Suche senden
Hochladen
Shmcfarl slb66-slb64-nat64-proxy
•
2 gefällt mir
•
3,114 views
S
Shannon McFarland
Folgen
Technologie
Melden
Teilen
Melden
Teilen
1 von 23
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition
Johnson Liu
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grossetete
Febrian
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
IPv6no
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway Meeting
IPv6no
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
Digicomp Academy AG
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
IKT-Norge
IPv6 in 3G Core Networks
IPv6 in 3G Core Networks
John Loughney
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000
Vinod Kumar Balasubramanyam
Empfohlen
2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition
Johnson Liu
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grossetete
Febrian
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
IPv6no
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway Meeting
IPv6no
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
Digicomp Academy AG
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
IKT-Norge
IPv6 in 3G Core Networks
IPv6 in 3G Core Networks
John Loughney
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000
Vinod Kumar Balasubramanyam
1 asr9 k platform architecture
1 asr9 k platform architecture
Thanh Hung Quach
Hacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian Domínguez
Eventos_PrinceCooke
I pv6 autoconfig20c
I pv6 autoconfig20c
Frederic Bovy
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Cisco Canada
To Infiniband and Beyond
To Infiniband and Beyond
Boston Consulting Group
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
IPv6no
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Cisco Russia
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6no
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
IPv6no
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Canada
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Bruno Teixeira
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Erik Ginalick
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Shixiong Shang
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IBM India Smarter Computing
Advances in IPv6 Mobile Access
Advances in IPv6 Mobile Access
John Loughney
Integrate steelhead into iwan
Integrate steelhead into iwan
luis2203
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
Alex Gorbachev
Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011
John Loughney
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Cisco Russia
mpls CNNA.pdf
mpls CNNA.pdf
JamiUllah1
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
IPv6no
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013
Affan Basalamah
Weitere ähnliche Inhalte
Was ist angesagt?
1 asr9 k platform architecture
1 asr9 k platform architecture
Thanh Hung Quach
Hacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian Domínguez
Eventos_PrinceCooke
I pv6 autoconfig20c
I pv6 autoconfig20c
Frederic Bovy
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Cisco Canada
To Infiniband and Beyond
To Infiniband and Beyond
Boston Consulting Group
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
IPv6no
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Cisco Russia
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6no
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
IPv6no
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Canada
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Bruno Teixeira
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Erik Ginalick
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Shixiong Shang
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IBM India Smarter Computing
Advances in IPv6 Mobile Access
Advances in IPv6 Mobile Access
John Loughney
Integrate steelhead into iwan
Integrate steelhead into iwan
luis2203
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
Alex Gorbachev
Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011
John Loughney
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Cisco Russia
Was ist angesagt?
(19)
1 asr9 k platform architecture
1 asr9 k platform architecture
Hacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian Domínguez
I pv6 autoconfig20c
I pv6 autoconfig20c
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
To Infiniband and Beyond
To Infiniband and Beyond
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
Advances in IPv6 Mobile Access
Advances in IPv6 Mobile Access
Integrate steelhead into iwan
Integrate steelhead into iwan
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Ähnlich wie Shmcfarl slb66-slb64-nat64-proxy
mpls CNNA.pdf
mpls CNNA.pdf
JamiUllah1
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
IPv6no
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013
Affan Basalamah
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
gogo6
IPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
Swiss IPv6 Council
SRv6-TOI-rev3i-EXTERNAL.pdf
SRv6-TOI-rev3i-EXTERNAL.pdf
YunLiu75
3hows
3hows
Haris Padinharethil
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH Switzerland
Swiss IPv6 Council
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
Erik Ginalick
Ventajas de IPv6
Ventajas de IPv6
Eduardo Castro
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
PROIDEA
I pv6 tutorial
I pv6 tutorial
Fred Bovy
Testing PPT
Testing PPT
ankur14vicky
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
APNIC
Getting started with IPv6
Getting started with IPv6
Private
Operational Issues inIPv6 --from vendors' point of view--
Operational Issues inIPv6 --from vendors' point of view--
Shinsuke SUZUKI
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
APNIC
IPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a Nutshell
Fred Bovy
Варианты практической реализации стратегии миграции к IPv6.
Варианты практической реализации стратегии миграции к IPv6.
Cisco Russia
Segment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use Cases
Cisco Canada
Ähnlich wie Shmcfarl slb66-slb64-nat64-proxy
(20)
mpls CNNA.pdf
mpls CNNA.pdf
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
IPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
SRv6-TOI-rev3i-EXTERNAL.pdf
SRv6-TOI-rev3i-EXTERNAL.pdf
3hows
3hows
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH Switzerland
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
Ventajas de IPv6
Ventajas de IPv6
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
I pv6 tutorial
I pv6 tutorial
Testing PPT
Testing PPT
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
Getting started with IPv6
Getting started with IPv6
Operational Issues inIPv6 --from vendors' point of view--
Operational Issues inIPv6 --from vendors' point of view--
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
IPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a Nutshell
Варианты практической реализации стратегии миграции к IPv6.
Варианты практической реализации стратегии миграции к IPv6.
Segment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use Cases
Kürzlich hochgeladen
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
Ravi Sanghani
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Knoldus Inc.
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
itnewsafrica
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
Farhan Tariq
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
fnnc6jmgwh
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
UiPathCommunity
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
Inflectra
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Alkin Tezuysal
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
Pixlogix Infotech
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Nathaniel Shimoni
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
Kari Kakkonen
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
ThousandEyes
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
Mydbops
Kürzlich hochgeladen
(20)
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
2024 April Patch Tuesday
2024 April Patch Tuesday
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
Shmcfarl slb66-slb64-nat64-proxy
1.
Cisco Solutions for
Content Access in the DC/ Internet Edge Cisco Public
2.
Dual Stack the
DC and Internet Edge Internet Dual stack the same ISP 1 ISP 2 network you have If not, do just enough Edge Router IPv6-only to get you going Most design elements Outer Switch should be the same as with IPv4 (minus pure Security NAT/PAT) Services Enterprise Core You may have to embrace SLB64/ Proxy/NAT64 for IPv4- Inner switching/ only apps DMZ/Server Farm SLB/Proxy/ Compute Internal Enterprise © 2010 Cisco and/or its affiliates. All rights reserved. Web, Email, Other Cisco Public 2
3.
What if I
Can’t Dual Stack My Edge? Server Load Balancer Stateful NAT64 Proxy IPv6 IPv6 IPv6 Internet Internet Internet IPv6 IPv6 IPv6 -Apache -MSFT PortProxy IPv4 IPv4 IPv4 IPv4-only Host IPv4-only Host IPv4-only Host © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4.
ACE + IPv6
/ ASR + NAT64 ACE SLB66 ACE SLB64 v6 v4 v6 v6 v6 v4 v6 v4 A5(1.0) (ACE30, ACE4710) A5(1.0) (ACE30, ACE4710) Stateful NAT64 + SLB44 v6 v4 v4 server © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
5.
ACE SLB66 –
One Arm Mode 2001:db8:cafe:10::17 v6 VIP: 2001:db8:cafe:12::ace3 SNAT: 2001:db8:cafe:12::beef v6 2001:db8:cafe:12::15 2001:db8:cafe:12::25 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6.
Cisco ACE –
Context Definition Interface Configuration (Admin Context) interface gigabitEthernet 1/1 channel-group 1 no shutdown interface gigabitEthernet 1/2 channel-group 1 no shutdown interface port-channel 1 switchport trunk allowed vlan 11-13 port-channel load-balance dst-ip Define WEB-V6 Context no shutdown context WEB-V6 allocate-interface vlan 12 interface vlan 13 ipv6 enable ip address 2001:db8:cafe:13::ace1/64 ip address 10.121.13.100 255.255.255.0 no shutdown ip route 0.0.0.0 0.0.0.0 10.121.13.1 ip route ::/0 vlan 13 fe80::5:73ff:fea0:2 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7.
WEB_V6 Context -
MGMT class-map type management match-any mgmt-cm 2 match protocol xml-https any 3 match protocol https any 4 match protocol ssh any 5 match protocol snmp any 6 match protocol icmp any 7 match protocol http any 8 match protocol telnet any class-map type management match-any mgmt-cm-v6 2 match protocol icmpv6 anyv6 policy-map type management first-match MGMT class mgmt-cm permit class mgmt-cm-v6 permit interface vlan 12 service-policy input MGMT IP Access through the Cisco ACE access-list EVERYONE line 10 extended permit icmp any any access-list EVERYONE line 20 extended permit ip any any access-list EVERYONE-v6 line 8 extended permit icmpv6 anyv6 anyv6 access-list EVERYONE-v6 line 16 extended permit ip anyv6 anyv6 interface vlan 12 access-group input EVERYONE access-group input EVERYONE-v6 its affiliates. All rights reserved. © 2010 Cisco and/or Cisco Public 7
8.
WEB_V6 Context Specific
Configurations class-map match-all WEB_V6_VIP probe icmp PING_V6_PROBE 2 match virtual-address 2001:db8:cafe:12::ace3 tcp eq www ip address 2001:db8:cafe:12::25 interval 15 policy-map type loadbalance first-match WEB_V6_SLB passdetect interval 60 class class-default! probe http WEB_V6_PROBE serverfarm WEB_V6_SF! interval 15 ! passdetect interval 5 policy-map multi-match WEB_V6_POL request method get url /welcome.png class WEB_V6_VIP expect status 200 200 loadbalance vip inservice open 1 loadbalance policy WEB_V6_SLB rserver host WEB_V6_1 loadbalance vip icmp-reply active ip address 2001:db8:cafe:12::25 nat dynamic 1 vlan 12 inservice rserver host WEB_V6_2 interface vlan 12 ip address 2001:db8:cafe:12::15 ipv6 enable inservice ip address 2001:db8:cafe:12::ace1/64 serverfarm host WEB_V6_SF access-group input EVERYONE predictor leastconns slowstart 300 access-group input EVERYONE-v6 probe PING_V6_PROBE nat-pool 1 2001:db8:cafe:12::beef probe WEB_V6_PROBE 2001:db8:cafe:12::beef/128 pat rserver WEB_V6_1 service-policy input MGMT inservice service-policy input WEB_V6_POL rserver WEB_V6_2 inservice ip route ::/0 vlan 12 Cisco Public fe80::5:73ff:fea0:2 © 2010 Cisco and/or its affiliates. All rights reserved. 8
9.
Health Monitoring (Probes)
- ICMP ace-4710-1/WEB-V6# show probe probe : PING_V6_PROBE type : ICMP state : ACTIVE ---------------------------------------------- port : 0 address : 2001:DB8:CAFE:12::25 addr type : TRANSPARENT interval : 15 pass intvl : 60 pass count: 3 fail count: 3 recv timeout: 10 ------------------ probe results ------------------ associations ip-address port porttype probes failed passed health ------------ ----------------------+----+--------+------+------+------+------ serverfarm : WEB_V6_SF real : WEB_V6_1[0] 2001:DB8:CAFE:12::25 0 PROBE 6 0 6 SUCCESS © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10.
Health Monitoring (Probes)
- HTTP probe : WEB_V6_PROBE type : HTTP state : ACTIVE ---------------------------------------------- port : 80 address : 0.0.0.0 addr type : - interval : 15 pass intvl : 5 pass count: 3 fail count: 3 recv timeout: 10 ------------------ probe results ------------------ associations ip-address port porttype probes failed passed health ------------ ----------------------+----+--------+------+------+------+------ 2001:DB8:CAFE:12::25 80 VIP 26 0 26 SUCCESS real : WEB_V6_2[0] 2001:DB8:CAFE:12::15 80 VIP 51 51 0 FAILED Source Destination Protocol Info 2001:db8:cafe:12::ace1 2001:db8:cafe:12::25 HTTP GET /welcome.png HTTP/1.1 Source Destination Protocol Info 2001:db8:cafe:12::25 2001:db8:cafe:12::ace1 HTTP HTTP/1.1 200 OK (PNG) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11.
Validation of Connection conn-id
np dir proto source sport state vlan destination dport ----------+--+---+-----+------------------------------------------+-----+------+ 131884 1 in TCP 2001:db8:cafe:10::17 59374 ESTAB Client-2-VIP 12 2001:db8:cafe:12::ace3 80 129952 1 out TCP 2001:db8:cafe:12::25 80 ESTAB Svr-2-SNAT 12 2001:db8:cafe:12::beef 1027 C:>netstat Active Connections Proto Local Address Foreign Address State Server TCP [2001:db8:cafe:12::25]:80 [2001:db8:cafe:12::beef]:1027 ESTABLISHED © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12.
ACE Show Output
(1) ace-4710-1/WEB-V6# show serverfarm serverfarm type rservers predictor current conns +--------------------+---------+--------+------------------+--------------- WEB_V6_SF HOST 2 LEASTCONNS 0 ace-4710-1/WEB-V6# show rserver rserver : WEB_V6_1, type: HOST state : OPERATIONAL (verified by ND response) -------------------------------------------connections----------- real weight state current total ---+---------------------+------+------------+----------+-------------------- serverfarm: WEB_V6_SF 2001:db8:cafe:12::25]:0 8 OPERATIONAL 0 3 rserver : WEB_V6_2, type: HOST state : ND_FAILED -------------------------------------------connections----------- real weight state current total ---+---------------------+------+------------+----------+-------------------- serverfarm: WEB_V6_SF [2001:db8:cafe:12::15]:0 8 ND_FAILED 0 0 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13.
ace-4710-1/WEB-V6# show service-policy Policy-map
: WEB_V6_POL Status : ACTIVE ----------------------------------------- ACE Show Output (2) Interface: vlan 1 12 service-policy: WEB_V6_POL class: WEB_V6_VIP nat: nat dynamic 1 vlan 12 curr conns : 0 , hit count : 2 dropped conns : 0 client pkt count : 35 , client byte count: 4145 server pkt count : 159 , server byte count: 197507 conn-rate-limit : 0 , drop-count : 0 bandwidth-rate-limit : 0 , drop-count : 0 loadbalance: L7 loadbalance policy: WEB_V6_SLB VIP ICMP Reply : ENABLED-WHEN-ACTIVE VIP State: INSERVICE VIP DCI state: VPC_DISABLED VIP DAD state: DAD_PASSED Persistence Rebalance: DISABLED curr conns : 0 , hit count : 23 dropped conns : 20 client pkt count : 121 , client byte count: 10563 server pkt count : 314 , server byte count: 392943 conn-rate-limit : 0 , drop-count : 0 bandwidth-rate-limit and/or 0 affiliates. All rights reserved. © 2010 Cisco : its , drop-count : 0 Cisco Public 13
14.
ACE SLB64 –
One Arm Mode 2001:db8:cafe:10::17 v6 VIP: 2001:db8:cafe:12::ace4 SNAT: 10.121.12.90 v4 10.121.12.25 10.121.12.15 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15.
SLB64 Context Specific
Configurations class-map match-all WEB_V6_V4_VIP 2 match virtual-address 2001:db8:cafe:12::ace4 tcp eq www probe http WEB_V4_PROBE interval 15 policy-map type loadbalance first-match WEB_V6_V4_SLB passdetect interval 5 class class-default request method get url /welcome.png serverfarm WEB_V6_V4_SF expect status 200 200 insert-http x-forward-for header-value "%is" open 1 nat dynamic 2 vlan 12 serverfarm primary rserver host WEB_V4_1 ip address 10.121.12.25 policy-map multi-match WEB_V6_POL inservice class WEB_V6_V4_VIP rserver host WEB_V4_2 loadbalance vip inservice ip address 10.121.12.15 loadbalance policy WEB_V6_V4_SLB inservice loadbalance vip icmp-reply active serverfarm host WEB_V6_V4_SF predictor leastconns slowstart 300 interface vlan 12 probe WEB_V4_PROBE ipv6 enable rserver WEB_V4_1 80 ip address 2001:db8:cafe:12::ace1/64 inservice ip address 10.121.12.45 255.255.255.0 rserver WEB_V4_2 80 access-group input EVERYONE inservice access-group input EVERYONE-v6 nat-pool 2 10.121.12.90 10.121.12.90 netmask 255.255.255.0 pat service-policy input MGMT service-policy inputCisco Public © 2010 Cisco and/or its affiliates. All rights reserved. WEB_V6_POL 15
16.
NAT64 Lots of
RFCs to check out: RFC 6144 – Framework for IPv4/IPv6 Translation RFC 6052 – IPv6 Addressing of IPv4/IPv6 Translators RFC 6145 – IP/ICMP Translation Algorithm RFC 6146 – Stateful NAT64 RFC 6147 – DNS64 Stateless – Not your friend in the enterprise (corner case deployment) 1:1 mapping between IPv6 and IPv4 addresses (i.e. 254 IPv6 hosts-to-254 IPv4 hosts) Requires the IPv6-only hosts to use an “IPv4 translatable” address format Stateful – What we are after for translating IPv6-only hosts to IPv4-only host(s) It is what it sounds like – keeps state between translated hosts Several deployment models (PAT/Overload, Dynamic 1:1, Static, etc…) This is what you will use to translate from IPv6 hosts (internal or Internet) to IPv4-only servers (internal DC or Internet Edge) Papers on Stateless vs. Stateful and use cases for NAT64: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/ white_paper_c11-676277.html http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/ white_paper_c11-676278.html © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17.
Stateful NAT64 –
Example Topology Static Example 10.121.13.52 DMZ/DC Internet IPv6 Host: 2001:db8:c150:10::16 10.121.12.70 G0/0/0: G0/0/1: 2001:DB8:CAFE:5555::1/64 10.121.220.1/24 interface GigabitEthernet0/0/0 ASR access-list EDGE_ACL ipv6 permit ipv6 any host 2001:DB8:CAFE:BEEF::46 description to 6k-dmz-1 Outside permit ipv6 any host 2001:DB8:CAFE:BEEF::34 no ip address ! ipv6 address 2001:DB8:CAFE:5555::1/64 nat64 prefix stateful 2001:DB8:CAFE:BEEF::/96 ipv6 eigrp 10 nat64 v4 pool EDGE 10.121.55.1 10.121.55.1 nat64 enable nat64 v4v6 static 10.121.12.70 2001:DB8:CAFE:BEEF::46 ! nat64 v4v6 static 10.121.13.52 2001:DB8:CAFE:BEEF::34 interface GigabitEthernet0/0/1 nat64 v6v4 list EDGE_ACL pool EDGE overload description to 6k-dmz-1 Inside ip address 10.121.220.1 255.255.255.0 nat64 enable © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 1 7
18.
NAT64 Translations
Reference ASR1k#sh nat64 translations Proto Original IPv4 Translated IPv4 Translated IPv6 Original IPv6 ---------------------------------------------------------------------------- --- 10.121.13.52 2001:db8:cafe:beef::48 Static --- --- --- 10.121.12.70 2001:db8:cafe:beef::46 Entries --- --- tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1030 [2001:db8:cafe:10::16]:53601 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1029 [2001:db8:cafe:10::16]:53600 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 Dynamic 10.121.55.1:1028 [2001:db8:cafe:10::16]:53599 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 Overloaded 10.121.55.1:1024 [2001:db8:cafe:10::16]:53593 Entries tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1025 [2001:db8:cafe:10::16]:53596 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1026 [2001:db8:cafe:10::16]:53597 tcp 10.121.12.70:80 [2001:db8:cafe:beef::46]:80 10.121.55.1:1027 [2001:db8:cafe:10::16]:53598 Total number of translations: 9 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19.
NAT64 Statistics ASR1k#show nat64
statistics Reference Total active translations: 6 (3 static, 3 dynamic; 3 extended) Sessions found: 171 Sessions created: 3 Global Stats: Packets translated (IPv4 -> IPv6) Stateless: 0 Stateful: 100 Packets translated (IPv6 -> IPv4) Stateless: 0 Stateful: 74 Interface Statistics GigabitEthernet0/0/0 (IPv4 not configured, IPv6 configured): Packets translated (IPv6 -> IPv4) Stateless: 0 Stateful: 74 GigabitEthernet0/0/1 (IPv4 configured, IPv6 not configured): Packets translated (IPv4 -> IPv6) Stateful: 100 Dynamic Mapping Statistics v6v4 access-list EDGE_ACL pool EDGE refcount 3 pool EDGE: start 10.121.55.1 end 10.121.55.1 total addresses 1, allocated 1 (100%) *Output reduced for clarity © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20.
Apache2 Reverse Proxy Netstat
- Client TCP [2001:db8:beef:10::16]:54640 [2001:db8:cafe:12::5]:80 ESTABLISHED TCP [2001:db8:beef:10::16]:54641 [2001:db8:cafe:12::5]:80 ESTABLISHED 2001:db8:beef:10::16 Netstat - Proxy Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 10.121.11.125:40475 10.121.11.60:80 ESTABLISHED 2001:db8:cafe:12::5 tcp 0 0 10.121.11.125:40476 10.121.11.60:80 ESTABLISHED tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54640 ESTABLISHED tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54641 ESTABLISHED 10.121.11.125 Apache One-Arm Apache Dual- Attached Netstat - Server TCP 10.121.11.60:80 10.121.11.125:40475 ESTABLISHED TCP 10.121.11.60:80 10.121.11.125:40476 ESTABLISHED IPv4-only Web Server <VirtualHost *:80> ProxyPass / http://10.121.11.60:80/ ProxyPassReverse / 2010 Cisco and/or its affiliates. All rights reserved. http://10.121.11.60:80/ © Cisco Public 20
21.
Microsoft Windows PortProxy
Can be treated like an appliance One-arm 2001:db8:cafe:12::25 Dual-attached (better perf) 10.121.12.25 Outside traffic comes in PortProxy One-Arm VIP=10.121.5.20 on IPv6—PortProxy to ACE PortProxy v4 (VIP address on Dual-Attached ACE) Traffic is IPv4 to server IPv4-only Web Server © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22.
PortProxy Configuration/Monitoring
adsf netsh interface portproxy>sh all Listen on ipv6: Connect to ipv4: Address Port Address Port --------------- ---------- --------------- ---------- 2001:db8:cafe:12::25 80 10.121.5.20 80 Active Connections Proto Local Address Foreign Address State TCP 10.121.12.25:58141 10.121.5.20:http ESTABLISHED TCP [2001:db8:cafe:12::25]:80 [2001:db8:cafe:10::17]:52047 ESTABLISHED conn-id np dir proto vlan source destination state ----------+--+---+-----+----+---------------------+---------------------+------+ 14 1 in TCP 5 10.121.12.25:58573 10.121.5.20:80 ESTAB 13 1 out TCP 5 10.121.14.15:80 10.121.5.12:1062 ESTAB © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Jetzt herunterladen