9 Transition

Download as pdf or txt
Download as pdf or txt
You are on page 1of 61

Technologies to aid IPv6

Transition and Integration


ISP Workshops

Last updated 10 December 2011 1


Caveat
p  The
content in this slide set is largely
outdated
n  Work in progress to modernise according to
current state-of-the-art in transition work

n  Philip Smith – Dec 2011.

2
IETF Working Groups
p  “6man”
n  The group is for the maintenance, upkeep, and
advancement of the IPv6 protocol specifications and
addressing architecture.
n  http://datatracker.ietf.org/wg/6man/charter/
p  “v6ops”
n  Develops guidelines for the operation of a shared IPv4/
IPv6 Internet and provides operational guidance on how
to deploy IPv6 into existing IPv4-only networks, as well
as into new network installations.
n  http://datatracker.ietf.org/wg/v6ops/charter/

3
IETF Working Groups
p  “behave”
n  Creates documents to enable NATs to function in as
deterministic a fashion as possible.
n  http://datatracker.ietf.org/wg/behave/charter/
p  “softwires”
n  Specifies the standardization of discovery, control and
encapsulation methods for connecting IPv4 networks
across IPv6 networks and IPv6 networks across IPv4
networks in a way that will encourage multiple, inter-
operable implementations.
n  http://datatracker.ietf.org/wg/softwire/charter/

4
IPv4-IPv6 Co-existence/Transition
p  A wide range of techniques have been identified
and implemented, basically falling into three
categories:
n  Dual-stack techniques, to allow IPv4 and IPv6 to
co-exist in the same devices and networks
n  Tunneling techniques, to avoid order dependencies when
upgrading hosts, routers, or regions
n  Translation techniques, to allow IPv6-only devices to
communicate with IPv4-only devices
p  All of these will be used, in combination

5
Dual Stack Approach
IPv6-enabled
Application! Application!

TCP! UDP! TCP! UDP!

IPv4! IPv6! IPv4! IPv6!


Frame
0x0800! 0x86dd! 0x0800! 0x86dd! Protocol ID!
Data Link (Ethernet)! Data Link (Ethernet)!

p  Dual stack node means:


n  Both IPv4 and IPv6 stacks enabled
n  Applications can talk to both
n  Choice of the IP version is based on name lookup and
application preference 6
Dual Stack Approach & DNS

www.a.com !
= * ?! IPv4!

2001:db8::1!
DNS 10.1.1.1! IPv6!
Server!
2001:db8:1::1!

p  In a dual stack case, an application that:


n  Is IPv4 and IPv6-enabled
n  Asks the DNS for both types of addresses
n  Chooses one address and, for example, connects to
the IPv6 address
7
IPv6 DNS Resolver Process
p  Query DNS servers for IPv6/IPv4:
n  First tries queries for an IPv6 address (AAAA record)
n  If no IPv6 address exists, then query for an IPv4
address (A record)
n  When both IPv6 and IPv4 records exists, the IPv6
address is picked first
p  “Happy Eyeballs” resolver
n  Found in MacOS 10.7 onwards
n  Rather than picking IPv6 before IPv4, the IP protocol
giving best performance is used
p  Which can be IPv6
p  Or it can be IPv4

8
Example of DNS query
Query=www.example.org Type=AAAA DNS
A! B! server!
Resp=2001:db8:1::10 Type=AAAA
Done!
OR!
Non-existent

Query=www.example.org Type=A

Resp=192.168.30.1 Type=A

p  DNS resolver picks IPv6 AAAA if it exists


9
IOS DNS configuration
p  DNS commands for IPv6
n  Define static name for IPv6 addresses
p  ipv6 host <name> [<port>] <v6addr> [<v6addr> ...]
p  Example: ipv6 host router1 2001:db8:1::10
n  Configuring DNS servers to query
p  ip name-server <address>
p  Example: ip name-server 2001:db8:1::10

10
A Dual Stack Configuration
router#
Dual-Stack ipv6 unicast-routing
Router! interface Ethernet0
IPv6 and IPv4 ip address 192.168.99.1 255.255.255.0
Network! ipv6 address 2001:db8:213:1::1/64

IPv4: 192.168.99.1
IPv6: 2001:db8:213:1::1/64

p  IPv6-enabled router


n  If IPv4 and IPv6 are configured on one interface, the
router is dual-stacked
n  Telnet, Ping, Traceroute, SSH, DNS client, TFTP,…

11
Using Tunnels for IPv6 Deployment
p  Manytechniques are available to establish
a tunnel:
n  Manually configured
p  Manual Tunnel (RFC 2893)
p  GRE (RFC 2473)

n  Semi-automated
p  Tunnel broker
n  Automatic
p  6to4 (RFC 3056)
p  6rd

p  ISATAP

12
IPv6 over IPv4 Tunnels
Transport
IPv6 Header Data
Header

IPv6 Dual-Stack Dual-Stack IPv6


Host! Router! Router! Host!
IPv6 IPv4! IPv6
Network! Network!

Tunnel: IPv6 in IPv4 packet!


Transport
IPv4 Header IPv6 Header Data
Header

p  Tunneling is encapsulating the IPv6 packet in


the IPv4 packet
p  Tunneling can be used by routers and hosts 13
Manually Configured Tunnel
(RFC2893)
Dual-Stack Dual-Stack
Router1! Router2!
IPv6 IPv4! IPv6
Network! Network!

IPv4: 192.168.99.1 IPv4: 192.168.30.1


IPv6: 2001:db8:c18:1::3! IPv6: 2001:db8:c18:1::2!
router1# router2#

interface Tunnel0 interface Tunnel0


ipv6 address 2001:db8:c18:1::3/64 ipv6 address 2001:db8:c18:1::2/64
tunnel source 192.168.99.1 tunnel source 192.168.30.1
tunnel destination 192.168.30.1 tunnel destination 192.168.99.1
tunnel mode ipv6ip tunnel mode ipv6ip

p  Manually Configured tunnels require:


n  Dual stack end points
14
n  Both IPv4 and IPv6 addresses configured at each end
6to4 Tunnel (RFC 3056)
6to4 6to4
Router1! Router2!
IPv6 E0! IPv4! E0! IPv6
Network! Network!
192.168.99.1! 192.168.30.1!
Network prefix:! Network prefix:!
2002:c0a8:6301::/48! 2002:c0a8:1e01::/48!
=! =!
p  6to4 Tunnel: router2#
interface Loopback0
n  Is an automatic tunnel ip address 192.168.30.1 255.255.255.0
method ipv6 address 2002:c0a8:1e01:1::/64 eui-64
interface Tunnel0
n  Gives a prefix to the no ip address
attached IPv6 network ipv6 unnumbered Ethernet0
tunnel source Loopback0
n  2002::/16 assigned to 6to4 tunnel mode ipv6ip 6to4
n  Requires one global IPv4
ipv6 route 2002::/16 Tunnel0
address on each Ingress/ 15
Egress site
6to4 Relay
6to4 6to4
IPv6
Router1! Relay!
IPv4! Internet!
IPv6
Network!
192.168.99.1! IPv6
Network prefix:
 Network!
IPv6 address:

2002:c0a8:6301::/48!
2002:c0a8:1e01::1!
=!
router1#
interface Loopback0
ip address 192.168.99.1 255.255.255.0
p  6to4 relay:
ipv6 address 2002:c0a8:6301:1::/64 eui-64
interface Tunnel0
n  Is a gateway to the
no ip address rest of the IPv6
ipv6 unnumbered Ethernet0
tunnel source Loopback0
Internet
tunnel mode ipv6ip 6to4 n  Default router
ipv6 route 2002::/16 Tunnel0 n  Anycast address (RFC
ipv6 route ::/0 2002:c0a8:1e01::1
3068) for multiple 16
6to4 Relay
6to4 in the Internet
p  6to4 prefix is 2002::/16
p  192.88.99.0/24 is the IPv4 anycast network for
6to4 routers
p  6to4 relay service
n  An ISP who provides a facility to provide connectivity
over the IPv4 Internet between IPv6 islands
p  Is connected to the IPv6 Internet and announces
2002::/16 by BGP to the IPv6 Internet
p  Is connected to the IPv4 Internet and announces
192.88.99.0/24 by BGP to the IPv4 Internet
n  Their router is configured with local IPv4 address of
192.88.99.1 and local IPv6 address of
2002:c058:6301::1

17
6to4 in the Internet
relay router configuration
interface loopback0
ip address 192.88.99.1 255.255.255.255
ipv6 address 2002:c058:6301::1/128
!
interface tunnel 2002
no ip address
ipv6 unnumbered Loopback0
tunnel source Loopback0
tunnel mode ipv6ip 6to4
tunnel path-mtu-discovery
!
interface FastEthernet0/0
ip address 105.3.37.1 255.255.255.0
ipv6 address 2001:db8::1/64
!
router bgp 100
address-family ipv4
neighbor <v4-transit> remote-as 101
network 192.88.99.0 mask 255.255.255.0.
address-family ipv6
neighbor <v6-transit> remote-as 102
network 2002::/16
!
ip route 192.88.99.0 255.255.255.0 null0 254 18
ipv6 route 2002::/16 tunnel2002
6rd Tunnel
6rd ISP 6rd
ISP IPv4 Relay! IPv6
Router!
Backbone! Internet!
IPv6
Network!
192.168.64.2! IPv4
Network prefix:
 Internet!
ISP IPv4 address
2001:db8:4002::/48!
block: 192.168.0.0/16!

p  6rd (example):


n  ISP has 192.168.0.0/16 IPv4 address block
n  ISP has 2001:db8::/32 IPv6 address block
n  Final 16 bits of IPv4 address used on customer point-
to-point link to create customer /48 → customer uses
2001:db8:4002::/48 address space
n  IPv6 tunnel to ISP 6rd relay bypasses infrastructure
which cannot handle IPv6 19
Tunnel Broker
1. Web request 2. Tunnel info response
on IPv4.! on IPv4.! Tunnel
Broker!

IPv4 3. Tunnel Broker


Network! configures the tunnel
on the tunnel server or
router.!

4. Client establishes the IPv6


tunnel with the tunnel Network!
server or router.!

p  Tunnel broker:


n  Tunnel information is sent via http-ipv4
20
ISATAP – Intra Site Automatic
Tunnel Addressing Protocol
p  Tunnelling of IPv6 in IPv4
p  Single Administrative Domain
p  Creates a virtual IPv6 link over the full
IPv4 network
p  Automatic tunnelling is done by a specially
formatted ISATAP address which includes:
n  A special ISATAP identifier
n  The IPv4 address of the node

p  ISATAP nodes are dual stack


21
ISATAP Addressing Format
p  An ISATAP address of a node is defined
as:
n  A /64 prefix dedicated to the ISATAP overlay
link
n  Interface identifier:
p  Leftmost 32 bits = 0000:5EFE:
§  Identify this as an ISATAP address
p  Rightmost 32 bits = <ipv4 address>
§  The IPv4 address of the node

ISATAP dedicated prefix 0000:5EFE IPv4 address


22
ISATAP prefix advertisement
192.168.2.1!
IPv6 Network" IPv4 Network" A!
ISATAP! fe80::5efe:c0a8:0201!
192.168.4.1!
fe80::5efe:c0a8:0401!
2001:db8:ffff:5efe:c0a8:0401!
1. Potential router list (PRL): 192.168.4.1!
2. IPv6 over IPv4 tunnel! Src Addr Dest Addr
fe80::5efe:c0a8:0201 fe80::5efe:c0a8:0401

Src Addr Dest Addr


3. IPv6 over IPv4 tunnel!
fe80::5efe:c0a8:0401 fe80::5efe:c0a8:0201

Prefix = 2001:db8:ffff::/64
Lifetime, options

4. Host A configures global IPv6 address


using ISATAP prefix 2001:db8:ffff:/64! 23
ISATAP configuration example
192.168.2.1!
fe80::5efe:c0a8:0201!
A!
IPv6 Network" IPv4 Network"
ISATAP! 2001:db8:ffff:5efe:c0a8:0201!
192.168.4.1! 192.168.3.1!
fe80::5efe:c0a8:0401! B! fe80::5efe:c0a8:0301!
2001:db8:ffff:5efe:c0a8:0401!
2001:db8:ffff:5efe:c0a8:0301!

A!
2001:db8:ffff::/64!
IPv6 Network"
ISATAP!
fe80::/64!
B!

24
NAT-PT for IPv6
p  NAT-PT
n  (Network Address Translation – Protocol
Translation)
n  RFC 2766 & RFC 3152
n  Obsoleted by IETF (RFC4966) but
implementations still in use
p  Allows native IPv6 hosts and applications
to communicate with native IPv4 hosts
and applications, and vice versa
p  Easy-to-use transition and co-existence
solution
25
NAT-PT Concept

IPv4 IPv6
Interface
NAT-PT Interface

IPv4 Host ipv6 nat prefix IPv6 Host

172.16.1.1 2001:db8:1987:0:2E0:B0FF:FE6A:412C

p  prefix
is a 96-bit field that allows routing
back to the NAT-PT device

26
NAT-PT packet flow
IPv4 IPv6
Interface
NAT-PT Interface

IPv4 Host IPv6 Host


2001:db8:1987:0:2E0:B0FF:FE6A:412C
172.16.1.1
2 1

Src: 172.17.1.1 Src: 2001:db8:1987:0:2E0:B0FF:FE6A:412C


Dst: 172.16.1.1 Dst: PREFIX::1

3 4

Src: 172.16.1.1 Src: PREFIX::1


Dst: 172.17.1.1 Dst: 2001:db8:1987:0:2E0:B0FF:FE6A:412C
27
Stateless IP ICMP Translation
IPv6 field IPv4 field Action

Version = 6 Version = 4 Overwrite

Traffic class DSCP Copy

Flow label N/A Set to 0

Total length Adjust


Payload length

Next header Protocol Copy

Hop limit TTL Copy


28
DNS Application Layer Gateway
NAT-PT

IPv4 DNS IPv6 Host


2 1
Type=A Q=“host.nat-pt.com” Type=AAAA Q=“host.nat-pt.com”
3 4

Type=A R=“172.16.1.5” Type=AAAA R=“2010::45”


6 5

Type=PTR Q=“5.1.16.172.in-addr-arpa” Type=PTR Q=“5.4.0...0.1.0.2.IP6.ARPA”


7 8

Type=PTR R=“host.nat-pt.com” Type=PTR R=“host.nat-pt.com”


29
DNS ALG address assignment
Host C!

DNS v4!

Ethernet-2!

DNS query!
Ethernet-1!

DNS query!

DNS v6! Host A!

p  TTL value in DNS Resource Record = 0 30


Configuring NAT-PT (1)
p  Enabling NAT-PT
[no] ipv6 nat
p  Configure global/per interface NAT-PT prefix
[no] ipv6 nat prefix <prefix>::/96
p  Configuring static address mappings
[no] ipv6 nat v6v4 source <v6 address> <v4 address>
[no] ipv6 nat v4v6 source <v4 address> <v6 address>

31
Configuring NAT-PT (2)
p  Configuring dynamic address mappings
[no] ipv6 nat v6v4 source <list,route-map> <ipv6
list, route-map> pool <v4pool>
[no] ipv6 nat v6v4 pool <v4pool> <ipv4 addr>
<ipv4addr> prefix-length <n>
p  Configure Translation Entry Limit
n  [no] ipv6 nat translation max-entries <n>
p  Debug commands
n  debug ipv6 nat
n  debug ipv6 nat detailed

32
Cisco IOS NAT-PT configuration
example

interface ethernet-1
ipv6 address 2001:db8::10/64
ipv6 nat
.200! LAN2: 192.168.1.0/24! !
interface ethernet-2
Ethernet-2! ip address 192.168.1.1 255.255.255.0
ipv6 nat prefix 2010::/96
ipv6 nat
!
ipv6 nat v6v4 source 2001:db8::1 192.168.2.1
Ethernet-1! ipv6 nat v4v6 source 192.168.1.200 2001:db8::60
NATed prefix 2010::/96! !

LAN1: 2001:db8::/64!
2001:db8::1!

33
Cisco IOS NAT-PT w/ DNS ALG
Configuration
DNS!

interface ethernet-1
ipv6 address 2001:db8:1::10/64
ipv6 nat
.200! .100! !
interface ethernet-2
Ethernet-2! ip address 192.168.1.1 255.255.255.0
ipv6 nat
!
ipv6 nat v4v6 source 192.168.1.100 2010::1
!
Ethernet-1! ipv6 nat v6v4 source list v6-list map1 pool v4pool1
NATed prefix 2001:db8::/96!
ipv6 nat v6v4 pool v4pool1 192.168.2.1 192.168.2.10
prefix-length 24
ipv6 nat service dns
ipv6 nat prefix 2001:db8::/96
LAN1: 2001:db8:1::/64! !
ipv6 access-list v6-list
permit 2001:db8:1::/64 any
2001:db8:1::1! LAN2: 192.168.1.0/24!

34
Cisco IOS NAT-PT display (1)
Router1 #show ipv6 nat translations

Pro IPv4 source IPv6 source IPv6 destn IPv4 destn


--- --- --- 2001:db8:::60 192.168.1.200
--- 192.168.2.1 2001:db8:1::1 ---

.200! LAN2: 192.168.1.0/24!

Ethernet-2!

Router1!
Ethernet-1! NATed prefix 2001:db8::/96!

LAN1: 2001:db8:1::/64!

2001:db8:1::1!

35
Cisco IOS NAT-PT display (2)

Router1#show ipv6 nat statistics


.200! LAN2: 192.168.1.0/24!
Total active translations: 15 (2 static, 3 dynamic;
10 extended)
Ethernet-2! NAT-PT interfaces:
Ethernet-1, Ethernet-2
Hits: 10 Misses: 0
Router1! Expired translations: 0
Ethernet-1!

LAN1: 2001:db8:1::/64!
2001:db8:1::1!

36
NAT-PT Summary
p  Points of note:
n  ALG per application carrying IP address
n  No End to End security
n  No DNSsec
n  No IPsec because different address realms

p  Conclusion
n  Easy IPv6 / IPv4 co-existence mechanism
n  Enable applications to cross the protocol
barrier

37
IPv6 Servers and Services

38
Unix
Webserver
p  Apache 2.x supports IPv6 by default
p  Simply edit the httpd.conf file
n  HTTPD listens on all IPv4 interfaces on port 80
by default
n  For IPv6 add:
Listen [2001:db8:10::1]:80
p  So that the webserver will listen to requests coming
on the interface configured with 2001:db8:10::1/64

39
Unix
Nameserver
p  BIND 9 supports IPv6 by default
p  To enable IPv6 nameservice, edit /etc/
named.conf:
options { Tells bind to listen
on IPv6 ports
listen-on-v6 { any; };
};
zone “workshop.net" { Forward zone contains
type master; v4 and v6 information
file “workshop.net.zone";
};
zone “8.b.d.0.1.0.0.2.ip6.arpa" { Sets up reverse
type master; zone for IPv6 hosts
file “workshop.net.rev-zone";
}; 40
Unix
Sendmail
p  Sendmail 8 as part of a distribution is usually
built with IPv6 enabled
n  But the configuration file needs to be modified
p  If compiling from scratch, make sure NETINET6 is
defined
p  Then edit /etc/mail/sendmail.mc thus:
n  Remove the line which is for IPv4 only and enable the
IPv6 line thus (to support both IPv4 and IPv6):
n  DAEMON_OPTIONS(`Port=smtp, Addr::, Name=MTA-v6,
Family=inet6')
n  Remake sendmail.cf, then restart sendmail

41
Unix
FTP Server
p  Vsftpd is covered here
n  Standard part of many Linux distributions now
p  IPv6 is supported, but not enable by default
n  Need to run two vsftpd servers, one for IPv4, the other
for IPv6
p  IPv4 configuration file: /etc/vsftpd/vsftpd.conf
listen=YES
listen_address=<ipv4 addr>
p  IPv6 configuration file: /etc/vsftpd/vsftpdv6.conf
listen=NO
listen_ipv6=YES
listen_address6=<ipv6 addr>
42
Unix Applications
p  OpenSSH
n  Uses IPv6 transport before IPv4 transport if
IPv6 address available
p  Firefox/Thunderbird
n  Supports IPv6, but still hampered by broken
IPv6 nameservers and IPv6 connectivity
n  In about:config the value
network.dns.disableIPv6 is set to true by
default
p  Change to false to enable IPv6

43
MacOS X
p  IPv6 installed
p  IPv6 enabled by default
n  Will use autoconfiguration by default
n  Enter System Preferences and then Network to
enter static IPv6 addresses (depends on
MacOS X version)
p  Applications
will use IPv6 transport if IPv6
address offered in name lookups

44
FreeBSD – client
p  IPv6 installed, but disabled by default
p  To enable using autoconfiguration:
n  Simply edit /etc/rc.conf to include these lines
ipv6_enable="YES"
ipv6_network_interfaces="em0"
n  Where
p  em0 should be replaced with the name of the Ethernet
interface on the device
p  And then reboot the system

45
FreeBSD – server
p  IPv6 installed, but disabled by default
p  To enable using static configuration:
n  Edit /etc/rc.conf to include these lines
ipv6_enable="YES"
ipv6_network_interfaces="em0"
ipv6_ifconfig_em0=”2001:db8::1 prefixlen 64"
ipv6_defaultrouter="fe80::30%em0”
n  Where
p  em0 should be replaced with the name of the Ethernet
interface on the device
p  2001:db8::1 should be replaced with the IPv6 address
p  fe80::30 should be replaced with the default gateway
p  And then reboot the system
46
RedHat/Fedora/CentOS Linux –
client
p  IPv6 installed, but disabled by default
p  To enable:
n  Edit /etc/sysconfig/network to include the line
NETWORKING_IPV6=yes
n  Edit /etc/sysconfig/network-scripts/ifcfg-eth0
to include:
IPV6INIT=yes
n  And then /sbin/service network restart or
reboot
p  Other
Linux distributions will use similar
techniques
47
RedHat/Fedora/CentOS Linux –
server
p  To enable:
n  Edit /etc/sysconfig/network to include:
NETWORKING_IPV6=yes
IPV6_DEFAULTGW=FE80::30
IPV6_DEFAULTDEV=eth0
n  Edit /etc/sysconfig/network-scripts/ifcfg-eth0 to include:
IPV6ADDR=2001:db8::1/64
IPV6INIT=yes
IPV6_AUTOCONF=no
n  Where
p  eth0 should be replaced with the name of the Ethernet
interface on the device
p  2001:db8::1 should be replaced with the IPv6 address
p  fe80::30 should be replaced with the default gateway
n  And then /sbin/service network restart or reboot
48
Windows XP & Vista
p  XP
n  IPv6 installed, but disabled by default
n  To enable, start command prompt and run
“ipv6 install”
p  Vista
n  IPv6 installed, enabled by default
p  Most
apps (including IE) will use IPv6
transport if IPv6 address offered in name
lookups

49
Other IOS Features
Redundancy, Radius, DHCP,…

50
First-Hop Redundancy
p  When HSRP,GLBP and VRRP for IPv6 are not available
p  NUD can be used for rudimentary HA at the first-hop (today
this only applies to the Campus/DC…HSRP is available on
routers)
(config-if)#ipv6 nd reachable-time 5000
p  Hosts use NUD “reachable time” to cycle to next known
default gateway (30 seconds by default)
Default Gateway . . . . . . . . . : 10.121.10.1
fe80::211:bcff:fec0:d000%4
fe80::211:bcff:fec0:c800%4

RA sent RA sent
reach-time = 5000msec reach-time = 5000msec

51
Reachable Time : 6s
Base Reachable Time : 5s
HSRP for IPv6
p  Many similarities with HSRP for IPv4
p  Changes occur in Neighbor
HSRP HSRP
Advertisement, Router Advertisement,
Active Standby
and ICMPv6 redirects
p  No need to configure GW on hosts (RAs
are sent from HSRP Active router)
p  Virtual MAC derived from HSRP group
number and virtual IPv6 Link-local interface FastEthernet0/1
address ipv6 address 2001:DB8:66:67::2/64
p  IPv6 Virtual MAC range: ipv6 cef
n  0005.73A0.0000 - 0005.73A0.0FFF standby version 2
(4096 addresses) standby 1 ipv6 autoconfig
p  HSRP IPv6 UDP Port Number 2029 (IANA standby 1 timers msec 250 msec 800
Assigned) standby 1 preempt
p  No HSRP IPv6 secondary address standby 1 preempt delay minimum 180
p  No HSRP IPv6 specific debug standby 1 authentication md5 key-string cisco
standby 1 track FastEthernet0/0
Host with GW of Virtual IP
#route -A inet6 | grep ::/0 | grep eth2
::/0 fe80::207:85ff:fef3:2f60 UGDA 1024 3 0 eth2
::/0 fe80::205:9bff:febf:5ce0 UGDA 1024 0 0 eth2
::/0 fe80::5:73ff:fea0:1 UGDA 1024 0 0 eth2
52
GLBP for IPv6
p  Many similarities with
GLBP for IPv4 (CLI, GLBP
GLBP
Load-balancing) AVG, AVF AVF, SVF
p  Modification to Neighbor
Advertisement, Router
Advertisement
p  GW is announced via
interface FastEthernet0/0
RAs ipv6 address 2001:DB8:1::1/64
p  Virtual MAC derived ipv6 cef
from GLBP group glbp 1 ipv6 autoconfig
number and virtual IPv6 glbp 1 timers msec 250 msec 750
Link-local address glbp 1 preempt delay minimum 180
glbp 1 authentication md5 key-string cisco
AVG=Active Virtual Gateway
AVF=Active Virtual Forwarder
SVF=Standby Virtual Forwarder
53
IPv6 General Prefix
p  Provides an easy/fast way to deploy prefix changes
p  Example:2001:db8:cafe::/48 = General Prefix
p  Fill in interface specific fields after prefix
n  “office ::11:0:0:0:1” = 2001:db8:cafe:11::1/64
ipv6 unicast-routing interface Vlan11
ipv6 cef ipv6 address office ::11:0:0:0:1/64
ipv6 general-prefix office ipv6 cef
2001:DB8:CAFE::/48 !
! interface Vlan12
interface GigabitEthernet3/2 ipv6 address office ::12:0:0:0:1/64
ipv6 address office ::2/127 ipv6 cef
ipv6 cef
!
interface GigabitEthernet1/2
ipv6 address office ::E/127
ipv6 cef
6k-agg-1#sh ipv6 int vlan 11 | i Global|2001
Global unicast address(es):
54
2001:DB8:CAFE:11::1, subnet is 2001:DB8:CAFE:11::/64
AAA/RADIUS
p  RADIUS attributes and IPv6 (RFC3162)
p  RADIUS Server support requires an upgrade (supporting
RFC3162)
n  Few RADIUS solutions support RFC3162 functionality today
p  IPv6 AAA/RADIUS Configuration www.cisco.com/warp/public/
cc/pd/iosw/prodlit/ipv6a_wp.htm

RADIUS Configuration with permanently assigned /64:


Auth-Type = Local, Password = “foo”
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
cisco-avpair = “ipv6:prefix=2001:DB8:1:1::/64”

Interface Identifier attribute (Framed-Interface-Id) can be used:


Interface-Id = “0:0:0:1”,
55
DHCPv6 Overview (1)
p  Operational model based on DHCPv4, but details
differ:
n  Client uses link-local address for message exchanges
n  Server can assign multiple addresses per client through
Identity Associations
n  Clients and servers identified by DUID
n  Address assignment & Prefix delegation
n  Message exchanges similar, but will require new protocol
engine
n  Server-initiated configuration, authentication part of the
base specification
n  Extensible option mechanism & Relay-agents

56
DHCPv6 Overview (2)
p  Allows both stateful and stateless
configuration
p  RFC 3315 (DHCPv6) has additional
options:
n  DNS configuration—RFC 3646
n  Prefix delegation—RFC 3633
n  NTP servers
n  Stateless DHCP for IPv6—RFC 3736

57
DHCPv6 PD: RFC 3633
FTTH
p  Media independence DHCPv6 Server(s)
n  e.g., ADSL, FTTH
n  Only knows identity of
requesting router
ADSL
p  Leases for prefixes
p  Flexible deployments
n  Client/Relay/Server model
p  Requesting router includes
request for prefixes in DHCPv6
DHCP configuration Client
/48
request
p  Delegating router assigns /64
prefixes in response along
with other DHCP
configuration information
DHCPv6 Relay
58
Prefix/Options Assignment Host
CPE
PE
ISP

DHCP Client DHCP Server


ISP provisioning system
(1) CPE sends DHCP solicit with
ORO = PD
(2) PE sends RADIUS request for
(3) RADIUS responds with the user
user’s prefix(es)
(4) PE sends DHCP REPLY with
Prefix Delegation options
(5) CPE configures addresses from
the prefix on its downstream
(6) Host configures
interfaces, and sends an RA. addresses based on the
O-bit is set to on prefixes received in the
RA. As the O-bit is on, it
sends a DHCP
INFORMATION-REQUEST
message, with an ORO =
(7) CPE sends a DHCP REPLY DNS
containing request options
59
AAA DHCP ND/DHCP
DHCPv6 Prefix Delegation vpdn enable
!
IPv6 ISP! vpdn-group 1
PE CE request-dialin
protocol pppoe
!
interface FastEthernet0/1
ipv6 address DH-
vpdn enable
PREFIX 0:0:0:1::/64 eui-64
!
!
vpdn-group pppoe
interface FastEthernet0/0
accept-dialin
pppoe enable
protocol pppoe
pppoe-client dial-pool-number 1
virtual-template 1
!
!
interface Dialer1
ipv6 dhcp pool FOO
encapsulation ppp
prefix-delegation 2001:7:7::/48 0003000100055FAF2C08
dialer pool 1
prefix-delegation 2001:8:8::/48 0003000100055FAC1808
dialer-group 1
dns-server 2001:4::1
ipv6 address autoconfig
domain-name cisco.com
ipv6 dhcp client pd DH-PREFIX
!
ppp authentication chap callin
interface Virtual-Template1
ppp chap hostname dhcp
ipv6 enable
ppp chap password 7 0300530816
no ipv6 nd suppress-ra
!
ipv6 dhcp server FOO
ipv6 route ::/0 Dialer1
ppp authentication chap
! http://www.cisco.com/en/US/tech/tk872/
interface FastEthernet1/0 technologies_white_paper09186a00801e19 60
pppoe enable 9d.shtml
Technologies to aid IPv6
Transition and Integration
ISP Workshops

61

You might also like