DOCSLIB.ORG

Enterprise Ipv6 Deployment Tim Martin CCIE #2020 BRKRST-2301

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Enterprise Ipv6 Deployment Tim Martin CCIE #2020 BRKRST-2301 Enterprise IPv6 Deployment Tim Martin CCIE #2020 BRKRST-2301 @bckcntryskr Agenda • General Design • Host Configuration • Campus Design • Data Center • Translation Techniques • Internet Edge • Conclusion General Design Project Planning for IPv6 Deployment Create a project team, assign a PM Identify business value & impacts Assess equipment & applications for IPv6 Begin training & develop training plan Develop the architectural solution Obtain a prefix and build the address plan Define an exception process for legacy systems Update the security policy Deploy IPv6 trials in the network Test and monitor your deployment Enterprise IPv6 Guidance • Updated White Paper – Cisco.com • RFC 7381 Enterprise IPv6 Guidlines • No Major change to 2/3 Tier Architecture Access Distribution Si Core Distribution Access WAN Data Center Internet Global Address Assignment • /32 given to ISP (/29 in some geo’s) • ISP assigns /48 to customers IANA • 65,536 customers could receive /48 • /48 is the smallest route advertised in DFZ Registries RIR • 2001:db8:4646:xxxx::/64 • xxxx = subnets in your domain LIR ISP ORG EntityLevel FourSubordinate Global Address Assignment • /32 given to ISP (/29 in some geo’s) PA • ISP assigns /48 to customers 2000::/3 IANA • 65,536 customers could receive /48 • /48 is the smallest route advertised in DFZ Registries /12 RIR • 2001:db8:4646:xxxx::/64 • xxxx = subnets in your domain LIR ISP /32 ORG EntityLevel FourSubordinate /48 Global Address Assignment • /32 given to ISP (/29 in some geo’s) PA PI • ISP assigns /48 to customers 2000::/3 IANA 2000::/3 • 65,536 customers could receive /48 • /48 is the smallest route advertised in DFZ Registries /12 /12 RIR • 2001:db8:4646:xxxx::/64 /32 • xxxx = subnets in your domain LIR ISP /32 ORG /48 EntityLevel FourSubordinate /48 /48 Multi-national Model • PA or PI from each region you operate in • Coordination of advertised space within each RIR, policy will vary • Most run PI from primary region Building the IPv6 Address Plan • Methods • Follow IPv4 (/24 only), Organizational, Location, Function based • Hierarchy is key (A /48 example) • Bit twiddle's dream (16 bit subnet strategy) • 4 or 8 bits = (16 or 256) Regions (states, counties, agencies, etc..) • 4 or 8 more bits = (16 or 256) Sub Levels within those Regions • 4 more bits = (16) Traffic Types (Admin, Guest, Telephony, Video, etc..) • Cisco IPv6 Addressing White Paper • www.cisco.com/go/ipv6 • Avoid Monotonical Assignments • (1000, 2000, 3000, etc.) vs. Sparse (0000, 4000, 8000, c000 ) Prefix Length Considerations Hosts • Anywhere a host exists /64 /64 Core /64 or /127 • Point to Point /127 • Should not use all 0’s or 1’s in the host portion Pt 2 Pt • Nodes 1&2 are not in the /127 same subnet Servers • Loopback or Anycast /128 /64 Loopback WAN /128 • RFC 7421 /64 is here • RFC 6164 /127 cache exhaust Where do I start? Access • Core-to-Access – Gain experience with v6 Layer • Access-to-Core – Securing and monitoring Internet • Internet Edge – Business continuity Edge ISP ISP Campus Core WAN Servers Branch Access Where do I start? Access • Core-to-Access – Gain experience with v6 Layer • Access-to-Core – Securing and monitoring Internet • Internet Edge – Business continuity Edge ISP ISP Campus Core WAN Servers Branch Access Where do I start? Access • Core-to-Access – Gain experience with v6 Layer • Access-to-Core – Securing and monitoring Internet • Internet Edge – Business continuity Edge ISP ISP Campus Core WAN Servers Branch Access Where do I start? Access • Core-to-Access – Gain experience with v6 Layer • Access-to-Core – Securing and monitoring Internet • Internet Edge – Business continuity Edge ISP ISP Campus Core WAN Servers Branch Access Dual Stack Mode • Preferred Method, Versatile, Scalable and Highest Performance • No Dependency on IPv4, runs in parallel on dedicated HW • No tunneling, MTU, NAT or performance degrading technologies • Does require IPv6 support on all devices Access Distribution Core Aggregation Access Layer Layer Layer Layer (DC) Layer (DC) IPv6/IPv4 Dual-stack Hosts IPv6/IPv4 Dual-stack Server IPv4 & IPv6 Combined • Should we use both on the same link at Layer 3? • Separate links, possibly to collect protocol specific statistics • Routing protocols OSPFv3, EIGRP combined or separate? • Fate sharing between the data and control planes per protocol Internet IPv4 & IPv6 OSPFv3 IPv4 & IPv6 2001:db8:1:1::/64 2001:db8:6:6::/64 EIGRP 198.51.100.0/24 192.168.4.0/24 Infrastructure using Link Local Addressing • Topology hiding, Interfaces cannot be seen by off link devices • Reduces routing table prefix count, less configuration • Need to use ULA or GUA for generating ICMPv6 messages • What about DNS?, Traceroute, WAN Connections, etc.. • RFC7404 – Details pros and cons ULA/GUA Internet fe80::/64 ULA/GUA fe80::/64 ULA/GUA WAN/MAN ULA/GUA fe80::/64 ULA/GUA Unique Local Address (ULA) • Automatic Prefix Generation (RFC 4193) non sequential /48, M&A challenges • To be avoided in most cases, draft-ietf-v6ops-ula-usage-recommendations-05 • Caution with older OS’s (RFC 3484) using ULA & IPv4 • Multiple policies to maintain (ACL, QoS, Routing, etc..) Global Internet 2001:db8:cafe::/48 Corporate Backbone Branch 2 ULA Space fd9c:58ed:7d73::/48 Global – 2001:db8:cafe::/48 fd9c:58ed:7d73:3000::/64 fd9c:58ed:7d73::2::/64 2001:db8:cafe:3000::/64 To NAT or NOT • NAT allows for client/server model, difficult to deploy peer-to-peer • UDP/TCP only, ALG’s & protocol fixups, what about SCTP & DCCP.. • IETF does NOT recommend the use of NAT66 w/IPv6 • NAT ≠ Firewall – RFC 4864 (Local Network Protection) • Wait, who did what – RFC 6269 (Issues with IP address sharing) NAT-PT, NAT66, NPTv6, NAT64 Firewall+NAT Internet Host Configuration & Behavior IPv6 Host Portion Address Assignment Similar to IPv4 New in IPv6 Manually configured State Less Address Auto Configuration SLAAC EUI64 Assigned via DHCPv6 SLAAC Privacy Addressing * Secure Neighbor Discovery (SeND) Address, Which Address? • Link Local (fe80::/10) is required for any device with IPv6 enabled • At least 2 addresses per interface for global connectivity • Majority of access layer devices will have LL as their Default Gateway DfG W Host Addresses Router Addresses Ethernet B8:E8:56:1A:2B:3C Ethernet 02:00:0C:3A:8B:18 IPv6 Link Local fe80::b8e8:56ff:fe1a:2b3c IPv6 Link Local fe80::46:1 IPv6 Global 2001:db8:1:46:a1b2:c:3:d4e5 IPv6 Global 2001:db8:1:46::1 Default Gwy. fe80::46:1 RA Prefix 2001:db8:1:46::/64 RA Provisioning Type: 134 (RA) Code: 0 • M-Flag – Stateful DHCPv6 to acquire IPv6 address Checksum: 0xff78 [correct] • O-Flag – Stateless DHCPv6 in addition to SLAAC Cur hop limit: 64 ∞ Flags: 0x84 • Preference Bits – Low, Med, High 1… …. = Managed (M flag) .0.. …. = Not other (O flag) • Router Lifetime – Must be >0 for Default ..0. …. = Not Home (H flag) …0 1… = Router pref: High • Options - Prefix Information, Length, Flags Router lifetime: (s)1800 Reachable time: (ms) 3600000 • L bit –Host installs the prefix as On Link Retrans timer: (ms) 1000 ICMPv6 Option 3 (Prefix Info) • A bit – Set to 0 for DHCP to work properly Prefix length: 64 ∞ Flags: 0x80 1… …. = On link (L Bit) RA .1.. …. = No Auto (A Bit) Prefix: 2001:0db8:4646:1234::/64 Host Address Acquisition C:\Documents and Settings\>netsh netsh>interface ipv6 netsh interface ipv6>show address Querying active state... Interface 5: Local Area Connection Addr Type DAD State Valid Life Pref. Life Address --------- ---------- ------------ ------------ ----------------------------- Public Preferred 29d23h58m25s 6d23h58m25s 2001:0db8:2301:1:202:8a49:41ad:a136 Temporary Preferred 6d21h48m47s 21h46m 2001:0db8:2301:1:bd86:eac2:f5f1:39c1 Link Preferred infinite infinite fe80::202:8a49:41ad:a136 netsh interface ipv6>show route Querying active state... Publish Type Met Prefix Idx Gateway/Interface Name ------- -------- ---- ------------------------ --- --------------------- no Autoconf 8 2001:0db8:2301:1::/64 5 Local Area Connection no Autoconf 256 ::/0 5 fe80::20d:bdff:fe87:f6f9 DHCPv6 • Source – FE80::1234, Destination - FF02::1:2 SOLICIT (any servers) • Client UDP 546, Server UDP 547 ADVERTISE (want this address) • DUID – Different from v4, used to identify clients REQUEST (I want that address) • ipv6 dhcp relay destination 2001:db8::feed:1 REPLY (It’s yours) DHCPv6 Server 2001:db8::feed:1 DHCPv6 • Source – FE80::1234, Destination - FF02::1:2 SOLICIT (any servers) • Client UDP 546, Server UDP 547 ADVERTISE (want this address) • DUID – Different from v4, used to identify clients REQUEST (I want that address) • ipv6 dhcp relay destination 2001:db8::feed:1 REPLY (It’s yours) DHCPv6 Relay DHCPv6 Solicit DHCPv6 Server 2001:db8::feed:1 Client Provisioning DHCPv6 & SLAAC • How about both.. Reality for the foreseeable future • SLAAC address tracking, Radius Accounting, Syslog, CAM table Scrapes • Microsoft wont support RDNSS in RA’s • DHCPv6 Challenges, MAC Address for Reservations, Inventory, Tracking • Android doesn’t support DHCPv6 • Understand the Implications of Switching Methods DHCPv6 • Inconsistent amongst the OS’s Server Internet A B C Disabling Privacy Addresses • Enable DHCPv6 via the M flag • Disable auto configuration via the A bit in the Prefix Info option • Enable Router preference to high • Enable DHCPv6 relay interface fastEthernet 0/0 ipv6 address 2001:db8:1122:acc1::/64 eui-64 ipv6 nd managed-config-flag ipv6 nd prefix default no-autoconfig ipv6 nd router-preference high ipv6 dhcp relay destination 2001:db8:add:café::1 Campus Design First Hop Router Redundancy RA • Neighbor Unreachability Detection Reach-time • Rudimentary
Load more

Recommended publications
  • Performance Analysis and Comparison of 6To4 Relay Implementations
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 4, No. 9, 2013 Performance Analysis and Comparison of 6to4 Relay Implementations Gábor Lencse Sándor Répás Department of Telecommunications Department of Telecommunications Széchenyi István University Széchenyi István University Győr, Hungary Győr, Hungary Abstract—the depletion of the public IPv4 address pool may delegated the last five “/8” IPv4 address blocks to the five speed up the deployment of IPv6. The coexistence of the two Regional Internet Registries in 2011 [3]. Therefore an versions of IP requires some transition mechanisms. One of them important upcoming coexistence issue is the problem of an is 6to4 which provides a solution for the problem of an IPv6 IPv6 only client and an IPv4 only server, because internet capable device in an IPv4 only environment. From among the service providers (ISPs) can still supply the relatively small several 6to4 relay implementations, the following ones were number of new servers with IPv4 addresses from their own selected for testing: sit under Linux, stf under FreeBSD and stf pool but the huge number of new clients can get IPv6 addresses under NetBSD. Their stability and performance were investigat- only. DNS64 [4] and NAT64 [5] are the best available ed in a test network. The increasing measure of the load of the techniques that make it possible for an IPv6 only client to 6to4 relay implementations was set by incrementing the number communicate with an IPv4 only server. Another very important of the client computers that provided the traffic. The packet loss and the response time of the 6to4 relay as well as the CPU coexistence issue comes from the case when the ISP does not utilization and the memory consumption of the computer support IPv6 but the clients do and they would like to running the tested 6to4 relay implementations were measured.
    [Show full text]
  • Deploying Ipv6 in Fixed and Mobile Broadband Access Networks
    Deploying IPv6 in Fixed and Mobile Broadband Access Networks Tomás Lynch – Ericsson Jordi Palet Mar8nez – Consulintel Ariel Weher – LACNOG Agenda (1/2) • IPv6 in Broadband Networks – Where are we? • IPv6 TransiHon Mechanisms for Broadband Networks • IPv6 Prefix Assignment • Deployment of IPv6 in Mobile Broadband Networks • Deployment of IPv6 in PPPoE & IPoE Networks • Deployment of IPv6 in Cable Networks Agenda (2/2) • Current IPv6 Deployments in Broadband Access Networks • Other Systems Involved in IPv6 Deployment • IPv6 TransiHon Planning • Useful Documents • Conclusions IPv6 in Broadband Networks Where Are We? IPv4 Yes, the IPv4 pool IPv4 with NAT But we can use IPv4 and NAT!!! Yeah, right … IPv6 Why IPv6? Move to IPv6 Now! New Business Operaonal OpportuniHes Needs Allows continuous growth Simplify service of Internet business providers operations Ready for Cloud and M2M IPv4 Address (moving towards 50 billion) Depletion Increasing government New business models regulations requiring IPv6 deployment IPv6 Readiness – No Excuses! › Laptops, pads, mobile phones, dongles, CPEs: Ready! – OS: 90% of all Operating systems are IPv6 capable – Browsers are ready! – Mobile devices: Android, IOS6, LTE devices are ready! – Mobile Apps: More than 85% with IPv6 support – CPEs: More than 45% support IPv6 IPv6 Traffic is Growing – No Excuses! In LACNIC23, May 2015 • Peru 13% • World 6% Source: Google IPv6 StasHcs - 8/16/2015 So ISP what are you doing? • You may have IPv6 in your backbone: – Dual stack backbone, 6PE, 6VPE – Easy stuff! • Loopbacks, IGP (yes, ISIS is great), we love to configure BGP! – If not, what are you waiHng for? • What about your customers? – Mobile broadband: customers change their phone more quickly than their clothes, easy stuff but those GGSN licenses are killing me.
    [Show full text]
  • Ipv6-Only Deployment in Broadband and Cellular Networks Ipv4 As-A-Service
    IPv6-only Deployment in Broadband and Cellular Networks IPv4 as-a-Service LACNIC31 May, 2019 Punta Cana, DO @JordiPalet ([email protected]) - 1 Transition / Co-Existence Techniques • IPv6 has been designed for easing the transition and coexistence with IPv4 • Several strategies have been designed and implemented for coexisting with IPv4 hosts, grouped in three categories: – Dual stack: Simultaneous support for both IPv4 and IPv6 stacks – Tunnels: IPv6 packets encapsulated in IPv4 ones • This has been the commonest choice • Today expect IPv4 packets in IPv6 ones! – Translation: Communication of IPv4-only and IPv6- only. Initially discouraged and only “last resort” (imperfect). Today no other choice! • Expect to use them in combination! - 2 Dual-Stack Approach • When adding IPv6 to a system, do not delete IPv4 – This multi-protocol approach is familiar and well-understood (e.g., for AppleTalk, IPX, etc.) – In the majority of the cases, IPv6 is be bundled with all the OS release, not an extra-cost add-on • Applications (or libraries) choose IP version to use – when initiating, based on DNS response: • if (dest has AAAA record) use IPv6, else use IPv4 – when responding, based on version of initiating packet • This allows indefinite co-existence of IPv4 and IPv6, and gradual app-by-app upgrades to IPv6 usage • A6 record is experimental - 3 Dual-Stack Approach IPv6 IPv6 IPv4 IPv4 Application Application Application Application TCP/UDP TCP/UDP TCP/UDP IPv6 IPv6 IPv4 IPv4 IPv6-only stack Dual-stack (IPv4 & IPv6) IPv4-only stack IPv6
    [Show full text]
  • Guidelines for the Secure Deployment of Ipv6
    Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks NIST Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Dr. Patrick D. Gallagher, Director GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-119 Natl. Inst. Stand. Technol. Spec. Publ. 800-119, 188 pages (Dec. 2010) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.
    [Show full text]
  • Deploy CGN to Retain Ipv4 Addressing While Transitioning to Ipv6
    White Paper Deploy CGN to Retain IPv4 Addressing While Transitioning to IPv6 The IANA ran out of IPv4 addresses to allocate in February 2011, and the Regional Internet Registries (RIR) will have assigned most of their addresses by the end of 2011. The world is faced with the fundamental problem of IPv4 address space exhaustion. There is a huge demand for IP addresses resulting from the explosive growth of mobile devices, including smartphones, portable gaming consoles, tablets, laptops and netbooks, and machine-to- machine modules. Figure 1 shows the expected growth in mobile phones alone. The number of mobile subscribers is expected to be 4.5 billion by 2014. Figure 1. Expected Mobile Phone Growth (in Millions) (Source: IDC) Preserve IPv4 Addressing with CGN Service providers are looking for ways to extend the use of the IPv4 addresses they have during their transition to IPv6. IPv4 addresses are still valid and ubiquitous, and not everyone is using IPv6 yet, so the two addressing schemes will coexist for a long time. Although new IPv4 addresses are not available, there is a short-term alternative that ensures your business continuity. That alternative is Carrier Grade NAT (CGN), a solution that service providers can employ today to extend their use of IPv4 addresses. The extension is achieved in two ways: IPv4 addresses are extended because they are translated from many private addresses to one public address. The extension is also a time extension–-service providers can continue using IPv4-only networks for a while. Cisco’s approach to help customers as they transition to IPv6 is to “Preserve, Prepare and Prosper.” CGN helps customers “Preserve” the present mode of operation.
    [Show full text]
  • Implications of Large Scale Network Address Translation (NAT)
    Implications of Large Scale Network Address Translation (NAT) A BROADBAND INTERNET TECHNICAL ADVISORY GROUP TECHNICAL WORKING GROUP REPORT A Near-Uniform Agreement Report (100% Consensus Achieved) Issued: March 2012 Copyright / Legal Notice Copyright © Broadband Internet Technical Advisory Group, Inc. 2012. All rights reserved. This document may be reproduced and distributed to others so long as such reproduction or distribution complies with Broadband Internet Technical Advisory Group, Inc.’s Intellectual Property Rights Policy, available at www.bitag.org, and any such reproduction contains the above copyright notice and the other notices contained in this section. This document may not be modified in any way without the express written consent of the Broadband Internet Technical Advisory Group, Inc. This document and the information contained herein is provided on an “AS IS” basis and BITAG AND THE CONTRIBUTORS TO THIS REPORT MAKE NO (AND HEREBY EXPRESSLY DISCLAIM ANY) WARRANTIES (EXPRESS, IMPLIED OR OTHERWISE), INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE, OR TITLE, RELATED TO THIS REPORT, AND THE ENTIRE RISK OF RELYING UPON THIS REPORT OR IMPLEMENTING OR USING THE TECHNOLOGY DESCRIBED IN THIS REPORT IS ASSUMED BY THE USER OR IMPLEMENTER. The information contained in this Report was made available from contributions from various sources, including members of Broadband Internet Technical Advisory Group, Inc.’s Technical Working Group and others. Broadband Internet Technical Advisory Group, Inc. takes no position regarding the validity or scope of any intellectual property rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this Report or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights.
    [Show full text]
  • Ipv6 Transition Strategies
    IPv6 Transition Strategies Philip Smith <[email protected]> MENOG 14 Dubai 1st April 2014 Last updated 5th March 2014 1 Presentation Slides p Will be available on n http://thyme.apnic.net/ftp/seminars/ MENOG14-IPv6-Transition.pdf n And on the MENOG14 website p Feel free to ask questions any time Introduction Why should we care? 3 “The times, They are a’ changin’” IPv4 All Gone! Source: ipv4.potaroo.net (Jan 2014) 4 Is IPv4 really running out? p Yes! n IANA IPv4 free pool ran out on 3rd February 2011 n RIR IPv4 free pool will run out soon after n www.potaroo.net/tools/ipv4/ p (depends on RIR soft-landing policies) p The runout gadgets and widgets are now watching when the RIR pools will run out: n inetcore.com/project/ipv4ec/index_en.html n ipv6.he.net/statistics/ 5 Strategies available for Service Providers p Do nothing n Wait and see what competitors do n Business not growing, so don’t care what happens p Extend life of IPv4 n Force customers to NAT n Buy IPv4 address space on the marketplace p Deploy IPv6 n Dual-stack infrastructure n IPv6 and NATed IPv4 for customers n 6rd (Rapid Deploy) with native or NATed IPv4 for customers n 464XLAT with native IPv6 and NATed IPv4 for customers n Or other combinations of IPv6, IPv4 and NAT 6 Definition of Terms 7 Dual-Stack Networks p Both IPv4 and IPv6 have been fully deployed across all the infrastructure n Routing protocols handle IPv4 and IPv6 n Content, application, and services available on IPv4 and IPv6 p End-users use dual-stack network transparently: n If DNS returns IPv6 address for domain
    [Show full text]
  • Ipv6-Only Deployment in Broadband and Cellular Networks Ipv4aas (As-A-Service)
    IPv6-only Deployment in Broadband and Cellular Networks IPv4aaS (as-a-Service) LACNIC 32 / LACNOG 2019 October, 2019 Panamá @JordiPalet ([email protected]) - 1 Transition / Co-Existence Techniques • IPv6 has been designed for easing the transition and coexistence with IPv4 • Several strategies have been designed and implemented for coexisting with IPv4 hosts, grouped in three categories: – Dual stack: Simultaneous support for both IPv4 and IPv6 stacks – Tunnels: IPv6 packets encapsulated in IPv4 ones • This has been the commonest choice • Today expect IPv4 packets in IPv6 ones! – Translation: Communication of IPv4-only and IPv6- only. Initially discouraged and only “last resort” (imperfect). Today no other choice! • Expect to use them in combination! - 2 Dual-Stack Approach • When adding IPv6 to a system, do not delete IPv4 – This multi-protocol approach is familiar and well-understood (e.g., for AppleTalk, IPX, etc.) – In the majority of the cases, IPv6 is be bundled with all the OS release, not an extra-cost add-on • Applications (or libraries) choose IP version to use – when initiating, based on DNS response: • if (dest has AAAA record) use IPv6, else use IPv4 – when responding, based on version of initiating packet • This allows indefinite co-existence of IPv4 and IPv6, and gradual app-by-app upgrades to IPv6 usage • A6 record is experimental - 3 Dual-Stack Approach IPv6 IPv6 IPv4 IPv4 Application Application Application Application TCP/UDP TCP/UDP TCP/UDP IPv6 IPv6 IPv4 IPv4 IPv6-only stack Dual-stack (IPv4 & IPv6) IPv4-only
    [Show full text]
  • Configuring IP Address Sharing in a Large Scale Network: DNS64/NAT64
    DEPLOYMENT GUIDE Version 1.4 IMPORTANT: This guide has been archived. While the content in this guide is still valid for the products and version listed in the document, it is no longer being updated and may refer to F5 or 3rd party products or versions that have reached end-of-life or end-of-support. See https://support.f5.com/csp/article/K11163 for more information. Configuring IP Address Sharing in a Large Scale Network: DNS64/NAT64 Archived Table of Contents Table of Contents Configuring IP address sharing in a large scale network ........................................................... 1 Product versions and revision history ................................................................................. 1 Configuring the BIG-IP LTM for the private IPv4 network ...................................................... 2 Creating the SNAT Pool .........................................................................................................2 Supporting NAT with active FTP mode (optional) ........................................................... 5 Configuring the BIG-IP LTM for global IPv6 with DNS64 and NAT64 ................................. 7 Configuring the BIG-IP LTM for DNS64 ............................................................................. 8 Configuring the BIG-IP LTM for NAT64 ........................................................................... 12 Creating the IPv6 network virtual server ......................................................................... 14 Supporting NAT with active FTP mode
    [Show full text]
  • ETSI White Paper on Ipv6 Best Practices, Benefits, Transition
    ETSI White Paper No. 35 IPv6 Best Practices, Benefits, Transition Challenges and the Way Forward First edition – August 2020 ISBN No. 979-10-92620-31-1 ETSI 06921 Sophia Antipolis CEDEX, France Tel +33 4 92 94 42 00 [email protected] www.etsi.org Contributing organizations and authors CAICT Zhiruo Liu China Telecom Chongfeng Xie, Cong Li Cisco Patrick Wetterwald, Pascal Thubert, Francois Clad Hewlett-Packard Enterprise Yanick Pouffary Huawei Giuseppe Fioccola, Xipeng Xiao, Georgios Karagiannis, Shucheng(Will) Liu KPN Eduard Metz Luxembourg University Latif Ladid PT Telecom Jose Cananao, Jose Palma Post Luxembourg Sébastien Lourdez Telefonica Luis M. Contreras IPv6 Best Practices, Benefits, Transition Challenges and the Way Forward 2 Contents Contributing organizations and authors 2 Contents 3 Executive Summary 6 1 Background 8 1.1 Why should IPv6 become a priority again? 8 1.2 Goals of this White Paper 9 2 IPv6 progress in the last 5 years 10 2.1 Devices supporting IPv6 10 2.2 Content (web sites, cloud services) supporting IPv6 11 2.3 Networks supporting IPv6 12 2.4 Number of IPv6 users 12 2.5 Amount of IPv6 traffic 13 2.6 IPv6 standardization progress 14 3 IPv6 service design for Mobile, Fixed broadband and enterprises 14 3.1 IPv6 transition solutions from operator perspective 15 3.1.1 For IPv6 introduction 16 3.1.2 For IPv6-only service delivery 17 3.2 IPv6 prefix and address assignment at the CPEs 22 3.2.1 For MBB UEs 23 3.2.2 For FBB RGs 23 3.2.3 For Enterprise CPEs 23 3.3 IPv6 Packet Transport 24 3.4 IPv6 deployment inside enterprise
    [Show full text]
  • RFC 8683: Additional Deployment Guidelines for NAT64/464XLAT In
    Stream: Internet Engineering Task Force (IETF) RFC: 8683 Category: Informational Published: November 2019 ISSN: 2070-1721 Author: J. Palet Martinez The IPv6 Company RFC 8683 Additional Deployment Guidelines for NAT64/464XLAT in Operator and Enterprise Networks Abstract This document describes how Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers (NAT64) (including 464XLAT) can be deployed in an IPv6 network -- whether it's cellular ISP, broadband ISP, or enterprise -- and the possible optimizations. This document also discusses issues to be considered when having IPv6-only connectivity, such as: a) DNS64, b) applications or devices that use literal IPv4 addresses or non-IPv6-compliant APIs, and c) IPv4- only hosts or applications. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8683. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. Palet Martinez Informational Page 1 RFC 8683 NAT64/464XLAT Deployment November 2019 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document.
    [Show full text]
  • Campus Networking in the Post Ipv4 Exhaustion World (PDF)
    Campus Networking In The Post IPv4 Exhaustion World Alan Whinery - U. Hawaii System I2 Tech Exchange San Francisco October 17, 2017 (Join SSID: IPv6 Solutions, find something it won’t do) Join The “IPv6 Solutions” SSID ● This is an “IPv6 Only” network ○ Meaning that clients only have IPv6 connectivity to the Internet ○ Even though they have local-wire IPv4 addresses, any IPv4 that appears on the wire is translated into IPv6 and sent to a NAT64 ● Running DNS64/464XLAT ○ A means of providing IPv4 As A Service ● It’s meant to demonstrate IPv6 actually solving a real-world problem ○ Bet you didn’t see that coming. A Brave New World (and not a little Huxley-esque) ● IPv4 Address Supply From RIRs Has Run Out ○ You can be on a long waiting list ○ You can seek to buy from someone who has too many ○ Even if you can buy addresses, doesn’t mean you can use them ● There are industries for which revenue depends on the perpetuation of IPv4 ○ IPv4 brokers ○ Carrier Grade NAT vendors ● BYOD and IoT (BYOT) are still driving growth of your address corpus ○ Corpus = the addresses you need to have alive at a given moment ● In 2017, the North American IPv6 Summit consensus seemed to be ○ That the idea of IPv6-only networks is coming of age ○ That going forward, working solutions are an important goal Your Options ● Buy more IPv4 space ○ Will undoubtedly appreciate for a few years, then depreciate ○ Exhaust/buy more ○ Remember when a /16 was an inexhaustible pool? ● Build bigger and bigger v4 NAT networks ○ support growth in NAT going forward ○ On the pro
    [Show full text]