• Like

IPv6: Real World Deployments (From the Trenches) (IOS Advantage Webinar)

  • 7,620 views
Uploaded on

Hear from the experts who focus on deploying, operating & implementing IPv6 on existing network infrastructures. …

Hear from the experts who focus on deploying, operating & implementing IPv6 on existing network infrastructures.

Cisco's IPv6 Strategy will be reviewed along with recommendations for adding IPv6 onto a network infrastructure in a safe and scalable manner. Best practices and shared deployment insights from Interop Las Vegas and Cisco Live 2011 events will be discussed.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
7,620
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
138
Comments
0
Likes
4

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cisco IOS Advantage WebinarsIPv6 Deployment andIP 6 D l t dOperations ExperiencesKen Hook, Product Line ManagerGunter Van de Velde, Technical LeaderDate: September 7th, 2011© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  • 2.  Speakers • Ken Hook Product Line Manager, Identity & IPv6 khook@cisco.com • G t Van de V ld Gunter V d Velde Technical Leader @ Cisco President Belgian IPv6 Task Force IETF Co-chair, OPSEC WG gvandeve@cisco.com© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 All Specifications Subject to Change Without Notice
  • 3. • Submit questions in Q&A panel and send to “All Panelists” Avoid A id CHAT window for better access to panelists i d f b tt t li t• For Webex audio, select COMMUNICATE > Join Audio Broadcast• F W b call b k click ALLOW Phone button at For Webex ll back, li k Ph b tt t the bottom of Participants side panel• Where can I get slides? https://communities.cisco.com/docs/DOC-26134 Or send email to: ask_iosadvantage@cisco.com• Please fill in Survey at end of event y• Join us on October 5 for our next IOS Advantage Webinar: Creating Zero-Touch Carrier Ethernet Services© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 All Specifications Subject to Change Without Notice
  • 4.  Business Drivers - Enterprise D l Deployment S Strategies i Offerings IPv6 Highlights Real world “Interop” and “Cisco Live 2011”© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 All Specifications Subject to Change Without Notice
  • 5. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 All Specifications Subject to Change Without Notice
  • 6. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 All Specifications Subject to Change Without Notice
  • 7. 2010 2011 2012 NOVEMBER, 2010 Globalization: 25% of the world’s population using 100% of IPv4 addresses JAN, 2011 Date the last IPv4 addresses was allocated SEPTEMBER, 2012 Civilian US Government Agencies mandated to provide external IPv6 connectivity© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 All Specifications Subject to Change Without Notice
  • 8. 2010 2012 2014• 2010: Low Impact – Buying behavior shift limited to mandated and early adopter sites IPv4/IPv6 Co e ste ce Co-existence IPv6 Government Globalization Mandate Deadlines Early 2011: Internet Evolution begins – “…IPv6 is important to all of us Adopters (…) to everyone around the world, It is crucial to our ability to tie Transition together everyone and every device”. John Chambers Planning • 2012: Mandates take effect – Transition to IPv6 forces customers to acquire product or managed services to sustain business and customer reach • 2014: IPv6 is mainstream – customers without transition infrastructure experience reduced service levels, diminished customer reach, increase operational complexity t h i ti l l it IPv6 Business Impact – The Cost of Waiting Goes Up Low Risk© 2011 Cisco and/or its affiliates. All rights reserved. Moderate Risk All Specifications Subject to Change Without Notice High Risk Confidential Cisco 8
  • 9. Mobile and the Internet of Things drive g g growth In 2013….There Will Be 50 BILLION Devices Connected to the Network, up from 35 BILLION in 2010 Source: Forrester, Cisco IBSG© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 All Specifications Subject to Change Without Notice
  • 10. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 All Specifications Subject to Change Without Notice
  • 11. Preserve Preserve the customer’s existing i P th t ’ i ti investment t t • Audit and leverage existing IPv6 capabilities Prepare Prepare a migration and deployment plan • Identify and enable critical IPv6 functional areas Prosper through the transition to IPv6 Internet Prosper • Enable all systems with dual-stack capabilities dual stack • Grow seamlessly as customers transition to IPv6 IPv6 is the foundation of a lifecycle management discussion© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 All Specifications Subject to Change Without Notice
  • 12. Over a Decade of IPv6Cisco Investment - Security EIGRP Radius Shipping Since v6 v6 CoPP AAA VRF v6 ACLs 1996 IPv6 HA HSRPv6 IPv6 BGP OSPFv3 ISSU Firewall v6 V6 IPv6 Netflow IPv6 QoS Forwarding g IPv6 Anycast A t Classification, Multicast policing IPv6 IPv6 Syslog Routing v6 OSPFv3 Management DHCPv6, SNMP, DNS, IS-IS SSH, ICMPv6 EIGRP These capabilities and more are already part of your customer’s investment© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 All Specifications Subject to Change Without Notice
  • 13. 1 Identify the highest priority IPv6-critical areas in your network2 Perform IPv6 Assessment on high priority areas to determine scope3 Develop a design that enables IPv6 without disrupting your IPv4 network4 Test and implement in pilot mode, then extend over time into production Repeat for the Next IPv6-Critical Area in Your Network© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 All Specifications Subject to Change Without Notice
  • 14. A well-structured migration plan provides insurance against well- unexpected costs as customers, partners, and suppliers move to IPv4 and IPv6 coexistence Leverage Y L Your Investment A Decade of Cisco IPv6 Innovations Make a Plan Accelerate Align Business Prosper through and IT Strategy Invest for accelerated global Success customer reach. Deploy IPv6 Unleash new Transition Support business models Technologies T h l i© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 All Specifications Subject to Change Without Notice
  • 15. 1 Sales Certs (USGv6, JITC UCR2008) 2 IPv6 Pilot and Basic Infrastructure 3 IPv6 Internet Presence (websites, remote users, B2B …) 4 IPv6 Islands (Wireless/Consumer devices, Labs …) 5 Internal Data Center, Enterprise Apps 6 Ubiquitous Dual-Stack 7 IPv4 EOL “Mandated” “Motivated” “Early “Mainstream” 1, 2 1 2, 3 234 Adopter” Ad t ” 2 Who? Who? 243567 Who? • Government Agencies •Customers with IPv4 •Large US/European address exhaustion Who? • Customers who sell to Enterprises government agencies •Global Enterprises with •Companies looking for •Small-Medium •Small Medium Enterprises consumer or business competitive advantage interaction on the public •Companies using IPv6 to internet solve business problems •Customers with user- •Early adopters preparing for© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 provided devicesSpecifications Subject to Changecoexistence All on their Without Notice t k
  • 16. Prioritize Critical Areas of Your Business and Network As Y S l Beyond IP 4 Li i i A You Scale B d IPv4 Limitations Solution Overview Through a Phased Approach, We Help You to: By the end of 2011, Internet 1. Identify the highest priority IPv6-critical areas in your traffic will be using the next- network. generation Internet protocol: 2. Assess those areas to determine the scope of your IPv6 IPv6. design. IPv6 adoption must be 3. Develop a design that enables IPv6 to be introduced addressed using a phased without disrupting your IPv4 network. approach with careful validation 4. Test and implement IPv6 in pilot mode, then extend over and testing to avoid disrupting time into production deployment. the IPv4 network or introducing vulnerabilities. 5. Repeat steps for subsequent areas of your network through ongoing optimization. Proactively Budget Time, Money, and Resources© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 All Specifications Subject to Change Without Notice
  • 17. Use Case IPv6 Technology Relevant Products Dual Stack Use Case IPv6 and IPv4 • Catalyst 6K, 4K, 3K, 2K • Set up devices to run • IPv6 switching and • Nexus 7K, ASA IPv4 and IPv6 in parallel routing stacks Security Appliance • IPv6 over IPv4 • AnyConnect VPN client • Link hosts and islands tunneling protocols • ASR 1000 of IPv6 devices together • First Hop Security • ISR G2 IPv6 Internet Stateless NAT64 Presence Use Case • Allows IPv6 or dual-• Get started on the IPv6 • Stateful NAT on stack hosts to talk to NEW Internet Edge for ASR-1000 IPv4 infrastructure Outside – In deployment (for example, web content)© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 All Specifications Subject to Change Without Notice
  • 18. NEW Solution Characteristics• Expected Scale: 1.3 Million Stateful NAT Translations with HA enabled• Expected Performance: 78K Translations per Second with HA enabled, with integrated IP Services• IPv6 adoption: Allows connectivity between IPv6 internet and IPv4 network• Position on Internet Edge with Stateful NAT64 functionality or as dedicated translation device IPv6 Internet ASR1K St t f l NAT64 T Stateful Translator l t IPv4 packet Enterprise Edge Data Center IPv6 Packet IPv6 Prefix IPv4 pool IPv6 Devices Any type of IPv6 Prefix is allowed© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 All Specifications Subject to Change Without Notice
  • 19. IPv6 IPv4 V6-only Hosting/ IPv4 ISP ISP Content End User CDN Subscribers 4 6 6 4 Considerations: Experience, Scale, Cost, Operations, Technology…© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 All Specifications Subject to Change Without Notice
  • 20. Optimized IPv6 Transition Security Delivery Technologies MPLS/ IPv4/IPv6 Internet Core • IPv6 IPsec • Dual Stack IPv4/IPv6 • EIGRPv6, OSPFv3, dge • IPv6 Firewall Security • V6 over v4 tunnels: BGPv6Ed • IP 6 IDS IPv6 6vPE/6PE, L3VPNoMGRE, 6 PE/6PE L3VPN MGRE • PBR DMVPNv6, Static tunnels • 6 to 4 translation • EIGRPv6, OSPFv3, IS-ISCore • IPv6 CoPP • Dual Stack IPv4/IPv6 • IP 6 support f VSS IPv6 t for • 6t 4 tunneling 6to4 t li • ISATAP • ECMP, OSPFv3 GR • IPv6 PIM-SSM, MLDv2, • IPv6 ACL • Dual Stack IPv4/IPv6 ion Embedded RP • IPv6 ACL Atomic • 6vPE/6PEDistributi • IPv6 QoS Commit/Dry Run • 6to4 tunneling • DHCPv6 Relay Agent • uRPF • ISATAP tunnels • HSRPv6/GLBPv6 • IPv6 Ingress Netflow • IPv6 support for VSS pp • IPv6 Flexible NetflowD • Stateless Auto configuration • IGMPv3/MLDv2 Snooping cess • Dual Stack IPv4/IPv6 • IPv6 management: • IPv6 First Hop Security • ISATAP and staticAcc SNMP, Syslog SSH, SNMP Syslog, SSH • IPv6 PACL/RA Guard Tunnels NTPv4, Tacacs+ • IPv6 interface stats “Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 20 theSpecifications Subject to Change forth in this document.” All products or features set Without Notice All Specifications Subject to Change Without Notice
  • 21. Translation Point Internet DC Distribution/Core Edge • Dual Stack • R ti protocols Routing t l (OPSFv3, ISISv6, BGPv6..) • IPv6 Mcast • IPv6 security: classification, ACL & policing CoPP policing,CoPP • BFD Firewall DC Core … • Flexible Netflow • 6VPE • ECMP Firewall • Interface stats • uRPFL2/L3 Boundary DCTowards Access Agg• Dual Stack• HSRPv6/VRRPv3• BFD• SVI 1x10GE per Load• Snooping (MLDv2) ….. Agg SW balancers IPv4• IGMPv3 IPv6 IPv4 IPv6• First Hop Security (RA guard) ToR• PACL/VACL Rack Racks R k Access Racks R k• IPv6 Management 1 ……………….© 2011 Cisco and/or its affiliates. All rights reserved. . All Specifications Subject to Change Without Notice Cisco Confidential 21
  • 22. June 8 2011 – 00h00-23h59 (UTC) g 24-hr IPv6 “Test Flight” IPv6 access on website’s “front door” (DNS AAAA Record on www.company.com) Note: This is not about turning off IPv4! http://isoc.org/wp/worldipv6day/ p g p p y Coordinated by: http://isoc.org/wp/worldipv6day p g p p yhttp://isoc.org/wp/worldipv6day/participantshttp://supportforums.cisco.com/community/netpro/network-infrastructure/ipv6-transition World IPv6 Day: y Jumping In Together© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 All Specifications Subject to Change Without Notice
  • 23. • No issue on cisco.com• No Security issue• Performance within predicted range• NO TAC case• And that seems to be consistent across the industry© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 All Specifications Subject to Change Without Notice
  • 24. Source: Arbor Networks http://hide.dnsalias.net/aaaa/worldipv6day.cgi y g© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 All Specifications Subject to Change Without Notice
  • 25.  Business Drivers - Enterprise D l Deployment S Strategies i Offerings IPv6 Highlights Real world “Interop” and “Cisco Live 2011”© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 All Specifications Subject to Change Without Notice
  • 26. Interop 2011Gunter Van de VeldeSr. Technical LeaderNOSTG© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
  • 27. • Background and Goals • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Results and Statistics • Conclusions© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 All Specifications Subject to Change Without Notice
  • 28. • It is all about the Network • Multivendor was the key element • It is a conference • +15k people attend this event in Las Vegas • There is a show-floor • There is a breakout floor • More then 30 vendors participate (network, fiber, monitoring, operation, etc ) operation etc…)© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 All Specifications Subject to Change Without Notice
  • 29. • Network must be fully dual stack (IPv4+IPv6)• All IPv4 services should be reachable over IPv6• Connections to IPv6-enabled websites should use IPv6 by default• Demonstrate and experiment with newer technologies like DHCP PD DHCP-PD• Nothing should break © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 All Specifications Subject to Change Without Notice
  • 30. Mandalay Bay Conference Center Show Floor Off Show Off Show 2nd Floor NOC Floor and Press room Access 3rd Party 3rd PartyDistribution 3rd Party Core Primary Interop Colo Internet 3rd Party 3rd Party Co- Co-locations Colo- Colo-1: Sunnyvale Colo- Colo-2: Denver Backup: Newark © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 All Specifications Subject to Change Without Notice
  • 31. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 All Specifications Subject to Change Without Notice
  • 32. Clean Air Wireless Off Show Floor NOC 802.11n NOC desktops Cat2960C-8 2960C- PoE+ 2960C-8 PoE+ 3750X Show Floor Press Services 4510R+E Room CNR – DHCP/DNS LMS, CMS LMS CMS, MCS 4510R+E CUCM, CUC, CUP 4510 R+E VSS (20GigE) 20GigE) VSS 4948 (20GigE) 20GigE) Wireless and Security 6506E 6506E 20GigE 20GigE IDS 6513E 6513E s 2 * 20GigE ASA 5585 2nd floor VSS 2 * 80GigE 6509E (20GigE) 20GigE) 6509E 6509E WISMLas Vegas - MBCC ASA ASA5585- ASA5585-X 6503E ASA5585- ASA5585-X IPS- IPS-4270 VSS (20GigE) 20GigE) IPS 4270 ASR1004 DMZ Primary Colo: Sunnyvale Colo: 6503E Denver Newark © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 All Specifications Subject to Change Without Notice
  • 33. Application Unified Communication HD Video between LMS Management and Dual Stack DNS with CNR in a dual stack environment IPv6 & IPv4 end-points end- config management Dual Stack DHCP with CNR MediaNET Collaboration Cisco Security Manager Cisco WCS Manager Serv ns Security: ASA and IDS Security: IDS Wireless with WISM2 p Transparent firewall full IPv4/IPv6 application Centralized wireless contral vices Inspection and I ti d NAM3 application inspection RF Optimization with intrusion detection, , Centrally managed centrally managed clean airInfr Flexible NetFlow Full IPv4/IPv6 VSS- VSS-Quad Sup Routing Fast Convergence rastructure Network N Internet Peering QoS Implementation OSPF and BGP Multi- Multi-chassis Etherchannel ISSU DHCPv4/6 DHCPv4/6 First Hop Security ECMP MediaNET SNMPv3 Load- Load-Balancing Control Plane Security Multicast Performance MonitorSpeeds&S Feeds 802.11N IPv4/IPv6 Hardware-based 40G core 40G Firewall Services Acceleration IPS4270 20 IPS4270-20 WISM2 NAM3 Aironet 3500 SCE CP 9971 CP-9971 TP: CTS500 EX90EquipmentE C3750X Cisco Telepresence C6500 C4500 ASA5585 C2960C-8 ASR1k MXE-5600 TP: EX90 Server © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 All Specifications Subject to Change Without Notice
  • 34. Final Day Fi l D Main Day1, 2, 3 Conference and 4 days First classes and registration© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 All Specifications Subject to Change Without Notice
  • 35. Final Day Fi l D Main Day1, 2, 3 Conference and 4 days First classes and registration© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 All Specifications Subject to Change Without Notice
  • 36. • Top 10 DNS lookups - provided by Dyn DNS • Top AAAA DNS lookups • 1 l.google.com • 1 daccess.microsoft.com • 2 daccess.microsoft.com • 2 enet.interop.net • 3 ak.fbcdn.net • 3 l.google.com • 4 NYAPPMSGVS02.zbinet.com. • 4 ak.fbcdn.net • 5 com.akadns.net • 5 www.google.com. • 6 g.akamai.net • 6 push.apple.com • 7 push.apple.com • 7 www.apple.com. • 8 www.google.com. • 8 clients.google.com • 9 www.facebook.com. • 9 imap.gmail.com. • 10 clients.google.com • 10 mail.google.com.© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 All Specifications Subject to Change Without Notice
  • 37. • Background and Goals • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Results and Statistics • Conclusions© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 All Specifications Subject to Change Without Notice
  • 38. • Qwest provides IPv4 and IPv6 connectivity to Interop, via links and BGP sessions to colos in SFO, DEN, and EWR• GigE links from SFO and DEN to Las Vegas are dual stack, with IPv4 and IPv6 eBGP sessions• OSPFv3 is used for IPv6 routing between the colos and within the show network• We had 2620:144::/32 at our availability y© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 All Specifications Subject to Change Without Notice
  • 39. • All client-facing networks use SLAAC to allow clients to auto-assign themselves an IPv6 address and default gateway on the correct subnet g y Supported by all IPv6-capable devices Auto-assigned IPv6 address Default Gateway (Link-local from RA)© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 All Specifications Subject to Change Without Notice
  • 40. • In addition, DHCPv6 is enabled, to provide IPv6 DNS information (and another working IPv6 address) g ) Devices that don’t support DHCPv6 (Windows XP and Mac OS X) must use IPv4 DNS, but can still resolve AAAA records DHCPv6 assigned DHCPv6-assigned IPv6 address DHCPv6-assigned DNS server© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 All Specifications Subject to Change Without Notice
  • 41. • All DNS services were provided by DynDNS and CNR• In order to connect to Google and Facebook over IPv6, we arranged to IPv6 whitelist the InteropNET DNS servers (Thank you Mark Townsley.) As a result, DNS requests for google.com and facebook.com receive AAAA (IPv6) responses On World IPv6 Day (June 8th) those AAAAs were visible to everyone© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 All Specifications Subject to Change Without Notice
  • 42. • Goal was to provide all internal services over IPv6 as well as IPv4• This required coordination with vendors to enable IPv6 make sure IPv6, services were bound to their IPv6 ports, and publish AAAA records• Most (but not all) services ended up reachable over IPv6• Cisco ASA5585 was used in transparant mode for Firewall services© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 All Specifications Subject to Change Without Notice
  • 43. • InteropNET wireless is provided by a 3rd party vendor (2nd floor) and Cisco (3rd floor) ( )• Off show floor, 3rd floor, all wireless arrays on each floor are part of a single VLAN, so roaming occurs at layer 2• On the show floor, 2th floor, each wireless array is on a different VLAN. When roaming occurs, a tunnel is dynamically built back to the first AP the user associated with© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43 All Specifications Subject to Change Without Notice
  • 44. • Background and Goals • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Results and Statistics • Conclusions© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44 All Specifications Subject to Change Without Notice
  • 45. • All of the registries, for the most part, assign initial blocks for registries part Service provider /32 Enterprise /48© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45 All Specifications Subject to Change Without Notice
  • 46. • Depends on the type of network, the size of the network, and problem to be solved• Points of consideration Documentation Ease of troubleshooting Aggregation Standards compliance Growth SLAAC Existing IPv4 addressing plan Existing Human factors© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 All Specifications Subject to Change Without Notice
  • 47. • Encode every IPv4 address in your network in an IPv6 address• At first it seems relatively simple: 10.10.10.10 (0A0A0A0A) 2001:DB8:A0A:A0A:: Easy, right?© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 All Specifications Subject to Change Without Notice
  • 48. • Requires a /32 assignment if a minimum subnet size of /64 is to be preserved Do you have or can you get a /32? Provides no information about the subnet mask Results in very large subnets Light documentation requirements as your existing IPv4 documentation is your IPv6 documentation© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48 All Specifications Subject to Change Without Notice
  • 49. • Subnetting issue 10.10.10.0/24 10 10 10 0/24 (A0A0A0) 2001:DB8:A0A:A00::/56 Do we count the significant digits for the subnet? 2001:DB8:A0A:A00::/56© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49 All Specifications Subject to Change Without Notice
  • 50. • What if we “round down” to /64? 10.10.10.17/24 10 10 10 17/24 (0A0A0A10) 2001:DB8:A0A:A00::10/64? Better, Better but let’s look at a point to point link let s link.© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50 All Specifications Subject to Change Without Notice
  • 51. • Point to Point Link: 10.10.10.1/30 10 10 10 1/30 (A0A0A01) for the remote site 10.10.10.2/30 (A0A0A02) for the local site If we follow the previous rule to the letter we get: 2001:DB8:A0A0:A000::1/64 2001:DB8:A0A0:A000::2/64 But using /64s on router-to-router links can be dangerous, causing potential ping-pong problem issues on the point-2-point interface© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 All Specifications Subject to Change Without Notice
  • 52. Better to use a /127: 2001:DB8:AAA0::1/127 2001:DB8:AAA0::2/127Um, wait a minute. What’s wrong here?© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52 All Specifications Subject to Change Without Notice
  • 53. 2001:DB8:AAA0::1/127 2001:DB8:AAA0::2/127• Those are NOT in the same subnet!! A /127 could be ::0 and ::1, or ::2 ::1 and ::3, but NEVER ::1 and ::2!!• As a matter of fact, NO IPv4 /30 can ever cleanly map into a /127!!© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53 All Specifications Subject to Change Without Notice
  • 54. Networks smaller than /64 can be desirable, especially using /127s for point to point links, and /128 for LoopbackBe conservative in what you consume, be liberate in what you allocate: To avoid future breakage, allocate a /64 in your documentation but use the smaller block Similarly, reserve /48s for EVERYTHING you can, there’s no reason to allocate densely, there’s plenty of space If you have a complex network allocate in a sparse way to enable easy network, aggregation© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54 All Specifications Subject to Change Without Notice
  • 55. • You can indeed add convenience and save on documentation by using an algorithmic approach g• But ONLY if you have reasonably few IPv4 blocks, if you have 100s, you’ll probably need a different approach unless you can get a large enough v6 allocation• You DON’T want to reproduce IPv4 “cruft” into IPv6. If your IPv4 subnetting is a mess, it’s best to re-do it for IPv6.© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55 All Specifications Subject to Change Without Notice
  • 56. • Background and Goals • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Results and Statistics • Conclusions© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56 All Specifications Subject to Change Without Notice
  • 57. • On the show floor, each AP is homed to a different IPv6 subnet • To support SLAAC, the router sends out RAs on each VLAN • These RAs are IPv6 multicast packets, and are broadcast by the local radio to all clients (local or roaming) • When roaming tunnels are built, the client receives both the local RA and the one from its home AP • As a result, the client gets two IPv6 addresses from SLAAC. If it tries to use the wrong one, it will be unable to connect over IPv6 • Primary impact (as discovered at the Tuesday class) is to iPads iPads, which support IPv6 and stay online while roaming© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57 All Specifications Subject to Change Without Notice
  • 58. • When a Windows machine is cloned, you can get two or more machines with the same DHCPv6 Unique IDentifier (DUID) ( )• This DUID is used by the DHCPv6 server to identify the client, so when two clients with the same DUID request IPv6 addresses with DHCPv6, they will both be given the same address• When the second machine receives its address from the DHCPv6 server, it does IPv6 Duplicate Address Detection, determines there is an IP address conflict and refuses the lease conflict,© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58 All Specifications Subject to Change Without Notice
  • 59. • When a client is configured to run 6to4 (an automatic tunneling protocol) and Internet Connection Sharing, it will advertise itself as an IPv6 router g by sending out RAs on its wireless interface• Clients receiving such RAs will auto-assign themselves an address in the wrong subnet• Switches are generally configured with RA guard or equivalent on their wired ports• Unfortunately there is no way to block rogue RAs over wireless APs (and some wired switches)© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59 All Specifications Subject to Change Without Notice
  • 60. • All modern operating systems work well in a dual stack environment, and properly prefer IPv6 when available y• Older OSes continue working fine on IPv4, and never see IPv6• Mac OS X and iPhones don’t work on NAT64 and IPv6-Only OS X doesn’t support DHCPv6 All Mac products try to be too “helpful” and refuse to use an IPv6-only connection if they think an IPv4-capable connection is available (e.g. 3G on iPhone) Latest iOS & macOSX (Lion) does work in this environment as the DHCPv6 is supported• Wifi-only iPads etc. work fine© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60 All Specifications Subject to Change Without Notice
  • 61. • Background and Goals • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Results and Statistics • Conclusions© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61 All Specifications Subject to Change Without Notice
  • 62. • IPv6 inbound usage on averaged ~2Mbps, vs. ~100Mbps for IPv4 • That’s 2% of Interop’s traffic from servers on the Internet • Outbound traffic, by contrast, is dominated by IPv4 • Even though most InteropNET services (such as webcams) were IPv6 IPv6- enabled, it appears that most end users on the Internet are not yet IPv6- connected© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62 All Specifications Subject to Change Without Notice
  • 63. • Users inside the InteropNET preferred IPv6 to reach www.interop.com • 34.4 GB delivered over IPv6 • 22.4 GB delivered over IPv4 • That’s 61% IPv6!© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63 All Specifications Subject to Change Without Notice
  • 64. • Dual stack worked perfectly: no help desk complaints about IPv6 (or problems reaching Google/Facebook) g g )• NAT64 worked well on supported devices• DHCP-PD worked well on show floor with consumer device capable doing DHCP-PD Required manual configuration of DHCPv6 pool on inside interface: couldn’t use SLAAC© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64 All Specifications Subject to Change Without Notice
  • 65. • Background and Goals • How IPv6 works on the InteropNET • Subnetting and Addressing • Challenges and Lessons Learned • Results and Statistics • Conclusions© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65 All Specifications Subject to Change Without Notice
  • 66. • IPv6 works in the real world• Over 60% of Interop attendees were using IPv6 to reach interop.com without even knowing it• There are challenges to implementing IPv6, but nothing show-stopping• About 2% of the Internet’s content is reachable over IPv6 (and growing fast)• A much smaller percentage of Internet users have IPv6 connectivity (though this may change quickly with IP 4 d l ti ) ith IPv4 depletion)© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66 All Specifications Subject to Change Without Notice
  • 67. The NOC at CiscoLive© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67 All Specifications Subject to Change Without Notice
  • 68. Mandalay Bay Conference Center World of Solutions Breakouts, Registration Breakouts Registration, NOC AccessDistribution Cat6500 Cat4500E Core Cat6500 Primary Cisco Live Colo Internet Secondary Interop Cat6500 ASR1k Colo Co- Co-locations Colo- Colo-1: Sunnyvale Colo- Colo-2: Denver © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68 All Specifications Subject to Change Without Notice
  • 69. • Cisco UCS C-Series for NM Apps (Qty 4) • Nexus 5010 N • NetApp FAS3420 x 2; DS2246 (~14TB storage) • Wireless 5508; APs 3500 Series (CleanAir); MSE; Cisco Prime NCS; ISE • Switches : Catalyst 3560E; 6513E; 4507R+E; 6509E • Routers: ASR1000, 2851 (IPSLA) • CiscoWorks LMS 4 0 1 (Windows) and 4 1 Beta (Linux) 4.0.1 4.1 • CiscoSecure ACS 5.2 • CNR 7.2 (IPv4 and v6 DNS/DHCP) • Security : ASA5585-X-S60 (Qty 3); IDS-4270 • Physical Security: Cisco 4500 and 5000 IP Cameras, Cisco Physical Access Control, Cisco Counting Suite (Video Analytics) • VXI, IP Phones, Unified Call Manager, various TP and Tandberg© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69 All Specifications Subject to Change Without Notice
  • 70. The Hotel Meeting South Level One South Level Two South Level 33560 Room 3560 3560 3560 3560 3560 3560 3560 3560 3560 E E E E E 8 Switches E E 16 Switches E E 9 Switches E Si Si Si Si Si Si Si Si Si Si North Level One NOC3560 3560 3560 3560 6509E SUP720 DIS IN QUAD SUP Wireless E E E E T ct ctrl Si Si Si Si VSS MODE 5508 3750- X 2x 2x Si 10 10 ASA GE GE ASA ASA- 3750- 5585 5585-X- 5585- X 5585 S60 X 5550 Si DHCP/DNS COR E 6513E 6509E SUP2T LMS/FnF/EWise Dual Sup720 IN VSS IPS-4270 MODE 1GE 1GE 4x 10GE NOC NOC Si Users Denver Sunnyvale 4507R+E Colo Colo 3750-X© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70Cisco Confidential All Specifications Subject to Change Without Notice
  • 71. IPv4 Address Range - 45.0.0.0/15 IPv6 Address Range - 2620:144::/32350.000 IPv4 prefixes from each eBGP peer – dedicated IPv4 session6500 IPv6 prefixes from each eBGP peer – dedicated IPv6 session L2-Access Qwest MBCC – Cisco LiveAS 53692 AS 290 6500-VSS 6500-VSS OSPF Default Route Multicast RP 4500 Dual SUP OSPFv2 for IPv4 – Single Area Full BGP Routing Table for both IPv4 OSPFv3 for IPv6 – Single Area and IPv6 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71 All Specifications Subject to Change Without Notice
  • 72. Sunnyvale Core SwitchCOLO Dirty-Net Servers CS1-VTG-VMC UCS1-VTG-CIMC COLO-6503E Colo-IDS Colo-ASA1 VSS Colo Denver Colo-ASA2 Colo EWR IPv4 Internet IPv4 Internet IPv6 Internet Brisbane, CA © 2010 Cisco and/or its affiliates. All rights reserved. 2011 Cisco Confidential 72 All Specifications Subject to Change Without Notice
  • 73. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73 All Specifications Subject to Change Without Notice
  • 74. Per© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74 All Specifications Subject to Change Without Notice
  • 75. Joe Total Number of unique DHCP Leases 28,298 Highest number of Active MACs 1028 (wired) Highest Daily number of active leases 16,000 16 000 Managed Routers and Switches 170 Wireless Access Points 190 Average number of clients / AP g 290© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75 All Specifications Subject to Change Without Notice
  • 76. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 76 All Specifications Subject to Change Without Notice
  • 77. As of Thursday Noon 13 2 TB of traffic 13.2 © 2011 Cisco 77© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 77 and/or its affiliates. All Specifications Subject to Change Without Notice
  • 78. • IPv6 worked as well as the IPv4 Infrastructure• Don’t re IP 3 weeks before a major show re-IP• Geolocation by IP is not precise – Mandalay 3rd floor users going to Google were sent to Google.co.jp – at some point this InterOp address block existed in Japan.• Don’t stage in a rain-storm If you do, leave the equipment outside in Las Vegas because it will dry y , q p g y in 2 minutes – do not leave equipment outside in Las Vegas more than 10 minutes or it will melt© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78 All Specifications Subject to Change Without Notice
  • 79. • Start now and position for growth• N Next S Steps: Assess, Plan, Design Trial, Train, Roll out• Map out opportunities to be IPv6 ready in planned technology y refresh cycles Reference certification requirements• Enable your network evolution to IPv6 ith the Cisco B d l IP 6 with th Ci Borderless Network Architecture http://www.cisco.com/go/ipv6© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79 All Specifications Subject to Change Without Notice
  • 80. • Thank you! • Please complete the post event survey. post-event survey • J i us O t b 5 2011 f our next Join October 5, for t IOS Advantage Webinar: “Creating Zero Touch Carrier Ethernet Services” Zero-Touch Services https://cisco.webex.com/cisco/onstage/g.php?d=20 7140763&t a 7140763&t=a© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 80 All Specifications Subject to Change Without Notice
  • 81. Thank you.© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81 All Specifications Subject to Change Without Notice