ipv6 deployment and considerations · ipv6 planning steps establish ipv6 project management team 2...
TRANSCRIPT
Session ID 20PT
IPv6 Deployment and Considerations
Anthony Chan anchan@ cisco.com
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 2
IPv6 Deployment and Considerations
IPv6 Market Trends
IPv6 Planning Steps
IPv6 Addressing
IPv6 Deployment Options
ASIAGOV Case Study
Agenda
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 3
IPv6 Deployment and Considerations
IPv6 Market Trends
IPv6 Planning Steps
IPv6 Addressing
IPv6 Deployment Options
ASIAGOV Case Study
Agenda
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 4
National IPv6 Strategies
US Federal/Civilian,
US DoD, China NGI, EU
IPv6
Market Factors Driving IPv6 Deployment
IPv4 Address Run-Out
Infrastructure Evolution
SmartGrid, SmartCities
DOCSIS 3.0, 4G/LTE, IPSO
IPv6 OS, Content &
Applications
www.oecd.org: Measuring IPv6 Adoption
4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 5
Internet-Enabled Devices2 IPv4 Address Blocks Remaning1
The pool of IPv4 address
blocks is dwindling rapidly
Today Sep 2011
0
25
Today 2015+
5B
15B
While the number of new
Internet devices is exploding
< 700 Days
Remaining
1 – Geoff Huston, APNIC, www.potaroo.net, tracking /8 address-blocks managed by the Internet Assigned Numbers Authority
2 – Cisco Visual Networking Index / Intel Embedded Internet Projections
The gap between supply and demand for IP addresses
– the key Internet resource – is widening
The Growing Internet Challenge …
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 6
160
140
120
100
80
60
40
20
0
2000 2002 2004 2006 2008 2010
Ad
dre
ss
C
ou
nt
(/8
s)
IANA Pool RIR Pool Projection
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 7
Source: Geoff Huston, APNIC
100
90
80
70
60
50
40
30
20
10
0 Jan 2011 Jul 2011 Jan 2012 Jul 2012 Jan 2013 Jul 2013 Jan 2014 Jul 2014 Jan 2015 Jul 2015
IANA APNIC RIPENCC ARIN LACNIC AFRINIC
Pro
babili
ty (
%)
Registry Exhaustion Dates http://www.potaroo.net/tools/ipv4/rir.jpg
This is accelerating !
Consistently beating
estimates
Microsoft has just
purchased 666,624 IP
addresses for
$7.5million
($11.25/addr)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 8
IPv6 Deployment and Considerations
IPv6 Market Trends
IPv6 Planning Steps
IPv6 Addressing
IPv6 Deployment Options
ASIAGOV Case Study
Agenda
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 9
IPv6 Planning Steps
Establish IPv6
project
management
team
2
4
6 8
10
Evaluate effect
on business
model
1
Decide on IPv6
Architecture
Strategy
3
5
7
9
Business Case Identified/Justified
Assess network including
hardware and software
Applications and back end operations
Obtain IPv6 Prefix
Develop Addressing Plan
Develop Security Plan
Develop Adoption Timelines
Develop Cost Analysis
Develop Procurement Plan
Test Solution with
applications , network
management for
first deployment.
Develop IPv6
exception
strategy
Create Detailed
Design for phase 1
Train Engineering and
Operations on Technology
and Solution in place
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 10
A key and mandatory step to evaluate the impact of IPv6 integration
May be split in several phases
Infrastructure – networking devices and back end systems
Hosts, Servers and applications
Must be as complete as possible to allow upgrade costs evaluation and planning
Hardware type, memory size, interfaces, CPU load,…
Software version, features enabled, license type,…, forwarding path, known limitations, best practices, etc
Difficult to complete if a set of features is not defined per device‘s category for a specific environment
IPv6-capable definition, knowledge of the environment and applications, design goals
Break Network into Places in the network for a more accurate assessment
Should Map directly into your IPv6 Network Architecture strategy, Cost analysis and time lines
Readiness Assessment
5 Assess Hardware and Software
Applications and Back End Systems
10
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 12
IPv6 Deployment and Considerations
IPv6 Market Trends
IPv6 Planning Steps
IPv6 Addressing
IPv6 Deployment Options
ASIAGOV Case Study
Agenda
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 13
Build on the lessons learned from how the IPv4 plan was developed and implemented
Does it make sense to follow the current IPv4 assignment model?
Must be proportional to current usage and expected growth
Check RIR policies on block sizing
Hierarchy is key
Do you get a prefix for the entire company or do you get one prefix per site (what defines a site?)
Cisco IPv6 Addressing White Paper
http://www.cisco.com/web/strategy/docs/gov/IPv6_WP.pdf
Building the IPv6 Address Plan
13
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 14
Each RIR has different requirements web site have specifics
However anyone that has a PI IPv4 from a RIR qualifies for a PI IPv6
For ARIN initial block size is site dependent
1 to 12 sites /44
12 to 192 sites /40
192 to 3,072 sites /36
3,072 to 49,152 sites /32
Good source: https://www.arin.net/policy/nrpm.html
Possible Options
Get one large global block from local RIR and subnet out per region
Get a separate block from each of the RIR you have presences in
Which route to go ?
Depends on specific business case
Enterprise with not much consumer interaction can stay with a single large block
Enterprise that have a heavy consumer interaction using a block from each RIR will help avoid DNS and routing hacks to lead clients to regional Data Centers
Getting IPv6 Space
14
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 15
PI and PA Allocation Process
Registries
Level Four Enterprise
IANA
ISP Org
Provider Assigned
/48
/48
/12
/32
/12
Provider Independent
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 16
Mainly a Enterprise Issue
Service Providers will get allocation direct from RIR
PI space is great for organizations who want to multihome to different SPs
PA is a great space if you plan to use the same SP for a very long time or you plan to NAT/Proxy everything with IPv6 (not likely)
Other things to consider
Do you get a prefix for the entire company or do you get one prefix per site (what defines a site?)
Do you get a prefix per regional registry (RIPE, APNIC, LACNIC, etc)
Do I Get PI or PA?
16
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 17
Concerns around prefix announcement from other regions
Will providers accept prefixes from other regions?
Concerns around prefix lengths
What length prefix will providers accept?
How do I do traffic engineering?
What about providers upstream peers?
Bottom line is to have a detailed conversation w/ your provider or peering partner about what their policies are
http://www.us.ntt.net/support/policy/routing.cfm#v6PeerFilter
PI Space Concerns
17
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 18
Template addressing
Build information into the address
Example 4 bit boundary 2001:0db8:1234:xyza::/48
x = Region y= Site z= Building a= Floor
Short numbers: less chance of transcription errors for loopbacks
Compare: 2001:db8:1111:1:1:1:1/128 with 2001:db8:1234:1111::1/128
Split address block into two example of a /32
/33 for internet Enabled devices /33 for Internal Restricted devices.
Helps with Route Identification and makes filtering on edge easier.
IPv6 Address Management – How are you going to manage these blocks?
Building the IPv6 Address Plan
18
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 19
What type of addressing should I deploy internal to my network? It depends:
ULA-only—Today, no IPv6 NAT is useable in production so using ULA-only will not work externally to your network
ULA + Global allows for the best of both worlds but at a price— much more address management with DHCP, DNS, routing and security—SAS does not always work as it should
Global-only—Recommended approach but the old-school security folks that believe topology hiding is essential in security will bark at this option
Let‘s explore these options…
ULA, ULA + Global or Global
19
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 20
Everything internal runs the ULA space
A NAT supporting IPv6 or a proxy is required to access IPv6 hosts on the internet — must run filters to prevent any SA/DA in ULA range from being forwarded
Works as it does today with IPv4 except that today, there are no scalable NAT/Proxies for IPv6
Removes the advantages of not having a NAT (i.e. application interoperability, global multicast, end-to-end connectivity)
ULA-Only Not Recommended
Corporate
Backbone Branch 2
Branch 1 Corp HQ
ULA Space FD9C:58ED:7D73::/48
FD9C:58ED:7D73:2800::/64
Internet
FD9C:58ED:7D73:3000::/64 FD9C:58ED:7D73::2::/64
Global – 2001:DB8:CAFE::/48 Requires NAT for IPv6
20
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 21
Both ULA and Global are used internally except for internal-only hosts
Source Address Selection (SAS) is used to determine which address to use when communicating with other nodes internally or externally
In theory, ULA talks to ULA and Global talks to Global—SAS ‗should‘ work this out
ULA-only and Global-only hosts can talk to one another internal to the network
Define a filter/policy that ensures your ULA prefix does not ‗leak‘ out onto the Internet and ensure that no traffic can come in or out that has a ULA prefix in the SA/DA fields
Management overhead for DHCP, DNS, routing, security, etc…
ULA + Global Not Recommended
Corporate
Backbone Branch 2
Branch 1 Corp HQ
ULA Space FD9C:58ED:7D73::/48
Global – 2001:DB8:CAFE::/48
FD9C:58ED:7D73:2800::/64
2001:DB8:CAFE:2800::/64
Internet
FD9C:58ED:7D73:3000::/64
2001:DB8:CAFE:3000::/64
FD9C:58ED:7D73::2::/64
2001:DB8:CAFE:2::/64
Global – 2001:DB8:CAFE::/48
21
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 22
Global is used everywhere
No issues with SAS
No requirements to have NAT for ULA-to-Global translation—but, NAT may be used for other purposes
Easier management of DHCP, DNS, security, etc.
Only downside is breaking the habit of believing that topology hiding is a good security method
Global-Only Recommended
Backbone Site 2
Site 1
Corp
HQ Global – 2001:DB8:CAFE::/48
2001:DB8:CAFE:2800::/64
Internet
2001:DB8:CAFE:3000::/64 2001:DB8:CAFE:2::/64
Global –
2001:DB8:CAFE::/48
22
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 23
Questions to Ask Your Service Provider
SP Deployment Type
Dual Stack, Native or Overlay ( if so what kind of overlay) ?
What kind of SLA are provided for the services ? Do you post metrics online ?
What kind of services are offered
Internet Services
Layer 2 or Layer 3 VPN‘s
IPv6 Multicast support or plans ?
DNS Services over v4 or V6 ?
Visibility and footprint to the IPv6 Internet.
Peering arrangements
Service availability on nodes
Available over 802.1Q or VLANs ?
Separate or Same VRF's ?
Acceptance Policy
Prefix length acceptance ?
Provider Independent or Provider Assigned acceptance
Do your Peering partners have similar policy to yours ?
What prefix length do your upstream providers accept ?
Provisioning
Is there a self service portal ?
Routing add and deletes
When do you plan on providing v6 services as a default offering ?
Charging model
Do you charge for IPv6 ?
http://docwiki.cisco.com/wiki/What_To_Ask_From_Your_Service_Provider_About_IPv6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 24
6to4 Is Trending Down, Native IPv6 Is Trending Up
Production Quality IPv6 Improving
Source: Google and Hurricane Electric
24
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 25
IPv6 Deployment and Considerations
IPv6 Market Trends
IPv6 Planning Steps
IPv6 Addressing
IPv6 Deployment Options
ASIAGOV Case Study
Agenda
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 26
IPv6 Deployment Options
IPv6 Only
IPv6 is the only protocol operating in the network
Dual Stack (in devices/hosts and networks)
IPv4 and IPv6 operate in tandem over shared or dedicated links
Tunnelling over IPv4 or MPLS (6in4, 6to4, 6PE, 6VPE, etc..)
IPv6 confined to the edge of the IPv4 / MPLS core
IPv6 IPv6 IPv6
IPv6
IPv6 IPv6
IPv4
IPv4
IPv4
MPLS
IPv6
IPv4
IPv6
IPv4
Dedicated Links
Shared
Links
Tunnel
IPv4
MPLS
Protocol Translation (NAT64, NAT46, DNS64, etc..)
Allow IPv6-only devices to communicate with IPv4-only devices
Applications Dual
Stack Aware
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 27
All P + PE routers are capable of IPv4+IPv6 support
Two IGPs supporting IPv4 and IPv6
Memory considerations for larger routing tables
Native IPv6 multicast support
All IPv6 traffic routed in global space
Good for content distribution and global services (Internet)
Dual Stack Backbone
IPv4/IPv6
Core
CE
IPv6
IPv4
PE P P PE C
E IPv4
IPv6
IPv6 Configured Interface
IPv4 Configured Interface
Some or All Interfaces in Cloud
Dual Configured
IPv6 + IPv4
Core IPv4 + IPv6 Edge IPv4 and/or IPv4 Edge Dual Stack App
27
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 28
Dual stack in a device means
Both IPv4 and IPv6 stacks enabled
Applications can talk to both
Choice of the IP version is based on DNS and application preference
Dual Stack Application Approach
Frame Protocol
ID 0x0800 0x86dd
TCP
IPv6 Enabled
Application
IPv6
UDP
Data Link (Ethernet)
IPv4
0x0800 0x86dd
TCP
IPv4 Application
IPv6
UDP
Data Link (Ethernet)
IPv4
28
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 29
DNS Server
www.example.org = * ?
2001:db8:1::1 www IN A 192.168.0.3
www IN AAAA 2001:db8:1::1
Dual Stack Approach & DNS
In a dual stack case an application that:
Is IPv4 and IPv6-enabled
Can query the DNS for IPv4 and/or IPv6 records (A) or (AAAA) records
Chooses one address and, for example, connects to the IPv6 address
IPv4 IPv6
IPv4
IPv6
192.168.0.3
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 30
IPv6 Transit using MPLS 6PE (RFC 4798)
6PEs must support dual stack IPv4+IPv6 (acts as normal IPv4 PE)
IPv6 packets transported from 6PE to 6PE over Label Switch Path
IPv6 addresses exist in global table of PE routers only
IPv6 addresses exchanged between 6PE using MP-BGP session
Core uses IPv4 control plane (LDPv4, TEv4, IGPv4, MP-BGP)
Benefits from MPLS features such as FRR, TE
IPv4
MPLS
CE
IPv6
IPv6
6PE3 P P 6PE4 CE
IPv6
IPv6
MPLS IPv4 Backbone IPv6 Network IPv6 Network
BGP
Label
IPv6
Packet
LDP
Label
CE CE 6PE1 P P 6PE2
200.10.10.1 200.11.11.1
2001:db8:: 2001:f00d::
IPv6
Packet
IPv6
Packet
iBGP
exchange IPv6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 31
Services using MPLS 6PE
Connects IPv6 islands over MPLS core (Transits edge to edge)
Transition mechanism for providing unicast IPv6 access
Coexistence mechanism for combining IPv4 and IPv6 services
As other IPv6 ―tunnel‖ technologies, enables services such as
IPv6 Internet Access
Peer-to-peer connectivity
Access to IPv6 services supplied by the SP itself
IPv4
MPLS
CE3
IPv6
IPv6
6PE3 P P 6PE4 CE
4 IPv6
IPv6
MPLS IPv4 Backbone IPv6 Network IPv6 Network
BGP
Label
IPv6
Packet LDP
Label
CE1 CE2 6PE1 P P 6PE2
200.10.10.1 200.11.11.1
2001:db8:: 2001:f00d::
IPv6
Packet
IPv6
Packet
iBGP
exchange IPv6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 32
Routing And Label Distribution Example
IPv4
MPLS
CE3
IPv6
IPv6
6PE3 P P 6PE4 CE
4 IPv6
IPv6
IPv6
Packet
MPLS IPv4 Backbone IPv6 Network IPv6 Network
BGP
Label
IPv6
Packet LDP
Label
IPv6
Packet
CE1 CE2 6PE1 P P 6PE2
200.10.10.1 200.11.11.1
2001:db8:: 2001:f00d::
LDPv4 {Pop}
MP-eBGP
LDPv4 {27} LDPv4 {48}
MP-eBGP IPv6 MP-iBGP
Advertises
2001:f00d::
to 6PE1
Advertises
2001:f00d:: to 6PE2
BGP Next Hop ::ffff:200.10.10.1
Label Binding {65}
Binds label
{Pop} to
200.10.10.1
Binds label
{27} to
200.10.10.1
Binds label
{48} to
200.10.10.1
Advertises
2001:f00d::
to CE2
IGPv4 IGPv4 IGPv4
200.10.10.1
reachable
200.10.10.1
reachable
200.10.10.1
reachable
iBGP
exchange IPv6 eBGP eBGP
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 33
6PE Label Forwarding
IPv4
MPLS
CE3
IPv6
IPv6
6PE3 P P 6PE4 CE
4 IPv6
IPv6
IPv6
Packet
MPLS IPv4 Backbone IPv6 Network IPv6 Network
BGP
Label
IPv6
Packet LDP
Label
IPv6
Packet
CE1 CE2 6PE1 P P 6PE2
200.10.10.1 200.11.11.1
2001:db8:: 2001:f00d::
2001:f00d:: 2001:f00d::
{65}
{48}
2001:f00d::
{65}
2001:f00d::
{65}
{27}
2001:f00d::
LDP IPv4 Label
BGP IPv6 Label
IPv6 Prefix
IPv6 MPLS MPLS MPLS IPv6
Item Value
IPv6
Prefix:
BGP Label:
BGP NH:
IPv4 NH:
LDP Label:
2001:f00d::
{65}
::ffff:200.10.10.1
200.10.10.1
{48}
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 34
IPv4
MPLS
6PE Configuration
CE3
IPv6
IPv6 as65014
6PE3 P P 6PE4 CE
4 IPv6
IPv6 as65015
IPv6
Packet
MPLS IPv4 Backbone IPv6 Network IPv6 Network
BGP
Label
IPv6
Packet LDP
Label
IPv6
Packet
CE1 CE2 6PE1 P P 6PE2
200.10.10.1 200.11.11.1
2001:db8:: 2001:f00d::
ipv6 cef
!
interface loopback0
ip address 200.10.10.1 255.255.255.0
!
router bgp 100
neighbor 2001:f00d:1::1 remote-as 65014
neighbor 200.11.11.1 remote-as 100
neighbor 200.11.11.1 update-source lo0
!
address-family ipv6
neighbor 200.11.11.1 activate 6PE2
neighbor 200.11.11.1 send-label
neighbor 2001:f00d:1::1 activate CE1
ipv6 cef
!
interface loopback0
ip address 200.11.11.1 255.255.255.0
!
router bgp 100
neighbor 2001:DB8:1::1 remote-as 65015
neighbor 200.10.10.1 remote-as 100
neighbor 200.10.10.1 update-source lo0
!
address-family ipv6
neighbor 200.10.10.1 activate 6PE1
neighbor 200.10.10.1 send-label
neighbor 2001:DB8:1::1 activate CE2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 35
IPv4
MPLS
IPv6 VPN 6VPE (RFC 4659)
IPv4
IPv6
P P
IPv6
Packet
MPLS IPv4 Backbone IPv6/IPv4 Network IPv6/IPv4 Network
VPN
Label
IPv6
Packet LDP
Label
IPv6
Packet
CE1 6VPE1
P P
10.1.1.0/24
2001:db8:beef:1::/64
VRF
200.10.10.1 200.11.11.1
CE2
IPv4
IPv6 VRF
10.1.2.0/24
2001:db8:beef:2::/64
172.16.3.1/30
2001:db8:cafe:3::/64
172.16.1.0.0/30
2001:db8:cafe:1::/64
6VPE uses existing IPv4 MPLS infrastructure to provide IPv6 VPN
Core uses IPv4 control plane (LDPv4, TEv4, IGPv4)
PEs must support dual stack IPv4+IPv6
Offers same architectural features as MPLS-VPN for IPv4
RTs, VRFs, RDs are appended to IPv6 to form VPNv6 address
MP-BGP distributed both VPN address families
BGP NH uses IPv4 to IPv6 mapped address format ::ffff:A.B.C.D
VRF can contain both VPNv4 and VPNv6 routes
Solution suitable for IPv6 support to enterprises and government with VPN
6VPE2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 36
IPv4
MPLS
Services Using 6VPE
IPv4
IPv6
P P
IPv6
Packet
MPLS IPv4 Backbone IPv6/IPv4 Network IPv6/IPv4 Network
VPN
Label
IPv6
Packet LDP
Label
IPv6
Packet
CE1 6VPE1
P P
10.1.1.0/24
2001:db8:beef:1::/64
VRF
200.10.10.1 200.11.11.1
CE2
IPv4
IPv6 VRF
10.1.2.0/24
2001:db8:beef:2::/64
172.16.3.1/30
2001:db8:cafe:3::/64
172.16.1.0.0/30
2001:db8:cafe:1::/64
For VPN customers, IPv6 VPN service is exactly as IPv4 VPN service
6PE is ―like VPN‖ but prefixes are in global table, 6VPE is true VPN
6VPE enables services such as
IPv6 VPN Access
Carriers Supporting Carrier
Access to IPv6 services supplied by the SP itself
6VPE2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 37
IPv4
MPLS
CE1 Configuration
IPv4
IPv6
P P
IPv6
Packet
MPLS IPv4 Backbone IPv6/IPv4 Network IPv6/IPv4 Network
VPN
Label
IPv6
Packet LDP
Label
IPv6
Packet
CE1 6VPE1
P P
10.1.1.0/24
2001:db8:beef:1::/64
VRF
200.10.10.1 200.11.11.1
CE2
IPv4
IPv6 VRF
10.1.2.0/24
2001:db8:beef:2::/64
172.16.3.1/30
2001:db8:cafe:3::/64
172.16.1.0/30
2001:db8:cafe:1::/64
ipv6 unicast-routing
ipv6 cef
!
interface Ethernet0/0
description Link to PE1
ip address 172.16.1.1 255.255.255.0
ipv6 address 2001:db8:cafe:1::1/64
!
interface Ethernet1/0
description to GREEN LAN
ip address 10.1.1.1 255.255.255.0
ipv6 address 2001:db8:beef:1::1/64
ipv6 rip GREEN enable
router bgp 500
neighbor 2001:db8:cafe:1::2 remote-as 100
neighbor 172.16.1.2 remote-as 100
!
address-family ipv4
redistribute eigrp 100
neighbor 172.16.1.2 activate 6VPE1
exit-address-family
!
address-family ipv6
neighbor 2001:db8:cafe:1::2 activate 6VPE1
redistribute rip GREEN
exit-address-family
6VPE2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 38
vrf definition GREEN
rd 200:1
address-family ipv4
route-target export 200:1
route-target import 200:1
exit-address-family
!
address-family ipv6
route-target export 200:1
route-target import 200:1
exit-address-family
IPv4
MPLS
New Multi-AF VRF Configuration
New VRF AF definition
Allows address-families
Each with unique or common policies
vrf upgrade-cli multi-af-mode {common-
policies | non-common-policies} [vrf
<name>]
This command can update existing VRF definitions
IPv4
IPv6
P P
IPv6
Packet
MPLS IPv4 Backbone IPv6/IPv4 Network IPv6/IPv4 Network
VPN
Label
IPv6
Packet LDP
Label
IPv6
Packet
CE1 6VPE1
P P
10.1.1.0/24
2001:db8:beef:1::/64
VRF
200.10.10.1 200.11.11.1
CE2
IPv4
IPv6 VRF
10.1.2.0/24
2001:db8:beef:2::/64
172.16.3.1/30
2001:db8:cafe:3::/64
172.16.1.0/30
2001:db8:cafe:1::/64
! Common RT policies go here
6VPE2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 39
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
ip address 200.10.10.1 255.255.255.255
!
interface Ethernet0/0
Description Link to CE1
vrf forwarding GREEN
ip address 172.16.1.2 255.255.255.0
ipv6 address 2001:db8:cafe:1::2/64
IPv4
MPLS
6VPE1 General Configuration
IPv4
IPv6
P P
IPv6
Packet
MPLS IPv4 Backbone IPv6/IPv4 Network IPv6/IPv4 Network
VPN
Label
IPv6
Packet LDP
Label
IPv6
Packet
CE1 6VPE1
P P
10.1.1.0/24
2001:db8:beef:1::/64
VRF
200.10.10.1 200.11.11.1
CE2
IPv4
IPv6 VRF
10.1.2.0/24
2001:db8:beef:2::/64
172.16.3.1/30
2001:db8:cafe:3::/64
172.16.1.0/30
2001:db8:cafe:1::/64
!
interface Ethernet2/0
description Link to Core Network
ip address 192.168.1.1 255.255.255.252
mpls ip
!
router ospf 1
log-adjacency-changes
redistribute connected subnets
passive-interface Loopback0
network 192.168.1.0 0.0.0.255 area 0
6VPE2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 40
router bgp 100 neighbor 200.11.11.1 remote-as 100 neighbor 200.11.11.1 update-source lo0 ! address-family ipv4 Internet Routes neighbor 200.11.11.1 activate no auto-summary no synchronization exit-address-family ! address-family vpnv4 To 6VPE2 neighbor 200.11.11.1 activate neighbor 200.11.11.1 send-community ext exit-address-family
IPv4
MPLS
6VPE1 BGP Configuration
IPv4
IPv6
P P
IPv6
Packet
MPLS IPv4 Backbone IPv6/IPv4 Network IPv6/IPv4 Network
VPN
Label
IPv6
Packet LDP
Label
IPv6
Packet
CE1 6VPE1
P P
10.1.1.0/24
2001:db8:beef:1::/64
VRF
200.10.10.1 200.11.11.1
CE2
IPv4
IPv6 VRF
10.1.2.0/24
2001:db8:beef:2::/64
172.16.3.1.0/30
2001:db8:cafe:3::/64
172.16.1.0/30
2001:db8:cafe:1::/64
address-family vpnv6 To 6VPE2 neighbor 200.11.11.1 activate neighbor 200.11.11.1 send-community ext exit-address-family ! address-family ipv4 vrf GREEN To CE1 redistribute connected neighbor 172.16.1.1 remote-as 500 neighbor 172.16.1.1 activate exit-address-family ! address-family ipv6 vrf GREEN To CE1 neighbor 2001:db8:cafe:1::1 remote-as 500 neighbor 2001:db8:cafe:1::1 activate exit-address-family
6VPE2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 41
IPv4
MPLS
6VPE2 IPv6 VRF Routes
IPv4
IPv6
P P
IPv6
Packet
MPLS IPv4 Backbone IPv6/IPv4 Network IPv6/IPv4 Network
VPN
Label
IPv6
Packet LDP
Label
IPv6
Packet
CE1 6VPE1
P P
10.1.1.0/24
2001:db8:beef:1::/64
VRF
200.10.10.1 200.11.11.1
CE2
IPv4
IPv6 VRF
10.1.2.0/24
2001:db8:beef:2::/64
172.16.3.1.0/30
2001:db8:cafe:3::/64
172.16.1.0/30
2001:db8:cafe:1::/64
6VPE2#show ipv6 route vrf GREEN
B 2001:db8:beef:1::/64 [200/0]
via 200.10.10.1%Default-IP-Routing-Table, indirectly connected
B 2001:db8:beef:2::/64 [20/0]
via FE80::A8BB:CCFF:FE01:FA00, Ethernet1/0
B 2001:db8:cafe:1::/64 [200/0]
via 200.10.10.1%Default-IP-Routing-Table, indirectly connected
C 2001:db8:cafe:3::/64 [0/0]
via Ethernet1/0, directly connected
L 2001:db8:cafe:3::2/128 [0/0]
via Ethernet1/0, receive
L FF00::/8 [0/0]
via Null0, receive
6VPE2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 42
IPv6 Deployment and Considerations
IPv6 Market Trends
IPv6 Planning Steps
IPv6 Addressing
IPv6 Deployment Options
ASIAGOV Case Study
Agenda
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 43
Customer Background
APAC Governmental Agency: ASIAGOV
Customer Drivers for IPv6
– As per the national mandate, ensuring that country is viewed as a technology leader in the region.
– To serve as a leading example for local ISPs and Enterprises to facilitate their eventual IPv6 protocol integration.
Primary Goal is a public facing IPv6 rollout (Web + Mail Servers)
Secondary Goal is an internal IPv6 rollout (IPv6 Internet Access, Web development)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 44
IPv6 Assessment Engagement
Purpose of Cisco Engagement
To provide an IPv6 Architecture and Assessment for ASIAGOV that:
– Reviews the network infrastructure and application architecture
– Recommends best practices and appropriate implementation approach
– Reviews and recommends improvements on security and network administration, operation and support design
– Recommends an implementation roadmap of the IPv6 network protocols
Consultancy Scope
Core1: L3 MPLS VPN Network for connectivity to services
Core2: L3 MPLS VPN Network for connectivity to Gov’t Bureaus
ServicesNet: Central Services (Internet Proxy, Web Hosting, etc.)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 45
ASIAGOV Network
Internet
Core2
Core1
B/D
B/D
SVC1
SVC4
SVC2
SVC3 EBGP
ServicesNET: Service Blocks
Core2 Core1
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 46
IPv6 Engagement Methodology
Information Gathering &
Data Consolidation
HLD Strategy
Assessment
Documentation
Optimization
Initial Workshops (objective, c..)
Ongoing Interviews
Consolidated Network Device and Server Application
Reviewed Objective and Identified Design Options
Selected most applicable Network Design Approach
Feature Requirements List Assessed Devices against features
and current HW/SW
Identified Support and Caveats
Identified Roadmap or Alternatives
Documented High Level Architecture
Documented Assessment
Adjusted Device/Application Spreadsheets
Document Comment and Revisions
Six week Nursing Period
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 47
IPv6 Consultancy Report Summary
Network Architecture Recommendations
– High Level IPv6 solution and recommended option
– Combination of 6VPE and Dual Stack
– IPv6 Best Practices
Assessment Report by Network Services Block
– Network Devices & Appliances: Cisco and/or 3rd Party
– Servers & Applications: Server OS and specific Apps
– Short and Long-term IPv6 solutions
Integration Report
– Recommended High Level Integration Approach
– Suggested PDI and Testing
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 48
IPv6 High Level Architecture Design - Mail
Internet
Core1
6VPE
Router
Core1
6VPE
Router
MAIL CE
L2/L3
Switch
MAIL CE
L2/L3
Switch
No change to current Mail IPv4 network architecture
Dual Stack IPv6 protocol added by hardware and software upgrade
Short Term Approach
Upgrade H/W and S/W for IM Switches
Load Balancer S/W upgrade
Add new MTA to support IPv6 email exchange
No IPv6 support for POP, IMAP, SMTP auth and Webmail services
Software / Appliance remain in IPv4 (e.g. Mail Scanner, Opensource DB server)
Long Term Approach
Application Software/OS Upgrade (e.g. Webmail Scanner, PC OS, etc..)
Application Software / Appliance Replacement (e.g. various Mail Scanning applications etc..)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 49
Key Customer Benefits
Assessment provided a holistic view in both architecture and assessment inclusion (software apps/OS).
Device Assessment which identified SW and HW gaps so that ASIAGOV facilitated determining upcoming budget requirements.
Provided ASIAGOV with long and short term solutions to certain application or architectural shortcomings.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 50
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 51
Complete Your Session Evaluation
Please give us your feedback!!
Complete the evaluation form you were given when you entered the room
This is session BRKxxx-xxxx
Don’t forget to complete the overall event evaluation form included in your registration kit
YOUR FEEDBACK IS VERY IMPORTANT FOR US!!! THANKS