8/6/2019 CISCO Ipv6 Viewers Choice

1/11

TechWise TV episode 23Viewers Choice: IPv6Show Notes

Cisco Interaction Networkwww.cisco.com/go/interact

Host: Jonas Tichenor

Co-hosts: Robb Boyd, Cisco solutions specialistJimmy Ray Purser, Cisco solutions specialist

Jump to: Executive SummarySegment 1 Why Mess with a Running System?Segment 2 IPv6 for Dummies Layer 2 Deep DiveSegment 3 IPv6 Routing and TransitioningSegment 4 Security Gotchas and QOSSegment 5 Deployment and ConclusionRecommended ResourcesAcronym Dictionary

Host & Co-host Biographies

http://www.cisco.com/go/interacthttp://www.cisco.com/go/interact

8/6/2019 CISCO Ipv6 Viewers Choice

2/11

Executive Summary

What is IPv6? The current Internet Protocol (IP) is version 4. It underpins everything that we doon the Internet. The vast majority of business network applications also uses IP and associatedprotocols. IP is over thirty years old and it is showing its age. Designed for networks withthousands of nodes it only has 4 billion addresses of which maybe 500 million can realisticallybe used. Given that the world has a population of over 6 billion people and everything fromcars, to phones, to televisions to light switches is being IP enabled it is not surprising that thereis a shortage of addresses. Indeed, had it not been for a number of fixes the Internet wouldhave already run out of addresses. Additionally, IPv4 has no security, no mobility, limitedquality of service and performance issues; there is clear room for improvement.

It is easy to think that the Internet has survived this far and that nothing really needs to bedone. Unfortunately, this ignores the stark reality of the situation. The Internet has been livingon borrowed time for many years. Without the significant intervention that was taken with theintroduction of CIDR (Classless Inter Domain Routing), NAT (Network Address Translation),the dynamic allocation of addresses and Proxy services, the Internet would have ceased tooperate and grow years ago. It is only through these techniques that address depletion hasbeen slowed down and the backbone routing table growth has been constrained.The problem is that these techniques can only do so much. NAT is in fact a bottle-neck thatbreaks the end-to-end connectivity of the Internet. NAT, while essential at present, stops youfrom using very desirable functions and applications (e.g. IP Security, Mobile IP, Voice over IP -VoIP and IP Video on Demand), and NAT is an extra layer of complexity in the network.Organizations find the growing use of private addresses and NAT increasingly complex to

manage. Even with these techniques address space is going to run out and routing tables areagain exploding in size. In addition to this, attractive new applications cannot operate withoutglobal IP addresses and some of the features that IPv4 lacks.

Enter the solution - IPv6. IPv6 has 128 bit addresses, giving 2128 -

3402823669209384624633744607431768211456. With IPv6 there is no need to use theaddress fixes bolted onto IPv4.

In addition to the benefits of a larger address space, IPv6 includes significant technicalenhancements in the areas of security, mobility, quality of service and improved performancethat simplify network administration, such as:- Simplified header for routing efficiency

- Deeper hierarchy and policies for network architecture flexibility, enabling efficient supportfor routing and route aggregation

- Serverless autoconfiguration, easier renumbering, and improved ready-to-use support

- Security with mandatory IP Security (IPSec) implementation for all IPv6 devices

- Improved support for Mobile IP and mobile computing devices (direct path)

- Enhanced multicast support with increased addresses and efficient mechanisms

8/6/2019 CISCO Ipv6 Viewers Choice

3/11

Segment 1 Why mess with a Running System?

Internet Protocol defines how computers communicate over a network. IP version 4 (IPv4), thecurrently prevalent version, contains just over four billion unique IP addresses, which is notenough to last indefinitely. IPv6 is a replacement for IPv4, offering far more IP addresses andenhanced security features.

ARIN and the other RIRs have distributed IPv6 alongside IPv4 since 1999. So far, ARIN hasissued both versions in tandem and has not advocated one over the other, though it has closelymonitored distribution trends with the understanding that the IPv4 available resource pool

would continue to diminish.

With only 19% of IPv4 address space remaining, however, ARIN is now compelled to advisethe Internet community that migration to IPv6 is necessary for any applications thatrequire ongoing availability of contiguous IP number resources.

Jeff Doyle Blog Address Depletion Much Sooner than Expected:http://edge.networkworld.com/community/?q=node/14969&docid=8648

ARIN Warns of IPv4 Depletionhttp://www.arnnet.com.au/index.php/id;1883973296;fp;4194304;fpid;1

China's broadband users only second to US

http://www.chinaknowledge.com/news/news-detail.aspx?id=8340

IPv4 Address Depletion Imminent; ARIN Board Chairman to Recommend Migration toIPv6 at Burton Group Catalyst Conference North America

http://new.marketwire.com/2.0/release.do?id=741953&k=arin

http://edge.networkworld.com/community/?q=node/14969&docid=8648http://www.arnnet.com.au/index.php/id;1883973296;fp;4194304;fpid;1http://www.chinaknowledge.com/news/news-detail.aspx?id=8340http://new.marketwire.com/2.0/release.do?id=741953&k=arinhttp://new.marketwire.com/2.0/release.do?id=741953&k=arinhttp://www.chinaknowledge.com/news/news-detail.aspx?id=8340http://www.arnnet.com.au/index.php/id;1883973296;fp;4194304;fpid;1http://edge.networkworld.com/community/?q=node/14969&docid=8648

8/6/2019 CISCO Ipv6 Viewers Choice

4/11

Segment 2 IPv6 for Dummies, Layer 2 Deep Dive

IPv6 101:- Packets/structures- Address Architecture- Headers (Packet Sniffer Capture) Look at header format and what is actually

contained in the header: prioritization, addressing structures, flags for anycast (new term!),tunneled packet, extensions, routing flags, etc.What is missing (the actual improvements made from the IPv4) checksum, fragmentationremoved,

- Deep Dive L2 (IOS demo on any Cisco Router (IOS CLI))What does IPv6 do to my layer 2 Network Design?

- ICMPv6- Anycast/Auto-config

Cisco IPv6 Config Libraryhttp://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_book09186a00801d65f9.html

Understanding IPv6http://www.cisco.com/ipv6

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_book09186a00801d65f9.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_book09186a00801d65f9.htmlhttp://www.cisco.com/ipv6http://www.cisco.com/ipv6http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_book09186a00801d65f9.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_book09186a00801d65f9.html

8/6/2019 CISCO Ipv6 Viewers Choice

5/11

Segment 3 Understanding IPv6 Routing and Transitioning

Deep Dive L3 (Hardware based demo/IOS CLI demo)- OSPFv3- RIPng- EIGRP- Routing Tables

Transition Mechanisms

6to4 is an IPv4 tunnel-based transition mechanism defined in RFC-3056. It was designed to

allow different IPv6 domains communicate with other IPv6 domains through IPv4 cloudswithout explicit IPv4 tunnels. 6to4 encapsulate IPv6 packets into IPv4 ones, similar to the 6in4tunnels, but the main difference between both methods is that in 6in4 it is necessary toestablish an explicit tunnel on both ends of the tunnel: at the host and at the server sides.Usually this configuration is done by means of external tools like the Tunnel Broker defined inRFC-3053 who is in charge of configuring the tunnel on the server side (router) and sending aconfiguration script in order to let the user configure the tunnel on the host side.With 6to4 there is no need to establish the tunnel on the server side, so the only configurationis done on the host side. The 6to4 router (server side) will accept all the 6to4-encapsultatedpackets coming from any host. A 6in4 router (server side) only accepts 6in4-encapsulatedpackets of active tunnels.

IPv6: Assessing Transition Technologieshttp://www.enterprisenetworkingplanet.com/netsp/article.php/3681291

http://www.ietf.org/rfc/rfc3056.txthttp://www.ietf.org/rfc/rfc3053.txthttp://www.enterprisenetworkingplanet.com/netsp/article.php/3681291http://www.enterprisenetworkingplanet.com/netsp/article.php/3681291http://www.ietf.org/rfc/rfc3053.txthttp://www.ietf.org/rfc/rfc3056.txt

8/6/2019 CISCO Ipv6 Viewers Choice

6/11

Segment 4 Security Gotchas and QoS

Security in IPv6

Security (gotchas) must be pure Ipv6 any tunneling will break the securityadvantages.

Encapsulation (tunneling)

Security Models different types of security strategies to design your network.Implementation strategies for migration/deployment.

Ipsec--->IPv6 interaction

Vista not playing well with IPv6http://www.networkworld.com/news/2007/060707-microsoft-vista-ipv6-incompatible.htmlSean Convery has some great information on his page: http://www.seanconvery.comDownload this paper: IPv6 and IPv4 Threat Comparison and Best-Practice Evaluation

QoS in IPv6- Traffic class- Flow labeling- Extension headers

RFC 2460/3697

Currently IPv6 provides support for QoS marking via a field in the IPv6 header. Similar to thetype of service (ToS) field in the IPv4 header, the traffic class field (8 bits) is available for useby originating nodes and/or forwarding routers to identify and distinguish between differentclasses or priorities of IPv6 packets.

http://www.networkworld.com/news/2007/060707-microsoft-vista-ipv6-incompatible.htmlhttp://www.seanconvery.com/http://www.seanconvery.com/http://www.networkworld.com/news/2007/060707-microsoft-vista-ipv6-incompatible.html

8/6/2019 CISCO Ipv6 Viewers Choice

7/11

Segment 5 Deployment and Conclusion

Deploying IPv6- Transition mechanisms- Network Design- Managing IPv6 and even IPv4

Management Tools:Cisco has supported IPv6 in its IOS software since 2001. During the last two years, Cisco hasbegun developing IPv6 support in other management tools that its customers will need to move

their network architectures to IPv6.

Cisco offers a free auditing tool called IPv6 Network Assessor that automates the process offiguring out which Cisco switches and routers on a network are ready for IPv6 and which arent.

Cisco also has upgraded its CiscoWorks campus-management software to manage its IPv6-enabled Layer 2 and Layer 3 devices. The software offers limited support for IPv6: identifyingaddress identification, management of some configurations and limited path tracing. However,CiscoWorks doesnt offer the full set of features available in IPv4.

Cisco Network Registrar (CNR), a DNS and DHCP package, supports IPv6, including statefuland stateless configuration. Cable service providers are among the early adopters of IPv6-

enabled Cisco Network Registrar.

Cisco also has an IPv6-enabled Network Analysis Module, which is a blade that sits in itsswitches and reports back to Cisco's NetFlow traffic monitoring software.

Full Article: http://www.networkworld.com/news/2007/060707-8-mgmt-vendors-ipv6.html

http://www.networkworld.com/news/2007/060707-8-mgmt-vendors-ipv6.htmlhttp://www.networkworld.com/news/2007/060707-8-mgmt-vendors-ipv6.html

8/6/2019 CISCO Ipv6 Viewers Choice

8/11

Recommended Resources

*Multiple resources and links referenced above

Ciscos IPv6 Main Page:

http://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.html

Cisco initially announced its three-phase IPv6 roadmap in June 2000, and has since introducedsupport across a wide range of Cisco solutions. Cisco IOS Software release deliver a widespectrum of IPv6 features.

Cisco IPv6 Solutions http://www.cisco.com/en/US/products/ps6553/products_white_paper09186a00802219bc.shtml

IPv6 AutoconfigurationSince 1993 the Dynamic Host Configuration Protocol (DHCP) [1] has allowed systems to obtainan IPv4 address as well as other information such as the default router or Domain NameSystem (DNS) server. A similar protocol called DHCPv6 [2] has been published for IPv6, thenext version of the IP protocol. However, IPv6 also has a stateless autoconfiguration protocol[3], which has no equivalent in IPv4.http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.html

http://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter09186a00801d65ed.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter09186a00801d65ed.htmlhttp://www.cisco.com/en/US/products/ps6553/products_white_paper09186a00802219bc.shtmlhttp://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.htmlhttp://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.htmlhttp://www.cisco.com/en/US/products/ps6553/products_white_paper09186a00802219bc.shtmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter09186a00801d65ed.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter09186a00801d65ed.htmlhttp://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.html

8/6/2019 CISCO Ipv6 Viewers Choice

9/11

Acronym Dictionary

*Scroll down for IPv6 specific acronyms.

ASA Adaptive Security Appliance

CSA Cisco Security Agent

CSC Content Security and Control Services Module (for use within the ASA)

CSM Cisco Security Manager

DTM Distributed Threat Mitigation

ICS Incident Control System

IPS Intrusion Prevention System

IDS Intrusion Detection System

IPSEC VPN Virtual Private Network technology that leverages a client on the endpoint toestablish the private, encrypted connection.

ISR Integrated Services Router

MARS Monitoring, Analysis and Response System

NAC Network Admission Control

NCM Network Compliance Manager

SDN Self-Defending Network

NetFlow - open but proprietary network protocol developed by Cisco Systems to run on CiscoIOS-enabled equipment for collecting IP traffic information. (Wikipedia)

SSL VPN Often referred to as Clientless VPN that, in contrast to IPSEC, uses the encryptionbuilt into the browser to set up a secure, remote connection.

SSM Security Services Module located within the ASA that allows the addition of an IPSmodule or a CSC (Content Security and Control Services ModuleAnti-X Edition of the ASA)

http://en.wikipedia.org/wiki/Open_softwarehttp://en.wikipedia.org/wiki/Network_protocolhttp://en.wikipedia.org/wiki/Cisco_Systemshttp://en.wikipedia.org/wiki/Cisco_IOShttp://en.wikipedia.org/wiki/Cisco_IOShttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Cisco_IOShttp://en.wikipedia.org/wiki/Cisco_IOShttp://en.wikipedia.org/wiki/Cisco_Systemshttp://en.wikipedia.org/wiki/Network_protocolhttp://en.wikipedia.org/wiki/Open_software

8/6/2019 CISCO Ipv6 Viewers Choice

10/11

IPv6 Acronyms/GlossaryIANA Internet Assigned Numbers Authority - The Internet Assigned Numbers Authority (IANA) isthe entity that oversees global IP address allocation, DNSroot zone management, and other Internetprotocol assignments. It is operated by ICANN.APNIC - The Asia Pacific Network Information Centre (APNIC) is the Regional Internet Registry forthe Asia-Pacific region.

RIR Regional Internet Registry - organization overseeing the allocation and registration of Internetnumber resources within a particular region of the world. Resources include IP addresses (both IPv4 andIPv6) and autonomous system numbers (for use in BGProuting).

ARIN American Registry for Internet Numbers (ARIN is an RIR) -

LIR - A local Internet registry (LIR) is an organization which has received an IP address allocation froma regional Internet registry (RIR), and which may assign parts of this allocation to its own customers. ALIR is thus typically an Internet service provider. To become a LIR, membership of a RIR is required.

ICANN Internet Corporation for Assigned Names and Numbers - The tasks of ICANN includemanaging the assignment of domain names and IP addresses. To date, much of its work has concernedthe introduction of new generic top-level domains. The technical work of ICANN is referred to as theIANA function; the rest of ICANN is mostly concerned with defining policy.

CIDR - Classless Inter-Domain Routing (CIDR, pronounced "cider") was introduced in 1993 and is thelatest refinement to the way IP addresses are interpreted. It replaced the previous generation of IPaddress syntax, classful networks. It allowed increased flexibility when dividing ranges of IP addressesinto separate networks and thereby promoted:

More efficient use of increasingly scarce IPv4 addresses.

Greater use of hierarchy in address assignments (prefix aggregation), lowering the overhead ofthe Internet-wide inter-domainrouting.

Anycast is a network addressing and routing scheme whereby data is routed to the "nearest" or "best"destination as viewed by the routing topology.

The term is intended to echo the terms unicast, broadcast and multicast.

In unicast, there is a one-to-one association between network address and network endpoint:each destination address uniquely identifies a single receiver endpoint.

In broadcastand multicast, there is a one-to-many association between network addresses andnetwork endpoints: each destination address identifies a set of receiver endpoints, to which allinformation is replicated.

In anycast, there is also a one-to-many association between network addresses and networkendpoints: each destination address identifies a set of receiver endpoints, but only one of themis chosen at any given time to receive information from any given sender.

http://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Domain_Name_Systemhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/ICANNhttp://en.wikipedia.org/wiki/Regional_Internet_Registryhttp://en.wikipedia.org/wiki/Asiahttp://en.wikipedia.org/wiki/Pacifichttp://en.wikipedia.org/wiki/Internet_numberhttp://en.wikipedia.org/wiki/Internet_numberhttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/Autonomous_system_%28Internet%29http://en.wikipedia.org/wiki/BGPhttp://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Regional_Internet_registryhttp://en.wikipedia.org/wiki/Internet_service_providerhttp://en.wikipedia.org/wiki/Domain_namehttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Top-level_domainhttp://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authorityhttp://en.wikipedia.org/wiki/1993http://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Classful_networkhttp://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/Hierarchyhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Inter-domainhttp://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/Addressinghttp://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/Unicasthttp://en.wikipedia.org/wiki/Broadcast_addresshttp://en.wikipedia.org/wiki/Multicasthttp://en.wikipedia.org/wiki/One-to-manyhttp://en.wikipedia.org/wiki/One-to-manyhttp://en.wikipedia.org/wiki/Multicasthttp://en.wikipedia.org/wiki/Broadcast_addresshttp://en.wikipedia.org/wiki/Unicasthttp://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/Addressinghttp://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/Inter-domainhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Hierarchyhttp://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/Classful_networkhttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/1993http://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authorityhttp://en.wikipedia.org/wiki/Top-level_domainhttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Domain_namehttp://en.wikipedia.org/wiki/Internet_service_providerhttp://en.wikipedia.org/wiki/Regional_Internet_registryhttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/BGPhttp://en.wikipedia.org/wiki/Autonomous_system_%28Internet%29http://en.wikipedia.org/wiki/IPv6http://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Internet_numberhttp://en.wikipedia.org/wiki/Internet_numberhttp://en.wikipedia.org/wiki/Pacifichttp://en.wikipedia.org/wiki/Asiahttp://en.wikipedia.org/wiki/Regional_Internet_Registryhttp://en.wikipedia.org/wiki/ICANNhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Domain_Name_Systemhttp://en.wikipedia.org/wiki/IP_address

8/6/2019 CISCO Ipv6 Viewers Choice

11/11

Biographies

Jonas Tichenor, Host of TechWiseTVJonas joined the Cisco Interaction Network as host of Techwise TV in August of 2006. His experience asanchor for the show comes from an award-winning career in the world of broadcast journalism. Jonasbegan as a writer and producer for the FOX affiliate in Tampa Bay in 1996. He quickly became an on-airtalent and started to climb the ranks and markets of news until being signed as a NBC Network newsreporter in the highly desirable San Francisco Bay Area. Jonas is the recipient of several AssociatedPress awards, two Edward R. Murrow Awards for broadcast excellence, he is an Emmy Award winnerand 9 times Emmy Award nominee.

Robb Boyd Co-host of TechWiseTV and Cisco security specialistRobb is the security specialist on Ciscos TechWiseTV, part of the Cisco Interaction Network and CiscosNational Speakers Bureau.

Robb is a certified by ISC2as a Certified Information Systems Security Professional and by the SANS

Institute with the GIAC (Global Information Assurance Certification) Security Essentials Certification(GSEC).

Robb was one of the first field specialists in Ciscos Emerging Technologies group that was eventuallyre-named as Advanced Technologies. Charged with assisting Ciscos field sales people to communicatea security message to their customers, Robb was then asked to repeat that success with the CiscoPartner Community. Robb was subsequently recognized for building security partners that won awardsfor Security Partner of the Year, Global Security Partner of the Year and Most Innovative Partner of the

Year.

He has been consistently requested around the nation as a security speaker and made numerouscontributions to the training of Ciscos Commercial field and channel sales and engineering teams.

Jimmy Ray Purser, Co-host of TechWiseTV and Cisco networking specialistJimmy Ray conducts advanced training for engineers across North America and Europe and regularlyspeaks at industry conferences such as NetWorld+Interop, CeBIT, ZoomIT, Comdex, HP World andnumerous regional events. His topic of choice is network security and security penetration testing.

Purser has been an active participant of the information technology (IT) community for more than 15years, with particular emphasis on local area network (LAN) and wide area network (WAN) infrastructureand security. He is an active member in the IEEE. He has designed, installed and tested numerous

networks for Fortune 500 companies, the United States Military,Internet-based businesses, universities and other education institutions around the world. He is a handson engineer that loves getting into the thick of it. He also writes many articles, whitepapers and otherperiodicals.

Before joining Cisco, Jimmy Ray was a Master Level Field Pre Sales Solution Architect at HP.

Jimmy Ray holds a Masters of Science degree in Electrical Engineering. He is a licensed ProfessionalEngineer in the State of Wisconsin. Jimmy Ray holds two U.S. Patents on network security algorithmsand continues to develop for the IPv6 end to end network.