Beruflich Dokumente
Kultur Dokumente
Agenda
Why IPv6? Current IPv6 Market & Some Examples IPv6 Technology Update and Challenges Deployment Scenarios IPv6 @ Cisco Conclusion
RST-231
Why IPv6?
RST-231
Why IPv6?
Addresses Plug and play Scalable Home Networking Mobility Not really a reason for IPv6: Security QoS
RST-231
Theoretical limit of 32-bit space: ~4 billion devices; practical limit of 32-bit space: ~250 million devices
(See RFC 3194)
RST-231
2002, Cisco Systems, Inc. All rights reserved.
Mobile phones
Already 1 billion mobile phones delivered by the industry
Transportation
1 billion automobiles forecast for 2008 Internet access in planes, trains, ships
Consumer devices
Billions of home and industrial appliances
RST-231
RST-231
10
MR
IPv6
HA
CN
RST-231
11
RST-231
12
Wireless
IPv6 still mandatory for UMTS rel. 5 multimedia Not deployed before 2005 (+ ?)
RST-231
2002, Cisco Systems, Inc. All rights reserved.
13
Enterprises?
Requires IPv6 support by O.S. and applications
SUN Solaris 8+, IBM z/OS 1.4 & AIX 4.3+, HP, FreeBSD 4.x, Linux, Microsoft Windows XP Pro SP1, Microsoft Windows .NET Server...
Waiting for killer environment Addresses are a problem for several enterprises after a series of mergers
RST-231
14
Home Users?
Online peer-to-peer gaming might be the killer app
Likely to take off in broadband access networks Avoid server-based gaming for scaling/performance Sony, Microsoft
15
X Early Adopters
Application Port <= Duration 3+ Years => ISP Adoption <= Duration 3+ Years => Consumer Adoption
d ute rib ist ming D a G
<= Duration 5+ Years =>
Enterprise Adoption
<=
RST-231
17
SURFnet
Dutch NRN, see http://www.surfnet.nl Currently 5th network generation STM-64c/OC-192c core with mostly 12416 routers SURFnet-4 and SURFnet-5 ran in parallel for a year, which created a big opportunity to test new services Dual-stack IPv4/IPv6 IPv6 service offering via tunnel, dedicated link, dual-stack
RST-231
2002, Cisco Systems, Inc. All rights reserved.
18
SURFnet Topology
Den Haag Eindhoven Amsterdam Leiden Delft 12416 12416 12416 12416 12416
7507
7507
7507
7507
7507
12008
International
GEANT
12008
Amsterdam Sara
12008
Chicago
12008
AMS-IX
7507 7507 7507 7507 7507 7507 7507 7507 12416 12416 12416 12416 12416 12416 12416 12416 Enschede Utrecht Hilversum Groningen Zwolle Nijmegen Tilburg Wageningen
RST-231
19
6net
Coordinated by Cisco, 34 Partners Dante, Terena, 9 NRNs (Renater, DFN, UKERNA, SURFnet, NorduNET, GRNET, GARR, SWITCH, ACONET), Universities, IBM, SONY, NTT recently added: ETRI, Hungarnet, CESNET, PSNC www.6net.org
RST-231
2002, Cisco Systems, Inc. All rights reserved.
20
RST-231
21
6net Workflow
WP0 - Project management and technical management WP7 - Dissemination and exploitation
RST-231
22
NorduNET
Denmark Norway
The Netherlands
NREN POP
Austria Italy Switzerland ATM Link Gigabit Ethernet STM16 POS STM1 POS/ATM STM1 Tunnel L2-ISIS Neighborship NREN POP NREN POP NREN POP
RST-231
23
6net Equipment
Hardware 6net PoP: 12404 NRN PoP: 12404 or 7206 Initial software Cisco 12404: IOS 12.0(22)S Cisco 7206: IOS 12.2(8)T
RST-231
24
RST-231
25
IPv4 Solution
32-bit, Network Address Translation DHCP, ZeroConf IPSec Mobile IP Differentiated Service, Integrated Service IGMP/PIM/Multicast BGP
IPv6 Solution
128-bit, NAT-PT Serverless, ZeroConf, Reconfiguration, DHCP IPSec Mandated, Works End-to-End Mobile IP with Direct Routing Differentiated Service, Integrated Service MLD/PIM/Multicast BGP, Scope Identifier
26
IPv6 Update
Flow label Addresses DNS IPv6 multicast Security Mobility
RST-231
27
Source Address
Destination Address
Potential use for the Flow Label finally described in http://www.ietf.org/internet-drafts/ draft-ietf-ipv6-flow-label-03.txt
RST-231
28
Processed only by node identified in IPv6 destination address field => much lower overhead than IPv4 options
Exception: Hop-by-hop options header
RST-231
29
TLA
TLA = Top-Level Aggregator NLA* = Next-Level Aggregator(s) SLA* = Site-Level Aggregator(s) All subfields variable-length, non-self-encoding (like CIDR) TLAs may be assigned to providers or exchanges
RST-231
2002, Cisco Systems, Inc. All rights reserved.
30
6Bone Addressing
/28 3ffe pTLA Prefix Site Prefix LAN Prefix /48 /64
RST-231
31
32
/32
/48
/64
0410
Site Prefix LAN Prefix IXP Prefix (Not Announced to Peering ISPs) HD Ratio = Log (Number of Allocated Objects) Log (Max Number of Allocatable Objects) 0.8 Picked for New Proposal
RST-231
33
1111111010
1111111011
interface ID
RST-231
34
IPv6
AAAA record: www.abc.test
3FFE:B00:C18:1::2 AAAA
PTR record:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0 .0.0.8.1.c.0.0.0.b.0.e.f.f.3.ip6.int . PTR www.abc.test.
(experimental)
\[x3ffe0c000c180001000000000 0000002 /128].ip6.arpa. PTR
www.abc.test
RST-231
35
Uniqueness can only be guaranteed by keeping one and only one root
Non-unique domain name has also legal issue, e.g. inadequate www.cisco.com registration
RST-231
36
0 80 Bits
Group ID 32
Low-order flag indicates permanent/transient group; three other flags reserved Scope field:
1node local 2link-local 5site-local 8organization-local Bcommunity-local Eglobal (All other values reserved)
RST-231
37
Prefix 64
Group ID 32
New flag P:
0address not assigned on prefix 1prefix based assignment
P == 1:
Plenlength of network prefix Prefixnetwork prefix, at most 64 bits SSM: plen = 0, prefix = 0 FF3X::/96
38
MLD and IGMP are now standardized in the IETF MAGMA working group
http://www.ietf.org/html.charters/magma-charter.html
RST-231
39
Bidir PIM also applicable Currently no MSDP work for IPv6 Strong doubts that BGMP will ever make it as inter-domain protocol For the time being, it is assumed that SSM solves the inter-domain IPv6 multicast problem (?)
RST-231
2002, Cisco Systems, Inc. All rights reserved.
40
Security
IPv6 specifications mandates IPSec
Taking benefits of the global address space to allow end-to-end deployment
But
No global IKE distribution mechanism is in place on the Internet Firewalls are largely in use
Central versus distributed security model IPv6 helps against DoS/port scans
Would take 1M years to do a full /64 port scan
RST-231
41
Mobile IPv6
Correspondent
IPv6 RD: Agent Advertisement: Lifetime, Type, Services
MN HA
IPv6 RD: Agent Solicitation: Lifetime, Services MN
Registration
No foreign agent in IPv6 mobile IP Route optimization built-in Problem was authentication
IPSec AH problems due to missing PKI IETF mobile IP WG finally coming close to consensus draft-ietf-mobileip-ipv6-18.txt
RST-231
2002, Cisco Systems, Inc. All rights reserved.
42
RST-231
43
RST-231
44
RST-231
45
46
TCP
UDP
TCP
UDP
IPv4
IPv6
IPv4
IPv6
0x0800
0x86dd
0x0800
0x86dd
Frame Protocol ID
47
IPv4
DNS Server
IPv6
3ffe:b00::1
48
NAT-PT
2001:0420:1987:0:2E0:B0FF:FE6A:412C
PREFIX is a 96-bit field that allows routing back to the NAT-PT device
RST-231
2002, Cisco Systems, Inc. All rights reserved.
49
.100
Ethernet-2
interface ethernet-1 ipv6 address 2001:2::10/64 ipv6 nat prefix 2010::/96 ipv6 nat ! interface ethernet-2 ip address 192.168.1.1 255.255.255.0 ipv6 nat ! ipv6 nat v4v6 source 192.168.1.100 2010::1 ! ipv6 nat v6v4 source route-map map1 pool v4pool1 ipv6 nat v6v4 pool v4pool1 192.168.2.1 192.168.2.10 prefix-length 24 ! route-map map1 permit 10 match interface Ethernet-1
50
Ethernet-1
RST-231
RST-231
51
IP header and address translation Support for ICMP and DNS embedded translation Auto-aliasing of NAT-PT IPv4 pool addresses Future developments will add ALGs support
1st implementation does not support FTP ALG
RST-231
52
RST-231
53
IPv6 Network
IPv4
54
6to4 Router2
IPv6 Network
Network prefix: 2002:c0a8:6301::/48
E0 192.168.99.1
IPv4
E0 192.168.30.1
2002:c0a8:1e01::/48 = =
router2# interface Loopback0 ip address 192.168.30.1 255.255.255.0 ipv6 address 2002:c0a8:1e01:1::/64 eui-64 interface Tunnel0 no ip address ipv6 unnumbered Ethernet0 tunnel source Loopback0 tunnel mode ipv6ip 6to4 ipv6 route 2002::/16 Tunnel0
6to4 Tunnel:
Is an automatic tunnel method Gives a prefix to the attached IPv6 network 2002::/16 assigned to 6to4 Requires one global IPv4 address on each Ingress/Egress site
RST-231
2002, Cisco Systems, Inc. All rights reserved.
55
6to4 Relay
IPv6 Network
192.168.99.1 Network prefix: 2002:c0a8:6301::/48 =
router1# interface Loopback0 ip address 192.168.99.1 255.255.255.0 ipv6 address 2002:c0a8:6301:1::/64 eui-64 interface Tunnel0 no ip address ipv6 unnumbered Ethernet0 tunnel source Loopback0 tunnel mode ipv6ip 6to4 ipv6 route 2002::/16 Tunnel0 ipv6 route ::/0 2002:c0a8:1e01::1
RST-231
IPv4
IPv6 Internet
IPv6 Network
6to4 relay:
Is a gateway to the rest of the IPv6 Internet Default router Anycast address (RFC 3068) for multiple 6to4 Relay
56
ISATAP
Intra-Site Automatic Tunnel Adressing Protocol Connect IPv6 nodes to IPv6 routers within a predominantly IPv4 environment Ideal for sparse distribution of IPv6 nodes E.g. Campus Networks with IPv4-only L3-Switches See draft-ietf-ngtrans-isatap-04.txt (Fred Templin, SRI, co-authored by Cisco)
RST-231
57
ISATAP Details
Use IANAs OUI 00-00-5E and encode IPv4 address as part of EUI-64
64-bit Unicast Prefix 0000:5EFE:
32-bit
IPv4 Address
32-bit
ISATAP
192.168.100.10
ISATAP-gw
2001:0420:ACAC:3101: 0000:5EFE:C0A8:640A
IPv4 Network
E0 192.168.99.1
IPv6 Network
6to4 Tunnel:
Is an automatic tunnel method Ideal for sparse distribution, e.g. Campus Supported in Windows XP Pro SP1 Supported in Cisco IOS EFT
ISATAP-gw# interface Ethernet0 ip address 192.168.99.1 255.255.255.0 interface Tunnel0 ipv6 address 2001:0420:ACAC:3101::/64 eui-64 no ipv6 nd suppress-ra tunnel source Ethernet0 tunnel mode ipv6ip isatap
RST-231
59
6Bone
Enterprise scenario
6to4 tunnels between sites ISATAP in campus Configured tunnels between sites or to 6Bone users
IPv6 IX
IPv6 Site B
Home
6to4
RST-231
2002, Cisco Systems, Inc. All rights reserved.
60
61
Dual-Stack Router
IPv6 and IPv4 Network
IPv4: 192.168.99.1
62
63
Service Providers have already deployed MPLS in their IPv4 backbone for various reasons
MPLS/VPN, MPLS/QoS, MPLS/TE, ATM + IP switching
RST-231
64
v6
IPv6 Routers
v6
P P
PE
v6
PE IPv6
PE
Circuit
IPv6
IPv6
No impact on existing IPv4 or MPLS Core (v6 unaware) Edge MPLS routers need to support AToM Mesh of PE-to-PE connections PE routers can be regular IPv6 routers (V6 over ATM, v6 over FR, v6 over Ethernet) or forward just the L2 VC (e.g. Ethernet) to the IPv6 router
2002, Cisco Systems, Inc. All rights reserved.
RST-231
65
v6
v6
P
IPv6
v6
IPv6
IPv6 MPLS
IPv6
66
v6
MP-iBGP Sessions
CE
v6
2001:0420:: 2001:0421::
v4
6PE
v6
CE
P P
P P
v6
6PE
192.76.10.0
v4 CE
6PE
IPv6
IPv4 MPLS
6PE
v4 192.254.10.0
CE
IPv6
IPv4 or MPLS core infrastructure is IPv6-unaware PEs are updated to support dual stack/6PE IPv6 reachability exchanged among 6PEs via iBGP (MP-BGP) IPv6 packets transported from 6PE to 6PE inside MPLS
RST-231
2002, Cisco Systems, Inc. All rights reserved.
67
6PE Overview
2001:0620::
v6
MP-iBGP Sessions
CE
v6
2001:0420:: 2001:0421::
145.95.0.0 2001:0621::
v4
6PE
v6
CE
P P
P P
v6
6PE
v4 192.254.10.0
CE
192.76.10.0
v4 CE
6PE
Dual Stack
6PE
Dual Stack IGPv4 MPLS V4: LDPv4 (TE v4) IPv6 Unaware No Core Upgrade
V6: IGP/BGP
V6: IGP/BGP
RST-231
68
6PE Routing
MP-BGP Advertises 2001:0421:::: and Binds a (2nd Level) Label IPv6 Next Hop Is an IPv4 Compatible IPv6 Address Built from 192.254.10.17 2001:0420:: IGPv4 Advertises Reachability of 192.254.10.17
192.72.170.13
2001:0421::
6PE-1
LDPv4 Binds Label to 192.254.10.17
6PE-2 P1 P2
192.254.10.17
Translation of v6 BGP Next_Hop into v4address Recursion of this address via IGPv4
RST-231
69
6PE-2 Sends MP-iBGP Advertisement to 6PE-1 which Says: 2001:0421:: Is Reachable via BGP Next Hop = 192.254.10.17 (6PE-2) Bind BGP Label to 2001:0421:: (*) IGPv4 Advertises Reachability of 192.254.10.17
2001:0421::
6PE-1
192.72.170.13
6PE-2 P1 P2
192.254.10.17
(*) The 2nd Label Allows Operations with Penultimate Hop Popping (PHP) (which Is Typically Used in Current MPLS Networks)It Is an Aggregate Label
RST-231
2002, Cisco Systems, Inc. All rights reserved.
70
6PE Forwarding
2001:0420::
192.72.170.13
2001:0421::
6PE-1 6PE-2
P1
P2
192.254.10.17
RST-231
71
192.72.170.13
6PE-1
P1
P2
192.254.10.17
RST-231
72
192.72.170.13
6PE-1
P2 P1
192.254.10.17 MP-BGP Label to 2001:421:: IPv6 Packet to 2001:421::
RST-231
73
6PE-1
2001:0421::
P2 P1
192.254.10.17 MP-BGP Label to 2001:421:: IPv6 Packet to 2001:421:: MP-BGP Label to 2001:421:: IPv6 Packet to 2001:421::
RST-231
74
192.72.170.13
6PE-1
6PE-2 receives an MPLS packet Lookup is done on Label Result is: Pop the Label and Do IPv6 Lookup on IPv6 Destination
6PE-2
2001:0421::
P2 P1
192.254.10.17 MP-BGP Label to 2001:421:: IPv6 Packet to 2001:421:: MP-BGP Label to 2001:421::
RST-231
75
6PE configuration
6CE
6PE
Staticv6 RIPv6 ISISv6 eBGPv6
ip cef mpls label protocol ldp tag-switching tdp router-id loopback0 ! interface Serial2/0 ip address 10.10.10.2 255.255.255.252 ip router isis mpls label protocol ldp tag-switching ip !
RST-231
2002, Cisco Systems, Inc. All rights reserved.
mpls ldp router-id loopback0 ! interface Loopback0 ip address 10.10.20.2 255.255.255.255 ipv6 address 2003::/64 eui-64 ! router bgp 100 no synchronization no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 10.10.20.1 remote-as 100 neighbor 10.10.20.1 update-source Loopback0 ! address-family ipv6 neighbor 10.10.20.1 activate
6PE Standardization
See <draft-ietf-ngtrans-bgp-tunnel-04.txt>: BGP Tunnelling Co-authored by Cisco Generic solution for transport of IPv6 over any tunnelling technique (including MPLS) using MPBGP IETF working group document 6PE is Cisco IOS implementation of BGP Tunnelling over MPLS FCSed on Cisco 12000 series with Cisco IOS 12.0(22)S, on Cisco 7200/7500 with 12.2(11)S
RST-231
2002, Cisco Systems, Inc. All rights reserved.
77
So What ?
Home Users
6to4, future: native IPv6
Enterprises
Start with Configured Tunnels, ISATAP future: Dual-Stack
SP
Offer 6to4 & 6to4 relay, future: native IPv6 Configured Tunnels, 6PE Future: Dual-Stack & 6PE
RST-231
78
IPv6 @ Cisco
RST-231
79
Standardizations involvement
IETF IPv6, NGTrans, DHCPv6 WG (co) chair
Technology innovation
IPv6 over MPLS (6PE) architectureGMPLS-ready IPv6 access feature set development to enable IPv6 to the home deployment More to be expected
RST-231
80
Investment protection
Cisco IOS IPv6 statement of direction published in June 2000 Cisco IOS routers are IPv6-enabled through software upgrade
RST-231
2002, Cisco Systems, Inc. All rights reserved.
81
RST-231
82
Market Target
Production Backbone ng IOS 12.2T, 12.2S, goi 12.0S Deployment On en t lopm eve rD eEnhanced IPv6 Services Phase III Und H2 CY 2002 and later
Phase II
RST-231
2002, Cisco Systems, Inc. All rights reserved.
83
Phase I
Any Router Able to Run 12.2T, from Cisco 800 to Cisco 7500 IP Plus, Enterprise and SP images
RST-231
Now FT
RST-231
85
RST-231
RST-231
87
H1 CY03
88
Conclusion
RST-231
89
IPv6Conclusion
IPv6 Ready for Production Deployment?
Core IPv6 specifications are well-tested and stable
Some of the advanced features of IPv6 still need specification, implementation, and deployment work
Application, middleware and scalable deployment scenario are IPv6 focus and challenge Service development for service providers Plan for IPv6 integration and IPv4-IPv6 co-existence
Training, applications inventory, and IPv6 deployment planning
90
RST-231
91
RST-231
92
93
RST-231
94