Ipv4 Exhaustion: NAT and Transition to Ipv6 for Service Providers

IPv4 Exhaustion: NAT and Transition to IPv6 for Service Providers

Rajiv Asati, Distinguished Engineer, Cisco BRKSPG-2602 Cisco Spark

Questions? Use Cisco Spark to chat with the speaker after the session

How 1. Find this session in the Cisco Live Mobile App 2. Click “Join the Discussion” 3. Install Spark or go directly to the space 4. Enter messages/questions in the space

Cisco Spark spaces will be cs.co/ciscolivebot#BRKSPG-2602 available until July 3, 2017.

Caution: New road may be needed

• Any service provider that has exhausted its IPv4 address pool, will not only have to deploy/offer IPv6, but also employ IPv4 sharing. This is because chunk of content may be reachable only via IPv4 internet, even though majority is available via IPv6 internet.

• This session discusses few mechanisms such as MAP-T/E, 464XLAT, DS-Lite and CGN 64/44 etc. that facilitate IPv4 sharing with and without IPv6. It contrasts stateful and stateless translation techniques as well. • 6rd is included for reference as well.

• This session is intended for Service Providers.

• Goal of Transition Technologies

• Overview of Transition Technologies • Dual Stack – Impact ( & Happy Eyeballs) • IPv4 Address Sharing - Impact • CGN 44, DS-Lite, 6rd, MAP • CGN 64 for IPv6-only

• Conclusion Recommended Approach for IPv6 Dual-Stack Deployment (per IETF RFC 4213)

IPv4+IPv6 Hosts (Dual Stack) • Dual-Stack all the way to the hosts * • Hosts: Windows, OSX, iOS, Android, Linux etc. • Routers: IOS etc.

IPv4+IPv6 Network • But note… • IPv4 exhaustion is underway • Every host can NOT be assigned an IPv4 address • Two protocol stacks to be managed in network 

IPv4 and/or IPv6 Destinations

* RFC7755 suggests Single-stack IPv6 for DC

• Dual-Stack to the “hosts” (= consumption devices) • ~90% of Desktop hosts and ~99% of Mobile hosts support it (..go away WinXP )

Source – Mobile Operating System, Statistica, Jan 2017

Source – Desktop Operating System, Netmarketshare, Jan’14-Dec’16

• The ISP Impact: • Lack of IPv4 addresses for users • Harder to grow the business

• The User Impact (explicit or implicit): • IP reputation (more on this later) • IPv4 address sharing • Breaks applications • Complicates operating servers • Limits UDP/TCP ports per user • IPv6 enabled services are catching up

• How do we migrate from IPv4 to IPv6? • Short term1: can’t enable IPv6 immediately, need more IPv4 (or share IPv4) • Short term2: enable IPv6 immediately, need more IPv4 (or share IPv4) • Long term: simple network, single protocol – IPv6

• What does this really mean? • IPv6 to co-exist with IPv4 • IPv4 address sharing to become wide-spread • IPv6 to interoperate with IPv4 Transition technologies pave the way to move from IPv4 to IPv6

• Goal of Transition Technologies

• Overview of Transition Technologies • Dual Stack – Impact ( & Happy Eyeballs) • IPv4 Address Sharing - Impact • CGN 44, DS-Lite, 6rd, MAP • CGN 64 for IPv6-only

• Conclusion Towards IPv6 …with or without IPv4 Transition Technologies in One Slide

This is Obtain More IPv4 Addresses This is where IPv4 Share IPv4 Addresses where we are: we CGN DualDual CGN CGN CGN CGN have to Stack Stack 44 44 44* 64 be: Mostly  ? MAP IPv4 & + + + + 6rd IPv6 Dual (Dual- DS- Single Address Stack Stack) Lite -Stack Mostly Run-out IPv6;

1. CGN = Carrier Grade NAT - Stateful 2. Modified to support DS-Lite

This is Obtain More IPv4 Addresses This is where IPv4 Share IPv4 Addresses where we are: we CGNCGN DualDual CGN 44 CGN CGN have to StackStack 44 * 64 Mostly + MAP be: + + + IPv4 & 6rd 6rd IPv6 Dual (Dual- DS- Single Address Stack Stack) Lite -Stack Mostly Run-out IPv6;

1. CGN = Carrier Grade NAT - Stateful 2. Modified to support DS-Lite

Options Arbitrary IP CPE LAN CPE WAN Tunnel or In-network Extra CPE addressing of IPv4 or IPv6 IPv4 or IPv6 Translate? “State”? features? CPE? 0 Single-Stack IPv4 IPv4 -NA- -NA- Yes No 1 Dual-Stack IPv4 + IPv6 IPv4+IPv6 -NA- -NA- Yes No** 2 Single-Stack IPv4 IPv4 Translate Yes (CGN44) Yes No 3 Dual-Stack IPv4 + IPv6 IPv4+IPv6 Translate Yes (CGN44) Yes No** 4 DS-Lite IPv4 + IPv6 IPv6 Both Yes (CGN44) Yes Yes 5 6rd IPv4 + IPv6 IPv4 Tunnel No No Yes 6 6rd + CGN IPv4 + IPv6 IPv4 Both Yes (CGN44) No Yes 7 MAP IPv4 + IPv6 IPv6 Either No Yes* Yes 8 Single-Stack IPv6 IPv6 Translate Yes (CGN64) Yes Yes|No * Allows both arbitrary and algorithmic mapping ** Changes needed if IPv6 is not supported by existing CPE

• Goal of Transition Technologies

• Overview of Transition Technologies • Single-Stack IPv4 – Obtain more IPv4 • Dual Stack – Impact ( & Happy Eyeballs) • IPv4 Address Sharing - Impact • CGN 44, DS-Lite, 6rd, MAP • Single-Stack IPv6 & CGN 64

• Conclusion 0. Obtain IPv4 Addresses Host/CPE gets just IPv4 prefixes

This is Obtain More IPv4 Addresses This is where IPv4 Share IPv4 Addresses where we are: we CGNCGN Dual CGN 44 CGN CGN have to Stack 44 * 64 Mostly + MAP be: + + + IPv4 & 6rd Dual (Dual6rd- DS- Single Address Stack Stack) Lite -Stack Mostly Run-out IPv6;

1. CGN = Carrier Grade NAT - Stateful 2. Modified to support DS-Lite

• Obtain IPv4 addresses from Regional Internet Registry (RIRs) or open market • RIR: May Not have any left.  • Open market: USD $10-$15 per IPv4 address

• IPv6, well, is optional

• ADVANTAGES: • No CGN, no address sharing, no operational changes • No need to press for IPv6 deployment

• DISADVANTAGES : • If business growing, delaying the inevitable • Geo-location needs to be updated (mileage varies) • No IPv6 deployed • Reputation might be bad

• Goal of Transition Technologies

• Conclusion 1. Dual-Stack Host/CPE gets both IPv4 and IPv6 prefixes

This is Obtain More IPv4 Addresses This is where IPv4 Share IPv4 Addresses where we are: we CGNCGN DualDual CGN 44 CGN CGN have to Stack Stack 44 * 64 Mostly + MAP be: + + + IPv4 & 6rd 6rd IPv6 Dual (Dual- DS- Single Address Stack Stack) Lite -Stack Mostly Run-out IPv6;

1. CGN = Carrier Grade NAT - Stateful 2. Modified to support DS-Lite

• Reality: More and more IPv4 address sharing (NAT, MAP) • Covered in co-existence section later on.

• Hosts should prefer IPv6 to IPv4 • Generally necessary • Without this preference, IPv4 would persist until IPv4 is turned off

IPv6 Road • But what if IPv6 is broken? Overloaded??? • IPv6 peering is down ... • Tunnel is down ... • (Microsoft IPv6 NCSI is down....)

• Dual-stack client connecting to dual-stack server

• IPv6 is preferred by default (RFC6724)

• If IPv6 is slower, then users blame IPv6 and may disable IPv6! 

• IPv6 better not be slower than IPv4 • Who can guarantee that ! 

• What if IPv6 is broken altogether?

• What if IPv6 is broken to few websites?

Note: Slight Preference is given to IPv6 connection

• Users are happy • Aimed initially at web browsing • Web browsing is the most common application • Fast response even if IPv6 (or IPv4) path is down

• Network administrators are happy • Users no longer trying to disable IPv6 • Reduces IPv4 usage (reduces load on CGN)

• Content providers are happy Source: http://seclists.org/nanog/2016/Jun/809 • Improved geolocation and DoS visibility with IPv6

• Google Chrome and Mozilla Firefox: Yes  • Utilizes long-established 250-300ms ‘backup’ thread • Follows getaddrinfo() address preference

• Apple Safari, iOS*, OSX* : Yes  RFC6555 • DNS AAAA sent before A query on the wire Compliant • If AAAA reply comes first, then v6 SYN sent immediately • If A reply comes before 25ms of AAA reply, then v4 SYN sent • Else, Heuristics based Address selection algorithm is applied

• Microsoft Windows OS and Internet Explorer : NO  • Not even something like happy eyeballs

• Cisco WebEx : Yes 

* http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html * https://www.ietf.org/mail-archive/web/v6ops/current/msg22455.html BRKSPG-2602 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Agenda • Goal of Transition Technologies

• Conclusion IPv4 Address Sharing .

This is Obtain More IPv4 Addresses This is where IPv4 Share IPv4 Addresses where we are: we CGN CGN DualDual CGN CGN CGN have to 44 StackStack 44 * 64 Mostly MAP be: + IPv4 & + + + 6rd IPv6 Dual DS- Single Address Stack (Dual- Lite -Stack Mostly Stack) Run-out IPv6;

1. CGN = Carrier Grade NAT - Stateful 2. Modified to support DS-Lite

• Reputation based on IPv4 address • Shared IP address = shared suffering

• Workaround: Distinguish subscribers (sharing IP address, or not sharing) • draft-ietf-intarea-nat-reveal-analysis • draft-wing-nat-reveal-option • Server logs currently only contain IPv4 address • Servers logs need to include source port number, recommended by RFC6302

• Best Solution – have users and content providers use IPv6!

• Affects NATs, as everyone knows • NAT44 (CGN44): a big NAT operated by an ISP (“carrier”), enterprise, or University • NAT444 (subscriber’s NAT44 + ISP’s CGN44) • NAT64 (CGN64) • DS-Lite (called “AFTR” = Modified CGN44)

• Also affects non-CGN architectures! • MAP (Mapped Address and Port) • Conceptually, a CGN with (some) fixed ports • Address + Port, SD-NAT, Deterministic NAT

• Conclusion Carrier Grade NAT (CGN) .

1. CGN = Carrier Grade NAT - Stateful 2. Modified to support DS-Lite

• Carrier Grade Network Address Translation • Address and Port Translator (NAPT), really • Like the common residential NAT (Linksys, etc.) • Using RFC5389 terminology: Mapping independent non filtering (EIM and EIF)

• Bigger (e.g. large scale)

• Port Logging (e.g. syslog, netflow v9)

• Per-user port limit

• Shared IPv4 space : 100.64.0.0/10 instead of private IPv4 space is an option

Stateful NAT function inside SP network

• Nicknamed NAT444 = NAT44 in home, NAT44 in ISP

• Advantages: 1. Very well known technology 2. No dependency on CPE router

• Disadvantages: 1. Port Forwarding 2. Certain Applications may NOT sufficiently work e.g. RFC7021 3. ALG, Logging See BRKSPG-3334 from 4. Network/Routing Design Headache CiscoLive2014 for more details 5. IPv4 address sharing efficiency

This is Obtain More IPv4 Addresses This is where IPv4 Share IPv4 Addresses where we are: we CGN CGN DualDual CGN CGN CGN have to 44 StackStack 44 44 64 Mostly MAP be: + IPv4 & + + + 6rd IPv6 Dual DS- Single Address Stack (Dual- Lite -Stack Mostly Stack) Run-out IPv6;

1. CGN = Carrier Grade NAT - Stateful

• ALG = Application awareness inside the NAT: • modify IP addresses and ports in application payload • creates NAT mapping

• Each application requires a separate ALG • FTP, SIP, RTSP, RealAudio, …

• ALG needs to understand application nuances

• ALG requires: • Un-encrypted signaling (!!) • Restricted network topology

• Summary: ALG prevents application evolution and introduces bugs

• FTP Passive Mode • ICE (RFC5245) and STUN (RFC5389) • Intelligence in endpoint • Useful for offer/answer protocols (SIP, XMPP) • Successful applications have to work everywhere • RTSPv1 abandoned on the desktop • effectively replaced with Flash over HTTP, and • Coffee shop, home, work, hotel, airport, 3G soon HTML5 • RTSPv2 has ICE-like solution • Skype does its own NAT traversal • Linksys disabled SIP ALGs around 2006 • Because of bugs and incompatibilities with SIP endpoints

• Debugging / Troubleshooting Problems •SIP from vendor X works, but vendor Y breaks: 1. Vendor Y violated standard? 2. Vendor X has special sauce?? 3. ALG is broken??? Meanwhile: • Delays unhappy •Months for vendor turn-around for patches users •Months for SP testing/qualification/upgrade window

• ALG can break competitor’s over-the-top application (e.g., SIP, streaming video) •Regulators frown on interference See BRKSPG-3334 from CiscoLive2014 for more details

• Stateful NAT requires logging (NAT44, NAT64, DS-Lite AFTR,…) • NAT mappings are temporary (similar to DHCP-assigned addresses)

• Logging each NAT mapping creates large logs!

• Bulk port allocation (BPA) reduces logging, at the expense of reduced efficiency of IPv4 address sharing   • Bulk size of N ports, logs reduced by 1/N • Acceptable compromise !!!

See BRKSPG-3334 from • Recommended CiscoLive2014 for more details

• Server Log combined with CGN log identifies subscribers • Timestamp (new) • Source IP address, source port (new), destination IP address, destination port • RFC6302

• Some servers don’t log source port, or don’t have good timestamp

• Tempting to log destination IP (and port) at CGN • Consider privacy and legal issues • Incompatible with bulk port allocation, increases logging costs

• Not recommended See BRKSPG-3334 from CiscoLive2014 for more details

• Use Bulk Port Allocation

• Limit number of users sharing an IPv4 address as much as possible*

• Monitor KPIs e.g. # of outbound SSH connections with a threshold

• Log NAT connections

•

* Tricky because you would want higher sharing ratio, given IPv4 shortage

This is Obtain More IPv4 Addresses This is where IPv4 Share IPv4 Addresses where we are: we CGNCGN DualDual CGN 44 CGN CGN have to StackStack 44 44 64 Mostly + MAP be: + + + IPv4 & 6rd 6rd IPv6 Dual (Dual- DS- Single Address Stack Stack) Lite -Stack Mostly Run-out IPv6;

Note: DS-Lite requires CGN

Stateful NAT 44 function (on routers) inside SP network

• Requires IPv6 access network

• Tunnels subscriber IPv4 traffic to a CGN device

• Uses Carrier-Grade NAT (CGN)

• Requires CPE router support

• RFC6333

• MTU – Watch out !!

• Advantages: • Leverages IPv6 in the network

• Disadvantages: • Dependency on CPE router • NAT disabled on CPE router • Content Caching function may break • DPI function may break • QoS function may break • All disadvantages of CGN also apply

Obtain IPv4 Addresses

IPv4 IPv4 Address Sharing

IPv4 CGN Dual 6rd Dual Stack Address + Stack MAP Run-Out CGN Lite 6rd IPv6

BRKSPG-2602 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 Supported on ASR9K, 6rd - IPv6 over (Public) IPv4 ASR1K, CRS Reference IPv6 Moves out to Subscribers IPv6-over-IPv4 tunnels

Native Dual- Stack at Home

Stateless Tunneling function (on routers) inside SP network

BRKSPG-2602 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 Supported on ASR9K, 6rd + CGN = IPv6 over (Private) IPv4 ASR1K, CRS Reference IPv6 Moves out to Subscribers IPv6-over-IPv4 tunnels Private IPv4 move into SP*

Stateless Tunneling function (on routers)

Stateful NAT function (on routers) inside SP network*

* Assuming RFC1918 usage

• Allows sharing of IPv4 address across an IPv6 network • Each shared IPv4 end-point gets a unique TCP/UDP port-range via “rules” • All or part of IPv4 address can be derived from IPv6 prefix (allows for route summarization) • Need to allocate UDP/TCP port range(s) to each CPE

• Stateless Border Relays in SP network • Can be implemented in hardware (superior performance) • Can use anycast, can have asymmetric routing • No single point of failure, no need for high availability hardware

IPv4-over-IPv6

Stateless Tunneling function (on routers)

- No CGN-

Native IPv6

Stateless 64 translation function (on routers)

- No CGN -

• MAP is now standardized at the IETF • MAP-T : RFC7599 • MAP-E : RFC7597

• Advantages: • Leverages IPv6 in the network • No CGN inside SP network • No need for Logging • No need for ALGs • No need for NAT64/DNS64

• Disadvantages: • Dependency on CPE router

• Conclusion While Client-side apps (mobile or desktop) got IPv6-only support, Server- side need to catch up…  e.g. Apple FaceTime, iMessage, iCloud, etc. Hence, the short- term need for NAT64… As of Jan 26th, 2017

IPv4 Reachability IPv6 Reachability bash-3.2$ ping www.apple.com bash-3.2$ ping6 www.apple.com PING e6858.dsce9.akamaiedge.net (104.112.153.131): 56 data bytes PING6(56=40+8+8 bytes) 2601:2c7:4000: --> 2001:559:19:1286::1aca 64 bytes from 104.112.153.131: icmp_seq=0 ttl=57 time=32.063 ms 16 bytes from 2001:559:19:1286::1aca, icmp_seq=0 hlim=61 time=11.470 ms ^C ^C bash-3.2$ bash-3.2$ bash-3.2$ ping init.ess.apple.com bash-3.2$ ping6 init.ess.apple.com PING a239.da1.akamai.net (23.205.120.82): 56 data bytes ping6: getaddrinfo -- nodename nor servname provided, or not known 64 bytes from 23.205.120.82: icmp_seq=0 ttl=60 time=21.653 ms bash-3.2$ ^C bash-3.2$ bash-3.2$ ping www.icloud.com bash-3.2$ ping6 www.icloud.com PING e4478.a.akamaiedge.net (23.206.217.193): 56 data bytes ping6: getaddrinfo -- nodename nor servname provided, or not known 64 bytes from 23.206.217.193: icmp_seq=0 ttl=55 time=33.031 ms bash-3.2$ bash-3.2$ ping configuration.apple.com bash-3.2$ ping6 configuration.apple.com PING e5153.e9.akamaiedge.net (104.113.5.216): 56 data bytes ping6: getaddrinfo -- nodename nor servname provided, or not known 64 bytes from 104.113.5.216: icmp_seq=0 ttl=57 time=37.035 ms bash-3.2$ ^C bash-3.2 IPv6-Only Networks with CGN 64 .

1. CGN = Carrier Grade NAT - Stateful 2. Modified to support DS-Lite

Stateless or Stateful NAT64 function (on routers)

Host can be IPv6 Header IPv4 Header assigned with any Src Addr 2001:db8:abcd:2::1 Src 203.0.113.1 IPv6 address (no Addr DestAddr 2001:DB8:ABCD:<92.0.2.1> Dest 92.0.2.1 particular format) Addr

NAT64 IPv6 IPv4 Endpoint 92.0.2.1 NAT IPv6 2001:DB8:ABCD::/64 (203.0/24) StatefulLSN64 Endpoint announced in announced in IPv6 Routing domain IPv4 Routing domain 2001:db8:abcd:2::1 • NAT keeps binding state between inner IPv6 address and outer IPv4+port

• DNS64 needed

•Application dependent/ALGs may be required

Host must be IPv6 Header IPv4 Header assigned an “IPv4 Src Addr 2001:db8:<203.0.114.1>:: Src 203.0.114.1 Translatable” IPv6 Addr DestAddr 2001:DB8::<92.0.2.1>:: Dest 92.0.2.1 address Addr

NAT64 IPv6 IPv4 Endpoint 92.0.2.1 NAT IPv6 2001:DB8:ABCD::/64 (203.0/24) StatelessLSN64 Endpoint announced in announced in IPv6 Routing domain IPv4 Routing domain 2001:db8:<203.0.114.1>:: • No NAT binding state; IPv6 <-> IPv4 mapping computed algorithmically

• DNS64 needed

• Application dependent ALGs might be required

Stateful Stateless

• 1:N translation • 1:1 translation • “NAPT” • “NAT” • TCP, UDP, ICMP • Any protocol • Shares IPv4 addresses • No IPv4 address savings • Just like dual-stack • MAP however does save IPv4 addresses by combining NAT46 with NAT44

Note : IPv6-only DC using Stateless 64 : RFC7755

BRKSPG-2602 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 75 NAT64 DNS64 is important • NAT64 translator is useful only if the traffic can come to it • IP addresses of IPv6 packets must be formulated accordingly

• DNS64 provides conversion of an IPv4 address into an IPv6 address • AAAA record is made up from A record (only if upstream AAAA not present) using IPv6 prefix of NAT64 translator (e.g. 2001:DB8:ABCD::) Internet DNS64 NAT64

IPv6-only AAAA? Endpoint AAAA?

Empty answer (sent simultaneously) A?

92.0.2.1 2001:DB8:ABCD::92.0.2.1

• Works for applications that do DNS • Doesn’t work for applications that don’t queries do DNS queries or use IP address •http://www.example.com literals •IMAP, connecting to XMPP servers, etc. • http://1.2.3.4 • SIP, RTSP, H.323, XMPP peer to peer, etc. • Works with DNSSEC (note [1]) • Doesn’t work well if Application-level proxy for IP address literals (HTTP proxy) is used • Learn NAT64’s prefix, RFC 7050

• NAT46/BIH (Bump In the Host), RFC6535

• 464XLAT (RFC6877)

[1] https://blog.apnic.net/2016/06/09/lets-talk-ipv6-dns64-dnssec/

RFC6877 Note: The usefulness of • Some applications may break with IPv6-only (and NAT64) XLAT should continue to • Skype, among other interesting applications (more listed here*) subside, given apple mandate for • 464 translation helps most of those IPv4-only applications apps to work with • Endpoint does “Stateless NAT46”, network does “Stateful NAT64” only for IPv4 traffic IPv6-only since 2016, as well as • 464 supported _only_ by Android OS; Cloud Providers enabling IPv6-only • Benefit: Network can Provide IPv6-only connectivity to Endpoints without support worrying about any IPv4-only apps IPv6 Internet IPv6 Stateless Stateful NAT46 Network IPv4 Internet NAT64 Endpoint

IPv4 Covered in this 1. IPv6 Network Internet presentation

2. IPv4 IPv6 Network Internet Covered in BRKSPG- 2602 from 3. IPv6 IPv4 2014** Internet Network

4. IPv4 IPv6 Needed (a) if IPv6-only content existed, or Network Internet (b) IPv4-only LAN with IPv6-only WAN * * Verizon stops giving out static IPv4 WAN address(es) in 2017

5. IPv6 IPv4 Network Network

6. IPv4 IPv6 Network Network

• Conclusion Conclusion Whatever you do …. Drive Carefully…

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. • Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.

Session ID Title Start Time Lunch and Learn: BRKSEC-3771 Advanced Web Security Deployment, Troubleshooting and Advanced Threat with WSA 2017-06-26 08:00:00 BRKRST-2116 Intermediate - IPv6 The Protocol, A Technical Talk 2017-06-26 13:30:00 • Monday BRKSEC-2050 Firepower NGFW Internet Edge Deployment Scenarios 2017-06-26 13:30:00 • Tuesday BRKSEC-2501 Deploying AnyConnect SSL VPN with ASA (and Firepower Threat Defence) 2017-06-26 13:30:00 BRKSPG-2602 IPv4 Exhaustion: NAT and Transition to IPv6 for Service Providers 2017-06-26 13:30:00 • Wednesday BRKIPM-2249 Multicast and Segment Routing 2017-06-26 16:00:00 BRKRST-2616 Most recent IPv6 advancements and how they solve networking challenges 2017-06-26 16:00:00 BRKRST-2301 Intermediate - Enterprise IPv6 Deployment 2017-06-27 08:00:00 Experiment with dual-stack Cisco Unity Connection: 12.0 Product Update and Transitioning to Cisco Smart Software WiFi like at home ;-) BRKUCC-2725 Licensing 2017-06-27 08:00:00 BRKEWN-2010 Design and Deployment of Enterprise WLANs 2017-06-27 13:30:00 BRKRST-2336 EIGRP Deployment in Modern Networks 2017-06-27 13:30:00 BRKSEC-2050 Firepower NGFW Internet Edge Deployment Scenarios 2017-06-27 13:30:00 BRKRST-2619 IPv6 Deployment: Developing an IPv6 Addressing Plan and Deploying IPv6 2017-06-28 08:00:00 Ask all World of Solutions LTRRST-2016 IPv6 in the Enterprise for Fun and (fake) Profit: A Hands-On Lab 2017-06-28 08:00:00 exhibitors for LTRSPG-3004 Advanced IPv6 Routing and services lab 2017-06-28 13:00:00 their IPv6 support  BRKSEC-3200 Advanced IPv6 Security Threats and Mitigation 2017-06-28 16:00:00 BRKRST-3304 Hitchhiker's Guide to Troubleshooting IPv6 - Advanced 2017-06-29 08:30:00 BRKSPG-3012 SP Security - Leveraging BGP FlowSpec to protect your infrastructure 2017-06-29 08:30:00 BRKRST-2022 IPv6 Routing Protocols Update 2017-06-29 10:30:00 BRKRST-2337 OSPF Deployment in Modern Networks 2017-06-29 13:00:00 LABCCIE-2010 CCIE Routing and Switching - IPv6 Technologies Practice Lab Multiple LABCCIE-3009 CCIE SP Troubleshoot - IPv4 and IPv6 Routing Multiple LABCRS-1000 Intro IPv6 Addressing and Routing Lab Multiple LABRST-2000 Introduction to IOS XR Operating System Multiple LABRST-2020 Transition to an IPv6 environment using LISP - A Hands-on LAB Multiple LABRST-2500 Complete Transport Layer Portfolio of IPv6 Multiple

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions