Ipv6 Tunneling
Total Page:16
File Type:pdf, Size:1020Kb
IPv6 Tunneling Vladimir Settey © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 • IPv6 only IPv6 is the only protocol operating in the network • Dual Stack IPv4 and IPv6 operates in tandem over shared or dedicated links • Tunneling over IPv4 and MPLS IPv6 is confined to the edge of the IPv4 / MPLS core • Protocol Translation (NAT64, NAT46, DNS64, etc.) Allow IPv6-only devices to communicate with IPv4-only devices © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Dual Stack App IPv4 + IPv6 Edge IPv6 + IPv4 Core IPv4 and/or IPv4 edge CE PE P P PE CE IPv4 IPv6 IPv4 / IPv6 IPv4 configured interface IPv4 Core IPv6 Some or all interfaces in cloud dual configured IPv6 configured interface • All P + PE routers are capable of IPv4+IPv6 support • Two IGPs supporting IPv4 and IPv6 • Memory considerations for larger routing tables • Native IPv6 multicast support • All IPv6 traffic routed in global space • Good for content distribution and global services (Internet) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Dual Stack App IPv4 + IPv6 Edge IPv6 + IPv4 Core IPv4 and/or IPv4 edge CE PE P P PE CE IPv4 IPv6 IPv4 / IPv6 IPv4 configured interface IPv4 Core IPv6 Some or all interfaces in cloud dual configured IPv6 configured interface CE# ipv6 unicast-routing interface Ethernet0 ip address 192.168.99.1 255.255.255.0 ipv6 address 2001:db8:213:1::1/64 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Customer Access Aggregation Edge Core IP/MPLS IPv6oPPP IPv4oPPP BNG IPv4|v6oPPP • Native Dual-Stack IPv4/IPv6 service on RG LAN side • No changes in existing Access/Aggregation Infrastructure • One PPPoE session per Address Family (IPv4 or IPv6) or one PPPoE session carrying both IPv4 and IPv6 NCPs running as ships in the night Dual stack must not consume extra BNG session state • SLAAC or DHCPv6 can be used to number the WAN link with a Global address • DHCPv6-PD is used to delegate a prefix for the Home Network • Radius IPv6 attributes as per RFC 3162 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 BNG Radius DHCPv6 AAA Routed RG Ethernet or DSL Access Node PPPoE PPP LCP RADIUS "user1“ Access-Request Line-id RADIUS Framed-Protocol PPP User-Name “user1” Access-Accept Service-Type Framed PPP IPv6CP (Optional) framed-ipv6-prefix Link Local SLAAC + Default ICMPv6 Router Advertisement route to BNG installed RA with O-bit (Optional) Prefix DHCPv6 Solicit PD + DNS DHCPv6 Relay Forward Relay-fwd DHCPv6 Relay Reply DHCPv6 Reply* Relay-Reply SLAAC PD=2001:DB8:AAAA::/56 ICMPv6 RA 、 2001:DB8: DNS server= 2001:DB8:BB: RA with O-bit :1 AAAA::1 + Prefix=2001:DB8:AAAA::/64 Default route installed DHCPv6 Request DNS DHCPv6 Response * Assuming DHCPv6 rapid DNS=2001:DB8:BB::1 commit is in effect © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Manual Tunnel (RFC 2893) IPv6 over GRE (RFC 2473) Tunnel Broker (RFC 3053) 6to4 (RFC3056) – 6to4 Relay -- 6rd (RFC 5969) -- ISATAP (RFC 5214) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 IPv6 Packet IPv6 Packet IPv4 Packet IPv6 Packet Customer IPv6 Network IPv4 Access Network Provider IPv6 Network 200.15.15.1 200.13.13.1 2001:300::1/64 2001:300::2/64 IPv4 Access Network PE PE IPv6 Manual Tunnel IPv6 CE CE P P Dual Stack • One of the first transition mechanisms developed for IPv6 Static P2P tunnel, IP protocol type = 41, no additional header, NAT breaks • Terminates on dual stack end points IPv4 end point address must be routable IPv6 prefix configured on tunnel interface • Difficult to scale and manage For link few sites in fixed long term topology Use across IPv4 access network to reach IPv6 Provider © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 IPv6 Packet IPv6 Packet IPv4 Packet IPv6 Packet Customer IPv6 Network IPv4 Access Network Provider IPv6 Network 200.15.15.1 200.13.13.1 2001:300::1/64 2001:300::2/64 IPv4 Access Network PE PE IPv6 Manual Tunnel IPv6 CE CE P P Dual Stack interface tunnel 100 interface tunnel 100 ipv6 address 201:300::1/64 ipv6 address 201:300::2/64 no ipv6 nd ra suppress no ipv6 nd ra suppress tunnel source 200.15.15.1 tunnel source 200.13.13.1 tunnel destination 200.13.13.1 tunnel destination 200.15.15.1 tunnel mode ipv6ip tunnel mode ipv6ip • Only supports routing protocols that use IP encapsulation ISIS is itself a network layer protocol (not dependant upon IP) therefore will not work over IP Protocol-Type = 41 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 IPv6 Packet IPv6 Packet GRE Header IPv4 Packet IPv6 Packet Customer IPv6 Network IPv4 Backbone Network Provider IPv6 Network 200.15.15.1 200.13.13.1 2001:300::1/64 2001:300::2/64 IPv4 Backbone Network PE PE IPv6 GRE Tunnel IPv6 CE CE P P Dual Stack • Similar to Manual Tunnel (RFC 2893) But can transport non IP packets Hence can be used to support ISIS across the tunnel • GRE header uses 0x86DD to identify IPv6 payload • Similar scale and management issues • L2TPv3 is another tunnelling option © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 IPv6 Packet IPv6 Packet GRE Header IPv4 Packet IPv6 Packet Customer IPv6 Network IPv4 Backbone Network Provider IPv6 Network 200.15.15.1 200.13.13.1 2001:300::1/64 2001:300::2/64 IPv4 Backbone Network PE PE IPv6 GRE Tunnel IPv6 CE CE P P Dual Stack interface tunnel 2002 interface tunnel 100 ipv6 address 201:300::1/64 ipv6 address 201:300::2/64 tunnel source e0/0 tunnel source e0/0 tunnel destination 200.13.13.1 tunnel destination 200.15.15.1 tunnel mode gre ip tunnel mode gre ip ipv6 router isis ipv6 router isis © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 IPv6 Packet IPv6 Packet UDP Hdr. (opt.) IPv4 Packet IPv6 Packet IPv6 Client IPv4 Access Network IPv6 Internet Dual Stack with Broker IPv4 Acces Network Client Software PE PE Tunnel Broker IPv6 P P Tunnel Server Tunnel Broker • Tunnel Broker servers manage tunnel requests from users Binds tunnel between host and IPv6 server or router • Particularly suited to isolated IPv6 hosts connected via an IPv4 Internet • Client software loaded on to host Linux/MAC/Windows • Cisco routers do not support tunnel broker function Tunnel brokers can remotely configure Cisco routers © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 IPv6 Packet IPv6 Packet UDP Hdr. (opt.) IPv4 Packet IPv6 Packet IPv6 Client IPv4 Access Network IPv6 Internet Dual Stack with Broker IPv4 Acces Network Client Software PE PE Tunnel Broker IPv6 P P Tunnel Server X Tunnel Request (XML in IPv4) Authenticate Tunnel Broker User/Pass Authorised Destination=X, ClientType=Host Tunnel Server (X) Configuration Confirmation Tunnel Parameters, IPv6 Prefix IPv6 packet encapsulated in IPv4 Tunnel © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 IPv6 Packet IPv6 Packet IPv4 Header IPv6 Packet IPv6 Network IPv4 Backbone Network IPv6 Network 200.15.15.1 (e0/0) 200.11.11.1 (e0/0) IPv4 Backbone Network IPv6 PE PE IPv6 2002:c80b:0b01 2002:c80f:0f01 6 to 4 Tunnel CE CE P P 2002:c80f:0f01:100::1 2002:c80b:0b01:100::1 • Automatic tunnel method using 2002:IPv4::/48 IPv6 range IPv4 embedded in IPv6 format eg. 2002:c80f:0f01:: = 200.15.15.1 • No impact on existing IPv4 or MPLS Core (IPv6 unaware) • Tunnel endpoints have to be IPv6 and IPv4 aware (Dual stack) • Transition technology – not for long term use • No multicast support, Static Routing • Intrinsic linkage between destination IPv6 Subnet and IPv4 gateway interface IPv4 Gateway = Tunnel End point © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 IPv6 Packet IPv6 Packet IPv4 Header IPv6 Packet IPv6 Network IPv4 Backbone Network IPv6 Network 200.15.15.1 (e0/0) 200.11.11.1 (e0/0) IPv4 Backbone Network IPv6 PE PE IPv6 2002:c80b:0b01 2002:c80f:0f01 6 to 4 Tunnel CE CE P P 2002:c80f:0f01:100::1 2002:c80b:0b01:100::1 = 200.11.11.1 Tunnel end-point in IPv4 network Server Address 2002: c80b:0b01 : 0100: 0000:0000:0000:0001 All 6to4 Networks are Subnet Host 2002:IPv4Address::/48 8 bits 64 bits 2002:c80b:0f01:100::1 2002:c80b:0b01:100::1 200.15.15.1 200.11.11.1 IPv6 Hdr – Src Add IPv6 Hdr – Dst Add IPv4 Hdr – Src IPv4 Hdr – Dst © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 IPv6 Packet IPv6 Packet IPv4 Header IPv6 Packet IPv6 Network IPv4 Backbone Network IPv6 Network 200.15.15.1 (e0/0) 200.11.11.1 (e0/0) IPv4 Backbone Network IPv6 PE PE IPv6 2002:c80b:0b01 2002:c80f:0f01 6 to 4 Tunnel CE CE P P 2002:c80f:0f01:100::1 2002:c80b:0b01:100::1 interface tunnel 2002 interface tunnel 2002 ipv6 address 2002:c80f:0f01::1/128 ipv6 address 2002:c80b:0b01::1/128 tunnel source ethernet0/0 tunnel source ethernet0/0 tunnel mode ipv6ip 6to4 tunnel mode ipv6ip 6to4 ! ! interface ethernet 0/0 interface ethernet 0/0 ip address 200.15.15.1 255.255.255.0 ip address 200.11.11.1 255.255.255.0 ! ! interface ethernet 1/0 interface ethernet 1/0 ipv6 address 2002:c80f:0f01:100::2/64 ipv6 address 2002:c80b:0b01:100::2/64 ! ! ipv6 route 2002::/16 tunnel2002 ipv6 route 2002::/16 tunnel2002 © 2010 Cisco and/or its affiliates.