ipv6 in enterprise unified communications...

IPv6 in Enterprise Unified Communications Networks

BRKCOL-2020

Tony Mulchrone - Technical Marketing EngineerCisco Collaboration Technology Group

IPv6 Addressing summaryIPv6 and UC Networks summaryIPv6 Addressing and Cisco devicesDHCP and DNS for IPv6IPv6 Campus and WAN Deployment OptionsIPv6 UC Configuration CUCM IPv6 Device Configuration Parameters and Media HandlingOther IPv6 Design ConsiderationsIPv6 UC Deployment GuidelinesSummary

Agenda

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Why Deploy IPv6 ?

• IPv6 deployment is primarily driven by IPv4 address space exhaustio

• The number of applications, devices, services requiring IP addresses is rapidlyincreasing as the world becomes more and more IP centric

• Addresses in IPv6 are 128 bits long versus 32 bits IPv4 address. The larger addressspace avoids the potential exhaustion of IP addresses without need for NetworkAddress Translation.

• By avoiding the need for complex sub-netting scheme, IPv6 addressing space easierto understand, making administration of medium and larger networks simpler.

• IPv6 hosts can be configured automatically using Stateless Address Auto-Configuration (SLACC) when connected to a routed IPv6 network using ICMPv6 routerdiscovery messages.

BRKCOL-2020 4


• IPv4 uses 32 bits

• = ~ 4,200,000,000 possible addressable nodes

• CIDR and NAT techniques used to make the best possible use of address space

• IPv6 uses 128 bits

• = 340,282,366,920,938,463,463,374,607,431,768,211,456 nodes

• = 52 Trillion Trillion addresses per person in the world

• = More than enough

• Allows for scalable, simple and easily understandable addressing schemes

IPv6 Addressing Space

IPv4 = 32 bits

IPv6 = 128 bits

BRKCOL-2020 5


IPv6 Address Format

• An IPv6 address is composed of 8 sets of 16 bit hexadecimal values, 128 bits in length

• 2001:0db8:1234:5678:9abc:def0:1234:5678• 16 bit hex values are separated by colons (:)

• Abbreviation is possibleLeading zeros can be omitted

Consecutive zeros in contiguous blocks can be represented by (::)• 2001:0db8:0000:130F:0000:0000:087C:140B • becomes• 2001:0db8:0:130F::87C:140BDouble colons can only appear once in the address

• Network prefix representation like IPv4 CIDR ---

• e.g. 2001:db8:12::/64

BRKCOL-2020 6


IPv6 Address Network and Host IDs

XXXX:XXXX:XXXX:XXXX:YYYY:YYYY:YYYY:YYYY

Host ID

64 Bits64 Bits

Network ID

00 90 27 FF FE 17 FC 0F

FF FE

00 90 27 17 FC 0F

00 90 27 17 FC 0F

000000U0 Where U=

1 = Unique ID

0 = Not Unique

02 90 27 FF FE 17 FC 0F

U = 1

IPv6 Unicast addresses use 64 bits for the Network ID and 64 bits for the Host ID

The Host ID can be auto-configured by :

1) Using a randomly generated number, or

2) By using the (Extended Unique Identifier) EUI-64 format. This format expands the 48 bit MAC address to 64 bits by inserting FFFE into the middle 16 bits. Cisco commonly uses this Host ID format.

3) The host ID can also be assigned using DHCPv6 or manually configured

BRKCOL-2020 7


IPv6 - Addressing Model

• Addresses are assigned to interfaces

• An Interface is expected to have multiple addresses

• Addresses have “scope”

Link Local

Unique Local

Global Link LocalUnique LocalGlobal

BRKCOL-2020 8


Primary Types of IPv6 Address

• Unicast AddressIdentifies a single node/interface. Traffic destined to a Unicast address is forwarded to a single interface

• Multicast AddressIdentifies a group of nodes/interfaces. Traffic destined to a Multicast address is forwarded to all the nodes in the group

• No more Broadcast addressesToo resource intensive, IPv6 uses Multicast addresses instead

BRKCOL-2020 9


Link-Local Unicast Addresses

Link-Local Addresses are :

• Mandatory addresses - used exclusively for communication between two IPv6 devices on the same link.

• Automatically assigned by the device as soon as IPv6 is enabled

• Only Link Specific scope – not routed

• Remaining 54 bits of network ID are typically zero but could be set to any manually configured value

• Interface ID has the same meaning for all unicast addresses, 64 bits long using the EUI-64 format

• Example - FE80:0000:0000:0000:0987:65FF:FE01:2345

• Generally represented as FE80::987:65FF:FE01:2345

Remaining 54 Bits

128 Bits

Interface ID

1111 1110 10

FE80::/10

10 Bits

BRKCOL-2020 10


Unique-Local Unicast Addresses

Unique-Local Addresses are :

• Analogous to Private IPv4 addresses (e.g. 10.1.1.254)

• Not Routable on the Internet – (would require IPv6 NAT)

• Global IDs do not have to be aggregated

• Subnet IDs are defined by the administrator of the local domain

• Subnet IDs typically use a hierarchical addressing plan to allow for route summarization

• Interface ID has the same meaning for all unicast addresses, 64 bits long using the EUI-64 format

• Example - FD00:aaaa:bbbb:CCCC:0987:65FF:FE01:2345

Global ID 40 Bits

Subnet ID

16 Bits

128 Bits

Interface ID

1111 110

FD00::/7

7 Bits

1

1 Bit : L = 1 Locally assigned; L = 0 Future Use

BRKCOL-2020 11


Global Unicast Addresses

Global Unicast Addresses are :

• Routable / reachable across the Internet

• Identified by their 3 high level bits set to 001 ( 2000::/3 )

• Global Routing Prefix assigned to Regional Internet Registries by Internet Assigned Numbers Authority (IANA) – Next Level Aggregator (NLA) assigned to ISP

• Site Level Aggregator (Subnet ID) assigned to a customer by their Service Provider

• Example - 2001:0DB8:BBBB:CCCC:0987:65FF:FE01:2345

001

64 Bits3 21 Bits 16 Bits

LAN Host

Global Prefix

TLA SLA Interface ID

24 Bits

RIR ISP

NLA

/24 /48 /64

Network ID


IPv6 Multicast Addresses

IP multicast addresses have a prefix FF00::/8 (1111 1111)

The second octet defines the lifetime and scope of the multicast address

Used for Router Advertisements, DHCP, Multicast Applications

Multicast addresses are always destination addresses

Lifetime

0 If Permanent

1 If Temporary

Scope

1 Node

2 Link

5 Site

8 Organization

E Global

Group-IDScopeLifetime1111 1111

112-bits4-bits4-bits8-bits

128 Bits

BRKCOL-2020 13


Address Scope Meaning

FF01::1 Node-Local Same Node

FF02::1 Link-Local All Nodes on a Link

FF01::2 Node-Local Same Router

FF02::2 Link-Local All Routers on a Link

FF05::2 Site-Local All Routers on Intranet

FF02::1:FFXX:XXXX Link-Local Solicited-Node

Some Well-Known Multicast Addresses

More details at http://www.iana.org/assignments/ipv6-multicast-addresses

Solicited Node Addresses - Used for Neighbor Discovery and Duplicate Address Detection

http://www.iana.org/assignments/ipv6-multicast-addresses


Agenda


IPv4 and IPv6 – Icons and Terminology

IPv4 Only

Device communicates with and understands IPv4 addresses only

IPv6 Only


Dual Stack (IPv4 and IPv6) with ANAT

This device communicates with and understands both IPv4 and IPv6 addressesand can also negotiate the use of either IPv4 or IPv6 for media

IPv6 Aware

Device communicates with IPv4 addresses, but can receive and understand IPv6addresses embedded in Application PDUs – Typically used by applications whichuse IPv4 to transport IPv6 information

v4 v6

v6v4

v4

v6

BRKCOL-2020 16


IPv4 and IPv6 Product Support UC11.X - Summary (1 of 2)

• Call ControlCUCM 7.1(2)+ IM & P Services 10.5(1) – External Connections only e.g. federationCUBE 12.4(22)T+CUCME 8.0+

• Cisco IP Phones

7906G, 7911G, 7931G, 7941G, 7941GE, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G-GE, 7975G

6901, 6911, 6921, 6922, 6941, 6942, 6945, 6946, 6961, 6962

3905, 7821, 7841, 7845, 7861, 8961, 9951, 9971

SIP based Cisco Telepresence Endpoints:

C20, C40, C60, C90, MX Series, DX Series, EX Series, SX20, SX60

v6v4v4 v6

v6v4v4 v6

BRKCOL-2020 17


• Gateways

IOS SIP Gateways – ISR G2 , ASR

SCCP/SIP Analogue Gateways – VG Gateway platforms

SCCP FXS ports on ISR G2 routers

IOS software and harwdare MTPs for IPv4 - IPv6 RTP Media conversion

CUBE IPv4 to IPv6 voice interworking

• CUCM SIP Trunks

IPv4/IPv6 signalling, ANAT for Dual stack media negotiation

• Applications

Unity Connection – IPv4, IPv4/IPv6 ANAT

Cisco WebEx Meeting Server – IPv4, IPv4/IPv6 ANAT for Web/Audio connections only.

Cisco Prime Collaboration Suite – IPv4, IPv6 Aware

Cisco Meeting Server - IPv4, IPv6

Cisco Telepresence Server - IPv4, IPv4/IPv6 ANAT; Cisco TP Conductor – IPv4

IPv4 and IPv6 Product Support UC11.X - Summary (2 of 2)v6v4v4 v6

v6v4v4 v6

v6v4v4 v6

BRKCOL-2020 18


MGCP/ H323Gateways

Cisco Expressway C/E

CUCME (SCCP Phones only)

SRST

CUBE / SIPGateways

Newer SCCP based Phones

Newer SIP based Phones

SIP Trunks

IPv4/IPv6 IPv4 Only

H323 ICT Trunks

Older SCCP based Phones

Jabber Mobile Clients

Soft Phones

SIP TelePresence Endpoints

v4

v4

v4 v4

v4v4

v4

VG Analogue Gateways

SCCP ISR Analogue Ports

Older SIP based Phones

v4v6v4

v6v4

v6v4 v6v4

v6v4

v6v4 v6v4

v6v4

v6v4

IPv6 Capable UC Devices – Summary

BRKCOL-2020 19


Unity Connection

IOS based DHCP/ DNS

Cisco Prime Collaboration Suite

Cisco Emergency Responder

Cisco Webex Meeting Server



SIP Trunks

IPv4/IPv6 IPv4 Only

H323 ICT Trunks

Unified Contact

Centre

Telepresence Server

TelePresence Endpoints

v4

IM&P

Directory

Unity Express

v4

v4

v6v4

v4

v6v4

v6v4

v6v4

v6v4

v6v4 v6v4

v4 v6

v6v4

v4

v6v4

IPv6 Capable UC Applications - Summary

v4

v4 v6

Cisco Meetings Server v6


Agenda


IPv6 – CUCM Addressing

• CUCM can support:One Link Local IPv6 Address and

One Unique Local IPv6 Address or

One Global IPv6 Address

(and an IPv4 address)

v6v4v4

BRKCOL-2020 22


IPv6 – IP Phone Addressing

• IP Phones can support:One Link Local IPv6 Address and Multiple Unique Local IPv6 AddressesMultiple Global IPv6 Addresses(and an IPv4 address)

• IP Phone will use one IPv6 address (Global or Unique Local) for CUCM signaling and media.

• A Link Local address will never be sent to CUCM as a signaling and media address

• If the phone has both Unique Local and Global addresses, the Global Addresses take precedence over Unique Local Addresses.

• If multiple Unique Local or multiple Global addresses exist - the first address configured will be used as the signaling and media address sent to CUCM

v6v4v4 v6

BRKCOL-2020 23


IPv6 – IOS Addressing

• IOS devices can support:One Link Local IPv6 Address andMultiple Unique Local IPv6 AddressesMultiple Global IPv6 Addresses(and multiple IPv4 addresses)Per Interface

• Routers use Link Local Addresses for Routing protocols and the Address Selection Algorithm (RFC 3484) for applications running on routers (Telnet, SSH, etc.)

• e.g. For responses to devices - Routers will try to use the same Network Prefix as the device initiating communications

v6v4v4 v6

BRKCOL-2020 24


Agenda


IP Phones – IPv4 and IPv6 Address Allocation Options

• IPv4 Address Configuration Options

• Manual Configuration via Phone User Interface

• DHCPv4

• IPv6 Address Configuration Options

• Manual Configuration via Phone User Interface

• Auto Configuration

• DHCPv6

• Note - Phones require a minimum of an IP address and TFTP server address

• IOS supports DHCPv6 server with vendor option classes

BRKCOL-2020 26


IP Phone – IPv6 Address Allocation – SLAACStateLess Address Auto-Configuration (SLAAC) - RFC 2462

• Configurable for IPv6 enabled Phones CUCM Default - Auto Configuration = On

• On power up phone sends a Router Solicitation (RS) message requesting Address configuration information

• Router responds and periodically sends a Router Advertisement (RA)

• RA can contain one or more Network Prefixes

• Network Prefix and EUI-64 Host ID used to create interface address

• RA also contains O and M bits:O bit = 1 • Indicates that the Phones should use the advertised Network Prefix(es) to auto-configure its address,

but should also request Other information from the DHCP server e.g. TFTP server address, DNS server address

M bit =1 • Indicates that the Phone should use DHCP for stateful address assignment

BRKCOL-2020 27


IPv6 – Router Advertisements and DHCP Operation

RA with “O” and /or “M” bit set

IP PhoneDHCPv6 Client

Solicit

Advertise

Request

ReplyDHCPv6 Server

Stateless DHCPWhen a router sends an Router Advertisement (RA) with the ‘O’ bit set, but does not set the ‘M’ bit, the client can use Stateless Address Auto-configuration (SLAAC) to obtain its IPv6 address, and use DHCPv6 for obtaining additional information. (e.g. TFTP Server address, DNS server address). This mechanism is known as Stateless DHCPv6, because the DHCPv6 server does not need to keep track of the client address bindings.Stateful DHCPWhen a router sends an RA with the ‘M’ bit set, this indicates that clients should use DHCP to obtain Addresses. Note - When the M bit is set, the setting of the O bit is irrelevant, since the DHCP server will also return “Other” configuration information together with addresses. This mechanism is known as Stateful DHCPv6, because the DHCPv6 server does keep track of the client address bindings.

BRKCOL-2020 28


IP Phones – IPv6 Address Allocation - DHCPv6 Methods:

• Stateless DHCPv6 (RFC 3736)DHCP server only provides Other Information – e.g. DNSv6 Server, TFTP Server address

• Stateful DHCPv6 (RFC 3315)DHCP server provides IPv6 Network Address and optionally :

• Host ID - Host ID can also be generated by host using EUI-64• Other Information – e.g. DNS Server address, TFTP Server Address• Note Default Router address is not a required option with IPv6 - Multicast is used instead to discover Routers on the Link

• DHCPv6 Prefix Delegation (RFC 3633)Primarily used by Service Providers to automatically assign a Network Prefix to a customer’s site –Allows the delegation of prefixes from a delegating router to requesting routers.

• Devices use Multicast to find DHCPv6 servers

• IOS DHCP Relay is supported

BRKCOL-2020 29


IPv6 – DNS

• CUCM can use DNS Name to Address Resolution for three purposes :

If DNS names are used to define CUCM servers

If SIP Route Patterns use DNS names to define destinations

If SIP Trunks use DNS names to define Trunk destinations

• The principle for IPv6 DNS is the same as IPv4 but :

The nomenclature is differentAAAA instead of A records

DNS name to address queries can return multiple IPv6 addresses (and an IPv4 address)

IPv4 IPv6

Hostname to IP Address Resolution

A record:

www.abc.test. A 192.168.30.1

AAAA record:

www.abc.test AAAA 2001:db8:C18:1::2

IP Address to Hostname Resolution

PTR record: 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.c.0.8.b.d.0.1.0.0.2.ip6.arpa PTR www.abc.test.

PTR record:

1.30.168.192.in-addr.arpa. PTR www.abc.test.

BRKCOL-2020 30


Agenda


General IPv6 Deployment Guidelines

• Almost all IPv6 deployments will run a combination of IPv4 and IPv6

• Both LAN and WAN environments also need to be considered when deploying IPv6 for UC

• In almost all cases…… Dual Stack deployments offer the best approach when introducing IPv6 into any network environment - As both IPv4 devices and Dual Stack (IPv4/IPv6) devices can interoperate and disruption to the existing network is minimal.

• In the following sections we will focus on IPv6 deployments for UC. We will touch upon the Campus and WAN environments, but mainly to reference existing design guidance for IPv6 deployment

BRKCOL-2020 32


IPv6 Campus DeploymentsDual Stack Campus Model

Dual Stack is the preferred and most versatile way to deploy IPv6 in existing IPv4 environments. Dual Stack is not the only IPv6 deployment option in a Campus environment - other hybrid models that use tunnelling in the Campus network also exist.

For more info see : Deploying IPv6 in Campus networks http://www.cisco.com/application/pdf/en/us/guest/netsol/ns107/c649/ccmigration_09186a00807753a6.pdf

Also : This week at Cisco Live Berlin BRKRST-2301 Enterprise IPv6 Deployment - 9am Friday

BRKCOL-2020 33

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns107/c649/ccmigration_09186a00807753a6.pdf


Campus IPv6 Deployment OptionsDual-Stack IPv4/IPv6

• IPv6 is transparent on L2 switches except for multicast -MLD snooping is available on most switching platforms

• IPv6 uses the same types of routing protocols as IPv4, but with some slight modifications to account for specific requirements of IPv6

The Catalyst platforms support Static, RIPng, EIGRP and OSPFv3 routing for IPv6

• IPv6 First Hop Redundancy Protocols such as HSRP & GLBP are supported by IOS routing platforms. HSRP & GLBP are supported by most Catalyst platforms

• Use Cisco First Hop Security for IPv6 to secure your Layer 2 environment (Cisco FHS includes RA guard, DHCP guard, IPv6 Snooping and more …http://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/aag_c45-707354.pdf

Distribution Layer

AccessLayer

CoreLayer

AggregationLayer (DC)

IPv6& IPv4 Dual Stack Hosts

AccessLayer (DC)

Dual-stackServer

Dual Stack

BRKCOL-2020 34

http://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/aag_c45-707354.pdf


DualStack

SPCloud

HeadquartersIPv6 WAN/Branch Deployment

• Cisco routers have supported IPv6 for a long time

• Dual-stack should be the focus of your implementation…but, some situations still call for tunneling

• IPv6 is supported for every media/WAN type (Frame Relay, leased-line, broadband, MPLS, etc.)……

• Don’t assume all features for every technology are IPv6-enabled Dual Stack Dual Stack

http://www.cisco.com/en/US/docs/solutions/Enterprise/Branch/BrchIPv6.html

Dual StackDual Stack

BRKCOL-2020 35


MGCP/ H323Gateways


CUCME (SCCP Phones only)

SRST

CUBE / SIPGateways



SIP Trunks

IPv4/IPv6 IPv4 Only

H323 ICT Trunks



Soft Phones

SIP TelePresence Endpoints

v4

v4

v4 v4

v4v4

v4


SCCP ISR Analogue Ports


v4v6v4

v6v4

v6v4 v6v4

v6v4

v6v4 v6v4

v6v4

v6v4

IPv6 Capable UC Devices – Summary

BRKCOL-2020 36


Unity Connection

IOS based DHCP/ DNS






SIP Trunks

IPv4/IPv6 IPv4 Only

H323 ICT Trunks

Unified Contact

Centre

Telepresence Server


v4

IM&P

Directory

Unity Express

v4

v4

v6v4

v4

v6v4

v6v4

v6v4

v6v4

v6v4 v6v4

v4 v6

v6v4

v4

v6v4

IPv6 Capable UC Applications - Summary

v4

v4 v6

Cisco Meetings Server v6


Agenda


IPv6 – CUCM Configuration Steps

• Server Platform IPv6 Address configuration

• CUCM IPv6 Address configuration

• CUCM IPv6 Cluster wide configuration

• IPv6 Device Specific configuration parameters

• Common Device configuration

• SIP Trunk configuration• SIP ANAT and CUCM Trunk Operation

BRKCOL-2020 39


Server OS Admin CLI commands :

To enable IPv6 :

“set network ipv6 service enable”

To set a static IPv6 server address :

"set network ipv6 static_address <addr> <mask>"

Using the DHCPv6 client is not recommended.

To view IPv6 address settings :

“show network ipv6 settings”

Server Ethernet Port - IPv6 Address ConfigurationTo allow IPv6 based call processing – IPv6 must first be enabled throughout the cluster.

This involves two steps:1) Configuring IPv6 via the OS CLI, or CUCM OS GUI on each server in the cluster (below)2) Configuring IPv6 via the CUCM GUI Server Configuration


CUCM Service - IPv6 Address Configuration

For the CUCM service

Configure an IPv6 address or nameIf a name is used, DNSv6 is required

This name / IPv6 address is used by the TFTP server in the configuration files that are sent to devices. The address is used by these devices for CUCM registration.

ICCS

TFTP

TFTP


CUCM Enterprise Parameters for IPv6Enable IPv6 Cluster-wide via CUCM GUIConfigure Cluster-wide:

IP Addressing Mode Preference for MediaIP Addressing Mode Preference for SignallingIPv6 for Phones

Signalling Preference and Phone Configuration settings are also configurable at the device level – Device setting takes precedence

BRKCOL-2020 42


IPv6 – CUCM Common Device Configuration

SIP Trunks

The Common Device Configuration is a configuration template that can be applied to Phones and Trunks.

For IPv6 capable devices the following values can be configured :

IP Addressing Mode: IPv4 Only - Device uses one IPv4 address onlyIPv6 Only - Device uses one IPv6 address onlyIPv4 and IPv6 - Device uses one IPv4 address & one IPv6 address

IP Addressing Mode Preference for Signalling: IPv4 only IPv6 only System Default

IPv6 Configuration For Phones :On/ Off/ Default



Agenda


IPv4 and IPv6 – Icons and Terminology

IPv4 Only


IPv6 Only


Dual Stack (IPv4 and IPv6) with ANAT

This device communicates with and understands both IPv4 and IPv6 addressesand can also negotiate the use of either IPv4 or IPv6 for media

IPv6 Aware

Device communicates with IPv4 addresses, but can receive and understand IPv6addresses embedded in Application PDUs – Typically used by applications whichuse IPv4 to transport IPv6 information

v4 v6

v6v4

v4

v6

BRKCOL-2020 45


IPv4 and IPv6 Product Support UC11.X - Summary (1 of 2)

• Call ControlCUCM 7.1(2)+ IM & P Services 10.5(1) – External Connections only e.g. federationCUBE 12.4(22)T+CUCME 8.0+

• Cisco IP Phones

7906G, 7911G, 7931G, 7941G, 7941GE, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G-GE, 7975G

6901, 6911, 6921, 6922, 6941, 6942, 6945, 6946, 6961, 6962

3905, 7821, 7841, 7845, 7861, 8961, 9951, 9971

SIP based Cisco Telepresence Endpoints:

C20, C40, C60, C90, MX Series, DX Series, EX Series, SX20, SX60

v6v4v4 v6

v6v4v4 v6

BRKCOL-2020 46


• Gateways

IOS SIP Gateways – ISR G2 , ASR

SCCP/SIP Analogue Gateways – VG Gateway platforms

SCCP FXS ports on ISR G2 routers

IOS software and harwdare MTPs for IPv4 - IPv6 RTP Media conversion

CUBE IPv4 to IPv6 voice interworking

• CUCM SIP Trunks

IPv4/IPv6 signalling, ANAT for Dual stack media negotiation

• Applications

Unity Connection – IPv4, IPv4/IPv6 ANAT

Cisco WebEx Meeting Server – IPv4, IPv4/IPv6 ANAT for Web/Audio connections only.

Cisco Prime Collaboration Suite – IPv4, IPv6 Aware

Cisco Meeting Server - IPv4, IPv6

Cisco Telepresence Server - IPv4, IPv4/IPv6 ANAT; Cisco TP Conductor – IPv4

IPv4 and IPv6 Product Support UC11.X - Summary (2 of 2)v6v4v4 v6

v6v4v4 v6

v6v4v4 v6

BRKCOL-2020 47


IPv6 – CUCM Phone Signaling and Addressing OptionsIPv4 Signalling

IPv4 Media

IPv6 Signalling

IPv6 MediaSCCP Phones7906G, 7911G, 7931G7941G, 7941GE, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G-GE, 7975G6901, 6911, 69216941, 6945, 6961

SIP Phones9951, 9971, 8961, 7821, 7841, 7845 , 7861, 6922, 6942, 6946, 6962, 3905

Telepresence Endpoints:C20, C40, C60, C90, MX Series, DX Series, EX Series, SX20, SX60

IP Addressing Mode: (For Media and Signalling)Phone uses one IPv4 address onlyPhone uses one IPv6 address onlyPhone uses one IPv4 address and one IPv6 address

IP Addressing Mode Preference for SignallingIPv4 only/ IPv6 only/ System Default

IPv6 for Phones - On/ Off/ Default

v6v4

v4

v6

v6v4

v6v4


IPv6 – CUCM Phone Signaling and Media Options

IPv6 is supported by the following Cisco Phones :

SCCP Phones7906G, 7911G, 7931G7941G, 7941GE, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G-GE, 7975G6901, 6911, 69216941, 6945, 6961

SIP Phones9951, 9971, 8961, 7821, 7841, 7845 , 7861, 6922, 6942, 6946, 6962, 3905

Telepresence Endpoints:C20, C40, C60, C90, MX Series, DX Series, EX Series, SX20, SX60

Dual Stack Phones use the Cluster-wide “IP Addressing mode for Media Preference” to select addressing mode (IPv4 or IPv6) for media between phones.

For IP Addressing Mode mis-matches between Phones - CUCM inserts an MTP for IPv4 IPv6 conversion

v4v6

v6v4

v6v4

v4 v6

v6v4

v6v4v6v4

IPv4

IPv6

Signalling

Signalling

IPv4

IPv6

Media

Media

MTP

v6v4

MTP

v6v4

BRKCOL-2020 49


IPv6 and CUCM Video CallsWith UC 10.0+ it is recommended that all Voice, Video and Telepresence endpoints are registered to CUCM. CUCM supports Video over IPv6 with UC 10.0Video Calls can generate multiple media streams e.g. audio, main video, desktop sharing, far end camera control…If an MTP is inserted into the call path – up to 16 media channels can be supported for a single call (IOS release 15.3(2)T +)

SIP Trunk

Audio

Main Video

Slide Video

Binary Floor Control

Far End Camera Control v6v4v6v4

BRKCOL-2020 50


IPv6 – IP Phones - Other Signaling Options

For IPv4 only CUCM and Phone deployments IPv4 is used in CDP/LLDP and for TFTP and HTTP services

Phones use IP to interact with other CUCM services and network based services:

Phone IP addresses are sent to access switches in CDP/ LLDPPhones use IP to contact their TFTP serverPhones use HTTP for Phones Services, Extension Mobility, Directory Look Ups etc

PUB

TFTP

CDP/LLDP

HTTP

TFTP

v4

v4

v4

v4

v4

BRKCOL-2020 51


PUB

TFTP

CDP/LLDP

HTTP

TFTP

IPv6 – IP Phones - Other Signaling OptionsPhones use IP to interact with other CUCM services and network based services:


For Dual Stack CUCM and Phone deployments IPv4 and IPv6 addresses are transported in CDP/LLDPTFTP can use IPv4 and/or IPv6HTTP services use IPv4 only

v6v4

v6v4

v6v4

v6v4

v4

BRKCOL-2020 52


IPv6 – CUCM Phones - Other Signaling OptionsPhones use IP to interact with other CUCM services and network based services:


IPv6 only HTTP and CDP/LLDP services will be introduced in a later Phase of IPv6 development

For IPv6 only CUCM and Phone deployments IPv6 addresses are transported in CDP/LLDP (Layer 2)TFTP can use IPv6No HTTP services are supported in IPv6

PUB

TFTP

CDP/LLDP

TFTP

v6v4

v6v4

v6

v6

BRKCOL-2020 53


IPv6 – VG Analogue Gateways and IOS FXS Analogue Ports

VG Analogue Gateways and IOS FXS ports can use MGCP or SCCP to register analog FXS ports (as Phones) with CUCMIf Analogue Gateways use SIP – Phones connect to CUCM via a SIP Trunk and support fewer features

IPv4

IPv6

Signalling

Signalling

IPv4

IPv6

Media

Media

Analog Phones

Analog Phones

VG224

VG Gateway

IOS Gateway

v6v4

v6v4

v6v4

v6v4

v6

BRKCOL-2020 54


IPv6 – CUCM SIP Gateways and SIP TrunksSignaling and Addressing Options

SIP Signalling

SIP based CUCM Trunks support IPv6

SIP based IOS Gateways support IPv6

IP Addressing Mode: (For Media and Signalling)Phone uses one IPv4 address onlyPhone uses one IPv6 address onlyPhone uses one IPv4 address and one IPv6 address - Recommended

IP Addressing Mode Preference for Signalling (outbound) IPv4 only/ IPv6 only/ System Default

Allow Auto-Configuration for Phones etc – N/A

v6v4

v6v4

v6v4

v6

v4

IPv4

IPv6

Signalling

Signalling

IPv4

IPv6

Media

Media


IPv6 – CUCM SIP Gateways and TrunksSignaling and Media Options

SCCP Signalling

IPv4

IPv6

Signalling

Signalling

IPv4

IPv6

Media

Media

Dual Stack SIP Gateways and Phones use the Cluster-wide “IP Addressing mode for Media Preference” to select addressing mode (IPv4 or IPv6) for media between phones.

For Media addressing mis-matches CUCM inserts an MTP for IPv4

IPv6 conversion

SIP Signalling

v6v4

v6v4

v6v4

v6

v4 v6

v4

v6v4

v6v4

PSTN

MTP

v6v4

MTP

v6v4

Negotiating Media for dual stack devicesAlternative Network Address Types (ANAT)


What is ANAT ?

Alternative Network Address TypeMedia lines in the Session Description Protocol (SDP) body are grouped using ANAT semantics to provide alternative types of network addresses to establish a particular media stream

The entity creating an SDP body with an ANAT group MUST be ready to receive (or send) media over any of the grouped 'm' lines

The identifiers of the media streams MUST be listed in order of preference in the group line

UC Manager supports Dual-Stack SIP devices using ANAT semantics

BRKCOL-2020 58


ANAT Attributes in Session Description Protocol (SDP)

Mid (Media Stream Identification) Uniquely identifies each media stream “m line” within the SDP body. Particularly useful when multiple media streams are present.

Group Used for grouping together different media streams. In ANAT context, used to group together identical media streams that use different address types. Specifies the address preference between the two alternate address types. All the "m" lines of a session description must be associated with a MID value to be considered for grouping.

BRKCOL-2020 59


IPv6 – SIP Gateways and Trunks –Alternative Network Address Types (ANAT) RFC 4091 & 4092

ANAT allows both IPv4 and IPv6 addresses to be exchanged in the SIP Offer and SIP AnswerDepending on which SIP header “sdp-anat” value is sent indicates whether ANAT is Required or Supported

The SDP body of the SIP Offer can contain both an IPv4 and IPv6 address – preference is indicated in the a=group:ANATfield (using the a=mid: values associated with each address)

The SDP body of the SIP Answer can contain both an IPv4 and IPv6 address – the selected address is indicated in the a=group:ANAT field (using the a=mid: values associated with each address). The UDP port number of the non-preferred IP address is set to 0

ACK with SDP (ANSWER)a=group:ANAT 2 m=audio 0 RTP/AVP 0c=IN IP4 10.10.1.1a=mid:1m=audio 10442 RTP/AVP 0c=IN IP6 2001:0db8:aaaa::0987:65ff:fe01:234ba=mid:2

200 (OK) with SDP (OFFER)a=group:ANAT 2 1m=audio 18356 RTP/AVP 0c=IN IP4 192.0.2.1a=mid:1m=audio 16462 RTP/AVP 0c=IN IP6 2001:0db8 bbbb::0123:45ff:fe32:191da=mid:2

v6v4

v6v4

SIP INVITE w/o SDP (Delayed Offer) – Supported : sdp-anat

v6v4

BRKCOL-2020 60


Voice and Video Call - Offer SDP with ANAT groupa=group:ANAT 1 2 Audio streamsa=group:ANAT 3 4 Video Streams

m=audio 21762 RTP/AVP 8c=IN IP6 2001:db8:123:1:ee44:76ff:fe1f:7f5ca=rtpmap:9 PCMA/8000a=mid:1 Audio stream with IPv6 Preference

m=audio 28512 RTP/AVP 8c=IN IP4 10.104.150.6a=rtpmap:8 PCMA/8000a=mid:2 Audio stream with IPv4 Preference

m=video 19696 RTP/AVP 98c=IN IP6 2001:db8:123:1:ee44:76ff:fe1f:7f5cb=TIAS:1000000a=rtpmap:126 H264/90000a=mid:3 Video stream with IPv6 Preference

m=video 31470 RTP/AVP 98c=IN IP4 10.104.150.6b=TIAS:1000000a=rtpmap:97 H264/90000a=mid:4 Video stream with IPv4 Preference

BRKCOL-2020 61


Voice and Video Call - Answer SDP with ANAT group

a=group:ANAT 1 Audio Stream with IPv6 addressa=group:ANAT 3 Video Stream with IPv6 address

m=audio 28354 RTP/AVP 8c=IN IP6 2001:db8:123:1:128c:cfff:fe75:8208a=rtpmap:9 PCMA/8000a=mid:1

m=audio 0 RTP/AVP 8c=IN IP4 0.0.0.0a=rtpmap:8 PCMA/8000a=mid:2

m=video 28512 RTP/AVP 98c=IN IP6 2001:db8:123:1:128c:cfff:fe75:8208b=TIAS:320000a=rtpmap:126 H264/90000a=mid:3

m=video 0 RTP/AVP 98c=IN IP4 0.0.0.0a=rtpmap:97 H264/90000a=mid:4

BRKCOL-2020 62


IPv6 – SIP Gateways and Trunks –Alternative Network Address Types (ANAT) – Media Mismatch

• If Early Offer is configured : “sdp-anat” is sent in the “Require :” SIP Header• If Delayed Offer is configured : “sdp-anat” is sent in the “Supported :” SIP Header

• If “sdp-anat” sent in :“Require header” – far end must send both IPv4 and IPv6 addresses (MTPs are likely to be required)“Supported header” – far end should send both IPv4 and IPv6 addresses (MTPs may be required)

• For Delayed Offer - If a media mismatch occurs CUCM will insert an MTP to convert from IPv4 – IPv6

ACK with SDP (ANSWER)m=audio 64244 RTP/AVP 0c=IN IP4 10.199.199.10

200 (OK) with SDP (OFFER)m=audio 18356 RTP/AVP 0c=IN IP4 192.0.2.1

v6v4SIP INVITE w/o SDP (Delayed Offer) – Supported : sdp-anat

v6

v4

MTP

v6v4

BRKCOL-2020 63


IPv6 SIP Trunks – Configuring IPv6 and ANAT

SIP INVITE w/o SDP (Delayed Offer) – Supported : sdp-anat

200 (OK) with SDPm=audio 18356 RTP/AVP 0c=IN IP4 192.0.2.1m=audio 16462 RTP/AVP 0c=IN IP6 20010db8:aaaa::0987:65ff:fe01:234b

v6v4 v6v4

ACK with SDPm=audio 18356 RTP/AVP 0c=IN IP4 192.168.1.1

v6v4v4


Common Device Configuration –Applies Addressing Mode and Signalling preference settings

Recommended Addressing Mode : IPv4 and IPv6 Recommended Trunk ConfigurationSIP Delayed Offer with ANAT for Voice & Video

IPv6 – CUCM SIP Trunk Configuration

IPv4 or IPv6 Destination Addresses

If IPv6 Destination Address is an SRV –Cluster wide DNSv6 address must be configured

SIP Profile – Applies ANAT setting

SIP Trunk with ANAT


CUCM SIP Trunks - Voice & Video IPv6 RecommendationsIPv4 Only SIP Trunk – Standard Configuration

IPv6 Only SIP TrunkAddressing Mode - IPv6 OnlySignalling Mode Preference – IPv6No ANATIPv6 Trunk destination address or server name (for signalling)SIP Delayed Offer only for Voice and Video calls

Dual Stack SIP Trunk with ANATAddressing Mode - IPv4 and IPv6Signalling Mode Preference – IPv4 or IPv6ANAT EnabledIPv4 or IPv6 Trunk destination address or server nameSIP Delayed Offer only for Voice and Video calls

In all cases - Determine the far end Trunk device’s capabilities :e.g. IOS Gateways : Always send SIP Early Offer - Can accept SIP Early and Delayed Offer calls. (Once the IOS SIP stack is configured as Dual Stack - ANAT is automatically enabled)

IOS IPv6 VOIP implementation Guide at http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2mt/ipv6-15-2mt-book/ip6-voip.html

BRKCOL-2020 67

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2mt/ipv6-15-2mt-book/ip6-voip.html


IPv6 – CUCM Dual Stack SIP Trunks – Delayed and Early Offer supportVoice and Video Deployment Scenarios and Operation

For CUCM SIP Trunks • You must use Delayed Offer on SIP Trunks for Voice and Video calls•“SIP EO for voice and video - Mandatory (insert MTP if needed)” does not support IPv6•“SIP EO for voice and video - Best Effort (No MTP inserted)” does not support IPv6• If “MTP Required” is used for Early Offer – Only Voice calls are supported

SIP Trunk Configuration Options•Dual Stack SIP Trunk - Delayed Offer – Voice and Video•Dual Stack SIP Trunk - Early Offer – MTP Required – Voice Only

• If Early Offer is configured : “sdp-anat” is sent in the “Require :” SIP Header• If Delayed Offer is configured : “sdp-anat” is sent in the “Supported :” SIP Header

• If “sdp-anat” sent in :•“Require Header” – far end must send both IPv4 and IPv6 addresses (MTPs may be required)• “Supported Hedaer ” – far end should send both IPv4 and IPv6 addresses (MTPs not required)

BRKCOL-2020 68


Agenda


IPv6 – Media Termination Points (MTPs) For Media IP Address Translation IPv4 IPv6

Supported MTPs for IP Address TranslationIOS H/W MTPs (NM-HDV2 with PVDM2, PVDM DSPs) and IOS S/W MTPs support

IPv4 IPv6 Media Translation for devices with mis-matched media address settings – MTPs use the pass-through codec -Encrypted media also supported

SRTP SRTP

v6

v4 v6

v4

v6 v4

SIP Trunk

Audio

Main Video

Slide Video

Binary Floor Control

Far End Camera Control

v6v4v6v4

With IOS release 15.3(2)T – Media Termination Points support up to 16 media channels per call

MTP

v6v4

MTP

v6v4

MTP

v6v4


Effect of IPv6 Enterprise Parameter Settings on MTP Selection

Cluster-wide Addressing Mode Preference for Media value = IPv4



v6v4

v6v4

v6v4

v6

v4

v6v4

v6

v4

v6v4

MTP

v6v4

MTP

v6v4

BRKCOL-2020 71


IPv6 – Media Stream Services, Transcoding and IOS based Audio Conferencing

CUCM IP Voice Media Streaming Service (IPVMS) Supports IPv4 and IPv6 Unicast MOH IPv6 Multicast MOH is not supported

CUCM IPVMSSupports IPv4 and IPv6 Annunciator

Audio Conferencing resources IOS conf supports IPv4 media streams onlyMTP inserted to convert from IPv6 to IPv4CUCM conf supports IPv4 and IPv6

IOS based Audio Transcoding resources Supports IPv4 & IPv6 media streams

MOH

v6v4

v6

v4

ANN

v6v4

v6

v4

v6 v4

v6

v4

v4

MTP

v6v4

XCODE

v6v4

CONF

v6v4

BRKCOL-2020 72


IPv6 UC – Encrypted Signaling and Media

• CUCM supports Encrypted calls between IP Phones, Gateways and over CUCM Trunks.

• IPv6 capable IP Phones, SIP Trunks SIP/SCCP Gateways and use TLS and SRTP

• MTPs can be dynamically inserted for IPv4 <-> IPv6 conversion of encrypted voice media. MTPs use the pass-through codec to transparently pass SRTP streams.

SRTP SRTP

SRTP

SRTP

SRTP

TLS TLS

v6v4

v6 v4

v6v4

v6v4

v6v4

v6

v6v4

v4

MTP

v6v4

BRKCOL-2020 73


MGCP / H323Gateways


CUCME (SCCP Phones Only)

SRST

CUBE / SIP Gateways



SIP Trunks

IPv4/IPv6 IPv4 Only

H323 ICT Trunks



Soft Phones

SIP TelePresence

Endpoints

v4

v4

v4 v4

v4v4

v4


ISR Analogue Ports


v4v6v4

v6v4

v6v4 v6v4

v6v4

v6v4 v6v4

v4 v6

v6v4

IPv6 – CUCM Dual Stack Deployments - Devices


MGCP / H323Gateways


CUCME (SCCP Phones Only)

SRST

CUBE / SIP Gateways



SIP Trunks

IPv4/IPv6 IPv4 Only

H323 ICT Trunks


Soft Phones

SIP TelePresence

Endpoints

v4

v4

v4 v4

v4v4

v4

v4v6v4

v6v4

v6v4 v6v4

v6v4

v6v4 v6v4

v4 v6

v6v4

IPv6 – CUCM Dual Stack Deployments - Devices

For Dual Stack deployments MTPs are not required as CUCM will select the common addressing type for mediai.e. IPv4


Unity Connection

IOS based DHCP/ DNS






SIP Trunks

IPv4/IPv6 IPv4 Only

H323 ICT Trunks

Unified Contact

Centre

Cisco Meetings

Server

Telepresence Server


v4

v4

v4

IM&P

Directory

Unity Express

v4

v4 v6v4

v6v4

v4

v6v4

v6v4

v4

v4 v6

v6v4

v6v4

v6v4 v6v4

v4 v6

IPv6 – Dual Stack Deployments - Applications

v6


Unity Connection

IOS based DHCP/ DNS






SIP Trunks

IPv4/IPv6 IPv4 Only

H323 ICT Trunks

Telepresence Server


v4

v4

v4v4

v4 v6v4

v6v4

v4

v6v4

v6v4

v4

v4 v6

v6v4

v6v4

v6v4 v6v4

v4 v6

IPv6 – Dual Stack Deployments - Applications

Cisco Meetings

Serverv6

For Dual Stack deployments MTPs are not required as CUCM will select the common addressing type for mediai.e. IPv4


IPv4 & IPv6 WAN

IPv6 – CUCM Deployment Models and Call Admission Control

Supported Dual Stack Deployment Models

• Single Site Call Processing

• Multiple Site Distributed Call Processing

• Multiple Site Centralized Call Processing

• SRST Supports IPv4 only today – Dual Stack Phones fail-over to IPv4 for SRST

Call Admission Control (CAC)

• Use CUCM Locations based CAC

• CUCM Locations based CAC accounts for IPv6 bandwidth overhead (20 additional bytes per packet )

• No Support for RSVP CAC today

SIP Trunk

v6v4v6v4

BRKCOL-2020 78


Agenda


IPv6 Deployment Options – Separate Dual Stack Cluster

• Single Site Deployment Model for dual stack deployment• Separate Dual Stack CUCM cluster connected to production IPv4 only cluster• IPv4 WAN between clusters• IPv4 Trunk between clusters• In the Dual Stack cluster - IPv4 or Dual Stack for Phones and Gateways• Dual Stack IP Phones – Addressing Mode set to IPv4 and IPv6• Signaling Preference IPv6• Cluster-wide Media preference (IPv6)

v4v4 v6

IPv4WAN

PSTN

v4

v6v4

v4

v4

v4

v4v6v4

v6v4

BRKCOL-2020 80


IPv6 Deployment Options – Centralized Call Processing

• Multiple Site Centralized Call Processing• Single Dual Stack CUCM cluster with multiple dual stack remote sites• Dual Stack WAN• IPv4 or Dual Stack Phones and Gateways• Dual Stack IP Phones – Addressing Mode set to IPv4 and IPv6• Signaling Preference IPv6, Cluster-wide Media preference (IPv6)• Locations based Call Admission Control• IPv6 voice and video support• Note – SRST supports IPv4 only – Dual stack Phones revert IPv4 in SRST mode

v4 v6v4 v6

IPv4 & IPv6WAN

PSTN

v4

v6v4

v6v4

v6v4

v6v4

v6v4

v6v4

v4

v6v4

v6v4

SRST

BRKCOL-2020 81


IPv6 Deployment Options – Multiple Dual Stack Clusters

• Multi Site Distributed Call Processing Deployment Model• Multiple Dual Stack CUCM clusters connected via a Dual Stack WAN• IPv4 or Dual Stack Phones and Gateways• IPv4 and IPv6 WAN between clusters• Dual Stack IP Phones – Addressing Mode set to IPv4 and IPv6• Inter Cluster SIP trunks – Dual stack, Delayed Offer, ANAT Enabled• Signaling Preference IPv6, Cluster-wide Media preference set to IPv6• Locations based Call Admission Control• IPv6 voice and video supported

v4 v6

PSTN

v4

v6v4

v6v4

v6v4

v6v4

v4 v6v6v4

v6v4

v4

v6v4

v6v4

IPv4 & IPv6WAN

BRKCOL-2020 82


Agenda

• Demand for IPv6 only UC networks is increasing…

• Today – Dual Stack is your best approach for Cisco Collaboration

• CTG are planning to deliver broader “IPv6 only” support across our collaboration products this year

Summary


Recommended Reading

• Collaboration SRND

• http://www.cisco.com/c/en/us/solutions/enterprise/unified-communication-system/index.html

• IPv6 for UC Whitepaper

• http://www.cisco.com/c/en/us/solutions/enterprise/ipv6-collaboration/index.html

• Cisco Press Books

• “Deploying IPv6 Networks”

• “Cisco Self Study – Implementing Cisco IPv6 Networks”

• “IPv6 Security” - Scott Hogg, Eric Vyncke

BRKCOL-2020 85

http://www.cisco.com/c/en/us/solutions/enterprise/unified-communication-system/index.html

http://www.cisco.com/c/en/us/solutions/enterprise/ipv6-collaboration/index.html


Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Please complete your Online Session Evaluations after each session

• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

BRKCOL-2020 86

CiscoLive.com/Online


Call to Action: Learning more about IPv6

Lunch and Learn:

• IPv6 in the Enterprise: Tue 13:00

• All Things IPv6: Wed 13:00

Experiment with IPv6-only WiFi:

SSID: CL-NAT64

WPA passphrase: cl-nat64

SLAAC + stateless DHCP

NAT64 included to access legacy

Ask all World of Solutions exhibitors fortheir IPv6 support

DevNet Zone: IPv6 Content Networking

+ ask other demos

LTRSEC-3004 Advanced IOS IPSec VPN with FlexVPN hands-on Lab Tue 09:00:00

BRKIP6-2616 Addressing Networking challenges with latest Innovations in IPv6 Tue 11:15:00

BRKRST-2337 OSPF Deployment in Modern Networks Tue 11:15:00

BRKEWN-2010 Design and Deployment of Enterprise WLANs Tue 14:15:00

BRKSEC-2501 Deploying AnyConnect SSL VPN with ASA5500 Tue 14:15:00

LTRRST-2005 Introductory - LISP Cloud extension, VPN and DC Mobility Tue 14:15:00

BRKRST-2116 Intermediate - IPv6 from Intro to Intermediate Tue 14:15:00

BRKRST-2022 IPv6 Routing Protocols Update Tue 16:45:00

BRKSPG-2061 IPv6 Deployment Best Practices for the Cable Access Network Wed 09:00:00

BRKRST-3045 LISP - A Next Generation Networking Architecture Wed 09:00:00

LABSPG-7122 Advanced IPv6 Routing and services lab Wed 09:00:00

BRKSEC-3200 Advanced IPv6 Security Threats and Mitigation Wed 11:30:00

BRKIPM-2239 Multicast and Segment Routing Wed 14:30:00

BRKIP6-2002 IPv6 for the World of IoT Wed 16:30:00

LABIPM-2007 Intermediate - IPv6 Hands on Lab Thu 09:00:00

BRKSEC-3003 Advanced IPv6 Security in the LAN Thu 11:30:00

BRKRST-2336 EIGRP Deployment in Modern Networks Thu 11:30:00

LABSPG-7122 Advanced IPv6 Routing and services lab Thu 14:00:00

BRKRST-2045 BGP operational security best practices Thu 14:30:00

BRKCOL-2020 IPv6 in Enterprise Unified Communications Networks Thu 14:30:00

LABIPM-2007 Intermediate - IPv6 Hands on Lab Fri 09:00:00

BRKRST-2301 Intermediate - Enterprise IPv6 Deployment Fri 09:00:00

BRKSPG-2602 IPv4 Exhaustion: NAT and Transition to IPv6 for Service Providers Fri 11:30:00

BRKCOL-2020 87


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions

BRKCOL-2020 88

Thank You

Appendix

Jabber – IPv6 OnlyCSR 11.5

DNS64, NAT64 and MRA Operation

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 94BRKCOL-2020

Drivers for Jabber IPv6 Only developmentAnnouncment by Apple of IPv6 Only support

https://developer.apple.com/news/?id=08282015a

“Supporting IPv6 in iOS 9

August 28, 2015

At WWDC 2015 we announced that iOS 9 will support IPv6-only network services. All apps submitted to the App Store must support IPv6 starting in early 2016. To make sure your app is compatible, use the networking frameworks (e.g., “NSURLSession”), avoid use of IPv4-specific APIs, and avoid hard-coded IP addresses. Before submitting your app, test for compatibility.”

Jabber platforms supporting IPv6 Only :

Desktop : Windows, Mac

Mobile : iOS, Android, Windows

https://developer.apple.com/news/?id=08282015a


Expressway C

IPv4 Jabber - Expressway behaviour – Initial connection

Expressway E

DNS

ACME.COM

200.100.1.110.10.1.1

DNS Record Type Entry Resolves To

SRV Record _collab-edge._tls.acme.com Expressway E.acme.com

A Record Expressway E.acme.com 200.100.1.1

SRV Query _collab-edge._tls.acme.com

Expressway E.acme.com

A Query Expressway E.acme.com

200.100.1.1

140.160.80.1Establish TLS connection Src 140.160.80.1 Dst 200.100.1.1

Src 200.100.1.1Dst 10.10.1.1

Src 10.10.1.1Dst 10.10.1.100

CUCM

10.10.1.100

95BRKCOL-2020


Expressway C

IPv6 Jabber - Expressway behaviour – DNS64

Expressway E

ACME.COM

200.100.1.110.10.1.1 2001:0ABC::0A:0B:0C:01

Src 200.100.1.1Dst 10.10.1.1

Src 10.10.1.1Dst 10.10.1.100

CUCM

10.10.1.100

DNS64

DNS Record Type Entry Resolves To

SRV Record _collab-edge._tls.acme.com Expressway E.acme.com

AAAA Record Expressway E.acme.com NULL

A Record Expressway E.acme.com 200.100.1.1

DNS

AAAA Query Expressway E.acme.com

64:FF9B::200.100.1.1

NULL

A Expressway E.acme.com

200.100.1.1

AAAA Expressway E.acme.com

Synthesize IPv6 Address

IANA Well Known Prefix64:FF9B::/96

DNS64 uses the IANA assigned Well Know Prefix 64:FF9B::/96 to

synthesize an IPv6 address from an IPv4 address.

The last 32 bits of the IPv6 address use the IPv4 address values to create

the IPv6 Host ID in Hex (Hex values not shown for simplicity)

BRKCOL-2020 96


Expressway C

IPv6 Jabber - Expressway behaviour – NAT64

Expressway E

ACME.COM

200.100.1.110.10.1.1 2001:0ABC::0A:0B:0C:01

Src 200.100.1.1Dst 10.10.1.1

Src 10.10.1.1Dst 10.10.1.100

CUCM

10.10.1.100

Src 2001:0ABC::0A:0B:0C:01 Dst 64:FF9B::200.100.1.1

X

BRKCOL-2020 97


Expressway C

IPv6 Jabber - Expressway behaviour – NAT64

Expressway E

ACME.COM

200.100.1.110.10.1.1 2001:0ABC::0A:0B:0C:01

Src 200.100.1.1Dst 10.10.1.1

Src 10.10.1.1Dst 10.10.1.100

CUCM

10.10.1.100

Src 2001:0ABC::0A:0B:0C:01 Dst 64:FF9B::200.100.1.1

NAT64

Src 110.101.11.10Dst 200.100.1.1

Advertise

Well Known Prefix

64:FF9B::/96

NAT64 router advertises Well Known Prefix 64:FF9B::/96

Uses Stateful NAT64 (Similar to PAT)

NAT64 does not translate embedded/ literal IP addresses e.g. In SIP headers,

SDP etc (NAT64 is not an ALG and in any case cannot decrypt TLS signalling)

IPv4 Address

110.101.11.10

BRKCOL-2020 98


Expressway C

IPv6 Jabber - Expressway behaviour – IPv6 in SDP

Expressway E

ACME.COM

200.100.1.110.10.1.1 2001:0ABC::0A:0B:0C:01

Src 200.100.1.1Dst 10.10.1.1SIP headers 200.100.1.1SDP 200.100.1.1


CUCM

10.10.1.100

Src 2001:0ABC::0A:0B:0C:01 Dst 64:FF9B::200.100.1.1SIP headers 2001:0ABC::0A:0B:0C:01 SDP 2001:0ABC::0A:0B:0C:01

NAT64

Src 110.101.11.10Dst 200.100.1.1SIP headers 2001:0ABC::0A:0B:0C:01 SDP 2001:0ABC::0A:0B:0C:01

NAT64 does not translate embedded/ literal IP addresses in

SIP headers and SDP

Expressway E and C as B2BUAs, decrypt TLS signalling

and replace embedded IPv6 addresses with their IPv4

address

If an MTP is not inserted, CUCM does not modify the IP

addresses sent in SDP as part of the Offer and Answer for

media negotiation

BRKCOL-2020 99


Expressway C 1

IPv6 Jabber - Expressway behaviour – IPv6 in SDP

Expressway E 1

200.100.1.110.10.1.1 2001:0ABC::0A:0B:0C:01



10.10.1.100

Src 2001:0ABC::0A:0B:0C:01 Dst 64:FF9B::200.100.1.1SIP headers 2001:0ABC::0A:0B:0C:01 SDP 2001:0ABC::0A:0B:0C:01

NAT64

Src 110.101.11.10Dst 200.100.1.1SIP headers 2001:0ABC::0A:0B:0C:01 SDP 2001:0ABC::0A:0B:0C:01

Expressway C 2 Expressway E 2

200.200.3.320.20.2.2 2001:FDFD::D0:E0:F0:01AB

CUCM 2

CUCM 1

20.20.2.200

NAT64



Src 64:FF9B::ABCD.22FF.FE11.1234Dst 2001:FDFD::D0:E0:F0:01AB SIP headers 200.200.3.3SDP 200.200.3.3


64:FF9B::/96110.101.11.10

64:FF9B::ABCD.22FF.FE11.1234111.111.10.10

Dst 64:FF9B::200.200.3.3

RTP

BRKCOL-2020 100


IPv6 Jabber - Expressway behaviour – IPv6 RTP

Expressway E 1

200.100.1.110.10.1.1 2001:0ABC::0A:0B:0C:0110.10.1.100

NAT64

Expressway C 2 Expressway E 2

200.200.3.3 2001:FDFD::D0:E0:F0:01AB

CUCM 2

CUCM 1

20.20.2.200

NAT64

64:FF9B::EBBE.11FF.FE22.5678110.101.11.10

64:FF9B::ABCD.22FF.FE11.1234111.111.10.10

Src 2001:FDFD::D0:E0:F0:01AB Dst 64:FF9B::200.200.3.3

Src 200.200.3.3Dst 20.20.2.2

Src 111.111.10.10Dst 200.200.3.3

Expressway C 1

20.20.2.2

Src 64:FF9B::EBBE.11FF.FE22.5678Dst 2001:0ABC::0A:0B:0C:01

Src 10.10.1.1Dst 200.100.1.1

Src 200.100.1.1Dst 110.101.11.10

64:FF9B::/96

64:FF9B::/96

Media Flows through Expressway C & E

BRKCOL-2020 101

ipv6 in enterprise unified communications...

Documents