SlideShare ist ein Scribd-Unternehmen logo

Shmcfarl slb66-slb64-nat64-proxy

S
Shannon McFarland
Technologie
1 von 23
Downloaden Sie, um offline zu lesen
Cisco Solutions for Content Access in the DC/ Internet Edge Cisco Public
Dual Stack the DC and Internet Edge Internet   Dual stack the same ISP 1 ISP 2 network you have   If not, do just enough Edge Router IPv6-only to get you going   Most design elements Outer Switch should be the same as with IPv4 (minus pure Security NAT/PAT) Services Enterprise Core   You may have to embrace SLB64/ Proxy/NAT64 for IPv4- Inner switching/ only apps DMZ/Server Farm SLB/Proxy/ Compute Internal Enterprise © 2010 Cisco and/or its affiliates. All rights reserved. Web, Email, Other Cisco Public 2
What if I Can’t Dual Stack My Edge? Server Load Balancer Stateful NAT64 Proxy IPv6 IPv6 IPv6 Internet Internet Internet IPv6 IPv6 IPv6 -Apache -MSFT PortProxy IPv4 IPv4 IPv4 IPv4-only Host IPv4-only Host IPv4-only Host © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
ACE + IPv6 / ASR + NAT64 ACE SLB66 ACE SLB64 v6 v4 v6 v6 v6 v4 v6 v4 A5(1.0) (ACE30, ACE4710) A5(1.0) (ACE30, ACE4710) Stateful NAT64 + SLB44 v6 v4 v4 server © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
ACE SLB66 – One Arm Mode 2001:db8:cafe:10::17 v6 VIP: 2001:db8:cafe:12::ace3 SNAT: 2001:db8:cafe:12::beef v6 2001:db8:cafe:12::15 2001:db8:cafe:12::25 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Cisco ACE – Context Definition Interface Configuration (Admin Context) interface gigabitEthernet 1/1 channel-group 1 no shutdown interface gigabitEthernet 1/2 channel-group 1 no shutdown interface port-channel 1 switchport trunk allowed vlan 11-13 port-channel load-balance dst-ip Define WEB-V6 Context no shutdown context WEB-V6 allocate-interface vlan 12 interface vlan 13 ipv6 enable ip address 2001:db8:cafe:13::ace1/64 ip address 10.121.13.100 255.255.255.0 no shutdown ip route 0.0.0.0 0.0.0.0 10.121.13.1 ip route ::/0 vlan 13 fe80::5:73ff:fea0:2 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
WEB_V6 Context - MGMT class-map type management match-any mgmt-cm 2 match protocol xml-https any 3 match protocol https any 4 match protocol ssh any 5 match protocol snmp any 6 match protocol icmp any 7 match protocol http any 8 match protocol telnet any class-map type management match-any mgmt-cm-v6 2 match protocol icmpv6 anyv6 policy-map type management first-match MGMT class mgmt-cm permit class mgmt-cm-v6 permit interface vlan 12 service-policy input MGMT IP Access through the Cisco ACE access-list EVERYONE line 10 extended permit icmp any any access-list EVERYONE line 20 extended permit ip any any access-list EVERYONE-v6 line 8 extended permit icmpv6 anyv6 anyv6 access-list EVERYONE-v6 line 16 extended permit ip anyv6 anyv6 interface vlan 12 access-group input EVERYONE access-group input EVERYONE-v6 its affiliates. All rights reserved. © 2010 Cisco and/or Cisco Public 7
WEB_V6 Context Specific Configurations class-map match-all WEB_V6_VIP probe icmp PING_V6_PROBE 2 match virtual-address 2001:db8:cafe:12::ace3 tcp eq www ip address 2001:db8:cafe:12::25 interval 15 policy-map type loadbalance first-match WEB_V6_SLB passdetect interval 60 class class-default! probe http WEB_V6_PROBE serverfarm WEB_V6_SF! interval 15 ! passdetect interval 5 policy-map multi-match WEB_V6_POL request method get url /welcome.png class WEB_V6_VIP expect status 200 200 loadbalance vip inservice open 1 loadbalance policy WEB_V6_SLB rserver host WEB_V6_1 loadbalance vip icmp-reply active ip address 2001:db8:cafe:12::25 nat dynamic 1 vlan 12 inservice rserver host WEB_V6_2 interface vlan 12 ip address 2001:db8:cafe:12::15 ipv6 enable inservice ip address 2001:db8:cafe:12::ace1/64 serverfarm host WEB_V6_SF access-group input EVERYONE predictor leastconns slowstart 300 access-group input EVERYONE-v6 probe PING_V6_PROBE nat-pool 1 2001:db8:cafe:12::beef probe WEB_V6_PROBE 2001:db8:cafe:12::beef/128 pat rserver WEB_V6_1 service-policy input MGMT inservice service-policy input WEB_V6_POL rserver WEB_V6_2 inservice ip route ::/0 vlan 12 Cisco Public fe80::5:73ff:fea0:2 © 2010 Cisco and/or its affiliates. All rights reserved. 8
Health Monitoring (Probes) - ICMP ace-4710-1/WEB-V6# show probe probe : PING_V6_PROBE type : ICMP state : ACTIVE ---------------------------------------------- port : 0 address : 2001:DB8:CAFE:12::25 addr type : TRANSPARENT interval : 15 pass intvl : 60 pass count: 3 fail count: 3 recv timeout: 10 ------------------ probe results ------------------ associations ip-address port porttype probes failed passed health ------------ ----------------------+----+--------+------+------+------+------ serverfarm : WEB_V6_SF real : WEB_V6_1[0] 2001:DB8:CAFE:12::25 0 PROBE 6 0 6 SUCCESS © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Health Monitoring (Probes) - HTTP probe : WEB_V6_PROBE type : HTTP state : ACTIVE ---------------------------------------------- port : 80 address : 0.0.0.0 addr type : - interval : 15 pass intvl : 5 pass count: 3 fail count: 3 recv timeout: 10 ------------------ probe results ------------------ associations ip-address port porttype probes failed passed health ------------ ----------------------+----+--------+------+------+------+------ 2001:DB8:CAFE:12::25 80 VIP 26 0 26 SUCCESS real : WEB_V6_2[0] 2001:DB8:CAFE:12::15 80 VIP 51 51 0 FAILED Source Destination Protocol Info 2001:db8:cafe:12::ace1 2001:db8:cafe:12::25 HTTP GET /welcome.png HTTP/1.1 Source Destination Protocol Info 2001:db8:cafe:12::25 2001:db8:cafe:12::ace1 HTTP HTTP/1.1 200 OK (PNG) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Validation of Connection conn-id np dir proto source sport state vlan destination dport ----------+--+---+-----+------------------------------------------+-----+------+ 131884 1 in TCP 2001:db8:cafe:10::17 59374 ESTAB Client-2-VIP 12 2001:db8:cafe:12::ace3 80 129952 1 out TCP 2001:db8:cafe:12::25 80 ESTAB Svr-2-SNAT 12 2001:db8:cafe:12::beef 1027 C:>netstat Active Connections Proto Local Address Foreign Address State Server TCP [2001:db8:cafe:12::25]:80 [2001:db8:cafe:12::beef]:1027 ESTABLISHED © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
ACE Show Output (1) ace-4710-1/WEB-V6# show serverfarm serverfarm type rservers predictor current conns +--------------------+---------+--------+------------------+--------------- WEB_V6_SF HOST 2 LEASTCONNS 0 ace-4710-1/WEB-V6# show rserver rserver : WEB_V6_1, type: HOST state : OPERATIONAL (verified by ND response) -------------------------------------------connections----------- real weight state current total ---+---------------------+------+------------+----------+-------------------- serverfarm: WEB_V6_SF 2001:db8:cafe:12::25]:0 8 OPERATIONAL 0 3 rserver : WEB_V6_2, type: HOST state : ND_FAILED -------------------------------------------connections----------- real weight state current total ---+---------------------+------+------------+----------+-------------------- serverfarm: WEB_V6_SF [2001:db8:cafe:12::15]:0 8 ND_FAILED 0 0 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
ace-4710-1/WEB-V6# show service-policy Policy-map : WEB_V6_POL Status : ACTIVE ----------------------------------------- ACE Show Output (2) Interface: vlan 1 12 service-policy: WEB_V6_POL class: WEB_V6_VIP nat: nat dynamic 1 vlan 12 curr conns : 0 , hit count : 2 dropped conns : 0 client pkt count : 35 , client byte count: 4145 server pkt count : 159 , server byte count: 197507 conn-rate-limit : 0 , drop-count : 0 bandwidth-rate-limit : 0 , drop-count : 0 loadbalance: L7 loadbalance policy: WEB_V6_SLB VIP ICMP Reply : ENABLED-WHEN-ACTIVE VIP State: INSERVICE VIP DCI state: VPC_DISABLED VIP DAD state: DAD_PASSED Persistence Rebalance: DISABLED curr conns : 0 , hit count : 23 dropped conns : 20 client pkt count : 121 , client byte count: 10563 server pkt count : 314 , server byte count: 392943 conn-rate-limit : 0 , drop-count : 0 bandwidth-rate-limit and/or 0 affiliates. All rights reserved. © 2010 Cisco : its , drop-count : 0 Cisco Public 13
ACE SLB64 – One Arm Mode 2001:db8:cafe:10::17 v6 VIP: 2001:db8:cafe:12::ace4 SNAT: 10.121.12.90 v4 10.121.12.25 10.121.12.15 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
SLB64 Context Specific Configurations class-map match-all WEB_V6_V4_VIP 2 match virtual-address 2001:db8:cafe:12::ace4 tcp eq www probe http WEB_V4_PROBE interval 15 policy-map type loadbalance first-match WEB_V6_V4_SLB passdetect interval 5 class class-default request method get url /welcome.png serverfarm WEB_V6_V4_SF expect status 200 200 insert-http x-forward-for header-value "%is" open 1 nat dynamic 2 vlan 12 serverfarm primary rserver host WEB_V4_1 ip address 10.121.12.25 policy-map multi-match WEB_V6_POL inservice class WEB_V6_V4_VIP rserver host WEB_V4_2 loadbalance vip inservice ip address 10.121.12.15 loadbalance policy WEB_V6_V4_SLB inservice loadbalance vip icmp-reply active serverfarm host WEB_V6_V4_SF predictor leastconns slowstart 300 interface vlan 12 probe WEB_V4_PROBE ipv6 enable rserver WEB_V4_1 80 ip address 2001:db8:cafe:12::ace1/64 inservice ip address 10.121.12.45 255.255.255.0 rserver WEB_V4_2 80 access-group input EVERYONE inservice access-group input EVERYONE-v6 nat-pool 2 10.121.12.90 10.121.12.90 netmask 255.255.255.0 pat service-policy input MGMT service-policy inputCisco Public © 2010 Cisco and/or its affiliates. All rights reserved. WEB_V6_POL 15
NAT64   Lots of RFCs to check out: RFC 6144 – Framework for IPv4/IPv6 Translation RFC 6052 – IPv6 Addressing of IPv4/IPv6 Translators RFC 6145 – IP/ICMP Translation Algorithm RFC 6146 – Stateful NAT64 RFC 6147 – DNS64   Stateless – Not your friend in the enterprise (corner case deployment) 1:1 mapping between IPv6 and IPv4 addresses (i.e. 254 IPv6 hosts-to-254 IPv4 hosts) Requires the IPv6-only hosts to use an “IPv4 translatable” address format   Stateful – What we are after for translating IPv6-only hosts to IPv4-only host(s) It is what it sounds like – keeps state between translated hosts Several deployment models (PAT/Overload, Dynamic 1:1, Static, etc…) This is what you will use to translate from IPv6 hosts (internal or Internet) to IPv4-only servers (internal DC or Internet Edge)   Papers on Stateless vs. Stateful and use cases for NAT64: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/ white_paper_c11-676277.html http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/ white_paper_c11-676278.html © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Stateful NAT64 – Example Topology Static Example 10.121.13.52 DMZ/DC Internet IPv6 Host: 2001:db8:c150:10::16 10.121.12.70 G0/0/0: G0/0/1: 2001:DB8:CAFE:5555::1/64 10.121.220.1/24 interface GigabitEthernet0/0/0 ASR access-list EDGE_ACL ipv6 permit ipv6 any host 2001:DB8:CAFE:BEEF::46 description to 6k-dmz-1 Outside permit ipv6 any host 2001:DB8:CAFE:BEEF::34 no ip address ! ipv6 address 2001:DB8:CAFE:5555::1/64 nat64 prefix stateful 2001:DB8:CAFE:BEEF::/96 ipv6 eigrp 10 nat64 v4 pool EDGE 10.121.55.1 10.121.55.1 nat64 enable nat64 v4v6 static 10.121.12.70 2001:DB8:CAFE:BEEF::46 ! nat64 v4v6 static 10.121.13.52 2001:DB8:CAFE:BEEF::34 interface GigabitEthernet0/0/1 nat64 v6v4 list EDGE_ACL pool EDGE overload description to 6k-dmz-1 Inside ip address 10.121.220.1 255.255.255.0 nat64 enable © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 1 7
NAT64 Translations Reference ASR1k#sh nat64 translations Proto Original IPv4 Translated IPv4 Translated IPv6 Original IPv6 ---------------------------------------------------------------------------- --- 10.121.13.52 2001:db8:cafe:beef::48 Static --- --- --- 10.121.12.70 2001:db8:cafe:beef::46 Entries --- --- tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1030 [2001:db8:cafe:10::16]:53601 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1029 [2001:db8:cafe:10::16]:53600 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 Dynamic 10.121.55.1:1028 [2001:db8:cafe:10::16]:53599 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 Overloaded 10.121.55.1:1024 [2001:db8:cafe:10::16]:53593 Entries tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1025 [2001:db8:cafe:10::16]:53596 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1026 [2001:db8:cafe:10::16]:53597 tcp 10.121.12.70:80 [2001:db8:cafe:beef::46]:80 10.121.55.1:1027 [2001:db8:cafe:10::16]:53598 Total number of translations: 9 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
NAT64 Statistics ASR1k#show nat64 statistics Reference Total active translations: 6 (3 static, 3 dynamic; 3 extended) Sessions found: 171 Sessions created: 3 Global Stats: Packets translated (IPv4 -> IPv6) Stateless: 0 Stateful: 100 Packets translated (IPv6 -> IPv4) Stateless: 0 Stateful: 74 Interface Statistics GigabitEthernet0/0/0 (IPv4 not configured, IPv6 configured): Packets translated (IPv6 -> IPv4) Stateless: 0 Stateful: 74 GigabitEthernet0/0/1 (IPv4 configured, IPv6 not configured): Packets translated (IPv4 -> IPv6) Stateful: 100 Dynamic Mapping Statistics v6v4 access-list EDGE_ACL pool EDGE refcount 3 pool EDGE: start 10.121.55.1 end 10.121.55.1 total addresses 1, allocated 1 (100%) *Output reduced for clarity © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Apache2 Reverse Proxy Netstat - Client TCP [2001:db8:beef:10::16]:54640 [2001:db8:cafe:12::5]:80 ESTABLISHED TCP [2001:db8:beef:10::16]:54641 [2001:db8:cafe:12::5]:80 ESTABLISHED 2001:db8:beef:10::16 Netstat - Proxy Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 10.121.11.125:40475 10.121.11.60:80 ESTABLISHED 2001:db8:cafe:12::5 tcp 0 0 10.121.11.125:40476 10.121.11.60:80 ESTABLISHED tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54640 ESTABLISHED tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54641 ESTABLISHED 10.121.11.125 Apache One-Arm Apache Dual- Attached Netstat - Server TCP 10.121.11.60:80 10.121.11.125:40475 ESTABLISHED TCP 10.121.11.60:80 10.121.11.125:40476 ESTABLISHED IPv4-only Web Server <VirtualHost *:80>         ProxyPass / http://10.121.11.60:80/ ProxyPassReverse / 2010 Cisco and/or its affiliates. All rights reserved. http://10.121.11.60:80/ © Cisco Public 20
Microsoft Windows PortProxy   Can be treated like an appliance One-arm 2001:db8:cafe:12::25 Dual-attached (better perf) 10.121.12.25   Outside traffic comes in PortProxy One-Arm VIP=10.121.5.20 on IPv6—PortProxy to ACE PortProxy v4 (VIP address on Dual-Attached ACE)   Traffic is IPv4 to server IPv4-only Web Server © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
PortProxy Configuration/Monitoring   adsf netsh interface portproxy>sh all Listen on ipv6: Connect to ipv4: Address Port Address Port --------------- ---------- --------------- ---------- 2001:db8:cafe:12::25 80 10.121.5.20 80 Active Connections Proto Local Address Foreign Address State TCP 10.121.12.25:58141 10.121.5.20:http ESTABLISHED TCP [2001:db8:cafe:12::25]:80 [2001:db8:cafe:10::17]:52047 ESTABLISHED conn-id np dir proto vlan source destination state ----------+--+---+-----+----+---------------------+---------------------+------+ 14 1 in TCP 5 10.121.12.25:58573 10.121.5.20:80 ESTAB 13 1 out TCP 5 10.121.14.15:80 10.121.5.12:1062 ESTAB © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Shmcfarl slb66-slb64-nat64-proxy

Empfohlen

2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 TransitionJohnson Liu
 
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grosseteteipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick GrosseteteFebrian ‎
 
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport Ole Ipv4onlifesupport
Ole Ipv4onlifesupport IPv6no
 
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway MeetingCameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway MeetingIPv6no
 
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin GysiDigicomp Academy AG
 
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...IKT-Norge
 
IPv6 in 3G Core Networks
IPv6 in 3G Core NetworksIPv6 in 3G Core Networks
IPv6 in 3G Core NetworksJohn Loughney
 
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Vinod Kumar Balasubramanyam
 

Empfohlen

2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 TransitionJohnson Liu
 
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grosseteteipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick GrosseteteFebrian ‎
 
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport Ole Ipv4onlifesupport
Ole Ipv4onlifesupport IPv6no
 
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway MeetingCameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway MeetingIPv6no
 
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin GysiDigicomp Academy AG
 
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...IKT-Norge
 
IPv6 in 3G Core Networks
IPv6 in 3G Core NetworksIPv6 in 3G Core Networks
IPv6 in 3G Core NetworksJohn Loughney
 
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Vinod Kumar Balasubramanyam
 
1 asr9 k platform architecture
1 asr9 k platform architecture1 asr9 k platform architecture
1 asr9 k platform architectureThanh Hung Quach
 
Hacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian DomínguezHacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian DomínguezEventos_PrinceCooke
 
I pv6 autoconfig20c
I pv6 autoconfig20cI pv6 autoconfig20c
I pv6 autoconfig20cFrederic Bovy
 
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...Cisco Canada
 
To Infiniband and Beyond
To Infiniband and BeyondTo Infiniband and Beyond
To Infiniband and BeyondBoston Consulting Group
 
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleGoogle and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleIPv6no
 
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей. Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей. Cisco Russia
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6no
 
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproNorway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproIPv6no
 
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...Cisco Canada
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersBruno Teixeira
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Erik Ginalick
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012IBM India Smarter Computing
 
Advances in IPv6 Mobile Access
Advances in IPv6 Mobile AccessAdvances in IPv6 Mobile Access
Advances in IPv6 Mobile AccessJohn Loughney
 
Integrate steelhead into iwan
Integrate steelhead into iwanIntegrate steelhead into iwan
Integrate steelhead into iwanluis2203
 
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...Alex Gorbachev
 
Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011John Loughney
 
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...Cisco Russia
 
mpls CNNA.pdf
mpls CNNA.pdfmpls CNNA.pdf
mpls CNNA.pdfJamiUllah1
 
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...IPv6no
 
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013IPv6 Development in ITB 2013
IPv6 Development in ITB 2013Affan Basalamah
 

Weitere ähnliche Inhalte

Was ist angesagt?

1 asr9 k platform architecture
1 asr9 k platform architecture1 asr9 k platform architecture
1 asr9 k platform architectureThanh Hung Quach
 
Hacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian DomínguezHacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian DomínguezEventos_PrinceCooke
 
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...Cisco Canada
 
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleGoogle and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleIPv6no
 
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей. Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей. Cisco Russia
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6no
 
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproNorway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproIPv6no
 
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...Cisco Canada
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersBruno Teixeira
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Erik Ginalick
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
Advances in IPv6 Mobile Access
Advances in IPv6 Mobile AccessAdvances in IPv6 Mobile Access
Advances in IPv6 Mobile AccessJohn Loughney
 
Integrate steelhead into iwan
Integrate steelhead into iwanIntegrate steelhead into iwan
Integrate steelhead into iwanluis2203
 
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...Alex Gorbachev
 
Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011John Loughney
 
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...Cisco Russia
 

Was ist angesagt? (19)

1 asr9 k platform architecture
1 asr9 k platform architecture1 asr9 k platform architecture
1 asr9 k platform architecture
 
Hacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian DomínguezHacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian Domínguez
 
I pv6 autoconfig20c
I pv6 autoconfig20cI pv6 autoconfig20c
I pv6 autoconfig20c
 
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
 
To Infiniband and Beyond
To Infiniband and BeyondTo Infiniband and Beyond
To Infiniband and Beyond
 
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, GoogleGoogle and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
 
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей. Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
 
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill LinproNorway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
 
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
 
Advances in IPv6 Mobile Access
Advances in IPv6 Mobile AccessAdvances in IPv6 Mobile Access
Advances in IPv6 Mobile Access
 
Integrate steelhead into iwan
Integrate steelhead into iwanIntegrate steelhead into iwan
Integrate steelhead into iwan
 
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
 
Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011
 
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
 

Ähnlich wie Shmcfarl slb66-slb64-nat64-proxy

50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...IPv6no
 
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013IPv6 Development in ITB 2013
IPv6 Development in ITB 2013Affan Basalamah
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...gogo6
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
SRv6-TOI-rev3i-EXTERNAL.pdf
SRv6-TOI-rev3i-EXTERNAL.pdfSRv6-TOI-rev3i-EXTERNAL.pdf
SRv6-TOI-rev3i-EXTERNAL.pdfYunLiu75
 
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandIPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandSwiss IPv6 Council
 
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Erik Ginalick
 
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...PROIDEA
 
I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorialFred Bovy
 
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 FukuokaIPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 FukuokaAPNIC
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 
Operational Issues inIPv6 --from vendors' point of view--
Operational Issues inIPv6 --from vendors' point of view--Operational Issues inIPv6 --from vendors' point of view--
Operational Issues inIPv6 --from vendors' point of view--Shinsuke SUZUKI
 
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...APNIC
 
IPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a NutshellIPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a NutshellFred Bovy
 
Варианты практической реализации стратегии миграции к IPv6.
Варианты практической реализации стратегии миграции к IPv6. Варианты практической реализации стратегии миграции к IPv6.
Варианты практической реализации стратегии миграции к IPv6. Cisco Russia
 
Segment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use CasesSegment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use CasesCisco Canada
 

Ähnlich wie Shmcfarl slb66-slb64-nat64-proxy (20)

mpls CNNA.pdf
mpls CNNA.pdfmpls CNNA.pdf
mpls CNNA.pdf
 
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
 
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013IPv6 Development in ITB 2013
IPv6 Development in ITB 2013
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
SRv6-TOI-rev3i-EXTERNAL.pdf
SRv6-TOI-rev3i-EXTERNAL.pdfSRv6-TOI-rev3i-EXTERNAL.pdf
SRv6-TOI-rev3i-EXTERNAL.pdf
 
3hows
3hows3hows
3hows
 
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandIPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH Switzerland
 
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
 
Ventajas de IPv6
Ventajas de IPv6Ventajas de IPv6
Ventajas de IPv6
 
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
 
I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorial
 
Testing PPT
Testing PPTTesting PPT
Testing PPT
 
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 FukuokaIPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6
 
Operational Issues inIPv6 --from vendors' point of view--
Operational Issues inIPv6 --from vendors' point of view--Operational Issues inIPv6 --from vendors' point of view--
Operational Issues inIPv6 --from vendors' point of view--
 
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
 
IPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a NutshellIPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a Nutshell
 
Варианты практической реализации стратегии миграции к IPv6.
Варианты практической реализации стратегии миграции к IPv6. Варианты практической реализации стратегии миграции к IPv6.
Варианты практической реализации стратегии миграции к IPv6.
 
Segment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use CasesSegment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use Cases
 

Kürzlich hochgeladen

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 

Kürzlich hochgeladen (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 

Shmcfarl slb66-slb64-nat64-proxy

  • 1. Cisco Solutions for Content Access in the DC/ Internet Edge Cisco Public
  • 2. Dual Stack the DC and Internet Edge Internet   Dual stack the same ISP 1 ISP 2 network you have   If not, do just enough Edge Router IPv6-only to get you going   Most design elements Outer Switch should be the same as with IPv4 (minus pure Security NAT/PAT) Services Enterprise Core   You may have to embrace SLB64/ Proxy/NAT64 for IPv4- Inner switching/ only apps DMZ/Server Farm SLB/Proxy/ Compute Internal Enterprise © 2010 Cisco and/or its affiliates. All rights reserved. Web, Email, Other Cisco Public 2
  • 3. What if I Can’t Dual Stack My Edge? Server Load Balancer Stateful NAT64 Proxy IPv6 IPv6 IPv6 Internet Internet Internet IPv6 IPv6 IPv6 -Apache -MSFT PortProxy IPv4 IPv4 IPv4 IPv4-only Host IPv4-only Host IPv4-only Host © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  • 4. ACE + IPv6 / ASR + NAT64 ACE SLB66 ACE SLB64 v6 v4 v6 v6 v6 v4 v6 v4 A5(1.0) (ACE30, ACE4710) A5(1.0) (ACE30, ACE4710) Stateful NAT64 + SLB44 v6 v4 v4 server © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  • 5. ACE SLB66 – One Arm Mode 2001:db8:cafe:10::17 v6 VIP: 2001:db8:cafe:12::ace3 SNAT: 2001:db8:cafe:12::beef v6 2001:db8:cafe:12::15 2001:db8:cafe:12::25 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  • 6. Cisco ACE – Context Definition Interface Configuration (Admin Context) interface gigabitEthernet 1/1 channel-group 1 no shutdown interface gigabitEthernet 1/2 channel-group 1 no shutdown interface port-channel 1 switchport trunk allowed vlan 11-13 port-channel load-balance dst-ip Define WEB-V6 Context no shutdown context WEB-V6 allocate-interface vlan 12 interface vlan 13 ipv6 enable ip address 2001:db8:cafe:13::ace1/64 ip address 10.121.13.100 255.255.255.0 no shutdown ip route 0.0.0.0 0.0.0.0 10.121.13.1 ip route ::/0 vlan 13 fe80::5:73ff:fea0:2 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  • 7. WEB_V6 Context - MGMT class-map type management match-any mgmt-cm 2 match protocol xml-https any 3 match protocol https any 4 match protocol ssh any 5 match protocol snmp any 6 match protocol icmp any 7 match protocol http any 8 match protocol telnet any class-map type management match-any mgmt-cm-v6 2 match protocol icmpv6 anyv6 policy-map type management first-match MGMT class mgmt-cm permit class mgmt-cm-v6 permit interface vlan 12 service-policy input MGMT IP Access through the Cisco ACE access-list EVERYONE line 10 extended permit icmp any any access-list EVERYONE line 20 extended permit ip any any access-list EVERYONE-v6 line 8 extended permit icmpv6 anyv6 anyv6 access-list EVERYONE-v6 line 16 extended permit ip anyv6 anyv6 interface vlan 12 access-group input EVERYONE access-group input EVERYONE-v6 its affiliates. All rights reserved. © 2010 Cisco and/or Cisco Public 7
  • 8. WEB_V6 Context Specific Configurations class-map match-all WEB_V6_VIP probe icmp PING_V6_PROBE 2 match virtual-address 2001:db8:cafe:12::ace3 tcp eq www ip address 2001:db8:cafe:12::25 interval 15 policy-map type loadbalance first-match WEB_V6_SLB passdetect interval 60 class class-default! probe http WEB_V6_PROBE serverfarm WEB_V6_SF! interval 15 ! passdetect interval 5 policy-map multi-match WEB_V6_POL request method get url /welcome.png class WEB_V6_VIP expect status 200 200 loadbalance vip inservice open 1 loadbalance policy WEB_V6_SLB rserver host WEB_V6_1 loadbalance vip icmp-reply active ip address 2001:db8:cafe:12::25 nat dynamic 1 vlan 12 inservice rserver host WEB_V6_2 interface vlan 12 ip address 2001:db8:cafe:12::15 ipv6 enable inservice ip address 2001:db8:cafe:12::ace1/64 serverfarm host WEB_V6_SF access-group input EVERYONE predictor leastconns slowstart 300 access-group input EVERYONE-v6 probe PING_V6_PROBE nat-pool 1 2001:db8:cafe:12::beef probe WEB_V6_PROBE 2001:db8:cafe:12::beef/128 pat rserver WEB_V6_1 service-policy input MGMT inservice service-policy input WEB_V6_POL rserver WEB_V6_2 inservice ip route ::/0 vlan 12 Cisco Public fe80::5:73ff:fea0:2 © 2010 Cisco and/or its affiliates. All rights reserved. 8
  • 9. Health Monitoring (Probes) - ICMP ace-4710-1/WEB-V6# show probe probe : PING_V6_PROBE type : ICMP state : ACTIVE ---------------------------------------------- port : 0 address : 2001:DB8:CAFE:12::25 addr type : TRANSPARENT interval : 15 pass intvl : 60 pass count: 3 fail count: 3 recv timeout: 10 ------------------ probe results ------------------ associations ip-address port porttype probes failed passed health ------------ ----------------------+----+--------+------+------+------+------ serverfarm : WEB_V6_SF real : WEB_V6_1[0] 2001:DB8:CAFE:12::25 0 PROBE 6 0 6 SUCCESS © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  • 10. Health Monitoring (Probes) - HTTP probe : WEB_V6_PROBE type : HTTP state : ACTIVE ---------------------------------------------- port : 80 address : 0.0.0.0 addr type : - interval : 15 pass intvl : 5 pass count: 3 fail count: 3 recv timeout: 10 ------------------ probe results ------------------ associations ip-address port porttype probes failed passed health ------------ ----------------------+----+--------+------+------+------+------ 2001:DB8:CAFE:12::25 80 VIP 26 0 26 SUCCESS real : WEB_V6_2[0] 2001:DB8:CAFE:12::15 80 VIP 51 51 0 FAILED Source Destination Protocol Info 2001:db8:cafe:12::ace1 2001:db8:cafe:12::25 HTTP GET /welcome.png HTTP/1.1 Source Destination Protocol Info 2001:db8:cafe:12::25 2001:db8:cafe:12::ace1 HTTP HTTP/1.1 200 OK (PNG) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  • 11. Validation of Connection conn-id np dir proto source sport state vlan destination dport ----------+--+---+-----+------------------------------------------+-----+------+ 131884 1 in TCP 2001:db8:cafe:10::17 59374 ESTAB Client-2-VIP 12 2001:db8:cafe:12::ace3 80 129952 1 out TCP 2001:db8:cafe:12::25 80 ESTAB Svr-2-SNAT 12 2001:db8:cafe:12::beef 1027 C:>netstat Active Connections Proto Local Address Foreign Address State Server TCP [2001:db8:cafe:12::25]:80 [2001:db8:cafe:12::beef]:1027 ESTABLISHED © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  • 12. ACE Show Output (1) ace-4710-1/WEB-V6# show serverfarm serverfarm type rservers predictor current conns +--------------------+---------+--------+------------------+--------------- WEB_V6_SF HOST 2 LEASTCONNS 0 ace-4710-1/WEB-V6# show rserver rserver : WEB_V6_1, type: HOST state : OPERATIONAL (verified by ND response) -------------------------------------------connections----------- real weight state current total ---+---------------------+------+------------+----------+-------------------- serverfarm: WEB_V6_SF 2001:db8:cafe:12::25]:0 8 OPERATIONAL 0 3 rserver : WEB_V6_2, type: HOST state : ND_FAILED -------------------------------------------connections----------- real weight state current total ---+---------------------+------+------------+----------+-------------------- serverfarm: WEB_V6_SF [2001:db8:cafe:12::15]:0 8 ND_FAILED 0 0 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  • 13. ace-4710-1/WEB-V6# show service-policy Policy-map : WEB_V6_POL Status : ACTIVE ----------------------------------------- ACE Show Output (2) Interface: vlan 1 12 service-policy: WEB_V6_POL class: WEB_V6_VIP nat: nat dynamic 1 vlan 12 curr conns : 0 , hit count : 2 dropped conns : 0 client pkt count : 35 , client byte count: 4145 server pkt count : 159 , server byte count: 197507 conn-rate-limit : 0 , drop-count : 0 bandwidth-rate-limit : 0 , drop-count : 0 loadbalance: L7 loadbalance policy: WEB_V6_SLB VIP ICMP Reply : ENABLED-WHEN-ACTIVE VIP State: INSERVICE VIP DCI state: VPC_DISABLED VIP DAD state: DAD_PASSED Persistence Rebalance: DISABLED curr conns : 0 , hit count : 23 dropped conns : 20 client pkt count : 121 , client byte count: 10563 server pkt count : 314 , server byte count: 392943 conn-rate-limit : 0 , drop-count : 0 bandwidth-rate-limit and/or 0 affiliates. All rights reserved. © 2010 Cisco : its , drop-count : 0 Cisco Public 13
  • 14. ACE SLB64 – One Arm Mode 2001:db8:cafe:10::17 v6 VIP: 2001:db8:cafe:12::ace4 SNAT: 10.121.12.90 v4 10.121.12.25 10.121.12.15 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  • 15. SLB64 Context Specific Configurations class-map match-all WEB_V6_V4_VIP 2 match virtual-address 2001:db8:cafe:12::ace4 tcp eq www probe http WEB_V4_PROBE interval 15 policy-map type loadbalance first-match WEB_V6_V4_SLB passdetect interval 5 class class-default request method get url /welcome.png serverfarm WEB_V6_V4_SF expect status 200 200 insert-http x-forward-for header-value "%is" open 1 nat dynamic 2 vlan 12 serverfarm primary rserver host WEB_V4_1 ip address 10.121.12.25 policy-map multi-match WEB_V6_POL inservice class WEB_V6_V4_VIP rserver host WEB_V4_2 loadbalance vip inservice ip address 10.121.12.15 loadbalance policy WEB_V6_V4_SLB inservice loadbalance vip icmp-reply active serverfarm host WEB_V6_V4_SF predictor leastconns slowstart 300 interface vlan 12 probe WEB_V4_PROBE ipv6 enable rserver WEB_V4_1 80 ip address 2001:db8:cafe:12::ace1/64 inservice ip address 10.121.12.45 255.255.255.0 rserver WEB_V4_2 80 access-group input EVERYONE inservice access-group input EVERYONE-v6 nat-pool 2 10.121.12.90 10.121.12.90 netmask 255.255.255.0 pat service-policy input MGMT service-policy inputCisco Public © 2010 Cisco and/or its affiliates. All rights reserved. WEB_V6_POL 15
  • 16. NAT64   Lots of RFCs to check out: RFC 6144 – Framework for IPv4/IPv6 Translation RFC 6052 – IPv6 Addressing of IPv4/IPv6 Translators RFC 6145 – IP/ICMP Translation Algorithm RFC 6146 – Stateful NAT64 RFC 6147 – DNS64   Stateless – Not your friend in the enterprise (corner case deployment) 1:1 mapping between IPv6 and IPv4 addresses (i.e. 254 IPv6 hosts-to-254 IPv4 hosts) Requires the IPv6-only hosts to use an “IPv4 translatable” address format   Stateful – What we are after for translating IPv6-only hosts to IPv4-only host(s) It is what it sounds like – keeps state between translated hosts Several deployment models (PAT/Overload, Dynamic 1:1, Static, etc…) This is what you will use to translate from IPv6 hosts (internal or Internet) to IPv4-only servers (internal DC or Internet Edge)   Papers on Stateless vs. Stateful and use cases for NAT64: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/ white_paper_c11-676277.html http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/ white_paper_c11-676278.html © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  • 17. Stateful NAT64 – Example Topology Static Example 10.121.13.52 DMZ/DC Internet IPv6 Host: 2001:db8:c150:10::16 10.121.12.70 G0/0/0: G0/0/1: 2001:DB8:CAFE:5555::1/64 10.121.220.1/24 interface GigabitEthernet0/0/0 ASR access-list EDGE_ACL ipv6 permit ipv6 any host 2001:DB8:CAFE:BEEF::46 description to 6k-dmz-1 Outside permit ipv6 any host 2001:DB8:CAFE:BEEF::34 no ip address ! ipv6 address 2001:DB8:CAFE:5555::1/64 nat64 prefix stateful 2001:DB8:CAFE:BEEF::/96 ipv6 eigrp 10 nat64 v4 pool EDGE 10.121.55.1 10.121.55.1 nat64 enable nat64 v4v6 static 10.121.12.70 2001:DB8:CAFE:BEEF::46 ! nat64 v4v6 static 10.121.13.52 2001:DB8:CAFE:BEEF::34 interface GigabitEthernet0/0/1 nat64 v6v4 list EDGE_ACL pool EDGE overload description to 6k-dmz-1 Inside ip address 10.121.220.1 255.255.255.0 nat64 enable © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 1 7
  • 18. NAT64 Translations Reference ASR1k#sh nat64 translations Proto Original IPv4 Translated IPv4 Translated IPv6 Original IPv6 ---------------------------------------------------------------------------- --- 10.121.13.52 2001:db8:cafe:beef::48 Static --- --- --- 10.121.12.70 2001:db8:cafe:beef::46 Entries --- --- tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1030 [2001:db8:cafe:10::16]:53601 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1029 [2001:db8:cafe:10::16]:53600 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 Dynamic 10.121.55.1:1028 [2001:db8:cafe:10::16]:53599 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 Overloaded 10.121.55.1:1024 [2001:db8:cafe:10::16]:53593 Entries tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1025 [2001:db8:cafe:10::16]:53596 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1026 [2001:db8:cafe:10::16]:53597 tcp 10.121.12.70:80 [2001:db8:cafe:beef::46]:80 10.121.55.1:1027 [2001:db8:cafe:10::16]:53598 Total number of translations: 9 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  • 19. NAT64 Statistics ASR1k#show nat64 statistics Reference Total active translations: 6 (3 static, 3 dynamic; 3 extended) Sessions found: 171 Sessions created: 3 Global Stats: Packets translated (IPv4 -> IPv6) Stateless: 0 Stateful: 100 Packets translated (IPv6 -> IPv4) Stateless: 0 Stateful: 74 Interface Statistics GigabitEthernet0/0/0 (IPv4 not configured, IPv6 configured): Packets translated (IPv6 -> IPv4) Stateless: 0 Stateful: 74 GigabitEthernet0/0/1 (IPv4 configured, IPv6 not configured): Packets translated (IPv4 -> IPv6) Stateful: 100 Dynamic Mapping Statistics v6v4 access-list EDGE_ACL pool EDGE refcount 3 pool EDGE: start 10.121.55.1 end 10.121.55.1 total addresses 1, allocated 1 (100%) *Output reduced for clarity © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  • 20. Apache2 Reverse Proxy Netstat - Client TCP [2001:db8:beef:10::16]:54640 [2001:db8:cafe:12::5]:80 ESTABLISHED TCP [2001:db8:beef:10::16]:54641 [2001:db8:cafe:12::5]:80 ESTABLISHED 2001:db8:beef:10::16 Netstat - Proxy Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 10.121.11.125:40475 10.121.11.60:80 ESTABLISHED 2001:db8:cafe:12::5 tcp 0 0 10.121.11.125:40476 10.121.11.60:80 ESTABLISHED tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54640 ESTABLISHED tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54641 ESTABLISHED 10.121.11.125 Apache One-Arm Apache Dual- Attached Netstat - Server TCP 10.121.11.60:80 10.121.11.125:40475 ESTABLISHED TCP 10.121.11.60:80 10.121.11.125:40476 ESTABLISHED IPv4-only Web Server <VirtualHost *:80>         ProxyPass / http://10.121.11.60:80/ ProxyPassReverse / 2010 Cisco and/or its affiliates. All rights reserved. http://10.121.11.60:80/ © Cisco Public 20
  • 21. Microsoft Windows PortProxy   Can be treated like an appliance One-arm 2001:db8:cafe:12::25 Dual-attached (better perf) 10.121.12.25   Outside traffic comes in PortProxy One-Arm VIP=10.121.5.20 on IPv6—PortProxy to ACE PortProxy v4 (VIP address on Dual-Attached ACE)   Traffic is IPv4 to server IPv4-only Web Server © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  • 22. PortProxy Configuration/Monitoring   adsf netsh interface portproxy>sh all Listen on ipv6: Connect to ipv4: Address Port Address Port --------------- ---------- --------------- ---------- 2001:db8:cafe:12::25 80 10.121.5.20 80 Active Connections Proto Local Address Foreign Address State TCP 10.121.12.25:58141 10.121.5.20:http ESTABLISHED TCP [2001:db8:cafe:12::25]:80 [2001:db8:cafe:10::17]:52047 ESTABLISHED conn-id np dir proto vlan source destination state ----------+--+---+-----+----+---------------------+---------------------+------+ 14 1 in TCP 5 10.121.12.25:58573 10.121.5.20:80 ESTAB 13 1 out TCP 5 10.121.14.15:80 10.121.5.12:1062 ESTAB © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 22