Weitere ähnliche Inhalte Ähnlich wie Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conference (20) Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conference2. • Network backbone – routers, switches, etc.
• Terminal servers, telnet, ssh, VNC, RDP, etc.
• File servers, VMware, etc.
• Services – DNS, DHCP, AAA, NTP, SNMP, etc.
• NMS – vendor and home-grown
• IP Phones, Wireless
• Power management, Room Access, Surveillance
• Thermostat, Cooling, Fire detectors, Lights …
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
3. • Network backbone – routers, switches, etc.
• Terminal servers, telnet, ssh, VNC, RDP, etc.
• File servers – VMware, etc.
• Enable IPv6 connectivity within lab
• Enable IPv6 connectivity between labs
• Enable IPv6 connectivity to Internet where needed
• IPv6 available for devices that need/want it
• Groundwork for future
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
4. Brussels
San Jose Beijing
BXB
RCDN Tokyo
RTP
Bangalore
Sydney
Strategy: combine the labs into one unified, scaled, virtual
system with common architecture and processes: One lab
service “cloud.”
US & Canada European Markets Emerging Markets Asia Pacific/Japan
© 2010 Cisco and/or its affiliates. All rights reserved. 4
Cisco Confidential 4
5. • Support more TAC IPv6 cases -- recreates
• Be ready for the World IPv6 Launch Day: June 6th, 2012
• Greater Internet Addressability in lieu of very limited public IPv4
address space
• Greater Cisco Addressability in lieu of limited RFC1918 IPv4
Address Availability
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
6. • Dual stack
• Direct vs. 6in4 Tunnel
• RIPv6 / EIGRPv6 / OSPFv3 / IS-IS
• Only IS-IS is truly integrated, but this advantage is not too useful
in a typical lab that has on the order of dozens of pods and
hundreds of subnets
• We traditionally used EIGRP inside the lab, but RIPv6 is what
Cisco IT uses for the 6in4 tunnels it creates
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
7. • Assigned /56 via IP transported via direct or GRE tunnel
• Full mesh tunnels, or home all tunnels to single router or to where
IT tells you
• In our case, not a terribly strict hierarchy – mix of main gateway,
intermediate gateways, L2/L3 switches, etc.
• Route IPv6 on all routers and L3 switches
• No need to worry about L2, except as hosts for mgmt
• Lab backbone via RIP for now – because of IT and desire to keep
things simple, migrate to OSPF or EIGRP later
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
8. ipv6 unicast-routing
!
interface Tunnel0
description for 2001:db8:1bf:400::/56
no ip address
ipv6 address 2001:DB8:1BF:400::2/64
tunnel source Loopback0
tunnel destination 10.27.90.77
tunnel mode ipv6ip
!
interface Loopback0
ip address 131.108.84.1 255.255.255.255
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
9. interface Vlan11
description BACKBONE ETHERNET SWITCH VLAN
ipv6 address 2001:DB8:1BF:401::1/64
ipv6 rip v6 enable
ipv6 rip v6 default-information originate
!
interface Vlan240
ipv6 address 2001:DB8:1BF:4F0::1/64
!
ipv6 route ::/0 Tunnel0
ipv6 router rip v6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
10. ipv6 unicast-routing
!
interface GigabitEthernet0/0
ipv6 address 2001:DB8:1BF:401::11/64
ipv6 rip v6 enable
!
interface GigabitEthernet0/1.54
encapsulation dot1Q 54
ipv6 address 2001:DB8:1BF:436::1/64
!
ipv6 router rip v6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
11. • Via SLAAC/DHCP – address, subnet, gateway, DNS if available
interface x/y
ipv6 address autoconfig
• Static
interface x/y
ipv6 address 2001:DB8:1BF:436::88/64
!
ipv6 route ::/0 2001:DB8:1BF:436::1
ip name server X:X:X:X::X
ip domain name abc.org
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
12. • Some HW may need upgrading
• Likely some SW needs upgrading
• Cisco IPv6 feature support – EIGRP in SXI, IPv6 in ipbase, etc.
• Lab topology has “evolved” over so many years
• LARGE lab
• Little manpower for lab architecture
• IT infra not all IPv6 enabled; need some 6in4 tunnels
• Labeling! IPv6 subnets are longer and devices with more and
more ports have less empty space to write them….
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
13. • In IPv6, subnet size worries gone
• DHCP vs. static range concerns gone – basically no chance of
IPv6 address collision
• Switch feature -- Broadcast suppression no longer needed,
multicast suppression still useful
• Subnet manager … IT / CALO
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
14. • Configure IPv6 addresses on more devices by default for IPv6
management – telnet, ssh, snmp, etc.
• Move from SLAAC to Stateless DHCPv6 and Stateful DHCPv6
• Migrate away from non-routable IPv4 address space in favor of
corporate routable IPv6 address space
• Get IPv6 on our DMZ network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
15. • Cisco Support Community:
https://supportforums.cisco.com/community/netpro/network-
infrastructure/ipv6-transition
• CCO IPv6 Main Page
www.cisco.com/go/ipv6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
17. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
18. • Discover Layer 3 device on local subnet
• Address assignment
Stateful (DHCP) vs Stateless Address assignment (SLAAC)
Host Address Is:
Prefix Received
+
Link-Layer Address Server sends Network-Type Information
Prefix
Default Route
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
19. Centralized server performs all Client dynamically takes on
addressing tasks addressing tasks
• Assigns IP addresses • Chooses own IP address
• Keeps track of Client to address EUI-64
mapping • DAD used to avoid address
• Provides additional network duplication
information • Additional network information
DNS server not provided by default
Default gateway Provided by supporting server
Examples of Stateful Address Examples of Stateless Address
protocols protocols
• DHCP • SLAAC (StateLess Address
AutoConfiguration)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
20. DHCPv6 server will allocate one or Two messages are used
more IPv6 addresses or prefixes to • INFORMATION-REQUEST
a DHCPv6 client
• REPLY
DHCP options can be provided to
DHCPv6 server only provides
client
configuration information
• DNS server
• DNS server
• Domain name
• Domain name
DHCPv6 server maintains state
Assumption:
• Stores the leased IPv6
addresses and lease details in • Client will acquire IPv6 address
its database through other means (SLAAC)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
21. ipv6 dhcp pool IPV6_DHCPPOOL
address prefix 2001:DB8:1000::/64 lifetime infinite infinite
link-address 2001:DB8:1000::1/64
dns-server 2001:DB8:1000::4222
domain-name cisco.com
!
interface Ethernet0/0
ipv6 address 2001:DB8:1000::1/64
ipv6 enable
ipv6 nd ra suppress
ipv6 dhcp server IPV6_DHCPPOOL
• RA can be disabled because DHCP takes care of address
assignment
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
22. ipv6 dhcp pool IPV6_DHCPPOOL
dns-server 2001:DB8:1000::4222
domain-name cisco.com
!
interface Ethernet0/0
ipv6 address 2001:DB8:1000::1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server IPV6_DHCPPOOL
• By default, SLAAC only allows the client to configure an IP
address and default route, no additional information
• SLAAC must be configured to use other-config-flag options in
order to provide DNS and domain name information via the
DHCP config
This information is still provided through SLAAC, just configured via DHCP
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
23. • IPv6’s larger address space enables:
Use of link layer addresses inside the address space via eui-64 format
Dynamic client address autoconfiguration with “no collisions” (DAD)
Plug and play support
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23