Ipv4 and Ipv6 – Icons and Terminology

IPv6 in Enterprise Unified Communications Networks

BRKCOL-2020

Tony Mulchrone - Technical Marketing Engineer Cisco Collaboration Technology Group Agenda

IPv6 Addressing summary IPv6 and UC Networks summary IPv6 Addressing and Cisco devices DHCP and DNS for IPv6 IPv6 Campus and WAN Deployment Options IPv6 UC Configuration CUCM IPv6 Device Configuration Parameters and Media Handling Other IPv6 Design Considerations IPv6 UC Deployment Guidelines Summary Why Deploy IPv6 ?

• IPv6 deployment is primarily driven by IPv4 address space exhaustio • The number of applications, devices, services requiring IP addresses is rapidly increasing as the world becomes more and more IP centric • Addresses in IPv6 are 128 bits long versus 32 bits IPv4 address. The larger address space avoids the potential exhaustion of IP addresses without need for Network Address Translation. • By avoiding the need for complex sub-netting scheme, IPv6 addressing space easier to understand, making administration of medium and larger networks simpler. • IPv6 hosts can be configured automatically using Stateless Address Auto- Configuration (SLACC) when connected to a routed IPv6 network using ICMPv6 router discovery messages.

IPv4 = 32 bits

IPv6 = 128 bits

• IPv4 uses 32 bits • = ~ 4,200,000,000 possible addressable nodes • CIDR and NAT techniques used to make the best possible use of address space

• IPv6 uses 128 bits • = 340,282,366,920,938,463,463,374,607,431,768,211,456 nodes • = 52 Trillion Trillion addresses per person in the world • = More than enough • Allows for scalable, simple and easily understandable addressing schemes

• An IPv6 address is composed of 8 sets of 16 bit hexadecimal values, 128 bits in length

• 2001:0db8:1234:5678:9abc:def0:1234:5678 • 16 bit hex values are separated by colons (:) • Abbreviation is possible Leading zeros can be omitted Consecutive zeros in contiguous blocks can be represented by (::) • 2001:0db8:0000:130F:0000:0000:087C:140B • becomes • 2001:0db8:0:130F::87C:140B Double colons can only appear once in the address • Network prefix representation like IPv4 CIDR --- • e.g. 2001:db8:12::/64

IPv6 Unicast addresses use 64 bits for the Network ID and 64 00 90 27 17 FC 0F bits for the Host ID

The Host ID can be auto-configured by : 00 90 27 17 FC 0F 1) Using a randomly generated number, or FF FE

2) By using the (Extended Unique Identifier) EUI-64 format. 00 90 27 FF FE 17 FC 0F This format expands the 48 bit MAC address to 64 bits by 1 = Unique ID inserting FFFE into the middle 16 bits. Cisco commonly uses 000000U0 Where U= this Host ID format. 0 = Not Unique U = 1 3) The host ID can also be assigned using DHCPv6 or manually configured 02 90 27 FF FE 17 FC 0F

• Addresses are assigned to interfaces • An Interface is expected to have multiple addresses • Addresses have “scope” Link Local Unique Local Global Global Unique Local Link Local

• Unicast Address Identifies a single node/interface. Traffic destined to a Unicast address is forwarded to a single interface • Multicast Address Identifies a group of nodes/interfaces. Traffic destined to a Multicast address is forwarded to all the nodes in the group

• No more Broadcast addresses Too resource intensive, IPv6 uses Multicast addresses instead

Remaining 54 Bits Interface ID

1111 1110 10 FE80::/10

10 Bits Link-Local Addresses are : • Mandatory addresses - used exclusively for communication between two IPv6 devices on the same link. • Automatically assigned by the device as soon as IPv6 is enabled • Only Link Specific scope – not routed • Remaining 54 bits of network ID are typically zero but could be set to any manually configured value • Interface ID has the same meaning for all unicast addresses, 64 bits long using the EUI-64 format • Example - FE80:0000:0000:0000:0987:65FF:FE01:2345 • Generally represented as FE80::987:65FF:FE01:2345

128 Bits

1 Global ID 40 Bits Interface ID

1111 110 Subnet ID FD00::/7 16 Bits 7 Bits 1 Bit : L = 1 Locally assigned; L = 0 Future Use Unique-Local Addresses are : • Analogous to Private IPv4 addresses (e.g. 10.1.1.254) • Not Routable on the Internet – (would require IPv6 NAT) • Global IDs do not have to be aggregated • Subnet IDs are defined by the administrator of the local domain • Subnet IDs typically use a hierarchical addressing plan to allow for route summarization • Interface ID has the same meaning for all unicast addresses, 64 bits long using the EUI-64 format • Example - FD00:aaaa:bbbb:CCCC:0987:65FF:FE01:2345 BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Global Unicast Addresses Network ID

RIR ISP LAN Host

3 21 Bits 24 Bits 16 Bits 64 Bits

Global Prefix TLA NLA SLA Interface ID

001 /24 /48 /64 Global Unicast Addresses are : • Routable / reachable across the Internet • Identified by their 3 high level bits set to 001 ( 2000::/3 ) • Global Routing Prefix assigned to Regional Internet Registries by Internet Assigned Numbers Authority (IANA) – Next Level Aggregator (NLA) assigned to ISP • Site Level Aggregator (Subnet ID) assigned to a customer by their Service Provider

128 Bits

8-bits 4-bits 4-bits 112-bits 1111 1111 Lifetime Scope Group-ID

Lifetime Scope 0 If Permanent 1 Node 1 If Temporary 2 Link 5 Site 8 Organization E Global IP multicast addresses have a prefix FF00::/8 (1111 1111) The second octet defines the lifetime and scope of the multicast address Used for Router Advertisements, DHCP, Multicast Applications Multicast addresses are always destination addresses BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Some Well-Known Multicast Addresses

Address Scope Meaning FF01::1 Node-Local Same Node FF02::1 Link-Local All Nodes on a Link FF01::2 Node-Local Same Router FF02::2 Link-Local All Routers on a Link FF05::2 Site-Local All Routers on Intranet FF02::1:FFXX:XXXX Link-Local Solicited-Node More details at http://www.iana.org/assignments/ipv6-multicast-addresses

Solicited Node Addresses - Used for Neighbor Discovery and Duplicate Address Detection

v4 IPv4 Only Device communicates with and understands IPv4 addresses only

v6 IPv6 Only Device communicates with and understands IPv6 addresses only

v4 v6 Dual Stack (IPv4 and IPv6) with ANAT This device communicates with and understands both IPv4 and IPv6 addresses and can also negotiate the use of either IPv4 or IPv6 for media

v4 v6 IPv6 Aware Device communicates with IPv4 addresses, but can receive and understand IPv6 addresses embedded in Application PDUs – Typically used by applications which use IPv4 to transport IPv6 information

• v4 v6 v4 v6 Call Control CUCM 7.1(2)+ IM & P Services 10.5(1) – External Connections only e.g. federation CUBE 12.4(22)T+ CUCME 8.0+

v4 v6 v4 v6 • Cisco IP Phones 7906G, 7911G, 7931G, 7941G, 7941GE, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G-GE, 7975G 6901, 6911, 6921, 6922, 6941, 6942, 6945, 6946, 6961, 6962 3905, 7821, 7841, 7845, 7861, 8961, 9951, 9971 SIP based Cisco Telepresence Endpoints: C20, C40, C60, C90, MX Series, DX Series, EX Series, SX20, SX60

• Gateways v4 v6 v4 v6 IOS SIP Gateways – ISR G2 , ASR SCCP/SIP Analogue Gateways – VG Gateway platforms SCCP FXS ports on ISR G2 routers IOS software and harwdare MTPs for IPv4 - IPv6 RTP Media conversion CUBE IPv4 to IPv6 voice interworking

v4 v6 v4 v6 • CUCM SIP Trunks IPv4/IPv6 signalling, ANAT for Dual stack media negotiation

v4 v6 v4 v6 • Applications Unity Connection – IPv4, IPv4/IPv6 ANAT Cisco WebEx Meeting Server – IPv4, IPv4/IPv6 ANAT for Web/Audio connections only. Cisco Prime Collaboration Suite – IPv4, IPv6 Aware Cisco Meeting Server - IPv4, IPv6 Cisco Telepresence Server - IPv4, IPv4/IPv6 ANAT; Cisco TP Conductor – IPv4

SIP Trunks H323 ICT Trunks v4 v6 v4 v6 v4

IPv4/IPv6 IPv4 Only

Jabber SRST Mobile v4 v4 Clients

Soft CUCME (SCCP Phones only) Phones v4 SCCP ISR v4 v6 v4 v6 Analogue Ports

SIP TelePresence CUBE / SIP VG Analogue Endpoints v4 v6 v4 v6 v4 v6 Gateways Gateways

Cisco Expressway C/E Newer SIP Older SCCP based Phones v4 v6 based Phones v4 v4

Older SIP based MGCP/ H323 Newer SCCP v4 v6 Gateways based Phones Phones v4 v4

SIP Trunks H323 ICT Trunks v4 v6 v4 v6 v4

IPv4/IPv6 IPv4 Only

Cisco Meetings Cisco v4 v6 v4 Server Emergency Responder

Telepresence Cisco Prime Server v4 v6 Directory v4 v4 v6 Collaboration Suite

TelePresence v4 v6 IM&P Cisco Webex Endpoints v4 v6 v4 v6 Meeting Server

Newer SIP Unified IOS based based Phones v4 v6 Contact v4 v4 v6 DHCP/ DNS Centre

• CUCM can support:

One Link Local IPv6 Address and v4 v4 v6 One Unique Local IPv6 Address or One Global IPv6 Address (and an IPv4 address)

• IP Phones can support: One Link Local IPv6 Address and v4 v6 v4 v6 Multiple Unique Local IPv6 Addresses Multiple Global IPv6 Addresses (and an IPv4 address)

• IP Phone will use one IPv6 address (Global or Unique Local) for CUCM signaling and media.

• A Link Local address will never be sent to CUCM as a signaling and media address • If the phone has both Unique Local and Global addresses, the Global Addresses take precedence over Unique Local Addresses. • If multiple Unique Local or multiple Global addresses exist - the first address configured will be used as the signaling and media address sent to CUCM

• IOS devices can support: v4 v6 v4 v6 One Link Local IPv6 Address and Multiple Unique Local IPv6 Addresses Multiple Global IPv6 Addresses (and multiple IPv4 addresses) Per Interface

• Routers use Link Local Addresses for Routing protocols and the Address Selection Algorithm (RFC 3484) for applications running on routers (Telnet, SSH, etc.) • e.g. For responses to devices - Routers will try to use the same Network Prefix as the device initiating communications

• IPv4 Address Configuration Options • Manual Configuration via Phone User Interface • DHCPv4

• IPv6 Address Configuration Options • Manual Configuration via Phone User Interface • Auto Configuration • DHCPv6 • Note - Phones require a minimum of an IP address and TFTP server address

• IOS supports DHCPv6 server with vendor option classes

BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 IP Phone – IPv6 Address Allocation – SLAAC StateLess Address Auto-Configuration (SLAAC) - RFC 2462 • Configurable for IPv6 enabled Phones CUCM Default - Auto Configuration = On • On power up phone sends a Router Solicitation (RS) message requesting Address configuration information • Router responds and periodically sends a Router Advertisement (RA) • RA can contain one or more Network Prefixes • Network Prefix and EUI-64 Host ID used to create interface address • RA also contains O and M bits: O bit = 1 • Indicates that the Phones should use the advertised Network Prefix(es) to auto-configure its address, but should also request Other information from the DHCP server e.g. TFTP server address, DNS server address M bit =1 • Indicates that the Phone should use DHCP for stateful address assignment

BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 IPv6 – Router Advertisements and DHCP Operation Stateless DHCP When a router sends an Router Advertisement (RA) with the ‘O’ bit set, but does not set the ‘M’ bit, the client can use Stateless Address Auto-configuration (SLAAC) to obtain its IPv6 address, and use DHCPv6 for obtaining additional information. (e.g. TFTP Server address, DNS server address). This mechanism is known as Stateless DHCPv6, because the DHCPv6 server does not need to keep track of the client address bindings. Stateful DHCP When a router sends an RA with the ‘M’ bit set, this indicates that clients should use DHCP to obtain Addresses. Note - When the M bit is set, the setting of the O bit is irrelevant, since the DHCP server will also return “Other” configuration information together with addresses. This mechanism is known as Stateful DHCPv6, because the DHCPv6 server does keep track of the client address bindings. Reply IP Phone DHCPv6 Server DHCPv6 Client Request

Advertise

Solicit

• Stateless DHCPv6 (RFC 3736) DHCP server only provides Other Information – e.g. DNSv6 Server, TFTP Server address

• Stateful DHCPv6 (RFC 3315) DHCP server provides IPv6 Network Address and optionally : • Host ID - Host ID can also be generated by host using EUI-64 • Other Information – e.g. DNS Server address, TFTP Server Address • Note Default Router address is not a required option with IPv6 - Multicast is used instead to discover Routers on the Link

• DHCPv6 Prefix Delegation (RFC 3633) Primarily used by Service Providers to automatically assign a Network Prefix to a customer’s site – Allows the delegation of prefixes from a delegating router to requesting routers.

• Devices use Multicast to find DHCPv6 servers • IOS DHCP Relay is supported

• CUCM can use DNS Name to Address Resolution for three purposes : If DNS names are used to define CUCM servers If SIP Route Patterns use DNS names to define destinations If SIP Trunks use DNS names to define Trunk destinations

• The principle for IPv6 DNS is the same as IPv4 but : The nomenclature is different AAAA instead of A records DNS name to address queries can return multiple IPv6 addresses (and an IPv4 address)

IPv4 IPv6

Hostname to IP Address A record: AAAA record: Resolution www.abc.test. A 192.168.30.1 www.abc.test AAAA 2001:db8:C18:1::2

IP Address to Hostname PTR record: PTR record: 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.c.0. Resolution 1.30.168.192.in-addr.arpa. PTR 8.b.d.0.1.0.0.2.ip6.arpa PTR www.abc.test. www.abc.test.

• Almost all IPv6 deployments will run a combination of IPv4 and IPv6

• Both LAN and WAN environments also need to be considered when deploying IPv6 for UC

• In almost all cases…… Dual Stack deployments offer the best approach when introducing IPv6 into any network environment - As both IPv4 devices and Dual Stack (IPv4/IPv6) devices can interoperate and disruption to the existing network is minimal.

• In the following sections we will focus on IPv6 deployments for UC. We will touch upon the Campus and WAN environments, but mainly to reference existing design guidance for IPv6 deployment

Dual Stack is the preferred and most versatile way to deploy IPv6 in existing IPv4 environments. Dual Stack is not the only IPv6 deployment option in a Campus environment - other hybrid models that use tunnelling in the Campus network also exist.

For more info see : Deploying IPv6 in Campus networks http://www.cisco.com/application/pdf/en/us/guest/netsol/ns107/c649/ccmigration_09186a00807753a6.pdf Also : This week at Cisco Live Berlin BRKRST-2301 Enterprise IPv6 Deployment - 9am Friday

BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Campus IPv6 Deployment Options Dual-Stack IPv4/IPv6 IPv6& IPv4 Dual Stack Hosts • IPv6 is transparent on L2 switches except for multicast - MLD snooping is available on most switching platforms Access Layer • IPv6 uses the same types of routing protocols as IPv4, but with some slight modifications to account for specific Distribution requirements of IPv6 Layer The Catalyst platforms support Static, RIPng, EIGRP and OSPFv3 routing for IPv6 Core Dual Stack Layer • IPv6 First Hop Redundancy Protocols such as HSRP & GLBP are supported by IOS routing platforms. HSRP & GLBP are supported by most Catalyst platforms Aggregation Layer (DC) • Use Cisco First Hop Security for IPv6 to secure your Layer 2 Access environment (Cisco FHS includes RA guard, DHCP guard, Layer (DC) IPv6 Snooping and more … http://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os- Dual-stack software/enterprise-ipv6-solution/aag_c45-707354.pdf Server

Dual Stack Dual Stack • Cisco routers have supported IPv6 for a long time • Dual-stack should be the focus of your implementation…but, some situations still call for tunneling • IPv6 is supported for every media/WAN type SP Cloud (Frame Relay, leased-line, broadband, MPLS, etc.)…… • Don’t assume all features for every technology are Dual IPv6-enabled Dual Stack Stack Dual Stack

http://www.cisco.com/en/US/docs/solutions/Enterprise/Branch/BrchIPv6.html

SIP Trunks H323 ICT Trunks v4 v6 v4 v6 v4

IPv4/IPv6 IPv4 Only

Jabber SRST Mobile v4 v4 Clients

Soft CUCME (SCCP Phones only) Phones v4 SCCP ISR v4 v6 v4 v6 Analogue Ports

SIP TelePresence CUBE / SIP VG Analogue Endpoints v4 v6 v4 v6 v4 v6 Gateways Gateways

Cisco Expressway C/E Newer SIP Older SCCP based Phones v4 v6 based Phones v4 v4

Older SIP based MGCP/ H323 Newer SCCP v4 v6 Gateways based Phones Phones v4 v4

SIP Trunks H323 ICT Trunks v4 v6 v4 v6 v4

IPv4/IPv6 IPv4 Only

Cisco Meetings v4 v6 v4 Cisco Server Emergency Responder

Telepresence Cisco Prime Server v4 v6 Directory v4 v4 v6 Collaboration Suite

TelePresence v4 v6 IM&P Cisco Webex Endpoints v4 v6 v4 v6 Meeting Server

Newer SIP Unified IOS based based Phones v4 v6 Contact v4 v4 v6 DHCP/ DNS Centre

• Server Platform IPv6 Address configuration • CUCM IPv6 Address configuration • CUCM IPv6 Cluster wide configuration • IPv6 Device Specific configuration parameters • Common Device configuration • SIP Trunk configuration • SIP ANAT and CUCM Trunk Operation

BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Server Ethernet Port - IPv6 Address Configuration To allow IPv6 based call processing – IPv6 must first be enabled throughout the cluster.

This involves two steps: 1) Configuring IPv6 via the OS CLI, or CUCM OS GUI on each server in the cluster (below) 2) Configuring IPv6 via the CUCM GUI Server Configuration

Server OS Admin CLI commands :

To enable IPv6 :

“set network ipv6 service enable”

To set a static IPv6 server address :

"set network ipv6 static_address "

Using the DHCPv6 client is not recommended.

To view IPv6 address settings :

“show network ipv6 settings”

ICCS

TFTP

For the CUCM service

Configure an IPv6 address or name If a name is used, DNSv6 is required

This name / IPv6 address is used by the TFTP server in the configuration files that are sent to devices. The address is used by these devices for CUCM registration.

IP Addressing Mode Preference for Media IP Addressing Mode Preference for Signalling IPv6 for Phones

Signalling Preference and Phone Configuration settings are also configurable at the device level – Device setting takes precedence

SIP Trunks

The Common Device Configuration is a configuration template that can be applied to Phones and Trunks.

For IPv6 capable devices the following values can be configured :

IP Addressing Mode: IPv4 Only - Device uses one IPv4 address only IPv6 Only - Device uses one IPv6 address only IPv4 and IPv6 - Device uses one IPv4 address & one IPv6 address

IP Addressing Mode Preference for Signalling: IPv4 only IPv6 only System Default

v4 IPv4 Only Device communicates with and understands IPv4 addresses only

v6 IPv6 Only Device communicates with and understands IPv6 addresses only

v4 v6 Dual Stack (IPv4 and IPv6) with ANAT This device communicates with and understands both IPv4 and IPv6 addresses and can also negotiate the use of either IPv4 or IPv6 for media

• v4 v6 v4 v6 Call Control CUCM 7.1(2)+ IM & P Services 10.5(1) – External Connections only e.g. federation CUBE 12.4(22)T+ CUCME 8.0+

v4 v6 v4 v6 • CUCM SIP Trunks IPv4/IPv6 signalling, ANAT for Dual stack media negotiation

IPv4 Signalling IPv6 Signalling

v4 v6 IPv4 Media SCCP Phones IPv6 Media 7906G, 7911G, 7931G 7941G, 7941GE, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G-GE, 7975G 6901, 6911, 6921 6941, 6945, 6961 v4

SIP Phones 9951, 9971, 8961, 7821, 7841, 7845 , 7861, 6922, v6 6942, 6946, 6962, 3905

Telepresence Endpoints: C20, C40, C60, C90, MX v4 v6 Series, DX Series, EX Series, SX20, SX60 v4 v6 IP Addressing Mode: (For Media and Signalling) IP Addressing Mode Preference for Signalling Phone uses one IPv4 address only IPv4 only/ IPv6 only/ System Default Phone uses one IPv6 address only Phone uses one IPv4 address and one IPv6 address IPv6 for Phones - On/© 2017 Off/ Cisco Default and/or its affiliates. All rights reserved. Cisco Public IPv6 – CUCM Phone Signaling and Media Options

IPv4 Signalling IPv6 Signalling v4 v6 IPv4 Media IPv6 is supported by the following Cisco Phones : IPv6 Media

SCCP Phones 7906G, 7911G, 7931G 7941G, 7941GE, 7942G, 7945G,

7961G, 7961GE, 7962G, 7965G, v4 v6 7970G, 7971G-GE, 7975G MTP For IP Addressing Mode mis-matches 6901, 6911, 6921 v4 v6 between Phones - CUCM inserts an 6941, 6945, 6961 v4 v6 MTP for IPv4   IPv6 conversion SIP Phones v6 MTP v4 9951, 9971, 8961, 7821, 7841, 7845 , 7861, 6922, 6942, 6946, 6962, 3905 Dual Stack Phones use the Cluster-wide

v4 v6 v4 v6 “IP Addressing mode for Media Telepresence Endpoints: Preference” to select addressing mode C20, C40, C60, C90, MX Series, (IPv4 or IPv6) for media between phones. DX Series, EX Series, SX20, SX60 v4 v6 v4 v6

BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 IPv6 and CUCM Video Calls With UC 10.0+ it is recommended that all Voice, Video and Telepresence endpoints are registered to CUCM. CUCM supports Video over IPv6 with UC 10.0 Video Calls can generate multiple media streams e.g. audio, main video, desktop sharing, far end camera control… If an MTP is inserted into the call path – up to 16 media channels can be supported for a single call (IOS release 15.3(2)T +)

SIP Trunk

Audio Main Video

Slide Video Binary Floor Control

v4 v6 Far End Camera Control v4 v6

BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 IPv6 – IP Phones - Other Signaling Options Phones use IP to interact with other CUCM services and network based services:

Phone IP addresses are sent to access switches in CDP/ LLDP Phones use IP to contact their TFTP server Phones use HTTP for Phones Services, Extension Mobility, Directory Look Ups etc

TFTP

v4 For IPv4 only CUCM and Phone deployments PUB IPv4 is used in CDP/LLDP and for TFTP and HTTP services

TFTP

v4 HTTP

CDP/LLDP v4

BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 IPv6 – IP Phones - Other Signaling Options Phones use IP to interact with other CUCM services and network based services:

Phone IP addresses are sent to access switches in CDP/ LLDP Phones use IP to contact their TFTP server Phones use HTTP for Phones Services, Extension Mobility, Directory Look Ups etc

TFTP For Dual Stack CUCM and Phone deployments v4 v6 IPv4 and IPv6 addresses are transported in CDP/LLDP PUB TFTP can use IPv4 and/or IPv6 HTTP services use IPv4 only v4 v6

TFTP

v4 v6

HTTP

CDP/LLDP

v4 v6

BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 IPv6 – CUCM Phones - Other Signaling Options Phones use IP to interact with other CUCM services and network based services:

Phone IP addresses are sent to access switches in CDP/ LLDP Phones use IP to contact their TFTP server Phones use HTTP for Phones Services, Extension Mobility, Directory Look Ups etc

TFTP For IPv6 only CUCM and Phone deployments

v4 v6 IPv6 addresses are transported in CDP/LLDP (Layer 2) PUB TFTP can use IPv6 No HTTP services are supported in IPv6 v4 v6

TFTP

IPv6 only HTTP and CDP/LLDP services will be introduced in a CDP/LLDP v6 later Phase of IPv6 development

v4 v6

v4 v6 v4 v6 VG Gateway Analog Phones

IPv4 Signalling IPv6 Signalling VG224 IPv4 Media IPv6 Media

v4 v6 v6 IOS Gateway Analog Phones

VG Analogue Gateways and IOS FXS ports can use MGCP or SCCP to register analog FXS ports (as Phones) with CUCM If Analogue Gateways use SIP – Phones connect to CUCM via a SIP Trunk and support fewer features

BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 IPv6 – CUCM SIP Gateways and SIP Trunks Signaling and Addressing Options IPv4 Signalling IPv6 Signalling v4 v6 IPv4 Media IPv6 Media

SIP Signalling

SIP based CUCM Trunks support IPv6 v4 v6

SIP based IOS Gateways support IPv6 v4 v6

IP Addressing Mode: (For Media and Signalling) IP Addressing Mode Preference for Signalling (outbound) Phone uses one IPv4 address only IPv4 only/ IPv6 only/ System Default Phone uses one IPv6 address only Phone uses one IPv4 address and one IPv6 address - Recommended Allow Auto-Configuration© 2017 Cisco for and/or Phones its affiliates. etc All rights– reserved.N/A Cisco Public IPv6 – CUCM SIP Gateways and Trunks Signaling and Media Options

IPv4 Signalling IPv6 Signalling v4 v6 IPv4 Media IPv6 Media SCCP Signalling

SIP Signalling v4 v6

MTP v4 v6 For Media addressing mis-matches CUCM inserts an MTP for IPv4   v4 v6 IPv6 conversion MTP v6 v4

Dual Stack SIP Gateways and Phones PSTN use the Cluster-wide “IP Addressing v4 v6 v4 v6 mode for Media Preference” to select addressing mode (IPv4 or IPv6) for media between phones. v4 v6 v4 v6

. Alternative Network Address Type Media lines in the Session Description Protocol (SDP) body are grouped using ANAT semantics to provide alternative types of network addresses to establish a particular media stream

. The entity creating an SDP body with an ANAT group MUST be ready to receive (or send) media over any of the grouped 'm' lines

. The identifiers of the media streams MUST be listed in order of preference in the group line

. UC Manager supports Dual-Stack SIP devices using ANAT semantics

. Mid (Media Stream Identification) . Uniquely identifies each media stream “m line” within the SDP body. . Particularly useful when multiple media streams are present.

. Group . Used for grouping together different media streams. . In ANAT context, used to group together identical media streams that use different address types. . Specifies the address preference between the two alternate address types. . All the "m" lines of a session description must be associated with a MID value to be considered for grouping.

v4 v6

SIP INVITE w/o SDP (Delayed Offer) – Supported : sdp-anat v4 v6

200 (OK) with SDP (OFFER) a=group:ANAT 2 1 m=audio 18356 RTP/AVP 0 c=IN IP4 192.0.2.1 ACK with SDP (ANSWER) a=mid:1 a=group:ANAT 2 m=audio 16462 RTP/AVP 0 m=audio 0 RTP/AVP 0 c=IN IP6 2001:0db8 bbbb::0123:45ff:fe32:191d c=IN IP4 10.10.1.1 a=mid:2 a=mid:1 m=audio 10442 RTP/AVP 0 c=IN IP6 2001:0db8:aaaa::0987:65ff:fe01:234b a=mid:2 v4 v6

ANAT allows both IPv4 and IPv6 addresses to be exchanged in the SIP Offer and SIP Answer Depending on which SIP header “sdp-anat” value is sent indicates whether ANAT is Required or Supported The SDP body of the SIP Offer can contain both an IPv4 and IPv6 address – preference is indicated in the a=group:ANAT field (using the a=mid: values associated with each address) The SDP body of the SIP Answer can contain both an IPv4 and IPv6 address – the selected address is indicated in the a=group:ANAT field (using the a=mid: values associated with each address). The UDP port number of the non- preferred IP address is set to 0 BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 Voice and Video Call - Offer SDP with ANAT group a=group:ANAT 1 2  Audio streams a=group:ANAT 3 4  Video Streams m=audio 21762 RTP/AVP 8 c=IN IP6 2001:db8:123:1:ee44:76ff:fe1f:7f5c a=rtpmap:9 PCMA/8000 a=mid:1  Audio stream with IPv6 Preference m=audio 28512 RTP/AVP 8 c=IN IP4 10.104.150.6 a=rtpmap:8 PCMA/8000 a=mid:2  Audio stream with IPv4 Preference m=video 19696 RTP/AVP 98 c=IN IP6 2001:db8:123:1:ee44:76ff:fe1f:7f5c b=TIAS:1000000 a=rtpmap:126 H264/90000 a=mid:3  Video stream with IPv6 Preference m=video 31470 RTP/AVP 98 c=IN IP4 10.104.150.6 b=TIAS:1000000 a=rtpmap:97 H264/90000 a=mid:4  Video stream with IPv4 Preference

BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 Voice and Video Call - Answer SDP with ANAT group a=group:ANAT 1  Audio Stream with IPv6 address a=group:ANAT 3  Video Stream with IPv6 address m=audio 28354 RTP/AVP 8 c=IN IP6 2001:db8:123:1:128c:cfff:fe75:8208 a=rtpmap:9 PCMA/8000 a=mid:1 m=audio 0 RTP/AVP 8 c=IN IP4 0.0.0.0 a=rtpmap:8 PCMA/8000 a=mid:2 m=video 28512 RTP/AVP 98 c=IN IP6 2001:db8:123:1:128c:cfff:fe75:8208 b=TIAS:320000 a=rtpmap:126 H264/90000 a=mid:3 m=video 0 RTP/AVP 98 c=IN IP4 0.0.0.0 a=rtpmap:97 H264/90000 a=mid:4

SIP INVITE w/o SDP (Delayed Offer) – Supported : sdp-anat v4 v6

200 (OK) with SDP (OFFER) m=audio 18356 RTP/AVP 0 c=IN IP4 192.0.2.1 ACK with SDP (ANSWER) m=audio 64244 RTP/AVP 0 c=IN IP4 10.199.199.10

v6 v4 v6

MTP

• If Early Offer is configured : “sdp-anat” is sent in the “Require :” SIP Header • If Delayed Offer is configured : “sdp-anat” is sent in the “Supported :” SIP Header • If “sdp-anat” sent in : “Require header” – far end must send both IPv4 and IPv6 addresses (MTPs are likely to be required) “Supported header” – far end should send both IPv4 and IPv6 addresses (MTPs may be required) • For Delayed Offer - If a media mismatch occurs CUCM will insert an MTP to convert from IPv4 – IPv6 BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 63 IPv6 SIP Trunks – Configuring IPv6 and ANAT

SIP INVITE w/o SDP (Delayed Offer) – Supported : sdp-anat

v4 v6 v4 v6 200 (OK) with SDP m=audio 18356 RTP/AVP 0 c=IN IP4 192.0.2.1 m=audio 16462 RTP/AVP 0 c=IN IP6 20010db8:aaaa::0987:65ff:fe01:234b

ACK with SDP v4 v6 v4 m=audio 18356 RTP/AVP 0 c=IN IP4 192.168.1.1

Common Device Configuration – Applies Addressing Mode and Signalling preference settings

Recommended Addressing Mode : IPv4 and IPv6 Recommended Trunk Configuration SIP Delayed Offer with ANAT for Voice & Video SIP Trunk with ANAT

IPv4 or IPv6 Destination Addresses

If IPv6 Destination Address is an SRV – Cluster wide DNSv6 address must be configured

SIP Profile – Applies ANAT setting

IPv6 Only SIP Trunk Addressing Mode - IPv6 Only Signalling Mode Preference – IPv6 No ANAT IPv6 Trunk destination address or server name (for signalling) SIP Delayed Offer only for Voice and Video calls

Dual Stack SIP Trunk with ANAT Addressing Mode - IPv4 and IPv6 Signalling Mode Preference – IPv4 or IPv6 ANAT Enabled IPv4 or IPv6 Trunk destination address or server name SIP Delayed Offer only for Voice and Video calls

In all cases - Determine the far end Trunk device’s capabilities : e.g. IOS Gateways : Always send SIP Early Offer - Can accept SIP Early and Delayed Offer calls. (Once the IOS SIP stack is configured as Dual Stack - ANAT is automatically enabled)

IOS IPv6 VOIP implementation Guide at http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2mt/ipv6-15-2mt-book/ip6-voip.html

BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 IPv6 – CUCM Dual Stack SIP Trunks – Delayed and Early Offer support Voice and Video Deployment Scenarios and Operation For CUCM SIP Trunks • You must use Delayed Offer on SIP Trunks for Voice and Video calls •“SIP EO for voice and video - Mandatory (insert MTP if needed)” does not support IPv6 •“SIP EO for voice and video - Best Effort (No MTP inserted)” does not support IPv6 • If “MTP Required” is used for Early Offer – Only Voice calls are supported SIP Trunk Configuration Options •Dual Stack SIP Trunk - Delayed Offer – Voice and Video •Dual Stack SIP Trunk - Early Offer – MTP Required – Voice Only • If Early Offer is configured : “sdp-anat” is sent in the “Require :” SIP Header • If Delayed Offer is configured : “sdp-anat” is sent in the “Supported :” SIP Header

• If “sdp-anat” sent in : •“Require Header” – far end must send both IPv4 and IPv6 addresses (MTPs may be required) • “Supported Hedaer ” – far end should send both IPv4 and IPv6 addresses (MTPs not required)

v4 v6 MTP Supported MTPs for IP Address Translation v6 v4 IOS H/W MTPs (NM-HDV2 with PVDM2, PVDM DSPs) and IOS

v4 v6 S/W MTPs support MTP v4 v6 IPv4   IPv6 Media Translation for devices with mis-matched media address settings – MTPs use the pass-through codec - SRTP SRTP v4 v6 Encrypted media also supported

v6 MTP v4

With IOS release 15.3(2)T – Media Termination Points support up to 16 media channels per call

SIP Trunk

Audio Main Video Slide Video v4 v6 v4 v6 Binary Floor Control Far End Camera Control © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Effect of IPv6 Enterprise Parameter Settings on MTP Selection

v4 v6

v4 v6 Cluster-wide Addressing Mode Preference for Media value = IPv4 v4 MTP v6

v4 v6

v4 v6 Cluster-wide Addressing Mode Preference for Media value = IPv6 v6 MTP v4

v4 v6

Cluster-wide Addressing Mode Preference for Media value = IPv6 v4 v6 v4 v6

CUCM IP Voice Media Streaming Service (IPVMS) v4 MOH Supports IPv4 and IPv6 Unicast MOH IPv6 Multicast MOH is not supported v4 v6 v6

CUCM IPVMS v4 ANN Supports IPv4 and IPv6 Annunciator

v4 v6

v6 Audio Conferencing resources v4 IOS conf supports IPv4 media streams only

v4 v6 v4 v6 MTP inserted to convert from IPv6 to IPv4 CUCM conf supports IPv4 and IPv6 v6 MTP CONF

v4 v6 IOS based Audio Transcoding resources XCODE Supports IPv4 & IPv6 media streams v6 v4

v4 v6

TLS TLS

SRTP v4 v6 SRTP

MTP • CUCM supports Encrypted calls between IP Phones, v6 v4 Gateways and over CUCM Trunks.

SRTP

• IPv6 capable IP Phones, SIP Trunks SIP/SCCP Gateways v6 v4 v6 and use TLS and SRTP SRTP

v4 v6 v4 v6 • MTPs can be dynamically inserted for IPv4 <-> IPv6 conversion of encrypted voice media. MTPs use the SRTP pass-through codec to transparently pass SRTP streams.

SIP Trunks H323 ICT Trunks v4 v6 v4 v6 v4 IPv4/IPv6 IPv4 Only

Jabber Mobile v4 v4 SRST Clients

Soft Phones v4 ISR v4 v6 v4 v6 CUCME (SCCP Phones Only) Analogue Ports

SIP CUBE / SIP VG Analogue TelePresence v4 v6 v4 v6 v4 v6 Gateways Endpoints Gateways

Newer SIP Older SCCP Cisco based Phones v4 v6 based Phones v4 v4 Expressway C/E

SIP Trunks H323 ICT Trunks v4 v6 v4 v6 v4 IPv4/IPv6 IPv4 Only

Jabber For Dual Stack deployments Mobile SRST Clients v4 MTPs are not required as v4 CUCM will select the common addressing type Soft for media Phones i.e. IPv4 v4 v4 v6 v4 v6 CUCME (SCCP Phones Only)

SIP TelePresence CUBE / SIP Endpoints v4 v6 v4 v6 v4 v6 Gateways

Newer SIP Cisco based Phones v4 v6 v4 v4 Expressway C/E

SIP Trunks H323 ICT Trunks v4 v6 v4 v6 v4

IPv4/IPv6 IPv4 Only

Cisco Cisco Meetings v4 v6 v4 Emergency Server Responder

Telepresence Cisco Prime Server v4 v6 Directory v4 v4 v6 Collaboration Suite

Cisco Webex TelePresence v4 v6 IM&P Meeting Server Endpoints v4 v4 v6

IOS based Newer SIP Unified DHCP/ DNS based Phones v4 v6 Contact v4 v4 v6 Centre Newer SCCP Unity Unity based Phones v4 v6 Express v4 v4 v6 Connection © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public IPv6 – Dual Stack Deployments - Applications

SIP Trunks H323 ICT Trunks v4 v6 v4 v6 v4

IPv4/IPv6 IPv4 Only

Cisco For Dual Stack Cisco Meetings v4 v6 deployments MTPs are v4 Emergency Server not required as CUCM will Responder select the common Telepresence addressing type for media Cisco Prime i.e. IPv4 Server v4 v6 v4 v4 v6 Collaboration Suite

TelePresence Cisco Webex v4 v6 Meeting Server Endpoints v4 v4 v6

IOS based Newer SIP based Phones v4 v6 v4 v4 v6 DHCP/ DNS

SIP Trunk

v4 v6 v4 v6

IPv4 & IPv6 WAN

Supported Dual Stack Deployment Models • Single Site Call Processing • Multiple Site Distributed Call Processing • Multiple Site Centralized Call Processing • SRST Supports IPv4 only today – Dual Stack Phones fail-over to IPv4 for SRST Call Admission Control (CAC) • Use CUCM Locations based CAC • CUCM Locations based CAC accounts for IPv6 bandwidth overhead (20 additional bytes per packet )

v4 IPv4 v4 v4 v6 WAN v4 v6 v4v4 v4 v6 v4

PSTN v4 v6 v4

• Single Site Deployment Model for dual stack deployment • Separate Dual Stack CUCM cluster connected to production IPv4 only cluster • IPv4 WAN between clusters • IPv4 Trunk between clusters • In the Dual Stack cluster - IPv4 or Dual Stack for Phones and Gateways • Dual Stack IP Phones – Addressing Mode set to IPv4 and IPv6 • Signaling Preference IPv6

v4 IPv4 & IPv6 v4 v6

WAN v4 v6 v4 v4 v6 v6 v4 v6

v4 v6 v4 v6

v4 PSTN SRST v4 v6 v4 v6 v4 v6

• Multiple Site Centralized Call Processing • Single Dual Stack CUCM cluster with multiple dual stack remote sites • Dual Stack WAN • IPv4 or Dual Stack Phones and Gateways • Dual Stack IP Phones – Addressing Mode set to IPv4 and IPv6 • Signaling Preference IPv6, Cluster-wide Media preference (IPv6) • Locations based Call Admission Control • IPv6 voice and video support • Note – SRST supports IPv4 only – Dual stack Phones revert IPv4 in SRST mode BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 81 IPv6 Deployment Options – Multiple Dual Stack Clusters

v4 IPv4 & IPv6 v4 WAN v4 v4 v6 v6 v4 v4 v6 v6 v4 v6 v4 v6

PSTN v4 v6 v4 v6 v4 v6 v4 v6

• Multi Site Distributed Call Processing Deployment Model • Multiple Dual Stack CUCM clusters connected via a Dual Stack WAN • IPv4 or Dual Stack Phones and Gateways • IPv4 and IPv6 WAN between clusters • Dual Stack IP Phones – Addressing Mode set to IPv4 and IPv6 • Inter Cluster SIP trunks – Dual stack, Delayed Offer, ANAT Enabled • Signaling Preference IPv6, Cluster-wide Media preference set to IPv6 • Locations based Call Admission Control • IPv6 voice and video supported BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 82 Agenda

• Demand for IPv6 only UC networks is increasing…

• Today – Dual Stack is your best approach for Cisco Collaboration

• CTG are planning to deliver broader “IPv6 only” support across our collaboration products this year Recommended Reading

• Collaboration SRND

• http://www.cisco.com/c/en/us/solutions/enterprise/unified-communication-system/index.html

• IPv6 for UC Whitepaper

• http://www.cisco.com/c/en/us/solutions/enterprise/ipv6-collaboration/index.html

• Cisco Press Books • “Deploying IPv6 Networks” • “Cisco Self Study – Implementing Cisco IPv6 Networks” • “IPv6 Security” - Scott Hogg, Eric Vyncke

• Please complete your Online Session Evaluations after each session • Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt • All surveys can be completed via the Cisco Live Mobile App or the Don’t forget: Cisco Live sessions will be available Communication Stations for viewing on-demand after the event at CiscoLive.com/Online

LTRSEC-3004 Advanced IOS IPSec VPN with FlexVPN hands-on Lab Tue 09:00:00 BRKIP6-2616 Addressing Networking challenges with latest Innovations in IPv6 Tue 11:15:00 Lunch and Learn: BRKRST-2337 OSPF Deployment in Modern Networks Tue 11:15:00 • IPv6 in the Enterprise: Tue 13:00 BRKEWN-2010 Design and Deployment of Enterprise WLANs Tue 14:15:00 BRKSEC-2501 Deploying AnyConnect SSL VPN with ASA5500 Tue 14:15:00 • All Things IPv6: Wed 13:00 LTRRST-2005 Introductory - LISP Cloud extension, VPN and DC Mobility Tue 14:15:00 BRKRST-2116 Intermediate - IPv6 from Intro to Intermediate Tue 14:15:00 BRKRST-2022 IPv6 Routing Protocols Update Tue 16:45:00 Experiment with IPv6-only WiFi: BRKSPG-2061 IPv6 Deployment Best Practices for the Cable Access Network Wed 09:00:00 SSID: CL-NAT64 BRKRST-3045 LISP - A Next Generation Networking Architecture Wed 09:00:00 WPA passphrase: cl-nat64 LABSPG-7122 Advanced IPv6 Routing and services lab Wed 09:00:00 BRKSEC-3200 Advanced IPv6 Security Threats and Mitigation Wed 11:30:00 SLAAC + stateless DHCP BRKIPM-2239 Multicast and Segment Routing Wed 14:30:00 NAT64 included to access legacy BRKIP6-2002 IPv6 for the World of IoT Wed 16:30:00 LABIPM-2007 Intermediate - IPv6 Hands on Lab Thu 09:00:00 BRKSEC-3003 Advanced IPv6 Security in the LAN Thu 11:30:00 Ask all World of Solutions exhibitors for BRKRST-2336 EIGRP Deployment in Modern Networks Thu 11:30:00 their IPv6 support  LABSPG-7122 Advanced IPv6 Routing and services lab Thu 14:00:00 BRKRST-2045 BGP operational security best practices Thu 14:30:00 BRKCOL-2020 IPv6 in Enterprise Unified Communications Networks Thu 14:30:00 DevNet Zone: IPv6 Content Networking LABIPM-2007 Intermediate - IPv6 Hands on Lab Fri 09:00:00 BRKRST-2301 Intermediate - Enterprise IPv6 Deployment Fri 09:00:00 + ask other demos BRKSPG-2602 IPv4 Exhaustion: NAT and Transition to IPv6 for Service Providers Fri 11:30:00

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions

Appendix Jabber – IPv6 Only CSR 11.5

DNS64, NAT64 and MRA Operation Drivers for Jabber IPv6 Only development Announcment by Apple of IPv6 Only support https://developer.apple.com/news/?id=08282015a “Supporting IPv6 in iOS 9 August 28, 2015 At WWDC 2015 we announced that iOS 9 will support IPv6-only network services. All apps submitted to the App Store must support IPv6 starting in early 2016. To make sure your app is compatible, use the networking frameworks (e.g., “NSURLSession”), avoid use of IPv4-specific APIs, and avoid hard-coded IP addresses. Before submitting your app, test for compatibility.”

Jabber platforms supporting IPv6 Only : Desktop : Windows, Mac Mobile : iOS, Android, Windows

DNS Record Type Entry Resolves To ACME.COM SRV Record _collab-edge._tls.acme.com Expressway E.acme.com A Record Expressway E.acme.com 200.100.1.1

SRV Query _collab-edge._tls.acme.com Expressway E.acme.com Src 10.10.1.1 Src 200.100.1.1 A Query Expressway E.acme.com Dst 10.10.1.100 Dst 10.10.1.1 DNS 200.100.1.1

CUCM Expressway C Expressway E

10.10.1.100 10.10.1.1 200.100.1.1 Establish TLS connection Src 140.160.80.1 Dst 200.100.1.1 140.160.80.1

DNS Record Type Entry Resolves To ACME.COM SRV Record _collab-edge._tls.acme.com Expressway E.acme.com AAAA Record Expressway E.acme.com NULL A Record Expressway E.acme.com 200.100.1.1

AAAA Expressway E.acme.com AAAA Query Expressway E.acme.com NULL Synthesize IPv6 Address Src 10.10.1.1 Src 200.100.1.1 A Expressway E.acme.com Dst 10.10.1.100 Dst 10.10.1.1 DNS 200.100.1.1 DNS64 64:FF9B::200.100.1.1

CUCM Expressway C Expressway E IANA Well Known Prefix 64:FF9B::/96

10.10.1.100 10.10.1.1 200.100.1.1 2001:0ABC::0A:0B:0C:01

DNS64 uses the IANA assigned Well Know Prefix 64:FF9B::/96 to synthesize an IPv6 address from an IPv4 address.

The last 32 bits of the IPv6 address use the IPv4 address values to create the IPv6 Host ID in Hex (Hex values not shown for simplicity)

ACME.COM

Src 10.10.1.1 Src 200.100.1.1 Dst 10.10.1.100 Dst 10.10.1.1 Src 2001:0ABC::0A:0B:0C:01 Dst 64:FF9B::200.100.1.1

CUCM Expressway C Expressway E X

10.10.1.100 10.10.1.1 200.100.1.1 2001:0ABC::0A:0B:0C:01

ACME.COM

Src 10.10.1.1 Src 200.100.1.1 Src 110.101.11.10 Src 2001:0ABC::0A:0B:0C:01 Dst 10.10.1.100 Dst 10.10.1.1 Dst 200.100.1.1 Dst 64:FF9B::200.100.1.1

CUCM Expressway C Expressway E

NAT64 10.10.1.100 10.10.1.1 200.100.1.1 2001:0ABC::0A:0B:0C:01 IPv4 Address Advertise 110.101.11.10 Well Known Prefix 64:FF9B::/96

NAT64 router advertises Well Known Prefix 64:FF9B::/96 Uses Stateful NAT64 (Similar to PAT) NAT64 does not translate embedded/ literal IP addresses e.g. In SIP headers, SDP etc (NAT64 is not an ALG and in any case cannot decrypt TLS signalling) BRKCOL-2020 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 98 IPv6 Jabber - Expressway behaviour – IPv6 in SDP

ACME.COM NAT64 does not translate embedded/ literal IP addresses in SIP headers and SDP

Expressway E and C as B2BUAs, decrypt TLS signalling and replace embedded IPv6 addresses with their IPv4 address

If an MTP is not inserted, CUCM does not modify the IP addresses sent in SDP as part of the Offer and Answer for media negotiation

CUCM Expressway C Expressway E

NAT64 10.10.1.100 10.10.1.1 200.100.1.1 2001:0ABC::0A:0B:0C:01

Src 10.10.1.1 Src 200.100.1.1 Src 110.101.11.10 Src 2001:0ABC::0A:0B:0C:01 Dst 10.10.1.100 Dst 10.10.1.1 Dst 200.100.1.1 Dst 64:FF9B::200.100.1.1 SIP headers 10.10.1.1 SIP headers 200.100.1.1 SIP headers 2001:0ABC::0A:0B:0C:01 SIP headers 2001:0ABC::0A:0B:0C:01 SDP 10.10.1.1 SDP 200.100.1.1 SDP 2001:0ABC::0A:0B:0C:01 SDP 2001:0ABC::0A:0B:0C:01

Src 20.20.2.200 Src 20.20.2.2 Src 200.200.3.3 Src 64:FF9B::ABCD.22FF.FE11.1234 Dst 20.20.2.2 Dst 200.200.3.3 Dst 111.111.10.10 Dst 2001:FDFD::D0:E0:F0:01AB SIP headers 20.20.2.200 SIP headers 20.20.2.2 SIP headers 200.200.3.3 SIP headers 200.200.3.3 SDP 10.10.1.1 SDP 20.20.2.2 SDP 200.200.3.3 SDP 200.200.3.3

CUCM 2 Expressway C 2 Expressway E 2

111.111.10.10 NAT64 64:FF9B::ABCD.22FF.FE11.1234 20.20.2.200 20.20.2.2 200.200.3.3 RTP 2001:FDFD::D0:E0:F0:01AB Dst 64:FF9B::200.200.3.3

CUCM 1 Expressway C 1 Expressway E 1

110.101.11.10 NAT64 64:FF9B::/96 10.10.1.100 10.10.1.1 200.100.1.1 2001:0ABC::0A:0B:0C:01

Src 200.200.3.3 Src 111.111.10.10 Src 2001:FDFD::D0:E0:F0:01AB Dst 20.20.2.2 Dst 200.200.3.3 Dst 64:FF9B::200.200.3.3

CUCM 2 Expressway C 2 Expressway E 2

111.111.10.10 NAT64 64:FF9B::ABCD.22FF.FE11.1234 20.20.2.200 20.20.2.2 200.200.3.3 64:FF9B::/96 2001:FDFD::D0:E0:F0:01AB

Media Flows through Expressway C & E

CUCM 1 Expressway C 1 Expressway E 1

110.101.11.10 NAT64 64:FF9B::EBBE.11FF.FE22.5678 10.10.1.100 10.10.1.1 200.100.1.1 64:FF9B::/96 2001:0ABC::0A:0B:0C:01

Src 10.10.1.1 Src 200.100.1.1 Src 64:FF9B::EBBE.11FF.FE22.5678 Dst 200.100.1.1 Dst 110.101.11.10 Dst 2001:0ABC::0A:0B:0C:01