DOCSLIB.ORG

Ipv6 Tunneling

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ipv6 Tunneling IPv6 Tunneling Vladimir Settey © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 • IPv6 only IPv6 is the only protocol operating in the network • Dual Stack IPv4 and IPv6 operates in tandem over shared or dedicated links • Tunneling over IPv4 and MPLS IPv6 is confined to the edge of the IPv4 / MPLS core • Protocol Translation (NAT64, NAT46, DNS64, etc.) Allow IPv6-only devices to communicate with IPv4-only devices © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Dual Stack App IPv4 + IPv6 Edge IPv6 + IPv4 Core IPv4 and/or IPv4 edge CE PE P P PE CE IPv4 IPv6 IPv4 / IPv6 IPv4 configured interface IPv4 Core IPv6 Some or all interfaces in cloud dual configured IPv6 configured interface • All P + PE routers are capable of IPv4+IPv6 support • Two IGPs supporting IPv4 and IPv6 • Memory considerations for larger routing tables • Native IPv6 multicast support • All IPv6 traffic routed in global space • Good for content distribution and global services (Internet) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Dual Stack App IPv4 + IPv6 Edge IPv6 + IPv4 Core IPv4 and/or IPv4 edge CE PE P P PE CE IPv4 IPv6 IPv4 / IPv6 IPv4 configured interface IPv4 Core IPv6 Some or all interfaces in cloud dual configured IPv6 configured interface CE# ipv6 unicast-routing interface Ethernet0 ip address 192.168.99.1 255.255.255.0 ipv6 address 2001:db8:213:1::1/64 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Customer Access Aggregation Edge Core IP/MPLS IPv6oPPP IPv4oPPP BNG IPv4|v6oPPP • Native Dual-Stack IPv4/IPv6 service on RG LAN side • No changes in existing Access/Aggregation Infrastructure • One PPPoE session per Address Family (IPv4 or IPv6) or one PPPoE session carrying both IPv4 and IPv6 NCPs running as ships in the night Dual stack must not consume extra BNG session state • SLAAC or DHCPv6 can be used to number the WAN link with a Global address • DHCPv6-PD is used to delegate a prefix for the Home Network • Radius IPv6 attributes as per RFC 3162 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 BNG Radius DHCPv6 AAA Routed RG Ethernet or DSL Access Node PPPoE PPP LCP RADIUS "user1“ Access-Request Line-id RADIUS Framed-Protocol PPP User-Name “user1” Access-Accept Service-Type Framed PPP IPv6CP (Optional) framed-ipv6-prefix Link Local SLAAC + Default ICMPv6 Router Advertisement route to BNG installed RA with O-bit (Optional) Prefix DHCPv6 Solicit PD + DNS DHCPv6 Relay Forward Relay-fwd DHCPv6 Relay Reply DHCPv6 Reply* Relay-Reply SLAAC PD=2001:DB8:AAAA::/56 ICMPv6 RA 、 2001:DB8: DNS server= 2001:DB8:BB: RA with O-bit :1 AAAA::1 + Prefix=2001:DB8:AAAA::/64 Default route installed DHCPv6 Request DNS DHCPv6 Response * Assuming DHCPv6 rapid DNS=2001:DB8:BB::1 commit is in effect © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Manual Tunnel (RFC 2893) IPv6 over GRE (RFC 2473) Tunnel Broker (RFC 3053) 6to4 (RFC3056) – 6to4 Relay -- 6rd (RFC 5969) -- ISATAP (RFC 5214) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 IPv6 Packet IPv6 Packet IPv4 Packet IPv6 Packet Customer IPv6 Network IPv4 Access Network Provider IPv6 Network 200.15.15.1 200.13.13.1 2001:300::1/64 2001:300::2/64 IPv4 Access Network PE PE IPv6 Manual Tunnel IPv6 CE CE P P Dual Stack • One of the first transition mechanisms developed for IPv6 Static P2P tunnel, IP protocol type = 41, no additional header, NAT breaks • Terminates on dual stack end points IPv4 end point address must be routable IPv6 prefix configured on tunnel interface • Difficult to scale and manage For link few sites in fixed long term topology Use across IPv4 access network to reach IPv6 Provider © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 IPv6 Packet IPv6 Packet IPv4 Packet IPv6 Packet Customer IPv6 Network IPv4 Access Network Provider IPv6 Network 200.15.15.1 200.13.13.1 2001:300::1/64 2001:300::2/64 IPv4 Access Network PE PE IPv6 Manual Tunnel IPv6 CE CE P P Dual Stack interface tunnel 100 interface tunnel 100 ipv6 address 201:300::1/64 ipv6 address 201:300::2/64 no ipv6 nd ra suppress no ipv6 nd ra suppress tunnel source 200.15.15.1 tunnel source 200.13.13.1 tunnel destination 200.13.13.1 tunnel destination 200.15.15.1 tunnel mode ipv6ip tunnel mode ipv6ip • Only supports routing protocols that use IP encapsulation ISIS is itself a network layer protocol (not dependant upon IP) therefore will not work over IP Protocol-Type = 41 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 IPv6 Packet IPv6 Packet GRE Header IPv4 Packet IPv6 Packet Customer IPv6 Network IPv4 Backbone Network Provider IPv6 Network 200.15.15.1 200.13.13.1 2001:300::1/64 2001:300::2/64 IPv4 Backbone Network PE PE IPv6 GRE Tunnel IPv6 CE CE P P Dual Stack • Similar to Manual Tunnel (RFC 2893) But can transport non IP packets Hence can be used to support ISIS across the tunnel • GRE header uses 0x86DD to identify IPv6 payload • Similar scale and management issues • L2TPv3 is another tunnelling option © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 IPv6 Packet IPv6 Packet GRE Header IPv4 Packet IPv6 Packet Customer IPv6 Network IPv4 Backbone Network Provider IPv6 Network 200.15.15.1 200.13.13.1 2001:300::1/64 2001:300::2/64 IPv4 Backbone Network PE PE IPv6 GRE Tunnel IPv6 CE CE P P Dual Stack interface tunnel 2002 interface tunnel 100 ipv6 address 201:300::1/64 ipv6 address 201:300::2/64 tunnel source e0/0 tunnel source e0/0 tunnel destination 200.13.13.1 tunnel destination 200.15.15.1 tunnel mode gre ip tunnel mode gre ip ipv6 router isis ipv6 router isis © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 IPv6 Packet IPv6 Packet UDP Hdr. (opt.) IPv4 Packet IPv6 Packet IPv6 Client IPv4 Access Network IPv6 Internet Dual Stack with Broker IPv4 Acces Network Client Software PE PE Tunnel Broker IPv6 P P Tunnel Server Tunnel Broker • Tunnel Broker servers manage tunnel requests from users Binds tunnel between host and IPv6 server or router • Particularly suited to isolated IPv6 hosts connected via an IPv4 Internet • Client software loaded on to host Linux/MAC/Windows • Cisco routers do not support tunnel broker function Tunnel brokers can remotely configure Cisco routers © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 IPv6 Packet IPv6 Packet UDP Hdr. (opt.) IPv4 Packet IPv6 Packet IPv6 Client IPv4 Access Network IPv6 Internet Dual Stack with Broker IPv4 Acces Network Client Software PE PE Tunnel Broker IPv6 P P Tunnel Server X Tunnel Request (XML in IPv4) Authenticate Tunnel Broker User/Pass Authorised Destination=X, ClientType=Host Tunnel Server (X) Configuration Confirmation Tunnel Parameters, IPv6 Prefix IPv6 packet encapsulated in IPv4 Tunnel © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 IPv6 Packet IPv6 Packet IPv4 Header IPv6 Packet IPv6 Network IPv4 Backbone Network IPv6 Network 200.15.15.1 (e0/0) 200.11.11.1 (e0/0) IPv4 Backbone Network IPv6 PE PE IPv6 2002:c80b:0b01 2002:c80f:0f01 6 to 4 Tunnel CE CE P P 2002:c80f:0f01:100::1 2002:c80b:0b01:100::1 • Automatic tunnel method using 2002:IPv4::/48 IPv6 range IPv4 embedded in IPv6 format eg. 2002:c80f:0f01:: = 200.15.15.1 • No impact on existing IPv4 or MPLS Core (IPv6 unaware) • Tunnel endpoints have to be IPv6 and IPv4 aware (Dual stack) • Transition technology – not for long term use • No multicast support, Static Routing • Intrinsic linkage between destination IPv6 Subnet and IPv4 gateway interface IPv4 Gateway = Tunnel End point © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 IPv6 Packet IPv6 Packet IPv4 Header IPv6 Packet IPv6 Network IPv4 Backbone Network IPv6 Network 200.15.15.1 (e0/0) 200.11.11.1 (e0/0) IPv4 Backbone Network IPv6 PE PE IPv6 2002:c80b:0b01 2002:c80f:0f01 6 to 4 Tunnel CE CE P P 2002:c80f:0f01:100::1 2002:c80b:0b01:100::1 = 200.11.11.1 Tunnel end-point in IPv4 network Server Address 2002: c80b:0b01 : 0100: 0000:0000:0000:0001 All 6to4 Networks are Subnet Host 2002:IPv4Address::/48 8 bits 64 bits 2002:c80b:0f01:100::1 2002:c80b:0b01:100::1 200.15.15.1 200.11.11.1 IPv6 Hdr – Src Add IPv6 Hdr – Dst Add IPv4 Hdr – Src IPv4 Hdr – Dst © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 IPv6 Packet IPv6 Packet IPv4 Header IPv6 Packet IPv6 Network IPv4 Backbone Network IPv6 Network 200.15.15.1 (e0/0) 200.11.11.1 (e0/0) IPv4 Backbone Network IPv6 PE PE IPv6 2002:c80b:0b01 2002:c80f:0f01 6 to 4 Tunnel CE CE P P 2002:c80f:0f01:100::1 2002:c80b:0b01:100::1 interface tunnel 2002 interface tunnel 2002 ipv6 address 2002:c80f:0f01::1/128 ipv6 address 2002:c80b:0b01::1/128 tunnel source ethernet0/0 tunnel source ethernet0/0 tunnel mode ipv6ip 6to4 tunnel mode ipv6ip 6to4 ! ! interface ethernet 0/0 interface ethernet 0/0 ip address 200.15.15.1 255.255.255.0 ip address 200.11.11.1 255.255.255.0 ! ! interface ethernet 1/0 interface ethernet 1/0 ipv6 address 2002:c80f:0f01:100::2/64 ipv6 address 2002:c80b:0b01:100::2/64 ! ! ipv6 route 2002::/16 tunnel2002 ipv6 route 2002::/16 tunnel2002 © 2010 Cisco and/or its affiliates.
Load more

Recommended publications
  • SIP Software for Avaya 1200 Series IP Deskphones-Administration
    SIP Software for Avaya 1200 Series IP Deskphones-Administration Release 4.4 NN43170-601 Issue 06.05 Standard July 2015 © 2015 Avaya Inc. list of Heritage Nortel Products located at http://support.avaya.com/ All Rights Reserved. LicenseInfo under the link “Heritage Nortel Products” or such successor site as designated by Avaya. For Heritage Nortel Notice Software, Avaya grants You a license to use Heritage Nortel While reasonable efforts have been made to ensure that the Software provided hereunder solely to the extent of the authorized information in this document is complete and accurate at the time of activation or authorized usage level, solely for the purpose specified printing, Avaya assumes no liability for any errors. Avaya reserves in the Documentation, and solely as embedded in, for execution on, the right to make changes and corrections to the information in this or for communication with Avaya equipment. Charges for Heritage document without the obligation to notify any person or organization Nortel Software may be based on extent of activation or use of such changes. authorized as specified in an order or invoice. Documentation disclaimer Copyright “Documentation” means information published by Avaya in varying Except where expressly stated otherwise, no use should be made of mediums which may include product information, operating materials on this site, the Documentation, Software, Hosted Service, instructions and performance specifications that Avaya may generally or hardware provided by Avaya. All content on this site, the make available to users of its products and Hosted Services. documentation, Hosted Service, and the product provided by Avaya Documentation does not include marketing materials.
    [Show full text]
  • Performance Analysis and Comparison of 6To4 Relay Implementations
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 4, No. 9, 2013 Performance Analysis and Comparison of 6to4 Relay Implementations Gábor Lencse Sándor Répás Department of Telecommunications Department of Telecommunications Széchenyi István University Széchenyi István University Győr, Hungary Győr, Hungary Abstract—the depletion of the public IPv4 address pool may delegated the last five “/8” IPv4 address blocks to the five speed up the deployment of IPv6. The coexistence of the two Regional Internet Registries in 2011 [3]. Therefore an versions of IP requires some transition mechanisms. One of them important upcoming coexistence issue is the problem of an is 6to4 which provides a solution for the problem of an IPv6 IPv6 only client and an IPv4 only server, because internet capable device in an IPv4 only environment. From among the service providers (ISPs) can still supply the relatively small several 6to4 relay implementations, the following ones were number of new servers with IPv4 addresses from their own selected for testing: sit under Linux, stf under FreeBSD and stf pool but the huge number of new clients can get IPv6 addresses under NetBSD. Their stability and performance were investigat- only. DNS64 [4] and NAT64 [5] are the best available ed in a test network. The increasing measure of the load of the techniques that make it possible for an IPv6 only client to 6to4 relay implementations was set by incrementing the number communicate with an IPv4 only server. Another very important of the client computers that provided the traffic. The packet loss and the response time of the 6to4 relay as well as the CPU coexistence issue comes from the case when the ISP does not utilization and the memory consumption of the computer support IPv6 but the clients do and they would like to running the tested 6to4 relay implementations were measured.
    [Show full text]
  • Routing Loop Attacks Using Ipv6 Tunnels
    Routing Loop Attacks using IPv6 Tunnels Gabi Nakibly Michael Arov National EW Research & Simulation Center Rafael – Advanced Defense Systems Haifa, Israel {gabin,marov}@rafael.co.il Abstract—IPv6 is the future network layer protocol for A tunnel in which the end points’ routing tables need the Internet. Since it is not compatible with its prede- to be explicitly configured is called a configured tunnel. cessor, some interoperability mechanisms were designed. Tunnels of this type do not scale well, since every end An important category of these mechanisms is automatic tunnels, which enable IPv6 communication over an IPv4 point must be reconfigured as peers join or leave the tun- network without prior configuration. This category includes nel. To alleviate this scalability problem, another type of ISATAP, 6to4 and Teredo. We present a novel class of tunnels was introduced – automatic tunnels. In automatic attacks that exploit vulnerabilities in these tunnels. These tunnels the egress entity’s IPv4 address is computationally attacks take advantage of inconsistencies between a tunnel’s derived from the destination IPv6 address. This feature overlay IPv6 routing state and the native IPv6 routing state. The attacks form routing loops which can be abused as a eliminates the need to keep an explicit routing table at vehicle for traffic amplification to facilitate DoS attacks. the tunnel’s end points. In particular, the end points do We exhibit five attacks of this class. One of the presented not have to be updated as peers join and leave the tunnel. attacks can DoS a Teredo server using a single packet. The In fact, the end points of an automatic tunnel do not exploited vulnerabilities are embedded in the design of the know which other end points are currently part of the tunnels; hence any implementation of these tunnels may be vulnerable.
    [Show full text]
  • Allied Telesis Solutions Tested Solution:Ipv6 Transition Technologies
    Allied Telesis Solutions IPv6 Transition Technologies Tested Solution: IPv6 Transition Technologies Moving a network from IPv4 addressing to IPv6 addressing cannot be performed in a single step. The transition necessarily proceeds in stages, with islands of IPv6 developing within the IPv4 network, and gradually growing until they cover the whole network. During this transition process, the islands of IPv6 need to be able to communicate with each other across the IPv4 network. Additionally, it is desirable to be able to transition some network functions across to IPv6 while the majority of the network is still using IPv4. Allied Telesis provides robust solutions for IPv4-to-IPv6 network transitioning, using IPv6 tunneling and dual IPv4/IPv6 network management. The Allied Telesis IPv6 transition technologies integrate seamlessly with the complementary facilities provided within Microsoft server and workstation operating systems. The Allied Telesis IPv6 transition solution will be presented here by a detailed description of an example IPv4/IPv6 hybrid network, consisting of Allied Telesis switches and servers and workstations running various versions of Microsoft Windows Network topology The example network used in this example consists of two sections of IPv4 network, and a section of pure IPv6 network. IPv4 133.27.65.34 v4 router 139.72.129.56/24 Vista 136.34.23.11/24 133.27.65.2 6to4 host/router x600 6to4 relay XP 2002:8B48:8139::10/64 136.34.23.10/24 139.72.129.57/24 2002:8B48:8139:1001::12/64 6to4 host/router IPv6 router Server 2008 2002:8b48:8139:1003::12/642002:8b48:8139:1002::12/64 ISATAP router 2002:8b48:8139:1003::10/64 192.168.2.254 192.168.2.54 IPv6 v4 router Server 2008 192.168.3.254 2002:8b48:8139:1002::10/64 192.168.3.11 IPv4 8000S ISATAP The workstations in the upper IPv4 network are able to communicate using both IPv4 and IPv6.
    [Show full text]
  • Using PANA for Mobile Ipv6 Bootstrapping Julien Bournelle, Jean-Michel Combes, Maryline Laurent, Sondes Larafa
    Using PANA for mobile IPv6 bootstrapping Julien Bournelle, Jean-Michel Combes, Maryline Laurent, Sondes Larafa To cite this version: Julien Bournelle, Jean-Michel Combes, Maryline Laurent, Sondes Larafa. Using PANA for mobile IPv6 bootstrapping. NETWORKING 2007 : 6th international IFIP-TC6 networking conference on ad hoc and sensor networks, wireless networks, next generation Internet, May 2007, Atlanta, United States. pp.345 - 355, 10.1007/978-3-540-72606-7_30. hal-01328113 HAL Id: hal-01328113 https://hal.archives-ouvertes.fr/hal-01328113 Submitted on 7 Jun 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Using PANA for Mobile IPv6 Bootstrapping Julien Bournelle1, Jean-Michel Combes2, Maryline Laurent-Maknavicius1, Sondes Larafa1 1 GET/INT, 9 rue Charles Fourier, 91011 Evry, France 2 France Telecom R&D, 38/40 rue du General Leclerc, 92784 Issy-Les-Moulineaux, France Abstract One of the current challenge of the Mo- 2 Mobile IPv6 Overview bile IPv6 Working Group at the IETF is to dynami- As it stands in [1], an IPv6 Mobile Node (MN) is cally assign to a Mobile Node its Home Agent, Home uniquely identi¯ed by its Home Address (HoA), and Address and to setup necessary security associations.
    [Show full text]
  • Spirent AION
    DATASHEET Spirent AION Spirent TestCenter Broadband Access Standard and Advanced Bundles, Carrier • Enhanced Realism—Spirent Ethernet Bundle TestCenter Access test solution Overview emulates real world broadband subscriber behaviors, Triple Play Spirent AION is a flexible delivery platform that enables users to achieve improved services, and failure scenarios deployment and provisioning for all their cloud and network testing needs. It is designed to deliver ultimate flexibility in how Spirent TestCenter platforms are • Improved Testing Capacity— purchased and utilized. accomplish more in less lab space The extended platform combines a wealth of industry-leading test solutions with a with the highest number of emulated flexible licensing architecture to support a wide range of next-generation solution- subscribers and user planes per port based domain applications. and port density AION offers a centralized management hub to help leverage software and hardware • Reduced Test Time—set up tests functionalities across all lab users and locations for a simplified management and quickly and easily to validate decision-making process: system performance in realistic, unstable environments rather than • Flexible purchasing options available via subscription, consumption-based, and perpetual plans, with the ability to license different bandwidth, scale, and protocol bundles. an environment optimized for pure performance • Flexible deployment options offered include cloud-delivery, on-prem, and laptop-hosted licensing services. • Detailed Analysis—Data
    [Show full text]
  • Ipv6 – from Assessment to Pilot
    IPv6 – From Assessment to Pilot James Small CDW Advanced Technology Services Session Objectives State of Things Business Case Plan Design Implement Security & Operations Current Trends Depletion replaced by Growth Population penetration Geoff Huston’s IPv4 Address Report Multiple mobile device penetration The Internet of Things – M2M The Internet of Everything Current Trends Global growth: Penetration doubling every 9 months US penetration: IPv6 Deployment: 24.76% Prefixes: 40.78% Transit AS: 59.48% Content: 47.72% Google’s global IPv6 statistics graph Users: 3.92% Relative Index: 6.2 out of 10 Global IPv6 growth Graphs from Cisco Live Orlando 2013 – PSOSPG 1330 • US Growth/Penetration is Double the Global Rate • Critical mass in US next year (10% penetration) Opinions on Action Gartner – Enterprises must start upgrading their Internet presence to IPv6 now Deloitte – In short, we recommend starting (v6 deployment) now “Starting sooner can give organizations enough lead-time for a deliberate, phased roll-out, while waiting could lead to a costly, risky fire drill.” Roadmap State of things Business Case Plan Design Implement Security & Operations New Trends IPv6-Only Data Centers and Networks (especially mobile ones) on the rise Internet-of-Things – many key protocols are IPv6 only (IPv4 doesn’t have necessary scale) Many new trends are IPv6-Only (e.g. IoT) Smart Factories/Buildings/Cities/Grid Intelligent Transportation System General Business Case 65% of Cisco Enterprise Technology Advisory Board members will have IPv6 web sites by the end of this year (2013) Top drivers for IPv6 BYOD Globalization Internet Evolution/Internet Business Continuity (B2B/B2C) Legal Business Cases Mobile (Tablets/Smartphones) LTE/4G an IPv6 technology Multinational Firms – Europe far down the IPv6 path, where are you compared to your counterparts? Federal – Goal for full IPv6 deployment by 2014 with some trying to eliminate IPv4 by years end (VA) Legal Business Cases IPv6 Critical mass is coming next year (2014) – B2B, B2C, M2M, and other innovation will follow.
    [Show full text]
  • Deploying Ipv6 in Fixed and Mobile Broadband Access Networks
    Deploying IPv6 in Fixed and Mobile Broadband Access Networks Tomás Lynch – Ericsson Jordi Palet Mar8nez – Consulintel Ariel Weher – LACNOG Agenda (1/2) • IPv6 in Broadband Networks – Where are we? • IPv6 TransiHon Mechanisms for Broadband Networks • IPv6 Prefix Assignment • Deployment of IPv6 in Mobile Broadband Networks • Deployment of IPv6 in PPPoE & IPoE Networks • Deployment of IPv6 in Cable Networks Agenda (2/2) • Current IPv6 Deployments in Broadband Access Networks • Other Systems Involved in IPv6 Deployment • IPv6 TransiHon Planning • Useful Documents • Conclusions IPv6 in Broadband Networks Where Are We? IPv4 Yes, the IPv4 pool IPv4 with NAT But we can use IPv4 and NAT!!! Yeah, right … IPv6 Why IPv6? Move to IPv6 Now! New Business Operaonal OpportuniHes Needs Allows continuous growth Simplify service of Internet business providers operations Ready for Cloud and M2M IPv4 Address (moving towards 50 billion) Depletion Increasing government New business models regulations requiring IPv6 deployment IPv6 Readiness – No Excuses! › Laptops, pads, mobile phones, dongles, CPEs: Ready! – OS: 90% of all Operating systems are IPv6 capable – Browsers are ready! – Mobile devices: Android, IOS6, LTE devices are ready! – Mobile Apps: More than 85% with IPv6 support – CPEs: More than 45% support IPv6 IPv6 Traffic is Growing – No Excuses! In LACNIC23, May 2015 • Peru 13% • World 6% Source: Google IPv6 StasHcs - 8/16/2015 So ISP what are you doing? • You may have IPv6 in your backbone: – Dual stack backbone, 6PE, 6VPE – Easy stuff! • Loopbacks, IGP (yes, ISIS is great), we love to configure BGP! – If not, what are you waiHng for? • What about your customers? – Mobile broadband: customers change their phone more quickly than their clothes, easy stuff but those GGSN licenses are killing me.
    [Show full text]
  • Ipv6-Only Deployment in Broadband and Cellular Networks Ipv4 As-A-Service
    IPv6-only Deployment in Broadband and Cellular Networks IPv4 as-a-Service LACNIC31 May, 2019 Punta Cana, DO @JordiPalet ([email protected]) - 1 Transition / Co-Existence Techniques • IPv6 has been designed for easing the transition and coexistence with IPv4 • Several strategies have been designed and implemented for coexisting with IPv4 hosts, grouped in three categories: – Dual stack: Simultaneous support for both IPv4 and IPv6 stacks – Tunnels: IPv6 packets encapsulated in IPv4 ones • This has been the commonest choice • Today expect IPv4 packets in IPv6 ones! – Translation: Communication of IPv4-only and IPv6- only. Initially discouraged and only “last resort” (imperfect). Today no other choice! • Expect to use them in combination! - 2 Dual-Stack Approach • When adding IPv6 to a system, do not delete IPv4 – This multi-protocol approach is familiar and well-understood (e.g., for AppleTalk, IPX, etc.) – In the majority of the cases, IPv6 is be bundled with all the OS release, not an extra-cost add-on • Applications (or libraries) choose IP version to use – when initiating, based on DNS response: • if (dest has AAAA record) use IPv6, else use IPv4 – when responding, based on version of initiating packet • This allows indefinite co-existence of IPv4 and IPv6, and gradual app-by-app upgrades to IPv6 usage • A6 record is experimental - 3 Dual-Stack Approach IPv6 IPv6 IPv4 IPv4 Application Application Application Application TCP/UDP TCP/UDP TCP/UDP IPv6 IPv6 IPv4 IPv4 IPv6-only stack Dual-stack (IPv4 & IPv6) IPv4-only stack IPv6
    [Show full text]
  • Ipv6 Automatic 6To4 Tunnels
    IPv6 Automatic 6to4 Tunnels This feature provides support for IPv6 automatic 6to4 tunnels. An automatic 6to4 tunnel allows isolated IPv6 domains to be connected over an IPv4 network to remote IPv6 networks. • Finding Feature Information, page 1 • Information About IPv6 Automatic 6to4 Tunnels, page 1 • How to Configure IPv6 Automatic 6to4 Tunnels, page 2 • Configuration Examples for IPv6 Automatic 6to4 Tunnels, page 4 • Additional References, page 5 • Feature Information for IPv6 Automatic 6to4 Tunnels, page 6 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Information About IPv6 Automatic 6to4 Tunnels Automatic 6to4 Tunnels An automatic 6to4 tunnel allows isolated IPv6 domains to be connected over an IPv4 network to remote IPv6 networks. The key difference between automatic 6to4 tunnels and manually configured tunnels is that the tunnel is not point-to-point; it is point-to-multipoint. In automatic 6to4 tunnels, routers are not configured in pairs because they treat the IPv4 infrastructure as a virtual nonbroadcast multiaccess (NBMA) link. The IPv4 address embedded in the IPv6 address is used to find the other end of the automatic tunnel.
    [Show full text]
  • Guidelines for the Secure Deployment of Ipv6
    Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks NIST Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Dr. Patrick D. Gallagher, Director GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-119 Natl. Inst. Stand. Technol. Spec. Publ. 800-119, 188 pages (Dec. 2010) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.
    [Show full text]
  • Deploy CGN to Retain Ipv4 Addressing While Transitioning to Ipv6
    White Paper Deploy CGN to Retain IPv4 Addressing While Transitioning to IPv6 The IANA ran out of IPv4 addresses to allocate in February 2011, and the Regional Internet Registries (RIR) will have assigned most of their addresses by the end of 2011. The world is faced with the fundamental problem of IPv4 address space exhaustion. There is a huge demand for IP addresses resulting from the explosive growth of mobile devices, including smartphones, portable gaming consoles, tablets, laptops and netbooks, and machine-to- machine modules. Figure 1 shows the expected growth in mobile phones alone. The number of mobile subscribers is expected to be 4.5 billion by 2014. Figure 1. Expected Mobile Phone Growth (in Millions) (Source: IDC) Preserve IPv4 Addressing with CGN Service providers are looking for ways to extend the use of the IPv4 addresses they have during their transition to IPv6. IPv4 addresses are still valid and ubiquitous, and not everyone is using IPv6 yet, so the two addressing schemes will coexist for a long time. Although new IPv4 addresses are not available, there is a short-term alternative that ensures your business continuity. That alternative is Carrier Grade NAT (CGN), a solution that service providers can employ today to extend their use of IPv4 addresses. The extension is achieved in two ways: IPv4 addresses are extended because they are translated from many private addresses to one public address. The extension is also a time extension–-service providers can continue using IPv4-only networks for a while. Cisco’s approach to help customers as they transition to IPv6 is to “Preserve, Prepare and Prosper.” CGN helps customers “Preserve” the present mode of operation.
    [Show full text]