IPv6 Implementation and Practice

1
IPv6 Implementation and Practice
Colorado Cisco User Groups 12-13 April, 2006

• Scott Hogg
• Director of Technical Services - GTRI
• CCIE 5133, CISSP, CIPTSS, CIPTDS

2
Agenda

• IPv6 Features
• Addressing
• Routing
• Security
• DNS
• IPv6 Transition Techniques
• Current Level of IPv6 Support
• Operating System and Application Support
• Cisco Product Support
• Service Provider Support
• IPv6 Summary
• IPv6 Advantages
• IPv6 Challenges
• References Suggested Reading
• Questions and Answers
• Live IPv6 Demonstration

3
IPv6 Header
IPv4 Header 20 bytes
IPv6 Header, 40 bytes fixed
- fields name kept from IPv4 to IPv6 - fields
not kept in IPv6 - Name position changed in
IPv6 - New field in IPv6
Legend
4
IPv6 Extension Headers
Next Header Field 0 Hop-by-Hop Options 60
Destination Options (If Routing
header is used) 43 Routing 44 Fragment 46
RSVP 51 AH 50 ESP 88 EIGRP 89 OSPF 6
TCP 17 UDP 58 ICMPv6 135 Mobility
Header 59 None (no next header)
IPv6 Header Next Header 6 TCP
TCP Header Data
IPv6 Header Next Header 43 Routing
Routing Header Next Header 6 TCP
TCP Header Data
IPv6 Header Next Header 43 Routing
Routing Header Next Header 44 Fragment
Fragment Header Next Header 6 TCP
Fragment of TCP Header Data
8-bits
8-bits
Option Type (Next)
Option Data Length
Option Data (Variable Length)
5
IPv6 Addressing Notation

• 128 bits get converted into more readable form
• 0011 1111 1111 1110 1001 0000 1110 0000 0000 0000
  0000 0011 0000 0000 0000 0000 / 0000 0000 0000
  0000 0000 0000 0101 0000 0000 0000 0000 0000 0000
  0000 0000 0000
• Convert bits to hex
• 3FFE90E0000300000000005000000000
• Reduce by removing leading zeros
• 3FFE90E03005000
• Use to consolidate multiple zeros only once
• 3FFE90E035000
• or
• 3FFE90E030050
• Prefix format/notation
• 3FFE90E03/64

6
Addressing Format Prefix

• Reserved (0/128) 0000 0000
• Unassigned 0000 0001
• Reserved for NSAP Allocation 0000 001
• Reserved for IPX Allocation later
  deprecated 0000 010
• Unassigned 0000 011
• Unassigned 0000 1
• Unassigned 0001
• Aggregatable Global Unicast Addresses
  (2001/16) 001
• Provider-Based Unicast Address 010
• Unassigned 011
• Rsvd for Neutral-Interconnect-Based Unicast
  Addrs 100
• Unassigned 101
• Unassigned 110
• Unassigned 1110
• Unassigned 1111 0
• Unassigned 1111 10
• Unassigned 1111 110
• Unassigned 1111 1110 0
• Link Local Use Addresses (FE80/10) 1111 1110
  10

7
IPv6 Address Types

• Unicast (Provider Based, Local Use, future
  definable...) (11)
• Provider Based Unicast Addresses
• Local Use Addresses
• IPv4 Compatible IPv6 Addresses
• IPv4 Mapped IPv6 Addresses (new style regular
  IPv4)
• Anycast assigned to more than one interface
  (1Nearest)
• When used as part of a route sequence can allow
  for load balancing source selected policies
• Allocated from the unicast space
  indistinguishable from unicast addresses
• When assigned then the nodes must be explicitly
  configured to know its an anycast
  interface/address
• Router only not used for source address
• Multicast (1Many)
• Including scope fields and transient/well know
  flag
• The good old broadcast addresses are not used
  anymore

8
IPv6 Address Types
Multicast
Unicast
Anycast
Assigned
Solicited-Node
Link-Local
Aggregatable Global
Site-Local
FF00/8
FF021FF000000/104
FE80/10
2001/16 2002/16 3FFE/16
FEC0/10
Unicast-Prefix
FF3x/96
Aggregatable Global
Link-Local
Site-Local
IPv4 Compatible
Unspecified Loopback
/128 1/128
FE80/10
2001/16 2002/16 3FFE/16
FEC0/10
000000/96
9
Address Allocation Policy

• The allocation process is under review by the
  Registries
• IANA allocates 2001/16 to registries
• Each registry gets a /23 prefix from IANA
• Formerly, all ISP were getting a /35
• With the new policy, Registry allocates a /32
  prefix to an IPv6 ISP
• Then the ISP allocates a /48 prefix to each
  customer (or potentially /64)

/48
/64
/32
/23
2001
0410
Interface ID
Registry
interface identifier (64 bits)
ISP prefix
Site prefix
20010400/23 ARIN 20010200/23 APNIC 20010600
/23 RIPE NCC 2002/16 6to4 3FFE/16 6Bone
LAN prefix
10
Interface ID EUI-64
Ethernet MAC Address (48 bits)
00
90
27
17
FC
0F
00
90
27
17
FC
0F
FF
FE
00
90
27
17
FC
0F
FF
FE
64 bits version
1 unique 0 not unique
000000X0
where X
Uniqueness of the MAC
X 1
02
90
27
17
FC
0F
FF
FE
Eui-64 Address

• Eui-64 address is formed by inserting "FFFE" and
  ORing a bit identifying the uniqueness of the MAC
  address.

11
Multicast Addresses

• Flags Field
• Bit 0-3 reserved must be zero
• Bit 4 0 if it is a well-known multicast address
  Permanently assigned
• Bit 4 1 if this is a temporary multicast
  address Temporarily assigned
• Scope Field
• 1 Node Local (Interface Local) FF01
• 2 Link Local FF02
• 5 Site Local FF05
• FF010000001 - All Nodes Address
• FF010000002 - All Routers Address
• FF020000001 - All Nodes Address (FF021)
• FF020000002 - All Routers Address
  (FF022)
• FF020000005 - OSPFIGP
• FF020000006 - OSPFIGP DR
• FF020000009 - RIP Routers
• FF0200001FF00 Solicited Node Address for
  Neighbor Discovery (ND)

12
Site/Link Local Addresses

• Link Local
• Single Link Address Never Routed
• Used for autoconfiguration and neighbor discovery
• Site Local (Now Deprecated by RFC 3879)
• Similar to RFC 1918 addresses - Can be divided
  into subnets
• Replaced by unique local IPv6 unicast addresses
  fc00/7

13
ICMPv6

• More powerful than ICMPv4
• ICMPv6 uses IPv6 extension header 58 (RFC 2463)
• Type Description
• 1 Destination Unreachable
• 2 Packet to Big
• 3 Time exceeded
• 4 Parameter problem
• 128 Echo Request
• 129 Echo Reply
• 130 Multicast Listener Query sent to ff021
  (all nodes)
• 131 Multicast Listener Report
• 132 Multicast Listener Done sent to ff022
  (all routers)
• 133 Router Solicitation (RS) sent to ff012
  (all routers)
• 134 Router Advertisement (RA) sent to ff011
  (all nodes)
• 135 Neighbor Solicitation (NS) sent to
  ff0200001ff00/104
• 136 Neighbor Advertisement (NA)
• 137 Redirect message

PING
MLD
Prefix Advertisement
ARP Replacement
DAD
Router Redirection
14
IPv6 Auto-Configuration

• IPv4 Configuration (Bootstrap/DHCP/ARP)
• IPv4 Address, Subnet Mask, Default Gateway
• Domain Name, Resolver
• IPv6 Configuration
• Neighbor Discovery (stateless configuration)
• DHCPv6 (stateful configuration)
• Stateless DHCPv6 on router RFC 3315
• Duplicate Address Detection (DAD)
• Router/Prefix Discovery, Next-Hop Detection
• Parameters discovery (link MTU, hop limit, )
• Redirect, Neighbor Unreachability Detection
  (NUD) (useful for default routers)
• Advertises 6to4 site router prefixes
• Router Renumbering (RR) Protocol

15
Other IPv6 Features

• IPv6 requires every network link be capable of
  minimum MTU of 1280 bytes
• IPv6 routers dont fragment packets
• Hosts perform their own Path MTU Discovery
• Provider selection (based on policy, performance,
  cost, )
• Host mobility (route to current location)
• Auto-readdressing (route to new address)
• (Use IPv6s routing extension header)

16
IPv6 Routing Protocols

• The key to scalable routing is to use
  hierarchical addressing
• RIPng (RFC 2080)
• OSPFv3 (RFC 2740)
• Integrated IS-ISv6 (draft-ietf-isis-ipv6.txt)
• EIGRPv6 (available in 2002!) Now EFT
• MP-BGP (RFC 2858 and RFC 2545)
• IDRPv6 InterDomain Routing Protocol (ISO)
• IPv6 still uses longest-prefix matching
• Longest match wins rule

17
EIGRP for IPv6
interface FastEthernet 0/0  ipv6 enable  ipv6
eigrp 10 ipv6 bandwidth-percent eigrp ltasgt
ltpercentgt ipv6 summary-address eigrp ltasgt
ltipv6-addrgt ad ipv6 authentication mode eigrp
ltasgt md5 ipv6 authentication key-chain eigrp
ltasgt ltkey-chaingt ! ipv6 router eigrp 10
router-id 10.1.1.1 log-neighbor-changes
log-neighbor-warnings seconds metric weights
tos k1 k2 k3 k4 k5 ! show ipv6 eigrp interfaces
show ipv6 eigrp neighbors detail show ipv6
eigrp topology show ipv6 eigrp traffic
18
Multiprotocol BGP-4

• Multiprotocol Extensions for BGP-4 (RFC 2858)
• Use of BGP-4 Multiprotocol Extensions for IPv6
  Inter-Domain Routing (RFC 2545)
• Multiprotocol Reach/Unreach NLRIs
• Address Family Identifier (AFI2) tells which
  NLRIs are used
• BGP TCP port 179 sessions can be over IPv4 or
  IPv6
• BGP4 still relies upon a stable IGP
• Next-Hop attribute must be link-local or
  aggregatable global unicast IPv6 address
• Configured a lot like BGP-4 for IPv4 on Cisco
  routers

19
BGP-4 Configuration

• router bgp 65500
• bgp log-neighbor-changes
• neighbor 3ffe150032c748 remote-as 64900
• neighbor 172.16.1.2 remote-as 65500
• !
• address-family ipv4
• neighbor 172.16.1.2 activate
• neighbor 172.16.1.2 prefix-list OUTFILTER out
• no neighbor 3ffe150032c748 activate
• network 192.0.2.0
• no auto-summary
• no synchronization
• !
• address-family ipv6
• neighbor 3ffe150032c748 activate
• neighbor 3ffe150032c748 prefix-list
  FILTERIPV6 out
• network 2001db831/48
• no synchronization
• !

20
BGP-4 Configuration

• router bgp 65500
• bgp log-neighbor-changes
• neighbor 3ffe150032c748 remote-as 64900
• !
• address-family ipv6
• neighbor 3ffe150032c748 activate
• neighbor 3ffe150032c748 maximum-prefix 2500
  80
• neighbor 3ffe150032c748 prefix-list
  FILTERIPV6 in
• network 2001db831/48
• no synchronization
• !
• ipv6 prefix-list FILTERIPV6 seq 10 permit
  2001500/30 le 48
• ipv6 prefix-list FILTERIPV6 seq 20 permit
  2002/16
• ipv6 prefix-list FILTERIPV6 seq 30 permit
  2000/3 le 32
• ipv6 prefix-list FILTERIPV6 seq 40 deny /0 le
  128
• !
• ipv6 route 2001db831/48 null0

21
IPv6 Security

• IPv4 Security Problems
• 1) Denial of service attacks
• 2) Address spoofing
• 3) Use of source routing defeats address
  authentication
• IPv6 Security
• 1) Mandated at the OS level (IPSEC)
• 2) Authentication Header (Default to MD5)
• 3) Encryption (Default to DES-CBC)
• 4) Security Parameter Index
• 5) Repudiation features

22
IPv6 Security

• IPv6 makes some things better, other things
  worse, and most things are just different, but no
  more or less secure
• Better
• Automated scanning and worm propagation is harder
• due to huge subnets
• Link-local addressing can limit infrastructure
  attacks
• IPsec will be routinely available for use where
  keys exist
• Worse
• Lack of familiarity with IPv6 among operators
• Multiple addresses per interface is a different
  concept
• Immaturity of software in the next few years
• Improperly deployed transition techniques

23
Cisco IPv6 Security

• Standard, reflexive, extended access control list
• Enhanced extended ACL filtering on Routing Type
• Hardware e-ACL filtering capabilities (CRS-1,
  C12K,
• C7600, C6500,) including parsing option headers

Threat Protection Packet Filtering

• IPv4 dynamic IPSec to protect IPv6 over IPv4
  tunnels with dynamic IPv4 end point
• IPv6 IPSec Authentication for OSPFv3
• IPv6 IPsec Tunnel Router-to-Router, including
  new IPv4/IPv6 Encryption hardware adapter

Secure Connectivity IPsec

• Cisco IOS Firewall includes IPv6 from Cisco IOS
  12.3(7)T,
• 12.4 and 12.4T
• PIX 7.0 release
• FWSM (future)
• ASA 5500 series

Cisco IPv6 Firewall Solutions
ASA 5500 series
24
Basic IPv6 Packet Filtering

• When Used for Traffic Filtering, IPv6 Access
  Control Lists (ACL) Offers the Same Level of
  Support as in IPv4
• Every IPv6 ACL has implicit permit icmp any any
  nd-na and permit icmp any any nd-ns
• Implicit deny all at the end of access list

HTTP
interface FastEthernet0/0 ipv6 address
2001DB8C00311011/64 ipv6 traffic-filter
V6FILTER in ! ipv6 access-list V6FILTER permit
tcp any host 2001DB8C003110210 eq web !
IPv6 Internet
ANY
F0/0
Web Server 2001DB8C003110210/64
25
IPv6 Firewall Feature Set
ipv6 unicast-routing ipv6 cef ! ipv6 inspect
audit-trail ipv6 inspect max-incomplete low
150 ipv6 inspect max-incomplete high 250 ipv6
inspect one-minute low 100 ipv6 inspect
one-minute high 200 ipv6 inspect name V6FW tcp
timeout 300 ipv6 inspect name V6FW udp ipv6
inspect name V6FW icmp ! interface
FastEthernet0/0 ipv6 address 2001DB8C00311122
/64 ipv6 cef ipv6 traffic-filter EXAMPLE in ipv6
inspect V6FW in ! ipv6 access-list EXAMPLE permit
tcp any host 2001DB8C00311132 eq www permit
tcp any host 2001DB8C00311132 eq ftp deny
ipv6 any any log
IPv6 Internet
F0/0
HTTP
FTP
ANY
Web/FTP Server 2001DB8C00311132
26
PIX 7.0 ACL
interface Ethernet0 nameif outside ipv6 address
2001db8c000105137/64 ipv6 enable ipv6 nd
suppress-ra interface Ethernet1 nameif inside
ipv6 address 2001db8c00010521/64 ipv6
enable ipv6 unicast-routing ipv6 route outside
/0 2001db8c00010511 ipv6 access-list
SECURE permit tcp any host 2001db8c00010527
eq telnet ipv6 access-list SECURE permit icmp6
any 2001db8c0001052/64 access-group SECURE
in interface outside
27
DNS for IPv6

• Upgrade DNS servers first
• DNS for IPv6 RFC 1886
• Bind v9 supports IPv6
• AAAA (quad-A 4 X 32 128) simple format
• A6 format more complex format for business
  deployments
• Use IPv6 else use IPv4 format if both types are
  returned then the decision is left up to the
  requesting host
• Response based on the version number of the
  request packet
• DNS issues can result in mixed environments

28
IPv6 Transition Techniques

• Dual Stack
• Tunnel/Encapsulation
• Configured Tunnels
• Automatic Tunnels
• 6to4
• ISATAP
• Tunnel Broker with TSP
• Teredo
• Application Layer Gateways
• Proxy

29
Dual IP Stacks Model

• Dual-Stack Architecture RFC 1933
• 4 different possibilities
• Ships in the night

Application
TCP
UDP
IPv4
IPv6
0x86dd
0x0800
Data Link (EthernetII)
30
Sample Dual-Stack Config

• ipv6 unicast-routing
• ipv6 multicast-routing
• ipv6 cef
• interface Loopback0
• ip address 200.100.1.3 255.255.255.255
• ipv6 address FEC00088/128
• interface Ethernet 0
• ip address 192.168.100.1 255.255.255.0
• ipv6 address 2001100111/64
• ipv6 cef
• ipv6 enable
• ipv6 route /0 200115014

31
IPv6 Tunneling

• Manually configured or Automatic
• IPv6 PDUs encapsulated in IPv4 protocol 41

Router-to-Router Tunnel
v4
v4
v4
IPv4
v4/v6
v4/v6
Dual-Stack Node
Dual-Stack Node
DATA
Node-to-Node Tunnel
32
Tunnel Configuration

• hostname Router1
• interface Tunnel 0
• ipv6 address 2001db8c1811/127
• tunnel source 192.168.100.1
• tunnel destination 192.168.200.2
• tunnel mode ipv6ip
• ipv6 route 2001db8c1/64 tunnel0
•  
• hostname Router2
• interface Tunnel 0
• ipv6 address 2001db8c1812/127
• tunnel source 192.168.200.2
• tunnel destination 192.168.100.1
• tunnel mode ipv6ip
• ipv6 route 2001db8d2/64 tunnel0

33
IPv6 Tunneling 6to4

• Connection of Isolated IPv6 Domains via IPv4
  Clouds Without Explicit Tunnels
• Inter-domain tunneling using IPv4 address as IPv6
  site prefix IPv6 using IPv4 as a virtual
  link-layer
• IPv6 VPN over IPv4 Internet (2002/16 prefix)
• Automatic tunneling approach - Minimal manual
  configuration
• Uses globally unique prefix comprised of the
  unique 6to4 TLA and the globally unique IPv4
  address of the exit router.
• 6to4 Relay is the gateway between the IPv6 and
  IPv4 worlds
• No NAT can exist in the path
• 6to4 Relay may be far away from end node
• Security issues related to an open relay

34
6-to-4 Configuration

• hostname BorderRouter
• interface Ethernet0
• ip address 200.168.100.1 255.255.255.0
• interface Tunnel0
• no ip address
• ipv6 address 2002c8a8640111/128
• tunnel source Ethernet0
• tunnel mode ipv6ip 6to4
• ipv6 route 2002/16 Tunnel0
• ipv6 route /0 2002c8a8c80222
•  
• hostname 6to4RelayRouter
• interface Ethernet0
• ip address 200.168.200.2 255.255.255.0
• interface Tunnel0
• no ip address
• ipv6 address 2002c8a8c80222/128
• tunnel source Ethernet0
• tunnel mode ipv6ip 6to4

35
IPv6 Tunneling ISATAP

• Intra-Site Automatic Tunnel Addressing Protocol
• Automatic tunneling inside an enterprise
• ISATAP connections look like one flat network
• Creates a virtual IPv6 link over an IPv4 network
• Uses 5EFE just before the 32 bit IPv4 address
  bits converted to hex
• Can use private address space
• Create a DNS A record for ISATAP equal to
  routers lo0
• Or C\gtnetsh int ipv6 isatap set router
  ltip4addrgt
• Currently, ISATAP doesnt support multicast

36
IPv6 Tunneling ISATAP

• interface Loopback0
• ip address 192.168.12.1 255.255.255.0
• interface Tunnel0
• ipv6 address 2001db8c1/64 eui-64
• tunnel source loopback 0
• tunnel mode ipv6ip isatap
• no ipv6 nd suppress-ra

IPv4
ISATAP Dual-Stack Node
IPv6
v4/v6
ISATAP Tunnel
192.168.12.1 2001db8c105efec0a60c01
192.168.3.3 2001db8c105efec0a60303
37
IPv6 Tunneling Tunnel Broker

• Tunnel Brokers use a web-based service to create
  a tunnel
• Connects an isolated host to IPv6 net of provider
  operating the tunnel broker
• Tunnel information is sent via http-ipv4
• Tunnel managed by ISP
• Sends scripts/configs to Dual Stack Router

Tunnel Broker
Tunnel Configuration
Tunnel Request
IPv4
v4
IPv6
v4/v6
Configured Tunnel
Dual-Stack Node
38
IPv6 Tunneling - Tunnel Broker

• Automation of configured tunnels
• Tunnel Broker model (RFC3053)
• Tunnel Setup Protocol (TSP)
• Client sends request for tunnel
• Broker is based on policies
• Broker sends tunnel information
• Broker configures its tunnel endpoint
• Client then configures its tunnel endpoint
• Client receives stable IPv6 address and prefix
• Well known free services Freenet6, Hurricane
  Electric, XS26, among others
• 20 different tunnel brokers exist
• Clients for Windows, BSD, Linux, Solaris, etc
• 6Bone access

39
IPv6 Tunneling Teredo

• Called Shipworm in earlier IETF drafts
• IPv4/UDP encapsulated IPv6 packets
• Works behind an IPv4 NAT
• Reduces MTU because of UDP encapsulation (port
  3544)
• Uses Teredo server, Teredo relay, and a Teredo
  client
• External mapping of IPv4 address and port are
  discovered by the Teredo server (on the external
  side of the NAT)

40
Other Transition Techniques

• Translation
• NAT-PT (RFC 2766)
• TCP-UDP Relay (RFC 3142)
• DSTM (Dual Stack Transition Mechanism)
• Stateless IP/ICMP Translator (SIIT)
• API
• BIS (Bump-In-the-Stack)
• BIA (Bump-In-the-API)
• Application Layer Gateway
• SOCKS-based Gateway
• Microsoft PortProxy
• Apache Reverse Proxy Server v2

41
IPv6 Vendors and Products

• Operating Systems
• Windows 2000, XP SP1/2, 2003
• Linux, FreeBSD, Solaris 8/9, HP-UX, Tru64, AIX
• MacOS X 10.2 (Jaguar), 10.3 (Panther), and 10.4
  (Tiger)
• Current IPv6 Applications
• ping, traceroute, DNS, DHCPv6, NFS, routing, FTP,
  Telnet, SSH, IIS, Apache, SMTP, SNMP, NNTP,
  firewalls, Syslog, Printing, IPSec, NTP
• Cisco supports IPv6 in IOS 12.2T, 12.3, 12.4
• Initially just basic functionality then more
  features/protocols and then performance
• IPv6 support in PIX v7.0 and ASA5500

42
Platform Support
Cisco IOS 12.0S Cisco 12000 Series Routers Cisco
10720 Series
Cisco IOS 12.4/12.4T Cisco 800 Series
Routers Cisco 1700 Series Routers Cisco 1800
Series Routers Cisco 2600 Series Routers Cisco
2800 Series Routers Cisco 3600 Series
Routers Cisco 3700 Series Routers Cisco 3800
Series Routers Cisco 7200 Series Routers Cisco
7301 Series Routers Cisco 7500 Series Routers
Cisco IOS-XR CRS-1, Cisco 12000
Cisco IOS 12.2S derivatives Cisco 72/7300
Series Routers Cisco 75/7600 Series Routers Cisco
10000 Series Routers (CY06) Catalyst 3750/3560
Series Catalyst 4500 Series Catalyst 6500 Series
Cisco Product Portfolio PIX Firewall (7.0), LMS
2.5 SAN(ISCSI/FCIP), Content Networking, IP
Telephony - Radar
43
Cisco IOS 12.4M
Core
Security

• IPv6 standard ACL
• IPv6 extended ACL
• IPv6 IPsec authentication for OSPFv3
• IPv6 Firewall

• IPv6 (RFC 2460)
• ICMPv6 (RFC 2463)
• Neighbor Discovery (RFC 2461)
• Stateless Auto-Configuration
• Anycast
• CEFv6/dCEFv6
• uRPF Strict Mode
• CEFv6 Switched Tunnels

Cisco IOS Software Release 12.4M
Routing

• RIPng
• OSPFv3
• IS-IS for IPv6
• MT IS-IS
• MP-BGP IPv6 Unicast
• MP-BGP IPv6 Multicast
• Policy Based Routing

IPv6 QoS (MQC)
Mobile IPv6 HA
44
IPv6 Management

• SNMP via IPv6
• CiscoWorks Resource Manager Essentials (RME), LMS
  2.5
• CiscoWorks Campus Mgr, Device Fault Mgr
• NetFlow IPv6 record
• Network Analysis Module (NAM)
• NTP, RADIUS, TFTP
• DHCPv6 Compliant (CY06)
• DNSv6 AAAA record compliant (CY06)
• Nagios, NTop, MRTG, Pchar, RANCID, etc.

45
IPv6 Internet Exchange Points

• PAIX(Switch and Data) Palo Alto
• MCI MAE WashDC, San Jose, Chicago, Dallas,
  Frankfurt, Paris
• NY6IX New York
• S-IX NTT San Jose
• 6TAP Chicago (Canarie, Viagenie, ESNet)
• 6iix Telehouse - NY, LA, Santa Clara
• 6TAP Chicago
• XchangePoint London
• UK6X Telehouse, UK
• AMS-IX Amsterdam, NL
• INXS Munich/Hamburg DE
• FICIX Helsinki
• TREX Tampere
• NaMeX Rome
• FNIX6 Paris
• 6NGIX Seoul, South Korea
• NSPIXP-6 Japan
• JPIX Japan
• SIX Singapore

46
IPv6 Research and Organizations
47
IPv6 Advantages

• Added addresses
• Stateless Autoconfiguration
• Simplifies routing fewer header fields
• Supports IPSec natively
• Improved Mobile IP support
• QOS support flow label potential
• Native Multicast
• Includes Anycast
• Backward compatible
• Many transition mechanisms
• Extensible

48
IPv6 Challenges

• New equipment upgrades
• Touch all network devices
• Dual-stacking may maximize CPU and memory
  utilization
• Performance issues with equipment that is
  optimized for IPv4 but not IPv6
• Possible new software upgrades
• Additional capital expenditures
• Overhead caused by maintaining IPv4 and IPv6
  routing tables, firewalls, DNS servers, etc.
• Requires a migration plan

49
IPv6 Challenges

• There is no capability or feature of the Internet
  that you can't do today due to not running IPv6.
• Something new to learn - Addresses are difficult
  to remember
• Larger header More bits to read in order to get
  to destination address
• IPv6 protocol may seem like just a minor upgrade
  to IPv4
• Effort required to make transition but hopefully
  operational cost savings with IPv6
• End users wont notice the improvement Users
  arent asking for IPv6 services
• Multi-Homing is not solved (IETF Multi6 WG)
• EIGRP for IPv6 (EFT), IPv6 HSRP (EFT), IPv6 IPSec
  (EFT)
• May break older IPv4-only applications
• New IPv6 enables apps will need to be developed

50
Summary

• An IPv6 transition is already underway in the
  Federal Government and other parts of the world.
• IPv6 infrastructure and Host OSs are ready now!
• Cisco is a leader in IPv6 and has a full-set of
  IPv6 products
• Much of the infrastructure you have already
  purchased is IPv6 capable, its just a matter of
  enabling (software upgrade)
• Perform your assessment
• Create a migration strategy
• Create a test lab or leverage other test labs and
  start experimenting.
• Dual Stack some of your systems
• Test DNS and focus on your other applications
• The sooner we begin the transition, the sooner we
  will be done and ahead of our competition.

51
IPv6 Books

• Deploying IPv6 Networks, Ciprian P. Popoviciu,
  Eric Levy-Abegnoli, Patrick Grossetete, Cisco
  Press, Feb 2006.
• Running IPv6, Iljitsch van Beijnum, Apress, Nov
  2005.
• Understanding IPv6, Youngsong Mun, Hyewon K. Lee,
  Springer, May 2005.
• IPv6 Network Administration, Niall Richard
  Murphy, David Malone, OReilly and Associates,
  March 2005.
• IPv6 Network Programming, Jun-ichiro itojun
  Hagino, Digital Press, Oct 2004.
• Mobile IPv6, Hesham Soliman, Addison-Wesley,
  March 2004.
• IPv6, Second Edition Theory, Protocol, and
  Practice, Pete Loshin, Morgan Kaufmann, Dec 2003.
• Cisco Self-Study Implementing Cisco IPv6
  Networks, Regis Desmeules, Cisco Press, May 2003.
• Understanding IPv6, Joseph Davies, Microsoft
  Press, 2003.
• Migrating to IPv6 - IPv6 in Practice IPv6 in
  Practice, Marc Blanchet, John Wiley Sons,
  November 2002.
• IPv6 Essentials, Silvia Hagen, OReilly and
  Associates, 2002.
• Configuring IPv6 for Cisco IOS, Edgar, Jr.
  Parenti, Eric Knipp, Brian Browne, Syngress,
  2002.
• IPv6 Networks, Marcus Goncalves, Kitty Niles,
  McGraw-Hill, April 2001.
• Implementing IPv6 Supporting the Next Generation
  Internet Protocols, Mark A. Miller, John Wiley
  Sons, March 2000.
• IPv6 Clearly Explained, Peter Loshin, Morgan
  Kaufmann, January 1999.
• Hands-On IPv6, Marcus Goncalves, Kitty Niles,
  McGraw-Hill, May 1998.
• Internetworking IPv6 with Cisco Routers, Silvano
  Gai, McGraw-Hill, March, 1998.
• IPv6 The Next Generation Protocol, Stewart S.
  Miller, Digital Press, December 1997.
• IPv6 the New Internet Protocol, Christian
  Huitema, Prentice Hall, January 1996.

52
SHogg_at_GTRI.com Mobile 303-949-4865 Scott_at_HoggNet
.com