IPv6 Deploymentpalo/Rozne/cisco-expo... · 6VPE Deployment 1. IPv6 VPN can coexist with IPv4...
Transcript of IPv6 Deploymentpalo/Rozne/cisco-expo... · 6VPE Deployment 1. IPv6 VPN can coexist with IPv4...
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
IPv6 Deployment
Stefan KollarConsulting System Engineer, CCIE #10668 [email protected]
2© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Agenda1. IPv6 motivations and activities2. SP Architecture
Pure IP NetworksMPLS networks
3. Enterprise Architecture4. Address Allocation5. Transition Technologies
3© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
National IPv6 StrategiesNational IPv6 Strategies� Compliance: U.S. Federal Mandate, IPv6 task force� Next Generation Internet (CNGI) project in Chinaand Japan
IPv6IPv6
IPv6 Market Drivers
IPv4 Address space completionIPv4 Address space completion� Slow down of Internet Technologies � Limiting expansionof enterprise into emerging markets
Infrastructure EvolutionInfrastructure Evolution
� Next generation Network architecture require IPv6� DOCSIS 3.0,Quad Play� Mobile SP � Networked Sensors, i.e.: AIRS
IPv6 in Client SoftwareIPv6 in Client Software
� IPv6 “on” and “preferred”by default in Vista� Microsoft OneCare� Apple's “Back to My Mac”� v6 over v4 OTT tunnel providers � ipv6.google.com
4© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Address Completion / Exhaustion
1. Short-term thinking, decisions, & purchases will quickly be obsoleted
free pool of large IPv4 /8 blocks will expire sometime in 2011/2012 timeframe
Consumption of addresses• More users• More devices per user
Get daily updated estimates at: potaroo.net (Picture as of Nov 12, 2009)
http://www.potaroo.net/tools/ipv4/
5© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Subscriber Connection GrowthBroadband: Worldwide penetration & growth
Source: Point-Topic, 2009
Source: DellOro Group, Jan 09
Broadband: Net subscriber addsby access type
6© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Subscriber Connection Growth
India: Mobile Internet active users to surpass traditional Internet users…
China: 120 million access the Internet via mobile phones ...
Developed Countries
Emerging Countries
Wireline Mobile Wireline MobileSubscriber connections Localized Yes Localized Yes
Where does IPv4 Exhaustion Matter First?
Smartphones a key driver for additional IPv4 addressesPredicted CAGR: 18%-21%*17.4% of all mobile device shipments in 2009**
* Source: http://www.mobile-tech-today.com/story.xhtml?story_id=65091** Source: http://www.ciol.com/Biz-Watch/News-Reports/Smartphones-ring-in-healthy-growth-in-2009/5309116823/0/
7© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IETF IPv6 Standards1.Core IPv6 specifications are stable and well tested IETF Draft Standards
IPv6 Addressing Architecture, ICMPv6, Neighbor Discovery, Stateless Auto-configuration, IPv6 over “Data Link Layers”, DNS Record, Routing Protocols, Tunneling, MIB’s, Header Compression, MLD, etc.2.2007: IPv6 WG now closed – replaced by 6MAN (Maintenance) WG3.IPv6 Transition, then now Operations focused Working Groups
NGTrans WG (closed), v6ops (active),6MAN (bug fixing)4.Many other Working Groups working on IPv6 features
16ng, 6LoWPAN, DHC, DNSext, Mobility eXtension (MEXT), Routing, Shim6, Softwire,…
8© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Number of Documents at Various StatusDocuments about IPv4/IPv6
1. 7 Document Statuses2. Standards
Best Current Practice (146)Proposed Standard (1450)Draft Standard (91)Full Standard (77)
3. NonstandardsHistoric/Obsolete/Just Plain Old (1724)Informational (1510)Experimental (255)
IETF Status IPv4 IPv6Informational 933 374Experimental 151 59Best Current Practice 86 34
Proposed Standard 772 407
Draft Standard 48 17Full Standard 48 5
9© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
General Areas IETF Is Working on IPv6
• Cross-Registry Information Service
• Addressing• Dynamic Host
Configuration• Autoconfiguration• IP over Various
Technologies• Mobility• Multihoming• IPv6 Maintenance• IPv6 Operations
• Cross-Registry Information Service
• Addressing• Dynamic Host
Configuration• Autoconfiguration• IP over Various
Technologies• Mobility• Multihoming• IPv6 Maintenance• IPv6 Operations
• Translation-Based Transition Technologies• IPv4/IPv6 NAT• IPv6/IPv6 NAT
• Tunnel-Based Transition Technologies
• Source Address Validation• Routing
• Especially Mobile Ad-Hoc Routing
• Also Global Routing Operations
• Sensor Networks
• Translation-Based Transition Technologies• IPv4/IPv6 NAT• IPv6/IPv6 NAT
• Tunnel-Based Transition Technologies
• Source Address Validation• Routing
• Especially Mobile Ad-Hoc Routing
• Also Global Routing Operations
• Sensor Networks
10© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
The Goal…1.In general, the goal is to “Continue the growth of the Internet”:
• For some, that means “retain simplicity by extending addressing to more prefixes and more machines.”
• For others, that means “retain the infrastructure I am familiar with and have invested heavily in.”
2.For IETF, the goal is:
1.That implies:• Deploy IPv6 for more addresses.• IPv4/IPv6 coexistence is required for a turn-up period.• At some point, IPv4 is no longer needed.• At that point, turn IPv4 off.
Continue the Growth of the Internet with maximized application options and minimized long-term operational and capital cost.Continue the Growth of the Internet with maximized application options and minimized long-term operational and capital cost.
11© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Pure IP Networks
12© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Service ProviderIPv4 Backbone
Tunnelling IPv6 In IPv41. Tunnelling Options
Manual Tunnels (RFC 2893)GRE Tunnels (RFC 2473)L2TPv3
2. ISP scenarioConfigured Tunnels in Core Configured Tunnels or Native IPv6 to IPv6 Enterprise’s CustomersConnection to an IPv6 IX
IPv6 over IPv4Tunnels
IPv6 Site A
IPv6 Site B
IPv6 SP
IPv6 IX
Use the Most Appropriate
U N I V E R S I T YU N I V E R S I T Y
13© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Dual-Stack IPv4-IPv6
1. IPv6 transit services2. IPv6 enabled on Core routers3. Enterprise and consumer IPv6 access4. Additional services
IPv6 multicast for streaming
802.11 Hot-Spot
Dual-Stack CoreIPv6 Broadband Users
DSL, CableFTTH
Aggregation
6to4 RelayCourtesy Service
EnterpriseDual-Stack orDedicated L2 Circuits
14© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
MPLS Networks
15© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPv6 Over MPLS1. Many service providers have already deployed MPLS
in their IPv4 backbone for various reasons2. MPLS can be used to facilitate IPv6 integration3. Multiple approaches for IPv6 over MPLS:
IPv6 over L2TPv3IPv6 over EoMPLS/AToMIPv6 CE-to-CE IPv6 over IPv4 TunnelsIPv6 Provider Edge Router (6PE) over MPLSIPv6 VPN Provider Edge (6VPE) over MPLSNative IPv6 over MPLS
16© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
P
P
P
Pv6
IPv4MPLSv4
v6
v4
v4
v6
v6
CE
CE
6PE
6PE 6PE
6PE
192.254.10.0
2001:0421::
2001:0420::
192.76.10.0
145.95.0.0
2001:0621::
2001:0620::
Dual-Stack IPv4-IPv6 RoutersDual-Stack IPv4-IPv6 Routers
CE
IPv6 Provider Edge Router (6PE) Over MPLS
1. IPv4 or MPLS core infrastructure is IPv6-unaware2. PEs are updated to support dual stack/6PE 3. IPv6 reachability exchanged among 6PEs via iBGP (MBGP)4. IPv6 packets transported from 6PE to 6PE inside MPLS
iBGP (MBGP) Sessions
17© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
6PE-1
6PE Routing/Label Distribution
6PE-2P1 P2
2001:F00D::2001:DB8::
200.10.10.1
200.11.11.1
IGPv4 Advertises Reachability of 200.10.10.1
IGPv6 or MP-BGP Advertising 2001:F00D::
IGP or MP-BGP Advertising 2001:F00D::
6PE-2 Sends MP-iBGP Advertisement to 6PE-1 Which Says:2001:F00D:: Is Reachable Via BGP Next Hop = 200.10.10.1 (6PE-2)Bind BGP Label to 2001:F00D:: (*)IPv6 Next Hop Is an IPv4 Mapped IPv6 Address Built from 200.10.10.1
LDPv4 Binds Label to 200.10.10.1
LDPv4 Binds Label to 200.10.10.1
LDPv4 Binds Implicit-Null (i.e.
Pop) to 200.10.10.16PE-1#show ipv6 routeB 2001:F00D::/64 [200/0]via ::FFFF:200.10.10.1, IPv6-mpls
6PE-1#show ipv6 cef internal #hidden command.. OUTPUT TRUNCATED .. 2001:F00D::/64,
nexthop ::FFFF:200.10.10.1fast tag rewrite with F0/1, 10.12.0.1, tags imposed {17 28}
18© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
6PE-1 Configuration
200.10.10.1 Is the Remote 6PE2001:DB8:1::1 Is the Local CE
ipv6 cef!mpls label protocol ldp!router bgp 100no synchronizationno bgp default ipv4 unicastneighbor 2001:DB8:1::1 remote-as 65014neighbor 200.10.10.1 remote-as 100neighbor 200.10.10.1 update-source Loopback0!address-family ipv6neighbor 200.10.10.1 activateneighbor 200.10.10.1 send-labelneighbor 2001:DB8:1::1 activateredistribute connectedno synchronizationexit-address-family
6PE-1
2001:DB8::
6PE-2
iBGP Session
Send Labels Along with IPv6 Prefixes by Means ofMP-BGP Note: Will Cause Session to Flap
19© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Why Cisco IOS IPv6 VPN Provider Edge (6VPE)?
1. For VPN customers, IPv6 VPN service is exactly the same as IPv4 VPN service
2. Current 6PE is “like VPN” but this is NOT VPN, i.e., global reachability
3. For ISP offering MPLS/VPN for IPv4 that wish to add IPv6 services as wellNo modification on the MPLS coreSupport both IPv4 and IPv6 VPNs concurrently on the
same interfacesConfiguration and operations of IPv6 VPNs exactly like
IPv4 VPNs
20© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
6VPE Deployment
1. IPv6 VPN can coexist with IPv4 VPN—same coverage 2. 6VPE is added only when and where the service is required3. 6VPE—An implementation of <draft-ietf-bgp-ipv6-vpn> over MPLS/IPv44. Standards work going forward—<draft-ietf-l3vpn-bgp-ipv6-xx.txt>
P
P
P
P
iBGP (MBGP) Sessions
VPN B
VPN B
VPN A
v4 and v6 VPNVPN A
v6 Only
v6 Only
v4 and v6 VPNVPN B
VPN A
v6 Only
v4 and v6 VPN
21© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
6VPE Configuration Example
Site-1 Site-2 Site-3 Site-4
PE1PE2
PPMultihop MP-iBGP
VRFfor site-1(100:1)
Site-1 routesSite-2 routes
VRFfor site-4(100:3)
Site-3 routesSite-4 routes
VRFfor site-2(100:2)
Site-1 routesSite-2 routesSite-3 routes
VRFfor site-3(100:2)
Site-2 routesSite-3 routesSite-4 routes
vrf definition SITE-3 rd 100:2address-family ipv6route-target export 100:2route-target import 100:2route-target import 100:3route-target export 100:3
!vrf definition SITE-4 rd 100:3address-family ipv6route-target export 100:3route-target import 100:3
!interface Serial4/6vrf forwarding SITE-3ipv6 address 2001:DB8:3::1/64
!interface Serial4/7vrf forwarding SITE-4ipv6 address 2001:DB8:4::1/64
22© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
router bgp 100no bgp default ipv4-unicastneighbor 6.6.6.6 remote-as 100neighbor 6.6.6.6 update-source loopback0
!address-family vpnv6neighbor 6.6.6.6 activateneighbor 6.6.6.6 send-community-extended
exit-address-family!address-family ipv6 vrf SITE-4neighbor 2001:DB8:4::2 remote-as 65504neighbor 2001:DB8:4::2 activate
exit-address-family!
address-family ipv6 vrf SITE-3neighbor 2001:DB8:3::2 remote-as 65503neighbor 2001:DB8:3:2 activate
exit-address-family
6VPE Configuration Example (Cont.)
Site-1 Site-2 Site-3 Site-4
PE1PE2
PPMultihop MP-iBGP
VRFfor site-1(100:1)
Site-1 routesSite-2 routes
VRFfor site-4(100:3)
Site-3 routesSite-4 routes
VRFfor site-2(100:2)
Site-1 routesSite-2 routesSite-3 routes
VRFfor site-3(100:2)
Site-2 routesSite-3 routesSite-4 routes
23© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Enterprise Architecture
24© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPv6 Coexistence
IPv6 Network
IPv6 Network
IPv6 Host
Configured Tunnel/MPLS (6PE/6VPE)
IPv6 Host
MPLS/IPv4
IPv4: 192.168.99.1 IPv6: 2001:db8:1::1/64IPv6/IPv4
Dual Stack
IPv6ISATAPRouter
IPv4 ISATAP Tunneling(Intra-Site Automatic Tunnel Addressing Protocol)
Configured Tunnel/MPLS (6PE/6VPE)
25© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Campus IPv6 DeploymentThree Major Options
1. Dual-stack – The way to go for obvious reasons: performance, security, QoS, Multicast and managementLayer 3 switches should support IPv6 forwarding in hardware
2. Hybrid – Dual-stack where possible, tunnels for the rest, but all leveraging the existing design/gearPro – Leverage existing gear and network design (traditional L2/L3 and
Routed Access) Con – Tunnels (especially ISATAP) cause unnatural things to be done to
infrastructure (like Core acting as Access layer) and ISATAP does not support IPv6 multicast
3. IPv6 Service Block – A new network block used for interim connectivity for IPv6 overlay networkPro – Separation, control and flexibility (still supports traditional L2/L3 and
Routed Access)Con – Cost (more gear), does not fully leverage existing design, still have to
plan for a real dual-stack deployment and ISATAP does not support IPv6 multicast
26© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Campus IPv6 Deployment OptionsDual-stack IPv4/IPv6
1. Requires switching/routing platforms to support hardware based forwarding for IPv4 and IPv6
2. IPv6 is transparent on L2 switches except for multicast -MLD snoopingIPv6 management —Telnet/SSH/HTTP/SNMPIntelligent services on WLAN
3. Requires robust control plane for both IPv4 and IPv6Variety of routing protocols—The same ones in use today with IPv4
4. Requires support for IPv6 multicast, QoS, infrastructure security, etc…
DistributionLayer
AccessLayer
CoreLayer
AggregationLayer (DC)
Dual-stackServer
L2/L3
v6-Enabled
v6-Enabled
v6-Enabled
v6-Enabled
IPv6/IPv4 Dual Stack Hosts
AccessLayer (DC)
DualStack
Dual Stack
Dual Stack
Dual Stack
Dual Stack
v6-Enabled
v6-Enabled
27© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Campus IPv6 Deployment OptionsHybrid Model
1. Offers IPv6 connectivity via multiple optionsDual-stackConfigured tunnels – L3-to-L3ISATAP – Host-to-L3
2. Leverages existing network3. Offers natural progression to full
dual-stack design4. May require tunneling to less-than-optimal
layers (i.e. Core layer)5. ISATAP creates a flat network (all hosts
on same tunnel are peers)Create tunnels per VLAN/subnet to keep same segregation as existing design (not clean today)
6. Provides basic HA of ISATAP tunnels via old Anycast-RP idea
7. ISATAP does not support IPv6 Multicast8. Configured tunnels do support IPv6
MulticastDual-stackServer
L2/L3
v6-Enabled
Not v6-Enabled
v6-Enabled
Not v6-Enabled
v6-Enabled
v6-Enabled
Hybrid Model
DistributionLayer
AccessLayer
CoreLayer
AggregationLayer (DC)
AccessLayer (DC)
Dual Stack
ISATAP TunnelDual Stack
ISATAP Tunnel
28© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Intrasite Automatic Tunnel Address Protocol
1. ISATAP is used to tunnel IPv4 within as administrative domain (asite) to create a virtual IPv6 network over a IPv4 network
2. Supported in Windows XP Pro SP1 and others
InterfaceIdentifier(64 bits)
IPv4 Address64-bit Unicast Prefix 0000:5EFE:32-bit32-bit
Use IANA’s OUI 00-00-5E-FE and Encode IPv4 Address as Part of EUI-64
29© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPv6 Campus ISATAP ConfigurationISATAP Client Configuration
C:\>netsh int ipv6 isatap set router 10.122.10.103Ok.
int lo310.122.10.103
int tu3
int lo310.122.10.103
10.120.3.101
int tu3
Tunnel adapter Automatic Tunneling Pseudo-Interface:Connection-specific DNS Suffix . :IP Address. . . . . . . . . . . . : 2001:db8:cafe:3:0:5efe:10.120.3.101IP Address. . . . . . . . . . . . : fe80::5efe:10.120.3.101%2Default Gateway . . . . . . . . . : fe80::5efe:10.122.10.103%2
interface Tunnel3ipv6 address 2001:DB8:CAFE:3::/64 eui-64no ipv6 nd suppress-raipv6 ospf 1 area 2tunnel source Loopback3tunnel mode ipv6ip isatap!interface Loopback3description Tunnel source for ISATAP-VLAN3ip address 10.122.10.103 255.255.255.255
New tunnel comes up
when failure occurs
Windows XP/Vista Host
30© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Campus IPv6 Deployment OptionsIPv6 Service Block – An Interim Approach
ISATAP
IPv6 Service Block
Internet
Dedicated FW
IOS FW
Data Center Block
VLAN 2
WAN/ISP Block
Primary ISATAP TunnelSecondary ISATAP TunnelEqual-cost Configured
Tunnel (Mesh)
IPv4-onlyCampusBlock
AggLayer
VLAN 3
2
1
AccessLayer
DistributionLayer
CoreLayer
1. Provides ability to rapidly deploy IPv6 services without touching existing network
2. Provides tight control of where IPv6 is deployed and where the traffic flows (maintain separation of groups/locations)
3. Offers the same advantages as Hybrid Model without the alteration to existing code/configurations
4. Configurations are very similar to the Hybrid Model
ISATAP tunnels from PCs in Access layer to Service Block switches (instead of core layer – Hybrid)
5. 1) Leverage existing ISP block for both IPv4 and IPv6 access
6. 2) Use dedicated ISP connection just for IPv6 – Can use IOS FW or PIX/ASA appliance
31© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
SP & Enterprise
32© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Allocation Recommendations1. IANA allocates from 2001::/16 or shorter to regional registries2. Each regional registry’s allocation is a ::/23 or shorter3. ISP allocations from the regional registry is a ::/36 (immediate allocation) or ::/32 (initial allocation) or shorter with
justification (Example: FT recently acquired a /19)4. The policy expectation is that an ISP allocates a ::/48 prefix
to each customer, longer prefixes (but shorter than /64) for home users
Site/48Site/48
ISP/32ISP/32
IANA2001::/3
APNIC::/12 to::/23
AfriNIC::/12 to::/23
ARIN::/12 to::/23
LACNIC::/12 to::/23
RIPE NCC::/12 to::/23
ISP/32
Site/48
Site/48Site/48
ISP/32ISP/32ISP/32
Site/48
Site/48Site/48
ISP/32ISP/32ISP/32
Site/48
Site/48Site/48
ISP/32ISP/32ISP/32
Site/48
Site/48Site/48
ISP/32ISP/32ISP/32
Site/48
33© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
SP IPv6 Address Allocation
1. SP own addressing schemeUsually SP get the address allocated by the local registry via IANAEurope and Middle East
RIPE NCC – http://www.ripe.net/info/nccThe block is usually /32 but exception can be made for a bigger
ISP2. SP usually assign addresses for Consumers.
There are 2 types:3. Fixed allocation:
Cable customers, DSL customers, ETTH etc4. Mobile allocation:
Mobile customers
34© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
““…recommends the assignment of /48 in the general case, /64 when it is known that one and only one subnet is needed…”
RFC3177 IAB/IESG Recommendations on IPv6 Address Allocations to Sites
IPv6 Address Allocation Guidelines
35© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Addressing Plans – ISP Infrastructure1.Address block for router loop-back interfaces
Generally number all loopbacks out of one /64/128 per loopback
2.Address block for infrastructure/48 allows 65k /64-subnets/48 per PoP or region (for large networks)/48 for whole backbone (for small to medium networks)Summarise if it makes sense
36© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Link Level – Prefix Length Considerations
64 bits
• Recommended by RFC3177 and IAB/IESG
• Consistency makes management easy
• Significant Address space loss
• Enables more hosts per broadcast domain
• Considered bad practice
• 64 bits offers more space for hosts than the media can support efficiently
< 64 bits > 64 bits
• Address space conservation• Special cases:
/126 – valid for p2p/127 – not valid for p2p(RFC3627)/128 – loopback
• Complicates management• Must avoid overlap with
specific addresses:Router Anycast (RFC3513)Embedded RP (RFC3956)ISATAP addresses
37© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Policy Implementation1. Give Home/SOHO a permanent /64 – single
link2. Give Home/SOHO a permanent /483. Short-lived /64 from a prefix-pool
A Separate /64 is assigned each user/interface. The prefix is advertised in RA’s and a route is installed in the RIB.
4. Short-lived /128 from a shared prefix-pool/64 prefix is shared between all users of the pool. The same /64
prefix is advertised in RA’s out all interfaces. The user gets an /128 based on the prefix and his Interface-Identifier. A route in the RIB is installed only for the /128.
38© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Addressable Device Proliferation
/48/64
/128
/64
Which devices addressable by which domains?
39© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
DHCPv6 PD: RFC 36331. Media independence
e.g., ADSL, FTTHOnly knows identity of requesting router
2. Leases for prefixes3. Flexible deployments
Client/relay/server model4. Requesting router includes
request for prefixes in DHCP configuration request
5. Delegating router assigns prefixes in response along with other DHCP configuration information
ADSL
FTTHDHCPv6 Server(s)
DHCPv6 Client
DHCPv6 Relay
/48
/64
40© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Enterprise IPv6 Address Allocation1. Enterprise own addressing scheme
Get you own address from local registry via IANA ORGet it via Service Providers
2. Unique local address if the network does not need to go on the Internet (Private address)
3. Usually get a block of /48 unless a justification for a larger block is made
4. PI address for multihoming
41© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Provider-Independent Addresses
1. Driven mainly by enterprises2. Adopted (April 2006) because there is no consensus on Multihoming for
IPv6 3. The possible impact is still debated but it seems we will just have to deal
with it. Lack of PI could however slow down IPv6 adoption.4. BGP can only control routing table growth if routes are aggregated5. Number of multi-homed sites increasing quickly (>10,000)6. The IPv6 address space is very large7. Routing table growth could be problematical with the capability of the
current hardware and protocols
Provider Independent Proposal: http://www.arin.net/policy/proposals/2005_1.html
42© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Routing Protocols Coexistence & Convergence
43© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
The Questions Are Almost the Same as for IPv4
1. Most likely the IPv6 IGP will not be deployed in a brand new network and just by itself
2. Most likely the IPv4 services are more important at first since they are generating most of the revenue
3. Redefine “better”
1. What is the impact on the convergence of IPv4?
2. Are the resources optimally shared?
3. Are the topologies going to be congruent?
4. Etc.
44© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Nothing Is for Free1. Resources will be shared between the two IGPs and
they will compete for processor cycles in a way that reflects their relative configuration
2. This has implications on:Expected convergence behaviorSingle process/topology vs Multi process/topology selectionResources (Memory, CPU) planning
45© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Coexistence—Resources Considerations1. With the exception of ISIS single topology, the IPv4
and IPv6 routing processes claim their own memory and processing resources for maintaining adjacencies, databases and related calculations
2. It is important to define the IPv6 network design in order to understand the new resource requirements (memory) and the new operational parameters (max CPU) for the network devices
46© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Convergence ConsiderationsThe IGPs Will Compete over Processor Cycles Based on Their Relative Tuning� If you configure the IPv4 and IPv6 IGPs the same way (aggressively tuned for fast convergence), naturally expect a doubling of their stand alone operation convergence time� If the IPv6 IGP is operating under default settings, the convergence time for the optimally tuned IPv4 IGP is not significantly affected
47© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Transition Technologies& futures
48© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Network Address Translation (NAT) Terminology
NAT44 The classic IPv4 NATNAT444 Double NAT
(NAT on Residential Gateway (RG) + NAT within SP network)NAT46 Protocol translation from IPv4 to IPv6
(may also include DNS46)NAT464 Double NAT with IPv6 transportNAT64 Protocol translation from IPv6 to IPv4
(may also include DNS64)NAT66 Hiding addresses for reachability or domain independenceIVI Prefix-specific & stateless address mapping for IPv4/IPv6
coexistence and transition
LSN Large Scale NAT In practice, all three mean the SP performs some form of NAT for many subscribersCGN Carrier Grade NAT
AFT Address Family Translator
49© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
Large Scale NAT444 in Operation
IPv4
IPv4
IPv4
Subscribers
Public IPv4Internet
Access Provider Network Public Internet
Core
IPv4public
IPv4
IPv4
IPv4
Public IPv4InternetLSN
= public IPv4= NOT public IPv4
Core
(NOT)-IPv4public
Today:
AddingLSN:
50© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPv4 to IPv6 TranslationStateful AFT (NAT64)
IPv4 host
IPv4+IPv6 host
Subscriber Network IPv6-only SP Network Internet
CustomerRouter
IPv6 host
IPv6 InternetIPv6 Internet
IPv6
1. Service Provider deploys IPv6-only infrastructure:Only IPv6 is available to the consumerIPv4 Internet available via Address Family Translation on SP NAT device
IPv4
IPv4 InternetIPv4 Internet
DNS64
SP NAT64Sharing IPv4 address(es)
NAT64 IPv6
D N S q u e r yI P v6
http://tools.ietf.org/html/draft-bagnulo-behave-nat64-00
51© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPv4 to IPv6 Translation Stateless AFT (IVI): IPv6 originates
IPv4 host
IPv4+IPv6 host
Subscriber Network IPv6-only SP Network Internet
CustomerRouter IPv6
InternetIPv6 Internet
IPv6
1. Service Provider deploys IPv6-only infrastructure:Only IPv6 is available to the consumerIPv4 Internet available via IVI Translator (SP sets aside portion of existing IPv6 and IPv4 blocks to facilitate stateless translator)
IPv4 InternetIPv4 Internet
IPv4DNS
IVI Translator
IVI IPv6
D N S q u e r yI Pv6
IPv6 host
http://tools.ietf.org/id/draft-baker-behave-ivi
52© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
IPv4 InternetIPv4 Internet
IPv4 host
IPv4+IPv6 host
Subscriber Network IPv4-only SP Network Internet
IPv4
CustomerRouter
1. Service Provider deploys IPv4-only infrastructure:Only IPv4 is available to the consumerIPv6 Internet available via IVI Translator (SP sets aside portion of existing IPv6 and IPv4 blocks to facilitate stateless translator)
IPv6 InternetIPv6 Internet
IPv6
query DNS
IVI Translator
IVI IPv4
IPv6 host
IPv4 to IPv6 TranslationStateless AFT (IVI): IPv4 originates
53© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
TunnelingDual Stack PPP
1. SPs would love to have their embedded access infrastructure support IPv6
� Tunnels can originate from RG or CPE.When on CPE, no coordination with RG or Access Provider required!
� However legacy DSLAMs often cannot pass IPv6� These DSLAMs can pass PPP or IPv4, so it is possible to tunnel IPv6. This means massive investment reused
54© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
RG IPv4 Address
6rd Relay
For IPv6 traffic destined for the Home, the 6rd Relay pulls the RG’s IPv4 from within the destination IPv6 address
For IPv6 traffic destined to a nearby 6rd user, the RG pulls the target IPv4 tunnel endpoint from within the destination IPv6 address
For IPv6 traffic destined to the backbone, the RG uses the destination IPv4 of the 6rd Relay.
6rd RG
+ RG IPv4 Address + SLA/56
Residence’s IPv6 Subnet is constructed from:
ISP’s IPv6 Prefix /128
TunnelingIPv6 Rapid Deployment (6rd)
1. A form of v6/v4 which traverses the aggregation cloud without added IPv6 provisioninghttp://tools.ietf.org/html/draft-ietf-softwire-ipv6-6rd-00
55© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
TunnelingDual Stack Lite
1. Tunneling IPv4 over networks capable of Native IPv62. Step #1: Get IPv6 access & aggregation infrastructure working
Useful for SPs exhausting 10.x.x.x space in their aggregation networks. (E.g., Cable Modems & mobile access/aggregation devices)
CPE
� Step #2: IPv4 & IPv6 services over IPv6 transportNAT 444 by SP (1:1 or N:1) means no impactto premises IPv4 numberingAllows graceful turn-down of IPv4 over time
http://tools.ietf.org/id/draft-ietf-softwire-dual-stack-lite