Suche senden
Hochladen
Michael De Leo Global IPv6 Summit México 2009
•
3 gefällt mir
•
1,016 views
Jaime Olmos
Folgen
Enterprise IPv6 Deployment Michael De Leo Office of the CTO mdeleo@cisco.com
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 89
Empfohlen
Cisco Cloud Briefing and Experiences for Cloud Slam 2011
Cisco Cloud Briefing and Experiences for Cloud Slam 2011
Cisco Collaboration
OpenStack Summit Portland April 2013 talk - Quantum and EC2
OpenStack Summit Portland April 2013 talk - Quantum and EC2
Naveen Joy
CV-of-Saif-CCIE-Collaboration
CV-of-Saif-CCIE-Collaboration
Saiful Jehadi
Daniel cornejo cisco. centros de datos unificados y su evolución hacia la nub...
Daniel cornejo cisco. centros de datos unificados y su evolución hacia la nub...
datacentersummit
Mpls22 sg vol.1 MADE IN INDIA
Mpls22 sg vol.1 MADE IN INDIA
Visalini Kumaraswamy
Practical And Possible 100 G Webinar
Practical And Possible 100 G Webinar
cj01950
Simplifying Operations: Automation & Orchestration with Juniper Switching
Simplifying Operations: Automation & Orchestration with Juniper Switching
Juniper Networks
The New Network for the Data Center
The New Network for the Data Center
Juniper Networks
Weitere ähnliche Inhalte
Was ist angesagt?
Ccda desgn v2.0 sg ppt to pdf
Ccda desgn v2.0 sg ppt to pdf
LuzMarina116
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
Spiffy
Developments in Managed Content Distribution
Developments in Managed Content Distribution
Cisco Service Provider
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Cisco Canada
Cisco 640-864 Complete Study Guide
Cisco 640-864 Complete Study Guide
nustouch
Ethernet and TCP optimizations
Ethernet and TCP optimizations
Jeff Squyres
CVamrishBel
CVamrishBel
Amrish Paul
Mei Yick Offer MPLS
Mei Yick Offer MPLS
Tony Ma
Converged Data Center: FCoE, iSCSI and the Future of Storage Networking
Converged Data Center: FCoE, iSCSI and the Future of Storage Networking
EMC
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Jaime Olmos
Cisco Presentation 1
Cisco Presentation 1
changcai
Cisco small business_communicate_by_leah_davis
Cisco small business_communicate_by_leah_davis
gkmurase
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
SSA KPI
Next Generation Video Services Fundamentals
Next Generation Video Services Fundamentals
Cisco Canada
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
IPv6no
Technology Development and Innovation at Cisco
Technology Development and Innovation at Cisco
Cisco Canada
Ucs overview sap-rnicola
Ucs overview sap-rnicola
Robert Nicola
Cloudify summit2012 pub
Cloudify summit2012 pub
Gary Berger
Network automation seminar
Network automation seminar
patmisasi
Was ist angesagt?
(19)
Ccda desgn v2.0 sg ppt to pdf
Ccda desgn v2.0 sg ppt to pdf
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
Developments in Managed Content Distribution
Developments in Managed Content Distribution
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Cisco 640-864 Complete Study Guide
Cisco 640-864 Complete Study Guide
Ethernet and TCP optimizations
Ethernet and TCP optimizations
CVamrishBel
CVamrishBel
Mei Yick Offer MPLS
Mei Yick Offer MPLS
Converged Data Center: FCoE, iSCSI and the Future of Storage Networking
Converged Data Center: FCoE, iSCSI and the Future of Storage Networking
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Cisco Presentation 1
Cisco Presentation 1
Cisco small business_communicate_by_leah_davis
Cisco small business_communicate_by_leah_davis
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Next Generation Video Services Fundamentals
Next Generation Video Services Fundamentals
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
Technology Development and Innovation at Cisco
Technology Development and Innovation at Cisco
Ucs overview sap-rnicola
Ucs overview sap-rnicola
Cloudify summit2012 pub
Cloudify summit2012 pub
Network automation seminar
Network automation seminar
Andere mochten auch
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011
IPv6no
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and Services
Cisco Canada
IPv6 Best Practice
IPv6 Best Practice
flyingpotato
IPv6 at LinkedIn
IPv6 at LinkedIn
APNIC
IPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise Networks
Ivan Pepelnjak
Enterprise IPv6 Deployment
Enterprise IPv6 Deployment
Cisco Canada
IPv6 Transition Strategies
IPv6 Transition Strategies
APNIC
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44
Jisc
Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44
Jisc
Internet Protocol version 6
Internet Protocol version 6
Rekha Yadav
IPV6 ADDRESS
IPV6 ADDRESS
Jothi Lakshmi
IPv6 Readiness Measurement BoF Report
IPv6 Readiness Measurement BoF Report
APNIC
Akamai IPv6 Measurement
Akamai IPv6 Measurement
APNIC
IPv4 to IPv6
IPv4 to IPv6
mithilak
Andere mochten auch
(14)
Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and Services
IPv6 Best Practice
IPv6 Best Practice
IPv6 at LinkedIn
IPv6 at LinkedIn
IPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise Networks
Enterprise IPv6 Deployment
Enterprise IPv6 Deployment
IPv6 Transition Strategies
IPv6 Transition Strategies
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44
Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44
Internet Protocol version 6
Internet Protocol version 6
IPV6 ADDRESS
IPV6 ADDRESS
IPv6 Readiness Measurement BoF Report
IPv6 Readiness Measurement BoF Report
Akamai IPv6 Measurement
Akamai IPv6 Measurement
IPv4 to IPv6
IPv4 to IPv6
Ähnlich wie Michael De Leo Global IPv6 Summit México 2009
IPv6IntegrationBestPracticesfinal.pdf
IPv6IntegrationBestPracticesfinal.pdf
CPUHogg
Intel open stack v1
Intel open stack v1
benbenhappy
Intel open stack v1
Intel open stack v1
OpenCity Community
IT Essential - Course Overview
IT Essential - Course Overview
Irsandi Hasan
IPv6 for the Enterprise
IPv6 for the Enterprise
John Rhoton
Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008
OpenSourceCamp
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
Nur Shiqim Chok
IPv6 Support at NEC CEs
IPv6 Support at NEC CEs
APNIC
IPv6: the what, why and how
IPv6: the what, why and how
Orange Business Services Asia Pacific
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
Nur Shiqim Chok
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
NetworkCollaborators
Journey to IPv6 - A Real-World deployment for Mobiles
Journey to IPv6 - A Real-World deployment for Mobiles
APNIC
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Cisco Russia
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
NetworkCollaborators
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centers
scarisbrick
Salman Mahmood Resume
Salman Mahmood Resume
salman321
implementing IPv6 in an ISP network, case study and lessons learned - Amos Ro...
implementing IPv6 in an ISP network, case study and lessons learned - Amos Ro...
Israeli Internet Association technology committee
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
NetworkCollaborators
Resume for Network Engineer, Network Security, IT Management L2 / L3
Resume for Network Engineer, Network Security, IT Management L2 / L3
Deepak Kumar
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
NetworkCollaborators
Ähnlich wie Michael De Leo Global IPv6 Summit México 2009
(20)
IPv6IntegrationBestPracticesfinal.pdf
IPv6IntegrationBestPracticesfinal.pdf
Intel open stack v1
Intel open stack v1
Intel open stack v1
Intel open stack v1
IT Essential - Course Overview
IT Essential - Course Overview
IPv6 for the Enterprise
IPv6 for the Enterprise
Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
IPv6 Support at NEC CEs
IPv6 Support at NEC CEs
IPv6: the what, why and how
IPv6: the what, why and how
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Journey to IPv6 - A Real-World deployment for Mobiles
Journey to IPv6 - A Real-World deployment for Mobiles
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centers
Salman Mahmood Resume
Salman Mahmood Resume
implementing IPv6 in an ISP network, case study and lessons learned - Amos Ro...
implementing IPv6 in an ISP network, case study and lessons learned - Amos Ro...
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
Resume for Network Engineer, Network Security, IT Management L2 / L3
Resume for Network Engineer, Network Security, IT Management L2 / L3
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Mehr von Jaime Olmos
Taller monitoreo CUDI 2010
Taller monitoreo CUDI 2010
Jaime Olmos
Luciano Romero Convergencia Fijo Móvil
Luciano Romero Convergencia Fijo Móvil
Jaime Olmos
Medios UdeG
Medios UdeG
Jaime Olmos
Medios UdeG
Medios UdeG
Jaime Olmos
Universidad de Guadalajara
Universidad de Guadalajara
Jaime Olmos
Renata
Renata
Jaime Olmos
Welcome To Multimedia & Ipv6 Collaboration Network
Welcome To Multimedia & Ipv6 Collaboration Network
Jaime Olmos
Twitter Lphinojosa
Twitter Lphinojosa
Jaime Olmos
Sg Software Guru Inicio
Sg Software Guru Inicio
Jaime Olmos
Observatorio IPv6
Observatorio IPv6
Jaime Olmos
Eventos Cudi
Eventos Cudi
Jaime Olmos
Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...
Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...
Jaime Olmos
Erik Huesca Global IPv6 Summit México 2009
Erik Huesca Global IPv6 Summit México 2009
Jaime Olmos
Enrique Melrose Global IPv6 Summit México 2009
Enrique Melrose Global IPv6 Summit México 2009
Jaime Olmos
Carlos Silva Ponce de León Global IPv6 Summit México 2009
Carlos Silva Ponce de León Global IPv6 Summit México 2009
Jaime Olmos
José Alberto Incera Diéguez Global IPv6 Summit México 2009
José Alberto Incera Diéguez Global IPv6 Summit México 2009
Jaime Olmos
Isidro Cerda Global IPv6 Summit México 2009
Isidro Cerda Global IPv6 Summit México 2009
Jaime Olmos
Raul Echeverría Global IPv6 Summit México 2009
Raul Echeverría Global IPv6 Summit México 2009
Jaime Olmos
Mehr von Jaime Olmos
(18)
Taller monitoreo CUDI 2010
Taller monitoreo CUDI 2010
Luciano Romero Convergencia Fijo Móvil
Luciano Romero Convergencia Fijo Móvil
Medios UdeG
Medios UdeG
Medios UdeG
Medios UdeG
Universidad de Guadalajara
Universidad de Guadalajara
Renata
Renata
Welcome To Multimedia & Ipv6 Collaboration Network
Welcome To Multimedia & Ipv6 Collaboration Network
Twitter Lphinojosa
Twitter Lphinojosa
Sg Software Guru Inicio
Sg Software Guru Inicio
Observatorio IPv6
Observatorio IPv6
Eventos Cudi
Eventos Cudi
Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...
Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...
Erik Huesca Global IPv6 Summit México 2009
Erik Huesca Global IPv6 Summit México 2009
Enrique Melrose Global IPv6 Summit México 2009
Enrique Melrose Global IPv6 Summit México 2009
Carlos Silva Ponce de León Global IPv6 Summit México 2009
Carlos Silva Ponce de León Global IPv6 Summit México 2009
José Alberto Incera Diéguez Global IPv6 Summit México 2009
José Alberto Incera Diéguez Global IPv6 Summit México 2009
Isidro Cerda Global IPv6 Summit México 2009
Isidro Cerda Global IPv6 Summit México 2009
Raul Echeverría Global IPv6 Summit México 2009
Raul Echeverría Global IPv6 Summit México 2009
Kürzlich hochgeladen
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
IES VE
Introduction to Quantum Computing
Introduction to Quantum Computing
GDSC PJATK
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IES VE
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
Anna Loughnan Colquhoun
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
DianaGray10
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
ThousandEyes
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
D Cloud Solutions
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
Jamie (Taka) Wang
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
francesco barbera
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
David Newbury
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
bruanjhuli
Nanopower In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
Pedro Manuel
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
Udaiappa Ramachandran
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
Matt Ray
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
Md Hossain Ali
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
Seth Reyes
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Aijun Zhang
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
UiPathCommunity
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
Adtran
Designing A Time bound resource download URL
Designing A Time bound resource download URL
Runcy Oommen
Kürzlich hochgeladen
(20)
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Introduction to Quantum Computing
Introduction to Quantum Computing
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
Nanopower In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
Designing A Time bound resource download URL
Designing A Time bound resource download URL
Michael De Leo Global IPv6 Summit México 2009
1.
Enterprise IPv6
Deployment Michael De Leo Office of the CTO mdeleo@cisco.com Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Reference Materials Deploying IPv6 in Campus Networks: http://www.cisco.com/univercd/cc/td/doc/solution/ campipv6.pdf Deploying IPv6 in Branch Networks: http://www.cisco.com/univercd/cc/td/doc/solution/ brchipv6.pdf CCO IPv6 Main Page: http://www.cisco.com/go/ipv6 Cisco Network Designs: http://www.cisco.com/go/srnd Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 2 © 2007, Cisco Systems, Inc. All rights reserved. 1 Presentation_ID.scr
2.
Agenda
Address Considerations General Concepts Infrastructure Deployment Campus/Data Center WAN/Branch Remote Access Planning and Deployment Summary Appendix—For Reference Only Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 3 The Need for IPv6 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 4 © 2007, Cisco Systems, Inc. All rights reserved. 2 Presentation_ID.scr
3.
Monitoring Market Drivers
Address space depletion National IT Strategy U.S. Federal Mandate IPv6 Task Force and promotion councils: Africa, India, Japan, Korea,… China Next Generation Internet (CNGI) project European Commission sponsored projects IP NGN DOCSIS 3.0, FTTH, HDTV, Quad IPv6 “on” & “preferred” by default Play Applications only running Mobile SP – 3G, WiMax, PWLAN over IPv6 (P2P framework) Networks in Motion Networked Sensors, ie: AIRS NAT Overlap – M&A MSFT Vista & Server 2008 Infrastructure Evolution Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 5 IPv6 on the Factory Floor Corporate IT Network Mgmt for IPv6 IPv6 Enabled Back-Office Mainframes No NAT/PAT and Servers (ERP, MES, CAPP, PDM, etc.) Central NMS Office Applications, Extranet Internetworking, Data Servers, Storage Service Partners (MRO) Video Feed Programmable Logic IPv6 IPsec Human Machine Controllers (PLC) Interface (HMI) PC Based Extend Controllers Ethernet Wireless IP Video Monitoring Stateless Autoconfiguration Motors, Drives, Actuators Robotics Scanner Handheld Sensors Mobile IPv6 Device Level Network Ethernet Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 6 © 2007, Cisco Systems, Inc. All rights reserved. 3 Presentation_ID.scr
4.
Operating System Support
Every major OS supports IPv6 today Windows Vista/Server 2008—top-to-bottom TCP/IP stack re-design IPv6 is on by default and preferred over IPv4 (considering network/DNS/ application support) Tunnels will be used before IPv4 if required by IPv6-enabled application ISATAP, Teredo, 6to4, configured All applications and services that ship with Vista/Server 2008 support IPv4 and IPv6 (IPv6-only is supported) Active Directory, IIS, File/Print/Fax, WINS/DNS/DHCP/LDAP, Windows Media Services, Terminal Services, Network Access Services—Remote Access (VPN/Dial-up), Network Access Protection (NAP), Windows Deployment Service, Certificate Services, SharePoint services, Network Load-Balancing, Internet Authentication Server, Server Clustering, etc. http://www.microsoft.com/technet/network/ipv6/default.mspx Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 7 NAT Overlap 10.0.0.0 address space Sub-Company 1 IPv6 enables the network to provide .3 access to services between sites 10.0.0.0 address space Corp HQ 2001:DB8:1:2::3 Corporate 10.0.0.0 address space Backbone .21 .3 Static NAT entries for each 2001:DB8:1:1::3 Sub-Company 2 server X how many?? 2001:DB8:1:3::21 Merger and acquisition complexity force many to leave existing IPv4 address space in place vs. full integration/consolidation When server-to-server or client-to-server service is required then single/double static NAT translations are often required IPv6 can be deployed to enable service access per site and/or per application Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 8 © 2007, Cisco Systems, Inc. All rights reserved. 4 Presentation_ID.scr
5.
Address
Considerations Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 9 Hierarchical Addressing and Aggregation Site 1 2001:DB8:0001:0001::/64 Only 2001:DB8:0001:0002::/64 Announces the /32 Prefix ISP 2001:DB8:0001::/48 2001:DB8::/32 Site 2 2001:DB8:0002:0001::/64 IPv6 Internet 2001:DB8:0002:0002::/64 2000::/3 2001:DB8:0002::/48 Prefix assignment can be larger/smaller http://www.icann.org/announcements/announcement-12oct06.htm Provider independent proposal: http://www.arin.net/policy/proposals/2005_1.html Be careful when using /127 on P2P links (See RFC 3627) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 10 © 2007, Cisco Systems, Inc. All rights reserved. 5 Presentation_ID.scr
6.
Do I Get
PI or PA? It depends PI space is great for ARIN controlled space (not all RIRs have approved PI space) PA is a great space if you plan to use the same SP for a very long time or you plan to NAT everything with IPv6 (not likely) More important things to consider—do you get a prefix for the entire company or do you get one prefix per site (what defines a site?) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 11 ULA, ULA + Global or Global What type of addressing should I deploy internal to my network? It depends: ULA-only—Today, no IPv6 NAT is useable in production so using ULA-only will not work externally to your network ULA + Global allows for the best of both worlds but at a price— much more address management with DHCP, DNS, routing and security—SAS does not always work as it should Global-only—Recommended approach but the old-school security folks that believe topology hiding is essential in security will bark at this option Let’s explore these options… Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 12 © 2007, Cisco Systems, Inc. All rights reserved. 6 Presentation_ID.scr
7.
Unique-Local Addressing (RFC4193)
Used for internal communications, inter-site VPNs Not routable on the internet—basically RFC1918 for IPv6 only better—less likelihood of collisions Default prefix is /48 /48 limits use in large organizations that will need more space Semi-random generator prohibits generating sequentially ‘useable’ prefixes—no easy way to have aggregation when using multiple /48s Why not hack the generator to produce something larger than a /48 or even sequential / 48s? Is it ‘legal’ to use something other than a /48? Perhaps the entire space? Forget legal, is it practical? Probably, but with dangers—remember the idea for ULA; internal addressing with a slim likelihood of address collisions with M&A. By consuming a larger space or the entire ULA space you will significantly increase the chances of pain in the future with M&A Routing/security control You must always implement filters/ACLs to block any packets going in or out of your network (at the Internet perimeter) that contain a SA/DA that is in the ULA range— today this is the only way the ULA scope can be enforced Generate your own ULA: http://www.sixxs.net/tools/grh/ula/ Generated ULA= fd9c:58ed:7d73::/48 * MAC address=00:0D:9D:93:A0:C3 (Hewlett Packard) * EUI64 address=020D9Dfffe93A0C3 * NTP date=cc5ff71943807789 cc5ff71976b28d86 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 13 ULA-Only Internet Global – 2001:DB8:CAFE::/ Requires NAT for IPv6 Branch 1 48 tern al x Glob al E Corp HQ rnal Inte ULA FD9C:58ED:7D73:2800::/64 Corporate Backbone Branch 2 ULA Space FD9C:58ED:7D73::/48 FD9C:58ED:7D73:3000::/64 FD9C:58ED:7D73::2::/64 Everything internal runs the ULA space A NAT supporting IPv6 or a proxy is required to access IPv6 hosts on the internet—must run filters to prevent any SA/DA in ULA range from being forwarded Works as it does today with IPv4 except that today, there are no scalable NAT/Proxies for IPv6 Removes the advantages of not having a NAT (i.e. application interoperability, global multicast, end-to-end connectivity) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 14 © 2007, Cisco Systems, Inc. All rights reserved. 7 Presentation_ID.scr
8.
ULA + Global
Internet Global – 2001:DB8:CAFE::/ Branch 1 48 Corp HQ FD9C:58ED:7D73:2800::/64 Corporate 2001:DB8:CAFE:2800::/64 Backbone Branch 2 ULA Space FD9C:58ED:7D73::/48 Global – 2001:DB8:CAFE::/48 FD9C:58ED:7D73:3000::/64 FD9C:58ED:7D73::2::/64 2001:DB8:CAFE:3000::/64 2001:DB8:CAFE:2::/64 Both ULA and Global are used internally except for internal-only hosts Source Address Selection (SAS) is used to determine which address to use when communicating with other nodes internally or externally In theory, ULA talks to ULA and Global talks to Global—SAS ‘should’ work this out ULA-only and Global-only hosts can talk to one another internal to the network Define a filter/policy that ensures your ULA prefix does not ‘leak’ out onto the Internet and ensure that no traffic can come in or out that has a ULA prefix in the SA/DA fields Management overhead for DHCP, DNS, routing, security, etc… Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 15 Considerations—ULA + Global Use DHCPv6 for ULA and Global—apply different policies for both (lifetimes, options, etc..) Check routability for both—can you reach an AD/DNS server regardless of which address you have? Any policy using IPv6 addresses must be configured for the appropriate range (QoS, ACL, load-balancers, PBR, etc.) If using SLAAC for both—Microsoft Windows allows you to enable/disable privacy extensions globally—this means you are either using them for both or not at all!!! One option is to use SLAAC for the Global range and enable privacy extensions and then use DHCPv6 for ULA with another IID value (EUI-64, reserved/admin defined, etc.) Temporary Preferred 6d23h59m55s 23h59m55s 2001:db8:cafe:2:cd22:7629:f726:6a6b Dhcp Preferred 13d1h33m55s 6d1h33m55s fd9c:58ed:7d73:1002:8828:723c:275e:846d Other Preferred infinite infinite fe80::8828:723c:275e:846d%8 Unlike Global and link-local scopes ULA is not automatically controlled at the appropriate boundary—you must prevent ULA prefix from going out or in at your perimeter SAS behavior is OS dependent and there have been issues with it working reliably Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 16 © 2007, Cisco Systems, Inc. All rights reserved. 8 Presentation_ID.scr
9.
Randomized IID and
Privacy Extensions Enabled by default on Microsoft Windows Enable/disable via GPO or CLI netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent netsh interface ipv6 set privacy state=disabled store=persistent Alternatively, use DHCP (see later) to a specific pool Randomized address are generated for non-temporary autoconfigured addresses including public and link-local—used instead of EUI-64 addresses Randomized addresses engage Optimistic DAD—likelihood of duplicate LL address is rare so RS can be sent before full DAD completion Windows Vista/2008 send RS while DAD is being performed to save time for interface initialization (read RFC4862 on why this is ok) Privacy extensions are used with SLAAC Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 17 ULA + Global Example Addr Type DAD State Valid Life Pref. Life Address --------- ----------- ---------- ---------- ------------------------ Dhcp Preferred 13d23h48m24s 6d23h48m24s 2001:db8:cafe:2:c1b5:cc19:f87e:3c41 Dhcp Preferred 13d23h48m24s 6d23h48m24s fd9c:58ed:7d73:1002:8828:723c:275e:846d Other Preferred infinite infinite fe80::8828:723c:275e:846d%8 interface Vlan2 DHCPv6 Client description ACCESS-DATA-2 ipv6 address 2001:DB8:CAFE:2::D63/64 Network ipv6 address FD9C:58ED:7D73:1002::D63/64 ipv6 nd prefix 2001:DB8:CAFE:2::/64 no-advertise ipv6 nd prefix FD9C:58ED:7D73:1002::/64 no-advertise ipv6 nd managed-config-flag DHCPv6 Server ipv6 dhcp relay destination 2001:DB8:CAFE:11::9 2001:DB8:CAFE:11::9 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 18 © 2007, Cisco Systems, Inc. All rights reserved. 9 Presentation_ID.scr
10.
Global-Only
Internet Global – 2001:DB8:CAFE::/ Branch 1 48 Corp HQ 2001:DB8:CAFE:2800::/64 Corporate Backbone Branch 2 Global – 2001:DB8:CAFE::/48 2001:DB8:CAFE:3000::/64 2001:DB8:CAFE:2::/64 Global is used everywhere No issues with SAS No requirements to have NAT for ULA-to-Global translation—but, NAT may be used for other purposes Easier management of DHCP, DNS, security, etc. Only downside is breaking the habit of believing that topology hiding is a good security method Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 19 Link Level—Prefix Length Considerations 64 bits < 64 bits > 64 bits Recommended by Enables more hosts Address space conservation RFC3177 and IAB/ per broadcast Special cases: IESG domain /126—valid for p2p Consistency makes Considered bad /127—not valid for p2p management easy practice (RFC3627) /128—loopback MUST for SLAAC 64 bits offers more (MSFT DHCPv6 space for hosts than Complicates management also) the media can support efficiently Must avoid overlap with specific addresses: Router Anycast (RFC3513) Significant Address Embedded RP (RFC3956) space loss ISATAP addresses Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 20 © 2007, Cisco Systems, Inc. All rights reserved. 10 Presentation_ID.scr
11.
Using Link-Local for
Non-Access Connections Under Research What if you did not have to worry about addressing the network infrastructure for the purpose of routing? IPv6 IGPs use LL addressing Only use Global or ULA addresses at the edges for host assignment For IPv6 access to the network device itself use a loopback What happens to route filters? ACLs?—Nothing, unless you are blocking to/from the router itself Stuff to think about: Always use a RID Some Cisco devices require “ipv6 enable” on the interface in order to generate and use a link-local address Enable the IGP on each interface used for routing or that requires its prefix to be advertised Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 21 Using LL + Loopback Only 2001:db8:cafe:100::/64 2001:db8:cafe:200::/64 998::1/128 998::2/128 ipv6 unicast-routing ipv6 unicast-routing ! ! interface Loopback0 interface Loopback0 ipv6 address 2001:DB8:CAFE:998::1/128 ipv6 address 2001:DB8:CAFE:998::2/128 ipv6 eigrp 10 ipv6 eigrp 10 ! ! interface Vlan200 interface GigabitEthernet3/4 ipv6 address 2001:DB8:CAFE:200::1/64 ipv6 eigrp 10 ipv6 eigrp 10 ! ! interface GigabitEthernet1/2 interface GigabitEthernet1/1 ipv6 eigrp 10 ipv6 enable ! ipv6 eigrp 10 ipv6 router eigrp 10 ! router-id 10.99.8.2 ipv6 router eigrp 10 no shutdown router-id 10.99.8.1 IPv6-EIGRP neighbors for process 10 no shutdown 0 Link-local address: Gi1/2 FE80::212:D9FF:FE92:DE77 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 22 © 2007, Cisco Systems, Inc. All rights reserved. 11 Presentation_ID.scr
12.
Interface-ID Selection
Network Devices Reconnaissance for network devices—the search for something to attack Use random 64-bit interface-IDs for network devices 2001:DB8:CAFE:2::1/64—Common IID 2001:DB8:CAFE:2::9A43:BC5D/64—Random IID 2001:DB8:CAFE:2::A001:1010/64—Semi-random IID Operational management challenges with this type of numbering scheme Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 23 DHCPv6 Updated version of DHCP for IPv4 Client detects the presence of routers on the link If found, then examines router advertisements to determine if DHCP can or should be used If no router found or if DHCP can be used, then DHCP Solicit message is sent to the All-DHCP-Agents multicast address Using the link-local address as the source address Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 24 © 2007, Cisco Systems, Inc. All rights reserved. 12 Presentation_ID.scr
13.
DHCPv6 Operation
Client Relay Server Solicit Relay-Fwd w/ Solicit Relay-Reply w/Advertise Advertise Request Relay-Fwd w/ Request Relay-Reply w/Reply Reply All_DHCP_Relay_Agents_and_Servers (FF02::1:2) All_DHCP_Servers (FF05::1:3) DHCP Messages: clients listen UDP port 546; servers and relay agents listen on UDP port 547 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 25 Stateful/Stateless DHCPv6 Stateful and stateless DHCPv6 server Cisco Network Registrar: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/ Microsoft Windows Server 2008: http://technet2.microsoft.com/windowsserver2008/en/library/ bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=true Dibbler: http://klub.com.pl/dhcpv6/ DHCPv6 Relay—supported on routers and Catalyst interface FastEthernet0/1 IPv6 Enabled Host description CLIENT LINK ipv6 address 2001:DB8:CAFE:11::1/64 Network ipv6 nd prefix 2001:DB8:CAFE:11::/64 no-advertise ipv6 nd managed-config-flag ipv6 nd other-config-flag ipv6 dhcp relay destination 2001:DB8:CAFE:10::2 DHCPv6 Server Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 26 © 2007, Cisco Systems, Inc. All rights reserved. 13 Presentation_ID.scr
14.
Basic DHCPv6 Message
Exchange DHCPv6 Client DHCPv6 Relay Agent DHCPv6 Server Solicit(IA_NA) Relay-Forw(Solicit(IA_NA)) Relay-Repl(Advertise(IA_NA(addr))) Advertise(IA_NA(addr)) Request(IA_NA) Relay-Forw(Request(IA_NA)) Relay-Repl(Reply(IA_NA(addr))) Reply(IA_NA(addr)) Address Assigned Timer Expiring Renew(IA_NA(addr)) Relay-Forw(Renew(IA_NA(addr))) Relay-Repl(Reply(IA_NA(addr))) Reply(IA_NA(addr)) Shutdown , link down , Release Release(IA_NA(addr)) Relay-Forw(Release(IA_NA(addr))) Relay-Repl(Reply(IA_NA(addr))) Reply(IA_NA(addr)) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 27 CNR/W2K8—DHCPv6 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 28 © 2007, Cisco Systems, Inc. All rights reserved. 14 Presentation_ID.scr
15.
IPv6 General Prefix
Provides an easy/fast way to deploy prefix changes Example:2001:db8:cafe::/48 = General Prefix Fill in interface specific fields after prefix “ESE ::11:0:0:0:1” = 2001:db8:cafe:11::1/64 ipv6 unicast-routing interface Vlan11 ipv6 cef ipv6 address ESE ::11:0:0:0:1/64 ipv6 general-prefix ESE 2001:DB8:CAFE::/48 ipv6 cef ! ! interface GigabitEthernet3/2 interface Vlan12 ipv6 address ESE ::2/126 ipv6 address ESE ::12:0:0:0:1/64 ipv6 cef ipv6 cef ! interface GigabitEthernet1/2 ipv6 address ESE ::E/126 ipv6 cef Global unicast address(es): 2001:DB8:CAFE:11::1, subnet is 2001:DB8:CAFE:11::/64 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 29 General Concepts — FHRP, Multicast and QoS Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 30 © 2007, Cisco Systems, Inc. All rights reserved. 15 Presentation_ID.scr
16.
First Hop Router
Redundancy HSRP for v6 Modification to Neighbor Advertisement, router HSRP HSRP Advertisement, and ICMPv6 redirects Active Standby Virtual MAC derived from HSRP group number and virtual IPv6 link-local address GLBP for v6 Modification to Neighbor Advertisement, Router GLBP GLBP Advertisement—GW is announced via RAs AVG, AVF, AVF SVF Virtual MAC derived from GLBP group number and virtual IPv6 link-local address Neighbor Unreachability Detection RA Sent For rudimentary HA at the first HOP Reach-time = 5,000 msec Hosts use NUD “reachable time” to cycle to next known default gateway (30s by default) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 31 First-Hop Redundancy When HSRP,GLBP and VRRP for IPv6 are not available NUD can be used for rudimentary HA at the first-hop (today this only applies to the Campus/DC—HSRP is available on routers) (config-if)#ipv6 nd reachable-time 5000 Hosts use NUD “reachable time” to cycle to next known default gateway (30 seconds by default) Can be combined with default router preference to determine primary gw: (config-if)#ipv6 nd router-preference {high | medium | low} Default Gateway . . . . . . . . . : 10.121.10.1 fe80::211:bcff:fec0:d000%4 fe80::211:bcff:fec0:c800%4 Reachable Time : 6s Access Layer Distribution Layer Base Reachable Time : 5s RA HSRP To Core Layer IPv4 RA HSRP for IPv4 RA’s with adjusted reachable-time for IPv6 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 32 © 2007, Cisco Systems, Inc. All rights reserved. 16 Presentation_ID.scr
17.
HSRP for IPv6
Many similarities with HSRP for IPv4 Changes occur in Neighbor Advertisement, Router Advertisement, HSRP HSRP Active Standby and ICMPv6 redirects No need to configure GW on hosts (RAs are sent from HSRP active router) Virtual MAC derived from HSRP group interface FastEthernet0/1 number and virtual IPv6 link- ipv6 address 2001:DB8:66:67::2/64 local address ipv6 cef IPv6 Virtual MAC range: standby version 2 0005.73A0.0000 - 0005.73A0.0FFF standby 1 ipv6 autoconfig (4096 addresses) standby 1 timers msec 250 msec 800 HSRP IPv6 UDP Port Number 2029 standby 1 preempt (IANA Assigned) standby 1 preempt delay minimum 180 No HSRP IPv6 secondary address standby 1 authentication md5 key-string cisco No HSRP IPv6 specific debug standby 1 track FastEthernet0/0 Host with GW of Virtual IP #route -A inet6 | grep ::/0 | grep eth2 ::/0 fe80::5:73ff:fea0:1 UGDA 1024 0 0 eth2 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 33 GLBP for IPv6 Many similarities with GLBP for IPv4 (CLI, load-balancing) GLBP GLBP Modification to Neighbor AVG, AVF AVF, SVF Advertisement, Router Advertisement GW is announced via RAs Virtual MAC derived from interface FastEthernet0/0 GLBP group number and ipv6 address 2001:DB8:1::1/64 virtual IPv6 link-local ipv6 cef address glbp 1 ipv6 autoconfig glbp 1 timers msec 250 msec 750 glbp 1 preempt delay minimum 180 glbp 1 authentication md5 key-string cisco AVG=Active Virtual Gateway AVF=Active Virtual Forwarder SVF=Standby Virtual Forwarder Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 34 © 2007, Cisco Systems, Inc. All rights reserved. 17 Presentation_ID.scr
18.
IPv6 Multicast Availability
Multicast Listener Discovery (MLD) Equivalent to IGMP PIM Group Modes: Sparse Mode, Bidirectional and Source Specific Multicast RP Deployment: Static, Embedded No Anycast-RP Yet S DR RP DR Host Multicast Control via MLD Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 35 Multicast Listener Discovery: MLD Multicast Host Membership Control MLD is equivalent to IGMP in IPv4 MLD messages are transported over ICMPv6 Host Multicast MLD uses link local source Control addresses via MLD MLD packets use “Router Alert” in extension header (RFC2711) Version number confusion: MLDv1 (RFC2710) like IGMPv2 (RFC2236) MLDv2 (RFC3810) like IGMPv3 (RFC3376) MLD snooping Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 36 © 2007, Cisco Systems, Inc. All rights reserved. 18 Presentation_ID.scr
19.
Multicast Deployment Options
With and Without Rendezvous Points (RP) SSM, No RPs R S DR ASM Single RP—Static definitions R S DR RP DR He is the RP He is the RP He is the RP ASM Across Single Shared PIM Domain, One RP—Embedded-RP Alert! I want GRP=A from RP=B R S DR RP Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 37 IPv6 QoS Syntax Changes IPv4 syntax has used “ip” following match/set statements Example: match ip dscp, set ip dscp Modification in QoS syntax to support IPv6 and IPv4 New match criteria match dscp — Match DSCP in v4/v6 match precedence — Match Precedence in v4/v6 New set criteria set dscp — Set DSCP in v4/v6 set precedence — Set Precedence in v4/v6 Additional support for IPv6 does not always require new Command Line Interface (CLI) Example—WRED Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 38 © 2007, Cisco Systems, Inc. All rights reserved. 19 Presentation_ID.scr
20.
Scalability and Performance
IPv6 Neighbor Cache = ARP for IPv4 In dual-stack networks the first hop routers/switches will now have more memory consumption due to IPv6 neighbor entries (can be multiple per host) + ARP entries ARP entry for host in the campus distribution layer: Internet 10.120.2.200 2 000d.6084.2c7a ARPA Vlan2 IPv6 Neighbor Cache entry: 2001:DB8:CAFE:2:2891:1C0C:F52A:9DF1 4 000d.6084.2c7a STALE Vl2 2001:DB8:CAFE:2:7DE5:E2B0:D4DF:97EC 16 000d.6084.2c7a STALE Vl2 FE80::7DE5:E2B0:D4DF:97EC 16 000d.6084.2c7a STALE Vl2 Full internet route tables—ensure to account for TCAM/memory requirements for both IPv4/IPv6—not all vendors can properly support both Multiple routing protocols—IPv4 and IPv6 will have separate routing protocols. Ensure enough CPU/Memory is present Control plane impact when using tunnels—terminate ISATAP/configured tunnels in HW platforms when attempting large scale deployments (hundreds/ thousands of tunnels) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 39 Infrastructure Deployment Start Here: Cisco IOS Software Release Specifics for IPv6 Features http://www.cisco.com/univercd/cc/td/doc/product/software/ ios123/123cgcr/ipv6_c/ftipv6s.htm Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 40 © 2007, Cisco Systems, Inc. All rights reserved. 20 Presentation_ID.scr
21.
IPv6 Coexistence
Dual Stack IPv4: 192.168.99.1 IPv6/IPv4 IPv6: 2001:db8:1::1/64 IPv6 Configured Configured IPv6 Host Tunnel/MPLS Tunnel/MPLS Host (6PE/6VPE) (6PE/6VPE) IPv6 MPLS/IPv4 IPv6 Network Network IPv4 ISATAP Tunneling (Intra-Site Automatic Tunnel Addressing Protocol) IPv6 ISATAP Router Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 41 Campus/Data Center Deploying IPv6 in Campus Networks: http://www.cisco.com/univercd/cc/td/doc/solution/campipv6.pdf ESE Campus Design and Implementation Guides: http://www.cisco.com/en/US/netsol/ns656/networking_solutions_ design_guidances_list.html#anchor2 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 42 © 2007, Cisco Systems, Inc. All rights reserved. 21 Presentation_ID.scr
22.
Campus IPv6 Deployment
Three Major Options Dual-stack—The way to go for obvious reasons: performance, security, QoS, multicast and management Layer 3 switches should support IPv6 forwarding in hardware Hybrid—Dual-stack where possible, tunnels for the rest, but all leveraging the existing design/gear Pro—Leverage existing gear and network design (traditional L2/L3 and routed access) Con—Tunnels (especially ISATAP) cause unnatural things to be done to infrastructure (like core acting as access layer) and ISATAP does not support IPv6 multicast IPv6 Service Block—A new network block used for interim connectivity for IPv6 overlay network Pro—Separation, control and flexibility (still supports traditional L2/L3 and routed access) Con—Cost (more gear), does not fully leverage existing design, still have to plan for a real dual-stack deployment and ISATAP does not support IPv6 multicast Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 43 Campus IPv6 Deployment Options Dual-Stack IPv4/IPv6 IPv6/IPv4 Dual Stack Hosts #1 requirement—switching/ routing platforms must support Access hardware based forwarding for Layer IPv6 L2/L3 Distribution IPv6 is transparent on L2 v6- v6- Layer switches but— Enabled Enabled Dual Stack Dual Stack L2 multicast—MLD snooping v6- v6- Core Layer IPv6 management—Telnet/SSH/ Enabled Enabled HTTP/SNMP Intelligent IP services on WLAN Aggregation v6-Enabled v6-Enabled Layer (DC) Expect to run the same IGPs as with IPv4 Access Layer (DC) Keep feature expectations simple Dual-stack Server Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 44 © 2007, Cisco Systems, Inc. All rights reserved. 22 Presentation_ID.scr
23.
Access Layer: Dual
Stack Catalyst 3560/3750—In order to enable IPv6 functionality the proper SDM template needs to be defined ( http://www.cisco.com/univercd/cc/td/doc/product/lan/ cat3750/12225see/scg/swsdm.htm# ) Switch(config)#sdm prefer dual-ipv4-and-ipv6 default If using a traditional Layer-2 access design, the only thing that needs to be enabled on the access switch (management/security discussed later) is MLD snooping: Switch(config)#ipv6 mld snooping 3560/3750 non-E series cannot support both HSRP for IPv4 and HSRP for IPv6 on the same interface http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/ software/release/12.2_46_se/release/notes/ OL16489.html#wp925898 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 45 Distribution Layer: HSRP, EIGRP and DHCPv6-relay (Layer 2 Access) ipv6 general-prefix ULA-CORE FD9C:58ED:7D73::/53 interface Vlan4 ipv6 general-prefix ULA-ACC FD9C:58ED:7D73:1000::/53 description Data VLAN for Access ipv6 unicast-routing ipv6 address ULA-ACC ::D63/64 ! ipv6 nd prefix FD9C:58ED:7D73:1002::/64 interface GigabitEthernet1/0/1 no-advertise description To 6k-core-right ipv6 nd managed-config-flag ipv6 address ULA-CORE ::3:0:0:0:D63/64 ipv6 dhcp relay destination fd9c:58ed: 7d73:811::9 ipv6 eigrp 10 ipv6 eigrp 10 ipv6 hello-interval eigrp 10 1 standby version 2 ipv6 hold-time eigrp 10 3 standby 2 ipv6 autoconfig ipv6 authentication mode eigrp 10 md5 standby 2 timers msec 250 msec 750 ipv6 authentication key-chain eigrp 10 eigrp standby 2 priority 110 ipv6 summary-address eigrp 10 FD9C:58ED:7D73:1000::/53 standby 2 preempt delay minimum 180 ! standby 2 authentication ese interface GigabitEthernet1/0/2 ! description To 6k-core-left ipv6 router eigrp 10 ipv6 address ULA-CORE ::C:0:0:0:D63/64 no shutdown ipv6 eigrp 10 router-id 10.122.10.10 ipv6 hello-interval eigrp 10 1 passive-interface Vlan4 ipv6 hold-time eigrp 10 3 passive-interface Loopback0 ipv6 authentication mode eigrp 10 md5 ipv6 authentication key-chain eigrp 10 eigrp ipv6 summary-address eigrp 10 FD9C:58ED:7D73:1000::/53 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 46 © 2007, Cisco Systems, Inc. All rights reserved. 23 Presentation_ID.scr
24.
Distribution Layer: OSPF
with NUD (Layer 2 Access) ipv6 unicast-routing interface Vlan2 ipv6 multicast-routing description Data VLAN for Access ipv6 cef distributed ipv6 address 2001:DB8:CAFE:2::A001:1010/64 ! ipv6 nd reachable-time 5000 interface GigabitEthernet1/1 ipv6 nd router-preference high description To 6k-core-right no ipv6 redirects ipv6 address 2001:DB8:CAFE:1105::A001:1010/64 ipv6 ospf 1 area 1 no ipv6 redirects ! ipv6 nd suppress-ra ipv6 router ospf 1 ipv6 ospf network point-to-point auto-cost reference-bandwidth 10000 ipv6 ospf 1 area 0 router-id 10.122.0.25 ipv6 ospf hello-interval 1 log-adjacency-changes ipv6 ospf dead-interval 3 area 2 range 2001:DB8:CAFE:xxxx::/xx ! timers spf 1 5 interface GigabitEthernet1/2 description To 6k-core-left ipv6 address 2001:DB8:CAFE:1106::A001:1010/64 no ipv6 redirects ipv6 nd suppress-ra ipv6 ospf network point-to-point ipv6 ospf 1 area 0 ipv6 ospf hello-interval 1 ipv6 ospf dead-interval 3 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 47 Access Layer: Dual Stack (Routed Access) ipv6 unicast-routing interface Vlan2 ipv6 cef description Data VLAN for Access ! ipv6 address 2001:DB8:CAFE:2::CAC1:3750/64 interface GigabitEthernet1/0/25 ipv6 ospf 1 area 2 description To 6k-dist-1 ipv6 cef ipv6 address 2001:DB8:CAFE:1100::CAC1:3750/64 ! no ipv6 redirects ipv6 router ospf 1 ipv6 nd suppress-ra router-id 10.120.2.1 ipv6 ospf network point-to-point log-adjacency-changes ipv6 ospf 1 area 2 auto-cost reference-bandwidth 10000 ipv6 ospf hello-interval 1 area 2 stub no-summary ipv6 ospf dead-interval 3 passive-interface Vlan2 ipv6 cef timers spf 1 5 ! interface GigabitEthernet1/0/26 description To 6k-dist-2 ipv6 address 2001:DB8:CAFE:1101::CAC1:3750/64 no ipv6 redirects ipv6 nd suppress-ra ipv6 ospf network point-to-point ipv6 ospf 1 area 2 ipv6 ospf hello-interval 1 ipv6 ospf dead-interval 3 ipv6 cef Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 48 © 2007, Cisco Systems, Inc. All rights reserved. 24 Presentation_ID.scr
25.
Distribution Layer: Dual
Stack (Routed Access) ipv6 unicast-routing ipv6 router ospf 1 ipv6 multicast-routing auto-cost reference-bandwidth 10000 ipv6 cef distributed router-id 10.122.0.25 ! log-adjacency-changes interface GigabitEthernet3/1 area 2 stub no-summary description To 3750-acc-1 passive-interface Vlan2 ipv6 address 2001:DB8:CAFE:1100::A001:1010/64 area 2 range 2001:DB8:CAFE:xxxx::/xx no ipv6 redirects timers spf 1 5 ipv6 nd suppress-ra ipv6 ospf network point-to-point ipv6 ospf 1 area 2 ipv6 ospf hello-interval 1 ipv6 ospf dead-interval 3 ipv6 cef ! interface GigabitEthernet1/2 description To 3750-acc-2 ipv6 address 2001:DB8:CAFE:1103::A001:1010/64 no ipv6 redirects ipv6 nd suppress-ra ipv6 ospf network point-to-point ipv6 ospf 1 area 2 ipv6 ospf hello-interval 1 ipv6 ospf dead-interval 3 ipv6 cef Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 49 Campus IPv6 Deployment Options Hybrid Model IPv6/IPv4 Dual Stack Hosts Offers IPv6 connectivity via multiple options Access Dual-stack Layer Configured tunnels—L3-to-L3 L2/L3 ISATAP ISATAP ISATAP—Host-to-L3 Distribution Layer Leverages existing network NOT v6- Enabled NOT v6- Enabled Offers natural progression to full dual-stack design v6- v6- Core Layer Enabled Enabled May require tunneling to less-than-optimal layers Dual Stack Dual Stack (i.e. core layer) Aggregation v6-Enabled v6-Enabled Layer (DC) ISATAP creates a flat network (all hosts on same tunnel are peers) Create tunnels per VLAN/subnet to keep Access same segregation as existing design (not Layer (DC) clean today) Dual-stack Provides basic HA of ISATAP tunnels Server via old Anycast-RP idea Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 50 © 2007, Cisco Systems, Inc. All rights reserved. 25 Presentation_ID.scr