Варианты практической реализации стратегии миграции к IPv6

© 2011 Cisco and/or its affiliates. All rights reserved. 1

Cisco Expo 2012

Варианты практической реализации стратегии миграции к IPv6

Mustafa Bayramov Consulting System Engineer

24/10/2012


Приз за знания Принимайте активное участие в Cisco Expo и получите в подарок Linksys E900.

Как получить подарок:

•  внимательно слушать лекции по технологиям Cisco

•  посещать демонстрации, включенные в основную программу

•  пройти тесты на проверку знаний

Тесты будут открыты:

с 15:00 25 октября по 16:30 26 октября

www.ceq.com.ua


Objective

•  Understand Cisco’s IPv6 Transition solution – CGv6 •  Understand CGv6 solution components.

•  Understand how we can preserve IPv4 address space and in parallel start transition to IPv6.

•  Understand what technologies available to transition to IPv6. •  At the end of session you should be able to deploy Carrier Grade

NAT. : )


Agenda

•  CGv6 Overview

•  CGv6 Solution Component

•  Carrier Grade NAT

•  Transition Technology Overview

•  Tunneling Technology Overview


CGv6 overview

•  CGv6 is a Cisco’s IPv6 Transition solution for Service provider

•  CGv6 Components

Hardware CRS CGSE, ASR 9000 ISM, ASR 1000

Features • Translation (NAT44, NAT64 Stateless/Stateful CGSE) • Tunneling (6rd, ds-lite, 6PE/6VPE)

http://www.cisco.com/go/cgv6/

5

© 2011 Cisco and/or its affiliates. All rights reserved. 6 6

CGv6 Technologies

Preserve

Prepare

Prosper

All IPv6 Today Private IP 6-over-4 Transitional 4-over-6

= IPv4 = Private IP = IPv6

CGN(NAT44) Dual stack 6rd, GRE, IPv6inIPv4, 6PE/6VPE

DS-Lite

XLAT(AFT)


Carrier Grade Services Engine (CGSE)

An engine for Carrier Class SP Services: CGv6, CCN, NPS, DDoS, etc

•  Builds upon the proven performance of the Cisco CRS platform

•  High-capacity, carrier-class SP platform with Cisco IOS-XR

Cisco CRS

Cisco CGSE

•  CGv6: Translation (NAT44, NAT64), Tunneling (6rd, DS-Lite, 4rd)

•  20+ million active translations •  100s of thousands of subscribers •  1+ million connections per second •  20Gb/s of throughput per CGSE

7


CGSE Overview

•  CGv6 function resides on CGSE PLIM

•  Paired with CRS-MSC-40G-B, CRS-MSC-20G-B, CRS-MSC and FP-40 ( R4.1.1 Onwards),

•  Does not Support Pairing with MSC-140, or FP-140

•  No external interfaces

•  Four 16-core Octeon MIPs CPUs, 64 CPU cores

•  Standard interface to MSC, 20 Gbps of throughput (per CGSE)

•  IOS XR on MSC, Linux on Octeon CPUs

8


CGSE PLIM and IPv6 Transition Services (CGv6)

•  Hardware CGv6 function resides on CGSE PLIM Quad Octeon multiprocessor architecture, 64 CPU cores Standard interface to MSC, 2x10 Gbps full-duplex nominal

  Software –  IOS-XR on MSC, Linux on Octeon CPUs –  Leverages XR App SVI to divert packets to/from CGN function –  Leverages Vector Packet Path (VPP) for NAT application –  Integrated configuration & management via IOS XR

CGN and Future IPv6 Apps run here

SVI

SVI


Carrier-Grade Services Engine

•  CGSE Apps attached to one or more routing spaces via Service Virtual Interfaces (SVI)

•  SVI packet diversion employs IP routing

•  Advantages of this approach

•  Per-VRF and interface separation

•  Standard routing techniques for packet diversion

•  Easy service bypass

•  ECMP load sharing

•  Per-SVI and APP OAM

•  Scale and resiliency

VRF1

Global Routing Space

RP

CGSE/Linux CRS IOS-XR

APP1 APP2

VRF2/ Global

Global

SVI’s


ISM Application and Router Domains

Application Domain

• Linux Based • Multi-Purpose Compute Resource • Used for CDS Application with On-board Modular Flash Storage • Used for Translation Setup and Logging of CGN Applications

IOS-XR Router Domain

• IOS-XR • Control Plane • Data Forwarding • L3, L2 (management) • IRB • Hardware Management

Decoupling Application and IOS-XR

Plane delivers Highly Scalable and Flexible Services


ISM Hardware Architecture


Per Blade (ISM) Limits CGN instance supported 1 Number of service infra 1 Number of service app 244 (per system) Maximum IP pool supported /16 Max Static Port forwarding 6 K Max number of NAT users 256 K Number of NAT44 Translations 20 Million connections Throughput (In2Out + Out2in) 10 Gbps (I-MIX with 4 ServiceApp) Throughput (In2out / Out2In) 2.5Gbps (per ServiceApp) NAT44 Session setup rate 1 Million connection / second

ISM Overview


NAT44 (CGSE) vs NAT44 (ISM)

Parameter CGSE behavior ISM behavior

NAT44 CLIs Same Same

Uses SVI Yes Yes

Throughput 20 Gbps (I2O + O2I) 10 Gbps (I2O + O2I)

Max. # of sessions 20M 20M

Session setup rate 1M/sec ~ 1M/sec (TBD)


CGN - Deployment options

Home

Public IP

Private IP Addressed Home

CGN

Distributed Home

Private IP

Private IP Addressed Home

Centralized

CGN

•  Meshes well with Distributed BNG •  Smaller Throughput Requirement

•  Less Emphasis on Redundancy

•  Less Emphasis on Load-Balancing

•  Less CGN Spend per Node

•  Backhaul of NAT customers •  Larger Throughput Requirement

•  Emphasis on Redundancy

•  Emphasis on Load-Balancing

•  More CGN Spend per Node

16 © 2011 Cisco and/or its affiliates. All rights reserved.


Bring Up the CGSE board

interface ServiceInfra1 ipv4 address 3.1.1.2 255.255.255.252 service-location 0/0/CPU0 commit

router(config)#

  Control connection to CGSE are via the One ServiceInfra Interface & IPv4 address of local significance.

hw-module service cgn location 0/0/CPU0 commit

router(config)#   Specify the service role ( cgn ) for the given CGSE location

hw-module location 0/0/CPU0 reload WARNING: This will take the requested node out of service. Do you wish to continue?[confirm(y/n)] y

router#   You need to reload the card. It may take ~15min

  Configure the Serviceinfra Interface and associate with the CGSE location

17


CGSE Booting Process

XR<3.8.0 rommon≤1.48

Service/ CGN Pie not installed

Service/ CGN Pie installed without Role config

Takes Master Octeon out of Reset

  Plim Services process monitors various stages and packaged with comp-hfr-mini.vm.

  3 Retries after which card will put into Failed State

NO

Linux UP Doorbell , App image gets downloaded via TFTP and launched

XR RUN

XR RUN

MBI- BOOT

CGSE-TILE OK

Sends Doorbell to indicate bootloader downloaded (Successful Uboot)

Linux Download will start and boot params

Linux launch happens on master octeon which downloads linux on Slave

CGSE-TILE BOOTING


Service interface Configuration

•  Service Instance is the highest level configuration structure Represents the CGSE card or primary/backup CGSE pair Common redundancy model is 1:1 warm standby 1 ServiceInfra interface per Service Instance – control path

service cgn demo-1 service-location preferred-active 0/X/CPU0 preferred-standby 0/Y/CPU0

  “Service-Type-Specific Instance” is the child structure Includes specific configuration for apps running within Service Instance Service Types (NAT44, Stateless OR Stateful NAT64, DS-Lite & 6rd BR)

service cgn demo-1 service-type nat64 stateless nat64-1

(SL-NAT64 specific config) service-type nat44 nat44-1

(NAT44 specific config) service-type tunnel v6rd 6rd-1

(6rd specific config)

19


ServiceApp InterfacesLogical interfaces/paths between CGSE apps and rest of router

•  Treated like regular interfaces from a routing standpoint SvcApps will go down if CGSE goes down Can be used to signal availability of CGSE (advertise SvcApp into IGP) NAT applications will use local static routing to steer traffic into CGSE

•  Routing example from NAT44 Default route to CGSE in Inside VRF ServiceApp is configured with 80.1.1.1/24 Traffic routed to other addresses on 80.1.1.0/24 go to CGSE Static routes can use interface name, next hop, or both

interface ServiceApp1 vrf CGSE-Inside ipv4 address 80.1.1.1/24 service cgn demo service-type nat44

router static vrf CGSE-Inside address-family ipv4 unicast (option A) 0.0.0.0/0 ServiceApp1 (option B) 0.0.0.0/0 80.1.1.2 (option C) 0.0.0.0/0 ServiceApp1 80.1.1.2

20



•  “..A NAT or NAPT device used by many subscribers, where 'many' would be on the order of dozens to hundreds of thousands of subscribers. This might NAT between any combination of IPv4 and IPv6..”*

•  SP-class Performance and Scale O(tens of millions) of NAT44 translation states (e.g. sessions) O(10Gb/sec) Performance

•  Support standard NAT Behaviors RFC4787, RFC5382, RFC5508

•  Ability to bypass (route around the NAT)

•  Ability to log NAT44 bindings

•  Ability to limit the number of sessions per private IPv4 source


CGN NAT44: One Strategy for Dealing with the IPv4 Address Run-Out Problem

IPv4

IPv4

IPv4

Customers

Public IPv4 Internet

SP Network Public Internet

router

IPv4public

IPv4

IPv4

IPv4

Public IPv4 Internet

= public IPv4

= NOT public IPv4

Carrier Grade NAT

router

(NOT)-IPv4public


Public IPv4 exhaustion with NAT444

  NAT44 very likely to be used on RGW (Private IPv4192.168.0.0)

  Private IPv4 used on RGW WAN interface (Unique per RGW, e.g. 10.0.0.0)

  RGW NAT44 + CGN NAT44 = NAT444 solution

  CGN NAT44 multiplexes several customers onto the same public IPv4 address

  CGN NAT44 can be introduced in a centralized or distributed fashion*

Core Edge Aggregation Access

IP/MPLS

Residential

Private IPv4 (SP Assigned domain)

Private IPv4 (Subs.)

CGN NAT44

NAT44

Public IPv4


NAT444 Prons and Cons

•  ISPs can reclaim global IPv4 addresses from customers, replacing with non-routable private addresses and NAT

•  Addresses immediate IPv4 exhaust problem

•  No change to subscriber CPE •  No IPv4 re-addressing in home •  Dense utilization of Public IP

address/port combinations

Pros Cons

•  SP NAT results in margin & competitive implications

•  Does not solve address exhaust problem in the long term

•  Sharing IPv4 addresses could have user behavioral and liability implications

•  User control over NAT



ASR 9000 and CRS-1/3 with CGSE : Separated VRF Approach

Inside Outside Entry1 10.12.0.29:334 100.0.0.221:18808

Entry2 10.12.0.29:856 100.0.0.221:40582

Entry.. … …

Outside VRF

Interface VLAN

Private IPv4 Subscribers

Public IPv4

•  VRFs to Separate the Private and Public Routing Table. •  Interfaces are associated with a VRF. •  ServiceAPP interfaces are used to send packets to/from CGSE

Dest 0.0.0.0/0 -> AppSVI1 Dest NAT Pool-> AppSVI2 Inside VRF

App Int CGSE

App int

Interface VLAN VLAN


Outside IP address Selection

•  Upon receipt of the first Flow per Inside source address, CGN attempts to choose an Outside address that has at least 1/3 of its ports free – all subsequent Flows from that Inside source will use the same Outside address. This selection is limited to the Outside IP addresses available to the CPU core making the decision, i.e. for a /24 of Outside space assigned to the CGN card, each CPU core will have 64 addresses from which to choose.

•  If no Outside address has 1/3 of the ports free, then an Outside address is randomly chosen from those available. If that Outside address is completely exhausted, then a random selection is made from the remaining addresses, repeated until an address is chosen or it is determined that none are available (which results in an ICMP error message).

•  Upon selection, CGN creates an Address binding (state) between the Inside and Outside address, which will persist as long as there are any Flows using that binding.


Port Selection

•  ISM chooses a port randomly from the list of available (unused) ports associated with the chosen Outside IP address. The first 1024 ports are reserved (not available for allocation). Each port is allocated once, regardless of which L4 protocol (UDP, TCP) is being used in the Flow.

•  If the randomly chosen port is already being used, the selection increments (around a ring) until an available port is found; if none are available then an ICMP error message is sent.

•  If the Inside source already has a number of Flows equal to the configured per-user limit, then the allocation is rejected and an ICMP message is returned.

•  CGN creates a Translation binding (state) between Inside source IP address: port and Outside source IP address: port for the Flow


Carrier Grade NAT ( NAT44 ) Implementation Details

•  ISM and CGSE NAT44 implementation is compliant to these NAT Behavior RFCs, RFC4787 for UDP, RFC5382 for TCP and RFC5508 for ICMP and the Behavior described in http://tools.ietf.org/html/draft-nishitani-cgn-04

•  Endpoint Independent Mapping (RFC4787 and RFC5382)

•  Endpoint Independent Filtering (RFC4787 and RFC5382)

•  Paired IP address assignment (RFC4787 and RFC5382)

•  Port Parity assignment for UDP (RFC4787)

•  Hair-pining

•  1:1 Mapping


NAT44 Service-Type-Specific Instances

•  1 NAT44 Instance per CGN (per primary/backup card pair)

•  Scaling via multiple pools & VRFs within the NAT44 instance •  Outside VRF can be default or “named”, inside must be “named” VRF •  Each Inside VRF maps to one Outside VRF •  Multiple Inside VRFs can map to same Outside VRF

Inside 1

Inside 2

Inside 3

Inside 4

Outside 1

Default

Inside VRF Outside VRF service cgn cgn1 service-type nat44 nat44-1 inside-vrf nat44-Inside-1 map outside-vrf Outside address-pool 1.1.0.0/16 inside-vrf nat44-Inside-2 map address-pool 2.0.0.0/16 inside-vrf nat44-Inside-3 map address-pool 2.1.0.0/26 inside-vrf nat44-Inside-4 map address-pool 2.2.18.0/24

31


NAT44 Deployment Notes •  Separated VRF model – inside & outside of NAT in different VRFs

Outside may be default VRF, Inside must be named VRF Multiple inside VRFs may map to same outside VRF

•  LB in same chassis (CRS uses 3 Tuple Algo, doesn’t help for NAT since same flow should go to same CGSE)

• Use ABF to split traffic.

•  Src based bypassing (Need ABF)

•  Retrieving NAT Statistics •  IOS-XR CLI • Netflow v9 •  XML •  ANA (Check support)

•  SNMP •  ENTITY MIB ,CISCO-ENTITY-FRUCONTROL-MIB,

CISCO-ENTITY-SENSOR-MIB.

•  No CGN Mib Support

  Max Pool per CGSE /16   Max Subscribers 1 Million Per CGSE

NAT44 Inside-Red

NAT44 Inside-Red

NAT44 Inside-Blue

Default IPv4 Only

NAT44 Inside- Orange

NAT44 Outside -Green

32



IPv4/IPv6 Translation Scenarios ?

IPv4 Internet

IPv4 Network

IPv6 Network

IPv6 Internet

Which are possible?

Portion:SUFFIX

•  Connecting an IPv6 network to IPv4 Internet •  Connecting the IPv6 internet to IPv4 network


Stateful and Stateless IPv4/IPv6 Translation

•  Stateful (NAT64 usually refers to stateful v6/v4 translation) Each flow creates state in the translator [2001:DB8:1]:1500 <--> 203.0.113.1:2000 Amount of state based on O(# of translations) N:1 mappings (like NAPT) draft-ietf-behave-v6v4-xlate-stateful

•  Stateless Flow DOES NOT create any state in the translator Algorithmic operation performed on packet headers 1:1 mappings (one IPv4 address used for an IPv6 host)* draft-ietf-behave-v6v4-xlate


Stateless NAT64

•  Enables communication between IPv4 & IPv6 hosts Performs packet translation between address families

•  Green-field (brand new) network wants to deploy IPv6 only Doesn't’t need to acquire IPv4 addresses Simplicity of managing IPv6 only network

•  Needs to access servers on the IPv4 Internet

•  Sessions will be initiated by IPv6 clients

•  Algorithmic mapping of addresses (no state maintained)

•  NAT64 translates IP & L4 header

•  A specific range of IPv6 addresses represents the v4 space This range is called the Network Specific Prefix (NSP)

36


NAT64 Stateless Translation Example without ubits-reserve

•  No state maintained Algorithmic address translation between IPv4 and IPv6

C0,A8,00,01 2001:0DB8:00C0:A800:0100:0000::

  Highly Scalable   Supports both IPv4 initiated and IPv6 initiated sessions   IPv6 nodes need translatable addresses, IPv4 cannot reach all IPv6

  Difference in address space size   1 to 1 mapping between v4 address and v6 address

  Does not conserve IPv4 address space   Translates IP, TCP, UDP, & ICMP - L4 ports are copied

192.168.0.1

IPv4 Decimal IPv6 IPv4 Hex

Network Specific Prefix Suffix Mapped Address


DNS64 •  Required when using NAT64 with IPv6-only end-hosts.

•  Synthesizes AAAA records when not present With IPv6 prefix of NAT64 translator

Internet

AAAA?

IPv6-only host

AAAA?

Empty answer

A?

192.0.2.1 2001:DB8:ABCD::192.0.2.1

(sent simultaneously)

DNS64


From behave framework draft

IPv4 Internet

IPv4 Network

IPv6 Network

IPv4 Network

IPv4 Internet

IPv6 Network

IPv4 Network

IPv6 Network

IPv4 Network

IPv6 Network

1.

2.

3.

4.

5.

6.

stateful stateless

IPv6 Internet

IPv6 Internet


•  Simple configuration Set parameters required by draft Configure ServiceApps Optional Parameters

Required Configuration service cgn cgn1 service-location preferred-active 0/3/CPU0 service-type nat64 stateless xlat1 ipv6-prefix 2001:db8::/32 address-family ipv4 interface ServiceApp4 ! address-family ipv6 interface ServiceApp6 ! interface ServiceApp4 ipv4 address 2.0.0.1 255.255.255.0 service cgn cgn1 service-type nat64 stateless ! interface ServiceApp6 ipv6 address 2001:db8:fe00::1/40 service cgn cgn1 service-type nat64 stateless

Required Configuration router static address-family ipv6 unicast 2001:db8::/32 ServiceApp6 router static address-family ipv4 unicast 100.2.0.0/16 serviceApp4

40



TunnellingIPv6 in IPv4 – Why?

42

Access Node • DHCPv6 snooping •  ICMPv6 snooping •  IPv6 NMS •  IPv6 Security

User • OS v6 Stack

RG •  IPv6 LAN •  IPv6 WAN •  IPv6 NMS

Aggregation •  ICMPv6 snooping •  IPv6 NMS

Core •  IPv6 Routing

Aggregation •  IPv6 Stack •  IPv6 PE/VPE •  IPv6 Routing •  IPv6 NMS

AAA/DHCP

BNG Access Node

RG

IPv6 IPv4 L2

  Deployment of fully native IPv6 affects numerous system components, aka “touch points” NMS/Addressing

•  IPv6 Parameters • DHCPv6

  Some are more challenging or deferrable than others Eg IPv6 upgrade of Access Node

  Tunneling IPv6 over existing IPv4 infrastructure provides a transition solution with minimal number of “touch points”


6to4 Tunnelling Key building block for later tunnel schemes

Public IPv4 address!

2002:Hex(A.B.C.D)::/48"

Used to create 6to4 address space for this site

IPv6 Network

A.B.C.D!

Global IPv6 adress 2001:db8::1/64"

• Automatic tunnels via address mapping • 6in4 encapsulation (next protocol = 41)

• IPv6 addresses from 2002:IPv4::/48

6to4 Relay Anycast address "192.88.99.1


• Automatic IPv6 over IPv4 tunnels (no static config for tunnel endpoints) • Provides connections between IPv6 hosts (not between v4 & v6)

• Utilizes Relay Routers to terminate tunnels

• 2002::/16 address space is assigned to 6to4

• Advertised into local IPv6 network as /16

• IPv4 addresses are mapped into next 32 bits • Requires one globally unique IPv4 address per site

6to4 Tunneling Key building block for later tunnel schemes

2002! IPv4 address!

/48! /64!/16!

Interface ID SLA!


6rd in a Nutshell •  Like 6PE, delivers Production-Quality IPv6 by only touching edge

points around your network

•  Capitalizes on what access networks do well, provisioning and transport of IPv4, adapted for carrying IPv6

•  Stateless operation, easy to provision, low overhead

•  Proven deployment, in production already with N x Gb/s of traffic

•  (Thanks to Youtube over IPv6 )

•  Stateless so no need symmetrical packet flow

•  draft-ietf-softwire-ipv6-6rd-10.txt accepted as an RFC (RFC5969).


6rd (IPv6 Rapid Deployment)Uses Provider’s IPv6 Address Space

6rd BR

CPE

NAT44

Private or existing IPv4 Private IPv4

IPv4 Internet

NAT44 (CGN/LSN)

6rd CE Encap/Decap

  Provide IPv6 through existing IPv4 network (Dual stack core is not necessary)

  End to End “Stateless” “Automatic” Tunnel similar to 6to4 (RFC3056)

  No DHCPv6, Neighbor Discovery, etc. to deploy in access network

IPv6 addressing automatically created from IPv4 addressing, synced with IPv4 lease

  6rd Border Relay (6rd BR, used to be called 6rd Gateway) provides access to IPv6 Internet

  IPv6-in-IPv4 encap and decap function on 6rd CE (old name RG)

  draft-ietf-softwire-ipv6-6rd (with DHCP/NAT extensions)

Private IPv4 Address Public IPv4 Address IPv6 Address

IPv6 IPv6


6rd: IPv6 via IPv4 using 6rd

  Introduction of two Components: 6rd CE (Customer Edge) and 6rd BR (Border Relay)

  Automatic Prefix Delegation on 6rd CE

  Simple, stateless, automatic IPv6-in-IPv4 encap and decap functions on 6rd (CE & BR)

  IPv6 traffic automatically follows IPv4 Routing

  6rd BRs addressed with IPv4 anycast for load-balancing and resiliency

Native, Dual-Stack IPv4/IPv6 service from subscriber perspective


IP/MPLS

Residential

IPv4 IPv4/v6 IPv4/v6


6rd and 6to4 IPv6 Prefix example

2001:ABC 0000:01 0 Interface ID Subnet-ID (<= 16)

0 28 32 56 64

ISP IPv6 Prefix + (op/onal) Domain ID /56 prefix for subscriber

private subscriber’s IPv4 address (<=32) (i.e., drop the “10” of 10.x.x.x and insert the remaining 24 bits)

/28 is an example, can vary based on site

prefix allocation

2002 6400:0001 Interface ID SLA

0 16 48 64

6to4 Prefix

32 bits of public IPv4 address(100.0.0.1)

/48 prefix for subscriber

6rd

6to4


Solving exhaustion while introducing IPv6

  NAT44 on RGW with Private IPv4 on both LAN and WAN side and CGN NAT44 introduced to deal with exhaustion

  6rd CE works in combination with private IPv4 (Private IPv4 on WAN used in Delegated prefix construct)

  Common, centralized vehicle to jointly handle NAT444 and 6rd BR components


IP/MPLS

Residential

Private IPv4 packets

Logging

CGN NAT44

6rd CE

6rd BR

6rd Packets

6rd CE

NAT44

NAT44


Linksys IPv6 config


  How can we create more subnets?

  Use a shorter 6rd Prefix   Use V4 Mask Length to skip common parts of the IPv4 address

2001:ABC0 0901:0A07 Interface ID

6rd Prefix = 2001:ABC0

6rd Prefix Length = 28

RG IPv4 Address = 9.1.10.7

V4 Mask Length = 0

S 28 bits 32 bits 64 bits

4 bits = 16 subnets

2001:ABC 01:0A07 Interface ID

6rd Prefix = 2001:ABC0

6rd Prefix Length = 28

RG IPv4 Address = 9.1.10.7

V4 Mask Length = 8

Subnet

28 bits 24 bits 64 bits

4 bits + 8 bits

X


IPv4 ONLY Access

MPLS/IPv4

Core

Dual Stack

Access

Anycast Address for BR IPv6 Peers

IPv4 Peers

Dual Stack Customers

Access Network

IPv6 Peers

IPv4 Peers

PE

PE

Peer

Peer

PE PE

P

P

  Multiple BR addresses can be used   But, 6rd is stateless   Packets can go to any BR   Option to use anycast for redundancy   All BRs can receive packets on same address


6rd vs 6to4 Attribute 6rd 6to4

IPv6 Address SP’s IPv6 Address Prefix

2002::/16

IPv6 Address “Reputation”

Excellent, it is an ISP IPv6 Prefix

It is “6to4” and everybody knows that

SP-managed service Yes No Always Route thru

SP’s network Yes (SP-managed BR) Maybe (Anycast Relay)

Private IPv4 support Yes No

Border Relay Support (ASR1k, ASR 9000 CRS-1/3)

Supported (IOS)

CE Support (ASR1k, IOS and Linksys)

Supported (IOS)

Doc draft-ietf-softwire-ipv6-6rd

RFC3056


CRS 6rd & ServiceApp Config service cgn demo

service-type tunnel v6rd 6RD

br

ipv6-prefix 2001:420:81::/56

source-address 10.12.0.254

ipv4 prefix length 24

ipv4 suffix length 0

unicast address 2001:420:81:fe::1

!

address-family ipv4

interface ServiceApp3

!

address-family ipv6


!


ipv4 address 172.16.3.1 255.255.255.0

service cgn demo service-type tunnel v6rd

!


ipv6 address 2001:db8::1/64

service cgn demo service-type tunnel v6rd

!

router static

vrf InsidePrivate address-family ipv4 unicast 10.12.0.254/32 vrf default ServiceApp3 172.16.3.2

54

Thank you.


•  An IPv6 network to IPv4 Internet & vice-versa

•  IPv6 network to IPv4 network & vice-versa

CG

SE

IPv6 Internet IPv4 Internet

IPv4 Server

IPv4 Client

IPv6 Server

IPv6 Client

CRS-1/CRS-3

56



•  OSPFv2/IS-IS between CGSE & R1

•  OSPFv3/IS-IS between CGSE & R2

CG

SE

IPv4 Network IPv6 Network

OSPFv2 /IS-IS/BGP

OSPFv3/IS-IS/BGP

IPv4 Client/Server

IPv6 Client/Server

R1 R2 CRS-1/CRS-3

57



•  Subscriber traffic follows best IP path.

•  Static routes to IPv4 /IPv6 destination with metric assigned for Serviceapp interfaces

•  Same NSP Prefix for both CGSEs

CG

SE


Standby

ebgp

IPv4 Client/Server

IPv6 Client/Server

R1 R2 CG

SE

Active

58




•  Same NSP prefix needs to be configured, since it is stateless synchronization is not required.

CG

SE


Active ebgp

IPv4 Client/Server

IPv6 Client/Server

R1 R2

CG

SE

Standby

59




•  Same NSP prefix needs to be configured, since it is stateless synchronization is not required.

CG

SE


Active/Standby ebgp

IPv4 Client/Server

IPv6 Client/Server

R1 R2

CG

SE

CG

SE

CG

SE

Active/Standby

60