IPv6 Deployment and Considerations
Anthony Chan anchan@ cisco.com Session ID 20PT IPv6 Deployment and Considerations Agenda . IPv6 Market Trends . IPv6 Planning Steps . IPv6 Addressing . IPv6 Deployment Options . ASIAGOV Case Study
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 IPv6 Deployment and Considerations Agenda . IPv6 Market Trends . IPv6 Planning Steps . IPv6 Addressing . IPv6 Deployment Options . ASIAGOV Case Study
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Market Factors Driving IPv6 Deployment
IPv4 Address Run-Out National IPv6 Strategies
US Federal/Civilian, US DoD, China NGI, EU
IPv6
IPv6 OS, Content & Infrastructure Evolution Applications SmartGrid, SmartCities DOCSIS 3.0, 4G/LTE, IPSO
www.oecd.org: Measuring IPv6 Adoption
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 The Growing Internet Challenge …
The gap between supply and demand for IP addresses – the key Internet resource – is widening
IPv4 Address Blocks Remaning1 Internet-Enabled Devices2
25 < 700 Days 15B Remaining
0 5B Today Sep 2011 Today 2015+
The pool of IPv4 address While the number of new blocks is dwindling rapidly Internet devices is exploding
1 – Geoff Huston, APNIC, www.potaroo.net, tracking /8 address-blocks managed by the Internet Assigned Numbers Authority 2 – Cisco Visual Networking Index / Intel Embedded Internet Projections
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 160
140
120
100
80
60
Address Count (/8s) Count Address 40
20
0 2000 2002 2004 2006 2008 2010
IANA Pool RIR Pool Projection
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Registry Exhaustion Dates http://www.potaroo.net/tools/ipv4/rir.jpg
100
90 This is accelerating ! Consistently beating 80 estimates
70 Microsoft has just
60 purchased 666,624 IP addresses for 50 $7.5million
40 ($11.25/addr) Probability (%) Probability 30
20
10
0 Jan 2011 Jul 2011 Jan 2012 Jul 2012 Jan 2013 Jul 2013 Jan 2014 Jul 2014 Jan 2015 Jul 2015
IANA APNIC RIPENCC ARIN LACNIC AFRINIC Source: Geoff Huston, APNIC
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 IPv6 Deployment and Considerations Agenda . IPv6 Market Trends . IPv6 Planning Steps . IPv6 Addressing . IPv6 Deployment Options . ASIAGOV Case Study
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 IPv6 Planning Steps Business Case Identified/Justified
Establish IPv6 Evaluate effect Decide on IPv6 project on business 1 2 Architecture 3 management model Strategy team
Develop IPv6 Assess network including exception 4 hardware and software 5 strategy Applications and back end operations
Develop Adoption Timelines Obtain IPv6 Prefix Create Detailed Develop Cost Analysis Develop Addressing Plan 6 7 Design for phase 1 8 Develop Procurement Plan Develop Security Plan
Test Solution with Train Engineering and applications , network 9 Operations on Technology 10 management for and Solution in place first deployment.
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Readiness Assessment
. A key and mandatory step to evaluate the impact of IPv6 integration . May be split in several phases Infrastructure – networking devices and back end systems Hosts, Servers and applications . Must be as complete as possible to allow upgrade costs evaluation and planning Hardware type, memory size, interfaces, CPU load,… Software version, features enabled, license type,…, forwarding path, known limitations, best practices, etc . Difficult to complete if a set of features is not defined per device‘s category for a specific environment IPv6-capable definition, knowledge of the environment and applications, design goals . Break Network into Places in the network for a more accurate assessment Should Map directly into your IPv6 Network Architecture strategy, Cost analysis and time lines Assess Hardware and Software 5 Applications and Back End Systems
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 IPv6 Deployment and Considerations Agenda . IPv6 Market Trends . IPv6 Planning Steps . IPv6 Addressing . IPv6 Deployment Options . ASIAGOV Case Study
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Building the IPv6 Address Plan
. Build on the lessons learned from how the IPv4 plan was developed and implemented Does it make sense to follow the current IPv4 assignment model? . Must be proportional to current usage and expected growth . Check RIR policies on block sizing . Hierarchy is key Do you get a prefix for the entire company or do you get one prefix per site (what defines a site?) . Cisco IPv6 Addressing White Paper http://www.cisco.com/web/strategy/docs/gov/IPv6_WP.pdf
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Getting IPv6 Space
. Each RIR has different requirements web site have specifics However anyone that has a PI IPv4 from a RIR qualifies for a PI IPv6 . For ARIN initial block size is site dependent 1 to 12 sites /44 12 to 192 sites /40 192 to 3,072 sites /36 3,072 to 49,152 sites /32 Good source: https://www.arin.net/policy/nrpm.html . Possible Options Get one large global block from local RIR and subnet out per region Get a separate block from each of the RIR you have presences in . Which route to go ? Depends on specific business case Enterprise with not much consumer interaction can stay with a single large block Enterprise that have a heavy consumer interaction using a block from each RIR will help avoid DNS and routing hacks to lead clients to regional Data Centers
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
PI and PA Allocation Process
Provider Assigned Provider Independent
IANA
Registries /12 /12
ISP Org /32 /48
EnterpriseLevel Four /48
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Do I Get PI or PA?
. Mainly a Enterprise Issue . Service Providers will get allocation direct from RIR . PI space is great for organizations who want to multihome to different SPs . PA is a great space if you plan to use the same SP for a very long time or you plan to NAT/Proxy everything with IPv6 (not likely) . Other things to consider Do you get a prefix for the entire company or do you get one prefix per site (what defines a site?) Do you get a prefix per regional registry (RIPE, APNIC, LACNIC, etc)
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 PI Space Concerns
. Concerns around prefix announcement from other regions Will providers accept prefixes from other regions? . Concerns around prefix lengths What length prefix will providers accept? How do I do traffic engineering? What about providers upstream peers? . Bottom line is to have a detailed conversation w/ your provider or peering partner about what their policies are http://www.us.ntt.net/support/policy/routing.cfm#v6PeerFilter
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Building the IPv6 Address Plan
. Template addressing Build information into the address Example 4 bit boundary 2001:0db8:1234:xyza::/48 x = Region y= Site z= Building a= Floor . Short numbers: less chance of transcription errors for loopbacks Compare: 2001:db8:1111:1:1:1:1/128 with 2001:db8:1234:1111::1/128 . Split address block into two example of a /32 /33 for internet Enabled devices /33 for Internal Restricted devices. Helps with Route Identification and makes filtering on edge easier. . IPv6 Address Management – How are you going to manage these blocks?
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 ULA, ULA + Global or Global
. What type of addressing should I deploy internal to my network? It depends: ULA-only—Today, no IPv6 NAT is useable in production so using ULA-only will not work externally to your network ULA + Global allows for the best of both worlds but at a price— much more address management with DHCP, DNS, routing and security—SAS does not always work as it should Global-only—Recommended approach but the old-school security folks that believe topology hiding is essential in security will bark at this option . Let‘s explore these options…
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 ULA-Only Not Recommended
. Everything internal runs the ULA space . A NAT supporting IPv6 or a proxy is required to access IPv6 hosts on the internet — must run filters to prevent any SA/DA in ULA range from being forwarded . Works as it does today with IPv4 except that today, there are no scalable NAT/Proxies for IPv6 . Removes the advantages of not having a NAT (i.e. application interoperability, global multicast, end-to-end connectivity) Internet
Global – 2001:DB8:CAFE::/48 Requires NAT for IPv6 Branch 1 Corp HQ
FD9C:58ED:7D73:2800::/64 Corporate Backbone Branch 2
ULA Space FD9C:58ED:7D73::/48
FD9C:58ED:7D73:3000::/64 FD9C:58ED:7D73::2::/64
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 ULA + Global Not Recommended
. Both ULA and Global are used internally except for internal-only hosts . Source Address Selection (SAS) is used to determine which address to use when communicating with other nodes internally or externally . In theory, ULA talks to ULA and Global talks to Global—SAS ‗should‘ work this out . ULA-only and Global-only hosts can talk to one another internal to the network . Define a filter/policy that ensures your ULA prefix does not ‗leak‘ out onto the Internet and ensure that no traffic can come in or out that has a ULA prefix in the SA/DA fields . Management overhead for DHCP, DNS, routing, security, etc…
Internet
Global – 2001:DB8:CAFE::/48 Branch 1 Corp HQ
FD9C:58ED:7D73:2800::/64 Corporate 2001:DB8:CAFE:2800::/64 Backbone Branch 2
ULA Space FD9C:58ED:7D73::/48 Global – 2001:DB8:CAFE::/48 FD9C:58ED:7D73:3000::/64 FD9C:58ED:7D73::2::/64 2001:DB8:CAFE:3000::/64 2001:DB8:CAFE:2::/64
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Global-Only Recommended
. Global is used everywhere . No issues with SAS . No requirements to have NAT for ULA-to-Global translation—but, NAT may be used for other purposes . Easier management of DHCP, DNS, security, etc. . Only downside is breaking the habit of believing that topology hiding is a good security method Internet Global – Site 1 2001:DB8:CAFE::/48
2001:DB8:CAFE:2800::/64 Backbone Site 2 Corp Global – 2001:DB8:CAFE::/48 HQ 2001:DB8:CAFE:3000::/64 2001:DB8:CAFE:2::/64
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Questions to Ask Your Service Provider
. SP Deployment Type . Acceptance Policy Dual Stack, Native or Overlay ( if so what Prefix length acceptance ? kind of overlay) ? Provider Independent or Provider What kind of SLA are provided for the Assigned acceptance services ? Do you post metrics online ? Do your Peering partners have similar . What kind of services are offered policy to yours ? Internet Services What prefix length do your upstream providers accept ? Layer 2 or Layer 3 VPN‘s . Provisioning IPv6 Multicast support or plans ? Is there a self service portal ? DNS Services over v4 or V6 ? Routing add and deletes . Visibility and footprint to the IPv6 When do you plan on providing v6 Internet. services as a default offering ? Peering arrangements . Charging model . Service availability on nodes Do you charge for IPv6 ? Available over 802.1Q or VLANs ? Separate or Same VRF's ?
http://docwiki.cisco.com/wiki/What_To_Ask_From_Your_Service_Provider_About_IPv6
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Production Quality IPv6 Improving
6to4 Is Trending Down, Native IPv6 Is Trending Up
Source: Google and Hurricane Electric
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 IPv6 Deployment and Considerations Agenda . IPv6 Market Trends . IPv6 Planning Steps . IPv6 Addressing . IPv6 Deployment Options . ASIAGOV Case Study
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 IPv6 Deployment Options . IPv6 Only IPv6 is the only protocol operating in the network
IPv6 IPv6 IPv6
. Dual Stack (in devices/hosts and networks) IPv4 and IPv6 operate in tandem over shared or dedicated links
IPv4 IPv4 Applications Dual Shared Stack Aware IPv6 IPv6 IPv6 IPv6 Links IPv4 IPv4 Dedicated Links . Tunnelling over IPv4 or MPLS (6in4, 6to4, 6PE, 6VPE, etc..) IPv6 confined to the edge of the IPv4 / MPLS core IPv4 IPv4 IPv6 MPLS MPLS
Tunnel . Protocol Translation (NAT64, NAT46, DNS64, etc..) Allow IPv6-only devices to communicate with IPv4-only devices
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Dual Stack Backbone
. All P + PE routers are capable of IPv4+IPv6 support . Two IGPs supporting IPv4 and IPv6 . Memory considerations for larger routing tables . Native IPv6 multicast support . All IPv6 traffic routed in global space . Good for content distribution and global services (Internet)
IPv6 + IPv4 Dual Stack App IPv4 + IPv6 Edge IPv4 and/or IPv4 Edge Core
CE PE P P PE C E IPv4
IPv6 IPv4/IPv6 IPv4 Configured Interface IPv4 Core IPv6
Some or All Interfaces in Cloud Dual Configured IPv6 Configured Interface BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Dual Stack Application Approach
. Dual stack in a device means Both IPv4 and IPv6 stacks enabled Applications can talk to both Choice of the IP version is based on DNS and application preference
IPv6 Enabled IPv4 Application Application
TCP UDP TCP UDP
IPv4 IPv6 IPv4 IPv6
0x0800 0x86dd 0x0800 0x86dd Frame Protocol ID Data Link (Ethernet) Data Link (Ethernet)
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Dual Stack Approach & DNS
192.168.0.3 www.example.org = * ?
IPv4 DNS IPv4 Server IPv6
IPv6 www IN A 192.168.0.3 www IN AAAA 2001:db8:1::1 2001:db8:1::1
In a dual stack case an application that: Is IPv4 and IPv6-enabled Can query the DNS for IPv4 and/or IPv6 records (A) or (AAAA) records Chooses one address and, for example, connects to the IPv6 address
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 IPv6 Transit using MPLS 6PE (RFC 4798)
IPv6 IPv6 BGP LDP IPv6 Packet Packet Label Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network
CE 6PE3 P P 6PE4 CE IPv6 IPv6
200.10.10.1 IPv4 200.11.11.1 MPLS IPv6 IPv6
CE 6PE1 P P 6PE2 CE 2001:f00d:: iBGP 2001:db8:: exchange IPv6
. 6PEs must support dual stack IPv4+IPv6 (acts as normal IPv4 PE) . IPv6 packets transported from 6PE to 6PE over Label Switch Path . IPv6 addresses exist in global table of PE routers only IPv6 addresses exchanged between 6PE using MP-BGP session . Core uses IPv4 control plane (LDPv4, TEv4, IGPv4, MP-BGP) . Benefits from MPLS features such as FRR, TE BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 Services using MPLS 6PE
IPv6 IPv6 BGP LDP IPv6 Packet Packet Label Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network
CE3 6PE3 P P 6PE4 CE IPv6 4 IPv6
200.10.10.1 IPv4 200.11.11.1 MPLS IPv6 IPv6
CE1 6PE1 P P 6PE2 CE2 2001:f00d:: iBGP 2001:db8:: exchange IPv6 . Connects IPv6 islands over MPLS core (Transits edge to edge) . Transition mechanism for providing unicast IPv6 access . Coexistence mechanism for combining IPv4 and IPv6 services . As other IPv6 ―tunnel‖ technologies, enables services such as IPv6 Internet Access Peer-to-peer connectivity Access to IPv6 services supplied by the SP itself BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 Routing And Label Distribution Example
IPv6 IPv6 BGP LDP IPv6 Packet Packet Label Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network
CE3 6PE3 P P 6PE4 CE IPv6 4 IPv6
200.10.10.1 IPv4 200.11.11.1 MPLS IPv6 IPv6
CE1 6PE1 P P 6PE2 CE2 2001:f00d:: iBGP 2001:db8:: eBGP exchange IPv6 eBGP IGPv4 IGPv4 IGPv4 200.10.10.1 200.10.10.1 200.10.10.1 reachable reachable reachable
LDPv4 {Pop} LDPv4 {27} LDPv4 {48} Binds label Binds label Binds label {Pop} to {27} to {48} to 200.10.10.1 200.10.10.1 200.10.10.1
MP-eBGP IPv6 MP-iBGP MP-eBGP Advertises Advertises Advertises 2001:f00d:: to 6PE2 2001:f00d:: 2001:f00d:: BGP Next Hop ::ffff:200.10.10.1 to 6PE1 to CE2 Label Binding {65} BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 6PE Label Forwarding
IPv6 IPv6 BGP LDP IPv6 Packet Packet Label Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network
CE3 6PE3 P P 6PE4 CE IPv6 4 IPv6
200.10.10.1 IPv4 200.11.11.1 MPLS IPv6 IPv6
CE1 6PE1 P P 6PE2 CE2 2001:f00d:: 2001:db8:: Item Value IPv6 2001:f00d:: Prefix: {65} BGP Label: ::ffff:200.10.10.1 BGP NH: 200.10.10.1 IPv4 NH: {48} LDP Label: IPv6 MPLS MPLS MPLS IPv6
{27} {48} LDP IPv4 Label {65} {65} {65} BGP IPv6 Label 2001:f00d:: 2001:f00d:: 2001:f00d:: 2001:f00d:: 2001:f00d:: IPv6 Prefix
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 6PE Configuration
IPv6 IPv6 BGP LDP IPv6 Packet Packet Label Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network
CE3 6PE3 P P 6PE4 CE IPv6 4 IPv6
200.10.10.1 IPv4 200.11.11.1 MPLS IPv6 IPv6 as65014 as65015
CE1 6PE1 P P 6PE2 CE2 2001:f00d:: 2001:db8:: ipv6 cef ipv6 cef ! ! interface loopback0 interface loopback0 ip address 200.10.10.1 255.255.255.0 ip address 200.11.11.1 255.255.255.0 ! ! router bgp 100 router bgp 100 neighbor 2001:f00d:1::1 remote-as 65014 neighbor 2001:DB8:1::1 remote-as 65015 neighbor 200.11.11.1 remote-as 100 neighbor 200.10.10.1 remote-as 100 neighbor 200.11.11.1 update-source lo0 neighbor 200.10.10.1 update-source lo0 ! ! address-family ipv6 address-family ipv6 neighbor 200.11.11.1 activate 6PE2 neighbor 200.10.10.1 activate 6PE1 neighbor 200.11.11.1 send-label neighbor 200.10.10.1 send-label neighbor 2001:f00d:1::1 activate CE1 neighbor 2001:DB8:1::1 activate CE2 BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
IPv6 VPN 6VPE (RFC 4659)
IPv6 IPv6 VPN LDP IPv6 Packet Packet Label Label Packet
IPv6/IPv4 Network MPLS IPv4 Backbone IPv6/IPv4 Network
10.1.1.0/24 10.1.2.0/24 2001:db8:beef:1::/64 P 2001:db8:beef:2::/64 200.10.10.1 P 200.11.11.1
IPv4 IPv4 VRF VRF IPv4 IPv6 MPLS IPv6 CE1 6VPE1 6VPE2 CE2 172.16.1.0.0/30 172.16.3.1/30 2001:db8:cafe:1::/64 P P 2001:db8:cafe:3::/64
. 6VPE uses existing IPv4 MPLS infrastructure to provide IPv6 VPN Core uses IPv4 control plane (LDPv4, TEv4, IGPv4) . PEs must support dual stack IPv4+IPv6 . Offers same architectural features as MPLS-VPN for IPv4 RTs, VRFs, RDs are appended to IPv6 to form VPNv6 address MP-BGP distributed both VPN address families BGP NH uses IPv4 to IPv6 mapped address format ::ffff:A.B.C.D . VRF can contain both VPNv4 and VPNv6 routes . Solution suitable for IPv6 support to enterprises and government with VPN BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Services Using 6VPE
IPv6 IPv6 VPN LDP IPv6 Packet Packet Label Label Packet
IPv6/IPv4 Network MPLS IPv4 Backbone IPv6/IPv4 Network
10.1.1.0/24 10.1.2.0/24 2001:db8:beef:1::/64 P 2001:db8:beef:2::/64 200.10.10.1 P 200.11.11.1
IPv4 IPv4 VRF VRF IPv4 IPv6 MPLS IPv6 CE1 6VPE1 6VPE2 CE2 172.16.1.0.0/30 172.16.3.1/30 2001:db8:cafe:1::/64 P P 2001:db8:cafe:3::/64
. For VPN customers, IPv6 VPN service is exactly as IPv4 VPN service . 6PE is ―like VPN‖ but prefixes are in global table, 6VPE is true VPN . 6VPE enables services such as IPv6 VPN Access Carriers Supporting Carrier Access to IPv6 services supplied by the SP itself
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 CE1 Configuration
IPv6 IPv6 VPN LDP IPv6 Packet Packet Label Label Packet
IPv6/IPv4 Network MPLS IPv4 Backbone IPv6/IPv4 Network
10.1.1.0/24 10.1.2.0/24 2001:db8:beef:1::/64 P 2001:db8:beef:2::/64 200.10.10.1 P 200.11.11.1
IPv4 IPv4 VRF VRF IPv4 IPv6 MPLS IPv6 CE1 6VPE1 6VPE2 CE2 172.16.1.0/30 172.16.3.1/30 2001:db8:cafe:1::/64 P P 2001:db8:cafe:3::/64 ipv6 unicast-routing router bgp 500 ipv6 cef neighbor 2001:db8:cafe:1::2 remote-as 100 ! neighbor 172.16.1.2 remote-as 100 interface Ethernet0/0 ! description Link to PE1 address-family ipv4 ip address 172.16.1.1 255.255.255.0 redistribute eigrp 100 ipv6 address 2001:db8:cafe:1::1/64 neighbor 172.16.1.2 activate 6VPE1 ! exit-address-family interface Ethernet1/0 ! description to GREEN LAN address-family ipv6 ip address 10.1.1.1 255.255.255.0 neighbor 2001:db8:cafe:1::2 activate 6VPE1 ipv6 address 2001:db8:beef:1::1/64 redistribute rip GREEN ipv6 rip GREEN enable exit-address-family
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 New Multi-AF VRF Configuration
IPv6 IPv6 VPN LDP IPv6 Packet Packet Label Label Packet
IPv6/IPv4 Network MPLS IPv4 Backbone IPv6/IPv4 Network
10.1.1.0/24 10.1.2.0/24 2001:db8:beef:1::/64 P 2001:db8:beef:2::/64 200.10.10.1 P 200.11.11.1
IPv4 IPv4 VRF VRF IPv4 IPv6 MPLS IPv6 CE1 6VPE1 6VPE2 CE2 172.16.1.0/30 172.16.3.1/30 2001:db8:cafe:1::/64 P P 2001:db8:cafe:3::/64
vrf definition GREEN . New VRF AF definition rd 200:1 ! Common RT policies go here Allows address-families address-family ipv4 route-target export 200:1 Each with unique or common policies route-target import 200:1 . vrf upgrade-cli multi-af-mode {common- exit-address-family policies | non-common-policies} [vrf !
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 6VPE1 General Configuration
IPv6 IPv6 VPN LDP IPv6 Packet Packet Label Label Packet
IPv6/IPv4 Network MPLS IPv4 Backbone IPv6/IPv4 Network
10.1.1.0/24 10.1.2.0/24 2001:db8:beef:1::/64 P 2001:db8:beef:2::/64 200.10.10.1 P 200.11.11.1
IPv4 IPv4 VRF VRF IPv4 IPv6 MPLS IPv6 CE1 6VPE1 6VPE2 CE2 172.16.1.0/30 172.16.3.1/30 2001:db8:cafe:1::/64 P P 2001:db8:cafe:3::/64 ipv6 unicast-routing ! ipv6 cef interface Ethernet2/0 ! description Link to Core Network interface Loopback0 ip address 192.168.1.1 255.255.255.252 ip address 200.10.10.1 255.255.255.255 mpls ip ! ! interface Ethernet0/0 router ospf 1 Description Link to CE1 log-adjacency-changes vrf forwarding GREEN redistribute connected subnets ip address 172.16.1.2 255.255.255.0 passive-interface Loopback0 ipv6 address 2001:db8:cafe:1::2/64 network 192.168.1.0 0.0.0.255 area 0
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 6VPE1 BGP Configuration
IPv6 IPv6 VPN LDP IPv6 Packet Packet Label Label Packet
IPv6/IPv4 Network MPLS IPv4 Backbone IPv6/IPv4 Network
10.1.1.0/24 10.1.2.0/24 2001:db8:beef:1::/64 P 2001:db8:beef:2::/64 200.10.10.1 P 200.11.11.1
IPv4 IPv4 VRF VRF IPv4 IPv6 MPLS IPv6 CE1 6VPE1 6VPE2 CE2 172.16.1.0/30 172.16.3.1.0/30 2001:db8:cafe:1::/64 P P 2001:db8:cafe:3::/64 router bgp 100 address-family vpnv6 To 6VPE2 neighbor 200.11.11.1 remote-as 100 neighbor 200.11.11.1 activate neighbor 200.11.11.1 update-source lo0 neighbor 200.11.11.1 send-community ext ! exit-address-family address-family ipv4 Internet Routes ! neighbor 200.11.11.1 activate address-family ipv4 vrf GREEN To CE1 no auto-summary redistribute connected no synchronization neighbor 172.16.1.1 remote-as 500 exit-address-family neighbor 172.16.1.1 activate ! exit-address-family address-family vpnv4 To 6VPE2 ! neighbor 200.11.11.1 activate address-family ipv6 vrf GREEN To CE1 neighbor 200.11.11.1 send-community ext neighbor 2001:db8:cafe:1::1 remote-as 500 exit-address-family neighbor 2001:db8:cafe:1::1 activate exit-address-family
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 6VPE2 IPv6 VRF Routes
IPv6 IPv6 VPN LDP IPv6 Packet Packet Label Label Packet
IPv6/IPv4 Network MPLS IPv4 Backbone IPv6/IPv4 Network
10.1.1.0/24 10.1.2.0/24 2001:db8:beef:1::/64 P 2001:db8:beef:2::/64 200.10.10.1 P 200.11.11.1
IPv4 IPv4 VRF VRF IPv4 IPv6 MPLS IPv6 CE1 6VPE1 6VPE2 CE2 172.16.1.0/30 172.16.3.1.0/30 2001:db8:cafe:1::/64 P P 2001:db8:cafe:3::/64
6VPE2#show ipv6 route vrf GREEN B 2001:db8:beef:1::/64 [200/0] via 200.10.10.1%Default-IP-Routing-Table, indirectly connected B 2001:db8:beef:2::/64 [20/0] via FE80::A8BB:CCFF:FE01:FA00, Ethernet1/0 B 2001:db8:cafe:1::/64 [200/0] via 200.10.10.1%Default-IP-Routing-Table, indirectly connected C 2001:db8:cafe:3::/64 [0/0] via Ethernet1/0, directly connected L 2001:db8:cafe:3::2/128 [0/0] via Ethernet1/0, receive L FF00::/8 [0/0] via Null0, receive
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 IPv6 Deployment and Considerations Agenda . IPv6 Market Trends . IPv6 Planning Steps . IPv6 Addressing . IPv6 Deployment Options . ASIAGOV Case Study
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 Customer Background
. APAC Governmental Agency: ASIAGOV . Customer Drivers for IPv6 – As per the national mandate, ensuring that country is viewed as a technology leader in the region. – To serve as a leading example for local ISPs and Enterprises to facilitate their eventual IPv6 protocol integration. . Primary Goal is a public facing IPv6 rollout (Web + Mail Servers) . Secondary Goal is an internal IPv6 rollout (IPv6 Internet Access, Web development)
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43 IPv6 Assessment Engagement
. Purpose of Cisco Engagement To provide an IPv6 Architecture and Assessment for ASIAGOV that: – Reviews the network infrastructure and application architecture – Recommends best practices and appropriate implementation approach – Reviews and recommends improvements on security and network administration, operation and support design – Recommends an implementation roadmap of the IPv6 network protocols . Consultancy Scope Core1: L3 MPLS VPN Network for connectivity to services Core2: L3 MPLS VPN Network for connectivity to Gov’t Bureaus ServicesNet: Central Services (Internet Proxy, Web Hosting, etc.)
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44 ASIAGOV Network
ServicesNET: Service Blocks
SVC1 SVC2
B/D SVC3 EBGP Core2 Core1 Core2 Core1 SVC4
B/D
Internet
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45 IPv6 Engagement Methodology
. Initial Workshops (objective, c..) Information Gathering & Data Consolidation . Ongoing Interviews . ConsolidatedReviewed Objective Network and Device Identified and ServerDesign Application Options HLD Strategy . Selected most applicable Network Design Approach . Assessed Devices against features . andFeature current Requirements HW/SW List Assessment . Identified Support and Caveats . DocumentedIdentified Roadmap High Level or Alternatives Architecture Documentation . Documented Assessment . Adjusted Device/Application . DocumentSpreadsheets Comment and Revisions Optimization . Six week Nursing Period
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 IPv6 Consultancy Report Summary . Network Architecture Recommendations – High Level IPv6 solution and recommended option – Combination of 6VPE and Dual Stack – IPv6 Best Practices . Assessment Report by Network Services Block – Network Devices & Appliances: Cisco and/or 3rd Party – Servers & Applications: Server OS and specific Apps – Short and Long-term IPv6 solutions . Integration Report – Recommended High Level Integration Approach – Suggested PDI and Testing
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 IPv6 High Level Architecture Design - Mail . No change to current Mail IPv4 network architecture . Dual Stack IPv6 protocol added by hardware and Internet software upgrade Short Term Approach . Upgrade H/W and S/W for IM Switches . Load Balancer S/W upgrade . Add new MTA to support IPv6 email exchange . No IPv6 support for POP, IMAP, SMTP auth and Core1 Core1 6VPE 6VPE Webmail services Router Router . Software / Appliance remain in IPv4 (e.g. Mail Scanner, Opensource DB server)
MAIL CE MAIL CE L2/L3 L2/L3 Long Term Approach Switch Switch . Application Software/OS Upgrade (e.g. Webmail Scanner, PC OS, etc..) . Application Software / Appliance Replacement (e.g. various Mail Scanning applications etc..)
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48 Key Customer Benefits
. Assessment provided a holistic view in both architecture and assessment inclusion (software apps/OS). . Device Assessment which identified SW and HW gaps so that ASIAGOV facilitated determining upcoming budget requirements. . Provided ASIAGOV with long and short term solutions to certain application or architectural shortcomings.
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49 BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50 Complete Your Session Evaluation
. Please give us your feedback!! Complete the evaluation form you were given when you entered the room . This is session BRKxxx-xxxx
Don’t forget to complete the overall event evaluation form included in your registration kit
YOUR FEEDBACK IS VERY IMPORTANT FOR US!!! THANKS
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51