Upload
vuongque
View
216
Download
0
Embed Size (px)
Citation preview
Program Format
10-week online course
Content is split into 6 modules, released at intervals through course, each has:
2-4 hours of instructional video
Readings, Homework
Lab exercise – typically Cisco config
24x7 e-mail to instructors / support.
Instructor chat and demonstrations
Case Study project to integrate all course technologies.
Example: Fall Schedule
Module Number
Module Name Content Available
Homework Due
Lab Due
1 Introduction to IPv6 Sept. 12 Sept. 23 Sept. 29
2 Technical Fundamentals I Sept. 21 Oct. 3 Oct. 7
3 Technical Fundamentals II Oct. 3 Oct. 13 Oct. 18
4 IPv6 Routing Oct. 12 Oct. 24 Oct. 28
5 Deployment and Transition Oct. 24 Nov. 4 Nov. 8
6 Security and the Future Nov. 2 Nov. 11 Nov. 15
Program Instruction
Effective IPv6 training:
10-week format provides deeper understanding and better retention than short-term training seminars.
High-quality course content.
Homeworks, Labs and Case Study ensure a thorough understanding of technologies and ability to perform necessary Cisco configurations.
Additional topics needed for a specific project can be added by request.
Contact: [email protected]
IPv6 Labs Hands-on configuration practice is
essential to IPv6 learning!!
Online labs make use of CDM DLPods
Students reserve ‘pods’ of real devices, consisting of 5 routers, 3 switches, 3 hosts.
Students connect over VPN to configure devices via RDP, SSH, and Telnet/Cisco CLI.
Seven labs from Fall 2011: IPv6 Addressing, OSPF3 Configuration, MP-BGP Configuration, GRE tunnels, ISATAP tunnels, 6to4 tunnels, 6PE tunnels.
Textbook
Excellent coverage of IPv6 technologies Lots of Cisco configuration examples An excellent reference to have on your shelf
Required Text: Deploying IPv6 Networks by Ciprian Popoviciu, Eric Levy-Abegnoli, Patrick Grossetete.
Optional Text:
TCP/IP Protocol Suite (4th ed.) by Behrouz A. Forouzan
Instructors
Gregory Brewster, PhD
Director, Center for Advanced Network Studies
Faculty Page
Anthony Chung, PhD
Associate Professor
Faculty Page
Jean-Philippe Labruyère, CCIE #1644
FullTime Faculty
Faculty Page
Sample Content
High-quality content to learn IPv6
Clear explanations
Extensive figures and diagrams
Animations and color coding
Demonstrations
In the remaining slides you will find sample content from the Fall 2011/12 offering of the program.
Some diagrams are from course texts.
Topics Overview of IPv6 addressing
IPv6 Address Types and Scopes
Overview of Scope concept
Link-local
Unique Local
Global
Unicast
Overview of global allocation
Anycast
Multicast
Ipv6 and Layer2 addressing
IPv6 addresses required on a host
IPv6 Packet Format
Basic header format
Extension headers
ICMPv6
ICMPv6 Error Messages
ICMPv6 Information Messages
Source Address Selection
Some basic Cisco IPv6 Commands
Address Structure
From RFC 4291
Note: IANA unicast address assignments are currently limited to the
IPv6 unicast address range of 2000::/3.
IPv6 Global Unicast Address Assignments
http://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xml and http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml
Partial table
………..
Anycast Address Taken from the unicast address spaces and are not syntactically
distinguishable from unicast addresses
Assigned to more than one interface (typically belonging to different nodes), with the property that a packet sent to an anycast address is routed to the "nearest" interface having that address, according to the routing protocols' measure of distance. [RFC 4291]
All routers are required to support the Subnet-Router anycast address:
which is formed by the subnet prefix followed by all 0s in the
interface ID. A packet sent to this address is received by one of
the routers on that subnet.
Interface Local
Multicast Address
Some special multicast addresses:
All-nodes mulitcast - FF01:0:0:0:0:0:0:1 (interface local) and
FF02:0:0:0:0:0:0:1 (link local)
Topics IPv6 Neighbor Discovery Protocol (NDP)
Overview / Comparison with IPv4
Router Solicit/Advertise
Stateless Address Autoconfiguration
Neighbor Solicit/Advertise
Router Selection
Address Services: DHCPv6 and DNS
IPv6-Enabled Applications
Enhanced Delivery Services
Global Multicast
Quality of Service (QoS)
IPv6 Mobility
IPv6 Stateless Autoconfiguration (animated)
2107:0:0:1::10 FE80::10
FE80::1:1
Enterprise network
IPv6 Router
DNSv6 Server
Link 2107:0:0:1::/64
Ethernet Switch
Network Prefix = 2107:0:0:1::/64
Gateway IP = FE80::1:1
Link MTU = 1500 bytes
Router Solicit
Router Solicit Router Adv.
2107:0:0:1::11 FE80::11
FE80::12
Gateway LLA = 00:0c:1a:00:13:ad
2107:0:0:9::1:2
DNS = 2107:0:0:9::1:2
2107:0:0:1::12
Neighbor Solicit
DHCPv6 (animated)
Enterprise network
IPv6 Router
DHCP/DNS Server
Ethernet Switch
ipv6 dhcp relay destination 2107:0:0:9::1:2
DHCP Req.
DHCP Req. DHCP Req.
DHCP Req. DHCP Req.
DHCP Ack.
Link 2107:0:0:1::/64
2107:0:0:9::1:2
IPv6 Address = 2107:0:0:1::12
DNS = 2107:0:0:9::1:2
“IPv6 Brokenness” Throughout 2010 and early 2011, early IPv6 adopters
warned that simply adding an AAAA record for a web site could block out large numbers of old IPv4 customers ...
This problem was called “IPv6 Brokenness”.
Mainly fixed now, but awareness and testing essential.
Verifying Multicast Groups - Cisco
R1# show ipv6 interface loopback 100
Loopback100 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::222:55FF:FE18:7DE8
No Virtual link-local address(es):
Global unicast address(es):
2001:8:85A3:4290:222:55FF:FE18:7DE8, subnet is 2001:8:85A3:4290::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF18:7DE8
MTU is 1514 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is not supported
ND reachable time is 30000 milliseconds (using 31238)
Hosts use stateless autoconfig for addresses.
R1#
Topics IPv6 packet processing and forwarding by routers
Routing option header
Configuring Static Route
Configuring routing protocols
RIPng
EIGRPv6
OSPFv3
IS-IS for IPv6
MP-BGP
Multihoming
Deployment considerations
Core
Distribution
Access
Example routing table On Windows netsh interface ipv6 show route * Note – From “Understanding IPv6” by Joseph Davies
RIPng IPv4 - neighboring routers must be on the same
subnet.
IPv6 – neighboring routers always share the same link-local subnet (FE80::/10), and multiple
subnets can be assigned on the same interface.
IPv6 does not use broadcast, but “all RIP routers” link-local multicast address (FF02::9)
RIPng relies on IP Authentication Header and IP Encapsulating Security Payload rather than the RIP authentication mechanism.
EIGRPv6
Example configurations: interface Ethernet0
ipv6 enable
ipv6 eigrp 100
If it’s an IPv6-only router, the router ID must be manually configured: ipv6 router eigrp 100
Router-id 10.10.10.1
OSPFv3
Configuration example interface Ethernet1/0
ipv6 address 2001:200::2/64
ipv6 ospf 100 area 1
end
Options ipv6 router ospf 100
router-id 200.11.11.1
area range 1 2001::/48
area 1 authentication ipsec spi 678 md5
1234567890ABCDEF1234567890ABCDEF
IPv6 Deployment and Transition IPv6 Deployment Scenarios
Tunnels
Manually Configured Tunnels (MCT)
Generic Record Encapsulation (GRE) Tunnels
Teredo, TSP
ISATAP
6to4, 6rd
6PE
Translation
NAT-PT
NAT64, DNS64
Carrier Grade NAT (CGN)
Colors for Figures In figures and diagrams, I will use the
following color scheme:
IPv4 – Blue
IPv6 – Crimson
Ethernet – Green
PPP or L2TP - Purple
IPv6 Router Dual-Stack Router IPv4 Router
IPv6 Cloud
IPv4 Cloud
IPv6 Host Dual-Stack Host IPv4 Host
Scenario #1: Enterprise Client Native IPv6 Access
IPv4/v6
ISP
IPv6
Internet
IPv6 Server
Sally
ForwardCorp
Sally works for ForwardCorp, which has upgraded all corporate workstations and routers to dual-stack.
ForwardCorp connects to an ISP providing IPv4 and IPv6 routing.
Sally can natively connect to IPv4 and IPv6 Internet services.
IPv6 Eth
IPv6 PPP
Enterprise Client Scenario Tunneling through IPv4 ISP
IPv4
ISP
IPv6
Internet
IPv6 Server
Sally
ForwardCorp
Sally works for ForwardCorp, which has upgraded all corporate workstations and routers to dual-stack.
ForwardCorp connects to an ISP providing IPv4 routing only.
ForwardCorp may set up an IPv6-over-IPv4 tunnel between its access router and a dual-stack IPv6 Tunnel Router.
IPv6 Eth
IPv6 IPv4 PPP
IPv6 PPP
Protocol = 41
Enterprise Client Scenario Host-Initiated Tunnel
IPv4
ISP
IPv6
Internet
IPv6 Server
Sally
ForwardCorp
Tunnel
Server
What if Sally has upgraded her workstation to dual-stack, but the rest of ForwardCorp is still IPv4-only?
ForwardCorp connects to an ISP providing IPv4 routing only.
Sally may set up a host-initiated automatic IPv6-over-IPv4 tunnel between her workstation and a dual-stack IPv6 Tunnel Router.
IPv6 EthIPv4
IPv6 IPv4 PPP
IPv6 PPP
Scenario #3: Home Network Tunneling to Tunnel Server
IPv4
ISP
IPv6
Internet
IPv6 Server
Edward’s
LaptopEdward’s Home
(WiFi)
Edward’s Wife’s
Laptop
DSL/Cable
AP/RouterTeredo
Tunnel
Server
What if Edward’s ISP is still IPv4-only and provides no type of Access Layer tunneling?
Edward still may be able to use a host-initiated dynamic tunneling protocol that works through NAT, such as TSP or Teredo, to access a Tunnel Server somewhere in the Internet.
Scenario #4: Site-to-Site CE-CE Tunneling through IPv4 backbone
IPv4
Backbone
ForwardCorp
LA
ForwardCorp
NY
ForwardCorp has two corporate sites – one in Los Angeles and one in New York.
ForwardCorp connects to an ISP providing IPv4 routing only.
ForwardCorp may set up a IPv6-over-IPv4 tunnel between the Customer Edge (CE) routers at both sites.
IPv6 Eth
IPv6 IPv4 PPP
Protocol = 41
IPv6 Eth
Scenario #5: Translation IPv6 Client to IPv4 Server
ForwardCorp
LA (IPv6)
IPv6
Backbone NAT
64
IPv4
Backbone
IPv4-only
Server
IPv6-only
Client
If an IPv6-only Client wishes to obtain service from an IPv4-only server, then tunneling will not help.
A translation service is needed to perform IPv6/IPv4 Network Address Translation / Port Translation (NAT-PT). A NAT64 server is one possible translation service implementation.
IPv6 Eth
IPv6 PPP
IPv4 PPP
Scenario #2: Enterprise Server ISATAP Server
IPv4/v6
ISP
IPv6
Internet
Web Server
DNS Server
ForwardCorp
ISATAP
Server
ISATAP can be deployed by a corporation that wants to provide access to its IPv6 services to IPv6 users in the public Internet.
Scenario #4: Site-to-Site CE-CE Tunneling using 6to4
IPv4
Backbone
ForwardCorp
LA
ForwardCorp
NY
ForwardCorp can use site-to-site 6to4 tunneling if they adopt 2002::/16 6to4 addressing on their sites.
Advantage over static tunnels: no additional configuration needed at these sites when additional sites are added, and access to all other 6to4 sites.
6to4 Router 6to4
Router
6to4 Configuration (Ex. 3-21) ! Router1 interface Tunnel2002 ipv6 address 2002:C80F:F01::1/128 tunnel source Ethernet0/0 tunnel mode ipv6ip 6to4 interface Ethernet0/0 ip address 200.15.15.1 255.255.255.0 interface Ethernet1/0 ipv6 address 2002:C80F:F01:100::2/64 ! route to other 6to4 sites ipv6 route 2002::/16 Tunnel2002 ! route to native IPv6 service ipv6 route ::/0 2002:C058:6301::1
6rd 6rd (IPv6 Rapid Deployment) is a newer revision
of the 6to4 concept developed in 2007 by Rèmi Desprès.
Each ISP uses one of its own IPv6 prefixes for 6rd service – 2002://16 is not used.
6rd client network prefix will be ISP prefix + IPv4 Access Address + Subnet ID::/64
ISP can “compress” the IPv4 Access Address to fewer than 32 bits by dropping leading bits that are identical within ISP.
Operation continues as in 6to4. Access outside of ISP network is through 6rd Relay.
6rd addresses are indistinguishable from native IPv6 addresses on the backbone.
DNS64 / NAT64
Wikipedia Commons: http://commons.wikimedia.org/wiki/File:NAT64.svg
1 2
3 4
5
6
h2.example.com
v6-only client
Carrier Grade NAT (CGN)
Carrier Grade NAT is a large NAT device placed at the
edge of an ISP network where it connects to Internet
backbone.
CGN is used to reduce need for IPv4 addresses
Example: NAT444 is a 2-stage IPv4 NAT process
Customer Private IPv4 is NAT-ed to ISP Private IPv4
ISP Private IPv4 is NAT-ed to public IPv4 at a CGN as
they leave ISP network.
No IPv6 here – just used to reduce IPv4 address
requirements.