Ipv6 Seminar – Part3

IPv6 Seminar – Part3

Jean-Marc Barozet [email protected] IOS Technology Group

April, 2011

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Planning & Deployment Summary Campus Deployment Datacenter Deployment Self Deployed WAN SP Managed WAN

1 Identify the highest priority IPv6-critical areas in your network

2 Perform IPv6 Assessment on high priority areas to determine scope

3 Develop a design that enables IPv6 without disrupting your IPv4 network

4 Test and implement in pilot mode, then extend over time into production

• Establish the network • Transport considerations starting point for integration • Importance of a network • Internet Edge (ISP, Apps) assessment and available tools • Campus IPv6 integration • Build a pilot or lab environment options • Obtain addressing or use ULA • Data Center integration options or documentation prefix (in lab) • WAN IPv6 integration options • Learn the basics (DNS, routing • Execute on gaps found in changes, address assignment) assessment

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Campus • Based on Timeframe/Use case Block • Core-to-Edge – Fewer things to touch • Edge-to-Core – Challenging but doable • Internet Edge – Business continuity Internet DC DC/Campus Edge Core DC Aggregation Access ISP ISP

WAN

Servers

Branch Branch

Tunneling Services Connect Islands of IPv6 or IPv4 IPv4 over IPv6 IPv6 over IPv4

Business Partners Translation Services Government Agencies IPv6 International Sites Connect to the IPv6 Remote Workers community IPv4 Internet consumers

IPv4 Core Dual Stack Core Dual Stack Core Dual Stack Core Dual Stack

6rd BR LNS Core AFTR 4rd BR 6↔4 NAT + NAT v6 Access v4 or DS 4rd IPv4 Access or L2TP 6rd IPv6 Access over over Network Network v4 v6 -

PE Lite PE

NAT CE CE CE CE Subscriber Subscriber Subscriber Subscriber Subscriber Network Network Network Network Network

Carrier Grade NAT IPv6 Rapid Deployment Native IPv6-Only Access Network IPv6-Only Subscriber Dual Stack

Preserve Prepare Prosper © 2011 Cisco and/or its affiliates. All rights reserved. For more info see: http://www.cisco.com/go/cgv6 Cisco Confidential 10 Planning & Deployment Summary Campus Deployment Datacenter/Internet Edge Deployment Self Deployed WAN SP Managed WAN

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Dual-Stack IPv4/IPv6 IPv6/IPv4 Dual Stack Hosts • Dual Stack = Two protocols running at the same time (IPv4/IPv6) Access • #1 requirement—switching/ routing Layer platforms must support hardware based L2/L3 forwarding for IPv6 Distribution 3560/3750 + Layer v6- v6- 4500 Sup6E + Enabled Enabled Dual Stack Dual Stack 6500 Sup32/720 + Dual Stack

• v6- v6- Core Layer IPv6 is transparent on L2 switches but Enabled Enabled consider: L2 multicast—MLD snooping

IPv6 management—Telnet/SSH/HTTP/SNMP Aggregation v6- v6- Layer (DC) Intelligent IP services on WLAN Enabled Enabled

• Expect to run the same IGPs as with IPv4 Access Layer (DC)

Dual-stack Server

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Hybrid Model IPv6/IPv4 Dual Stack Hosts • Plan “B” if Layer 3 device can’t support IPv6 but you have to get IPv6 over it Access • Offers IPv6 connectivity via multiple options Layer ISATAP Dual-stack ISATAP L2/L3 Configured tunnels—L3-to-L3 Distribution ISATAP—Host-to-L3 Layer NOT v6- NOT v6- • Leverages existing network Enabled Enabled • Offers natural progression to full dual-stack design v6- v6- Core Layer • May require tunneling to Enabled Enabled less-than-optimal layers Dual Stack Dual Stack (i.e. core layer) • Any sizable deployment will be an Aggregation operational management challenge v6-Enabled v6-Enabled Layer (DC) • ISATAP creates a flat network (all hosts on same tunnel are peers) Access Layer (DC) • Provides basic HA of ISATAP tunnels via old Anycast-RP idea Dual-stack Server

VLAN 2 VLAN 3 IPv4-only • Provides ability to rapidly deploy IPv6 Campus services without touching existing Block network ISATAP Access • Provides tight control of where IPv6 is Layer deployed and where the traffic flows (maintain separation of groups/ locations) IPv6 Service Block • Get lots of operational experience with Dist. Layer 2 limited impact to existing environment – Dedicated FW Ideal for Pilot • Similar challenges as Hybrid Model – Lots of tunneling Core • Configurations are very similar to the Layer Internet Hybrid Model ISATAP tunnels from PCs in access layer to service block switches (instead of core layer—Hybrid) • 1) Leverage existing ISP block for both IPv4 and IPv6 access Agg IOS FW Layer • 2) Use dedicated ISP connection just for IPv6—Can use IOS FW or PIX/ASA Access appliance Layer

Primary ISATAP Tunnel 1 WAN/ISP Block Secondary ISATAP Tunnel Data Center Block

• Enable IPv6 Bridging per VLAN on the Controller (centralized deployment is recommended) Access Points

• Traffic isolation throughout the Access campus achieved via LWAPP Layer LWAPP* encapsulates original Ethernet frames and transport them across L3 Distribution boundaries Layer

• VLANs is valid from the AP to the

WLAN Controller Core Layer

Wireless Controller

*LWAPP: Lightweight Access Point Protocol

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 • Route/Switch design will be similar to campus based on feature, platform and connectivity similarities – Nexus, 6500 4900M

• The single most overlooked and potentially complicated area of IPv6 deployment

• Stuff people don’t think about: NIC Teaming, iLO, DRAC, IP KVM, Clusters Innocent looking Server OS upgrades – Windows Server 2008 - Impact on clusters – Microsoft Server 2008 Failover clusters full support IPv6 (and L3)

• Internet-facing Data Center

• Most of the internal and Internet DC considerations are the same

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Biggest Challenges Today • Application support for IPv6 – Know what you don’t know If an application is protocol centric (IPv4): Needs to be rewritten Needs to be translated until it is replaced Wait and pressure vendors to move to protocol agnostic framework

• Deployment of translation NAT64 (Stateful for most enterprises) Apache Reverse Proxy Windows Port Proxy 3rd party proxy solutions

• Network services above L3 (A short-term challenge) SLB, SSL-Offload, application monitoring (probes) Application Optimization High-speed security inspection/perimeter protection

• Windows 7 • VMware vSphere 4.1

• Windows Server 2008/R2 • Microsoft Hyper-V

• SUSE • Microsoft Exchange 2007 SP1/2010 • Red Hat • Apache/IIS Web Services • Ubuntu • Windows Media Services • The list goes on • Multiple Line of Business apps

Most commercial applications won’t be your problem – it will be the custom/home-grown apps

V6-only Hosting/ IPv4 ISP ISP End User CDN Content

4 6

6 4

An enterprise with a critical Internet presence, must perform their own dual-stacking or translation…. Short term, not much traffic (so load-balancing not as critical for v6), but longer term full SLB 4<->6 or 6<->6 will be necessary… 60% moving to v6 by 2012…

IPv6 IPv6 IPv6 Internet Internet Internet

IPv6 IPv6 IPv6 -Apache -MSFT PortProxy IPv4 IPv4 IPv4

IPv4-only Host IPv4-only Host IPv4-only Host

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 • Two flavors – Stateless and Stateful draft-ietf-behave-v6v4-xlate-xx (and others associated with that draft) draft-ietf-behave-v6v4-xlate-stateful-xx

• Stateless – Not your friend in the enterprise (corner case deployment) 1:1 mapping between IPv6 and IPv4 addresses (i.e. 254 IPv6 hosts-to-254 IPv4 hosts) Requires the IPv6-only hosts to use an “IPv4 translatable” address format

• Stateful – What we are after for translating IPv6-only hosts to IPv4-only host(s) It is what it sounds like – keeps state between translated hosts Several deployment models (PAT/Overload, Dynamic 1:1, Static, etc…) This is what you will use to translate from IPv6 hosts (internal or Internet) to IPv4-only servers (internal DC or Internet Edge)

Enterprise Subscribers Provider IP NGN Internet Datacenters

Private NAT44 IPv4

IPv6 IPv4 IPv4

IPv6 IPv6 XX Millions of IPv6 GGSN Smartphones by 2014 (3G & 4G) IPv6 Moves out to Subscribers IPv6

Private NAT44 IPv4

IPv6 IPv4 IPv4

IPv6 IPv6 XX Millions of IPv6 GGSN Smartphones by 2014 (3G & 4G) IPv6 Moves out to Subscribers IPv6

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 At a concept level … enable customer to load balance IPv6 client traffic HTTP/s services that are resolved to IPv6 addresses.

Enable ACE-30 and ACE4710 to 1 comply with IPv6 base profiles for network devices from DISR and Cisco Arch. Guidelines

Catalyst Enable Management of IPv6 over IPv4 IPv4-to-IPv4 2 interface functionality ACE through ACE 1 • CLI on Module/Appliance • DM for ACE 4710 • ANM for ACE-30 and

2 IPv6-to-IPv6 Serverfarm ACE-4710 ANM 3 Enable load balancing of IPv6 3 servers with i. Sticky ii. ACLs iii. Health checks

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 A dual-stack approach to IPv6 enables ACE to support all deployment models (NAT, Bridge Mode) with minimal loss of performance for IPv4 traffic.

Server Farm –V4 Server Farm – V6 • IPv6 on ACE (Earth Release) – Q4/CY11

• Virtual Dual Stack

• ALL Deployment Models One Arm Two Arm Routed • L3 V6-V6 SLB DSR Bridged IPv4-to-IPv4 • CLI/Configuration Consistency with IPv4 IPv6-to-IPv6 • Proxy Solution with NAT feature (supports v6/v4 front-end <-LB-> v4/v6 back-end)

• No IPv6 Management

• Solution used by Cisco IT for the World IPv6 IPv4 Clients IPv6 Clients Day – June, 8

• SW version: 4.1 • FCS: 4QCY2011

Key GSS 4.1 IPv6 Features SLB 4.1 Key IPv6 Features Datacenter A

GSS - AAAA support (DNS Record for Network IPv6) - IPv6 proximity & Sticky - KAL User 2001:0DB8:AC10:FE01::

SLB

Datacenter B

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Netstat - Client TCP [2001:db8:beef:10::16]:54640 [2001:db8:cafe:12::5]:80 ESTABLISHED TCP [2001:db8:beef:10::16]:54641 [2001:db8:cafe:12::5]:80 ESTABLISHED 2001:db8:beef:10::16 Netstat - Proxy Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 10.121.11.125:40475 10.121.11.60:80 ESTABLISHED 2001:db8:cafe:12::5 tcp 0 0 10.121.11.125:40476 10.121.11.60:80 ESTABLISHED tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54640 ESTABLISHED tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54641 ESTABLISHED 10.121.11.125 Apache One-Arm

Apache Dual-Attached Netstat - Server TCP 10.121.11.60:80 10.121.11.125:40475 ESTABLISHED TCP 10.121.11.60:80 10.121.11.125:40476 ESTABLISHED

IPv4-only Web Server

ProxyPass / http://10.121.11.60:80/ ProxyPassReverse / http://10.121.11.60:80/ © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 . Can be treated like an appliance One-arm 2001:db8:cafe:12::25 Dual-attached (better perf) 10.121.12.25 . Outside traffic comes in PortProxy One-Arm on IPv6—PortProxy to VIP=10.121.5.20 v4 (VIP address on ACE) ACE PortProxy Dual-Attached . Traffic is IPv4 to server

IPv4-only Web Server

ISP 1 USA ISP 1 POP1 POP2 ISP 1 ISP2

IPv6 Default IPv4-only Route BGP Tunnel BGP

Enterprise Enterprise Enterprise

ISP3 ISP4 Your ISP may not have IPv6 at the local POP Europe

MPLS MPLS MPLS MPLS MPLS WAN

• Dual-Stack if native IPv6 – Tunnels otherwise • Site to site Encryption: IPSec VPN (IPv4/IPv6), DMVPN for IPv6 • Security: IOS Firewall (IPv4/IPv6) • Unified Communications – IPv4/IPv6 • QoS: application or service-dependent instead of protocol (IPv4 or IPv6) dependent. • Application Performance Visibility: Flexible Netflow, NBAR2, IP SLA, Performance Monitoring, …

Dual Stack IPv4 MPLS IPv4 Core WAN WAN

Customer Customer Subscriber Network Network Network

Dual Stack IPv4/IPv6 6VPE Core Using Tunnels (Recommended)CE CE (Recommended) Manually configured tunnels IPv6 over GRE Dual Stack CPEs Dual Stack IPv4 / IPv6 LISP Dual Stack Headquarters VPN Service IPSecCarrier Tunnels Grade NAT IPv6 Rapid Deployment Dual Stack WAN IPv6-Only Subscriber Dynamic Multipoint VPN (DMVPN)

For more info see: http://www.cisco.com/go/cgv6 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 Internet • Cisco routers have supported IPv6 for a long time • Dual-stack should be the focus of your implementation. • Support for every media/ WAN type you want to use (Frame Relay, leased-line,

Enterprise broadband, MPLS, etc…) Backbone

IPv6/IPv4 Network MPLS IPv4 Backbone IPv6/IPv4 Network

10.1.1.0/24 10.1.2.0/24 2001:db8:beef:1::/64 P 2001:db8:beef:2::/64 200.10.10.1 P 200.11.11.1

IPv4 IPv4 VRF VRF IPv4 IPv6 MPLS IPv6 CE1 6VPE1 6VPE2 CE2 172.16.1.0.0/30 172.16.3.0/30 2001:db8:cafe:1::/64 P P 2001:db8:cafe:3::/64

. 6VPE uses existing IPv4 MPLS infrastructure to provide IPv6 VPN Core uses IPv4 control plane (LDPv4, TEv4, IGPv4) . PEs must support dual stack IPv4+IPv6 . Offers same architectural features as MPLS-VPN for IPv4 RTs, VRFs, RDs are appended to IPv6 to form VPNv6 address MP-BGP distributed both VPN address families BGP NH uses IPv4 to IPv6 mapped address format ::ffff:A.B.C.D . VRF can contain both VPNv4 and VPNv6 routes . Solution suitable for IPv6 support to enterprises and government with VPN

LISP encapsulated ETR/ ITR CE Internet IPv4

IPv6 IPv6

Subscribers Provider Subscribers

• LISP is an alternative to connect islands of IPv6 network over IPv4 network infrastructure • No change to existing IPv4-based access infrastructure, allow to transport IPv6 over existing IPv4 architecture (Broadband, cable, Mobile …) • Service components: • Managed CE router at customer premise: performing ITR/ETR function • SP infrastructure component: hosted Map Resolver, Map Servers

v6 IPv4 Enterprise IPv4 island Core Internet xTR IPv4 Needs: Enterprise v6 xTR Core . Rapid IPv6 Deployment island v4 v6 v6 . Minimal Infrastructure disruption

LISP Solution: IPv6 Transition Support v6 . LISP encapsulation is Address Family agnostic PxTR v4 v6 IPv6 interconnected over IPv4 core IPv4 Core IPv6 Internet IPv4 interconnected over IPv6 core v6 service IPv4 xTR Internet Benefits: v6 . Accelerated IPv6 adoption IPv6 Access Support v6 home xTR Network . Minimal added configurations v4 v6 v6 PxTR . No core network changes v6 home v6 Network PxTR IPv4 xTR v6 site access & . . Can be used as a transitional or permanent Internet . PxTR solution IPv6 Internet v6 home xTR Network

Internet Client-based SSL Client-based IPSec

ASA 8.3

MPLS MPLS MPLS MPLS MPLS MPLS WAN

MPLS Internet MPLS Internet

MPLS + Internet WAN

Internet Internet Internet

Internet WAN

MPLS pseudowire IPv4 Internet MPLS IPv4 Core or VPLS

Customer Customer Subscriber Network Network Network

Using Tunnels Using L2 Pseudowires 6VPE Core CE CE

IPSec Tunnels L2 VPN Services both Dual Stack IPv4 / IPv6 Dynamic Multipoint VPN (DMVPN) IPv4 and IPv6 traffic VPN Service

Carrier Grade NAT IPv6 Rapid Deployment IPv6-Only Subscriber

PE VPN A Customer A ISP head office MPLS-VPN Service Cable/DSL/ Wifi / 3G VPN B Remote Users/ IPSec / SSL Telecommuters Aggregator PE AnyConnect 3.x Cable/DSL/ Customer B Wifi / 3G

IP IPSec or Session IP, MPLS or Layer 2 based VPN IP

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 • Using tunnel interface only (ASWAN w/ crypto-map not used anymore) Multipoint GRE (mGRE) tunnels - Single mGRE interface supports all spokes (many logical tunnels) Next Hop Resolution Protocol (NHRP) - Resolves Private IPv6 address to Public IPv4 NBMA address IP Security (IPSec) - Optional encryption on mGRE tunnel

• DMPVPN allows full or partial mesh Managed VPN Service

• Future: IPv6 on IPv6 with Windows Client and PI15 All IPv6 over IPv4 with FlexVPN in PI18 – Beginning 2012

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44 • Application Performance monitoring is a great differentiator for IPv6 • IPv6 support added as part of Flexible NetFlow (metering) and NetFlow v9 (exporting) Monitors the IPv6 traffic. • Export is over an IPv4 Transport • Exporting: NetFlow version 9 Advantages: extensibility Integrate new technologies/data types quicker (MPLS, IPv6, BGP next hop, etc.) Integrate new aggregations quicker Note: for now, the template definitions are fixed • Metering: Flexible NetFlow Advantages: cache and export content flexibility User selection of flow keys User definition of the records

TNF FNF FNF TNF ASR9000 Catalyst 6K Cisco 12000 Cisco Catalyst 6K Series CRS-1 Cisco 4500 Cisco 4500 Sup2T 7600 Series < Sup2T ASIC ASIC Cisco 7x00 ASR1000 Sup7 <= Sup5 Series QFP based TNF: Traditional NetFlow NO FNF support Hardware limitation FNF: Flexible NetFlow Access DataCenter

FNF Cisco IOS Software Releases FNF Catalyst 3750X TNF FNF TNF FNF TNF FNF Next Gen Cat3K FNF TNF FNF TNF FNF FNF TNF Cat 6K FNF Cisco 7200/ ASR1000 Cisco 2800 Cisco 3800 Catalyst 29xx Sup2T Cisco 18002900 7300 Series QFP based 3900 Catalyst 3750 Nexus 7000 Cisco 8001900 Series Series NO FNF support Series Series Hardware limitation Nexus 1000V

Monitor 1 Application DPI (NBAR2)

Application ID MQC/QOS

Record 1 WAAS Express PfR

MediaNet PerfMon

• Provide Application visibility in Flexible NetFlow Identity

• Available on ISR/ISRG2/7200 (IOS 15.0(1)M) NAT

• Available on ASR1K – IOS XE 3.1.1S IOS Services

Innovations IOS NBAR Classification of IPv6 Native traffic +150 signatures NBAR2 Classification of Nested IPv6 traffic Open API 3rd party integration..

. Next Generation DPI engine for Cisco platforms that will provide advanced application classification and fields extraction capabilities.

• Protocol Pack & Licensing Protocol Pack is a set of protocol signatures and tunables that can be loaded dynamically on any NBAR2 platforms. Allow non-disruptive upgrade of signatures independently of the OS image.

• Advanced Classification Techniques Support of IPv4, IPv6 and nested traffic (IPv6 transition method, GTP, L2TP,..) Leverage classification techniques from SCE (Multi-Packet, Lately Use, Behavioral,.) Simplification of policies with the classification by category/sub-category/attributes • Open API for 3rd party Business Logic Integration • Supported in IOS Classic, IOS XE and Linux appliances

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49 • NBAR2 allows network managers to detect native IPv6 traffic as well as IPv6 traffic encapsulated in IPv4 in their network, in order to apply QOS policies and to enable advanced IPv6 reporting. • NBAR2 can detect IPv6 in IPv4 traffic Support of ISATAP, 6to4, Teredo, Generic IPv6 in IPv4 Supported on ISR-G2 (15.1(4)M) and ASR1K (IOS XE 3.3.0S)

• Statefull Application classification for native IPv6 traffic Supported on ISR-G2 (15.2(2)T) and ASR1K (IOS XE 3.5.0S)

• Statefull Application classification IPv6 in IPv4 Traffic Supported on ISR-G2 (15.2(2)T) and ASR1K (IOS XE 3.5.0S) • Advanced Integration with Flexible NetFlow IPv6 Supported on ISR-G2 (15.2(2)T) and ASR1K (IOS XE 3.5.0S)

IPv4 Backbone Network PE PE IPv6 CE P P ISATAP www.mycompany.com Router

JCLabs06#sh ip nbar protocol-discovery

Last clearing of "show ip nbar protocol-discovery" counters 02:22:58 User has ISATAP started on his Input Output computer. He starts a HTTP session ------with www.mycompany.com, which is Protocol Packet Count Packet Count reachable through IPv6 Byte Count Byte Count 5min Bit Rate (bps) 5min Bit Rate (bps) 5min Max Bit Rate (bps) 5min Max Bit Rate (bps) ------isatap-ipv6-tunneled 7184 7302 513776 474146 1000 1000 1000 4000

IPv4 Backbone Network PE PE IPv6 CE P P ISATAP www.mycompany.com Router

JCLabs06#sh ip nbar protocol-discovery

Router configured to classify Last clearing of "show ip nbar protocol-discovery" counters 02:22:58 within ISATAP tunnel Input Output ------Protocol Packet Count Packet Count Byte Count Byte Count JCLabs06(config)# ip nbar classification tunneled-traffic ? 5min Bit Rate (bps) 5min Bit Rate (bps) 6rd Tunnel type 6RD 5min Max Bit Rate (bps) 5min Max Bit Rate (bps) 6to4 Tunnel type 6TO4 ------isatap Tunnel type ISATAP http 7184 7302 teredo Tunnel type TEREDO 513776 474146 JCLabs06(config)#ip nbar classification tunneled-traffic isatap 1000 1000 JCLabs06(config)# 1000 4000

IPv4

NAT64 www.mycompany.com router

JCLabs06#sh ip nbar protocol-discovery

Last clearing of "show ip nbar protocol-discovery" counters 02:22:58 User has native IPv6 on his computer. He starts a HTTP session Input Output with www.mycompany.com ------Protocol Packet Count Packet Count Byte Count Byte Count 5min Bit Rate (bps) 5min Bit Rate (bps) 5min Max Bit Rate (bps) 5min Max Bit Rate (bps) ------http 7184 7302 513776 474146 1000 1000 1000 4000

IPv4

NAT64 www.mycompany.com router

JCLab06# sh flow monitor APPIPv6 cache format table

Cache type: Permanent Cache size: 4096 Current entries: 7 High Watermark: 7

Flows added: 7 Updates sent ( 1800 secs) 1

IPV6 SOURCE ADDRESS IPV6 DESTINATION ADDRESS APPLICATION NAME counter bytes long 2A01:E35:8ABF:9510:FA1E:DFFF:FEE1:E789 2A01:E35:8ABF:9510:222:55FF:FEE6:BA98 http 1933

IPv4 IPv6 Network IPv4

IPSLA Sender IPSLA Responder

IPv4 over IPv6 Tunnel

• Operations supported for IPv6: UDP-Jitter, UDP-Echo, ICMP Echo, TCP-Connect

• On: 12.2(33)SB C10K,C7200,C7300 Series 12.2(33)XNA ASR 1000 Series 12.2(33)SRC C7600 Series 12.4(20)T ISR Series

• For all other operations, use IPv4 tunneling

WAN

Internet WAAS VPN

WAAS Branch Office Express

IPv6 Radar – CY12

HTTP(S) HTTP(S) HTTP(S)

Cat65xx/C76xx NAM NAM Appliance ISR NAM WAAS NAM NAM SRE Virtual Blade

SPAN ERSPAN RSPAN NDE CEF VACL WAAS Packet Capture Flow Copy Agent

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58 IPv6 Discovery Service Guidance in the early stages of considering a transition to IPv6

IPv6 Assessment Service Determine how your network needs to change to support your IPv6 strategy

IPv6 Planning and Design Service Designs, transition strategy, and support to enable a smooth migration

IPv6 Implementation Service Validation testing and implementation consulting services

Network Optimization Service Absorb, manage, and scale IPv6 in your environment

A Phased-Plan Approach for Successful IPv6 Adoption

IPv6 std, extended, reflexive & IPv6 (RFC 2460) Cisco VSA AAA enhanced extended ACL, ICMPv6 (RFC 2463) IPsec AH parsing Radius AAA (RFC 3162) Secure Neighbor Discovery (RFC 2461) PPPoA, PPPoE, RBE and ATM IPv6 IPsec – OSPFv3 Stateless Auto-Configuration 1483 encapsulations authentication, site-to-site Anycast tunnel, DMVPN DHCPv6 Prefix Delegation CEFv6/dCEFv6 (RFC3633), DHCPv6 Relay IPv6 Firewall uRPF Strict & Loose Mode Individual AddressDHCP (RFC CEFv6 Switched Tunnels 3315) Integration HSRP & GLBP for IPv6 Generic Prefix Default Router Selection Configured & Automatic Tunnels (RFC 2893) 6to4 (RFC 3056 & 3068) MLDv1, v2, Access Group IPv6 over GRE/IPv4 (Pr. SW) PIMv2 SM, SSM, Bi-Dir IPv6 over MPLS (6PE) PIM Embedded RP IPv6 VPN over MPLS (6VPE) IPv6 MC over IPv4 tunnels ISATAP Scope Boundaries Static mRoutes NAT-PT (RFC 2765 & 2766) Group range IP over IPv6 Tunnels, DMVPN Telnet, TFTP, DNS resolver, HTTP(s), BSR, Ping, Traceroute, SSH, NTPv4, SLA Cisco IP & IP-Forwarding MIBs RIPng Flexible Netflow for IPv6 OSPFv3 graceful restart, fast conv SNMP over IPv6 IS-IS & MT IS-IS for IPv6 EIGRP for IPv6 Syslog over IPv6 MP-BGP IPv6 Unicast CNS Agents, Config logger, Netconf, MIPv6 Home Agent MP-BGP IPv6 Multicast SOAP, TCL Lite Authentication Policy© 2011 Cisco Based and/or its affiliates.Routing All rights reserved. NEMO Cisco Confidential 60 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61 Comprehensive Feature set IPv6 Routing IPv6 Forwarding  Routing Protocol :  Unicast and Multicast in HW OSPFv3, EIGRPv6, BGPv6  Upto 512K IPv6 routes  VRF-aware services (w/ –XL LC)  Upto 960 Mpps (7018 and w/8x10GE-XL)

IPv6 Traffic Visibility IPv6 HA  IPv6 Ingress Netflow  ISSU  Flexible Netflow  NSR:OSPFv3, EIGRPv6, BGPv6  IPv6 Interface stats, counters  HSRPv6

IPv6 QoS IPv6 Multicast  IPv6 Classification, policing,  MLDv2 queueing  PIM-SSM, PIM-Bidir  IPv6 PBR, PBR set VRF  BSR

IPv6 Mgmt and Apps IPv6 Security  DHCPv6  IPv6 CoPP  SNMP, Syslog, DNS(AAA),NTPv4,  IPv6 ACL FTP, Telnet, SSH, NetConf  uRPF, TrustSec (802.1ae w/ v6)  ICMPv6  MIBs

• Get timely answers to your technical questions

• Find relevant technical documentation Documents Blogs • Engage with over 200,000 top technical experts Ask the Expert Video

• Seamless transition from discussion to TAC Service Request (Cisco Mobile Discussions customers and partners only)

• Visit the Cisco Support Community booth in the World of Solutions for more information The Cisco Support Community is your one-stop supportforums.cisco.com community destination from Cisco for sharing current, real-world technical support knowledge with peers supportforums.cisco.mobi and experts.

• New/Updated IPv6 Enterprise Sites: http://www.cisco.com/go/ipv6 http://www.cisco.gom/go/entipv6

• IPv6 Addressing Guide http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/ Smart_Business_Architecture/BN_Enterprise_IPv6_Addressing_Guide_H2CY10.pdf

• Cisco Smart Business Architecture (SBA Enterprise): http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns982/ landing_sBus_archit.html

• Cisco Network Designs: http://www.cisco.com/go/designzone

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64 • Deploying IPv6 in Campus Networks (Just updated): http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/CampIPv6.html

• Deploying IPv6 in Branch Networks (Just updated): http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns816/ landing_br_ipv6.html

• SRND: Deploying IPv6 in Unified Communications Networks http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/ipv6/ipv6srnd.html

• IOS IPv6 VOIP implementation Guide http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6_voip.pdf

• DNS and BIND, 5th Edition, by Cricket Liu and Paul Albitz, O'Reilly Media, May 2006

• RFC 3596: DNS Extensions to Support IP Version 6, by S. Thomson, C. Huitema, V. Ksinant, and M. Souissi, October 2003 (format: TXT=14093 bytes) (obsoletes RFC 3152 and RFC 1886) (status: Draft Standard)

Deploying IPv6 in Broadband Networks Adeel Ahmed, Salman Asadullah ISBN0470193387, John Wiley & Sons Publications®