• Like
  • Save
Lei Wang - IPv6 - Hvordan starte IPv6-implementering
Upcoming SlideShare
Loading in...5
×
 

Lei Wang - IPv6 - Hvordan starte IPv6-implementering

on

  • 2,069 views

IPv6-forum konferanse Oslo 2012-04-25

IPv6-forum konferanse Oslo 2012-04-25

Statistics

Views

Total Views
2,069
Views on SlideShare
995
Embed Views
1,074

Actions

Likes
0
Downloads
9
Comments
0

2 Embeds 1,074

http://ipv6forum.no 1069
http://translate.googleusercontent.com 5

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • When the 6PE device receives an IPv6 packet from the CE, it directly labels the packet to translate the packet into an MPLS packet that can be transmitted over the IPv4 backbone network. The MPLS packet is forwarded to the remote 6PE through the LSP. The remote 6PE removes the label and finds the IPv6 routing table according to the destination address in the resulting IPv6 packet header. The remote 6PE then sends the packet to the destination host in the remote IPv6 network through the remote CE.
  • If DS-Lite is enabled on a CPE, and an IPv4 private network user needs to access the IPv4 public network by traversing an IPv6 network, the specific implementation is as follows: 1. On the CPE, the tunnel source IP address is statically configured or obtained by means of the BRAS. On the CGN, the tunnel destination IP address is statically configured, or obtained by means of the extended DHCPv4 options. The IPv4 private network address of the IPv4 host is assigned by the CPE. 2. The IPv4 private network address is statically configured or obtained by means of the BRAS 3. An IPv4 public network address pool is configured on the CGN, and the network segment is configured for the tunnel source IP address and tunnel destination IP address. 4. The CPE inserts an IPv6 header to IPv4 private network packets, takes the IPv4 private network packets as the payload of the IPv6 packets, and sends the IPv6 packets to the CGN. The source IP address and destination IP address of the IPv6 packets are respectively the tunnel source IP address and tunnel destination IP address. 5. After receiving the IPv6 packets, the CGN verifies whether the source IP address of the IPv6 packets falls into the network segment of the tunnel source IP address (configured in Step 3). If the source IP address falls into the network segment, the security check is passed. 6. The CGN decapsulates the IPv6 packets that satisfy the security requirement, extracts the IPv4 packets from the IPv6 packets, and translates the IPv4 private network address to the IPv4 public network address. The CGN then creates the forward mapping table and reverse mapping table, and forwards the IPv4 packets to the IPv4 public network. 7. After receiving IPv4 packets in the reverse direction, the CGN checks the mapping table to translate the destination IP address of the IPv4 packets to the private network address, encapsulates an IPv6 header to the IPv4 packets, and sends the IPv6 packets to the CPE. Note: Any IPv4 private network address can be assigned to the IPv4 user, and negotiation is not required during the establishment of the tunnel.
  • For the IPv6 over IPv4 tunnel (also known as configured tunnel), the addresses of the two endpoints of the tunnel need be manually configured on the routers on both ends of the tunnel. All tunnels are bidirectional. The manually configured IPv4 addresses are used as the link-layer addresses of the two tunnel endpoints, thus providing an end-to-end virtual link for the IPv6 network layer. The tunnel entrance router determines the packets to be transferred through a tunnel according to the destination IPv6 addresses of the packets and the routing table. It encapsulates the IPv6 packet as the IPv4 packet according to the configuration information about the tunnel interface. It determines the source and destination IPv4 addresses of the tunnel according to the data configuration. Advantages: It can be used by any IPv6 to traverse IPv4. Disadvantages: It need be manually configured.

Lei Wang - IPv6 - Hvordan starte IPv6-implementering Lei Wang - IPv6 - Hvordan starte IPv6-implementering Presentation Transcript

  • “How to start” et IPv6implementasjonsprosjekt Lei Wang, Lime Networks Eirik Eilertsen, Signal Bredbånd IKT Norge IPv6 konferanse Oslo, 24-25 April 2012
  • • Infrastruktur oversikt og status• Valg av ”transition technology”• Implementering• Opplæring
  • • Infrastruktur oversikt og status• Valg av ”transition technology”• Implementering• Opplæring
  • Infrastruktur oversikt og status - I
  • Infrastruktur oversikt og status - II• Del 1: Oversikt over ISPen sin plan for implementasjon av IPv6• Del 2: Oversikt over ASPen sin plan for implementasjon av IPv6• Del 3: Oversikt over nettverksutstyr og støtte for IPv6• Del 4: Oversikt over IT systemer (ink. OSS/BSS) og støtte for IPv6• Del 5: Oversikt over endeutstyr-operativsystem og støtte for IPv6
  • Infrastruktur oversikt og status -III• Del 1: Oversikt over ISPens plan for implementasjon av IPv6
  • Infrastruktur oversikt og status -III• Del 2: Oversikt over ASPens plan for implementasjon av IPv6
  • Infrastruktur oversikt og status -IV• Del 3: Oversikt over nettverksutstyr og støtte for IPv6
  • Infrastruktur oversikt og status -V• Del 4: Oversikt over IT systemer (ink. OSS/BSS) og støtte for IPv6
  • Infrastruktur oversikt og status -VI• Del 5: Oversikt over endeutstyrs operativsystem og støtte for IPv6
  • • Infrastruktur oversikt og status• Valg av ”transition technology”• Implementering• Opplæring
  • Valg av ”transition technologies”• IPv4/IPv6 Dualstack• Tunnel metoder• NAT metoder• Kombinasjonsmetoder: DS-liteDualstack er foretrukket så lenge du har nok offentlige IPv4 adresser.
  • Transition technology: Dual Stack IPv4-only Host:Dual-Stacked Host: web.v4.com Query: 195.98.2.109 web.v4.com? A Resource Record: 195.98.2.109 199.15.23.87 DNS IPv6-only Host: 3ffe:3700:1100:1:210:a4ff:fea0:bc97 web.v6.com 3ffe.2301.1700.1.abcd.1234.dada.1 13
  • Transition technology: Dual Stack IPv4-only Host:Dual-Stacked Host: web.v4.com Query: 195.98.2.109 web.v6.com? AAAA Resource Record: 3ffe.2301.1700.1.abcd.1234.dada.1 DNS IPv6-only Host: 199.15.23.87 3ffe:3700:1100:1:210:a4ff:fea0:bc97 web.v6.com 3ffe.2301.1700.1.abcd.1234.dada.1 14
  • Transition technology: 6PE/6VPEOn an IPv4 backbone network where the MPLS is deployed, the ISP can usethe IPv6 Provider Edge (6PE) technology to provide the interconnectioncapacity for the IPv6 networks of dispersed users. 6PE is the PE with the IPv6capacity. 15
  • Transition technology: DS-LiteDual Stack Lite (DS-Lite) is a solution that allows IPv4 private network users toaccess the IPv4 public network by traversing an IPv6 network. To implementDS-Lite, IPv4 over IPv6 tunnels and IPv4 NAT are deployed. 16
  • Transition technology: TunnelsThe tunnels that are used to connect IPv6 isolated sites on the IPv4networks are called IPv6 over IPv4 tunnels.To establish IPv6 over IPv4 tunnels, the IPv4/IPv6 dual protocol stackneeds to be enabled on the device at the border between the IPv4network and the IPv6 network. 17
  • Transition technology: Configured Tunnel• Determine the source and destination IPv4 addresses of the tunnel according to the data configuration• Determine the packets to be transferred through a tunnel according to the destination IPv6 addresses of the packets and the routing table. IPv4 Transport Transport IPv6 IPv6 Header Header Layer Data Header Layer Data ( 41 ) Header Header IPv4 IPv4Network Header ( 41 ) IPv6 IPv6 Network IPv6 Network Dual-stack Router IPv6 Host IPv6 Host Transport IPv6 IPv4 address: 192.168.30.1 Layer Data IPv4 address: 192.168.99.1Header Header IPv6 address: 3ffe:b00:c18:1::3 IPv6 address: 3ffe:b00:c18:1::2 18
  • Transition technology: 6to4 Tunnel 6to4 Router Recognizes 6to4 Prefixes Local Tunnel Endpoint = 138.14.85.210 Packet Source Address: Remote Tunnel Endpoint = 2002:8a0e:55d2:1:230:65ff:fe2c:9a6 65.114.168.91 Packet Destination Address: 2002:4172:a85b:1:20a:95ff:fe8b:3cba IPv4 Network IPv6 6to4 IPv6 IPv6 6to4 Network Network 6to4 Router 6to4 Router Host2: Host1: 2002:4172:a85b:1:20a:95ff:fe8b:3cba 2002:8a0e:55d2:1:230:65ff:fe2c:9a6 DNS: Host2 = 2002:4172:a85b:20a:95ff:fe8b:3cba 19
  • • Infrastruktur oversikt og status• Valg av ”transition technology”• Implementering• Opplæring
  • Implementasjon: 10-trinns rakett• Steg 1: Søke om IPv6 adresser• Steg 2: Opprette ”dual-stack” uplink til Internet• Steg 3: Tilpasse firewall policy• Steg 4: Lage IP-adresseplan• Steg 5: Gjøre DNS server klar for IPv6• Steg 6: IPv6 adresseutdeling• Steg 7: Implementere dualstack i nettverksinnfrastrukturen• Steg 8: Implementere IPv6 support i NMS miljø• Steg 9: Sikkerhet – IDS/IPS med IPv6 støtte• Steg 10: Dualstack på hostsystemene
  • Implementasjon: Steg 1 - 3• Steg 1: Søke om IPv6 adresser Bedrifter får oftest tildelt en eller flere /48 adresseblokker 2001:BD1:234C/48 -> 65536 /64 –SP: /32 addresseblokker –Store bedrifter: /48 adresseblokker –Mellomstore bedrifter: /56 adresseblokker (/64 linknett og /56 på insiden av brannmur/ruter tildelt statisk eller av DHCPv6) –SOHO/Subnet i bedrifter: /64 adresseblokker• Steg 2: Opprette ”dual-stack” uplink til Internet –Annonsere IPv6 blokkene til ISPen –ISP annonserer videre –Motta IPv6 prefix’er evt default rute fra ISP’en• Steg 3: Tilpass firewall policy –Ta Hensyn til IPv6
  • Implementasjon: Steg 4• Steg 4: Lage IP-adresseplan
  • Implementasjon: Steg 4• Steg 4: Lage IP-adresseplan * Figuren er fra Jeff Doyle Texas IPv6 summit
  • Implementasjon: stegene• Steg 4: IP-adresse planAnbefaling: Bruk /64 blokk som standard subnet(må være /64 for SLAAC skal fungere)Om du er tildelt 2001:BD1:234C::/48 betyr at du kan disponere 2001:BD1:234C:0000::/64 to 2001:BD1:234C:ffff::/64
  • Implementasjon: stegeneAnbefaling: Gi subnett-bitene meninger!•Steg4: IP-adresse VLAN,Brukergruppering, plan lokasjoner…Men IKKE overdriv antall nivåer. Retning på filtering: starter med mest signifikant biter i sikkerhetspolicy 2001:BD1:234C G G G 0 L L L 0 0 S S S S S S S ::/64 G: Grupper L: Lokasjoner S:Subnett/VLANer 0000: Ansatter gr1 0000: Oslo 00000001: Subnet/VLAN1 0110: Studenter Intranett 0010: Bærum 01100010: Subnet/VLAN2 1xx0: Extern 1010: Trondheim 00100011: Subnet/VLAN3 0: Lurt å reservere bits mellom ”meningsfulle” bits for fremtidige behov
  • Implementasjon: Steg 5• Steg 5: Gjøre DNS server klar for IPv6 – A-record for IPv4 adresse – AAAA-record for IPv6 adresse
  • Implementasjon: Steg 6• Steg 6: IPv6 adressetildeling – DHCPv6: fungerer på samme måte som DHCP for IPv4: Tildele adresse, default-gw, DNS server – SLAAC (Stateless address autoconfiguration): Automatisk adressetildeling når IPv6 klient er tilkoplet et IPv6 rutet nettverk. Opprinnelig SLAAC standard mangler opsjon for å få DNS-server oppslag, så en kombinasjon med DHCPv6 er nødvendig • RFC5006 har foreslått en utvidelse av SLAAC med IPv6 RA opsjon for DNS-server adresse. Spør din leverandør om RFC5006 implementasjon og velg (eller vent på) en stabil versjon med støtte for dette!
  • Implementasjon: Steg 7• Steg 7: Implementere dualstack i nettverksinnfrastrukturen - ruting – RIPng: IPv6-only, dual stack krever dermed også RIP – OSPFv3: IPv6-only, dual stack krever dermed også OSPF – IS-IS: IS-IS er utvidet med ny TLV for å supportere IPv6 – Multiprotokoll BGP: Støtter multi-adressefamilier, behøver dermed kun legge til IPv6 unicast/multicast- adressefamilier i eksisterende BGP instanse
  • Implementasjon: Steg 8• Steg 8: Implementere IPv6 support i NMS miljø – SNMP – Telnet/SSH – FTP/SCP/TFTP – MRTG – Netflow – Managementplaformer: Tivoli, HP openview, Nagios etc
  • Implementasjon: Steg 9• Steg 9: Sikkerhet – IDS/IPS med IPv6 add-on
  • Implementasjon: Steg 10• Steg 10: Dualstack på hostsystemene: – Plan for oppgradering/utskifting for å få 100% support for IPv6 i 100% av endeutstyret
  • • Infrastruktur oversikt og status• Valg av ”transition technology”• Implementering• Opplæring
  • OpplæringsplanIPv6 prosjektet berører hele organisasjonen, deter viktig med informasjonsflyt slik at folk erforberedt på endringer/problemer som oppstår.•Opplæringsplan for IT-support personell – IPv6 kurs•Opplæringsplan for brukere – IPv6 FAQ – IPv6 håndbok
  • Takk foroppmerksomheten