Cisco IPv6 Solutions Integration & Co-Existence
Patrick Grossetete Product Management, NSSTG
[email protected]
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Agenda
Presentation_ID
IPv6 Rationales IPv6 Protocol overview General Deployment Concepts Enterprise Deployment Service Provider Deployment Appendix—For Reference Only
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
IPv6 Rationales
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
What is IPv6? Basic Perspectives The Network Manager Perspective Infrastructure focus Stable specifications, commercial implementations Cost of deployment and operation
The End-User Perspective Applications & Services focus Integration per application model IP Agnostic Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
Key Aspects Reminder IPv6 is NOT a feature. It is about the fundamental IP network layer model developed for end-to-end services and network transparency Deployments of production IPv6 infrastructures are under way, the time has come to move our focus to edge, access and usage 6Bone is phasing out, 6NET is closed,…
Today’s IPv6 deployment drivers do not rely on uncovering the “future killer application” anymore, they focus instead on: Performing the same as on IPv4 but on a larger scale Operational cost savings or simpler network models when deploying applications Leading the innovation
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
Market Drivers IPv4 address pool exhaustion – 2010-2015? National IT strategy U.S. Federal – OMB memo called for IPv6 infra in June 2008 Japan, Korea,… China Next Generation Internet (CNGI) project European Commission sponsored projects Emerging countries IPv6 Task Force, ie: India, Africa,…
Microsoft Windows Vista & Longhorn releases And other O.S. or applications
Next Gen. Broadband: DOCSIS 3.0, Quad Play with HDTV,… Mobile SP – 3G/4G/WiMax, IP NGN IMS, IP/TV on Mobiles Networks in Motion Networked Sensors, ie: Cisco AIRS solution Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
IPv6 Integration – Per Application Model Today, all O.S. are Dual-Stack
As soon as the infrastructure is IPv6 capable…IPv6 integration can follow a non-disruptive “per application” model
New Generation of Internet Appliances Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
Advanced Incident Response System Building is a “Smart Building” wired with IPv6 sensors – accessed by IPR commander Emergency Site
IRP connected to cloud via mobile PAN router
Biometric Sensor Data
Mobile Command Post MIPv6
Hastily Formed Network WiMAX/WiFi/3G/Satellite
Environmental Sensor Data (Modular)
IRP Commander can monitor IRP while deployed, in real time
IRP Monitoring Dashboard
Multiple WLAN clouds deployed running native IPv6
IRP
IRP are MIPv6 user connected back to IRP network via HA
Sensor nodes are Local Fixed Nodes (LFN) attached to PAN Mobile router with NEMO
8
FOSE 2007 Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
03/21/2007 8
IPv6 Protocol overview
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
IPv4 & IPv6 Header Comparison IPv4 Header Version
IHL
Type of Service
Identification
IPv6 Header
Total Length
Flags
Version
Traffic Class
Fragment Offset Payload Length
Time to Live
Protocol
Flow Label
Next Header Hop Limit
Header Checksum
Source Address
Source Address
Destination Address
Legend
Options
Padding
- field’s name kept from IPv4 to IPv6
Destination Address
- fields not kept in IPv6 - Name & position changed in IPv6 - New field in IPv6
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
IPv6 Packet Structure – RFC 2460 IPv6 Header Next Header = 6 (TCP)
TCP header & payload
IPv6 Header Next Header = 43 (Routing)
Routing Header Next Header = 6 (TCP)
IPv6 Header Next Header = 43 (Routing)
Routing Header Next Header = 51 (AH)
TCP header & payload
Authentication Header
Next Header = 6 (TCP)
TCP header & payload
• IPv6 hardware forwarding must be able to parse all fields to read about option headers and L4 details for packet filtering and monitoring • Ref. http://www.cisco.com/en/US/products/ps6553/products_white_paper0900aecd8054d37d.shtml Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
Address Allocation /32 2001
/48
0DB8
/64 Interface ID
ISP prefix Site prefix LAN prefix The allocation process is defined by the 5 Registries: IANA allocates 2000::/3 as Global Unicast [RFC 4291] Registries get ::/12 prefix(es) from IANA [formerly /23] under new policy http://www.icann.org/announcements/announcement-12oct06.htm Registry allocates a /32 prefix [formerly /35] to IPv6 ISP and others Then policies recommend that the ISP allocates a /48 prefix to each customer (or potentially /64) http://www.ripe.net/ripe/docs/ipv6policy.html http://www.icann.org/announcements/ipv6-report-06sep05.htm New Policy to assign PI and IX prefixes as /48 Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
How to get an IPv6 Address? How to get address space? Real IPv6 address space now allocated by AFNIC, APNIC, ARIN, LACNIC and RIPE to ISP IPv6 IX
6Bone
3FFE::/16 – Phased out on 06/06
6to4 tunnels
2002::/16
Enterprises get their IPv6 address space from: Registry if able to justify /32 Their ISP who allocates /48 Provider Independent – /48 (in 03/07, only available ARIN, APNIC) ULA – private address
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
IPv6 Technology Scope IP Service
IPv4 Solution
IPv6 Solution
Addressing Range
32-bit, Network Address Translation
128-bit, Multiple Scopes
Autoconfiguration
DHCP
Serverless Serverless,, Reconfiguration Reconfiguration,, DHCP
Security
IPSec
IPSec Mandated, works End-to-End
Mobility
Mobile IP
Mobile IP with Direct Routing
Quality-of-Service
Differentiated Service, Integrated Service
Differentiated Service, Integrated Service
IP Multicast
IGMP/PIM/Multicast BGP
MLD/PIM/Multicast BGP, Scope Identifier
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Introducing Local Network Protection for IPv6 DHCPv6 Prefix Delegation IPv6 Global & ULA address space
Internet
Access Si
Si
Explicit Context Based Access Control
IPv4 Network Address Translation (NAT) is widely deployed and its success is due to the fact that today’s Internet is primarily running Client/Server applications. No reason to treat NAT as evil, better to analyze “Market’s perceived benefits of IPv4 NAT”, then educate how similar benefits can be achieved with IPv6 Topology hiding, addressing autonomy, simple security,…
Local Network Protection for IPv6 A set of IPv6 techniques that may be combined on an IPv6 site to simplify and protect the integrity of its network architecture, without the need for Address Translation http://www.ietf.org/internet-drafts/draft-ietf-v6ops-nap-06.txt Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
General Deployment Concepts
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
IPv6 – Planning Steps 2005
2006
2007
2008
Q Q Q Q 1 2 3 4
Q Q Q Q 1 2 3 4
2009
201x
Q Q Q Q Q Q Q Q 1 2 3 4 1 2 3 4
Identifying the business case Network Assessment Cost Analysis Training Address planning Testing Deploying
Production
How long is needed for each phase of an IPv6 deployment project? Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Information Information Services Services
Operations and and Training Training Operations
Server Server to to Client Client
Campus Campus
Enterprise Enterprise WAN WAN
Multimedia Multimedia
Peer Peer to to Peer Peer
(Video (Video Conf) Conf)
(ie: (ie: Instant Instant Messenger) Messenger)
Provider Provider Edge Edge
Provider Provider Core Core
Broadband Broadband Networks Networks
Integration Integration & & Co-Existence Co-Existence IPv6 IPv6 over over IPv4 IPv4 Tunnels Tunnels (Configured, (Configured, 6to4, 6to4, ISATAP, ISATAP, GRE) GRE)
Native Native IPv4 IPv4 & & IPv6 IPv6 Cisco Cisco IOS IOS is is Multi-Protocol Multi-Protocol Since Since Day Day 1 1
IPv6 IPv6 over over MPLS MPLS ((AToM, AToM, 6PE/6VPE 6PE/6VPE))
IPv6 IPv6 Services Services – – The The Cisco Cisco IOS IOS Emphasis Emphasis QoS QoS
Mobility Mobility
Multicast Multicast
Security Security
Instrumentation Instrumentation
IPv4-IPv6 IPv4-IPv6 Translation Translation
P rr oo vv ii ss ii oo nn ii nn gg & &M M oo nn ii tt oo rr ii nn gg P
The Scope of IPv6 Deployment
IPv6 IPv6 Forwarding Forwarding & & Routing Routing protocols protocols (RIPng, (RIPng, EIGRP, EIGRP, OSPFv3, OSPFv3, IS-ISv6, IS-ISv6, MP-BGP4) MP-BGP4) Frame Relay Presentation_ID
PPP HDLC
© 2006 Cisco Systems, Inc. All rights reserved.
POSIP Cisco Confidential
ATM
FE GE, 10GE
Wireless
xDSL Cable, FTTH 18
Network Assessment A key and mandatory step to evaluate the impact of IPv6 integration May be split in several phases Infrastructure – networking devices Hosts, Servers and applications
Must be as complete as possible to allow upgrade costs evaluation and planning Hardware type, memory size, interfaces, CPU load,… Software version, features enabled, license type,…
Difficult to complete if a set of features is not defined per device’s category for a specific environment IPv6-capable definition, knowledge of the environment and applications, design goals Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
Cost Estimate of upgrading Network Devices Hardware
Software
Minimal Operation
Cost
Full replacement
Full upgrade
Local intervention
Very high
Limited upgrade; for instance, memory size, line card, supervisor engine
Full upgrade
Local intervention
High to Medium
No change
Full upgrade
Local or remote intervention
Medium to minimal, depending on the need to purchase an upgraded license
No change
No change, Configuration only
Local or remote intervention
Minimal
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
IPv6 Addressing Considerations Understand the IPv6 addressing model Several IETF related documents (RFC 4291 (3513), 3041, 3056, 3879, 4007, 4193, 4214…) IANA and Registries policies and prefix allocation rules http://www.arin.net/policy/nrpm.html#ipv6 Internal rules Develop an addressing plan Leverage hierarchical addressing system within network, for route aggregation and consolidation at the core Address are assigned to interfaces as on IPv4, but interfaces expected to have multiple addresses Address type, scope and lifetime Unicast, Anycast, Multicast Valid and preferred lifetime – RFC 4192 on Renumbering Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
Education It is a very important aspect of planning. Knowledgeable staff would make better decisions in planning the deployment. The sooner it is initiated the less expensive and more valuable it is. Many education options: Formalized training used to train-the-trainer. Global resources IPv6 Forum (http://www.ipv6forum.com) IPv6 Task Force (http://www.ipv6tf.org) 6DISS (http://www.6diss.org) & 6NET (http://www.6net.org) Cisco resources – www.cisco.com/ipv6 Partner e-Learning Connection: http://www.cisco.com/warp/public/10/wwtraining/pec/peclogin.html Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
22
Enterprise Deployment
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
23
Deployment Scenario for Enterprises
WAN
Campus
Presentation_ID
Environment
Scenario
Cisco IOS support
IPv6 services available from ISP
Dual Stack
Yes
Dedicated Data Link layers, eg. LL, ATM & FR PVC, dWDM Lambda No IPv6 services from ISP or experimentation – few sites No IPv6 services from ISP or experimentation – many sites, any to any communication
Dual Stack
Yes
Configured Tunnels
Yes
6to4
Yes
L3 infrastructure – IPv6 capable
Dual Stack
Yes
L3 infrastructure – not IPv6 capable, or sparse IPv6 hosts population
ISATAP
Yes
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24
Campus IPv6 Deployment Options Dual-stack IPv4/IPv6 IPv6/IPv4 Dual Stack Requires switching/routing platforms to support hardware based forwarding for IPv4 and IPv6
Access Layer
v6Enabled
Requires robust control plane for both IPv4 and IPv6
v6Enabled
Distribution Layer
Core Layer
Dual Stack
v6-Enabled
Dual Stack
IPv4 and IPv6 control planes and data planes must not impact each other (See RST-3301)
L2/L3
Dual Stack
Variety of routing protocols—The same ones in use today with IPv4
Requires support for IPv6 multicast, QoS, infrastructure security, etc…
Dual Stack
IPv6 management— Telnet/SSH/HTTP/SNMP
Dual Stack
IPv6 is transparent on L2 switches except for multicast - MLD snooping
v6-Enabled
Aggregation Layer (DC) Access Layer (DC)
IPv6 Server
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
25
Campus IPv6 Deployment Options Hybrid Model Hybrid Model Offers IPv6 connectivity via multiple options Dual-stack Configured tunnels – L3-to-L3 ISATAP – Host-to-L3
Access Layer
May require tunneling to less-thanoptimal layers (i.e. Core layer) ISATAP creates a flat network (all hosts on same tunnel are peers)
v6-Enabled
ISATAP does not support IPv6 Multicast Configured tunnels do support IPv6 Multicast Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Dual Stack
Provides basic HA of ISATAP tunnels via old Anycast-RP idea
v6Enabled
Dual Stack
Create tunnels per VLAN/subnet to keep same segregation as existing design (not clean today)
Not v6Enabled
Configured Tunnel
Offers natural progression to full dualstack design
ISATAP Tunnel
Leverages existing network
L2/L3 v6Enabled
Not v6Enabled
v6-Enabled
Distribution Layer
Core Layer
Aggregation Layer (DC) Access Layer (DC)
Dual-stack Server
26
Campus IPv6 Deployment Options IPv6 Service Block – An Interim Approach Red VLAN
Blue VLAN
IPv6 Service Block Distribution Layer
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Dedicated FW
Core Layer
IOS FW
Agg Layer
2
1
Secondary ISATAP Tunnel
Presentation_ID
ISATAP
Access Layer
Primary ISATAP Tunnel Equal-cost Configured Tunnel (Mesh)
IPv4-only Campus Block
Internet
Provides ability to rapidly deploy IPv6 services without touching existing network Provides tight control of where IPv6 is deployed and where the traffic flows (maintain separation of groups/locations) Provides basic HA of ISATAP ISATAP tunnels from PCs in Access layer to service Block switches In this example configured tunnels are used from Data Center to Service Block Dependency on ISATAP alienates IPv6 multicast applications 1) Leverage existing ISP block for both IPv4 and IPv6 access 2) Use dedicated ISP connection just for IPv6 – Can use IOS FW or PIX/ASA appliance
WAN/ISP Block Data Center Block 27
IPv6 on a Campus – ISATAP Tunnels IPv6 Prefix ::/64
Native IPv6
0000:5EFE:
IPv4 Addr.
32-bit 32-bit Interface ID
IPv6 in IPv4 ISATAP ISATAP router IPv4 + IPv6 ISATAP
IPv6 Internet/Intranet Cisco IOS 12.3M/T 12.2S Cat.6500
IPv6 Data Center
Dual-Stack Host
Network
Dual-Stack Host
• Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) – IETF Draft – Automatic Tunnels created dynamically based on embedded IPv4 addresses – IPv6 Unicast only • Primarily intended for communication between [sparse] IPv6 hosts within a site with no native IPv6 infrastructure but an ISATAP router • IPv6 hosts connect to virtual IPv6 link – that may spread several IPv4 subnets – to directly communicate between each others. • IPv6 hosts reach the IPv6 Internet through an ISATAP router Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
28
IPv6 Data Center Integration Layers Core
Aggregation
Design will be similar to Campus based on feature, platform and connectivity similarities IPv6 for SAN is supported in SAN-OS 3.0
Access
Edge
Core
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Major issue in DC with IPv6 today – NIC Teaming (completely missing in NIC/Server vendor implementations) Watch status of IPv6 support from App, Grid, DB vendors (don’t assume) Check status of appliances/modules
29
IPv6 Enabled Branch Take Your Pick – Mix-and-Match Branch Single Tier
Branch Dual Tier
Branch Multi-Tier
HQ
HQ
HQ Internet
Internet
MPLS
Frame
Internet
Dual-Stack IPSec VPN (IPv4/IPv6) IOS Firewall (IPv4/IPv6) Integrated Switch (MLD-snooping) Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Dual-Stack IPSec VPN or Frame Relay IOS Firewall (IPv4/IPv6) Switches (MLD-snooping) Cisco Confidential
Dual-Stack IPSec VPN or MPLS (6PE/6VPE) Firewall (IPv4/IPv6) Switches (MLD-snooping) 30
Cisco VPN Client in IPv6 environment Tunnel(s) Remote User
IPv4 IPSec Termination (PIX/ASA/IOS VPN/ Concentrator)
IPv6 Traffic IPv4 Traffic IPv4 Link
Internet
IPv6 Tunnel Termination
IPv6 Link
Corporate Network Firewall
IPsec VPN IPv6-in-IPv4 Tunnel
Dual-Stack server
Requirement Cisco IOS release with either Configured or ISATAP tunnels Cisco VPN Client 4.x Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
31
Cisco IPv6 Security Solutions IPv6 Firewall
IPv6 IPSec HW Encryption
• IOS Firewall 12.3T, 12.4, 12.4T • PIX 7.x • ASA 5500 series • FWSM 3.x
• 7200 VAM2+ SPA • ISR AIM VPN • next gen. 5G IPsec VPN SPA
IPsec – Secure Connectivity
Packet filtering – Threat protection
• IPv6 over IPv4 IPsec tunnels • IPv4 dynamic IPSec to protect IPv6 over IPv4 tunnels with dynamic IPv4 end point • IPv6 IPSec Authentication for OSPFv3 • IPv6 IPsec Tunnel Router-to-Router
• Standard, reflexive, extended access control list • Enhanced extended ACL – filtering on Routing Type • Hardware e-ACL filtering capabilities (CRS-1, C12K, C7600, C6500,…) including parsing option headers
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
32
Looking at IPv6 Network Management
Network Management evolution needs to be integrated in the IPv6 deployment strategy In a dual-stack network, both IPv4 and IPv6 environments must be managed with the best optimization to decrease the cost of operations
3 areas to consider Instrumentation (MIBs, Netflow record, IP SLA,…) New IP MIBs, RFC 4001 compliancy Network Protocol (SNMP, TFTP, Syslog, Telnet, SSH,…over IPv6) NMS & Applications for IPv6 DNS/DHCP server (CNR 6.2), Netflow Collector 5.x, Ciscoworks LMS 2.5 (Topology, User Tracking,…)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
33
Cisco IT IPv6 Deployment Development Labs Network Monitoring Host
Lab
DMZ Tunnel Router
Lab
Cisco SJC Internal Net
Cisco Global Network
Cisco SJC DMZ IPv4 Firewall
Lab Address Management & DNS
Presentation_ID
IPv4 Internet
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
IPv6 Firewall & Tunnel Termination Router (incl. ISATAP)
DMZ Lab IPv4 Internet Access Router DMZ Development Lab
IPv6 Internet
34
ISP Deployment
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
35
IPv6 Deployment Scenario for ISP Scenario
Cisco IOS support
Tunnels
Yes
Dual Stack
Yes
Dedicated circuits – IPv4 – IPv6
Dual Stack
Yes
Native IP – Core is IPv6 aware
Dual Stack
Yes
MPLS – Core is IPv6 unaware
6PE/6VPE
Yes
Environment
Access
Core
Presentation_ID
Few customers, no native IPv6 service form the PoP or Data link is not (yet) native IPv6 capable, ie: Cable Docsis Native IPv4-IPv6 services between aggregation and endusers
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
36
Dual Stack IPv4-IPv6 Enterprise DualDual-Stack or Dedicated L2 circuits 6to4 Relay Courtesy Service Aggregation
DSL, DSL, Cable FTTH
Dual-Stack Core IPv6 Broadband Users
IPv6 IX Peering IPv6 Transit services IPv6 enables on Core Routers
802.11 Hot-Spot
IPv6 services to Enterprise customers IPv6 services to Home Users
Peering ISP’s
Additional Services 6to4 relay courtesy service
IPv6 IX
IPv6 Multicast for streaming (Triple Play) Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
37
IPv6 over MPLS Infrastructure Service Providers have already deployed MPLS in their IPv4 backbone for various reasons MPLS/VPN, MPLS/QoS, MPLS/TE, ATM + IP switching
Several IPv6 over MPLS scenarios IPv6 Tunnels configured on CE (no impact on MPLS) IPv6 over Circuit_over_MPLS (no impact on IPv6) IPv6 Provider Edge Router (6PE) over MPLS & IPv6 VPN over MPLS (6VPE) with no impact on MPLS core Native IPv6 MPLS (require full network upgrade) Upgrading software to IPv6 Provider Edge Router (6PE) Low cost and risk as only the required Edge routers are upgraded or installed Allows IPv6 Prefix delegation by ISP Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
38
Minimum Infrastructure Upgrade for 6PE DSL
POP
6PE router
v6
6PE router
MP-iBGP session
CE v4/v6
POP
v4 MPLS Core up to OC-192
Data Center IPv6 Network Only IPv6 segment
FTTH GE
NAT-PT GE IPv4 Server
GE
MPLS/IPv4
GE
Cisco 7600 Sup.720 as 6PE
•6PE – RFC 4798 – defined by Cisco and available from IOS •MPLS/IPv4 Core Infrastructure is IPv6-unaware • PEs are updated to support Dual Stack/6PE • IPv6 reachability exchanged among 6PEs via iBGP (MP-BGP) • IPv6 packets transported from 6PE to 6PE inside MPLS
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
IPv6 Server
39
IPv6 Integration on MPLS VPN infrastructure Dual-stack ipv4 addresses: 10.100/16 ipv6 addresses: 2001:100::/64
Dual-stack network
Address-family IPv4 Address-family IPv6
P1
Site-1 2001:101::/64 10.101/16
vrf
CE1
P2
PE1
Dual-stack network
PE2
MP-eBGP session Address-family IPv4 Address-family IPv6
2001:201::/64 10.201/16
MP-iBGP session
MP-eBGP session
Address-family VPNv4 Address-family VPNv6
Address-family IPv4 Address-family IPv6
MPLS/IPv4 Core Infrastructure is IPv6-unaware
PEs are updated to support Dual Stack/6VPE
IPv6 VPN can co-exist with IPv4 VPN – same scope and policies 6VPE – RFC 4659 – Cisco authored for IPv6 VPN over MPLS/IPv4 infrastructure
Site-2
VRF red
iGP-v4 (OSPF, ISIS) LDP-v4
VRF red
CE2
Dual stack server
vrf definition site1 rd 100:1 route-target import 100:1 route-target export 100:1 address-family ipv4 address-family ipv6 ! interface ethernet0/0 vrf forwarding site1 ip address 10.100.1.2 255.255.0.0 ipv6 address 2001:100::72b/64
Cisco IOS 12.2(33)SRB on 7600, IOS-XR 3.5 on C12000 Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
40
Cisco IOS IPv6 Broadband Access Solutions Layer 2 Encapsulation(s) IPv4/IPv6 Firewall PIX, IOS FW
PSTN
Dial
ISP A
NAS Internet DSL DSLAM
DOCSIS 3.0 proposal
Cable
BAS
Enterprise
Head-end
Distributed Computing (GRID) Access
Ethernet
IPv6 Prefix Pools IPv6 Radius (Cisco VSA and RFC 3162) DHCPv6 Prefix Delegation Stateless DHCPv6 DHCPv6 Relay Generic Prefix
802.11
Mobile
RAN
ATM RFC 1483 Routed or Bridged (RBE) PPP, PPPoA, PPPoE, Tunnel (Cable) Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Dual-Stack or MPLS (6PE) Core
Cisco Confidential
Video IPv6 Multicast
IPv4/IPv6 41
Prefix/Options Assignment Host
CPE
PE ISP ISP provisioning system
(3) RADIUS responds with user’s prefix(es)
DHCP Client DHCP Server (1) CPE sends DHCP solicit with ORO = PD (2) PE sends RADIUS request for the user (4) PE sends DHCP REPLY with Prefix Delegation options (5) CPE configures addresses from the prefix on its downstream interfaces, and sends an RA. O-bit is set to on
(7) CPE sends a DHCP REPLY containing request options
AAA Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
DHCP Cisco Confidential
(6) Host configures addresses based on the prefixes received in the RA. As the O-bit is on, it sends a DHCP INFORMATION-REQUEST message, with an ORO = DNS
ND/DHCP 42
Summary Markets Perspective IPv6 enables innovation, scalability and simplicity Software Developer Perspective Applications must be “IP agnostic” Network Manager Perspective Infrastructure must be deliver IPv6 up to the edge/access layer The End-User Perspective IP version needs to be transparent
Ensure an orderly and secured transition using Cisco IPv6 Solutions Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
43
Q and A
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
44
More Information CCO IPv6 - http://www.cisco.com/ipv6 Cisco IPv6 Solutions http://www.cisco.com/en/US/tech/tk872/technologies_white_paper09186a0 0802219bc.shtml IPv6 Application Notes http://www.cisco.com/warp/public/732/Tech/ipv6/ipv6_techdoc.shtml Cisco IOS IPv6 manuals http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/i pv6_vcg.htm
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
45
Retrouvez chaque mois l’actualité Cisco sur CiscoMag, la newsletter de Cisco France Abonnement : www.cisco.fr/go/ciscomag
Séminaire solutions : Le réseau de Campus Jeudi 24 mai 2007 en matinée à l’Institut Océanographique - Paris
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
46
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
47
Cisco Press Books
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
48
www.cisco.com/ipv6 Scaling the Internet for our Next Generations 6NET, 6DISS, u-2010 projects IPv6 Forum Cisco as a founding member
IETF IPng WG Cisco IOS E-Japan IPv6 initiative 6Bone prototype creation on CCO for Cisco IPv6 customers Statement of Direction
’94-96
’98-99
2000
IPv6 HW FW on CRS-1 & C6500/C7600 sup720
US DoD memo C12K IPv6 HW FW on E3
2001
US Federal Infrastructure Build out
US DoC RFI
Cisco IOS IPv6 Phase 1 on 12.2(2)T & C12K 12.0S
2003
2004
US OMB memo C12K E5, SANos 3.0, PIX 7.0, C3K
2005
6Bone phasedout C10K GGSN 7.0
2006
Microsoft Windows Vista & Longhorn DOCSIS 3.0 6VPE Solution, C4K HW, Advanced Technologies IPv6
2007-09
Cisco Leadership: IETF IPv6, NGtrans, DHCP, MIPv6, v6Ops co-chairs Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
49
Cisco IOS IPv6 Status Positioning General Production Core
Cisco IOS Release 12.3M – 12.4M
Technology development
May 2003 – May 2005
12.0S on 12000, 10720
Feb 2002
IOS-XR on CRS-1
May 2004
12.2S Family
Feb 2003
Edge & Enterprise Infrastructure L3 switches
First FCS Date
12.2S-based Family
C7304/10K 12.2SB, C7600/7200 12.2SR C6500 12.2SX, C4500 12.2SG, C3750/3560 12.2SE
12.3T – 12.4T
Aug 2003 – June 2005
Note – as well as 12.2S
IPv6 Start Here documents the IPv6 feature set per Cisco IOS releases www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/ftipv6s.htm Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
50
Cisco IOS – IPv6 Feature Overview Core
Security • •
•
IPv6 std, extended, reflexive& enhanced extended ACL IPv6 IPsec – OSPFv3 authentication, sitesite-toto-site tunnel IPv6 Firewall
Integration • Configured & Automatic Tunnels (RFC 2893) • 6to4 (RFC 3056 & 3068) • IPv6 over GRE/IPv4 (Pr. SW)
• •
IPv6 (RFC 2460) ICMPv6 (RFC 2463)
• •
Neighbor Discovery (RFC 2461) Stateless AutoAuto-Configuration
• •
Anycast CEFv6/dCEFv6
•
• •
uRPF Strict Mode CEFv6 Switched Tunnels
• •
HSRP & GLBP for IPv6 Default Router Selection
• •
Cisco IOS Software Release 12.4(11)T Applications & Mgnt
• • • • • • •
RIPng OSPFv3 ISIS-IS & MT ISIS-IS for IPv6 EIGRP for IPv6 MPMP-BGP IPv6 Unicast MPMP-BGP IPv6 Multicast Policy Based Routing
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
• • •
Cisco VSA AAA Radius AAA (RFC 3162) PPPoA, PPPoA, PPPoE, PPPoE, RBE and ATM 1483 encapsulations DHCPv6 Prefix Delegation (RFC3633), DHCPv6 Relay Stateless DHCP (RFC 3646) Generic Prefix
Multicast
• IPv6 over MPLS (6PE) • ISATAP • NATNAT-PT (RFC 2765 & 2766) • IP over IPv6 Tunnels
Routing
Broadband Access
•
Telnet, TFTP, DNS resolver, resolver, HTTP, Ping, Traceroute, Traceroute, SSH
• •
Cisco IP & IPIP-Forwarding MIBs Netflow for IPv6
• •
SNMP over IPv6 Syslog over IPv6
Cisco Confidential
• • •
MLDv1, v2, Access Group PIMv2 SM, SSM, BiBi-Dir PIM Embedded RP
• •
IPv6 MC over IPv4 tunnels Scope Boundaries
• •
Static mRoutes BSR
IPv6 QoS (MQC) Mobile IPv6 • •
MIPv6 Home Agent Lite Authentication
51
Industry’s Broadest Platform Support
Cisco IOS 12.0S Cisco 12000 Series Routers Cisco 10720 Series
Cisco IOS 12.4/12.4T Cisco 800 Series Routers Cisco 1700 Series Routers Cisco 1800 Series Routers Cisco 2600 Series Routers Cisco 2800 Series Routers
Cisco IOS-XR CRS-1, Cisco 12000
Cisco IOS 12.2S family Cisco 72/7300 Series Routers Cisco 75/7600 Series Routers
Cisco Product Portfolio
Cisco 3700 Series Routers
Cisco 10000 Series Routers
Cisco 3800 Series Routers
Catalyst 3750/3560 Series
Cisco 7200 Series Routers
PIX Firewall (7.x), FWSM 3.1, LMS 2.5, MDS9500 series, CNR 6.2, NFC 5.x, NAM 3.x, GGSN 7.0
Catalyst 4500 Series
Cisco 7301 Series Routers
Catalyst 6500 Series
Cisco 3600 Series Routers
Cisco 7500 Series Routers Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Radar Home Networking, IP Telephony 52
High Capacity Forwarding Cisco IPv6 Solutions Cisco CRS-1 Up to OC-768 line card 10GE and GE Cisco 12000 series Internet Service Engine (E3 & E5) IPv6 Unicast, Multicast, ACL, QoS, 6PE,… Up tp 3.8Mpps per line card (E3) Up to 16Mpps per line card (E5) Cisco 10000 PRE2/PRE3, Cisco 10720 Cisco 7600 and Catalyst 6500 series Supervisor Engine 720, 720-3BXL, 32W 10Mb/s to 10Gb/s support Up to 200Mpps (EANTC report) IPv6 tunneling—Configured, Automatic, 6to4 and ISATAP tunnels in hardware Hardware Based Network Analysis Module Catalyst 3750/3560 series L3 Hardware IPv6-capable & Cisco IOS 12.2SE Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
53