SlideShare ist ein Scribd-Unternehmen logo
1 von 89
Enterprise IPv6
                                    Deployment




                                     Michael De Leo
                                     Office of the CTO
                                     mdeleo@cisco.com

                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   1




                                    Reference Materials

                                      Deploying IPv6 in Campus Networks:
                                       http://www.cisco.com/univercd/cc/td/doc/solution/
                                       campipv6.pdf
                                      Deploying IPv6 in Branch Networks:
                                       http://www.cisco.com/univercd/cc/td/doc/solution/
                                       brchipv6.pdf
                                      CCO IPv6 Main Page:
                                       http://www.cisco.com/go/ipv6
                                      Cisco Network Designs:
                                       http://www.cisco.com/go/srnd



                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   2




© 2007, Cisco Systems, Inc. All rights reserved.                                                                 1
Presentation_ID.scr
Agenda

                                      Address Considerations
                                      General Concepts
                                      Infrastructure Deployment
                                             Campus/Data Center
                                             WAN/Branch
                                             Remote Access

                                      Planning and Deployment Summary
                                      Appendix—For Reference Only



                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   3




                                    The Need for IPv6




                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   4




© 2007, Cisco Systems, Inc. All rights reserved.                                                                 2
Presentation_ID.scr
Monitoring Market Drivers

                                        Address space depletion                                                                             National IT Strategy

                                                                                                                                                U.S. Federal Mandate
                                                                                                                                         IPv6 Task Force and promotion councils:
                                                                                                                                               Africa, India, Japan, Korea,…
                                                                                                                                           China Next Generation Internet (CNGI)
                                                                                                                                                           project
                                                                                                                                            European Commission sponsored
                                                                                                                                                          projects




                                                                                                                                                     IP NGN
                                                                                                                                         DOCSIS 3.0, FTTH, HDTV, Quad
                                IPv6 “on” & “preferred” by default                                                                                      Play
                                      Applications only running                                                                          Mobile SP – 3G, WiMax, PWLAN
                                      over IPv6 (P2P framework)                                                                                Networks in Motion
                                                                                                                                          Networked Sensors, ie: AIRS
                                                                                                                                              NAT Overlap – M&A

                                            MSFT Vista & Server 2008                                                                     Infrastructure Evolution

                          Presentation_ID     © 2007 Cisco Systems, Inc. All rights reserved.      Cisco Public                                                                         5




                                    IPv6 on the Factory Floor
                                                                                                   Corporate IT Network
                                                    Mgmt for IPv6
                                                                                                           IPv6 Enabled                                             Back-Office Mainframes
                                                   No NAT/PAT                                                                                                       and Servers (ERP, MES,
                                                                                                                                                                       CAPP, PDM, etc.)
                                   Central NMS
                                                                                                                                                        Office Applications,
                                                            Extranet                                                                                   Internetworking, Data
                                                                                                                                                          Servers, Storage
                                                         Service
                                                     Partners (MRO)                                                            Video Feed


                                                        Programmable Logic                                                                  IPv6 IPsec
                                  Human Machine
                                                          Controllers (PLC)
                                   Interface (HMI)

                                                                                                                            PC Based
                                                                                                Extend                     Controllers
                                                                                                Ethernet
                                                                                                                                       Wireless               IP Video
                                                                                                                                                             Monitoring

                                Stateless
                          Autoconfiguration                                                                       Motors, Drives,
                                                                                                                    Actuators
                                                             Robotics
                                                                                                                                                                                  Scanner
                                                                                                                                          Handheld

                                                                                                Sensors                         Mobile IPv6                    Device Level Network
                                                                                                                                                                      Ethernet

                          Presentation_ID     © 2007 Cisco Systems, Inc. All rights reserved.      Cisco Public                                                                         6




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                                             3
Presentation_ID.scr
Operating System Support



                                       Every major OS supports IPv6 today
                                       Windows Vista/Server 2008—top-to-bottom TCP/IP stack re-design
                                       IPv6 is on by default and preferred over IPv4 (considering network/DNS/
                                        application support)
                                       Tunnels will be used before IPv4 if required by IPv6-enabled application
                                               ISATAP, Teredo, 6to4, configured
                                       All applications and services that ship with Vista/Server 2008 support IPv4
                                        and IPv6 (IPv6-only is supported)
                                             Active Directory, IIS, File/Print/Fax, WINS/DNS/DHCP/LDAP, Windows Media Services,
                                             Terminal Services, Network Access Services—Remote Access (VPN/Dial-up), Network
                                             Access Protection (NAP), Windows Deployment Service, Certificate Services, SharePoint
                                             services, Network Load-Balancing, Internet Authentication Server, Server Clustering, etc.
                                       http://www.microsoft.com/technet/network/ipv6/default.mspx

                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                     7




                                     NAT Overlap
                          10.0.0.0 address space
                                                                               Sub-Company 1                     IPv6 enables the network to provide
                                 .3                                                                                access to services between sites
                                                                                                                                          10.0.0.0 address space
                                                                                                                                 Corp HQ
                           2001:DB8:1:2::3                                                                   Corporate
                            10.0.0.0 address space                                                           Backbone
                               .21
                                                                                                                                                              .3

                                                                                                             Static NAT entries for each    2001:DB8:1:1::3
                                                                              Sub-Company 2                    server X how many??
                          2001:DB8:1:3::21

                                       Merger and acquisition complexity force many to leave existing
                                        IPv4 address space in place vs. full integration/consolidation
                                       When server-to-server or client-to-server service is required then
                                        single/double static NAT translations are often required
                                       IPv6 can be deployed to enable service access per site and/or per
                                        application
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                     8




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                   4
Presentation_ID.scr
Address
                                    Considerations




                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                       9




                                    Hierarchical Addressing and
                                    Aggregation
                                                                             Site 1
                         2001:DB8:0001:0001::/64
                                                                                                                                 Only
                         2001:DB8:0001:0002::/64                                                                              Announces
                                                                                                                             the /32 Prefix
                                                                                                                 ISP
                                            2001:DB8:0001::/48
                                                                                                             2001:DB8::/32
                                                        Site 2
                         2001:DB8:0002:0001::/64
                                                                                                                                IPv6 Internet
                         2001:DB8:0002:0002::/64
                                                                                                                                   2000::/3
                                            2001:DB8:0002::/48
                                      Prefix assignment can be larger/smaller
                                             http://www.icann.org/announcements/announcement-12oct06.htm

                                      Provider independent proposal:
                                             http://www.arin.net/policy/proposals/2005_1.html

                                      Be careful when using /127 on P2P links (See RFC 3627)
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                      10




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                     5
Presentation_ID.scr
Do I Get PI or PA?

                                      It depends 
                                      PI space is great for ARIN controlled space (not all
                                       RIRs have approved PI space)
                                      PA is a great space if you plan to use the same SP for
                                       a very long time or you plan to NAT everything with
                                       IPv6 (not likely)
                                      More important things to consider—do you get a prefix
                                       for the entire company or do you get one prefix per site
                                       (what defines a site?)




                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public          11




                                    ULA, ULA + Global or Global

                                      What type of addressing should I deploy internal to my
                                       network? It depends:
                                             ULA-only—Today, no IPv6 NAT is useable in production so
                                             using ULA-only will not work externally to your network
                                             ULA + Global allows for the best of both worlds but at a price—
                                             much more address management with DHCP, DNS, routing and
                                             security—SAS does not always work as it should
                                             Global-only—Recommended approach but the old-school
                                             security folks that believe topology hiding is essential in security
                                             will bark at this option

                                      Let’s explore these options…



                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public          12




© 2007, Cisco Systems, Inc. All rights reserved.                                                                         6
Presentation_ID.scr
Unique-Local Addressing (RFC4193)
                                      Used for internal communications, inter-site VPNs
                                             Not routable on the internet—basically RFC1918 for IPv6 only better—less likelihood of
                                             collisions
                                      Default prefix is /48
                                             /48 limits use in large organizations that will need more space
                                             Semi-random generator prohibits generating sequentially ‘useable’ prefixes—no easy way
                                             to have aggregation when using multiple /48s
                                             Why not hack the generator to produce something larger than a /48 or even sequential /
                                             48s?
                                             Is it ‘legal’ to use something other than a /48? Perhaps the entire space? Forget legal, is it
                                             practical? Probably, but with dangers—remember the idea for ULA; internal addressing
                                             with a slim likelihood of address collisions with M&A. By consuming a larger space or the
                                             entire ULA space you will significantly increase the chances of pain in the future with M&A
                                      Routing/security control
                                             You must always implement filters/ACLs to block any packets going in or out of your
                                             network (at the Internet perimeter) that contain a SA/DA that is in the ULA range— today
                                             this is the only way the ULA scope can be enforced
                                      Generate your own ULA: http://www.sixxs.net/tools/grh/ula/
                                                                        Generated ULA= fd9c:58ed:7d73::/48

                                                       * MAC address=00:0D:9D:93:A0:C3 (Hewlett Packard)
                                                               * EUI64 address=020D9Dfffe93A0C3
                                                         * NTP date=cc5ff71943807789 cc5ff71976b28d86
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                               13




                                    ULA-Only
                                                                                                                                  Internet
                                                                                                               Global – 2001:DB8:CAFE::/               Requires NAT for IPv6
                                                                                         Branch 1                          48         tern
                                                                                                                                           al
                                                                                                                                        x
                                                                                                                               Glob
                                                                                                                                    al E                      Corp HQ
                                                                                                                                                rnal
                                                                                                                                            Inte
                                                                                                                                      ULA
                               FD9C:58ED:7D73:2800::/64
                                                                                                                Corporate
                                                                                                                Backbone
                                                                                      Branch 2

                                                                                                             ULA Space FD9C:58ED:7D73::/48

                                 FD9C:58ED:7D73:3000::/64                                                                                     FD9C:58ED:7D73::2::/64
                                      Everything internal runs the ULA space
                                      A NAT supporting IPv6 or a proxy is required to access IPv6 hosts on the
                                       internet—must run filters to prevent any SA/DA in ULA range from being
                                       forwarded
                                      Works as it does today with IPv4 except that today, there are no scalable
                                       NAT/Proxies for IPv6
                                      Removes the advantages of not having a NAT (i.e. application
                                       interoperability, global multicast, end-to-end connectivity)
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                               14




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                               7
Presentation_ID.scr
ULA + Global
                                                                                                                                 Internet
                                                                                                               Global – 2001:DB8:CAFE::/
                                                                                         Branch 1                          48
                                                                                                                                                     Corp HQ


                               FD9C:58ED:7D73:2800::/64                                                         Corporate
                               2001:DB8:CAFE:2800::/64
                                                                                                                Backbone
                                                                                      Branch 2

                                                                                                             ULA Space FD9C:58ED:7D73::/48
                                                                                                              Global – 2001:DB8:CAFE::/48
                                 FD9C:58ED:7D73:3000::/64                                                                                  FD9C:58ED:7D73::2::/64
                                 2001:DB8:CAFE:3000::/64                                                                                    2001:DB8:CAFE:2::/64
                                      Both ULA and Global are used internally except for internal-only hosts
                                      Source Address Selection (SAS) is used to determine which address to use when
                                       communicating with other nodes internally or externally
                                      In theory, ULA talks to ULA and Global talks to Global—SAS ‘should’ work this out
                                      ULA-only and Global-only hosts can talk to one another internal to the network
                                      Define a filter/policy that ensures your ULA prefix does not ‘leak’ out onto the
                                       Internet and ensure that no traffic can come in or out that has a ULA prefix in the
                                       SA/DA fields
                                      Management overhead for DHCP, DNS, routing, security, etc…
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                    15




                                    Considerations—ULA + Global
                                      Use DHCPv6 for ULA and Global—apply different policies for both (lifetimes,
                                       options, etc..)
                                      Check routability for both—can you reach an AD/DNS server regardless of which
                                       address you have?
                                      Any policy using IPv6 addresses must be configured for the appropriate range
                                       (QoS, ACL, load-balancers, PBR, etc.)
                                      If using SLAAC for both—Microsoft Windows allows you to enable/disable privacy
                                       extensions globally—this means you are either using them for both or not at all!!!
                                      One option is to use SLAAC for the Global range and enable privacy extensions
                                       and then use DHCPv6 for ULA with another IID value (EUI-64, reserved/admin
                                       defined, etc.)
                                     Temporary           Preferred                 6d23h59m55s 23h59m55s 2001:db8:cafe:2:cd22:7629:f726:6a6b
                                     Dhcp                Preferred                 13d1h33m55s 6d1h33m55s fd9c:58ed:7d73:1002:8828:723c:275e:846d
                                     Other               Preferred                    infinite   infinite fe80::8828:723c:275e:846d%8

                                      Unlike Global and link-local scopes ULA is not automatically controlled at the
                                       appropriate boundary—you must prevent ULA prefix from going out or in at your
                                       perimeter
                                      SAS behavior is OS dependent and there have been issues with it working reliably


                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                    16




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                    8
Presentation_ID.scr
Randomized IID and Privacy Extensions
                                      Enabled by default on Microsoft Windows
                                      Enable/disable via GPO or CLI

                                netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
                                       netsh interface ipv6 set privacy state=disabled store=persistent


                                             Alternatively, use DHCP (see later) to a specific pool
                                      Randomized address are generated for non-temporary
                                       autoconfigured addresses including public and link-local—used
                                       instead of EUI-64 addresses
                                      Randomized addresses engage Optimistic DAD—likelihood of
                                       duplicate LL address is rare so RS can be sent before full DAD
                                       completion
                                      Windows Vista/2008 send RS while DAD is being performed to
                                       save time for interface initialization (read RFC4862 on why this
                                       is ok)
                                      Privacy extensions are used with SLAAC
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                17




                                    ULA + Global Example
                           Addr Type          DAD State   Valid Life Pref. Life Address
                           ---------          ----------- ---------- ---------- ------------------------
                           Dhcp               Preferred 13d23h48m24s 6d23h48m24s 2001:db8:cafe:2:c1b5:cc19:f87e:3c41
                           Dhcp               Preferred 13d23h48m24s 6d23h48m24s fd9c:58ed:7d73:1002:8828:723c:275e:846d
                           Other              Preferred     infinite   infinite fe80::8828:723c:275e:846d%8



                           interface Vlan2
                                                                                                             DHCPv6 Client
                             description ACCESS-DATA-2
                             ipv6 address 2001:DB8:CAFE:2::D63/64                                                            Network
                             ipv6 address FD9C:58ED:7D73:1002::D63/64
                             ipv6 nd prefix 2001:DB8:CAFE:2::/64 no-advertise
                             ipv6 nd prefix FD9C:58ED:7D73:1002::/64 no-advertise
                             ipv6 nd managed-config-flag
                                                                                                                            DHCPv6 Server
                             ipv6 dhcp relay destination 2001:DB8:CAFE:11::9                                             2001:DB8:CAFE:11::9




                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                18




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                               9
Presentation_ID.scr
Global-Only
                                                                                                                                   Internet
                                                                                                                 Global – 2001:DB8:CAFE::/
                                                                                         Branch 1                            48
                                                                                                                                                       Corp HQ


                                2001:DB8:CAFE:2800::/64                                                          Corporate
                                                                                                                 Backbone
                                                                                      Branch 2

                                                                                                                Global – 2001:DB8:CAFE::/48

                                  2001:DB8:CAFE:3000::/64                                                                                     2001:DB8:CAFE:2::/64

                                      Global is used everywhere
                                      No issues with SAS
                                      No requirements to have NAT for ULA-to-Global translation—but, NAT
                                       may be used for other purposes
                                      Easier management of DHCP, DNS, security, etc.
                                      Only downside is breaking the habit of believing that topology hiding is a
                                       good security method 
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.      Cisco Public                                                   19




                                    Link Level—Prefix Length
                                    Considerations


                                            64 bits                                                  < 64 bits                           > 64 bits

                                  Recommended by                                           Enables more hosts                 Address space conservation
                                   RFC3177 and IAB/                                            per broadcast
                                                                                                                                        Special cases:
                                        IESG                                                       domain
                                                                                                                                      /126—valid for p2p
                                 Consistency makes                                              Considered bad                    /127—not valid for p2p
                                   management easy                                                   practice                              (RFC3627)
                                                                                                                                        /128—loopback
                                   MUST for SLAAC                                              64 bits offers more
                                    (MSFT DHCPv6                                                space for hosts than             Complicates management
                                         also)                                                     the media can
                                                                                                  support efficiently             Must avoid overlap with
                                                                                                                                     specific addresses:
                                                                                                                                 Router Anycast (RFC3513)
                                 Significant Address
                                                                                                                                  Embedded RP (RFC3956)
                                      space loss                                                                                     ISATAP addresses

                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.      Cisco Public                                                   20




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                     10
Presentation_ID.scr
Using Link-Local for Non-Access Connections
                                      Under Research

                                        What if you did not have to worry about addressing the
                                         network infrastructure for the purpose of routing?
                                               IPv6 IGPs use LL addressing
                                               Only use Global or ULA addresses at the edges for host assignment
                                               For IPv6 access to the network device itself use a loopback

                                        What happens to route filters? ACLs?—Nothing, unless you
                                         are blocking to/from the router itself
                                        Stuff to think about:
                                               Always use a RID
                                               Some Cisco devices require “ipv6 enable” on the interface in order to
                                               generate and use a link-local address
                                               Enable the IGP on each interface used for routing or that requires its
                                               prefix to be advertised
                            Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.     Cisco Public                                           21




                                      Using LL + Loopback Only
                                                                                                                       2001:db8:cafe:100::/64
                                                            2001:db8:cafe:200::/64




                                                                                           998::1/128 998::2/128

                        ipv6 unicast-routing                                                                       ipv6 unicast-routing

                        !                                                                                          !
                        interface Loopback0                                                                        interface Loopback0

                         ipv6 address 2001:DB8:CAFE:998::1/128                                                      ipv6 address 2001:DB8:CAFE:998::2/128

                         ipv6 eigrp 10                                                                              ipv6 eigrp 10
                        !                                                                                          !

                        interface Vlan200                                                                          interface GigabitEthernet3/4

                         ipv6 address 2001:DB8:CAFE:200::1/64                                                       ipv6 eigrp 10

                         ipv6 eigrp 10                                                                             !
                        !                                                                                          interface GigabitEthernet1/2

                        interface GigabitEthernet1/1                                                                ipv6 eigrp 10

                         ipv6 enable                                                                               !
                         ipv6 eigrp 10                                                                             ipv6 router eigrp 10

                        !                                                                                           router-id 10.99.8.2

                        ipv6 router eigrp 10                                                                        no shutdown

                         router-id 10.99.8.1                                                                       IPv6-EIGRP neighbors for process 10
                         no shutdown                                                                               0     Link-local address:     Gi1/2
                                                                                                                         FE80::212:D9FF:FE92:DE77

                            Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.     Cisco Public                                           22




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                              11
Presentation_ID.scr
Interface-ID Selection
                                    Network Devices

                                      Reconnaissance for network devices—the search for
                                       something to attack
                                      Use random 64-bit interface-IDs for network devices
                                             2001:DB8:CAFE:2::1/64—Common IID
                                             2001:DB8:CAFE:2::9A43:BC5D/64—Random IID
                                             2001:DB8:CAFE:2::A001:1010/64—Semi-random IID

                                      Operational management challenges with this type of
                                       numbering scheme




                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   23




                                    DHCPv6

                                      Updated version of DHCP for IPv4
                                      Client detects the presence of routers on the link
                                      If found, then examines router advertisements to
                                       determine if DHCP can or should be used
                                      If no router found or if DHCP can be used, then
                                             DHCP Solicit message is sent to the All-DHCP-Agents
                                             multicast address
                                             Using the link-local address as the source address




                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public   24




© 2007, Cisco Systems, Inc. All rights reserved.                                                                  12
Presentation_ID.scr
DHCPv6 Operation
                                                 Client                                                          Relay         Server
                                                  Solicit
                                                                                                         Relay-Fwd w/
                                                                                                            Solicit
                                                                                                                             Relay-Reply
                                                                                                                             w/Advertise
                                                                                                                Advertise


                                              Request
                                                                                                         Relay-Fwd w/
                                                                                                           Request
                                                                                                                             Relay-Reply
                                                                                                                               w/Reply
                                                                                                                 Reply
                                      All_DHCP_Relay_Agents_and_Servers (FF02::1:2)
                                      All_DHCP_Servers (FF05::1:3)
                                      DHCP Messages: clients listen UDP port 546; servers and relay agents
                                       listen on UDP port 547
                          Presentation_ID      © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                         25




                                    Stateful/Stateless DHCPv6
                                      Stateful and stateless DHCPv6 server
                                                Cisco Network Registrar:
                                                http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/
                                                Microsoft Windows Server 2008:
                                                http://technet2.microsoft.com/windowsserver2008/en/library/
                                                bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=true
                                                Dibbler: http://klub.com.pl/dhcpv6/
                                      DHCPv6 Relay—supported on routers and Catalyst
                                       interface FastEthernet0/1                                                            IPv6 Enabled Host
                                            description CLIENT LINK
                                            ipv6 address 2001:DB8:CAFE:11::1/64                                                                 Network
                                            ipv6 nd prefix 2001:DB8:CAFE:11::/64 no-advertise
                                            ipv6 nd managed-config-flag
                                            ipv6 nd other-config-flag
                                            ipv6 dhcp relay destination 2001:DB8:CAFE:10::2
                                                                                                                                                DHCPv6
                                                                                                                                                 Server



                          Presentation_ID      © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                         26




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                           13
Presentation_ID.scr
Basic DHCPv6 Message Exchange
                           DHCPv6 Client
                                                                                                          DHCPv6 Relay Agent                                           DHCPv6 Server



                                             Solicit(IA_NA)
                                                                                                                                  Relay-Forw(Solicit(IA_NA))

                                                                                                                                  Relay-Repl(Advertise(IA_NA(addr)))
                                            Advertise(IA_NA(addr))


                                              Request(IA_NA)
                                                                                                                                 Relay-Forw(Request(IA_NA))

                                                                                                                                     Relay-Repl(Reply(IA_NA(addr)))
                                            Reply(IA_NA(addr))

                                             Address Assigned

                                               Timer Expiring
                                            Renew(IA_NA(addr))
                                                                                                                               Relay-Forw(Renew(IA_NA(addr)))

                                                                                                                       Relay-Repl(Reply(IA_NA(addr)))
                                            Reply(IA_NA(addr))


                                              Shutdown , link down , Release
                                            Release(IA_NA(addr))
                                                                                                                               Relay-Forw(Release(IA_NA(addr)))

                                                                                                                                     Relay-Repl(Reply(IA_NA(addr)))
                                            Reply(IA_NA(addr))



                          Presentation_ID      © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                                    27




                                    CNR/W2K8—DHCPv6




                          Presentation_ID      © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                                    28




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                                       14
Presentation_ID.scr
IPv6 General Prefix
                                      Provides an easy/fast way to deploy prefix changes
                                      Example:2001:db8:cafe::/48 = General Prefix
                                      Fill in interface specific fields after prefix
                                    “ESE ::11:0:0:0:1” = 2001:db8:cafe:11::1/64
                           ipv6 unicast-routing                                                              interface Vlan11
                           ipv6 cef                                                                            ipv6 address ESE ::11:0:0:0:1/64
                           ipv6 general-prefix ESE 2001:DB8:CAFE::/48                                          ipv6 cef
                           !                                                                                 !
                           interface GigabitEthernet3/2                                                      interface Vlan12
                           ipv6 address ESE ::2/126                                                            ipv6 address ESE ::12:0:0:0:1/64
                           ipv6 cef                                                                            ipv6 cef
                           !
                           interface GigabitEthernet1/2
                           ipv6 address ESE ::E/126
                           ipv6 cef

                                                      Global unicast address(es):
                                                        2001:DB8:CAFE:11::1, subnet is 2001:DB8:CAFE:11::/64


                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                        29




                                    General Concepts
                                    — FHRP, Multicast
                                    and QoS




                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                        30




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                       15
Presentation_ID.scr
First Hop Router Redundancy
                                                                                                                  HSRP for v6
                                                                                                  Modification to Neighbor Advertisement, router
                                     HSRP                                          HSRP            Advertisement, and ICMPv6 redirects
                                     Active                                      Standby
                                                                                                  Virtual MAC derived from HSRP group number
                                                                                                   and virtual IPv6 link-local address

                                                                                                                  GLBP for v6
                                                                                                  Modification to Neighbor Advertisement, Router
                                      GLBP                                           GLBP           Advertisement—GW is announced via RAs
                                      AVG,                                            AVF,
                                       AVF                                            SVF         Virtual MAC derived from GLBP group number
                                                                                                           and virtual IPv6 link-local address

                                                                                                  Neighbor Unreachability Detection
                              RA Sent                                                                            For rudimentary HA at the first HOP
                          Reach-time =
                           5,000 msec                                                                Hosts use NUD “reachable time” to cycle to
                                                                                                      next known default gateway (30s by default)

                          Presentation_ID     © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                                 31




                                    First-Hop Redundancy
                                      When HSRP,GLBP and VRRP for IPv6 are not available
                                      NUD can be used for rudimentary HA at the first-hop (today this only applies to the
                                       Campus/DC—HSRP is available on routers)
                                               (config-if)#ipv6 nd reachable-time 5000
                                      Hosts use NUD “reachable time” to cycle to next known default gateway (30
                                       seconds by default)
                                      Can be combined with default router preference to determine primary gw:
                                               (config-if)#ipv6 nd router-preference {high | medium | low}
                                            Default Gateway . . . . . . . . . : 10.121.10.1
                                                                                fe80::211:bcff:fec0:d000%4
                                                                                fe80::211:bcff:fec0:c800%4

                                            Reachable Time                                              : 6s                 Access
                                                                                                                              Layer
                                                                                                                                              Distribution
                                                                                                                                                 Layer
                                            Base Reachable Time                                         : 5s

                                                                                                                                      RA


                                                                                                                                       HSRP                  To Core Layer
                                                                                                                                       IPv4

                                                                                                                                      RA

                                                                 HSRP for IPv4
                                                   RA’s with adjusted reachable-time for IPv6

                          Presentation_ID     © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                                 32




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                                  16
Presentation_ID.scr
HSRP for IPv6
                                      Many similarities with HSRP for IPv4
                                      Changes occur in Neighbor
                                       Advertisement, Router Advertisement,                                                HSRP                           HSRP
                                                                                                                           Active                        Standby
                                       and ICMPv6 redirects
                                      No need to configure GW on hosts
                                       (RAs are sent from HSRP
                                       active router)
                                      Virtual MAC derived from HSRP group                                        interface FastEthernet0/1
                                       number and virtual IPv6 link-                                               ipv6 address 2001:DB8:66:67::2/64
                                       local address                                                               ipv6 cef
                                      IPv6 Virtual MAC range:                                                     standby version 2
                                             0005.73A0.0000 - 0005.73A0.0FFF                                       standby 1 ipv6 autoconfig
                                             (4096 addresses)
                                                                                                                   standby 1 timers msec 250 msec 800
                                      HSRP IPv6 UDP Port Number 2029                                              standby 1 preempt
                                       (IANA Assigned)
                                                                                                                   standby 1 preempt delay minimum 180
                                      No HSRP IPv6 secondary address                                              standby 1 authentication md5 key-string cisco
                                      No HSRP IPv6 specific debug                                                 standby 1 track FastEthernet0/0
                                                            Host with GW of Virtual IP
                                                            #route -A inet6 | grep ::/0 | grep eth2
                                                            ::/0      fe80::5:73ff:fea0:1                                           UGDA   1024   0       0 eth2


                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                         33




                                    GLBP for IPv6
                                      Many similarities with GLBP
                                       for IPv4 (CLI, load-balancing)
                                                                                                                 GLBP                                   GLBP
                                      Modification to Neighbor                                                 AVG, AVF                               AVF, SVF
                                       Advertisement, Router
                                       Advertisement
                                      GW is announced via RAs
                                      Virtual MAC derived from                                              interface FastEthernet0/0
                                       GLBP group number and                                                 ipv6 address 2001:DB8:1::1/64
                                       virtual IPv6 link-local                                               ipv6 cef
                                       address                                                                glbp 1 ipv6 autoconfig
                                                                                                              glbp 1 timers msec 250 msec 750
                                                                                                              glbp 1 preempt delay minimum 180
                                                                                                              glbp 1 authentication md5 key-string cisco
                           AVG=Active Virtual Gateway
                           AVF=Active Virtual Forwarder
                          SVF=Standby Virtual Forwarder

                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                         34




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                        17
Presentation_ID.scr
IPv6 Multicast Availability

                                      Multicast Listener Discovery (MLD)
                                             Equivalent to IGMP

                                      PIM Group Modes: Sparse Mode, Bidirectional and
                                       Source Specific Multicast
                                      RP Deployment: Static, Embedded
                                             No Anycast-RP Yet
                                                                                                                            S
                                                                                   DR                        RP   DR
                              Host
                             Multicast
                             Control
                             via MLD




                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                      35




                                    Multicast Listener Discovery: MLD
                                    Multicast Host Membership Control

                                      MLD is equivalent to IGMP
                                       in IPv4
                                      MLD messages are
                                       transported over ICMPv6                                                          Host
                                                                                                                       Multicast
                                      MLD uses link local source                                                      Control
                                       addresses                                                                       via MLD
                                      MLD packets use “Router
                                       Alert” in extension header
                                       (RFC2711)
                                      Version number confusion:
                                             MLDv1 (RFC2710) like
                                             IGMPv2 (RFC2236)
                                             MLDv2 (RFC3810) like
                                             IGMPv3 (RFC3376)
                                      MLD snooping
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                      36




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                     18
Presentation_ID.scr
Multicast Deployment Options
                                    With and Without Rendezvous Points (RP)
                            SSM, No RPs

                                  R                                                                                                         S
                                                   DR



                            ASM Single RP—Static definitions


                                  R                                                                                                         S
                                                DR                                RP                                             DR
                                            He is the RP                                                      He is the RP   He is the RP


                            ASM Across Single Shared PIM Domain, One RP—Embedded-RP
                                                Alert! I want
                                                GRP=A from
                                                   RP=B

                               R                                                                                                            S
                                                 DR                                                                             RP



                          Presentation_ID    © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                     37




                                    IPv6 QoS Syntax Changes
                                      IPv4 syntax has used “ip” following match/set statements
                                              Example: match ip dscp, set ip dscp
                                      Modification in QoS syntax to support IPv6 and IPv4
                                              New match criteria
                                                    match dscp — Match DSCP in v4/v6
                                                    match precedence — Match Precedence in v4/v6
                                              New set criteria
                                                    set dscp — Set DSCP in v4/v6
                                                    set precedence — Set Precedence in v4/v6
                                      Additional support for IPv6 does not always require new Command
                                       Line Interface (CLI)
                                              Example—WRED



                          Presentation_ID    © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                     38




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                     19
Presentation_ID.scr
Scalability and Performance
                                      IPv6 Neighbor Cache = ARP for IPv4
                                             In dual-stack networks the first hop routers/switches will now have more memory
                                             consumption due to IPv6 neighbor entries (can be multiple per host) + ARP entries
                                             ARP entry for host in the campus distribution layer:
                                             Internet                   10.120.2.200                         2   000d.6084.2c7a     ARPA   Vlan2
                                             IPv6 Neighbor Cache entry:
                                             2001:DB8:CAFE:2:2891:1C0C:F52A:9DF1                             4 000d.6084.2c7a     STALE Vl2
                                             2001:DB8:CAFE:2:7DE5:E2B0:D4DF:97EC                             16 000d.6084.2c7a    STALE Vl2

                                             FE80::7DE5:E2B0:D4DF:97EC                                       16 000d.6084.2c7a    STALE Vl2

                                      Full internet route tables—ensure to account for TCAM/memory requirements
                                       for both IPv4/IPv6—not all vendors can properly support both
                                      Multiple routing protocols—IPv4 and IPv6 will have separate routing protocols.
                                       Ensure enough CPU/Memory is present
                                      Control plane impact when using tunnels—terminate ISATAP/configured
                                       tunnels in HW platforms when attempting large scale deployments (hundreds/
                                       thousands of tunnels)
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                    39




                                    Infrastructure
                                    Deployment



                                    Start Here: Cisco IOS Software Release Specifics for IPv6 Features
                                    http://www.cisco.com/univercd/cc/td/doc/product/software/
                                      ios123/123cgcr/ipv6_c/ftipv6s.htm


                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                    40




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                   20
Presentation_ID.scr
IPv6 Coexistence
                                                                                                                         Dual Stack

                                                                                                                   IPv4: 192.168.99.1
                                                                                      IPv6/IPv4
                                                                                                                  IPv6: 2001:db8:1::1/64




                               IPv6                                              Configured                               Configured                         IPv6
                               Host                                             Tunnel/MPLS                              Tunnel/MPLS                         Host
                                                                                 (6PE/6VPE)                               (6PE/6VPE)
                                                      IPv6                                                   MPLS/IPv4                      IPv6
                                                     Network                                                                               Network



                                                            IPv4                                                              ISATAP Tunneling
                                                                                                                   (Intra-Site Automatic Tunnel Addressing Protocol)


                                                                    IPv6
                                            ISATAP
                                             Router


                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                             41




                                    Campus/Data
                                    Center



                                    Deploying IPv6 in Campus Networks:
                                     http://www.cisco.com/univercd/cc/td/doc/solution/campipv6.pdf
                                    ESE Campus Design and Implementation Guides:
                                     http://www.cisco.com/en/US/netsol/ns656/networking_solutions_
                                     design_guidances_list.html#anchor2
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                             42




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                            21
Presentation_ID.scr
Campus IPv6 Deployment
                                    Three Major Options

                                      Dual-stack—The way to go for obvious reasons:
                                       performance, security, QoS, multicast and management
                                             Layer 3 switches should support IPv6 forwarding in hardware
                                      Hybrid—Dual-stack where possible, tunnels for the rest, but
                                       all leveraging the existing design/gear
                                             Pro—Leverage existing gear and network design (traditional L2/L3 and
                                             routed access)
                                             Con—Tunnels (especially ISATAP) cause unnatural things to be done
                                             to infrastructure (like core acting as access layer) and ISATAP does
                                             not support IPv6 multicast
                                      IPv6 Service Block—A new network block used for interim
                                       connectivity for IPv6 overlay network
                                             Pro—Separation, control and flexibility (still supports traditional L2/L3
                                             and routed access)
                                             Con—Cost (more gear), does not fully leverage existing design, still
                                             have to plan for a real dual-stack deployment and ISATAP does not
                                             support IPv6 multicast
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                                 43




                                    Campus IPv6 Deployment Options
                                    Dual-Stack IPv4/IPv6
                                                                                                              IPv6/IPv4 Dual Stack Hosts
                                      #1 requirement—switching/
                                       routing platforms must support                                                                                             Access
                                       hardware based forwarding for                                                                                               Layer

                                       IPv6                                                                                                           L2/L3
                                                                                                                                                                 Distribution
                                      IPv6 is transparent on L2                                                 v6-                                     v6-
                                                                                                                                                                    Layer

                                       switches but—                                                           Enabled                                 Enabled
                                                                                                                          Dual Stack


                                                                                                                                       Dual Stack




                                             L2 multicast—MLD snooping
                                                                                                                v6-                                      v6-      Core Layer
                                             IPv6 management—Telnet/SSH/                                      Enabled                                  Enabled

                                             HTTP/SNMP
                                             Intelligent IP services on WLAN
                                                                                                                                                                 Aggregation
                                                                                                             v6-Enabled                             v6-Enabled    Layer (DC)
                                      Expect to run the same IGPs
                                       as with IPv4
                                                                                                                                                                  Access
                                                                                                                                                                 Layer (DC)
                                      Keep feature
                                       expectations simple                                                        Dual-stack
                                                                                                                   Server

                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                                 44




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                                22
Presentation_ID.scr
Access Layer: Dual Stack
                                      Catalyst 3560/3750—In order to enable IPv6 functionality the
                                       proper SDM template needs to be defined (
                                       http://www.cisco.com/univercd/cc/td/doc/product/lan/
                                       cat3750/12225see/scg/swsdm.htm# )

                                            Switch(config)#sdm prefer dual-ipv4-and-ipv6 default

                                      If using a traditional Layer-2 access design, the only thing
                                       that needs to be enabled on the access switch
                                       (management/security discussed later) is MLD snooping:
                                                                             Switch(config)#ipv6 mld snooping
                                      3560/3750 non-E series cannot support both HSRP for IPv4
                                       and HSRP for IPv6 on the same interface
                                       http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/
                                       software/release/12.2_46_se/release/notes/
                                       OL16489.html#wp925898
                          Presentation_ID    © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                          45




                                    Distribution Layer: HSRP, EIGRP and
                                    DHCPv6-relay (Layer 2 Access)
                        ipv6 general-prefix ULA-CORE FD9C:58ED:7D73::/53                                      interface Vlan4
                        ipv6 general-prefix ULA-ACC FD9C:58ED:7D73:1000::/53                                    description Data VLAN for Access
                        ipv6 unicast-routing                                                                    ipv6 address ULA-ACC ::D63/64
                        !                                                                                       ipv6 nd prefix FD9C:58ED:7D73:1002::/64
                        interface GigabitEthernet1/0/1                                                        no-advertise
                          description To 6k-core-right                                                          ipv6 nd managed-config-flag
                          ipv6 address ULA-CORE ::3:0:0:0:D63/64                                                ipv6 dhcp relay destination fd9c:58ed:
                                                                                                              7d73:811::9
                          ipv6 eigrp 10                                                                         ipv6 eigrp 10
                          ipv6 hello-interval eigrp 10 1                                                        standby version 2
                          ipv6 hold-time eigrp 10 3                                                             standby 2 ipv6 autoconfig
                          ipv6 authentication mode eigrp 10 md5                                                 standby 2 timers msec 250 msec 750
                          ipv6 authentication key-chain eigrp 10 eigrp                                          standby 2 priority 110
                          ipv6 summary-address eigrp 10 FD9C:58ED:7D73:1000::/53                                standby 2 preempt delay minimum 180
                        !                                                                                       standby 2 authentication ese
                        interface GigabitEthernet1/0/2                                                        !
                          description To 6k-core-left                                                         ipv6 router eigrp 10
                          ipv6 address ULA-CORE ::C:0:0:0:D63/64                                                no shutdown
                          ipv6 eigrp 10                                                                         router-id 10.122.10.10
                          ipv6 hello-interval eigrp 10 1                                                        passive-interface Vlan4
                          ipv6 hold-time eigrp 10 3                                                             passive-interface Loopback0
                          ipv6 authentication mode eigrp 10 md5
                          ipv6 authentication key-chain eigrp 10 eigrp
                          ipv6 summary-address eigrp 10 FD9C:58ED:7D73:1000::/53



                          Presentation_ID    © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                          46




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                          23
Presentation_ID.scr
Distribution Layer: OSPF with NUD
                                    (Layer 2 Access)
                          ipv6 unicast-routing                                                               interface Vlan2
                          ipv6 multicast-routing                                                               description Data VLAN for Access
                          ipv6 cef distributed                                                                 ipv6 address 2001:DB8:CAFE:2::A001:1010/64
                          !                                                                                    ipv6 nd reachable-time 5000
                          interface GigabitEthernet1/1                                                         ipv6 nd router-preference high
                            description To 6k-core-right                                                       no ipv6 redirects
                            ipv6 address 2001:DB8:CAFE:1105::A001:1010/64                                      ipv6 ospf 1 area 1
                            no ipv6 redirects                                                                !
                            ipv6 nd suppress-ra                                                              ipv6 router ospf 1
                            ipv6 ospf network point-to-point                                                   auto-cost reference-bandwidth 10000
                            ipv6 ospf 1 area 0                                                                 router-id 10.122.0.25
                            ipv6 ospf hello-interval 1                                                         log-adjacency-changes
                            ipv6 ospf dead-interval 3                                                          area 2 range 2001:DB8:CAFE:xxxx::/xx
                          !                                                                                    timers spf 1 5
                          interface GigabitEthernet1/2
                            description To 6k-core-left
                            ipv6 address 2001:DB8:CAFE:1106::A001:1010/64
                            no ipv6 redirects
                            ipv6 nd suppress-ra
                            ipv6 ospf network point-to-point
                            ipv6 ospf 1 area 0
                            ipv6 ospf hello-interval 1
                            ipv6 ospf dead-interval 3



                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                  47




                                    Access Layer: Dual Stack
                                    (Routed Access)
                           ipv6 unicast-routing                                                                 interface Vlan2
                           ipv6 cef                                                                               description Data VLAN for Access
                           !                                                                                      ipv6 address 2001:DB8:CAFE:2::CAC1:3750/64
                           interface GigabitEthernet1/0/25                                                        ipv6 ospf 1 area 2
                             description To 6k-dist-1                                                             ipv6 cef
                             ipv6 address 2001:DB8:CAFE:1100::CAC1:3750/64                                      !
                             no ipv6 redirects                                                                  ipv6 router ospf 1
                             ipv6 nd suppress-ra                                                                  router-id 10.120.2.1
                             ipv6 ospf network point-to-point                                                     log-adjacency-changes
                             ipv6 ospf 1 area 2                                                                   auto-cost reference-bandwidth 10000
                             ipv6 ospf hello-interval 1                                                           area 2 stub no-summary
                             ipv6 ospf dead-interval 3                                                            passive-interface Vlan2
                             ipv6 cef                                                                             timers spf 1 5
                           !
                           interface GigabitEthernet1/0/26
                             description To 6k-dist-2
                             ipv6 address 2001:DB8:CAFE:1101::CAC1:3750/64
                             no ipv6 redirects
                             ipv6 nd suppress-ra
                             ipv6 ospf network point-to-point
                             ipv6 ospf 1 area 2
                             ipv6 ospf hello-interval 1
                             ipv6 ospf dead-interval 3
                             ipv6 cef


                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                  48




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                 24
Presentation_ID.scr
Distribution Layer: Dual Stack
                                    (Routed Access)
                         ipv6 unicast-routing                                                                ipv6 router ospf 1
                         ipv6 multicast-routing                                                               auto-cost reference-bandwidth 10000
                         ipv6 cef distributed                                                                 router-id 10.122.0.25
                         !                                                                                    log-adjacency-changes
                         interface GigabitEthernet3/1                                                         area 2 stub no-summary
                           description To 3750-acc-1                                                          passive-interface Vlan2
                           ipv6 address 2001:DB8:CAFE:1100::A001:1010/64                                      area 2 range 2001:DB8:CAFE:xxxx::/xx
                           no ipv6 redirects                                                                  timers spf 1 5
                           ipv6 nd suppress-ra
                           ipv6 ospf network point-to-point
                           ipv6 ospf 1 area 2
                           ipv6 ospf hello-interval 1
                           ipv6 ospf dead-interval 3
                           ipv6 cef
                         !
                         interface GigabitEthernet1/2
                           description To 3750-acc-2
                           ipv6 address 2001:DB8:CAFE:1103::A001:1010/64
                           no ipv6 redirects
                           ipv6 nd suppress-ra
                           ipv6 ospf network point-to-point
                           ipv6 ospf 1 area 2
                           ipv6 ospf hello-interval 1
                           ipv6 ospf dead-interval 3
                           ipv6 cef

                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                                        49




                                    Campus IPv6 Deployment Options
                                    Hybrid Model
                                                                                                                    IPv6/IPv4 Dual Stack Hosts
                                      Offers IPv6 connectivity via multiple
                                       options
                                                                                                                                                                         Access
                                             Dual-stack                                                                                                                   Layer
                                             Configured tunnels—L3-to-L3                                                                                    L2/L3
                                                                                                                                ISATAP


                                                                                                                                             ISATAP




                                             ISATAP—Host-to-L3                                                                                                         Distribution
                                                                                                                                                                          Layer
                                      Leverages existing network                                                    NOT v6-
                                                                                                                     Enabled
                                                                                                                                                             NOT v6-
                                                                                                                                                             Enabled

                                      Offers natural progression to
                                       full dual-stack design                                                         v6-                                      v6-      Core Layer
                                                                                                                    Enabled                                  Enabled
                                      May require tunneling to
                                       less-than-optimal layers
                                                                                                                                Dual Stack


                                                                                                                                             Dual Stack




                                       (i.e. core layer)
                                                                                                                                                                        Aggregation
                                                                                                                   v6-Enabled                             v6-Enabled     Layer (DC)
                                      ISATAP creates a flat network (all
                                       hosts on same tunnel are peers)
                                             Create tunnels per VLAN/subnet to keep                                                                                      Access
                                             same segregation as existing design (not                                                                                   Layer (DC)
                                             clean today)
                                                                                                                        Dual-stack
                                      Provides basic HA of ISATAP tunnels                                               Server
                                       via old Anycast-RP idea
                          Presentation_ID   © 2007 Cisco Systems, Inc. All rights reserved.   Cisco Public                                                                        50




© 2007, Cisco Systems, Inc. All rights reserved.                                                                                                                                       25
Presentation_ID.scr
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009

Weitere ähnliche Inhalte

Was ist angesagt?

Ccda desgn v2.0 sg ppt to pdf
Ccda desgn v2.0 sg ppt to pdfCcda desgn v2.0 sg ppt to pdf
Ccda desgn v2.0 sg ppt to pdfLuzMarina116
 
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceMS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceSpiffy
 
Developments in Managed Content Distribution
Developments in Managed Content DistributionDevelopments in Managed Content Distribution
Developments in Managed Content DistributionCisco Service Provider
 
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...Cisco Canada
 
Cisco 640-864 Complete Study Guide
Cisco 640-864 Complete Study GuideCisco 640-864 Complete Study Guide
Cisco 640-864 Complete Study Guidenustouch
 
Ethernet and TCP optimizations
Ethernet and TCP optimizationsEthernet and TCP optimizations
Ethernet and TCP optimizationsJeff Squyres
 
Mei Yick Offer MPLS
Mei Yick Offer MPLSMei Yick Offer MPLS
Mei Yick Offer MPLSTony Ma
 
Converged Data Center: FCoE, iSCSI and the Future of Storage Networking
Converged Data Center: FCoE, iSCSI and the Future of Storage NetworkingConverged Data Center: FCoE, iSCSI and the Future of Storage Networking
Converged Data Center: FCoE, iSCSI and the Future of Storage NetworkingEMC
 
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009Jaime Olmos
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1changcai
 
Cisco small business_communicate_by_leah_davis
Cisco small business_communicate_by_leah_davisCisco small business_communicate_by_leah_davis
Cisco small business_communicate_by_leah_davisgkmurase
 
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...SSA KPI
 
Next Generation Video Services Fundamentals
Next Generation Video Services FundamentalsNext Generation Video Services Fundamentals
Next Generation Video Services FundamentalsCisco Canada
 
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport Ole Ipv4onlifesupport
Ole Ipv4onlifesupport IPv6no
 
Technology Development and Innovation at Cisco
Technology Development and Innovation at CiscoTechnology Development and Innovation at Cisco
Technology Development and Innovation at CiscoCisco Canada
 
Ucs overview sap-rnicola
Ucs overview sap-rnicolaUcs overview sap-rnicola
Ucs overview sap-rnicolaRobert Nicola
 
Cloudify summit2012 pub
Cloudify summit2012 pubCloudify summit2012 pub
Cloudify summit2012 pubGary Berger
 
Network automation seminar
Network automation seminarNetwork automation seminar
Network automation seminarpatmisasi
 

Was ist angesagt? (19)

Ccda desgn v2.0 sg ppt to pdf
Ccda desgn v2.0 sg ppt to pdfCcda desgn v2.0 sg ppt to pdf
Ccda desgn v2.0 sg ppt to pdf
 
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceMS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
 
Developments in Managed Content Distribution
Developments in Managed Content DistributionDevelopments in Managed Content Distribution
Developments in Managed Content Distribution
 
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
 
Cisco 640-864 Complete Study Guide
Cisco 640-864 Complete Study GuideCisco 640-864 Complete Study Guide
Cisco 640-864 Complete Study Guide
 
Ethernet and TCP optimizations
Ethernet and TCP optimizationsEthernet and TCP optimizations
Ethernet and TCP optimizations
 
CVamrishBel
CVamrishBelCVamrishBel
CVamrishBel
 
Mei Yick Offer MPLS
Mei Yick Offer MPLSMei Yick Offer MPLS
Mei Yick Offer MPLS
 
Converged Data Center: FCoE, iSCSI and the Future of Storage Networking
Converged Data Center: FCoE, iSCSI and the Future of Storage NetworkingConverged Data Center: FCoE, iSCSI and the Future of Storage Networking
Converged Data Center: FCoE, iSCSI and the Future of Storage Networking
 
Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009Michael De Leo Global IPv6 Summit México 2009
Michael De Leo Global IPv6 Summit México 2009
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
Cisco small business_communicate_by_leah_davis
Cisco small business_communicate_by_leah_davisCisco small business_communicate_by_leah_davis
Cisco small business_communicate_by_leah_davis
 
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
 
Next Generation Video Services Fundamentals
Next Generation Video Services FundamentalsNext Generation Video Services Fundamentals
Next Generation Video Services Fundamentals
 
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
 
Technology Development and Innovation at Cisco
Technology Development and Innovation at CiscoTechnology Development and Innovation at Cisco
Technology Development and Innovation at Cisco
 
Ucs overview sap-rnicola
Ucs overview sap-rnicolaUcs overview sap-rnicola
Ucs overview sap-rnicola
 
Cloudify summit2012 pub
Cloudify summit2012 pubCloudify summit2012 pub
Cloudify summit2012 pub
 
Network automation seminar
Network automation seminarNetwork automation seminar
Network automation seminar
 

Andere mochten auch

Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011IPv6no
 
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesHands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesCisco Canada
 
IPv6 Best Practice
IPv6 Best PracticeIPv6 Best Practice
IPv6 Best Practiceflyingpotato
 
IPv6 at LinkedIn
IPv6 at LinkedInIPv6 at LinkedIn
IPv6 at LinkedInAPNIC
 
IPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise NetworksIPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise NetworksIvan Pepelnjak
 
Enterprise IPv6 Deployment
Enterprise IPv6 Deployment Enterprise IPv6 Deployment
Enterprise IPv6 Deployment Cisco Canada
 
IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition StrategiesAPNIC
 
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44Jisc
 
Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Jisc
 
Internet Protocol version 6
Internet Protocol version 6Internet Protocol version 6
Internet Protocol version 6Rekha Yadav
 
IPv6 Readiness Measurement BoF Report
IPv6 Readiness Measurement BoF ReportIPv6 Readiness Measurement BoF Report
IPv6 Readiness Measurement BoF ReportAPNIC
 
Akamai IPv6 Measurement
Akamai IPv6 MeasurementAkamai IPv6 Measurement
Akamai IPv6 MeasurementAPNIC
 
IPv4 to IPv6
IPv4 to IPv6IPv4 to IPv6
IPv4 to IPv6mithilak
 

Andere mochten auch (14)

Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011Ron Broersma dren-stavanger-22 nov2011
Ron Broersma dren-stavanger-22 nov2011
 
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesHands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and Services
 
IPv6 Best Practice
IPv6 Best PracticeIPv6 Best Practice
IPv6 Best Practice
 
IPv6 at LinkedIn
IPv6 at LinkedInIPv6 at LinkedIn
IPv6 at LinkedIn
 
IPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise NetworksIPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise Networks
 
Enterprise IPv6 Deployment
Enterprise IPv6 Deployment Enterprise IPv6 Deployment
Enterprise IPv6 Deployment
 
IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition Strategies
 
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44
 
Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44
 
Internet Protocol version 6
Internet Protocol version 6Internet Protocol version 6
Internet Protocol version 6
 
IPV6 ADDRESS
IPV6 ADDRESSIPV6 ADDRESS
IPV6 ADDRESS
 
IPv6 Readiness Measurement BoF Report
IPv6 Readiness Measurement BoF ReportIPv6 Readiness Measurement BoF Report
IPv6 Readiness Measurement BoF Report
 
Akamai IPv6 Measurement
Akamai IPv6 MeasurementAkamai IPv6 Measurement
Akamai IPv6 Measurement
 
IPv4 to IPv6
IPv4 to IPv6IPv4 to IPv6
IPv4 to IPv6
 

Ähnlich wie Michael De Leo Global IPv6 Summit México 2009

IPv6IntegrationBestPracticesfinal.pdf
IPv6IntegrationBestPracticesfinal.pdfIPv6IntegrationBestPracticesfinal.pdf
IPv6IntegrationBestPracticesfinal.pdfCPUHogg
 
Intel open stack v1
Intel open stack v1Intel open stack v1
Intel open stack v1benbenhappy
 
IT Essential - Course Overview
IT Essential - Course OverviewIT Essential - Course Overview
IT Essential - Course OverviewIrsandi Hasan
 
IPv6 for the Enterprise
IPv6 for the EnterpriseIPv6 for the Enterprise
IPv6 for the EnterpriseJohn Rhoton
 
Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008OpenSourceCamp
 
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan   software-defined access-a transf...[Cisco Connect 2018 - Vietnam] 2. lam doan   software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...Nur Shiqim Chok
 
IPv6 Support at NEC CEs
IPv6 Support at NEC CEsIPv6 Support at NEC CEs
IPv6 Support at NEC CEsAPNIC
 
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan   software-defined access-a transform...[Cisco Connect 2018 - Vietnam] Lam doan   software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...Nur Shiqim Chok
 
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...NetworkCollaborators
 
Journey to IPv6 - A Real-World deployment for Mobiles
Journey to IPv6 - A Real-World deployment for MobilesJourney to IPv6 - A Real-World deployment for Mobiles
Journey to IPv6 - A Real-World deployment for MobilesAPNIC
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Cisco Russia
 
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...NetworkCollaborators
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centersscarisbrick
 
Salman Mahmood Resume
Salman Mahmood ResumeSalman Mahmood Resume
Salman Mahmood Resumesalman321
 
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
 Cisco Connect 2018 Philippines - software-defined access-a transformational ... Cisco Connect 2018 Philippines - software-defined access-a transformational ...
Cisco Connect 2018 Philippines - software-defined access-a transformational ...NetworkCollaborators
 
Resume for Network Engineer, Network Security, IT Management L2 / L3
Resume for Network Engineer, Network Security,  IT Management L2 / L3 Resume for Network Engineer, Network Security,  IT Management L2 / L3
Resume for Network Engineer, Network Security, IT Management L2 / L3 Deepak Kumar
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia -  software-defined access-a transformational ap...Cisco Connect 2018 Indonesia -  software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...NetworkCollaborators
 

Ähnlich wie Michael De Leo Global IPv6 Summit México 2009 (20)

IPv6IntegrationBestPracticesfinal.pdf
IPv6IntegrationBestPracticesfinal.pdfIPv6IntegrationBestPracticesfinal.pdf
IPv6IntegrationBestPracticesfinal.pdf
 
Intel open stack v1
Intel open stack v1Intel open stack v1
Intel open stack v1
 
Intel open stack v1
Intel open stack v1Intel open stack v1
Intel open stack v1
 
IT Essential - Course Overview
IT Essential - Course OverviewIT Essential - Course Overview
IT Essential - Course Overview
 
IPv6 for the Enterprise
IPv6 for the EnterpriseIPv6 for the Enterprise
IPv6 for the Enterprise
 
Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008Axp Introduce In China Open Source Forum 2008
Axp Introduce In China Open Source Forum 2008
 
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan   software-defined access-a transf...[Cisco Connect 2018 - Vietnam] 2. lam doan   software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
 
IPv6 Support at NEC CEs
IPv6 Support at NEC CEsIPv6 Support at NEC CEs
IPv6 Support at NEC CEs
 
IPv6: the what, why and how
IPv6: the what, why and howIPv6: the what, why and how
IPv6: the what, why and how
 
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan   software-defined access-a transform...[Cisco Connect 2018 - Vietnam] Lam doan   software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
 
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
 
Journey to IPv6 - A Real-World deployment for Mobiles
Journey to IPv6 - A Real-World deployment for MobilesJourney to IPv6 - A Real-World deployment for Mobiles
Journey to IPv6 - A Real-World deployment for Mobiles
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
 
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centers
 
Salman Mahmood Resume
Salman Mahmood ResumeSalman Mahmood Resume
Salman Mahmood Resume
 
implementing IPv6 in an ISP network, case study and lessons learned - Amos Ro...
implementing IPv6 in an ISP network, case study and lessons learned - Amos Ro...implementing IPv6 in an ISP network, case study and lessons learned - Amos Ro...
implementing IPv6 in an ISP network, case study and lessons learned - Amos Ro...
 
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
 Cisco Connect 2018 Philippines - software-defined access-a transformational ... Cisco Connect 2018 Philippines - software-defined access-a transformational ...
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
 
Resume for Network Engineer, Network Security, IT Management L2 / L3
Resume for Network Engineer, Network Security,  IT Management L2 / L3 Resume for Network Engineer, Network Security,  IT Management L2 / L3
Resume for Network Engineer, Network Security, IT Management L2 / L3
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia -  software-defined access-a transformational ap...Cisco Connect 2018 Indonesia -  software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
 

Mehr von Jaime Olmos

Taller monitoreo CUDI 2010
Taller monitoreo CUDI 2010Taller monitoreo CUDI 2010
Taller monitoreo CUDI 2010Jaime Olmos
 
Luciano Romero Convergencia Fijo Móvil
Luciano Romero Convergencia Fijo MóvilLuciano Romero Convergencia Fijo Móvil
Luciano Romero Convergencia Fijo MóvilJaime Olmos
 
Universidad de Guadalajara
Universidad de GuadalajaraUniversidad de Guadalajara
Universidad de GuadalajaraJaime Olmos
 
Welcome To Multimedia & Ipv6 Collaboration Network
Welcome To Multimedia & Ipv6 Collaboration NetworkWelcome To Multimedia & Ipv6 Collaboration Network
Welcome To Multimedia & Ipv6 Collaboration NetworkJaime Olmos
 
Twitter Lphinojosa
Twitter   LphinojosaTwitter   Lphinojosa
Twitter LphinojosaJaime Olmos
 
Sg Software Guru Inicio
Sg Software Guru   InicioSg Software Guru   Inicio
Sg Software Guru InicioJaime Olmos
 
Observatorio IPv6
Observatorio IPv6Observatorio IPv6
Observatorio IPv6Jaime Olmos
 
Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...
Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...
Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...Jaime Olmos
 
Erik Huesca Global IPv6 Summit México 2009
Erik Huesca Global IPv6 Summit México 2009Erik Huesca Global IPv6 Summit México 2009
Erik Huesca Global IPv6 Summit México 2009Jaime Olmos
 
Enrique Melrose Global IPv6 Summit México 2009
Enrique Melrose Global IPv6 Summit México 2009Enrique Melrose Global IPv6 Summit México 2009
Enrique Melrose Global IPv6 Summit México 2009Jaime Olmos
 
Carlos Silva Ponce de León Global IPv6 Summit México 2009
Carlos Silva Ponce de León Global IPv6 Summit México 2009Carlos Silva Ponce de León Global IPv6 Summit México 2009
Carlos Silva Ponce de León Global IPv6 Summit México 2009Jaime Olmos
 
José Alberto Incera Diéguez Global IPv6 Summit México 2009
José Alberto Incera Diéguez Global IPv6 Summit México 2009José Alberto Incera Diéguez Global IPv6 Summit México 2009
José Alberto Incera Diéguez Global IPv6 Summit México 2009Jaime Olmos
 
Isidro Cerda Global IPv6 Summit México 2009
Isidro Cerda Global IPv6 Summit México 2009 Isidro Cerda Global IPv6 Summit México 2009
Isidro Cerda Global IPv6 Summit México 2009 Jaime Olmos
 
Raul Echeverría Global IPv6 Summit México 2009
Raul Echeverría Global IPv6 Summit México 2009Raul Echeverría Global IPv6 Summit México 2009
Raul Echeverría Global IPv6 Summit México 2009Jaime Olmos
 

Mehr von Jaime Olmos (18)

Taller monitoreo CUDI 2010
Taller monitoreo CUDI 2010Taller monitoreo CUDI 2010
Taller monitoreo CUDI 2010
 
Luciano Romero Convergencia Fijo Móvil
Luciano Romero Convergencia Fijo MóvilLuciano Romero Convergencia Fijo Móvil
Luciano Romero Convergencia Fijo Móvil
 
Medios UdeG
Medios UdeGMedios UdeG
Medios UdeG
 
Medios UdeG
Medios UdeGMedios UdeG
Medios UdeG
 
Universidad de Guadalajara
Universidad de GuadalajaraUniversidad de Guadalajara
Universidad de Guadalajara
 
Renata
RenataRenata
Renata
 
Welcome To Multimedia & Ipv6 Collaboration Network
Welcome To Multimedia & Ipv6 Collaboration NetworkWelcome To Multimedia & Ipv6 Collaboration Network
Welcome To Multimedia & Ipv6 Collaboration Network
 
Twitter Lphinojosa
Twitter   LphinojosaTwitter   Lphinojosa
Twitter Lphinojosa
 
Sg Software Guru Inicio
Sg Software Guru   InicioSg Software Guru   Inicio
Sg Software Guru Inicio
 
Observatorio IPv6
Observatorio IPv6Observatorio IPv6
Observatorio IPv6
 
Eventos Cudi
Eventos CudiEventos Cudi
Eventos Cudi
 
Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...
Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...
Segundo Congreso Internacional Global I Pv6 Summit MéXico 2009 El Futuro De I...
 
Erik Huesca Global IPv6 Summit México 2009
Erik Huesca Global IPv6 Summit México 2009Erik Huesca Global IPv6 Summit México 2009
Erik Huesca Global IPv6 Summit México 2009
 
Enrique Melrose Global IPv6 Summit México 2009
Enrique Melrose Global IPv6 Summit México 2009Enrique Melrose Global IPv6 Summit México 2009
Enrique Melrose Global IPv6 Summit México 2009
 
Carlos Silva Ponce de León Global IPv6 Summit México 2009
Carlos Silva Ponce de León Global IPv6 Summit México 2009Carlos Silva Ponce de León Global IPv6 Summit México 2009
Carlos Silva Ponce de León Global IPv6 Summit México 2009
 
José Alberto Incera Diéguez Global IPv6 Summit México 2009
José Alberto Incera Diéguez Global IPv6 Summit México 2009José Alberto Incera Diéguez Global IPv6 Summit México 2009
José Alberto Incera Diéguez Global IPv6 Summit México 2009
 
Isidro Cerda Global IPv6 Summit México 2009
Isidro Cerda Global IPv6 Summit México 2009 Isidro Cerda Global IPv6 Summit México 2009
Isidro Cerda Global IPv6 Summit México 2009
 
Raul Echeverría Global IPv6 Summit México 2009
Raul Echeverría Global IPv6 Summit México 2009Raul Echeverría Global IPv6 Summit México 2009
Raul Echeverría Global IPv6 Summit México 2009
 

Kürzlich hochgeladen

Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 

Kürzlich hochgeladen (20)

Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 

Michael De Leo Global IPv6 Summit México 2009

  • 1. Enterprise IPv6 Deployment Michael De Leo Office of the CTO mdeleo@cisco.com Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Reference Materials   Deploying IPv6 in Campus Networks: http://www.cisco.com/univercd/cc/td/doc/solution/ campipv6.pdf   Deploying IPv6 in Branch Networks: http://www.cisco.com/univercd/cc/td/doc/solution/ brchipv6.pdf   CCO IPv6 Main Page: http://www.cisco.com/go/ipv6   Cisco Network Designs: http://www.cisco.com/go/srnd Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 2 © 2007, Cisco Systems, Inc. All rights reserved. 1 Presentation_ID.scr
  • 2. Agenda   Address Considerations   General Concepts   Infrastructure Deployment Campus/Data Center WAN/Branch Remote Access   Planning and Deployment Summary   Appendix—For Reference Only Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 3 The Need for IPv6 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 4 © 2007, Cisco Systems, Inc. All rights reserved. 2 Presentation_ID.scr
  • 3. Monitoring Market Drivers Address space depletion National IT Strategy U.S. Federal Mandate IPv6 Task Force and promotion councils: Africa, India, Japan, Korea,… China Next Generation Internet (CNGI) project European Commission sponsored projects IP NGN DOCSIS 3.0, FTTH, HDTV, Quad IPv6 “on” & “preferred” by default Play Applications only running Mobile SP – 3G, WiMax, PWLAN over IPv6 (P2P framework) Networks in Motion Networked Sensors, ie: AIRS NAT Overlap – M&A MSFT Vista & Server 2008 Infrastructure Evolution Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 5 IPv6 on the Factory Floor Corporate IT Network Mgmt for IPv6 IPv6 Enabled Back-Office Mainframes No NAT/PAT and Servers (ERP, MES, CAPP, PDM, etc.) Central NMS Office Applications, Extranet Internetworking, Data Servers, Storage Service Partners (MRO) Video Feed Programmable Logic IPv6 IPsec Human Machine Controllers (PLC) Interface (HMI) PC Based Extend Controllers Ethernet Wireless IP Video Monitoring Stateless Autoconfiguration Motors, Drives, Actuators Robotics Scanner Handheld Sensors Mobile IPv6 Device Level Network Ethernet Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 6 © 2007, Cisco Systems, Inc. All rights reserved. 3 Presentation_ID.scr
  • 4. Operating System Support   Every major OS supports IPv6 today   Windows Vista/Server 2008—top-to-bottom TCP/IP stack re-design   IPv6 is on by default and preferred over IPv4 (considering network/DNS/ application support)   Tunnels will be used before IPv4 if required by IPv6-enabled application ISATAP, Teredo, 6to4, configured   All applications and services that ship with Vista/Server 2008 support IPv4 and IPv6 (IPv6-only is supported) Active Directory, IIS, File/Print/Fax, WINS/DNS/DHCP/LDAP, Windows Media Services, Terminal Services, Network Access Services—Remote Access (VPN/Dial-up), Network Access Protection (NAP), Windows Deployment Service, Certificate Services, SharePoint services, Network Load-Balancing, Internet Authentication Server, Server Clustering, etc.   http://www.microsoft.com/technet/network/ipv6/default.mspx Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 7 NAT Overlap 10.0.0.0 address space Sub-Company 1 IPv6 enables the network to provide .3 access to services between sites 10.0.0.0 address space Corp HQ 2001:DB8:1:2::3 Corporate 10.0.0.0 address space Backbone .21 .3 Static NAT entries for each 2001:DB8:1:1::3 Sub-Company 2 server X how many?? 2001:DB8:1:3::21   Merger and acquisition complexity force many to leave existing IPv4 address space in place vs. full integration/consolidation   When server-to-server or client-to-server service is required then single/double static NAT translations are often required   IPv6 can be deployed to enable service access per site and/or per application Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 8 © 2007, Cisco Systems, Inc. All rights reserved. 4 Presentation_ID.scr
  • 5. Address Considerations Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 9 Hierarchical Addressing and Aggregation Site 1 2001:DB8:0001:0001::/64 Only 2001:DB8:0001:0002::/64 Announces the /32 Prefix ISP 2001:DB8:0001::/48 2001:DB8::/32 Site 2 2001:DB8:0002:0001::/64 IPv6 Internet 2001:DB8:0002:0002::/64 2000::/3 2001:DB8:0002::/48   Prefix assignment can be larger/smaller http://www.icann.org/announcements/announcement-12oct06.htm   Provider independent proposal: http://www.arin.net/policy/proposals/2005_1.html   Be careful when using /127 on P2P links (See RFC 3627) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 10 © 2007, Cisco Systems, Inc. All rights reserved. 5 Presentation_ID.scr
  • 6. Do I Get PI or PA?   It depends    PI space is great for ARIN controlled space (not all RIRs have approved PI space)   PA is a great space if you plan to use the same SP for a very long time or you plan to NAT everything with IPv6 (not likely)   More important things to consider—do you get a prefix for the entire company or do you get one prefix per site (what defines a site?) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 11 ULA, ULA + Global or Global   What type of addressing should I deploy internal to my network? It depends: ULA-only—Today, no IPv6 NAT is useable in production so using ULA-only will not work externally to your network ULA + Global allows for the best of both worlds but at a price— much more address management with DHCP, DNS, routing and security—SAS does not always work as it should Global-only—Recommended approach but the old-school security folks that believe topology hiding is essential in security will bark at this option   Let’s explore these options… Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 12 © 2007, Cisco Systems, Inc. All rights reserved. 6 Presentation_ID.scr
  • 7. Unique-Local Addressing (RFC4193)   Used for internal communications, inter-site VPNs Not routable on the internet—basically RFC1918 for IPv6 only better—less likelihood of collisions   Default prefix is /48 /48 limits use in large organizations that will need more space Semi-random generator prohibits generating sequentially ‘useable’ prefixes—no easy way to have aggregation when using multiple /48s Why not hack the generator to produce something larger than a /48 or even sequential / 48s? Is it ‘legal’ to use something other than a /48? Perhaps the entire space? Forget legal, is it practical? Probably, but with dangers—remember the idea for ULA; internal addressing with a slim likelihood of address collisions with M&A. By consuming a larger space or the entire ULA space you will significantly increase the chances of pain in the future with M&A   Routing/security control You must always implement filters/ACLs to block any packets going in or out of your network (at the Internet perimeter) that contain a SA/DA that is in the ULA range— today this is the only way the ULA scope can be enforced   Generate your own ULA: http://www.sixxs.net/tools/grh/ula/ Generated ULA= fd9c:58ed:7d73::/48 * MAC address=00:0D:9D:93:A0:C3 (Hewlett Packard) * EUI64 address=020D9Dfffe93A0C3 * NTP date=cc5ff71943807789 cc5ff71976b28d86 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 13 ULA-Only Internet Global – 2001:DB8:CAFE::/ Requires NAT for IPv6 Branch 1 48 tern al x Glob al E Corp HQ rnal Inte ULA FD9C:58ED:7D73:2800::/64 Corporate Backbone Branch 2 ULA Space FD9C:58ED:7D73::/48 FD9C:58ED:7D73:3000::/64 FD9C:58ED:7D73::2::/64   Everything internal runs the ULA space   A NAT supporting IPv6 or a proxy is required to access IPv6 hosts on the internet—must run filters to prevent any SA/DA in ULA range from being forwarded   Works as it does today with IPv4 except that today, there are no scalable NAT/Proxies for IPv6   Removes the advantages of not having a NAT (i.e. application interoperability, global multicast, end-to-end connectivity) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 14 © 2007, Cisco Systems, Inc. All rights reserved. 7 Presentation_ID.scr
  • 8. ULA + Global Internet Global – 2001:DB8:CAFE::/ Branch 1 48 Corp HQ FD9C:58ED:7D73:2800::/64 Corporate 2001:DB8:CAFE:2800::/64 Backbone Branch 2 ULA Space FD9C:58ED:7D73::/48 Global – 2001:DB8:CAFE::/48 FD9C:58ED:7D73:3000::/64 FD9C:58ED:7D73::2::/64 2001:DB8:CAFE:3000::/64 2001:DB8:CAFE:2::/64   Both ULA and Global are used internally except for internal-only hosts   Source Address Selection (SAS) is used to determine which address to use when communicating with other nodes internally or externally   In theory, ULA talks to ULA and Global talks to Global—SAS ‘should’ work this out   ULA-only and Global-only hosts can talk to one another internal to the network   Define a filter/policy that ensures your ULA prefix does not ‘leak’ out onto the Internet and ensure that no traffic can come in or out that has a ULA prefix in the SA/DA fields   Management overhead for DHCP, DNS, routing, security, etc… Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 15 Considerations—ULA + Global   Use DHCPv6 for ULA and Global—apply different policies for both (lifetimes, options, etc..)   Check routability for both—can you reach an AD/DNS server regardless of which address you have?   Any policy using IPv6 addresses must be configured for the appropriate range (QoS, ACL, load-balancers, PBR, etc.)   If using SLAAC for both—Microsoft Windows allows you to enable/disable privacy extensions globally—this means you are either using them for both or not at all!!!   One option is to use SLAAC for the Global range and enable privacy extensions and then use DHCPv6 for ULA with another IID value (EUI-64, reserved/admin defined, etc.) Temporary Preferred 6d23h59m55s 23h59m55s 2001:db8:cafe:2:cd22:7629:f726:6a6b Dhcp Preferred 13d1h33m55s 6d1h33m55s fd9c:58ed:7d73:1002:8828:723c:275e:846d Other Preferred infinite infinite fe80::8828:723c:275e:846d%8   Unlike Global and link-local scopes ULA is not automatically controlled at the appropriate boundary—you must prevent ULA prefix from going out or in at your perimeter   SAS behavior is OS dependent and there have been issues with it working reliably Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 16 © 2007, Cisco Systems, Inc. All rights reserved. 8 Presentation_ID.scr
  • 9. Randomized IID and Privacy Extensions   Enabled by default on Microsoft Windows   Enable/disable via GPO or CLI netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent netsh interface ipv6 set privacy state=disabled store=persistent Alternatively, use DHCP (see later) to a specific pool   Randomized address are generated for non-temporary autoconfigured addresses including public and link-local—used instead of EUI-64 addresses   Randomized addresses engage Optimistic DAD—likelihood of duplicate LL address is rare so RS can be sent before full DAD completion   Windows Vista/2008 send RS while DAD is being performed to save time for interface initialization (read RFC4862 on why this is ok)   Privacy extensions are used with SLAAC Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 17 ULA + Global Example Addr Type DAD State Valid Life Pref. Life Address --------- ----------- ---------- ---------- ------------------------ Dhcp Preferred 13d23h48m24s 6d23h48m24s 2001:db8:cafe:2:c1b5:cc19:f87e:3c41 Dhcp Preferred 13d23h48m24s 6d23h48m24s fd9c:58ed:7d73:1002:8828:723c:275e:846d Other Preferred infinite infinite fe80::8828:723c:275e:846d%8 interface Vlan2 DHCPv6 Client description ACCESS-DATA-2 ipv6 address 2001:DB8:CAFE:2::D63/64 Network ipv6 address FD9C:58ED:7D73:1002::D63/64 ipv6 nd prefix 2001:DB8:CAFE:2::/64 no-advertise ipv6 nd prefix FD9C:58ED:7D73:1002::/64 no-advertise ipv6 nd managed-config-flag DHCPv6 Server ipv6 dhcp relay destination 2001:DB8:CAFE:11::9 2001:DB8:CAFE:11::9 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 18 © 2007, Cisco Systems, Inc. All rights reserved. 9 Presentation_ID.scr
  • 10. Global-Only Internet Global – 2001:DB8:CAFE::/ Branch 1 48 Corp HQ 2001:DB8:CAFE:2800::/64 Corporate Backbone Branch 2 Global – 2001:DB8:CAFE::/48 2001:DB8:CAFE:3000::/64 2001:DB8:CAFE:2::/64   Global is used everywhere   No issues with SAS   No requirements to have NAT for ULA-to-Global translation—but, NAT may be used for other purposes   Easier management of DHCP, DNS, security, etc.   Only downside is breaking the habit of believing that topology hiding is a good security method  Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 19 Link Level—Prefix Length Considerations 64 bits < 64 bits > 64 bits   Recommended by   Enables more hosts   Address space conservation RFC3177 and IAB/ per broadcast   Special cases: IESG domain /126—valid for p2p   Consistency makes   Considered bad /127—not valid for p2p management easy practice (RFC3627) /128—loopback   MUST for SLAAC   64 bits offers more (MSFT DHCPv6 space for hosts than   Complicates management also) the media can support efficiently   Must avoid overlap with specific addresses: Router Anycast (RFC3513)   Significant Address Embedded RP (RFC3956) space loss ISATAP addresses Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 20 © 2007, Cisco Systems, Inc. All rights reserved. 10 Presentation_ID.scr
  • 11. Using Link-Local for Non-Access Connections Under Research   What if you did not have to worry about addressing the network infrastructure for the purpose of routing? IPv6 IGPs use LL addressing Only use Global or ULA addresses at the edges for host assignment For IPv6 access to the network device itself use a loopback   What happens to route filters? ACLs?—Nothing, unless you are blocking to/from the router itself   Stuff to think about: Always use a RID Some Cisco devices require “ipv6 enable” on the interface in order to generate and use a link-local address Enable the IGP on each interface used for routing or that requires its prefix to be advertised Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 21 Using LL + Loopback Only 2001:db8:cafe:100::/64 2001:db8:cafe:200::/64 998::1/128 998::2/128 ipv6 unicast-routing ipv6 unicast-routing ! ! interface Loopback0 interface Loopback0 ipv6 address 2001:DB8:CAFE:998::1/128 ipv6 address 2001:DB8:CAFE:998::2/128 ipv6 eigrp 10 ipv6 eigrp 10 ! ! interface Vlan200 interface GigabitEthernet3/4 ipv6 address 2001:DB8:CAFE:200::1/64 ipv6 eigrp 10 ipv6 eigrp 10 ! ! interface GigabitEthernet1/2 interface GigabitEthernet1/1 ipv6 eigrp 10 ipv6 enable ! ipv6 eigrp 10 ipv6 router eigrp 10 ! router-id 10.99.8.2 ipv6 router eigrp 10 no shutdown router-id 10.99.8.1 IPv6-EIGRP neighbors for process 10 no shutdown 0 Link-local address: Gi1/2 FE80::212:D9FF:FE92:DE77 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 22 © 2007, Cisco Systems, Inc. All rights reserved. 11 Presentation_ID.scr
  • 12. Interface-ID Selection Network Devices   Reconnaissance for network devices—the search for something to attack   Use random 64-bit interface-IDs for network devices 2001:DB8:CAFE:2::1/64—Common IID 2001:DB8:CAFE:2::9A43:BC5D/64—Random IID 2001:DB8:CAFE:2::A001:1010/64—Semi-random IID   Operational management challenges with this type of numbering scheme Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 23 DHCPv6   Updated version of DHCP for IPv4   Client detects the presence of routers on the link   If found, then examines router advertisements to determine if DHCP can or should be used   If no router found or if DHCP can be used, then DHCP Solicit message is sent to the All-DHCP-Agents multicast address Using the link-local address as the source address Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 24 © 2007, Cisco Systems, Inc. All rights reserved. 12 Presentation_ID.scr
  • 13. DHCPv6 Operation Client Relay Server Solicit Relay-Fwd w/ Solicit Relay-Reply w/Advertise Advertise Request Relay-Fwd w/ Request Relay-Reply w/Reply Reply   All_DHCP_Relay_Agents_and_Servers (FF02::1:2)   All_DHCP_Servers (FF05::1:3)   DHCP Messages: clients listen UDP port 546; servers and relay agents listen on UDP port 547 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 25 Stateful/Stateless DHCPv6   Stateful and stateless DHCPv6 server Cisco Network Registrar: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/ Microsoft Windows Server 2008: http://technet2.microsoft.com/windowsserver2008/en/library/ bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=true Dibbler: http://klub.com.pl/dhcpv6/   DHCPv6 Relay—supported on routers and Catalyst interface FastEthernet0/1 IPv6 Enabled Host description CLIENT LINK ipv6 address 2001:DB8:CAFE:11::1/64 Network ipv6 nd prefix 2001:DB8:CAFE:11::/64 no-advertise ipv6 nd managed-config-flag ipv6 nd other-config-flag ipv6 dhcp relay destination 2001:DB8:CAFE:10::2 DHCPv6 Server Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 26 © 2007, Cisco Systems, Inc. All rights reserved. 13 Presentation_ID.scr
  • 14. Basic DHCPv6 Message Exchange DHCPv6 Client DHCPv6 Relay Agent DHCPv6 Server Solicit(IA_NA) Relay-Forw(Solicit(IA_NA)) Relay-Repl(Advertise(IA_NA(addr))) Advertise(IA_NA(addr)) Request(IA_NA) Relay-Forw(Request(IA_NA)) Relay-Repl(Reply(IA_NA(addr))) Reply(IA_NA(addr)) Address Assigned Timer Expiring Renew(IA_NA(addr)) Relay-Forw(Renew(IA_NA(addr))) Relay-Repl(Reply(IA_NA(addr))) Reply(IA_NA(addr)) Shutdown , link down , Release Release(IA_NA(addr)) Relay-Forw(Release(IA_NA(addr))) Relay-Repl(Reply(IA_NA(addr))) Reply(IA_NA(addr)) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 27 CNR/W2K8—DHCPv6 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 28 © 2007, Cisco Systems, Inc. All rights reserved. 14 Presentation_ID.scr
  • 15. IPv6 General Prefix   Provides an easy/fast way to deploy prefix changes   Example:2001:db8:cafe::/48 = General Prefix   Fill in interface specific fields after prefix “ESE ::11:0:0:0:1” = 2001:db8:cafe:11::1/64 ipv6 unicast-routing interface Vlan11 ipv6 cef ipv6 address ESE ::11:0:0:0:1/64 ipv6 general-prefix ESE 2001:DB8:CAFE::/48 ipv6 cef ! ! interface GigabitEthernet3/2 interface Vlan12 ipv6 address ESE ::2/126 ipv6 address ESE ::12:0:0:0:1/64 ipv6 cef ipv6 cef ! interface GigabitEthernet1/2 ipv6 address ESE ::E/126 ipv6 cef Global unicast address(es): 2001:DB8:CAFE:11::1, subnet is 2001:DB8:CAFE:11::/64 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 29 General Concepts — FHRP, Multicast and QoS Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 30 © 2007, Cisco Systems, Inc. All rights reserved. 15 Presentation_ID.scr
  • 16. First Hop Router Redundancy HSRP for v6   Modification to Neighbor Advertisement, router HSRP HSRP Advertisement, and ICMPv6 redirects Active Standby   Virtual MAC derived from HSRP group number and virtual IPv6 link-local address GLBP for v6   Modification to Neighbor Advertisement, Router GLBP GLBP Advertisement—GW is announced via RAs AVG, AVF, AVF SVF   Virtual MAC derived from GLBP group number and virtual IPv6 link-local address Neighbor Unreachability Detection RA Sent   For rudimentary HA at the first HOP Reach-time = 5,000 msec   Hosts use NUD “reachable time” to cycle to next known default gateway (30s by default) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 31 First-Hop Redundancy   When HSRP,GLBP and VRRP for IPv6 are not available   NUD can be used for rudimentary HA at the first-hop (today this only applies to the Campus/DC—HSRP is available on routers) (config-if)#ipv6 nd reachable-time 5000   Hosts use NUD “reachable time” to cycle to next known default gateway (30 seconds by default)   Can be combined with default router preference to determine primary gw: (config-if)#ipv6 nd router-preference {high | medium | low} Default Gateway . . . . . . . . . : 10.121.10.1 fe80::211:bcff:fec0:d000%4 fe80::211:bcff:fec0:c800%4 Reachable Time : 6s Access Layer Distribution Layer Base Reachable Time : 5s RA HSRP To Core Layer IPv4 RA HSRP for IPv4 RA’s with adjusted reachable-time for IPv6 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 32 © 2007, Cisco Systems, Inc. All rights reserved. 16 Presentation_ID.scr
  • 17. HSRP for IPv6   Many similarities with HSRP for IPv4   Changes occur in Neighbor Advertisement, Router Advertisement, HSRP HSRP Active Standby and ICMPv6 redirects   No need to configure GW on hosts (RAs are sent from HSRP active router)   Virtual MAC derived from HSRP group interface FastEthernet0/1 number and virtual IPv6 link- ipv6 address 2001:DB8:66:67::2/64 local address ipv6 cef   IPv6 Virtual MAC range: standby version 2 0005.73A0.0000 - 0005.73A0.0FFF standby 1 ipv6 autoconfig (4096 addresses) standby 1 timers msec 250 msec 800   HSRP IPv6 UDP Port Number 2029 standby 1 preempt (IANA Assigned) standby 1 preempt delay minimum 180   No HSRP IPv6 secondary address standby 1 authentication md5 key-string cisco   No HSRP IPv6 specific debug standby 1 track FastEthernet0/0 Host with GW of Virtual IP #route -A inet6 | grep ::/0 | grep eth2 ::/0 fe80::5:73ff:fea0:1 UGDA 1024 0 0 eth2 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 33 GLBP for IPv6   Many similarities with GLBP for IPv4 (CLI, load-balancing) GLBP GLBP   Modification to Neighbor AVG, AVF AVF, SVF Advertisement, Router Advertisement   GW is announced via RAs   Virtual MAC derived from interface FastEthernet0/0 GLBP group number and ipv6 address 2001:DB8:1::1/64 virtual IPv6 link-local ipv6 cef address glbp 1 ipv6 autoconfig glbp 1 timers msec 250 msec 750 glbp 1 preempt delay minimum 180 glbp 1 authentication md5 key-string cisco AVG=Active Virtual Gateway AVF=Active Virtual Forwarder SVF=Standby Virtual Forwarder Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 34 © 2007, Cisco Systems, Inc. All rights reserved. 17 Presentation_ID.scr
  • 18. IPv6 Multicast Availability   Multicast Listener Discovery (MLD) Equivalent to IGMP   PIM Group Modes: Sparse Mode, Bidirectional and Source Specific Multicast   RP Deployment: Static, Embedded No Anycast-RP Yet S DR RP DR Host Multicast Control via MLD Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 35 Multicast Listener Discovery: MLD Multicast Host Membership Control   MLD is equivalent to IGMP in IPv4   MLD messages are transported over ICMPv6 Host Multicast   MLD uses link local source Control addresses via MLD   MLD packets use “Router Alert” in extension header (RFC2711)   Version number confusion: MLDv1 (RFC2710) like IGMPv2 (RFC2236) MLDv2 (RFC3810) like IGMPv3 (RFC3376)   MLD snooping Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 36 © 2007, Cisco Systems, Inc. All rights reserved. 18 Presentation_ID.scr
  • 19. Multicast Deployment Options With and Without Rendezvous Points (RP) SSM, No RPs R S DR ASM Single RP—Static definitions R S DR RP DR He is the RP He is the RP He is the RP ASM Across Single Shared PIM Domain, One RP—Embedded-RP Alert! I want GRP=A from RP=B R S DR RP Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 37 IPv6 QoS Syntax Changes   IPv4 syntax has used “ip” following match/set statements Example: match ip dscp, set ip dscp   Modification in QoS syntax to support IPv6 and IPv4 New match criteria match dscp — Match DSCP in v4/v6 match precedence — Match Precedence in v4/v6 New set criteria set dscp — Set DSCP in v4/v6 set precedence — Set Precedence in v4/v6   Additional support for IPv6 does not always require new Command Line Interface (CLI) Example—WRED Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 38 © 2007, Cisco Systems, Inc. All rights reserved. 19 Presentation_ID.scr
  • 20. Scalability and Performance   IPv6 Neighbor Cache = ARP for IPv4 In dual-stack networks the first hop routers/switches will now have more memory consumption due to IPv6 neighbor entries (can be multiple per host) + ARP entries ARP entry for host in the campus distribution layer: Internet 10.120.2.200 2 000d.6084.2c7a ARPA Vlan2 IPv6 Neighbor Cache entry: 2001:DB8:CAFE:2:2891:1C0C:F52A:9DF1 4 000d.6084.2c7a STALE Vl2 2001:DB8:CAFE:2:7DE5:E2B0:D4DF:97EC 16 000d.6084.2c7a STALE Vl2 FE80::7DE5:E2B0:D4DF:97EC 16 000d.6084.2c7a STALE Vl2   Full internet route tables—ensure to account for TCAM/memory requirements for both IPv4/IPv6—not all vendors can properly support both   Multiple routing protocols—IPv4 and IPv6 will have separate routing protocols. Ensure enough CPU/Memory is present   Control plane impact when using tunnels—terminate ISATAP/configured tunnels in HW platforms when attempting large scale deployments (hundreds/ thousands of tunnels) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 39 Infrastructure Deployment Start Here: Cisco IOS Software Release Specifics for IPv6 Features http://www.cisco.com/univercd/cc/td/doc/product/software/ ios123/123cgcr/ipv6_c/ftipv6s.htm Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 40 © 2007, Cisco Systems, Inc. All rights reserved. 20 Presentation_ID.scr
  • 21. IPv6 Coexistence Dual Stack IPv4: 192.168.99.1 IPv6/IPv4 IPv6: 2001:db8:1::1/64 IPv6 Configured Configured IPv6 Host Tunnel/MPLS Tunnel/MPLS Host (6PE/6VPE) (6PE/6VPE) IPv6 MPLS/IPv4 IPv6 Network Network IPv4 ISATAP Tunneling (Intra-Site Automatic Tunnel Addressing Protocol) IPv6 ISATAP Router Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 41 Campus/Data Center Deploying IPv6 in Campus Networks: http://www.cisco.com/univercd/cc/td/doc/solution/campipv6.pdf ESE Campus Design and Implementation Guides: http://www.cisco.com/en/US/netsol/ns656/networking_solutions_ design_guidances_list.html#anchor2 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 42 © 2007, Cisco Systems, Inc. All rights reserved. 21 Presentation_ID.scr
  • 22. Campus IPv6 Deployment Three Major Options   Dual-stack—The way to go for obvious reasons: performance, security, QoS, multicast and management Layer 3 switches should support IPv6 forwarding in hardware   Hybrid—Dual-stack where possible, tunnels for the rest, but all leveraging the existing design/gear Pro—Leverage existing gear and network design (traditional L2/L3 and routed access) Con—Tunnels (especially ISATAP) cause unnatural things to be done to infrastructure (like core acting as access layer) and ISATAP does not support IPv6 multicast   IPv6 Service Block—A new network block used for interim connectivity for IPv6 overlay network Pro—Separation, control and flexibility (still supports traditional L2/L3 and routed access) Con—Cost (more gear), does not fully leverage existing design, still have to plan for a real dual-stack deployment and ISATAP does not support IPv6 multicast Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 43 Campus IPv6 Deployment Options Dual-Stack IPv4/IPv6 IPv6/IPv4 Dual Stack Hosts   #1 requirement—switching/ routing platforms must support Access hardware based forwarding for Layer IPv6 L2/L3 Distribution   IPv6 is transparent on L2 v6- v6- Layer switches but— Enabled Enabled Dual Stack Dual Stack L2 multicast—MLD snooping v6- v6- Core Layer IPv6 management—Telnet/SSH/ Enabled Enabled HTTP/SNMP Intelligent IP services on WLAN Aggregation v6-Enabled v6-Enabled Layer (DC)   Expect to run the same IGPs as with IPv4 Access Layer (DC)   Keep feature expectations simple Dual-stack Server Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 44 © 2007, Cisco Systems, Inc. All rights reserved. 22 Presentation_ID.scr
  • 23. Access Layer: Dual Stack   Catalyst 3560/3750—In order to enable IPv6 functionality the proper SDM template needs to be defined ( http://www.cisco.com/univercd/cc/td/doc/product/lan/ cat3750/12225see/scg/swsdm.htm# ) Switch(config)#sdm prefer dual-ipv4-and-ipv6 default   If using a traditional Layer-2 access design, the only thing that needs to be enabled on the access switch (management/security discussed later) is MLD snooping: Switch(config)#ipv6 mld snooping   3560/3750 non-E series cannot support both HSRP for IPv4 and HSRP for IPv6 on the same interface http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/ software/release/12.2_46_se/release/notes/ OL16489.html#wp925898 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 45 Distribution Layer: HSRP, EIGRP and DHCPv6-relay (Layer 2 Access) ipv6 general-prefix ULA-CORE FD9C:58ED:7D73::/53 interface Vlan4 ipv6 general-prefix ULA-ACC FD9C:58ED:7D73:1000::/53 description Data VLAN for Access ipv6 unicast-routing ipv6 address ULA-ACC ::D63/64 ! ipv6 nd prefix FD9C:58ED:7D73:1002::/64 interface GigabitEthernet1/0/1 no-advertise description To 6k-core-right ipv6 nd managed-config-flag ipv6 address ULA-CORE ::3:0:0:0:D63/64 ipv6 dhcp relay destination fd9c:58ed: 7d73:811::9 ipv6 eigrp 10 ipv6 eigrp 10 ipv6 hello-interval eigrp 10 1 standby version 2 ipv6 hold-time eigrp 10 3 standby 2 ipv6 autoconfig ipv6 authentication mode eigrp 10 md5 standby 2 timers msec 250 msec 750 ipv6 authentication key-chain eigrp 10 eigrp standby 2 priority 110 ipv6 summary-address eigrp 10 FD9C:58ED:7D73:1000::/53 standby 2 preempt delay minimum 180 ! standby 2 authentication ese interface GigabitEthernet1/0/2 ! description To 6k-core-left ipv6 router eigrp 10 ipv6 address ULA-CORE ::C:0:0:0:D63/64 no shutdown ipv6 eigrp 10 router-id 10.122.10.10 ipv6 hello-interval eigrp 10 1 passive-interface Vlan4 ipv6 hold-time eigrp 10 3 passive-interface Loopback0 ipv6 authentication mode eigrp 10 md5 ipv6 authentication key-chain eigrp 10 eigrp ipv6 summary-address eigrp 10 FD9C:58ED:7D73:1000::/53 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 46 © 2007, Cisco Systems, Inc. All rights reserved. 23 Presentation_ID.scr
  • 24. Distribution Layer: OSPF with NUD (Layer 2 Access) ipv6 unicast-routing interface Vlan2 ipv6 multicast-routing description Data VLAN for Access ipv6 cef distributed ipv6 address 2001:DB8:CAFE:2::A001:1010/64 ! ipv6 nd reachable-time 5000 interface GigabitEthernet1/1 ipv6 nd router-preference high description To 6k-core-right no ipv6 redirects ipv6 address 2001:DB8:CAFE:1105::A001:1010/64 ipv6 ospf 1 area 1 no ipv6 redirects ! ipv6 nd suppress-ra ipv6 router ospf 1 ipv6 ospf network point-to-point auto-cost reference-bandwidth 10000 ipv6 ospf 1 area 0 router-id 10.122.0.25 ipv6 ospf hello-interval 1 log-adjacency-changes ipv6 ospf dead-interval 3 area 2 range 2001:DB8:CAFE:xxxx::/xx ! timers spf 1 5 interface GigabitEthernet1/2 description To 6k-core-left ipv6 address 2001:DB8:CAFE:1106::A001:1010/64 no ipv6 redirects ipv6 nd suppress-ra ipv6 ospf network point-to-point ipv6 ospf 1 area 0 ipv6 ospf hello-interval 1 ipv6 ospf dead-interval 3 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 47 Access Layer: Dual Stack (Routed Access) ipv6 unicast-routing interface Vlan2 ipv6 cef description Data VLAN for Access ! ipv6 address 2001:DB8:CAFE:2::CAC1:3750/64 interface GigabitEthernet1/0/25 ipv6 ospf 1 area 2 description To 6k-dist-1 ipv6 cef ipv6 address 2001:DB8:CAFE:1100::CAC1:3750/64 ! no ipv6 redirects ipv6 router ospf 1 ipv6 nd suppress-ra router-id 10.120.2.1 ipv6 ospf network point-to-point log-adjacency-changes ipv6 ospf 1 area 2 auto-cost reference-bandwidth 10000 ipv6 ospf hello-interval 1 area 2 stub no-summary ipv6 ospf dead-interval 3 passive-interface Vlan2 ipv6 cef timers spf 1 5 ! interface GigabitEthernet1/0/26 description To 6k-dist-2 ipv6 address 2001:DB8:CAFE:1101::CAC1:3750/64 no ipv6 redirects ipv6 nd suppress-ra ipv6 ospf network point-to-point ipv6 ospf 1 area 2 ipv6 ospf hello-interval 1 ipv6 ospf dead-interval 3 ipv6 cef Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 48 © 2007, Cisco Systems, Inc. All rights reserved. 24 Presentation_ID.scr
  • 25. Distribution Layer: Dual Stack (Routed Access) ipv6 unicast-routing ipv6 router ospf 1 ipv6 multicast-routing auto-cost reference-bandwidth 10000 ipv6 cef distributed router-id 10.122.0.25 ! log-adjacency-changes interface GigabitEthernet3/1 area 2 stub no-summary description To 3750-acc-1 passive-interface Vlan2 ipv6 address 2001:DB8:CAFE:1100::A001:1010/64 area 2 range 2001:DB8:CAFE:xxxx::/xx no ipv6 redirects timers spf 1 5 ipv6 nd suppress-ra ipv6 ospf network point-to-point ipv6 ospf 1 area 2 ipv6 ospf hello-interval 1 ipv6 ospf dead-interval 3 ipv6 cef ! interface GigabitEthernet1/2 description To 3750-acc-2 ipv6 address 2001:DB8:CAFE:1103::A001:1010/64 no ipv6 redirects ipv6 nd suppress-ra ipv6 ospf network point-to-point ipv6 ospf 1 area 2 ipv6 ospf hello-interval 1 ipv6 ospf dead-interval 3 ipv6 cef Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 49 Campus IPv6 Deployment Options Hybrid Model IPv6/IPv4 Dual Stack Hosts   Offers IPv6 connectivity via multiple options Access Dual-stack Layer Configured tunnels—L3-to-L3 L2/L3 ISATAP ISATAP ISATAP—Host-to-L3 Distribution Layer   Leverages existing network NOT v6- Enabled NOT v6- Enabled   Offers natural progression to full dual-stack design v6- v6- Core Layer Enabled Enabled   May require tunneling to less-than-optimal layers Dual Stack Dual Stack (i.e. core layer) Aggregation v6-Enabled v6-Enabled Layer (DC)   ISATAP creates a flat network (all hosts on same tunnel are peers) Create tunnels per VLAN/subnet to keep Access same segregation as existing design (not Layer (DC) clean today) Dual-stack   Provides basic HA of ISATAP tunnels Server via old Anycast-RP idea Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 50 © 2007, Cisco Systems, Inc. All rights reserved. 25 Presentation_ID.scr