 100:1 route-target import 100:1 route-target export 100:1 address-family ipv4 address-family ipv6 ! interface ethernet0/0 vrf forwarding site1 ip address 10.100.1.2 255.255.0.0 ipv6 address 2001:100::72b/64


Cisco IOS 12.2(33)SRB on 7600, IOS-XR 3.5 on C12000 Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

40

Cisco IOS IPv6 Broadband Access Solutions Layer 2 Encapsulation(s) IPv4/IPv6 Firewall PIX, IOS FW

PSTN

Dial

ISP A

NAS Internet DSL DSLAM

DOCSIS 3.0 proposal

Cable

BAS

Enterprise

Head-end

Distributed Computing (GRID) Access

Ethernet

IPv6 Prefix Pools IPv6 Radius (Cisco VSA and RFC 3162) DHCPv6 Prefix Delegation Stateless DHCPv6 DHCPv6 Relay Generic Prefix

802.11

Mobile

RAN

ATM RFC 1483 Routed or Bridged (RBE) PPP, PPPoA, PPPoE, Tunnel (Cable) Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Dual-Stack or MPLS (6PE) Core

Cisco Confidential

Video IPv6 Multicast

IPv4/IPv6 41

Prefix/Options Assignment Host

CPE

PE ISP ISP provisioning system

(3) RADIUS responds with user’s prefix(es)

DHCP Client DHCP Server (1) CPE sends DHCP solicit with ORO = PD (2) PE sends RADIUS request for the user (4) PE sends DHCP REPLY with Prefix Delegation options (5) CPE configures addresses from the prefix on its downstream interfaces, and sends an RA. O-bit is set to on

(7) CPE sends a DHCP REPLY containing request options

AAA Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

DHCP Cisco Confidential

(6) Host configures addresses based on the prefixes received in the RA. As the O-bit is on, it sends a DHCP INFORMATION-REQUEST message, with an ORO = DNS

ND/DHCP 42

Summary Markets Perspective IPv6 enables innovation, scalability and simplicity Software Developer Perspective Applications must be “IP agnostic” Network Manager Perspective Infrastructure must be deliver IPv6 up to the edge/access layer The End-User Perspective IP version needs to be transparent

Ensure an orderly and secured transition using Cisco IPv6 Solutions Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

43

Q and A

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

44

More Information
CCO IPv6 - http://www.cisco.com/ipv6
Cisco IPv6 Solutions http://www.cisco.com/en/US/tech/tk872/technologies_white_paper09186a0 0802219bc.shtml
IPv6 Application Notes http://www.cisco.com/warp/public/732/Tech/ipv6/ipv6_techdoc.shtml
Cisco IOS IPv6 manuals http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/i pv6_vcg.htm

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

45


Retrouvez chaque mois l’actualité Cisco sur CiscoMag, la newsletter de Cisco France Abonnement : www.cisco.fr/go/ciscomag


Séminaire solutions : Le réseau de Campus Jeudi 24 mai 2007 en matinée à l’Institut Océanographique - Paris

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

46

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

47

Cisco Press Books

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

48

www.cisco.com/ipv6 Scaling the Internet for our Next Generations 6NET, 6DISS, u-2010 projects IPv6 Forum Cisco as a founding member

IETF IPng WG Cisco IOS E-Japan IPv6 initiative 6Bone prototype creation on CCO for Cisco IPv6 customers Statement of Direction

’94-96

’98-99

2000

IPv6 HW FW on CRS-1 & C6500/C7600 sup720

US DoD memo C12K IPv6 HW FW on E3

2001

US Federal Infrastructure Build out

US DoC RFI

Cisco IOS IPv6 Phase 1 on 12.2(2)T & C12K 12.0S

2003

2004

US OMB memo C12K E5, SANos 3.0, PIX 7.0, C3K

2005

6Bone phasedout C10K GGSN 7.0

2006

Microsoft Windows Vista & Longhorn DOCSIS 3.0 6VPE Solution, C4K HW, Advanced Technologies IPv6

2007-09

Cisco Leadership: IETF IPv6, NGtrans, DHCP, MIPv6, v6Ops co-chairs Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

49

Cisco IOS IPv6 Status Positioning General Production Core

Cisco IOS Release 12.3M – 12.4M

Technology development

May 2003 – May 2005

12.0S on 12000, 10720

Feb 2002

IOS-XR on CRS-1

May 2004

12.2S Family

Feb 2003

Edge & Enterprise Infrastructure L3 switches

First FCS Date

12.2S-based Family

C7304/10K 12.2SB, C7600/7200 12.2SR C6500 12.2SX, C4500 12.2SG, C3750/3560 12.2SE

12.3T – 12.4T

Aug 2003 – June 2005

Note – as well as 12.2S

IPv6 Start Here documents the IPv6 feature set per Cisco IOS releases www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/ftipv6s.htm Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

50

Cisco IOS – IPv6 Feature Overview Core

Security • •

•

IPv6 std, extended, reflexive& enhanced extended ACL IPv6 IPsec – OSPFv3 authentication, sitesite-toto-site tunnel IPv6 Firewall

Integration • Configured & Automatic Tunnels (RFC 2893) • 6to4 (RFC 3056 & 3068) • IPv6 over GRE/IPv4 (Pr. SW)

• •

IPv6 (RFC 2460) ICMPv6 (RFC 2463)

• •

Neighbor Discovery (RFC 2461) Stateless AutoAuto-Configuration

• •

Anycast CEFv6/dCEFv6

•

• •

uRPF Strict Mode CEFv6 Switched Tunnels

• •

HSRP & GLBP for IPv6 Default Router Selection

• •

Cisco IOS Software Release 12.4(11)T Applications & Mgnt

• • • • • • •

RIPng OSPFv3 ISIS-IS & MT ISIS-IS for IPv6 EIGRP for IPv6 MPMP-BGP IPv6 Unicast MPMP-BGP IPv6 Multicast Policy Based Routing

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

• • •

Cisco VSA AAA Radius AAA (RFC 3162) PPPoA, PPPoA, PPPoE, PPPoE, RBE and ATM 1483 encapsulations DHCPv6 Prefix Delegation (RFC3633), DHCPv6 Relay Stateless DHCP (RFC 3646) Generic Prefix

Multicast

• IPv6 over MPLS (6PE) • ISATAP • NATNAT-PT (RFC 2765 & 2766) • IP over IPv6 Tunnels

Routing

Broadband Access

•

Telnet, TFTP, DNS resolver, resolver, HTTP, Ping, Traceroute, Traceroute, SSH

• •

Cisco IP & IPIP-Forwarding MIBs Netflow for IPv6

• •

SNMP over IPv6 Syslog over IPv6

Cisco Confidential

• • •

MLDv1, v2, Access Group PIMv2 SM, SSM, BiBi-Dir PIM Embedded RP

• •

IPv6 MC over IPv4 tunnels Scope Boundaries

• •

Static mRoutes BSR

IPv6 QoS (MQC) Mobile IPv6 • •

MIPv6 Home Agent Lite Authentication

51

Industry’s Broadest Platform Support

Cisco IOS 12.0S Cisco 12000 Series Routers Cisco 10720 Series

Cisco IOS 12.4/12.4T Cisco 800 Series Routers Cisco 1700 Series Routers Cisco 1800 Series Routers Cisco 2600 Series Routers Cisco 2800 Series Routers

Cisco IOS-XR CRS-1, Cisco 12000

Cisco IOS 12.2S family Cisco 72/7300 Series Routers Cisco 75/7600 Series Routers

Cisco Product Portfolio

Cisco 3700 Series Routers

Cisco 10000 Series Routers

Cisco 3800 Series Routers

Catalyst 3750/3560 Series

Cisco 7200 Series Routers

PIX Firewall (7.x), FWSM 3.1, LMS 2.5, MDS9500 series, CNR 6.2, NFC 5.x, NAM 3.x, GGSN 7.0

Catalyst 4500 Series

Cisco 7301 Series Routers

Catalyst 6500 Series

Cisco 3600 Series Routers

Cisco 7500 Series Routers Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Radar Home Networking, IP Telephony 52

High Capacity Forwarding Cisco IPv6 Solutions
Cisco CRS-1 Up to OC-768 line card 10GE and GE
Cisco 12000 series Internet Service Engine (E3 & E5) IPv6 Unicast, Multicast, ACL, QoS, 6PE,… Up tp 3.8Mpps per line card (E3) Up to 16Mpps per line card (E5)
Cisco 10000 PRE2/PRE3, Cisco 10720
Cisco 7600 and Catalyst 6500 series Supervisor Engine 720, 720-3BXL, 32W 10Mb/s to 10Gb/s support Up to 200Mpps (EANTC report) IPv6 tunneling—Configured, Automatic, 6to4 and ISATAP tunnels in hardware Hardware Based Network Analysis Module
Catalyst 3750/3560 series L3 Hardware IPv6-capable & Cisco IOS 12.2SE Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

53