Upload
aung-kyaw-thu
View
2
Download
0
Embed Size (px)
DESCRIPTION
hj
Citation preview
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Robert BeckettServices Technical Leader
November 14, 2012
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Network backbone routers, switches, etc.
Terminal servers, telnet, ssh, VNC, RDP, etc.
File servers, VMware, etc.
Services DNS, DHCP, AAA, NTP, SNMP, etc.
NMS vendor and home-grown
IP Phones, Wireless
Power management, Room Access, Surveillance
Thermostat, Cooling, Fire detectors, Lights
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Network backbone routers, switches, etc.
Terminal servers, telnet, ssh, VNC, RDP, etc.
File servers VMware, etc.
Enable IPv6 connectivity within lab
Enable IPv6 connectivity between labs
Enable IPv6 connectivity to Internet where needed
IPv6 available for devices that need/want it
Groundwork for future
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
San Jose
RCDNBXB
RTP
Brussels
Beijing
Tokyo
Sydney
Bangalore
Emerging MarketsUS & Canada European Markets Asia Pacific/Japan
Strategy: combine the labs into one unified, scaled, virtual
system with common architecture and processes: One lab
service cloud.
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Support more TAC IPv6 cases -- recreates
Be ready for the World IPv6 Launch Day: June 6th, 2012
Greater Internet Addressability in lieu of very limited public IPv4 address space
Greater Cisco Addressability in lieu of limited RFC1918 IPv4 Address Availability
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Dual stack
Direct vs. 6in4 Tunnel
RIPv6 / EIGRPv6 / OSPFv3 / IS-IS
Only IS-IS is truly integrated, but this advantage is not too useful in a typical lab that has on the order of dozens of pods and hundreds of subnets
We traditionally used EIGRP inside the lab, but RIPv6 is what Cisco IT uses for the 6in4 tunnels it creates
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Assigned /56 via IP transported via direct or GRE tunnel
Full mesh tunnels, or home all tunnels to single router or to where IT tells you
In our case, not a terribly strict hierarchy mix of main gateway, intermediate gateways, L2/L3 switches, etc.
Route IPv6 on all routers and L3 switches
No need to worry about L2, except as hosts for mgmt
Lab backbone via RIP for now because of IT and desire to keep things simple, migrate to OSPF or EIGRP later
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
ipv6 unicast-routing
!
interface Tunnel0
description for 2001:db8:1bf:400::/56
no ip address
ipv6 address 2001:DB8:1BF:400::2/64
tunnel source Loopback0
tunnel destination 10.27.90.77
tunnel mode ipv6ip
!
interface Loopback0
ip address 131.108.84.1 255.255.255.255
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
interface Vlan11
description BACKBONE ETHERNET SWITCH VLAN
ipv6 address 2001:DB8:1BF:401::1/64
ipv6 rip v6 enable
ipv6 rip v6 default-information originate
!
interface Vlan240
ipv6 address 2001:DB8:1BF:4F0::1/64
!
ipv6 route ::/0 Tunnel0
ipv6 router rip v6
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
ipv6 unicast-routing
!
interface GigabitEthernet0/0
ipv6 address 2001:DB8:1BF:401::11/64
ipv6 rip v6 enable
!
interface GigabitEthernet0/1.54
encapsulation dot1Q 54
ipv6 address 2001:DB8:1BF:436::1/64
!
ipv6 router rip v6
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Via SLAAC/DHCP address, subnet, gateway, DNS if available
interface x/y
ipv6 address autoconfig
Static
interface x/y
ipv6 address 2001:DB8:1BF:436::88/64
!
ipv6 route ::/0 2001:DB8:1BF:436::1
ip name server X:X:X:X::X
ip domain name abc.org
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Some HW may need upgrading
Likely some SW needs upgrading
Cisco IPv6 feature support EIGRP in SXI, IPv6 in ipbase, etc.
Lab topology has evolved over so many years
LARGE lab
Little manpower for lab architecture
IT infra not all IPv6 enabled; need some 6in4 tunnels
Labeling! IPv6 subnets are longer and devices with more and more ports have less empty space to write them.
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
In IPv6, subnet size worries gone
DHCP vs. static range concerns gone basically no chance of IPv6 address collision
Switch feature -- Broadcast suppression no longer needed, multicast suppression still useful
Subnet manager IT / CALO
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Configure IPv6 addresses on more devices by default for IPv6 management telnet, ssh, snmp, etc.
Move from SLAAC to Stateless DHCPv6 and Stateful DHCPv6
Migrate away from non-routable IPv4 address space in favor of corporate routable IPv6 address space
Get IPv6 on our DMZ network
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Cisco Support Community:https://supportforums.cisco.com/community/netpro/network-
infrastructure/ipv6-transition
CCO IPv6 Main Page www.cisco.com/go/ipv6
Thank you.
Cisco Confidential 2010 Cisco and/or its affiliates. All rights reserved. 17
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Discover Layer 3 device on local subnet
Address assignment
Stateful (DHCP) vs Stateless Address assignment (SLAAC)
Server sends Network-Type Information
Prefix
Default Route
Host Address Is:
Prefix Received
+
Link-Layer Address
Cisco Confidential 2010 Cisco and/or its affiliates. All rights reserved. 19
Centralized server performs all addressing tasks
Assigns IP addresses
Keeps track of Client to address mapping
Provides additional network information
DNS server
Default gateway
Examples of Stateful Address protocols
DHCP
Client dynamically takes on addressing tasks
Chooses own IP address
EUI-64
DAD used to avoid address duplication
Additional network information not provided by default
Provided by supporting server
Examples of Stateless Address protocols
SLAAC (StateLess Address AutoConfiguration)
Cisco Confidential 2010 Cisco and/or its affiliates. All rights reserved. 20
DHCPv6 server will allocate one or more IPv6 addresses or prefixes to a DHCPv6 client
DHCP options can be provided to client
DNS server
Domain name
DHCPv6 server maintains state
Stores the leased IPv6 addresses and lease details in its database
Two messages are used
INFORMATION-REQUEST
REPLY
DHCPv6 server only provides configuration information
DNS server
Domain name
Assumption:
Client will acquire IPv6 address through other means (SLAAC)
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
RA can be disabled because DHCP takes care of address assignment
ipv6 dhcp pool IPV6_DHCPPOOL
address prefix 2001:DB8:1000::/64 lifetime infinite infinite
link-address 2001:DB8:1000::1/64
dns-server 2001:DB8:1000::4222
domain-name cisco.com
!
interface Ethernet0/0
ipv6 address 2001:DB8:1000::1/64
ipv6 enable
ipv6 nd ra suppress
ipv6 dhcp server IPV6_DHCPPOOL
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
By default, SLAAC only allows the client to configure an IP address and default route, no additional information
SLAAC must be configured to use other-config-flag options in order to provide DNS and domain name information via the DHCP config
This information is still provided through SLAAC, just configured via DHCP
ipv6 dhcp pool IPV6_DHCPPOOL
dns-server 2001:DB8:1000::4222
domain-name cisco.com
!
interface Ethernet0/0
ipv6 address 2001:DB8:1000::1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server IPV6_DHCPPOOL
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
IPv6s larger address space enables:
Use of link layer addresses inside the address space via eui-64 format
Dynamic client address autoconfiguration with no collisions (DAD)
Plug and play support