0% found this document useful (0 votes)

136 views100 pages

An Introduction To IPv6

Uploaded by

Joao Carlos Magalhaes

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

136 views100 pages

An Introduction To IPv6

Uploaded by

Joao Carlos Magalhaes

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 100

An Introduction to IPv6

TECRST-1301

Prerequisites: Session Abstract

This session is an introduction to IPv6, the next version

of IP. Basic addressing concepts, address resolution,
basic routing, and some deployment options (dual-
stack, tunneling, translation techniques) are covered
along with configuration examples. Topics include the
need for IPv6, IPv6 technology and addressing
structure, ICMPv6 and neighbor discovery (ND)
protocol, IPv6 configuration, overview of IPv6 routing
protocols (RIPng
(RIPng, OSPFv3,
OSPFv3 ISIS for IPv6 and MBGP) .
This session is designed for network engineers
interested in deploying or learning about IPv6.
Attendees should have a solid understanding of IPv4
and basic routing concepts.
Associated Sessions
BRKAGG-2001 Deploying IPv6 for Mobile Operators
BRKOPT-1200 IPv6 Securityy for Service Providers
BRKRST-2301 Enterprise IPv6 Deployment
BRKRST-2303 Panel: Experiences with Deploying IPv6
BRKRST-3300 Service Provider IPv6 Deployment
BRKRST-3305 Advanced IPv6 Deployment and Services
BRKAGG-2004 Architecting for IPv4-Exhaustion
BRKSEC-2003 IPv6 Security Threats and Mitigations
BRKVVT-3061 IPv6 in Enterprise Unified Communications
LTRRST-2300 IPv6 Hands on Lab
TECRST-1301 An Introduction to IPv6

Agenda

Why IPv6?
IPv6 Technology
IPv6 Configuration
IPv4/IPv6 Transition & Co-existence
IPv6 Routing
IPv6 Services
Conclusion
The Global Internet Challenges
There are arguably two intertwined problems
Depletion
p of Global and Private IPv4 address space
p
Addressed by IPv6 and stop gap measures such as NAT, CIDR
Available AS number pool also shrinking (hence 32 bit AS numbers)
Private RFC1918 space is not big enough for many SPs
Growing size of the Internet routing table
As IPv6 grows aggregation is desirable (PI vs PA)

Current Size Increase from

Oct 08 Apr 08
IPv4 BGP Entries 285,680 30,001 (11.7%)
IPv6 BGP Entries 1550 346 (28.7%)

Source: http://bgp.potaroo.net 27 Oct 2008

Worldwide Internet Population (Feb09)

Region World Internet Usage % Pop Internet
Population % Population Penetration

Africa 975,330,899 14.54% 54,171,500 5.3%

Asia 3,780,819,792 56.35% 650,361,843 17.2%

Europe 803,903,540 11.98% 390,141,073 48.5%

Middle East 196,767,614 2.93% 45,861,346 23.3%

North America 337,572,949 5.03% 246,822,936 73.1%

Latin America 576,091,673 8.59% 166,360,735 28.6%

Oceania 34,384,384 0.51% 20,593,751 59.9%

World Total 6,710,029,070 100% 1,574,313,184 23.5%

Source: http://www.internetworldstats.com/stats.htm Feb 2009
“ARIN and the other Regional Internet Registries have distributed Internet
Protocol version 6, IPv6, alongside IPv4 since 1999. To date, ARIN has
issued both protocol versions in tandem and has not advocated one over
the other. ARIN has closely monitored trends in demand and distribution for
both protocol versions with the understanding that the IPv4 available
resource pool would continue to diminish.

The available IPv4 resource pool has now been reduced to the point that
ARIN is compelled to advise the Internet community that migration to IPv6
is necessary for any applications that require ongoing availability from
ARIN of contiguous IP number resources.”

Source: http://www.arin.net/announcements/20070521.html, 21ST May 2007

ARIN (American Registry for Internet Numbers)

Agenda

Why IPv6?
IPv6 Technology
IPv6 Configuration
IPv4/IPv6 Transition & Co-existence
IPv6 Routing
IPv6 Services
Conclusion
Why IPv6?

A Need for IPv6?

IETF IPv6 WG began in early 90s, to solve addressing growth
issues, but
CIDR, NAT,…were developed
IPv4 32 bit address = 4 billion hosts
~40% of the IPv4 address space is still unused which is different from
unallocated
The rising of Internet connected device and appliance will eventually
deplete the IPv4 address space
IP is everywhere
Data, voice, audio and video integration is a reality
Regional registries apply a strict allocation control
So, only compelling reason: More IP addresses
IP Address Allocation History
The H-D ratio (RFC 3194) is the measure of allocation 256
inefficiency; adjusting the raw numbers from the IPv4 Address Pool
RIRs to compensate for their historical allocation 224
IANA Policy - RIRs Allocated Pool for 12-24 Months Distribution
efficiency of 87% matches the published IANA pool 192 Projections based on Jan 2000 to current
IANA RIR
1981—IPv4 protocol published 160 Pool TOTAL
1985 ~ 1/16 of total space 128 Collective RIR
1990 ~ 1/8 of total space 96 Pool Window
1995 ~ 1/3 of total space 64 ARIN
2000 ~ 1/2 of total space 32
2005 ~ 1/4 of total space remaining 0 RIPE
2007 ~ 1/5 of total space remaining Historic APNIC
LACNIC
This despite increasingly intense AFRINIC
conservation effort
PPP/DHCP address sharing NAT
(network address translation) See Article in the Internet Protocol Journal
CIDR (classless inter-domain routing) plus some
http://www.cisco.com/web/about/ac123/ac147/
http://www cisco com/web/about/ac123/ac147/
address reclamation archived_issues/ipj_8-3/ipj_8-3.pdf
Theoretical limit of 32-bit space: ~4 billion devices, Practical
limit of 32-bit space: ~250 million devices (RFC 3194)
U.S. DoC IPv6 RFC
http://www.ntia.doc.gov/ntiahome/ntiageneral/ipv6
/commentsindex.html

Why Not NAT

It was created as a temp solution

NAT breaks the end-to-end model
Growth of NAT has slowed down growth of transparent
applications
No easy way to maintain states of NAT in case of
node failures
NAT break security
NAT complicates mergers, double NATing is needed
for devices to communicate with each other
Some Intrinsic Benefits of IPv6
Huge address space
Simplified header format
Efficient packet handling – fields moved out of header or eliminated
Checksum removed, Fragmentation moved to end hosts
Hierarchical network architecture
Routing efficiency – high level of aggregation possible
Autoconfiguration and plug-and-play support
Reduction in the need for network address translation
Optimised for Internet mobile applications
New types of peer to peer applications
Increased number of multicast addresses
Flow labels for QoS

Agenda

Why IPv6?
IPv6 Technology
IPv6 Configuration
IPv4/IPv6 Transition & Co-existence
IPv6 Routing
IPv6 Services
Conclusion
IPv6 Technology

IPv4/IPv6 Technology Comparison

Service IPv4 IPv6
32-bit, Network 128-bit, Multiple
Addressing Range
Address Translation
Add T l ti S
Scopes
SLAAC, Renumbering,
IP Provisioning DHCP
DHCP
IPSec Mandated, Works
Security IPSec
End-to-End
Mobile IP with Direct
Mobility Mobile IP
Routing
Differentiated Service,
Service Differentiated Service,
Service
Quality-of-Service
Integrated Service Integrated Service
MLD/PIM/MBGP, Scope
Multicast IGMP/PIM/MBGP
Identifier

**Acronyms explained in notes

IPv4 and IPv6 Header Comparison
IPv4 Header IPv6 Header
Type of
Version IHL Total Length Traffic
Service Version Flow Label
Class
Fragment
Identification Flags
Offset
Next
Time to Live Protocol Header Checksum Payload Length Hop Limit
Header

Source Address
Destination Address
Options Padding Source Address
Legend

Field’s Name Kept from IPv4 to IPv6

Fields Not Kept in IPv6
Name and Position Changed in IPv6
Destination Address
New Field in IPv6

IPv6 Header New Field—Flow

Label (RFC3697)
20-Bit Flow Label Field to Identify Specific Flows
Needing Special QoS IPv6 Header
Flow classifiers had been based
on 5-tuple:
5 t l Source/destination
S /d ti ti Version Traffic Class Flow Label
address, protocol type and port
numbers of transport Next Hop
Payload Length
Header Limit
Some of these fields may be
unavailable due to fragmentation,
encryption or locating them past Source Address
extension headers
With flow label,
label each source
chooses its own flow label values;
routers use source addr + flow Destination Address
label to identify distinct flows
Flow label value of 0 used when
no special QoS requested (the
common case today)
Extension Headers

Base header
Next Header = 0
IPv6 Base Header
(40 octets)
1st Extension
E t i
Header 0 or more
…
Next Header = 43 IPv6
Extension Headers Packet
Last Extension
Header
Next Header = 17 Data

N tH
Next Header
d = 17 E t Hdr
Ext Hd Length
L th

Ext Hdr Data

Extension Header Order

Extension Headers Should Be Constructed in the Following
Sequence and Should Be Sequenced in this Order:
Hop-by-Hop header (0)
Destination options header (w/ routing header) (60)
Routing header (43)
Fragment header (44)
Authentication header (51)
ESP header (50)
Mobility header (135)
Destination options header (60)
ICMPv6 (58)
No Next header (59)
Upper-layer header (Varies—
TCP=6, UDP=17)
MTU Issues

Minimum link MTU for IPv6 is 1280 octets

(vs. 68 octets for IPv4)
=> on links with MTU < 1280, link-specific
fragmentation and reassembly must be used

Implementations are expected to perform path MTU

discovery to send packets bigger than 1280
Minimal implementation can omit PMTU discovery as
long as all packets kept ≤ 1280 octets
A hop-by-hop option supports transmission of
“jumbograms” with up to 232 octets of payload; payload
is normally 216

Path MTU Discovery

D:\>ping -l 1500 toshiba-redhat
1
Pinging toshiba-redhat [3ffe:c15:c003:1114:210:a4ff:fec7:5fcf]

Request timed out.

2
Reply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3ms
Reply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3ms 2 1 3
Reply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3ms 3
netsh interface ipv6>show destinationcache Too 1500
Interface 6: LAN Big
PMTU Destination Address Next Hop Address 1480 1480
---- --------------------------------------------- --------------------------
1480 3ffe:c15:c003:1112::1 3ffe:c15:c003:1112::1
IPv6 Addressing

IPv6 Addressing
IPv6 Addressing

Addressing Format
Representation
16-bit hexadecimal numbers
Numbers are separated by (:)
Hex numbers are not case sensitive
Abbreviations are possible
Leading zeros in contiguous block could be represented by (::)
Example:
2001:0db8:0000:130F:0000:0000:087C:140B
2001:0db8:0:130F::87C:140B
Double colon only appears once in the address
Addressing
Prefix Representation
Representation of prefix is just like CIDR
In this representation you attach the prefix length
Like v4 address:
198.10.0.0/16

V6 address is represented the same way:

2001:db8:12::/48

Only leading zeros are omitted. Trailing zeros are

not omitted
2001:0db8:0012::/48 = 2001:db8:12::/48
2001:db8:1200::/48 ≠ 2001:db8:12::/48

IPv6 Address Representation

Loopback address representation

0:0:0:0:0:0:0:1=> ::1
0:0:0:0:0:0:0:1
Same as 127.0.0.1 in IPv4
Identifies self

Unspecified address representation

0:0:0:0:0:0:0:0=> ::
Used as a placeholder when no address available
(Initial DHCP request, Duplicate Address Detection DAD)
IPv6—Addressing Model

Addresses are assigned to interfaces

Change from IPv4 mode:

Interface “expected” to have multiple addresses

Addresses have scope
Link Local
Unique Local Global Unique Local Link Local
Global

Addresses have lifetime

Valid and preferred lifetime

Addressing
Some Special Addresses

Type Binary Hex

Aggregatable Global
001 2 or 3
Unicast Address
Link Local Unicast
1111 1110 10 FE80::/10
Address
FC00::/7
Unique Local Unicast 1111 1100
FC00::/8(registry)
Address 1111 1101
FD00::/8 (no registry)

Multicast Address 1111 1111 FF00::/8

Types of IPv6 Addresses

Unicast
Address of a single interface. One-to-one
One to one delivery to
single interface

Multicast
Address of a set of interfaces. One-to-many delivery to all
interfaces in the set

Anycast
Address of a set of interfaces. One-to-one-of-many delivery to
a single interface in the set that is closest

No more broadcast addresses

Aggregatable Global Unicast Addresses

Provider Site Host

3 45 Bits 16 Bits 64 Bits

Global Routing Prefix SLA Interface ID

001

Aggregatable Global Unicast Addresses Are:

Addresses for generic use of IPv6
Structured as a hierarchy to keep the aggregation
Unique-Local

128 Bits
Global ID 40 Bits Interface ID

1111 110 Subnet ID

FC00::/7
16 Bits

7 Bits

Unique-Local Addresses Used for:

Local communications
Inter-site VPNs
Not routable on the Internet

Link-Local

128 Bits
Remaining 54 Bits Interface ID

1111 1110 10
FE80::/10

10 Bits
Link-Local Addresses Used for:
Mandatory Address for Communication between two IPv6 device
(like ARP but at Layer 3)
Automatically assigned by Router as soon as IPv6 is enabled
Also used for Next-Hop calculation in Routing Protocols
Only Link Specific scope
Remaining 54 bits could be Zero or any manual configured value
IPv6 Multicast Address
IP multicast address has a prefix FF00::/8
(1111 1111); the second octet defines the lifetime
and scope of the multicast address

8-bit 4-bit 4-bit 112-bit

1111 1111 Lifetime Scope Group-ID

Lifetime Scope
0 If Permanent
1 Node
2 Link
1 If Temporary
5 Site
8 Organization
E Global

Some Well Known Multicast Addresses

Address Scope Meaning

FF01::1 Node Local
Node-Local All Nodes
FF02::1 Link-Local All Nodes
FF01::2 Node-Local All Routers
FF02::2 Link-Local All Routers
FF05::2 Site-Local All Routers
FF02::1:FFXX:XXXX Link-Local Solicited-Node

Note that 02 means that this is a permanent address and has

link scope
More details at http://www.iana.org/assignments/ipv6-
multicast-addresses
Multicast Mapping Over Ethernet
IPv6 Multicast
FF02 0000 0000 0000 0000 0001 FF17 FC0F
Address

Corresponding
33 33 FF 17 FC 0F
Ethernet Address

Multicast Prefix
for Ethernet
Multicast

Mapping of IPv6 multicast address to Ethernet

address is:
33:33:<last 32 bits of the IPv6 multicast address>

Solicited-Node Multicast Address

For each unicast and anycast address configured there is a corresponding
solicited-node multicast
This iis specially
Thi i ll used
d ffor ttwo purpose, ffor th
the replacement
l t off ARP
ARP,
and DAD
Used in neighbor solicitation messages
Multicast address with a link-local scope
Solicited-node multicast consists of prefix + lower 24 bits from unicast,
FF02::1:FF:
Router Interface
R1#sh ipv6 int e0
Ethernet0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::200:CFF:FE3A:8B18
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::2 Solicited-Node Multicast Address
FF02::1:FF3A:8B18
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable
h bl ti
time i
is 30000 milliseconds
illi d
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
R1#

Anycast
Anycast Address Assignment

Anycast allows a source node to transmit IP

datagrams to a single destination node out of a
group destination nodes with same subnet id
based on the routing metrics
Only routers should respond to anycast addresses
Routers along the path to the destination just process
the packets based on network prefix
Routers configured to respond to anycast packets
will do so when they receive a packet send to the
anycast address
Anycast Address
Subnet Router Anycast Address (RFC 4291)
128 bits
n bits (128-n)
(128 n) bits

Prefix 00000

Reserved Subnet Anycast Address (RFC 2526)

128 bits
Prefix 111111X111111… 111

Anycast ID
Syntactical the same 0 If EUI-64 Format
as a Unicast address X= 7 bits
1 If Non-EUI-64 Format
Is one-to-nearest
type of address
Use Example: Mobile IPv6
Has a current limited use Home-Agent Anycast Address

IPv6 Prefix Allocation Hierarchy and

Policy Example
IANA
2001::/3

AfriNIC APNIC ARIN LACNIC RIPE NCC

::/12 to::/23 ::/12 to::/23 ::/12 to::/23 ::/12 to::/23 ::/12 to::/23

ISP ISP ISP ISP ISP

ISP ISP ISP ISP ISP
ISP/32 ISP/32 ISP/32 ISP/32 ISP/32
/32 /32 /32 /32 /32
/32 /32 /32 /32 /32

Site Site Site Site Site

Site Site Site Site Site
Site/48 Site/48 Site/48 Site/48 Site/48
/48 /48 /48 /48 /48
/48 /48 /48 /48 /48
IPv6 Address Allocation Process
Partition of Allocated IPv6 Address Space

IPv6 Address Allocation Process

Partition of Allocated IPv6 Address Space (Cont.)

Lowest-Order 64-bit field

of unicast address may
be assigned in several
different ways:
Auto-configured from a 64-bit
EUI-64, or expanded from a
48-bit MAC address
(e.g., Ethernet address)
Auto-generated
pseudo-random number
(to address privacy concerns)
Assigned via DHCP
Manually configured
ICMPv6 and Neighbor Discovery

IPv4/IPv6 Provisioning Comparison

Function IPv4 IPv6

DHCPv6, SLAAC,
Address Assignment DHCPv4
Reconfiguration

Address Resolution ARP, RARP NS, NA

ICMP Router
Router Discovery RS, RA
Discovery

Name Resolution DNSv4 DNSv6

ICMPv6

Internet Control Message Protocol version 6

RFC 2463
Modification of ICMP from IPv4
Message types are similar
(but different types/codes)
Destination unreachable (type 1)
Packet too big (type 2)
Time exceeded (type 3)
Parameter problem (type 4)
Echo request/reply (type 128 and 129)

ICMPv6 Message Fields

Type—identifies the message or action needed

Code—is a type-specific sub-identifier
sub-identifier. For example
example,
Destination Unreachable can mean no route, port
unreachable, administratively prohibited, etc.
Checksum—computed over the entire ICMPv6
message and prepended with a pseudo-header
containing a single-octet
Next Header in ipv6 will have a value of 58 for icmp
Neighbor Discovery

Replaces ARP, ICMP (redirects, router discovery)

Reachability of neighbors
Hosts use it to discover routers, auto configuration
of addresses
Duplicate Address Detection (DAD)

Neighbor Discovery

Neighbor discovery uses ICMPv6 messages, originated

from node on link local with hop
limit of 255
Consists of IPv6 header, ICMPv6 header, neighbor
discovery header, and neighbor discovery options
Five neighbor discovery messages
Router solicitation (ICMPv6 type 133)
Router advertisement (ICMPv6 type 134)
Neighbor solicitation (ICMPv6 type 135)
Neighbor advertisement (ICMPv6 type 136)
Redirect (ICMPV6 type 137)
Router Solicitation and Advertisement

1 RS
1. 2 RA
2.

1—ICMP Type = 133 (RS) 2—ICMP Type = 134 (RA)

Src = link-local address (FE80::1/10) Src = link-local address (FE80::2/10)
Dst = all-routers multicast address Dst = all-nodes multicast address (FF02::1)
(FF02::2)
Data = options, subnet prefix, lifetime,
Query = please send RA autoconfig flag

Router solicitations (RS) are sent by booting nodes to request

RAs for configuring the interfaces
Routers send periodic Router Advertisements (RA) to the all-nodes
multicast address

Neighbor Solicitation and Advertisement

A B

Neighbor Solicitation
ICMP type = 135

Src = A
Dst = Solicited-node multicast of B
Data = link-layer address of A
Query = what is your link address?

Neighbor Advertisement
ICMP type = 136
Src = B
Dst = A
Data = link-layer address of B

A and B can now exchange

packets on this link
Contents of NS

L2 Destination:
L2 multicast address
corresponding to target
IPv6 Solicited Node Address

L3 Source:
IPv6 Link-Local Address of source

L3 Destination:
Solicited Node Address
corresponding to target
IPv6 address of destination

IPv6 Link-Local Address of destination

Contents of NA

L3 Source:
IPv6 Link-Local Address of source

L3 Destination:
IPv6 Link-Local Address
of destination

Link-Layer address requested

In the NS message
Multicast Neighbor Solicitation—
For Duplicate Address Detection (DAD)

Ethernet Header
• Dest MAC is 3333-33-FF-52-F9-D8
33 FF 52 F9 D8
IPv6 Header
• Source Address is ::
• Destination Address is FF02::1:FF52:F9D8
• Hop limit is 255
Neighbor Solicitation Header
Host A
• Target Address is
Tentative IP: FE80::2:260:8FF:FE52:F9D8
FE80::2:260:8FF:FE52:F9D8

Send multicast Neighbor Solicitation

Neighbor Solicitation

Host A uses DAD to verify the existence of a

duplicate address before assigning the
address to its interface.
Host B

Multicast Neighbor Advertisement

(Response)

Ethernet Header
• Destination MAC is 33-33-00-00-00-01
IP 6 Header
IPv6 H d
• Source Address is FE80::2:260:8FF:FE52:F9D8
• Destination Address is FF02::1
• Hop limit is 255
Neighbor Advertisement Header
• Target Address is FE80::2:260:8FF:FE52:F9D8
Host A
Neighbor Discovery Option
Tentative IP: FE80::2:260:8FF:FE52:F9D8
• Target Link-Layer Address is 00-60-08-52-F9-D8

N i hb Advertisement
Neighbor Ad ti t

MAC: 00-60-08-52-F9-D8
IP: FE80::2:260:8FF:FE52:F9D8

Send multicast Neighbor Advertisement

Host B
Redirect
A B

Src = A
R1 Dst IP = 2001:db8:C18:2::1
Dst Ethernet = R2 (default router)
Redirect:
Src = R2
Dst = A
2001:db8:C18:2::/64 Data = good router = R1

Redirect is used by a router to signal the reroute of a

packet to a better router

Autoconfiguration

Mac Address:
00:2c:04:00:FE:56

Host Autoconfigured Sends Network-Type

Address Is: Information
Prefix Received + (Prefix, Default Route, …)
Link-Layer Address

Larger Address Space Enables:

The use of link-layer addresses inside the address space
Autoconfiguration with “no collisions”
Offers “plug and play”
Renumbering

Mac Address:
00:2c:04:00:FE:56

Host Autoconfigured Sends New Network-Type

Address Is: Information
New Prefix Received (Prefix, Default Route, …)
+ Link-Layer Address Data = Two prefixes:
Current prefix (to be
deprecated),
p ), with short
lifetimes
New prefix (to be used), with
normal lifetimes
Larger Address Space Enables:
Renumbering, using autoconfiguration and multiple addresses

Renumbering (Cont.)
Router Configuration after Renumbering:
interface Ethernet0
ipv6 nd prefix 2001:db8:c18:1::/64 43200 0
i 6 nd
ipv6 d prefix
fi 2001
2001:db8:c18:2::/64
db8 18 2 /64 43200 43200

or:
interface Ethernet0
ipv6 nd prefix 2001:db8:c18:1::/64 at Jul 31 2008 23:59 Jul 20 2008 23:59
ipv6 nd prefix 2001:db8:c18:2::/64 43200 43200

New Network Prefix: 2001:db8:c18:2::/64

Deprecated Prefix: 2001:db8:c18:1::/64

Router Advertisements

Host Configuration:
deprecated address 2001:db8:c18:1:260:8ff:fede:8fbe
Autoconfiguring preferred address 2001:db8:c18:2:260:8ff:fede:8fbe
IPv6 Hosts
DHCP and DNS for IPv6

DNS Basics
DNS is a database managing Resource Records (RR)
Stoc k ag e of RR from v ariou s ty pes— IPV 4 and IPV 6:
Start of Au thority (S oA)
NameS erv er
Address— A and AAAA
Pointer— PTR
DNS is an IP application
It u ses either UDP or TCP on top of IPv 4 or IPv 6
References
RFC3596: DNS Extensions toS upport IPV ersion 6
RFC3363: Representing Internet Protoc olV ersion 6 Addresses in Domain Name
sy stem (DNS )
RFC3364: Tradeoffs in Domain NameS ystem (DNS )S upport for Internet
Protoc ol v ersion 6 (IPv 6)
IPv6 and DNS

IPv4 IPv6

Hostname to A record: AAAA record:

IP address www.abc.test. A 192.168.30.1 www.abc.test AAAA 2001:db8:C18:1::2

PTR record: PTR record:

IP address to 1.30.168.192.in-addr.arpa. PTR 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.c.0.
hostname www.abc.test. 8.b.d.0.1.0.0.2.ip6.arpa PTR www.abc.test.

DHCPv4/DHCPv6 Protocol Comparison

DHCP Messages IPv4 IPv6
Initial Message
4-way handshake 4-way handshake
Exchange

Message Types Broadcast, Unicast Multicast, Unicast

Client Server (1) DISCOVER SOLICIT

Server Client (2) OFFER ADVERTISE

Client Server (3) REQUEST REQUEST

Server Client (4) ACK REPLY

DHCPv6
Updated v ersion of DHCP for IPv 4
Supports new addressing
Can be u sed for renu mbering
DHCP Proc ess is same as in IPv 4, bu t,
Client first detec t the presenc e of rou ters on the link
If fou nd, then examines rou ter adv ertisements to determine if DHCP c an be u sed
If no rou ter fou nd or if DHCP c an be u sed, then
DHCP Solicit message is sent to the All-DHCP-Agents
multicast address
U i th
Using the lilink-local
kl l address
dd as the
th source address
dd
Mu ltic ast addresses u sed:
FF02::1:2 = All DHCP Agents (servers or relays, Link-local scope)
FF05::1:3 = All DHCP Servers (Site-local scope)
DHCP Messages: Clients listen UDP port 546; servers and relay agents listen on
UDP port 547

Managing DHCPv6 via Router

Advertisement (Stateful Autoconfig)
RAs Can Be Used to Control DHCPv6 Client Behavior

1. Router Advertisement (RA)

sent with “Use Stateful
Autoconfiguration Flag” = ON
DHCPv6-Serv-1

Core
Router
DHCPv6-Relay-3
DHCPv6-Relay-1

DHCPv6-Client-1

2. Client sends DHCPv6 SOLICIT

Stateless DHCPv6
Stateless DHCPv6 normally combines stateless autoconfiguration
for address assignment, DHCPv6 exchange for all other
configuration settings
1. Router Advertisement (RA) sent,
containing link prefix, also with “Other
configuration flag” = ON
DHCPv6-Serv-1

Core
Router
DHCPv6-Relay-3
DHCPv6-Relay-1

DHCPv6-Client-1

2. Client autoconfigures address based on prefix

option in RA, then sends DHCPv6 SOLICIT

Router Advertisement
Host
PE CPE
IS P E1 E0

DHCP Client DHCP Server

IS P Prov isioning S ystem

Source User A Bit M/O Bits

of RA of RA A Operation M/O Operation
CPE Don’t DoS tateless Use Dhc pv 6 for Address + Other
PE 0 11
E1 Address Assig nment Config . (i.e.,S tatefu l Dhc pv 6)

CPE DoS
Do S tateless Address Use Dhc pv 6 for Other Config .
Host 1 01
Rou ter Assig nment (i.e.,S tateless Dhc pv 6)

Stateless (RFC2462)
RS Are Sent by Booting Nodes to Request RAs for
Configuring the Interfaces; Host Autonomously
Configures Its Own Link-Local Address
Prefix/Options Assignment
Host
PE CPE
IS P E1 E0

DHCP Client DHCP Server

IS P Prov isioning S ystem
1. CPE Sends DHCP Solicit with
ORO = PD
3. RADIUS Responds with 2. PE Sends RADIUS Request
User’s Prefix(es) for the User
4. PE Sends DHCP REPLY with Prefix
Delegation Options
6. Host Configures
5 CPE Configures Addresses from
5. Addresses Based on
The Prefix on Its Downstream the Prefixes Received
Interfaces, and Sends an RA. in the RA. As the O-bit
O-bit Is Set to On Is on, It Sends a DHCP
Information-request
Message, with an
7. CPE Sends a DHCP REPLY
ORO = DNS
Containing Request Options

AAA DHCP ND/DHCP

DHCPv6 Operation
Client Relay Server
Solicit
Relay-Fwd
w/Solicit
/S li i
Relay-Reply
w/Advertise
Advertise

Request
Relay-Fwd
w/Request
Relay-Reply
w/Reply
Reply

All_DHCP_Relay _Ag ents_and_S erv ers (FF02::1:2)

All_DHCP_S erv ers (FF05::1:3)
DHCP Messag es: Clients listen UDP port 546; serv ers and relay ag ents
listen on UDP port 547
Agenda

Why IPv6?
IPv6 Technology
IPv6 Configuration
IPv4/IPv6 Transition & Co-existence
IPv6 Routing
IPv6 Services
Conclusion

IPv6 Configurations

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 72
IOS IPv6 Addressing Examples (1)
Manual Interface Identifier

Fast0/0

ipv6 unicast-routing
!
interface FastEthernet0/0
ip address 10.151.1.1 255.255.255.0
ip pim sparse-mode
d l
duplex auto
speed auto
ipv6 address 2006:1::1/64
ipv6 enable
ipv6 nd ra-interval 30
ipv6 nd prefix 2006:1::/64 300 300
!

IOS IPv6 Addressing Examples (1)

Manual Interface Identifier
r1#sh ipv6 int fast0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::207:50FF:FE5E:9460
Global unicast address(es):
( )
2006:1::1, subnet is 2006:1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF5E:9460
MAC Address : 0007.505e.9460
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
r1#shisint
ND DAD fast0/0 number of DAD attempts: 1
enabled,
FastEthernet0/0
ND reachable timeisisup, line milliseconds
30000 protocol is up
ND advertised
Hardware isreachable time is
AmdFE, address is0007.505e.9460
0 milliseconds(bia 0007.505e.9460)
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 30 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
r1#
IOS IPv6 Addressing Examples (2)
EUI-64 Interface Identifier

Fast0/0

ipv6 unicast-routing
!
interface FastEthernet0/0
ip address 10.151.1.1 255.255.255.0
ip pim sparse-mode
duplex auto
speed auto
ipv6 address 2006:1::/64 eui-64
ipv6 enable
ipv6 nd ra-interval 30
ipv6 nd prefix 2006:1::/64 300 300
!

IOS IPv6 Addressing Examples (2)

EUI-64 Interface Identifier

r1#sh ipv6 int fast0/0

FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::207:50FF:FE5E:9460
Global unicast address(es):
2006:1::207:50FF:FE5E:9460, subnet is 2006:1::/64
Joined group address(es):
FF02::1 MAC Address : 0007.505e.9460
FF02::2
FF02::1:FF5E:9460
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMPr1#sh int fast0/0
redirects are enabled
FastEthernet0/0
ND DAD is enabled
enabled,is number
up, lineofprotocol is up
DAD attempts: 1
ND reachable time
Hardware is is 30000
AmdFE, addressmilliseconds
is 0007.505e.9460 (bia 0007.505e.9460)
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 30 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
r1#
Access-List

Cisco IOS Standard Access Lists

When Used for Traffic Filtering, IPv6 Standard Access
Control Lists (ACL) Offers the Following Functions:
Can filter traffic based on source and destination address
Can filter traffic inbound or outbound on a specific interface
Can add priority to the ACL
Implicit “deny all” at the end of access list
IPv6 Access-List Example

Filtering outgoing traffic from unique-local

source addresses
2001:0db8:c18:2::/64
IPv6 Internet
fc00:0:0:2::/64
ipv6 access-list blocksite deny fc00:0:0:2::/64 any
ipv6 access-list blocksite permit any any
Ethernet0
interface Ethernet0
ipv6 traffic-filter blocksite out

Global prefix: 2001:0db8:c18:2::/64

Unique-local prefix: fc00:0:0:2::/64

FHRP & HSRP

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 80
HSRP for IPv6
Many similarities with HSRP for IPv4
Changes occur in Neighbor
Advertisement, Router Advertisement, HSRP HSRP
and
d ICMP
ICMPv66 redirects
di t A ti
Active Standb
Standby
No need to configure GW on hosts (RAs
are sent from HSRP Active router)
Virtual MAC derived from HSRP
group number and virtual IPv6 interface FastEthernet0/1
Link-local address ipv6 address 2001:DB8:66:67::2/64
IPv6 Virtual MAC range: ipv6 cef
0005.73A0.0000 - 0005.73A0.0FFF standby version 2
(4096 addresses) standby 1 ipv6 autoconfig
HSRP IPv6 UDP Port Number 2029 standby
sta dby 1 t
timers
e s msec
sec 250
50 msec
sec 800
(IANA Assigned) standby 1 preempt
No HSRP IPv6 secondary address standby 1 preempt delay minimum 180
standby 1 authentication md5 key-string cisco
No HSRP IPv6 specific debug
standby 1 track FastEthernet0/0
Host with GW of Virtual IP
#route -A inet6 | grep ::/0 | grep eth2
::/0 fe80::5:73ff:fea0:1 UGDA 1024 0 0 eth2

First-Hop Redundancy
When HS RP,GLBP andV RRP for IPv 6 are not av ailable
NUD c an be u sed for ru dimentary HA at the first-hop (today this only applies
to the Campu s/DC…H
s/DC HS RP is av ailable on rou ters)
(config-if)#ipv6 nd reachable-time 5000
Hosts u se NUD “reac hable time” to c ycle to next k nown defau lt g ateway
(30 sec onds by defau lt)

Default Gateway . . . . . . . . . : 10.121.10.1

fe80::211:bcff:fec0:d000%4
fe80::211:bcff:fec0:c800%4
Reachable Time : 6s Access Distribution
Layer Layer
Base Reachable Time : 5s
1
RA

HSRP To Core Layer

IPv4

HSRP for IPv4 2 RA

RA’s with adjusted reachable-time for IPv6 1

Agenda

Why IPv6?
IPv6 Technology
IPv6 Configuration
IPv4/IPv6 Transition & Co-existence
IPv6 Routing
IPv6 Services
Conclusion

IPv4/IPv6 Transition & Coexistence

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 84
IPv4-IPv6 Transition/Coexistence

A wide range of techniques have been identified and

implemented, basically falling into three categories:
Dual-stack techniques, to allow IPv4 and IPv6 to
co-exist in the same devices and networks
Tunneling techniques, to avoid order dependencies when
upgrading hosts, routers, or regions
Translation techniques, to allow IPv6-only devices to
communicate with IPv4-only devices

Expect all of these to be used, in combination

Dual-Stack Techniques

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 86
IPv6 Using Dual Stack Backbone
IPv6 + IPv4
Dual Stack App IPv4 + IPv6 Edge IPv4 and/or IPv4 edge
Core

CE PE P P PE CE
IPv
4
IPv
6 IPv4/IPv6 IPv4 configured interface
IPv Core
4 IPv
6

Some or all interfaces in cloud

dual configured IPv6 configured interface

All P + PE routers are capable of IPv4+IPv6 support

Two IGPs supporting IPv4 and IPv6
Memory considerations for larger routing tables
Native IPv6 multicast support
All IPv6 traffic routed in global space
Good for content distribution and global services (Internet)

Dual Stack Configuration

IPv6 + IPv4
Dual Stack App IPv4 + IPv6 Edge IPv4 and/or IPv4 edge
Core

CE PE P P PE CE
IPv
4
IPv
6 IPv4/IPv6
IPv Core
4 IPv
6

ipv6 unicast-routing
interface Ethernet0
ip address 192
192.168.99.1
168 99 1 255
255.255.255.0
255 255 0
ipv6 address 2001:db8:213:1::1/64
Dual Stack Approach
IPv6-Enabled Application
Application

Preferred
TCP UDP TCP UDP Method on
Application’s
Servers
IPv4 IPv6 IPv4 IPv6
Frame
0x0800 0x86dd 0x0800 0x86dd
Protocol ID
Data Link (Ethernet) Data Link (Ethernet)

Dual Stack Node Means:

Both IPv 4 and IPv 6 stac k s enabled
Applic ations c an talk to both
Choic e of the IP v ersion is based on name looku p and
applic ation preferenc e

Dual Stack Approach & DNS

192.168.0.3
www.example.org = * ?
IPv
4
DNS IPv4
Server IPv6

IPv
6
www IN A 192.168.0.3
www IN AAAA 2001:db8:1::1 2001:db8:1::1

In a dual stack case an application that:

Is IPv 4 and IPv 6-enabled
Can qu ery the DNS for IPv 4 and/or IPv 6 rec ords (A) or (AAAA) rec ords
Chooses one address and, for example, c onnec ts to the IPv 6 address
DNS Query In IOS
Query=“www.example.org” TYPE=“AAAA”

Resp=“2001:db8:1::1” Type=“AAAA”

Router A OR
DNS
B server
Resp=“NONE”

Query=“www.example.org” TYPE=“A”

Resp=“192.168.0.3” Type=“A”

DNS resolver picks IPv6 AAAA record first

IPv6 stacks on Windows XP, Linux, FreeBSD, etc also pick IPv6 address
before IPv4 address if both exist

Tunneling Techniques

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 92
Tunneling Techniques
GRE
Manual
6to4
DMVPN
ISATAP
MPLS Manual
MPLS 6PE

Manual and GRE Tunnels

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 94
Manually Configured GRE Tunnel

Dual-Stack Dual-Stack
Router1 Router2
IP 4
IPv4
IPv6 IPv6
Network Network

IPv4: 192.168.99.1 IPv4: 192.168.30.1

IPv6: 2001:db8:800:1::3 IPv6: 2001:db8:800:1::2

router1# router2#

interface Tunnel0 interface Tunnel0

ipv6 enable ipv6 enable
ipv6 address 2001:db8:c18:1::3/128 ipv6 address 2001:db8:c18:1::2/128
tunnel source 192.168.99.1 tunnel source 192.168.30.1
tunnel destination 192.168.30.1 tunnel destination 192.168.99.1
tunnel mode gre ipv6 tunnel mode gre ipv6

Manually Configured IPv6

Over IPv4 Tunnel

Dual-Stack Dual-Stack
Router1 Router2
IP 4
IPv4 IPv6
IPv6
network network

IPv4: 192.168.99.1 IPv4: 192.168.30.1

IPv6: 2001:db8:800:1::3 IPv6: 2001:db8:800:1::2

router1# router2#

interface Tunnel0 interface Tunnel0

ipv6 enable ipv6 enable
ipv6 address 2001:db8:c18:1::3/127 ipv6 address 2001:db8:c18:1::2/127
tunnel source 192.168.99.1 tunnel source 192.168.30.1
tunnel destination 192.168.30.1 tunnel destination 192.168.99.1
tunnel mode ipv6ip tunnel mode ipv6ip
6to4

6 to 4 Tunnels (RFC 3056)

IPv6 IPv6 IPv4 IPv6
Packet Packet Header Packet

IPv6 Network IPv4 Backbone Network IPv6 Network

200.15.15.1 (e0/0) 200.11.11.1 (e0/0)

IPv4
Backbone Network IPv6
IPv6 PE PE
2002:c80b:0b0
2002:c80f:0f01 6 to 4 Tunnel 1
CE CE
P P
2002:c80f:0f01:100::1 2002:c80b:0b01:100::1

Au tomatic tu nnel method u sing 2002:IPv 4::/48 IPv 6 rang e

IPv4 embedded in IPv6 format eg. 2002:c80f:0f01:: = 200.15.15.1
No impac t on existing IPv 4 or MPLS Core (IPv 6 u naware)
Tu nnel endpoints hav e to be IPv 6 and IPv 4 aware (Du al stac k )
Transition tec hnolog y – not for long term u se
No mu ltic ast su pport,S tatic Rou ting
Intrinsic link ag e between destination IPv 6S ubnet and IPv 4 g ateway interfac e
IPv4 Gateway = Tunnel End point
Destination Dynamically Computed
IPv6 IPv6 IPv4 IPv6
Packet Packet Header Packet

IPv6 Network IPv4 Backbone Network IPv6 Network

200.15.15.1 (e0/0) 200.11.11.1 (e0/0)

IPv4
Backbone Network IPv6
IPv6 PE PE
2002:c80b:0b0
2002:c80f:0f01 6 to 4 Tunnel 1
CE CE
P P
2002:c80f:0f01:100::1 2002:c80b:0b01:100::1
All 6 to 4 Networks Subnet
Host 64 bits
are 2002:V4ADDR::/48 16 bits

2002:c80b:0b01:0100
0100: 0000:0000:0000:0001 Server Address

Tunnel end point in

200.11.11.1 IPv4 Network
IPv6 Header IPv4 Header
(Src) (Dst) (Src) (Dst)
2002:c80f:0f01:100:1 2002:c80b:0b01:100:1 200.15.15.1 200.11.11.1

6 to 4 Configuration
IPv6 IPv6 IPv4 IPv6
Packet Packet Header Packet

IPv6 Network IPv4 Backbone Network IPv6 Network

200.15.15.1 (e0/0) 200.11.11.1 (e0/0)

IPv4
Backbone Network IPv6
IPv6 PE PE
2002:c80b:0b0
2002:c80f:0f01 6 to 4 Tunnel 1
CE CE
P P
2002:c80f:0f01:100::1 2002:c80b:0b01:100::1

interface tunnel 2002 interface tunnel 2002

ipv6 address 2002:c80f:0f01::1/128 ipv6 address 2002:c80b:0b01::1/128
tunnel source ethernet0/0 tunnel source ethernet0/0
tunnel mode ipv6ip 6to4 tunnel mode ipv6ip 6to4

interface ethernet 0/0 interface ethernet 0/0

ip address 200.15.15.1 255.255.255.0 ip address 200.11.11.1 255.255.255.0

interface ethernet 1/0 interface ethernet 1/0

ipv6 address 2002:c80f:0f01:100::2/64 ipv6 address 2002:c80b:0b01:100::2/64

ipv6 route 2002::/16 tunnel2002 ipv6 route 2002::/16 tunnel2002

6 to 4 Relay Service
IPv6 IPv6 IPv4
Packet Packet Header

6 to 4 relay allows ac c ess to IPv 6 g lobal network

Can u se tu nnel Any c ast address 192.88.99.1
6 to 4 router finds closest 6-to-4 relay router
Return path could be asymmetric
Defau lt rou te to IPv 6 Internet
BGP can also be used to select particular 6 to 4 relay based on prefix
Allows more granular routing policy

6 to 4 Relay Configuration
IPv6 IPv6 IPv4
Packet Packet Header

IPv6 Network IPv4 Backbone Network

200.15.15.1 (e0/0)
IPv4 192.88.99.1 (lo0)
Backbone Network
IPv6 PE PE 2002:c058:6301::1 (lo0)
2002:c80f:0f01 6 to 4 Tunnel
CE
P P
PE IPv6 Internet
2002:c80f:0f01:100::1
2000::/3
192.88.99.1 (lo2)
2002:c058:6301::1 (lo2)
interface tunnel 2002 interface Loopback2
ipv6 address 2002:c80f:0f01::1/128 ip address 192.88.99.1 255.255.255.0
tunnel source ethernet0/0 ipv6 address 2002:C058:6301::1/128
tunnel mode ipv6ip 6to4 !
interface Tunnel2002
interface ethernet 0/0 ipv6 unnumbered Loopback2
ip address 200.15.15.1 255.255.255.0 tunnel source Loopback2
tunnel mode ipv6ip 6to4
interface ethernet 1/0 !
ipv6 address 2002:c80f:0f01:100::2/64 ipv6 route 2002::/16 Tunnel2002

ipv6 route 2002::/16 tunnel2002

ip route ::/0 2002:c058:6301::1
DMVPN

DMVPN for IPv6

IPv6 IPv6 GRE IPv4 IPv6
Packet Packet Header Next Hop Packet

IPv6 Private Network IPv4 Public Network IPv6 Private Network

IPv4
IPv6 Public Network IPv6
2001:db8:0:1::/64 PE PE 2001:db8:0:2::/64
Dynamic Spoke to Spoke Tunnel
Static Spoke to Hub Tunnel Static Spoke to Hub Tunnel
CE P P CE
SPOKE PE SPOKE

NHRP IPv6
Database 2002:db8::/64
CE
HUB

DMPV PN allows fu ll or partial mesh c onnec tiv ity

mGRE tunnel spokes to static hub
Dynamic mGRE tunnels spoke to spoke
mGRE Tu nnels c an be enc ry pted
mGRE relies on NHRP for destination address (NBMA)
IPv6 Phase 1
IPv6 packets over DMVPN IPv4 tunnels
In IOS release 12.4(20)T
IPv4 infrastructure network
IPv6 and/or IPv4 data packets over same IPv4 GRE tunnel
Configure IPv6 just like on other interfaces
Complete set of NHRP commands
network-id, holdtime, authentication, map, etc.
NHRP registers two addresses
Link-local for routing protocol (Automatic or Manual)*
Unicast Global for packet forwarding (Mandatory)
IPv6/IPv4 packets over IPv6 GRE tunnel is on roadmap too
(phase 2)

DMVPN IPv6 Restrictions

Current implementation restricted to IPv6 in

Overlay network.
IPv6 unicast tunnel address mandatory.
Network Discovery not required.
For your
reference
IPv6 Phase 1 Configuration
ipv6 unicast-routing ipv6 unicast-routing
ipv6 cef ipv6 cef
… …
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
Hub interface Tunnel0
ip address 10.0.0.11 255.255.255.0
Spoke
ip mtu 1400 ip mtu 1400
ip nhrp authentication test ip nhrp authentication test
ip nhrp map multicast dynamic ip nhrp map multicast 172.17.0.1
172 17 0 1
ip nhrp network-id 100000 ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp holdtime 360 ip nhrp network-id 100000
ip nhrp redirect ip nhrp holdtime 360
ip tcp adjust-mss 1360 ip nhrp nhs 10.0.0.1
no ip split-horizon eigrp 1 ip nhrp shortcut
ipv6 address 2001:DB8:0:100::1/64 ip tcp adjust-mss 1360
ipv6 mtu 1400 ipv6 address 2001:DB8:0:100::B/64
ipv6 eigrp 1 ipv6 mtu 1400
no ipv6 split-horizon eigrp 1 ipv6 eigrp 1
ipv6 nhrp authentication testv6 ipv6 nhrp authentication testv6
ipv6 nhrp map multicast dynamic ipv6 nhrp map multicast 172.17.0.1
ipv6 nhrp network-id 100006 ipv6 nhrp map 2001:DB8:0:100::1/128 172.17.0.1
ipv6 nhrp holdtime 300 ipv6 nhrp network-id 100006
ipv6 nhrp redirect ipv6 nhrp holdtime 300
tunnel source Serial2/0 ipv6 nhrp nhs 2001:DB8:0:100::1
tunnel mode gre multipoint ipv6 nhrp shortcut
t
tunnell protection
t ti ipsec
i profile
fil vpnproff t
tunnell source Serial1/0
S i l1/0
! tunnel mode gre multipoint
interface Ethernet0/0 tunnel protection ipsec profile vpnprof
ip address 192.168.0.1 255.255.255.0 !
ipv6 address 2001:DB8::1/64 interface Ethernet0/0
ipv6 eigrp 1 ip address 192.168.1.1 255.255.255.0
! ipv6 address 2001:DB8:0:1::1/64
interface Serial2/0 ipv6 eigrp 1
ip address 172.17.0.1 255.255.255.252 !
! interface Serial1/0
ipv6 router eigrp 1 ip address 172.16.1.1 255.255.255.252
no shutdown !
ipv6 router eigrp 1
no shutdown

For your
reference
IPv6 Phase 1 ‘Show ipv6 nhrp’

2001:DB8:0:100::B/128
2001 DB8 0 100 B/128 via
i 2001
2001:DB8:0:100::B
DB8 0 100 B
Hub Tunnel0 created 1d16h, expire 00:04:58
Type: dynamic, Flags: unique registered used
NBMA address: 172.16.1.1
FE80::A8BB:CCFF:FE00:C800/128 via 2001:DB8:0:100::B
Tunnel0 created 1d16h, expire 00:04:58
Type: dynamic, Flags: unique registered
NBMA address: 172.16.1.1

2001:DB8:0:100::1/128 via 2001:DB8:0:100::1

Spoke Tunnel0 created 1d16h, never expire
Type: static, Flags: used
NBMA address:
dd 172 17 0 1
172.17.0.1
FE80::A8BB:CCFF:FE00:6400/128 via FE80::A8BB:CCFF:FE00:6400
Tunnel0 created 1d16h, expire 00:04:59
Type: dynamic, Flags:
NBMA address: 172.17.0.1
ISATAP

Intrasite Automatic Tunnel

Address Protocol

RFC 4214
This is for enterprise networks such as corporate and
academic networks
Scalable approach for incremental deployment
ISATAP makes your IPv4 infrastructure as transport
(NBMA) network
ISATAP Address Format
ISATAP hosts use a special IPV6 address format
Interface ID carries information
Rightmost 32 bits contains the host IPv4 address
Leftmost 32 bits contains “0000:5EFE”
Global prefix provided by ISATAP router
Interface ID portion remain static for all packets
Link-Local addresses used for solicitation of global address
192 168 1 1
192.168.1.1
Host Address
Interface ID

Unicast Prefix 0000:5EFE: C0A8:0201 ISATAP Address

Can be Link-local or Global ISATAP ID IPv4 Address

of Host

ISATAP Prefix Advertisement

IPv6 IPv4 IPv6 IPv4 IPv6
Packet Header Packet Header Packet

Address Value Address Value

IPv4 Global: 192.168.2.1 IPv4 Global: 192.168.4.1
IPv6 Link-Local: fe80::5efe:c0a8:0201 IPv6 Link-Local: fe80::5efe:c0a8:0401
IPv6 Global: 2001:db8:face:2::5efe:c0a8:0201 IPv6 Global: 2001:db8:face::5efe:2::c0a8:0401

ISATAP Configuration (XP)

IPv6 IPv4 IPv6 IPv4 IPv6
Packet Header Packet Header Packet

ipv6 install
netsh interface ipv6 isatap set router 192.168.4.1

interface Ethernet0
PC config does not use DNS !
ip address 192.168.4.1 255.255.255.0

EUI-64 allows router to generate interface Tunnel0

ipv6 address 2001:db8:face:2::/64 eui-64
Link ID portion of address no ipv6 nd suppress-ra
tunnel source Ethernet0
Turn off ND message suppression tunnel mode ipv6ip isatap
MPLS and Manual Tunnels

Manual Tunnels Over MPLS

IPv6 IPv6 IPv4 IGP IPv6
Packet Packet Hdr Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network

CE PE P P PE CE
IPv6 Manual Tunnel over LSP
IPv6

IPv4
MPLS
IPv6 Manual Tunnel over LSP IPv6
CE PE P P PE CE

Uses manu al tu nnel c onfig u ration as prev iou sly discu ssed
Tu nnel in Tu nnel Method (P2P tu nnels)
Manual Tunnel running over Label Switch Path (protocol=41)
Double encapsulation, first IPv4 then into MPLS frame (tunnel overhead)
Tunnels terminate on PE
CE rou ters sing le stac k , PE mu st be du al stac k
MP-BGP c an be ru n ov er tu nnel to distribu te IPv 6 rou tes between PE rou ters
Good for interc onnec ting disc rete cu stomer islands
Manual Tunnels Over MPLS Configuration
IPv6 IPv6 IPv4 LDP IPv6
Packet Packet Hdr Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network

CE PE P P PE CE
IPv6 MP-BGP
IPv6

200.10.10.1 IPv4 200.11.11.1

MPLS
IPv6 MP-BGP IPv6
CE PE P P PE CE

interface loopback0 interface loopback0

ip address 200.10.10.1 255.255.255.0 ip address 200.11.11.1 255.255.255.0

interface tunnel100 interface tunnel100

ipv6 address 2001:100::1/64 ipv6 address 2001:100::2/64
tunnel source loopback0 tunnel source loopback0
tunnel destination 200.11.11.1 tunnel destination 200.10.10.1
tunnel mode ipv6ip tunnel mode ipv6ip

router bgp 100 router bgp 100

neighbor 2001:100::2 remote-as 100 neighbor 2001:100::1 remote-as 100

address-family ipv6 address-family ipv6

neighbor 2001:100:2 activate neighbor 2001:100:1 activate

MPLS 6PE

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 118
IPv6 Transit Using MPLS 6PE (RFC 4798)
IPv6 IPv6 BGP LDP IPv6
Packet Packet Label Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network

CE 6PE3 P P 6PE4 CE
IPv6 IPv6

200.10.10.1 IPv4 200.11.11.1

MPLS
IPv6 IPv6

CE 6PE1 PiBGP P 6PE2 CE 2001:db8::

2001:f00d::
exchange IPv6

6PEs mu st su pport du al stac k IPv 4+IPv 6 (ac ts as normal IPv 4 PE)

IPv 6 pac k ets transported from 6PE to 6PE ov er LabelS witc h Path
IPv 6 addresses exist in g lobal table of PE rou ters only
IPv6 addresses exchanged between 6PE using MP-BGP session
Core u ses IPv 4 c ontrol plane (LDPv 4, TEv 4, IGPv 4, MP-BGP)
Benefits from MPLS featu res su c h as FRR, TE

Services Using MPLS 6PE

IPv6 IPv6 BGP LDP IPv6
Packet Packet Label Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network

CE3 6PE3 P P 6PE4 CE

IPv6 4 IPv6

200.10.10.1 IPv4 200.11.11.1

MPLS
IPv6 IPv6

CE1 6PE1 PiBGP P 6PE2 CE2 2001:db8::

2001:f00d::
exchange IPv6

Connec ts IPv 6 islands ov er MPLS c ore (Transits edg e to edg e)

Transition mec hanism for prov iding u nic ast IPv 6 ac c ess
Coexistenc e mec hanism for c ombining IPv 4 and IPv 6 serv ic es
As other IPv 6 “tu nnel” tec hnolog ies, enables serv ic es su c h as
IPv6 Internet Access
Peer-to-peer connectivity
Access to IPv6 services supplied by the SP itself
Routing and Label Distribution Example
IPv6 IPv6 BGP LDP IPv6
Packet Packet Label Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network

CE3 6PE3 P P 6PE4 CE

IPv6 4 IPv6

200.10.10.1 IPv4 200.11.11.1

MPLS
IPv6 IPv6

CE1 6PE1 P iBGP P 6PE2 CE2 2001:db8::

2001:f00d:: eBGP eBGP
exchange IPv6
IGPv4 IGPv4 IGPv4
20.10.10.1 20.10.10.1 20.10.10.1
reachable reachable reachable

LDPv4 {Pop} LDPv4 {27} LDPv4 {48}

Binds label Binds label Binds label
{Pop} to {27} to {48} to
20.10.10.1 20.10.10.1 20.10.10.1

MP-eBGP IPv6 MP-iBGP MP-eBGP

Advertises
Advertises Advertises
2001:f00d:: to 6PE2
2001:f00d:: 2001:f00d::
BGP Next Hop ::ffff:200.10.10.1
to 6PE1 to CE2
Label Binding {65}

6PE Notes
LDP Label
Ou ter label that prov ides c onnec tiv ity to the destination 6PE
MP BGP Label
MP-BGP
Inner label u sed by eg ress 6PE for IPv 6 forwarding
Older IOS u se pool of 16 labels shared among st all IPv 6 prefixes
P rou ters hash this label if pay load is not IPv 4 for load balanc ing
IOS that su pport MFI [12.4(20)T & XR] u se per prefix labels
Some c ode also allows IPv 4 P rou ters to hash IPv 6 addresses
This label needed to av oid PHP dropping IPv 6 pac k et
BGP Label also referred to as “Aggregate
gg g IPv6 Label”
Ag g reg ate labels execu te “pop label + IPv 6 looku p” at eg ress 6PE
BGP NH is a “Special Use” IPv4 to IPv6 Mapped Address

::ffff: A.B.C.D ::ffff: 200.10.10.1

Fixed IPv4 Loopback

Value of 6PE
6PE Label Forwarding
IPv6 IPv6 BGP LDP IPv6
Packet Packet Label Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network

CE3 6PE3 P P 6PE4 CE

IPv6 4 IPv6

200.10.10.1 IPv4 200.11.11.1

MPLS
IPv6 IPv6

CE1 6PE1 P P 6PE2 CE2 2001:db8::

2001:f00d::
Item Value
IPv6 2001:f00d::
Prefix: {65}
BGP Label: ::ffff:200.10.10.1
BGP NH: 200.10.10.1
IPv4 NH: {48}
LDP Label:
IPv6 MPLS MPLS MPLS IPv6
{27} {48} LDP IPv4 Label
{65} {65} {65} BGP IPv6 Label
2001:f00d:: 2001:f00d:: 2001:f00d:: 2001:f00d:: 2001:f00d:: IPv6 Prefix

6PE Configuration
IPv6 IPv6 BGP LDP IPv6
Packet Packet Label Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network

CE3 6PE3 P P 6PE4 CE

IPv6 4 IPv6

200.10.10.1 IPv4 200.11.11.1

MPLS
IPv6 IPv6
as65014 as65015

CE1 6PE1 P P 6PE2 CE2 2001:db8::

2001:f00d::

ipv6 cef ipv6 cef

! !
interface loopback0
p interface loopback0
p
ip address 200.10.10.1 255.255.255.0 ip address 200.11.11.1 255.255.255.0
! !
router bgp 100 router bgp 100
neighbor 2001:f00d:1::1 remote-as 65014 neighbor 2001:DB8:1::1 remote-as 65015
neighbor 200.11.11.1 remote-as 100 neighbor 200.10.10.1 remote-as 100
neighbor 200.11.11.1 update-source lo0 neighbor 200.10.10.1 update-source lo0
! !
address-family ipv6 address-family ipv6
neighbor 200.11.11.1 activate  6PE2 neighbor 200.10.10.1 activate  6PE1
neighbor 200.11.11.1 send-label neighbor 200.10.10.1 send-label
neighbor 2001:f00d:1::1 activate  CE1 neighbor 2001:DB8:1::1 activate  CE2
6PE IPv6 Route
IPv6 IPv6 BGP LDP IPv6
Packet Packet Label Label Packet
IPv6 Network MPLS IPv4 Backbone IPv6 Network

CE3 6PE3 P P 6PE4 CE

IPv6 4 IPv6

200.10.10.1 IPv4 200.11.11.1

MPLS
IPv6 IPv6
as65014 as65015

CE1 6PE1 P P 6PE2 CE2

2001:f00d:: 2001:db8::
6PE-2#show ipv6 route
B 2001:F00D::/64 [200/0]
via ::FFFF:200.10.10.1,
::FFFF:200 10 10 1 IPv6-mpls
IPv6 mpls

6PE-1#show ipv6 cef internal #hidden command LDP BGP

[snip]
2001:F00D::/64,
nexthop ::FFFF:200.10.10.1
fast tag rewrite with F0/1, 10.12.0.1, tags imposed {48 65}

Translation Techniques

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 126
Translation Scenarios and Context
There is an ongoing demand for devices from the IPv4 to access
IPv6 devices and vice versa
Devices can be a single IPv4 or IPv6 protocol stack
Devices can be dual stack, but
Maybe the network infrastructure does not exist for either IPv4 or IPv6?
Maybe there is IPv(x) capability, but is routing not enabled?
Maybe the device is dual stack, but has no allocated IPv(x) address?
Maybe the device has a IPv(x) address but the network does not
supportt the
th protocol
t l IPv(x)?
IP ( )?
Maybe no more unique IPv(x) addresses are available anymore?
IP translation technology take these variables into account for
either generic or focused translational solutions

NAT-PT: IPv4 Initiated Communication

Allows communication between IPv4/IPv6 domains by translating
addresses and IP protocol
If communication
i ti starts
t t att the
th IPv6
IP 6 domain,
d i state
t t is
i created
t d when
h the
th
first data-packet traverses the NAT-PT device
If communication starts at the IPv4 domain, state must be established
when the first DNS response traverses the NAT-PT device
Heavy mechanism: address state, protocol translation for
every packet
Single point of failure
Complications when the application transports IP addresses in the
packet body
SIIT protocol translation may result in information loss
GV1
For your
reference
Configuring Cisco IOS NAT-PT
Network Address Translation-Protocol Translation
RFC 2766
DNS
IP Header and Address translation
Support for ICMP and DNS embedded translation
Auto-aliasing of NAT-PT IPv4 Pool Addresses
.200 .100
Ethernet-2 interface ethernet-1
LAN2: 192.168.1.0/24 ipv6 address 2001:2::10/64
ipv6 nat prefix 2010::/96
ipv6 nat
!
Ethernet-1 interface ethernet-2
NATed prefix 2010::/96 ip address 192.168.1.1 255.255.255.0
ipv6 nat
!
ipv6 nat v4v6 source 192.168.1.100 2010::1
!
LAN1: 2001:2::/64 ipv6 nat v6v4 source route-map map1 pool v4pool1
ipv6 nat v6v4 pool v4pool1 192.168.2.1 192.168.2.10
2001:2::1 prefix-length 24
!
route-map map1 permit 10
match interface Ethernet-1

Deprecation of NAT-PT
Documented in RFC4966, July 2007 – “Reasons to Move the Network
Address Translator - Protocol Translator (NAT-PT) to Historic Status”
Goal is to have IPv6 technology take benefit of its full capabilities without
restrictions imposed by Address Translation
General limitations due to translation:
Protoc ols that embed IP addresses prov ide c omplic ations
Inability to redirec t traffic for protoc ols that lac k demu ltiplexing c apabilities
(i.e. IPsec , RS V P, etc …)
keepaliv e mec hanisms for state-maintenanc e
Loss of information du e to IPv 4
4vv s IPv 6 header semantic s (next-headers
(next headers, flow
flow-label)
label)
Frag mentation
Mu ltic ast
Scalability
Slide 129

GV1 must add the documentation prefix

Cisco Systems, Inc., 12/12/2008
Deprecation of NAT-PT
Issues specific to NAT-PT translation
Address selection issues when either the internal or external hosts
implement both IPv4 and IPv6 (when destination host has both A and
AAAA record for example)
Non-Global Validity of Translated RR Records (a translated record may
be forwarded to an application that cannot use it)
Address selection issues and resource consumption in a DNS-ALG with
multi-addressed nodes
Limitations on DNS security capabilities when using a DNS-ALG
Inappropriate translation of responses to A queries from IPv6 nodes

NAT-PT

Agenda

Why IPv6?
IPv6 Technology
IPv6 Configuration
IPv4/IPv6 Transition & Co-existence
IPv6 Routing
IPv6 Services
Conclusion
IPv6 Routing

Routing In IPv6
As in IPv4, IPv6 has 2 families of routing protocols: IGP and EGP,
and still uses the longest-prefix match routing algorithm
IGP
RIPng (RFC 2080)
Cisco EIGRP for IPv6
Integrated IS-ISv6 (draft-ietf-isis-ipv6-07)
OSPFv3 (RFC 5340)
EGP: MP-BGP4 ((RFC 2858 and RFC 2545))
Cisco IOS supports all of them
Pick one that meets your objectives
IPv6 Default and Static Routing

Default & Static Routing

Similar to IPv4. Need to define the next hop / interface.
Default route denoted as ::/0
ipv6 route ipv6-prefix/prefix-length {ipv6-address | interface-type
interface-number [ipv6-address]} [administrative-distance]
[administrative-multicast-distance | unicast | multicast] [tag tag]
Examples:
Forward packets for network 2001:DB8::0/32 through 2001:DB8:1:1::1
with an administrative distance of 10
Router(config)# ipv6 route 2001:DB8::0/32 2001:DB8:1:1::1 10

Default route to 2001:DB8:1:1::1

Router(config)# ipv6 route ::/0 2001:DB8:1:1::1
IPv6 Routing – Default Route
Routing table and testing connectivity

IPv6 Internet
R1 S3/0
S2/0 R2 s0/0

2001:DB8:23:0:A8BB:CCFF:FE00:300
R2#sh run | b ipv6 route
ipv6 route ::/0 2001:DB8:12:0:A8BB:CCFF:FE00:300

R1#show ipv6 route ::/0

IPv6 Routing Table - 11 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 11, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
S ::/0 [1/0]
via 2001:DB8:12:0:A8BB:CCFF:FE00:300

R2#ping 2001:DB8:23:0:A8BB:CCFF:FE00:300

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:DB8:23:0:A8BB:CCFF:FE00:300, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/23/36 ms

RIPng (RFC2080)

Address Family Identifier Route Tag

IPv4 Address IPv6 p

prefix

Subnet Mask

Next Hop

Metric route tag prefix len metric

Similar characteristics as IPv4

Distanc e-v ec tor, hop limit of 15, split-horizon, mu ltic ast based (FF02::9),
UDP port (521) etc .
Updated features for IPv6
IPv 6 prefix & prefix len.
Special Handling for the NH
Rou te tag and prefix len for NH is all 0. Metric will hav e 0xFF. NH mu st be
link loc al

RIPng Configuration and Display

::/0 Router 2
Ethernet0 = 2001:db8:c18:1:260:3eff:fe47:1530

LAN1: 2001:db8:c18:1::/64
Ethernet0 Router2#
ipv6 router rip RT0
Router 1
interface Ethernet0
Ethernet1 ipv6 address 2001:db8:c18:1::/64 eui-64
ipv6 rip RT0 enable
ipv6 rip RT0 default-information originate
LAN2: 2001:db8:c18:2::/64

Router1#
oute # Router2#
oute # debug ipv6
p 6 rip
p
ipv6 router rip RT0 RIPng: Sending multicast update on Ethernet0 for RT0
src=FE80::260:3eff:fe47:1530
interface Ethernet0 dst=FF02::9 (Ethernet0)
ipv6 address 2001:db8:c18:1::/64 eui-64 sport=521, dport=521, length=32
ipv6 rip RT0 enable command=2, version=1, mbz=0, #rte=1
Interface Ethernet1 tag=0, metric=1, prefix=::/0
ipv6 address 2001:db8:c18:2::/64 eui-64
ipv6 rip RT0 enable
Multicast All Link-Local
RIP-Routers src Address
RIPng – Configuration and Display

e0/0
S2/0
R1
S3/0
e0/0
R2 R3

R2#sh run R3#sh run

R1#show run Building configuration... Building configuration...
Building configuration... !
hostname R1 hostname R2 Current configuration : 1489 bytes!
ipv6 unicast-routing interface Loopback2
no ip address !
interface Loopback1 ipv6 address hostname R3
no ip address 2001:DB8:2::/64 eui-64 interface Loopback3
ipv6 address ipv6 rip TEST enable no ip address
2001:DB8:1::/64 eui-64 ! ipv6 address 2001:DB8:3::/64 eui-64
ipv6 rip TEST enable interface Ethernet0/0 ipv6 rip TEST enable
! no ip address !
interface Serial2/0 ipv6 address interface Ethernet0/0
no ip address 2001:DB8:23::/64 eui-64 no ip address
ipv6 address ipv6 rip TEST enable ipv6 address 2001:DB8:23::/64 eui-64
2001:DB8:12::/64 eui-64 interface Serial3/0 ipv6 rip TEST enable
ipv6 rip TEST enable no ip address
serial restart-delay 0 ipv6 address ipv6 router rip TEST
2001:DB8:12::/64 eui-64
ipv6 rip TEST enable
serial restart-delay 0

RIPng – Debug ipv6 Rip

e0/0
S2/0
R1
S3/0
e0/0
R2 R3

R1#debug ipv6 rip

RIP Routing Protocol debugging is on
R1#
*Oct 1 02:40:10.673: RIPng: Sending multicast update on Serial2/0 for TEST
*Oct 1 02:40:10.673: src=FE80::A8BB:CCFF:FE00:100
*Oct 1 02:40:10.673: dst=FF02::9 (Serial2/0)
*Oct 1 02:40:10.673: sport=521,
p , dport=521,
p , length=52
g
*Oct 1 02:40:11.985: RIPng: response received from
FE80::A8BB:CCFF:FE00:200 on Serial2/0 for TEST
*Oct 1 02:40:11.985: src=FE80::A8BB:CCFF:FE00:200 (Serial2/0)
*Oct 1 02:40:11.985: dst=FF02::9
*Oct 1 02:40:11.985: sport=521, dport=521, length=92

Note the Multicast destination address FF02::9 for updates and the UDP port number 521
RIPng – Show ipv6 Route
e0/0
S2/0
R1
S3/0
e0/0
R2 R3

R1#show ipv6 route Loopback3 is up, line protocol is up

IPv6 Routing Table - 10 entries IPv6 is enabled, link-local address is
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP FE80::A8BB:CCFF:FE00:300
U - Per-user Static route No Virtual link-local address(es):
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary Global unicast address(es):
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 2001:DB8:3:0:A8BB:CCFF:FE00:300, subnet
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 is 2001:DB8:3::/64 [EUI]
D - EIGRP, EX - EIGRP external
C 2001:DB8:1::/64 [0/0]
via ::, Loopback1
L 2001:DB8:1:0:A8BB:CCFF:FE00:100/128 [0/0]
via ::, Loopback1
R 2001
2001:DB8:2::/64
DB8 2 /64 [120/2]
via FE80::A8BB:CCFF:FE00:200, Serial2/0 R1# ping 2001:DB8:3:0:A8BB:CCFF:FE00:300
R 2001:DB8:3::/64 [120/3]
via FE80::A8BB:CCFF:FE00:200, Serial2/0 Type escape sequence to abort.
C 2001:DB8:12::/64 [0/0] Sending 5, 100-byte ICMP Echos to
via ::, Serial2/0 2001:DB8:3:0:A8BB:CCFF:FE00:300, timeout is 2 seconds:
L 2001:DB8:12:0:A8BB:CCFF:FE00:100/128 [0/0] !!!!!
via ::, Serial2/0 Success rate is 100 percent (5/5), round-trip min/avg/max = 20/23/36 ms
R 2001:DB8:23::/64 [120/2]
via FE80::A8BB:CCFF:FE00:200, Serial2/0
L FF00::/8 [0/0] Note the hop counts
via ::, Null0

EIGRP for IPv6

EIGRP for IPv6 Specific Features
Several IPv6 Specific Differences With Respect to IPv4:

Three new TLVs:

IPv6_REQUEST_TYPE (0X0401)
IPv6_METRIC_TYPE (0X0402)
IPv6_EXTERIOR_TYPE (0X0403)
Hellos are sourced from the link-local address and destined to
FF02::A (all EIGRP routers). This means that neighbors do not
have to share the same global prefix (with the exception of
explicitly specified neighbors where traffic is unicasted).
Automatic summarization is disabled by default for IPv6
(unlike IPv4)
No split-horizon in the case of EIGRP for IPv6 (because IPv6
supports multiple prefixes per interface)
RID stays 32 bits

EIGRP for IPv6—Configuration

and Display
Router 2
Ethernet0 = 2001:db8:c18:1:260:3eff:fe47:1530

LAN1: 2001:db8:c18:1::/64 Router2#

ipv6 router eigrp 100
Eth
Ethernet0
t0 Router-id 10.10.10.1

interface Ethernet0
Router 1
ipv6 address 2001:db8:c18:1::/64 eui-64
Ethernet1 ipv6 enable
ipv6 eigrp 100
LAN2: 2001:db8:c18:2::/64
Router1#show ipv6 eigrp neighbor
IPv6-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 FE80::260:3eff:fe47:1530 E0 14 00:01:43 1 4500 0 1

Router1#show ipv6 eigrp topology all-links

IPv6-EIGRP Topology Table for AS(100)/ID(10.10.10.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 2001:db8:c18:1::/64, 1 successors, FD is 28160, serno 1 Neighbor Identified by
via Connected, Ethernet0
via FE80::260:3eff:fe47:1530 (30720/28160), Ethernet0
Link-Local Address
ISIS for IPv6

Enhanced Routing Protocol Support

Integrated IS-IS for IPv6 Overview
2 new TLV’s added to introduce IPv6 routing
IPv6 Reachability TLV (0xEC) - 236
Desc ribes network reac hability su c h as IPv 6 rou ting prefix, metric information
and some option bits. The option bits indic ates the adv ertisement of IPv 6 prefix
from a hig her lev el, redistribu tion from other rou ting protoc ols.
Equ iv alent to IP Internal/External Reac hability TLV ’s desc ribed in RFC1195 –
TLV 128 & 130
IPv6 Interface Address TLV (0xE8) - 232
Contains 128 bit address
For Hello PDUs,, mu st c ontain the link -loc al address ((FE80::/10))
For LS P, mu st only c ontain the non link -loc al address
A new Network Layer Protocol Identifier (NLPID) is defined in TLV 129
Allowing IS -IS rou ters with IPv 6 su pport to adv ertise IPv 6 prefix payload u sing
0x8E v alu e (IPv 4 & OS I u ses 0xCC, CLNP is 0x81)
IS-IS Single Topology Example
Router1#show isis database verbose level-1
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
Router2.00-00 0x0000000B 0xAB35 1020 0/0/0
Area Address: 49.0001
NLPID: 0xCC 0x8E
router isis example-area
Hostname: Router2
IP Address: 10.7.1.34 net 49.0001.0000.0000.0001.00
Metric: 10 IP 10.7.1.32 255.255.255.252 !
IPv6 Address: 2001:db8:FFFF::2 interface FastEthernet0/1
Metric: 10 IPv6 2001:db8:FFFF::/64 ip address 10.7.1.33 255.255.255.252
Metric: 10 IS Router2.01 ip router isis example-area
ipv6 address 2001:db8:FFFF::1/64
ipv6 enable
ipv6 router isis example-area
Router1#show clns is-neighbors detail
System Id Interface State Type Priority Circuit Id Format
Router2 Fa0/1 Up L1L2 64/64 Router2.01 Phase V
Area Address(es): 49
49.0001
0001 Rout
IP Address(es): 10.7.1.34*
IPv6 Address(es): FE80::2B0:4AFF:FE5C:ACA9 er1FE0/1
Uptime: 00:01:25
NSF capable Area 49.0001
2001:db8:ffff::1/
E064
10.7.1.33
2001:db8:ffff::2/64
FE80::2B0:4AFF:FE
5C:ACA9

IS-IS Multi Topology Example

Router1#show isis database verbose level-1
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
Router2.00-00 0x00000014 0x8B3E 1086 0/0/0
Area Address: 49.0001
Topology: IPv4 (0x0) IPv6 (0x2)
NLPID: 0xCC 0x8E
Hostname: Router2
IP Address: 10.7.1.34
Metric: 10 IP 10.7.1.32/30
router isis example-area
IPv6 Address: 2001:db8:FFFF::2 net 49.0001.0000.0000.0001.00
Metric: 10 IPv6 (MT-IPv6) 2001:db8:FFFF::/64 metric-style wide transition
Metric: 10 IS (MT-IPv6) Router2.01 !
address-family ipv6
multi-topology transition
Router1#show clns is-neighbors detail
System Id Interface State Type Priority Circuit Id Format
Router2 Fa0/1 Up L1L2 64/64 Router2.01 Phase V
Area Address(es): 49.0001
IP Address(es): 10.7.1.34*
Rout
IPv6 Address(es): FE80::2B0:4AFF:FE5C:ACA9
Uptime: 00:00:14
er1FE0/1
NSF capable
Topology: IPv4, IPv6
Area 49.0001
2001:db8:ffff::1/
E064
10.7.1.33
2001:db8:ffff::2/64
FE80::2B0:4AFF:FE
5C:ACA9
OSPFv3 (2740)

Enhanced Routing Protocol Support

Differences from OSPFv2
OS PF Pac k et Type
OS PFv 3 will hav e the same 5 pac k et type bu t some fields hav e been c hang ed
All OS PFv 3 pac k ets hav e a 16 byte header v erses the 24 byte header in OS PFv 2

Packet type Descrption

1 Hello
2 Database Description
3 Link State Request
4 Link State Update
5 Link State Acknowledgment

Version Type Packet Length Version Type Packet Length

Router ID Router ID
Area ID Area ID
Checksum Autype Checksum Instance ID 0
Authentication
Authentication
Enhanced Routing Protocol Support
Differences from OSPFv2
Uses link local addresses
To identify the OSPFv3 adjacency neighbors
Two New LSA Types
Link-LSA (LSA Type 0x2008)
There is one Link-LSA per link. This LSA advertises the router's link-
local address, list of all IPv6 prefixes and options associated with the
link to all other routers attached to the link
Intra-Area-Prefix-LSA (LSA Type 0x2009)
Carries all IPv6 prefix information that in IPv4 is included in
Router-LSAs and Network-LSAs
Two LSAs are Renamed
Type-3 summary-LSAs, renamed to “Inter-Area-Prefix-LSAs”
Type-4 summary LSAs, renamed to “Inter-Area-Router-LSAs”

Enhanced Routing Protocol Support

Differences from OSPFv2
Multicast Addresses
FF02::5 – Represents allS PF rou ters on the link loc al sc ope, Equ iv alent to
224 0 0 5 in OS PFv 2
224.0.0.5
FF02::6 – Represents all DR rou ters on the link loc al sc ope, Equ iv alent to
224.0.0.6 in OS PFv 2
Removal of Address Semantics
IPv 6 addresses are no long er present in OS PF pac k et header (Part of payload
information)
Rou ter LS A, Network LS A do not c arry IPv 6 addresses
Rou ter ID, Area ID and Link S tate ID remains at 32 bits
DR and BDR are now identified by their Rou ter ID and no long er by their
IP address
Security
OS PFv 3 u ses IPv 6 AH & ES P extension headers instead of v ariety of
mec hanisms defined in OS PFv 2
LSA Types

LSA function code LSA type

Router-LSA 1 0x2001
Network-LSA 2 0x2002
Inter-Area-Prefix-LSA 3 0x2003
Inter-Area-Router-LSA 4 0x2004
AS-External-LSA 5 0x4005
Group-membership-LSA 6 0x2006
T
Type-7-LSA
7 LSA 7 0 2007
0x2007
Link-LSA NEW 8 0x0008
Intra-Area-Prefix-LSA 9 0x2009

Enhanced Routing Protocol Support

OSPFv3 Configuration Example Do it again ..
Router1#
interface POS1/1
ipv6 address 2001:410:FFFF:1::1/64
ipv6 enable
Area 1
ipv6 ospf 100 area 0 Router2
interface POS2/0
ipv6 address 2001:db8:FFFF:1::2/64 POS3/0
ipv6 enable 2001:db8:ffff:1::1/64
ipv6 ospf 100 area 1

ipv6 router ospf 100 2001:db8:ffff:1::2/64

POS2/0
router-id 10.1.1.3 Router1
Router2# POS1/1
interface POS3/0
ipv6 address 2001:db8:FFFF:1::1/64
ipv6 enable
2001:410:ffff:1::1/
ipv6 ospf 100 area 1 64
Area 0
ipv6 router ospf 100
router-id 10.1.1.4
BGP-4 Extensions for IPv6 (RFC2545)

BGP-4 Extensions for IPv6

BGP-4 carries only 3 pieces of information which is truly IPv4 specific:
NLRI in the UPDATE messag e c ontains an IPv 4 prefix
NEXT_HOP path attribu te in the UPDATE messag e c ontains a IPv 4 address
BGP Identifier in the OPEN messag e & AGGREGATOR attribu te
To make BGP-4 available for other network layer protocols, RFC 2858
(obsoletes RFC 2283) defines multi-protocol extensions for BGP-4
Enables BGP-4 to c arry information of other protoc ols e.g . MPLS , IPv 6
New BGP-4 optional and non-transitiv e attribu tes:
MP_REACH_NLRI
MP_UNREACH_NLRI
Protoc ol independent NEXT_HOP attribu te
Protoc ol independent NLRI attribu te
BGP-4 Extensions for IPv6

New optional and non-transitive BGP attributes:

MP REACH NLRI (Attribute code: 14)
MP_REACH_NLRI
“Carry the set of reachable destinations together with the
next-hop information to be used for forwarding to these
destinations” (RFC2858)
MP_UNREACH_NLRI (Attribute code: 15)
Carry the set of unreachable destinations

Attribute 14 and 15 contains one or more Triples:

Address Family Information (AFI) – (next slide..)
Next-Hop Information (must be of the same address family)
NLRI

BGP-4 Extensions for IPv6

Address Family Information (AFI) for IPv6

AFI = 2 (RFC 1700)
Sub-AFI = 1 Unicast
Sub-AFI = 2 (Multicast for RPF check)
Sub-AFI = 3 for both Unicast and Multicast
Sub-AFI = 4 Label
Sub-AFI= 128 VPN
BGP-4 Extensions for IPv6

TCP Interaction
BGP-4
BGP 4 runs on top of TCP
This connection could be setup either over IPv4 or IPv6
irrespective of what NLRI BGP is carrying

Router ID
When no IPv4 is configured, an explicit BGP router-id needs to
be configured in a 32 bit ipv4 type format.
The RID d
Th does nott h
have tto b
be iin valid
lid IP
IPv4
4 fformat.
t FFor e.g.
0.0.0.1 could be a valid RID
The sole purpose of RID is for identification
In BGP, it is used as a tie breaker, and is send within the
OPEN message

IPv4 NLRI In IPv4

Router A
router bgp 201
bgp router-id 192.168.30.1
neighbor 150.1.1.2 remote-as 301
network 192.10.0.0 EBGP—next-hop
EBGP ne t hop set to self
150.10.1.1 150.10.1.2
AS 300 F
AS 200
150.10.0.0/16 E
D

C 192.10.0.0/24 150.1.1.3
150.1.1.1 150.10.0.0/16 150.10.1.1
192.10.0.0/24 150.10.1.1
3rd Party EBGP
IBGP next-hop unmodified
150.1.1.3
150.1.1.2
B A

AS 301 AS 201
192.10.0.0/24
Next Hop In BGP for IPv6
Next hop reac hability isV ERY important in BGP
If the Next Hop is inac c essible, the rou tes learned v ia BGP will not be installed in
the rou ting table (In some
somecc ase the rou tes will be rejec ted by BGP)
Link loc al address as a next-hop is only set if the BGP peer is also on a link
loc al address
IPv 6 NLRI in IPv 6(Global Unic ast) work s lik e IPv 4(3rd party NH not su pported yet)
Variou s next-hop behav iou r in IPv 6 (next few slides..)

F
AS 200
D E AS 300
C

3rd Party EBGP

B A
AS 301 AS 201

IPv6 NLRI in
In IPv4 – Problem
Router A AS 200
150.10.0.0/16 D
router bgp 201
bgp router-id 192.168.30.1
neighbor
g 150.1.1.2 remote-as 301 C
! 150.1.1.1
address-family ipv6
neighbor 150.1.1.2 activate
network 2192:10::/48 150.1.1.3
! 150.1.1.2
2150:1:1::2 2150:1:1::3
B A

AS 301 AS 201
2192:10::/48

R t A
Router A:

BGP(1): 150.1.1.2 send UPDATE (format) 2192:10::/48, next ::FFFF:150.1.1.3, metric 0, path Local
Router B:
BGP(1): 150.1.1.3 rcvd UPDATE w/ attr: nexthop ::FFFF:150.1.1.3, origin i, localpref 100, metric 0
BGP(1): 150.1.1.3 rcvd 2192:10::/48
BGP(1): no valid path for 2192:10::/48
IPv6 NLRI In IPv4 – Solution
Router A AS 200
150.10.0.0/16 D
router bgp 201
bgp router-id 192.168.30.1
neighbor
g 150.1.1.2 remote-as 301 C
! 150.1.1.1
address-family ipv6
neighbor 150.1.1.2 activate
neighbor 150.1.1.2 route-map SETNH out 150.1.1.3
network 2192:10::/48 150.1.1.2
! 2150:1:1::2 2150:1:1::3
route-map SETNH permit 10
set ipv6 next-hop 2150:1:1::3 B A

AS 301 AS 201
2192:10::/48

R t A
Router A:

BGP(1): 150.1.1.2 send UPDATE (prepend, chgflags: 0x820) 2192:10::/48, next 2150:1:1::3, metric
0, path Local
Router B:
BGP(1): 2150:1:1::3 rcvd UPDATE w/ attr: nexthop 2150:1:1::3, origin i, localpref 100, metric 0
BGP(1): 2150:1:1::3 rcvd 2192:10::/48
BGP(1): Revise route installing 2192:10::/48 -> 2150:1:1::3 (::) to main IPv6 table

IPv4 NLRI In IPv6(Global)

– Problem
Router A AS 200
150.10.0.0/16 D
router bgp 201
bgp router-id 192.168.30.1
neighbor
g 2150:1:1::2 remote-as 301 C
! 150.1.1.1
address-family ipv4
neighbor 2150:1:1::2 activate
network 192.10.0.0 150.1.1.3
! 150.1.1.2
2150:1:1::2 2150:1:1::3
B A

AS 301 AS 201
192.10.0.0/24
Router A:
BGP(0): 2150:1:1::2 send UPDATE (format) 192.10.0.0/24, next 33.80.0.1, metric 0, path Local

Router B:
BGP(0): 2150:1:1::3 rcvd UPDATE w/ attr: nexthop 33.80.0.1, origin i, localpref 100, metric 0
BGP(0): 2150:1:1::3 rcvd 192.10.0.0/24
BGP(0): no valid path for 192.10.0.0/24
IPv4 NLRI In IPv6(Global)
– Solution
Router A AS 200
150.10.0.0/16 D
router bgp 201
bgp router-id 192.168.30.1
neighbor 2150:1:1::2 remote-as 301
! C
address-family ipv4 150.1.1.1
neighbor 2150:1:1::2 activate
neighbor 2150:1:1::2 route-map SETNH out
network 192.10.0.0
! 150.1.1.2 150.1.1.3
route-map SETNH permit 10
set ip next-hop 150.1.1.3 2150:1:1::2 2150:1:1::3
B A

AS 301 AS 201
192.10.0.0/24
Router A:
BGP(0): 2150:1:1::2 send UPDATE (prepend, chgflags: 0x0) 192.10.0.0/24, next 150.1.1.3, metric 0,
path Local
Router B:
BGP(0): 2150:1:1::3 rcvd UPDATE w/ attr: nexthop 150.1.1.3, origin i, metric 0, path 10
BGP(0): 2150:1:1::3 rcvd 192.10.0.0/24
BGP(0): Revise route installing 1 of 1 routes for 192.10.0.0/24 -> 150.1.1.3(main) to main IP table

AS 301 AS 201
192.10.0.0/24
Router A:
BGP(0): Can't advertise 192.10.0.0/24 to FE80::A8BB:CCFF:FE00:300 with NEXT_HOP 254.128.0.0
BGP(0): FE80::A8BB:CCFF:FE00:300 send UPDATE (format) 192.10.0.0/24, next 254.128.0.0, metric
0, path Local

Router B:
BGP(0): FE80::A8BB:CCFF:FE00:200 rcv UPDATE w/ attr: nexthop 254.128.0.0, origin i, metric 0,
originator 0.0.0.0, path 10, community , extended community
BGP(0): FE80::A8BB:CCFF:FE00:200 rcv UPDATE about 192.10.0.0/24 -- DENIED due to: martian
NEXTHOP;
IPv4 NLRI In IPv6(Link Local)
– Solution
Router A AS 200
150.10.0.0/16 D
router bgp 201
bgp router-id 192.168.30.1
neighbor FE80::A8BB:CCFF:FE00:300%E0 remote-as 301
!
address-family
address family ipv4 C
neighbor FE80::A8BB:CCFF:FE00:300%E0 activate
neighbor FE80::A8BB:CCFF:FE00:300 route-map SETNH out
150.1.1.1
network 192.10.0.0
!
route-map SETNH permit 10
set ip next-hop 150.1.1.3 150.1.1.2 150.1.1.3
2150:1:1::2 2150:1:1::3
B A

AS 301 AS 201
192.10.0.0/24
Router A:
BGP(0): FE80::A8BB:CCFF:FE00:300 send UPDATE (format) 192.10.0.0/24, next 150.1.1.2, metric
0, path Local

Router B:

BGP(0): FE80::A8BB:CCFF:FE00:200 rcvd UPDATE w/ attr: nexthop 150.1.1.3, origin i, metric 0, path 10
BGP(0): FE80::A8BB:CCFF:FE00:200 rcvd 192.10.0.0/24
BGP(0): Revise route installing 1 of 1 routes for 192.10.0.0/24 -> 150.1.1.3(main) to main IP table

IPv6 NLRI In IPv6(Link Local)

– Router A & B
Router A AS 200
150.10.0.0/16 D
router bgp 201
bgp router-id 192.168.30.1
neighbor FE80::A8BB:CCFF:FE00:200%E0 remote-as 301
! C
address-family ipv4 150.1.1.1
neighbor FE80::A8BB:CCFF:FE00:200%E0 activate
network 2192:10::/48
!
150.1.1.2 150.1.1.3
FE80::A8BB:CCFF:FE00:200 2150:1:1::2 2150:1:1::3
B A

AS 301 AS 201
E 2192:10::/48
Router A:
BGP(1): Can't advertise 2192:10::/64 to FE80::A8BB:CCFF:FE00:200%Ethernet0/0 session 1
with NEXT_HOP FE80::A8BB:CCFF:FE00:100
BGP(1): FE80::A8BB:CCFF:FE00:200%Ethernet0/0 send UPDATE (format) 2192:10::/64, next ::,
metric 0, path Local
Router B:
BGP(1): FE80::A8BB:CCFF:FE00:100%Ethernet0/0 rcvd UPDATE w/ attr: nexthop
FE80::A8BB:CCFF:FE00:100 (FE80::A8BB:CCFF:FE00:100), origin i, metric 0, path 201
BGP(1): FE80::A8BB:CCFF:FE00:100%Ethernet0/0 rcvd 2192:10::/64
BGP(1): Revise route installing 2192:10::/64 -> FE80::A8BB:CCFF:FE00:100
(FE80::A8BB:CCFF:FE00:100) to main IPv6 table
IPv6 NLRI In IPv6(Link Local) & iBGP
Between Router B & E Using
AS 200
Global Unicast 150.10.0.0/16 D
Router B
router bgp 301
C
bgp router-id 192.168.30.2
neighbor FE80::A8BB:CCFF:FE00:100%E0 remote-as 201
neighbor 2151:1:1::5 remote-as 301
!
address-family ipv4
150.1.1.2 150.1.1.3
neighbor FE80::A8BB:CCFF:FE00:300%E0 activate
neighbor 2151:1:1::5 activate
2150:1:1::2 2150:1:1::3
!

FE80::A8BB:CCFF:FE00:200 B A
2151:1:1::5
AS 301 AS 201
E 2192:10::/48
Router B:
BGP(1): Can't advertise 2192:10::/64 to 2151:1:1::5 with NEXT_HOP FE80::A8BB:CCFF:FE00:200
BGP(1): 2151:1:1::5 send UPDATE (format) 2192:10::/64, next 2151:1:1::2, metric 0, path 10

Router E:
BGP(1): 2151:1:1::2 rcvd UPDATE w/ attr: nexthop 2151:1:1::2, origin i, localpref 100, metric 0, path
10
BGP(1): 2151:1:1::2 rcvd 2192:10::/64
BGP(1): Revise route installing 2192:10::/64 -> 2151:1:1::2 (::) to main IPv6 table

IPv6 NLRI In IPv6(Link Local) – iBGP

Between Router B & E Using
Link-local – Problem AS 200
150.10.0.0/16 D
Router B
router bgp 301
C
bgp router-id 192.168.30.2
neighbor FE80::A8BB:CCFF:FE00:100%E0 remote-as 201
neighbor FE80::A8BB:CCFF:FE00:700%E1 remote-as 301
!
address-family ipv4 150.1.1.2 150.1.1.3
neighbor FE80::A8BB:CCFF:FE00:100%E0
neighbor FE80::A8BB:CCFF:FE00:700%E1
activate
activate 2150:1:1::2 2150:1:1::3
!
B A
FE80::A8BB:CCFF:FE00:700 AS 301 AS 201
E 2192:10::/48
Router B:
BGP(1) Can't
BGP(1): C 't advertise
d ti 2192:10::/64
2192 10 /64 tto FE80
FE80::A8BB:CCFF:FE00:700%Ethernet1/0
A8BB CCFF FE00 700%Eth t1/0 session
i 2 with
ith
NEXT_HOP FE80::A8BB:CCFF:FE00:100
BGP(1): FE80::A8BB:CCFF:FE00:700%Ethernet1/0 session 2 send UPDATE (format) 2192:10::/64, next ::,
metric 0, path 201
Router E:
BGP(1): FE80::A8BB:CCFF:FE00:201%Ethernet0/0 session 2 unspecified nexthop ::
(FE80::A8BB:CCFF:FE00:201)
BGP(1): FE80::A8BB:CCFF:FE00:201%Ethernet0/0 session 2 rcv UPDATE w/ attr: nexthop ::
(FE80::A8BB:CCFF:FE00:201), origin i, localpref 100, metric 0, originator 0.0.0.0, path 201, community ,
extended community , SSA attribute
BGP(1): FE80::A8BB:CCFF:FE00:201%Ethernet0/0 session 2 rcv UPDATE about 2192:10::/64 -- DENIED due to:
martian MP_REACH NEXTHOP;
IPv6 NLRI In IPv6(Link Local) – iBGP
(Link Local) Solution
3 ways to solve:
Chang e the next-hop to Global at Rou ter A
set ipv6 next-hop
next hop 2150:1:1::3 (outbound) but that next-hop
next hop
needs to be known to router E via static or IGP

Chang e the next-hop to self at Rou ter B towards E

neighbor <router_E_neighbor_addr> next-hop-self
AS 200
150.10.0.0/16 D
Chang e the next-hop to Global at Rou ter B
set ipv6 next-hop 2150:1:1::2 (inbound) but that
C
next-hop needs to be known to router E via static or IGP
Option #2 is the easiest way to solve this problem
150.1.1.2 150.1.1.3
2150:1:1::2 2150:1:1::3
B A
AS 301 AS 201
E 2192:10::/48

BGP-4 Configurations for IPv6

Link Local Peering 12.2.33SRC and
Above IOS
Router A
router bgp 200
neighbor FE80::A8BB:CCFF:FE01:F600%Ethernet0/0 remote-as 100
!
address-family ipv6
neighbor FE80::A8BB:CCFF:FE01:F600%Ethernet0/0 activate AS 100
neighbor FE80::A8BB:CCFF:FE01:F600%Ethernet0/0 route-map SETNH out
redistribute connected
no synchronization
!
route-map SETNH permit 10 A
set ipv6 next-hop 2001:100:1:1::2

FE80::A8BB:CCFF:FE01:F600

B
New CLI per
AS 200
RFC 4007
BGP-4 for IPv6 « Show Command »

RouterA#show bgp ipv6 2001:100:1:1::/64

BGP routing table entry for 2001:100:1:1::/64, version 71
Paths: (2 available, best #2, table default)
Advertised to update-groups:
1
100
2001:100:1:1::1 (FE80::A8BB:CCFF:FE01:F600) from FE80::A8BB:CCFF:FE01:F600%Ethernet0/0
(200.11.11.1)
Origin incomplete, metric 0, localpref 100, valid, external
Local
:: from 0.0.0.0 (200.14.14.1)
O i i i
Origin incomplete,
l t metric
t i 0,
0 localpref
l l f 100,
100 weight
i ht 32768,
32768 valid,
lid sourced,
d best
b t

Agenda

Why IPv6?
IPv6 Technology
IPv6 Configuration
IPv4/IPv6 Transition & Co-existence
IPv6 Routing
IPv6 Services
Conclusion
IPv6 Services

Mobile IPv6

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 178
Mobile IPv6 Benefits
IPv6 address space enables Mobile IP deployment in any kind of
large environment
No foreign agent needed in MIPv6
Infrastructure does not need an upgrade to accept
Mobile IPv6 Nodes
IPv6 auto-configuration simplifies MN CoA assignment
MIPv6 takes advantage of IPv6 protocol itself
E.g., option headers, neighbor discovery
Optimized routing—avoids triangular routing
Scale easier but network management challenges
MN's work transparently even with other nodes that do not
support mobility
Albeit without route optimization

Mobile IPv6: Key Components

Correspondent
Node (CN)
Destination IP Host inS ession
Internet with a Mobile Node

Home Agent (HA)

Maintains an Assoc iation
Between the MN’s “Home”
IP Address and Its Care of
Address (Loaned Address)
on the Foreig n Network
MN
Mobile Node (MN)
An IP Host that Maintains Network
Connec tiv ity Using Its “Home” IP
Address, Reg ardless of whic h Link (or
Network ) It Is Connec ted to
MIPv6 Operations: MN On It’s
Home Network
Home Link

Internet While a Mobile Node is at

Home, Packets Addressed to
its Home Address are
Routed to the Mobile Node's
Home Link, Using
Conventional Internet
Routing Mechanisms

A Mobile Node (MN) is always expected to be addressable at its home

address, whether it is currently attached to its home link or is away
from home
The “home address” is an IP address assigned to
MN within its home subnet prefix on its home link

MIPv6 Operations: MN Moving to A

New Link
Home Link
(1) CARE OF
Home Ag ent CN
C ADDRESS
Internet
MN Obtains an
IPv6 Address in the
Visited Network
Through Stateless
or Stateful Auto-
Configuration

(2) BINDING UPDATE MN

While Away From Home, a MN Registers its
Primary Care-of Address with a Router on its
Home Link, Requesting this Router to Function
as the “Home Agent" for the MN
Packet Forwarding
Bidirectional Tunneling Mode

Pac k ets from the CN are rou ted

Home Link to the HA and then tu nneled to Not required to
the MN support Mobile
CN IP 6 on th
IPv6 the CN
Home Ag ent
Internet No binding
registration
between
MN and CN

HA uses proxy Neighbor Discovery

to Intercept any IPv6 Packets MN
Addressed to the MN's Home Packets to the CN are Tunneled from the
Address on the Home Link; Each MN to the HA (“Reverse Tunneled”) and
Intercepted Packet Is Tunneled to then Routed Normally from the Home
the MN’s CoA Network to the CN

Packet Forwarding
Route Optimization Mode

Requires MN to Register Its Binding

Association to CN; MN can also be a
CN to Communicate with other MN Packets from CN are
Home Link
Routed Directly to the
CoA of MN by
CN
Checking the Binding
Internet Cache Table

Home Ag ent

Traffic is Going Through HA until

the Return Routability Procedure
is Performed When Routing Packets Directly to
CN, MN Sets the Source Address
Signaling via HA, and Home
in the Packet’s IPv6 Header to its
Registrations Still Keep HA Informed
Current CoA
IPv6 Security

IPv6 Security
RFC “mandates” privacy and encryption
Same IPSec you already know
Two security extension headers defined; all implementations required to
support (IPSec)
Au thentic ation Header (AH)
Enc apsu lating S ecu rity Payload (ES P)
Key distribu tion protoc ols are u nder dev elopment
Support for manu al k ey c onfig u ration requ ired
IPv6 Security is MORE THAN IPSec!
New concept of privacy addressing
On by defau lt in Mic rosoft XPS P1+
Randomly g enerated address
Nearly impossible to perform successful network scans
IPv6 Protocol Challenges

Inherits many challenges found in IPv4

Same applications
Same TCP, UDP layers

Many new features

Autoconfiguration (router advertisements)
ND—Neighbor Discovery (altering ICMPv6 packets)
DAD—Multiple
DAD Multiple (bad) addresses
Mobile IPv6—binding update, etc.

IPv6 Security Considerations

If all hosts are performing encryption, what happens to…
Intrusion detection
Intrusion prevention (inline filtering)
Virus protection
Deep packet inspection
Proxies
The real world will likely implement…
Decoupling of end to end encryption (terminate connections on a bulk
encryption device)
Use of authentication headers providing packet integrity, but not
encryption
Extensive use of personal (host-based) firewalls and host-based IDS
(Cisco Security Agent) to augment network-based security tools
IPv6 QoS

IPv6 QoS: Header Fields

IPv6 traffic class
Exactly the same as TOS Version Traffic Class Flow Label
fi ld iin IP
field IPv4
4
IPv6 Flow Label (RFC 3697) Next
Payload Length Hop Limit
Header
A new 20-bit field in the IPv6
basic header which:
Labels packets belonging to
particular flows Source Address
Can be used for special
sender
d requests
Per RFC, Flow Label must
not be modified by intermediate
routers Destination Address
Keep an eye out for work being
doing to leverage the flow label
Simple QoS Example: IPv4 and IPv6
class-map match-any BRANCH-BULK-DATA ACL Match To Set DSCP
match access-group name BULK-DATA-IPV6 (If Packets Are Not Already Marked)
match access-group name BULK-DATA
class map match
class-map match-all
all BULK-DATA
BULK DATA service-policy
i li i
input
t RBR-LAN-EDGE-IN
RBR LAN EDGE IN
match dscp af11
!
policy-map RBR-WAN-EDGE
class BULK-DATA
bandwidth percent 4
random-detect
!
policy-map RBR-LAN-EDGE-IN
class BRANCH-BULK-DATA
set dscp af11
!
ip access-list extended BULK-DATA
permit tcp any any eq ftp service-policy output RBR-WAN-EDGE
permit tcp any any eq ftp-data
!
ipv6 access-list BULK-DATA-IPV6
permit tcp any any eq ftp
permit tcp any any eq ftp-data ACLs to Match for Both
IPv4 and IPv6 Packets

IPv6 QoS: Support

Cisco’s current IPv6 QoS implementation supports:
Pac k et c lassific ation
Qu eu ing —(does su pport LLQ)—exc u
l ding PQ/CQ
Traffic shaping
WRED
Class-based pac k et mark ing
Polic y-based pac k et mark ing
Cisco’s current IPv6 QoS implementation does not support:
Compressed Real
Real-Time
Time Protoc ol (CRTP)
Network -Based Applic ation Rec og nition (NBAR)
Committed Ac c ess Rate (CAR)
Priority Qu eu ing (PQ)
Cu stom Qu eu ing (CQ)
Agenda

Why IPv6?
IPv6 Technology
IPv6 Configuration
IPv4/IPv6 Transition & Co-existence
IPv6 Routing
IPv6 Services
Conclusion

Conclusion
Start now rather than later
Purchase for the future and test, test and then test some more
Start moving legacy application towards IPv6 support
Thing s we did not talk abou t, bu t they are v ery important to c onsider
ISP multihoming solutions (Multi6 WG)—“Goals for IPv6 Site-Multihoming Architectures”
(RFC 3582)—http://www.ietf.org/html.charters/multi6-charter.html
IPv6 Addressing Considerations (RFC 5375)
IPv4-IPv6 and IPv6-IPv6 Interworking: draft-mrw-behave-nat66, draft-arkko-townsley-
coexistence, draft-wing-nat-pt-replacement-comparison, draft-durand-softwire-dual-stack-lite
IETF WG Activities: v6ops, 6man, shim6 and Behave and Softwires
Thi g s to c onsider:
Thin id
Don’t assume your favorite vendor/app/gear has an IPv6 plan
Full parity between IPv4 and IPv6 is still a ways off
SP deploymentsS cenarios
ISP IPv6 Deployment Scenarios in Broadband Access Networks (RFC 4779)
Scenarios and Analysis for Introducing IPv6 into ISP Networks (RFC 4029)
Procedures for Renumbering an IPv6 Network without a Flag Day (RFC 4192)
Please Visit the Cisco Booth in the
World of Solutions
See the technology in action
Network Infrastructure and Systems
NS1 – Cisco Catalyst Series: Optimize
and Virtualize
NS2 – Cisco Catalyst Series: Fueling
Collaboration
NS3 – Cisco ISR: Application
Integration at Branch
NS4 – Enhance Collaboration with Cisco
WebEx Node
NS5 – Optimize the WAN with Cisco ASR
1000 Series
NS6 – Pedal Power for the Cisco
Catalyst 4500

Reference Materials
“Deploying IPv 6 Broadband Network s” Adeel Ahmed,S alman Asadu llah –
I BN0470193387, John Wiley &S ons Pu blic ations®
S
“Deployin
Deploying IPv 6 Network s”
s Ciprian Popov ic u
i , Patric k Grossetete
Grossetete, Eric Lev y-
Abeg noli, IS BN1587052105 - Cisc o Press®
“IPv 6S ecu rity”S cott Hog g , Eric V ync k e, IS BN1587055945 – Cisc o Press®
“Understanding IPv 6” by Joseph Dav ies - Mic rosoft Press
“IPv 6 Essentials” byS ilv ia Hag en - O’Reilly & Assoc iates Press
www.c isc o.c om/g o/ipv 6 - CCO IPv 6 main pag e
www.c isc o.c om/g o/srnd - CIS CO NETWORK DES IGN CENTRAL
www.c is
i c o.c om//g o/fn
/f
www.ietf.org
www.ipv 6foru m.c om
www.ipv 6.org
www.nav 6tf.org /
www.6net.org
Complete Your Online
Session Evaluation
Give us your feedback and you
could win fabulous prizes.
Winners announced daily.
Receive 20 Passport points for
each session evaluation you
complete.
Complete your session evaluation
online now (open a browser
through our wireless network to
access our portal) or visit one of
the Internet stations throughout
the Convention Center.
Don’t forg et to ac tiv ate you r
Cisc o Liv eV irtu al ac c ou nt for ac c ess to
all session material, c ommu nities, and
on-demand and liv e ac tiv ities throu g hou t
the year. Ac tiv ate you r ac c ou nt at the
Cisc o booth in the World ofS olu tions or v isit
www.c isc oliv e.c om.

Huawei Y6 - Schematic Diagarm
0% (4)
Huawei Y6 - Schematic Diagarm
83 pages
Rsa Securid Access Cloud Authentication Service Quick Setup Guide Radius Clients
No ratings yet
Rsa Securid Access Cloud Authentication Service Quick Setup Guide Radius Clients
17 pages
IPv6 Full Seminar Report
80% (5)
IPv6 Full Seminar Report
34 pages
01 Ipv6 Core en
No ratings yet
01 Ipv6 Core en
65 pages
IPv 6
No ratings yet
IPv 6
34 pages
IPv 6
No ratings yet
IPv 6
21 pages
Curs IPv6
No ratings yet
Curs IPv6
120 pages
IPv6 Protocol Insights for Engineers
No ratings yet
IPv6 Protocol Insights for Engineers
60 pages
(EN) Zero To Hero 2
No ratings yet
(EN) Zero To Hero 2
52 pages
Atul's Resume - New
No ratings yet
Atul's Resume - New
2 pages
IPv 6
No ratings yet
IPv 6
69 pages
R e A L T I M e P e R F o R M A N C e 1 2 0 I P S (N T S C) / 1 0 0 I P S (P A L)
No ratings yet
R e A L T I M e P e R F o R M A N C e 1 2 0 I P S (N T S C) / 1 0 0 I P S (P A L)
2 pages
Unit 1
No ratings yet
Unit 1
40 pages
Clase 3. IPv6 Addressing
No ratings yet
Clase 3. IPv6 Addressing
99 pages
Ipv4 Vs Ipv6: The Transition To Ipv6: By: Pallavi K Shewale
No ratings yet
Ipv4 Vs Ipv6: The Transition To Ipv6: By: Pallavi K Shewale
40 pages
Facebook Usage and Communication Skills of Grade 11 Student of Sta. Cruz National High School - Senior High School
100% (2)
Facebook Usage and Communication Skills of Grade 11 Student of Sta. Cruz National High School - Senior High School
24 pages
Curs IPv6-1
No ratings yet
Curs IPv6-1
120 pages
14 Ip Grab Bag
No ratings yet
14 Ip Grab Bag
6 pages
IPv6: Protocols and Practices
No ratings yet
IPv6: Protocols and Practices
90 pages
Untuk Belajar IPv6
No ratings yet
Untuk Belajar IPv6
5 pages
IPv6 Training for Network Engineers
100% (1)
IPv6 Training for Network Engineers
105 pages
3 TM1UEM - Lesson 1 - Integrating ICT in Teaching and Learning - What Is ICT
No ratings yet
3 TM1UEM - Lesson 1 - Integrating ICT in Teaching and Learning - What Is ICT
3 pages
Curs IPv6 PDF
No ratings yet
Curs IPv6 PDF
120 pages
IPv6 Technical Brief and Benefits
No ratings yet
IPv6 Technical Brief and Benefits
38 pages
7360 Isam FX Shelf Intelligent Services Access Manager Amt
No ratings yet
7360 Isam FX Shelf Intelligent Services Access Manager Amt
2 pages
ccnp1 V50 m08 IPV6 Final
No ratings yet
ccnp1 V50 m08 IPV6 Final
120 pages
Graziani IPv6 Part1
No ratings yet
Graziani IPv6 Part1
138 pages
Cybercrime
No ratings yet
Cybercrime
14 pages
6 IPv6
No ratings yet
6 IPv6
31 pages
Ipv6 at Penn: Who Am I?
No ratings yet
Ipv6 at Penn: Who Am I?
66 pages
IPV4/IPV6 Security and Threat Comparisons: Emre Durda÷Õ, Ali Buldu
No ratings yet
IPV4/IPV6 Security and Threat Comparisons: Emre Durda÷Õ, Ali Buldu
7 pages
Curs IPv6
No ratings yet
Curs IPv6
120 pages
Curs IPv6
No ratings yet
Curs IPv6
120 pages
c4613 Sample Output
No ratings yet
c4613 Sample Output
3 pages
Discussion Paper: The Transitioning of Cryptographic Algorithms and Key Sizes
100% (1)
Discussion Paper: The Transitioning of Cryptographic Algorithms and Key Sizes
10 pages
Introduction To Ipv6: The Future of The Internet
No ratings yet
Introduction To Ipv6: The Future of The Internet
8 pages
IPv6 LAN V3.0
No ratings yet
IPv6 LAN V3.0
32 pages
Internet Protocol Version 6
No ratings yet
Internet Protocol Version 6
12 pages
Ipv6 Working
No ratings yet
Ipv6 Working
35 pages
IPv6: Addressing the Future
No ratings yet
IPv6: Addressing the Future
15 pages
Splunk Enterprise Security Use Splunk Enterprise Security 5.3.1
No ratings yet
Splunk Enterprise Security Use Splunk Enterprise Security 5.3.1
92 pages
SIEM For Beginners
100% (1)
SIEM For Beginners
19 pages
Ipv6 First Steps: So#A Silva Berenguer
No ratings yet
Ipv6 First Steps: So#A Silva Berenguer
18 pages
Ipv 6
No ratings yet
Ipv 6
32 pages
We're Going To Need A Bigger Address Space
No ratings yet
We're Going To Need A Bigger Address Space
15 pages
YSEALI 2024 Workshop: Cultural Tourism
No ratings yet
YSEALI 2024 Workshop: Cultural Tourism
1 page
IPv6 Insights for Engineering Students
No ratings yet
IPv6 Insights for Engineering Students
9 pages
Omnis Programming
No ratings yet
Omnis Programming
483 pages
What'S Happening With Ipv6?: October, 2001
No ratings yet
What'S Happening With Ipv6?: October, 2001
22 pages
BIOS Rootkit Mebromi: Analysis & Implications
No ratings yet
BIOS Rootkit Mebromi: Analysis & Implications
6 pages
E3install Enu
No ratings yet
E3install Enu
26 pages
IPv6 Presentation
No ratings yet
IPv6 Presentation
27 pages
Debit and Credit Card Usage Survey
No ratings yet
Debit and Credit Card Usage Survey
4 pages
IPv6 Fundamentals and Multicast IPv6 Address Review
No ratings yet
IPv6 Fundamentals and Multicast IPv6 Address Review
59 pages
IPv6 Essentials for Network Engineers
No ratings yet
IPv6 Essentials for Network Engineers
19 pages
Curs 4
No ratings yet
Curs 4
36 pages
Xendesktop 5.6 Feature Pack 1 Installing and Deployment Docs
No ratings yet
Xendesktop 5.6 Feature Pack 1 Installing and Deployment Docs
64 pages
8-Port 10/100Mbps Metal Switch Manual
No ratings yet
8-Port 10/100Mbps Metal Switch Manual
10 pages
Autodesk Inventor 2013 Materials and Appearances
No ratings yet
Autodesk Inventor 2013 Materials and Appearances
30 pages
Vodafone - Services Project
100% (1)
Vodafone - Services Project
17 pages
Lecture 9: Ip Variations: Ipv6, Multicast, Anycast
No ratings yet
Lecture 9: Ip Variations: Ipv6, Multicast, Anycast
42 pages
Ipv6 Astaro2005
No ratings yet
Ipv6 Astaro2005
19 pages
IPv 6
No ratings yet
IPv 6
23 pages
A Simulation Study of Tunneling Between IPV4 & IPV6 Networks Using OPNET Modeler
No ratings yet
A Simulation Study of Tunneling Between IPV4 & IPV6 Networks Using OPNET Modeler
8 pages
CS 640: Introduction To Computer Networks: Aditya Akella Lecture 12 - IP-Foo
No ratings yet
CS 640: Introduction To Computer Networks: Aditya Akella Lecture 12 - IP-Foo
30 pages
TELE Satellite 0511 Eng
No ratings yet
TELE Satellite 0511 Eng
58 pages
Internet Protocol Version 6 (IPv6)
No ratings yet
Internet Protocol Version 6 (IPv6)
20 pages
Next Generation Ip (Ipv6)
No ratings yet
Next Generation Ip (Ipv6)
49 pages
Cisco Switch Security Lab Guide
No ratings yet
Cisco Switch Security Lab Guide
30 pages
Microsoft Support Case 802.1x
No ratings yet
Microsoft Support Case 802.1x
26 pages
Cisco IP Adddressing New Scheme
No ratings yet
Cisco IP Adddressing New Scheme
120 pages
Ipv6 The New Internet Protocol: Integrated Network Services Almerindo Graziano
No ratings yet
Ipv6 The New Internet Protocol: Integrated Network Services Almerindo Graziano
25 pages
IPv6 Transition Insights
No ratings yet
IPv6 Transition Insights
48 pages
Minal IPv6
No ratings yet
Minal IPv6
21 pages
Apnic v6 Tutorial Distribution
No ratings yet
Apnic v6 Tutorial Distribution
69 pages
IPv6 Protocol Overview & Benefits
No ratings yet
IPv6 Protocol Overview & Benefits
26 pages
Minal IPv6
No ratings yet
Minal IPv6
25 pages
Ipv 6 Main
No ratings yet
Ipv 6 Main
48 pages
1 Introduction RickGraziani
No ratings yet
1 Introduction RickGraziani
31 pages
Internet Radio Multicasting Multimedia Over IP
No ratings yet
Internet Radio Multicasting Multimedia Over IP
9 pages
2017-2018 Lec 10-11 - 140119220817
No ratings yet
2017-2018 Lec 10-11 - 140119220817
44 pages
AZ-900 Exam Prep Guide
No ratings yet
AZ-900 Exam Prep Guide
133 pages
Logical Adressing
No ratings yet
Logical Adressing
16 pages
SD5A825GB-HNR S0 Datasheet 20250111
No ratings yet
SD5A825GB-HNR S0 Datasheet 20250111
4 pages
KENYA ARMY POLICY ON SOCIAL MEDIA USE.. Aug 29, 2021
No ratings yet
KENYA ARMY POLICY ON SOCIAL MEDIA USE.. Aug 29, 2021
4 pages
FSC Edition 36
No ratings yet
FSC Edition 36
3 pages
IPV6
No ratings yet
IPV6
47 pages
IPV6
No ratings yet
IPV6
42 pages