Title: IPv6 Implementation and Practice
1IPv6 Implementation and Practice
Colorado Cisco User Groups 12-13 April, 2006
- Scott Hogg
- Director of Technical Services - GTRI
- CCIE 5133, CISSP, CIPTSS, CIPTDS
2Agenda
- IPv6 Features
- Addressing
- Routing
- Security
- DNS
- IPv6 Transition Techniques
- Current Level of IPv6 Support
- Operating System and Application Support
- Cisco Product Support
- Service Provider Support
- IPv6 Summary
- IPv6 Advantages
- IPv6 Challenges
- References Suggested Reading
- Questions and Answers
- Live IPv6 Demonstration
3IPv6 Header
IPv4 Header 20 bytes
IPv6 Header, 40 bytes fixed
- fields name kept from IPv4 to IPv6 - fields
not kept in IPv6 - Name position changed in
IPv6 - New field in IPv6
Legend
4IPv6 Extension Headers
Next Header Field 0 Hop-by-Hop Options 60
Destination Options (If Routing
header is used) 43 Routing 44 Fragment 46
RSVP 51 AH 50 ESP 88 EIGRP 89 OSPF 6
TCP 17 UDP 58 ICMPv6 135 Mobility
Header 59 None (no next header)
IPv6 Header Next Header 6 TCP
TCP Header Data
IPv6 Header Next Header 43 Routing
Routing Header Next Header 6 TCP
TCP Header Data
IPv6 Header Next Header 43 Routing
Routing Header Next Header 44 Fragment
Fragment Header Next Header 6 TCP
Fragment of TCP Header Data
8-bits
8-bits
Option Type (Next)
Option Data Length
Option Data (Variable Length)
5IPv6 Addressing Notation
- 128 bits get converted into more readable form
- 0011 1111 1111 1110 1001 0000 1110 0000 0000 0000
0000 0011 0000 0000 0000 0000 / 0000 0000 0000
0000 0000 0000 0101 0000 0000 0000 0000 0000 0000
0000 0000 0000 - Convert bits to hex
- 3FFE90E0000300000000005000000000
- Reduce by removing leading zeros
- 3FFE90E03005000
- Use to consolidate multiple zeros only once
- 3FFE90E035000
- or
- 3FFE90E030050
- Prefix format/notation
- 3FFE90E03/64
6Addressing Format Prefix
- Reserved (0/128) 0000 0000
- Unassigned 0000 0001
- Reserved for NSAP Allocation 0000 001
- Reserved for IPX Allocation later
deprecated 0000 010 - Unassigned 0000 011
- Unassigned 0000 1
- Unassigned 0001
- Aggregatable Global Unicast Addresses
(2001/16) 001 - Provider-Based Unicast Address 010
- Unassigned 011
- Rsvd for Neutral-Interconnect-Based Unicast
Addrs 100 - Unassigned 101
- Unassigned 110
- Unassigned 1110
- Unassigned 1111 0
- Unassigned 1111 10
- Unassigned 1111 110
- Unassigned 1111 1110 0
- Link Local Use Addresses (FE80/10) 1111 1110
10
7IPv6 Address Types
- Unicast (Provider Based, Local Use, future
definable...) (11) - Provider Based Unicast Addresses
- Local Use Addresses
- IPv4 Compatible IPv6 Addresses
- IPv4 Mapped IPv6 Addresses (new style regular
IPv4) - Anycast assigned to more than one interface
(1Nearest) - When used as part of a route sequence can allow
for load balancing source selected policies - Allocated from the unicast space
indistinguishable from unicast addresses - When assigned then the nodes must be explicitly
configured to know its an anycast
interface/address - Router only not used for source address
- Multicast (1Many)
- Including scope fields and transient/well know
flag - The good old broadcast addresses are not used
anymore
8IPv6 Address Types
Multicast
Unicast
Anycast
Assigned
Solicited-Node
Link-Local
Aggregatable Global
Site-Local
FF00/8
FF021FF000000/104
FE80/10
2001/16 2002/16 3FFE/16
FEC0/10
Unicast-Prefix
FF3x/96
Aggregatable Global
Link-Local
Site-Local
IPv4 Compatible
Unspecified Loopback
/128 1/128
FE80/10
2001/16 2002/16 3FFE/16
FEC0/10
000000/96
9Address Allocation Policy
- The allocation process is under review by the
Registries - IANA allocates 2001/16 to registries
- Each registry gets a /23 prefix from IANA
- Formerly, all ISP were getting a /35
- With the new policy, Registry allocates a /32
prefix to an IPv6 ISP - Then the ISP allocates a /48 prefix to each
customer (or potentially /64)
/48
/64
/32
/23
2001
0410
Interface ID
Registry
interface identifier (64 bits)
ISP prefix
Site prefix
20010400/23 ARIN 20010200/23 APNIC 20010600
/23 RIPE NCC 2002/16 6to4 3FFE/16 6Bone
LAN prefix
10Interface ID EUI-64
Ethernet MAC Address (48 bits)
00
90
27
17
FC
0F
00
90
27
17
FC
0F
FF
FE
00
90
27
17
FC
0F
FF
FE
64 bits version
1 unique 0 not unique
000000X0
where X
Uniqueness of the MAC
X 1
02
90
27
17
FC
0F
FF
FE
Eui-64 Address
- Eui-64 address is formed by inserting "FFFE" and
ORing a bit identifying the uniqueness of the MAC
address.
11Multicast Addresses
- Flags Field
- Bit 0-3 reserved must be zero
- Bit 4 0 if it is a well-known multicast address
Permanently assigned - Bit 4 1 if this is a temporary multicast
address Temporarily assigned - Scope Field
- 1 Node Local (Interface Local) FF01
- 2 Link Local FF02
- 5 Site Local FF05
- FF010000001 - All Nodes Address
- FF010000002 - All Routers Address
- FF020000001 - All Nodes Address (FF021)
- FF020000002 - All Routers Address
(FF022) - FF020000005 - OSPFIGP
- FF020000006 - OSPFIGP DR
- FF020000009 - RIP Routers
- FF0200001FF00 Solicited Node Address for
Neighbor Discovery (ND)
12Site/Link Local Addresses
- Link Local
- Single Link Address Never Routed
- Used for autoconfiguration and neighbor discovery
- Site Local (Now Deprecated by RFC 3879)
- Similar to RFC 1918 addresses - Can be divided
into subnets - Replaced by unique local IPv6 unicast addresses
fc00/7
13ICMPv6
- More powerful than ICMPv4
- ICMPv6 uses IPv6 extension header 58 (RFC 2463)
- Type Description
- 1 Destination Unreachable
- 2 Packet to Big
- 3 Time exceeded
- 4 Parameter problem
- 128 Echo Request
- 129 Echo Reply
- 130 Multicast Listener Query sent to ff021
(all nodes) - 131 Multicast Listener Report
- 132 Multicast Listener Done sent to ff022
(all routers) - 133 Router Solicitation (RS) sent to ff012
(all routers) - 134 Router Advertisement (RA) sent to ff011
(all nodes) - 135 Neighbor Solicitation (NS) sent to
ff0200001ff00/104 - 136 Neighbor Advertisement (NA)
- 137 Redirect message
PING
MLD
Prefix Advertisement
ARP Replacement
DAD
Router Redirection
14IPv6 Auto-Configuration
- IPv4 Configuration (Bootstrap/DHCP/ARP)
- IPv4 Address, Subnet Mask, Default Gateway
- Domain Name, Resolver
- IPv6 Configuration
- Neighbor Discovery (stateless configuration)
- DHCPv6 (stateful configuration)
- Stateless DHCPv6 on router RFC 3315
- Duplicate Address Detection (DAD)
- Router/Prefix Discovery, Next-Hop Detection
- Parameters discovery (link MTU, hop limit, )
- Redirect, Neighbor Unreachability Detection
(NUD) (useful for default routers) - Advertises 6to4 site router prefixes
- Router Renumbering (RR) Protocol
15Other IPv6 Features
- IPv6 requires every network link be capable of
minimum MTU of 1280 bytes - IPv6 routers dont fragment packets
- Hosts perform their own Path MTU Discovery
- Provider selection (based on policy, performance,
cost, ) - Host mobility (route to current location)
- Auto-readdressing (route to new address)
- (Use IPv6s routing extension header)
16IPv6 Routing Protocols
- The key to scalable routing is to use
hierarchical addressing - RIPng (RFC 2080)
- OSPFv3 (RFC 2740)
- Integrated IS-ISv6 (draft-ietf-isis-ipv6.txt)
- EIGRPv6 (available in 2002!) Now EFT
- MP-BGP (RFC 2858 and RFC 2545)
- IDRPv6 InterDomain Routing Protocol (ISO)
- IPv6 still uses longest-prefix matching
- Longest match wins rule
17EIGRP for IPv6
interface FastEthernet 0/0  ipv6 enable  ipv6
eigrp 10 ipv6 bandwidth-percent eigrp ltasgt
ltpercentgt ipv6 summary-address eigrp ltasgt
ltipv6-addrgt ad ipv6 authentication mode eigrp
ltasgt md5 ipv6 authentication key-chain eigrp
ltasgt ltkey-chaingt ! ipv6 router eigrp 10
router-id 10.1.1.1 log-neighbor-changes
log-neighbor-warnings seconds metric weights
tos k1 k2 k3 k4 k5 ! show ipv6 eigrp interfaces
show ipv6 eigrp neighbors detail show ipv6
eigrp topology show ipv6 eigrp traffic
18Multiprotocol BGP-4
- Multiprotocol Extensions for BGP-4 (RFC 2858)
- Use of BGP-4 Multiprotocol Extensions for IPv6
Inter-Domain Routing (RFC 2545) - Multiprotocol Reach/Unreach NLRIs
- Address Family Identifier (AFI2) tells which
NLRIs are used - BGP TCP port 179 sessions can be over IPv4 or
IPv6 - BGP4 still relies upon a stable IGP
- Next-Hop attribute must be link-local or
aggregatable global unicast IPv6 address - Configured a lot like BGP-4 for IPv4 on Cisco
routers
19BGP-4 Configuration
- router bgp 65500
- bgp log-neighbor-changes
- neighbor 3ffe150032c748 remote-as 64900
- neighbor 172.16.1.2 remote-as 65500
- !
- address-family ipv4
- neighbor 172.16.1.2 activate
- neighbor 172.16.1.2 prefix-list OUTFILTER out
- no neighbor 3ffe150032c748 activate
- network 192.0.2.0
- no auto-summary
- no synchronization
- !
- address-family ipv6
- neighbor 3ffe150032c748 activate
- neighbor 3ffe150032c748 prefix-list
FILTERIPV6 out - network 2001db831/48
- no synchronization
- !
20BGP-4 Configuration
- router bgp 65500
- bgp log-neighbor-changes
- neighbor 3ffe150032c748 remote-as 64900
- !
- address-family ipv6
- neighbor 3ffe150032c748 activate
- neighbor 3ffe150032c748 maximum-prefix 2500
80 - neighbor 3ffe150032c748 prefix-list
FILTERIPV6 in - network 2001db831/48
- no synchronization
- !
- ipv6 prefix-list FILTERIPV6 seq 10 permit
2001500/30 le 48 - ipv6 prefix-list FILTERIPV6 seq 20 permit
2002/16 - ipv6 prefix-list FILTERIPV6 seq 30 permit
2000/3 le 32 - ipv6 prefix-list FILTERIPV6 seq 40 deny /0 le
128 - !
- ipv6 route 2001db831/48 null0
21IPv6 Security
- IPv4 Security Problems
- 1) Denial of service attacks
- 2) Address spoofing
- 3) Use of source routing defeats address
authentication - IPv6 Security
- 1) Mandated at the OS level (IPSEC)
- 2) Authentication Header (Default to MD5)
- 3) Encryption (Default to DES-CBC)
- 4) Security Parameter Index
- 5) Repudiation features
22IPv6 Security
- IPv6 makes some things better, other things
worse, and most things are just different, but no
more or less secure - Better
- Automated scanning and worm propagation is harder
- due to huge subnets
- Link-local addressing can limit infrastructure
attacks - IPsec will be routinely available for use where
keys exist - Worse
- Lack of familiarity with IPv6 among operators
- Multiple addresses per interface is a different
concept - Immaturity of software in the next few years
- Improperly deployed transition techniques
23Cisco IPv6 Security
- Standard, reflexive, extended access control list
- Enhanced extended ACL filtering on Routing Type
- Hardware e-ACL filtering capabilities (CRS-1,
C12K, - C7600, C6500,) including parsing option headers
Threat Protection Packet Filtering
- IPv4 dynamic IPSec to protect IPv6 over IPv4
tunnels with dynamic IPv4 end point - IPv6 IPSec Authentication for OSPFv3
- IPv6 IPsec Tunnel Router-to-Router, including
new IPv4/IPv6 Encryption hardware adapter
Secure Connectivity IPsec
- Cisco IOS Firewall includes IPv6 from Cisco IOS
12.3(7)T, - 12.4 and 12.4T
- PIX 7.0 release
- FWSM (future)
- ASA 5500 series
Cisco IPv6 Firewall Solutions
ASA 5500 series
24Basic IPv6 Packet Filtering
- When Used for Traffic Filtering, IPv6 Access
Control Lists (ACL) Offers the Same Level of
Support as in IPv4 - Every IPv6 ACL has implicit permit icmp any any
nd-na and permit icmp any any nd-ns - Implicit deny all at the end of access list
HTTP
interface FastEthernet0/0 ipv6 address
2001DB8C00311011/64 ipv6 traffic-filter
V6FILTER in ! ipv6 access-list V6FILTER permit
tcp any host 2001DB8C003110210 eq web !
IPv6 Internet
ANY
F0/0
Web Server 2001DB8C003110210/64
25IPv6 Firewall Feature Set
ipv6 unicast-routing ipv6 cef ! ipv6 inspect
audit-trail ipv6 inspect max-incomplete low
150 ipv6 inspect max-incomplete high 250 ipv6
inspect one-minute low 100 ipv6 inspect
one-minute high 200 ipv6 inspect name V6FW tcp
timeout 300 ipv6 inspect name V6FW udp ipv6
inspect name V6FW icmp ! interface
FastEthernet0/0 ipv6 address 2001DB8C00311122
/64 ipv6 cef ipv6 traffic-filter EXAMPLE in ipv6
inspect V6FW in ! ipv6 access-list EXAMPLE permit
tcp any host 2001DB8C00311132 eq www permit
tcp any host 2001DB8C00311132 eq ftp deny
ipv6 any any log
IPv6 Internet
F0/0
HTTP
FTP
ANY
Web/FTP Server 2001DB8C00311132
26PIX 7.0 ACL
interface Ethernet0 nameif outside ipv6 address
2001db8c000105137/64 ipv6 enable ipv6 nd
suppress-ra interface Ethernet1 nameif inside
ipv6 address 2001db8c00010521/64 ipv6
enable ipv6 unicast-routing ipv6 route outside
/0 2001db8c00010511 ipv6 access-list
SECURE permit tcp any host 2001db8c00010527
eq telnet ipv6 access-list SECURE permit icmp6
any 2001db8c0001052/64 access-group SECURE
in interface outside
27DNS for IPv6
- Upgrade DNS servers first
- DNS for IPv6 RFC 1886
- Bind v9 supports IPv6
- AAAA (quad-A 4 X 32 128) simple format
- A6 format more complex format for business
deployments - Use IPv6 else use IPv4 format if both types are
returned then the decision is left up to the
requesting host - Response based on the version number of the
request packet - DNS issues can result in mixed environments
28IPv6 Transition Techniques
- Dual Stack
- Tunnel/Encapsulation
- Configured Tunnels
- Automatic Tunnels
- 6to4
- ISATAP
- Tunnel Broker with TSP
- Teredo
- Application Layer Gateways
- Proxy
29Dual IP Stacks Model
- Dual-Stack Architecture RFC 1933
- 4 different possibilities
- Ships in the night
Application
TCP
UDP
IPv4
IPv6
0x86dd
0x0800
Data Link (EthernetII)
30Sample Dual-Stack Config
- ipv6 unicast-routing
- ipv6 multicast-routing
- ipv6 cef
- interface Loopback0
- ip address 200.100.1.3 255.255.255.255
- ipv6 address FEC00088/128
- interface Ethernet 0
- ip address 192.168.100.1 255.255.255.0
- ipv6 address 2001100111/64
- ipv6 cef
- ipv6 enable
- ipv6 route /0 200115014
31IPv6 Tunneling
- Manually configured or Automatic
- IPv6 PDUs encapsulated in IPv4 protocol 41
Router-to-Router Tunnel
v4
v4
v4
IPv4
v4/v6
v4/v6
Dual-Stack Node
Dual-Stack Node
DATA
Node-to-Node Tunnel
32Tunnel Configuration
- hostname Router1
- interface Tunnel 0
- ipv6 address 2001db8c1811/127
- tunnel source 192.168.100.1
- tunnel destination 192.168.200.2
- tunnel mode ipv6ip
- ipv6 route 2001db8c1/64 tunnel0
- Â
- hostname Router2
- interface Tunnel 0
- ipv6 address 2001db8c1812/127
- tunnel source 192.168.200.2
- tunnel destination 192.168.100.1
- tunnel mode ipv6ip
- ipv6 route 2001db8d2/64 tunnel0
33IPv6 Tunneling 6to4
- Connection of Isolated IPv6 Domains via IPv4
Clouds Without Explicit Tunnels - Inter-domain tunneling using IPv4 address as IPv6
site prefix IPv6 using IPv4 as a virtual
link-layer - IPv6 VPN over IPv4 Internet (2002/16 prefix)
- Automatic tunneling approach - Minimal manual
configuration - Uses globally unique prefix comprised of the
unique 6to4 TLA and the globally unique IPv4
address of the exit router. - 6to4 Relay is the gateway between the IPv6 and
IPv4 worlds - No NAT can exist in the path
- 6to4 Relay may be far away from end node
- Security issues related to an open relay
346-to-4 Configuration
- hostname BorderRouter
- interface Ethernet0
- ip address 200.168.100.1 255.255.255.0
- interface Tunnel0
- no ip address
- ipv6 address 2002c8a8640111/128
- tunnel source Ethernet0
- tunnel mode ipv6ip 6to4
- ipv6 route 2002/16 Tunnel0
- ipv6 route /0 2002c8a8c80222
- Â
- hostname 6to4RelayRouter
- interface Ethernet0
- ip address 200.168.200.2 255.255.255.0
- interface Tunnel0
- no ip address
- ipv6 address 2002c8a8c80222/128
- tunnel source Ethernet0
- tunnel mode ipv6ip 6to4
35IPv6 Tunneling ISATAP
- Intra-Site Automatic Tunnel Addressing Protocol
- Automatic tunneling inside an enterprise
- ISATAP connections look like one flat network
- Creates a virtual IPv6 link over an IPv4 network
- Uses 5EFE just before the 32 bit IPv4 address
bits converted to hex - Can use private address space
- Create a DNS A record for ISATAP equal to
routers lo0 - Or C\gtnetsh int ipv6 isatap set router
ltip4addrgt - Currently, ISATAP doesnt support multicast
36IPv6 Tunneling ISATAP
- interface Loopback0
- ip address 192.168.12.1 255.255.255.0
- interface Tunnel0
- ipv6 address 2001db8c1/64 eui-64
- tunnel source loopback 0
- tunnel mode ipv6ip isatap
- no ipv6 nd suppress-ra
IPv4
ISATAP Dual-Stack Node
IPv6
v4/v6
ISATAP Tunnel
192.168.12.1 2001db8c105efec0a60c01
192.168.3.3 2001db8c105efec0a60303
37IPv6 Tunneling Tunnel Broker
- Tunnel Brokers use a web-based service to create
a tunnel - Connects an isolated host to IPv6 net of provider
operating the tunnel broker - Tunnel information is sent via http-ipv4
- Tunnel managed by ISP
- Sends scripts/configs to Dual Stack Router
Tunnel Broker
Tunnel Configuration
Tunnel Request
IPv4
v4
IPv6
v4/v6
Configured Tunnel
Dual-Stack Node
38IPv6 Tunneling - Tunnel Broker
- Automation of configured tunnels
- Tunnel Broker model (RFC3053)
- Tunnel Setup Protocol (TSP)
- Client sends request for tunnel
- Broker is based on policies
- Broker sends tunnel information
- Broker configures its tunnel endpoint
- Client then configures its tunnel endpoint
- Client receives stable IPv6 address and prefix
- Well known free services Freenet6, Hurricane
Electric, XS26, among others - 20 different tunnel brokers exist
- Clients for Windows, BSD, Linux, Solaris, etc
- 6Bone access
39IPv6 Tunneling Teredo
- Called Shipworm in earlier IETF drafts
- IPv4/UDP encapsulated IPv6 packets
- Works behind an IPv4 NAT
- Reduces MTU because of UDP encapsulation (port
3544) - Uses Teredo server, Teredo relay, and a Teredo
client - External mapping of IPv4 address and port are
discovered by the Teredo server (on the external
side of the NAT)
40Other Transition Techniques
- Translation
- NAT-PT (RFC 2766)
- TCP-UDP Relay (RFC 3142)
- DSTM (Dual Stack Transition Mechanism)
- Stateless IP/ICMP Translator (SIIT)
- API
- BIS (Bump-In-the-Stack)
- BIA (Bump-In-the-API)
- Application Layer Gateway
- SOCKS-based Gateway
- Microsoft PortProxy
- Apache Reverse Proxy Server v2
41IPv6 Vendors and Products
- Operating Systems
- Windows 2000, XP SP1/2, 2003
- Linux, FreeBSD, Solaris 8/9, HP-UX, Tru64, AIX
- MacOS X 10.2 (Jaguar), 10.3 (Panther), and 10.4
(Tiger) - Current IPv6 Applications
- ping, traceroute, DNS, DHCPv6, NFS, routing, FTP,
Telnet, SSH, IIS, Apache, SMTP, SNMP, NNTP,
firewalls, Syslog, Printing, IPSec, NTP - Cisco supports IPv6 in IOS 12.2T, 12.3, 12.4
- Initially just basic functionality then more
features/protocols and then performance - IPv6 support in PIX v7.0 and ASA5500
42Platform Support
Cisco IOS 12.0S Cisco 12000 Series Routers Cisco
10720 Series
Cisco IOS 12.4/12.4T Cisco 800 Series
Routers Cisco 1700 Series Routers Cisco 1800
Series Routers Cisco 2600 Series Routers Cisco
2800 Series Routers Cisco 3600 Series
Routers Cisco 3700 Series Routers Cisco 3800
Series Routers Cisco 7200 Series Routers Cisco
7301 Series Routers Cisco 7500 Series Routers
Cisco IOS-XR CRS-1, Cisco 12000
Cisco IOS 12.2S derivatives Cisco 72/7300
Series Routers Cisco 75/7600 Series Routers Cisco
10000 Series Routers (CY06) Catalyst 3750/3560
Series Catalyst 4500 Series Catalyst 6500 Series
Cisco Product Portfolio PIX Firewall (7.0), LMS
2.5 SAN(ISCSI/FCIP), Content Networking, IP
Telephony - Radar
43Cisco IOS 12.4M
Core
Security
- IPv6 standard ACL
- IPv6 extended ACL
- IPv6 IPsec authentication for OSPFv3
- IPv6 Firewall
- IPv6 (RFC 2460)
- ICMPv6 (RFC 2463)
- Neighbor Discovery (RFC 2461)
- Stateless Auto-Configuration
- Anycast
- CEFv6/dCEFv6
- uRPF Strict Mode
- CEFv6 Switched Tunnels
Cisco IOS Software Release 12.4M
Routing
- RIPng
- OSPFv3
- IS-IS for IPv6
- MT IS-IS
- MP-BGP IPv6 Unicast
- MP-BGP IPv6 Multicast
- Policy Based Routing
IPv6 QoS (MQC)
Mobile IPv6 HA
44IPv6 Management
- SNMP via IPv6
- CiscoWorks Resource Manager Essentials (RME), LMS
2.5 - CiscoWorks Campus Mgr, Device Fault Mgr
- NetFlow IPv6 record
- Network Analysis Module (NAM)
- NTP, RADIUS, TFTP
- DHCPv6 Compliant (CY06)
- DNSv6 AAAA record compliant (CY06)
- Nagios, NTop, MRTG, Pchar, RANCID, etc.
45IPv6 Internet Exchange Points
- PAIX(Switch and Data) Palo Alto
- MCI MAE WashDC, San Jose, Chicago, Dallas,
Frankfurt, Paris - NY6IX New York
- S-IX NTT San Jose
- 6TAP Chicago (Canarie, Viagenie, ESNet)
- 6iix Telehouse - NY, LA, Santa Clara
- 6TAP Chicago
- XchangePoint London
- UK6X Telehouse, UK
- AMS-IX Amsterdam, NL
- INXS Munich/Hamburg DE
- FICIX Helsinki
- TREX Tampere
- NaMeX Rome
- FNIX6 Paris
- 6NGIX Seoul, South Korea
- NSPIXP-6 Japan
- JPIX Japan
- SIX Singapore
46IPv6 Research and Organizations
47IPv6 Advantages
- Added addresses
- Stateless Autoconfiguration
- Simplifies routing fewer header fields
- Supports IPSec natively
- Improved Mobile IP support
- QOS support flow label potential
- Native Multicast
- Includes Anycast
- Backward compatible
- Many transition mechanisms
- Extensible
48IPv6 Challenges
- New equipment upgrades
- Touch all network devices
- Dual-stacking may maximize CPU and memory
utilization - Performance issues with equipment that is
optimized for IPv4 but not IPv6 - Possible new software upgrades
- Additional capital expenditures
- Overhead caused by maintaining IPv4 and IPv6
routing tables, firewalls, DNS servers, etc. - Requires a migration plan
49IPv6 Challenges
- There is no capability or feature of the Internet
that you can't do today due to not running IPv6. - Something new to learn - Addresses are difficult
to remember - Larger header More bits to read in order to get
to destination address - IPv6 protocol may seem like just a minor upgrade
to IPv4 - Effort required to make transition but hopefully
operational cost savings with IPv6 - End users wont notice the improvement Users
arent asking for IPv6 services - Multi-Homing is not solved (IETF Multi6 WG)
- EIGRP for IPv6 (EFT), IPv6 HSRP (EFT), IPv6 IPSec
(EFT) - May break older IPv4-only applications
- New IPv6 enables apps will need to be developed
50Summary
- An IPv6 transition is already underway in the
Federal Government and other parts of the world. - IPv6 infrastructure and Host OSs are ready now!
- Cisco is a leader in IPv6 and has a full-set of
IPv6 products - Much of the infrastructure you have already
purchased is IPv6 capable, its just a matter of
enabling (software upgrade) - Perform your assessment
- Create a migration strategy
- Create a test lab or leverage other test labs and
start experimenting. - Dual Stack some of your systems
- Test DNS and focus on your other applications
- The sooner we begin the transition, the sooner we
will be done and ahead of our competition.
51IPv6 Books
- Deploying IPv6 Networks, Ciprian P. Popoviciu,
Eric Levy-Abegnoli, Patrick Grossetete, Cisco
Press, Feb 2006. - Running IPv6, Iljitsch van Beijnum, Apress, Nov
2005. - Understanding IPv6, Youngsong Mun, Hyewon K. Lee,
Springer, May 2005. - IPv6 Network Administration, Niall Richard
Murphy, David Malone, OReilly and Associates,
March 2005. - IPv6 Network Programming, Jun-ichiro itojun
Hagino, Digital Press, Oct 2004. - Mobile IPv6, Hesham Soliman, Addison-Wesley,
March 2004. - IPv6, Second Edition Theory, Protocol, and
Practice, Pete Loshin, Morgan Kaufmann, Dec 2003. - Cisco Self-Study Implementing Cisco IPv6
Networks, Regis Desmeules, Cisco Press, May 2003. - Understanding IPv6, Joseph Davies, Microsoft
Press, 2003. - Migrating to IPv6 - IPv6 in Practice IPv6 in
Practice, Marc Blanchet, John Wiley Sons,
November 2002. - IPv6 Essentials, Silvia Hagen, OReilly and
Associates, 2002. - Configuring IPv6 for Cisco IOS, Edgar, Jr.
Parenti, Eric Knipp, Brian Browne, Syngress,
2002. - IPv6 Networks, Marcus Goncalves, Kitty Niles,
McGraw-Hill, April 2001. - Implementing IPv6 Supporting the Next Generation
Internet Protocols, Mark A. Miller, John Wiley
Sons, March 2000. - IPv6 Clearly Explained, Peter Loshin, Morgan
Kaufmann, January 1999. - Hands-On IPv6, Marcus Goncalves, Kitty Niles,
McGraw-Hill, May 1998. - Internetworking IPv6 with Cisco Routers, Silvano
Gai, McGraw-Hill, March, 1998. - IPv6 The Next Generation Protocol, Stewart S.
Miller, Digital Press, December 1997. - IPv6 the New Internet Protocol, Christian
Huitema, Prentice Hall, January 1996.
52SHogg_at_GTRI.com Mobile 303-949-4865 Scott_at_HoggNet
.com