PPT – IPv6 PowerPoint presentation | free to download

About This Presentation

Title:

IPv6

Description:

Title: PowerPoint Presentation Last modified by: Veena Created Date: 1/1/1601 12:00:00 AM Document presentation format: On-screen Show Other titles – PowerPoint PPT presentation

Number of Views:56

Avg rating:3.0/5.0

Slides: 76

Provided by: gdtIdAug

Category:

more less

Transcript and Presenter's Notes

Title: IPv6

1
IPv6

Using IPv6 and IPv4
Integration and Co-existence

2
Integration and Co-existence Strategy

The transition from IPv4 to IPv6 does not require
an upgrade on all nodes at the same time.
Many transition mechanisms enable smooth
integration of IPv4 to IPv6.
There are mechanisms available that allow IPv4
nodes to communicate with IPv6 nodes.
All of these mechanisms can be applied to
different situations.

3
Integration Methods

Dual Stack (Dual IP)
Complete support for both Internet protocols,
IPv4 and IPv6, in hosts and routers.
Most preferred mechanism.
Tunnelling Techniques
The encapsulation of packets of one IP version
number within packets of a second IP version
number in order to traverse clouds of the second
IP version number.
Translation Techniques
Enables IPv6-only devices to communicate with
IPv4-only devices and vice versa.
Least desirable set of mechanisms.

4
Dual Stack
5
Dual Stack

Conceptually easiest ways of introducing IPv6 to
a network is called the dual stack mechanism,
as described in NG05, which is an update of RFC
2893 RFC2893.
A host or a router is equipped with both IPv4 and
IPv6 protocol stacks in the operating system
(though this may typically be implemented in a
hybrid way).
Each node, called an IPv4/IPv6 node, is
configured with both IPv4 and IPv6 addresses.
It can both send and receive datagrams belonging
to both protocols and thus communicate with every
node in the IPv4 and IPv6 network.
Well known and has been applied in the past for
other protocol transitions.

6
Application Supporting both IPv4 and IPv6 Can use
both stacks
7
Stack Selection

Dual-stack node itself can not randomly decide to
use one of the two stacks to communicate.
Two methods to force a dual-stack node to use
its IPv6 stack
Manual entry by the user
Using a naming service

8
Stack Selection Manual entry by the user

If the user knows the IPv6 address of the
destination IPv6 hostname, can fill in the IPv6
address to establish the session
The legal format of IPv6 must be used
This method is good enough for debugging but best
for daily use of applications.

9
Stack Selection Using a Naming service

By configuring FQDN in DNS with IPv4 and IPv6
addresses
An FQDN may be available through one IPv4 address
represented by an A record or through one IPv6
address represented by an AAAA record in the DNS
server.
The same FQDN might be available with both IPv4
and IPv6 addresses.
DNS servers can be queried to provide information
about a servers availability and host service
either over IPv4 or IPv6.
As defined in RFC 2553, Basic Socket Interface
Extensions for IPv6, a new API is defined to
handle both IPv4 and IPv6 in DNS queries.
The functions gethostbyname and gethostbyaddr in
applications must be modified to get the benefits
of the IPv6 protocol in legacy IPv4-based
applications.

10
Stack Selection Using a Naming servicePossible
querying scenarios

Querying for an IPv4 address
A record
Querying for an IPv6 Address
AAAA record
Querying for all types of Addresses
First look for an AAAA record, if not
Then look for an A record

11
Querying the Naming Service for an IPv4 Address

When an application is IPv4 aware only, it asks
the DNS server to get only the IPv4 address for
the host name to communicate.

12
Querying the Naming Service for an IPv6 Address
IPv6 application requesting an FQDN AAAA record
from DNS

Application may also support IPv6 only. It asks
the DNS server to resolve an FQDN to get the host
name s IPv6 address to communicate.

13
Querying the Naming Service for all types of
Addresses

Application first looks for AAAA record. If does
not find one, it looks for an A record to
communicate with a host name.
Application supporting both is coded to give
preference to IPv6 address received from DNS

14
Enabling Dual Stack on Cisco routers

When both IPv4 and IPv6 addresses are assigned
to a network interface, the interface is
considered dual-stacked.

15
Applications supports Dual-Stack on Cisco routers

DNS Resolver
It may resolve host names into IPv4 and IPv6
addresses.
It can be configured ip name-server ipv6-address
command. It can accept upto six name servers
Telnet
IOS EXEC accepts both IPv4 and IPv6 address as an
argument
TFTP server
IOS EXEC accepts both IPv4 and IPv6 address as an
argument
HTTP server
Accepts incoming sessions over IPv4 and IPv6

16
Tunnelling IPv6 Packets over Existing IPv4 Network

Note Tunnelling is an intermediate integration
and transition technique that should not be
considered a final solution. Native IPv6
architecture should be the ultimate goal.

17
Why Tunneling?

Tunnels are generally used on the network to
carry incompatible protocols or specific data
over an existing network.
For deployment of IPv6, it provides a basic way
for IPv6 hosts or island of IPv6 hosts, servers,
and routers to reach other IPv6 island and IPv6
networks using IPv4 routing domain as the
transport layer.

Edge routers at the border of the IPv6 islands
and the Internet can handle the tunnelling of
IPv6 packets in IPv4. Tunnelling can be
configured between border routers or between a
border router and a host however, both tunnel
endpoints must support both the IPv4 and IPv6
protocol stacks.
18
How Does Tunnelling IPv6 Packets in IPv4 Work?

Tunnelling encapsulates IPv6 packets in IPv4
packets for delivery across an IPv4
infrastructure (a core network or the Internet).
When IPv6 packets are tunneled in IPv4, their
original header and payload are not modified.
One IPv4 header is inserted over the IPv6 header.
At each side of the tunnel, encapsulation and
decapsulation of IPv6 packets are performed.
Edge device must support both IPv4 and IPv6.

19
IPv6 Packets Delivered Through IPv4 Tunnel
20
Issues with Tunnelling

Tunnel MTU and Fragmentation
IPv4 header 20 octets is inserted before the
IPV6 packet ? decreasing IPv6 effective MTU by 20
octets
Min IPv6 MTU 1280 octets
Due to fragmentation of IPv6 leads to
performance issues
Handling IPv4 ICMPv4 errors
Filtering Protocol 41
NAT

21
IPv6 Tunneling Scenarios in IPv4

Host-to-host
Isolated hosts with a dual stack on an IPv4
network can establish a tunnel to another
dual-stack host.
Allows the establishment of end-to-end IPv6
sessions between hosts
Host to router
Isolated hosts with a dual stack on an IPv4
network can establish a tunnel to the dual-stack
router
Router to router
Routers with a dual-stack on an Ipv4 network can
establish a tunnel to another dual-stack router.

22
IPv6 Tunneling Scenarios in IPv4
23
Isolated Dual-Stack Host

Encapsulation can be done by edge routers between
hosts or between a host and a router.

24
Deploying Tunnels

Configured Tunnels (Manual)
Tunnel Broker
Tunnel Server
6to4
GRE Tunnels
Intra-Site Automatic Tunnel Addressing Protocol
(ISATAP)
Automatic IPv4-compatible tunnel

25
1. Configured Tunnels (Manual)

The very first transition mechanism supported by
IPv6
Configured tunnels are enabled and configured
statically on dual-stack nodes.
A manually configured tunnel is equivalent to a
permanent link between two IPv6 domains over an
IPv4 backbone.
The primary use is for stable connections that
require regular secure communication between two
edge routers or between an end system and an edge
router, or for connection to remote IPv6
networks.
The host or router at each end of a configured
tunnel must support both the IPv4 and IPv6
protocol stacks.

26
1. Configured Tunnels (Manual) contd.

An IPv6 address is manually configured on a
tunnel interface, and manually configured IPv4
addresses are assigned to the tunnel source and
the tunnel destination.
Manually configured tunnels can be configured
between border routers or between a border router
and a host.
On each side of a configured tunnel, IPv4 and
IPv6 addresses must be assigned manually to
configure the tunnel interface.
Local IPv4 address
Used as the source IPv4 address for outbound
traffic
Far-end IPv4 address
Used as the destination IPv4 for outbound traffic
Local IPv6 address
Assigned locally to the tunnel interface

27
Enabling configured Tunnels on Cisco
28
Addresses Assigned to a configured Tunnel
Interface

IPv6 addresses assigned to both ends of the
tunnel are within the same subnet
IPv6 routing must be configured properly to
enable forwarding of IPv6 packets between the two
IPv6 networks.

29
Enabling a Configured Tunnel Example
30
Example of a Configured Tunnel - 1
31
2. Tunnel Broker

It is an external system, rather than a router
that acts as a server on the IPv4 networks and
that receives requests for tunnelling from
dual-stack nodes.
Requests are sent over IPv4 by dual-stack nodes
to the tunnel broker using HTTP.
End users can fill a webpage to request a
configured tunnel
The tunnel-broker sends back information over
HTTP to the dual-stack nodes such as the IPv4
addresses, IPv6 addresses, default IPv6 routes to
apply for the establishment of a configured
tunnel to a dual-stack router.
Tunnel-broker remotely applies commands on a
dual-stack router to enable a configured tunnel.

32
2. Tunnel Broker
33
3. Tunnel Servers

Simplified mode of tunnel broker considered an
open model
It combines the broker and dual-stack router in
the same system.
Request method is still HTTP over IPv4
Dual-stack host on an IPv4 network reaches tunnel
server using HTTP
End user fills the web form and receives the
config.
End user applies the configuration to his
dual-stack host to enable configured tunnel

34
3. Tunnel Servers
Tunnel server locally applies the far-end
configuration of the configured tunnel. At this
time, when the configuration is applied on the
both ends, configured tunnel is fully established
and can be used.
35
4. 6to4 Tunnels

An automatic 6to4 tunnel may be configured on a
border router in an isolated IPv6 network, which
creates a tunnel on a per-packet basis to a
border router in another IPv6 network over an
IPv4 infrastructure.
The key difference between automatic 6to4 tunnels
and manually configured tunnels is that the
tunnel is not point-to-point it is
point-to-multipoint.
Connection of IPv6 Domains via IPv4 Clouds
without Explicit Tunnels", provides a solution to
the complexity problem of using manually
configured tunnels by specifying a unique routing
prefix for each end-user site that carries an
IPv4 tunnel endpoint address

36
Automatic 6to4 Tunnels

The simplest deployment scenario for 6to4 tunnels
is to interconnect multiple IPv6 sites, each of
which has at least one connection to a shared
IPv4 network.
This IPv4 network could be the global Internet or
a corporate backbone.
The key requirement is that each site have a
globally unique IPv4 address the Cisco IOS
software uses this address to construct a
globally unique 6to4/48 IPv6 prefix.
As with other tunnel mechanisms, appropriate
entries in a Domain Name System (DNS) that map
between hostnames and IP addresses for both IPv4
and IPv6 allow the applications to choose the
required address.

37
6to4 Tunnels
38
Characteristic

Automatic Tunneling
Tunneling of IPv6 packets between 6to4 sites is
done dynamically according to the destination
IPv6 addresses of packets originating from IPv6
nodes on 604 sites.
Enabled at the Edge of the site
6to4 should be enabled in border routers at the
edge of sites.
6to4 routers must be able to reach other 6to4
sites and 6to4 routers using IPv4 routing
infrastructure
Automatic prefix assignment
Provides one aggregatable global unicast IPv6
prefix to each 6to4 site based on the 2002/16
address space
Each 6to4 site uses on globally unicast IPv4
address assigned on a router
This Ipv4 address is converted into hexadecimal
format and is appended to the 2002/16 prefix
Final representation 2002ipv address/48
Each site gets one /48 prefix.

39
6to4 routers
40
End-to-End IPv6 session Between IPv6 hosts
Through 6to4 Routers
41
Enabling 6to4 Router Configuration on Cisco
42
Enabling 6to4 Router Configuration on Cisco
(contd.)
43
Enabling 6to4 Router Configuration on Cisco
Example
44
ACL Rule

No IP ACL denying protocol 41.
With 6to4, following ACLs are recommended
Inbound ipv4 packets with protocol 41 from any
source address on the IPv4 Internet
permit 41 any host 132.214.1.10 (incoming 6to4
traffic)
permit 41 host 132.214.1.10 any (outgoing 6to4
traffic)

45
6to4 Relay Service

To allow hosts and networks using 6to4 addresses
to exchange traffic with hosts using "native"
IPv6 addresses, "relay routers" have been
established.
A relay router connects to an IPv4 network and an
IPv6 network.
6to4 packets arriving on an IPv4 interface will
have their IPv6 payloads routed to the IPv6
network, while packets arriving on the IPv6
interface with a destination address prefix of
2002/16 will be encapsulated and forwarded over
the IPv4 network.
A 6to4 relay service is a 6to4 border router that
offers traffic forwarding to the IPv6 Internet
for remote 6to4 border routers.
A 6to4 relay forwards packets that have a
2002/16 source prefix.
6to4 tunnels and connections to a 6to4 relay
service need not be requested or negotiated
between customers and the ISP.

46
6to4 Relay Service

To allow a 6to4 router to communicate with the
native IPv6 Internet, it must have its IPv6
default gateway set to a 6to4 address which
contains the IPv4 address of a 6to4 relay router.
To avoid the need for users to set this up
manually, the 6to4 relay anycast address of
192.88.99.1 (which when wrapped in 6to4 with the
subnet and hosts fields zero becomes
2002c0586301) has been allocated for the
purpose of sending packets to a relay router.
For routing reasons the whole of 192.88.99.0/24
has been allocated for routes pointed at 6to4
relay routers that use the anycast IP.
Providers willing to provide 6to4 service to
their clients or peers should advertise the
anycast prefix like any other IP prefix, and
route the prefix to their 6to4 relay.

47
Configuring 6to4 Relay Service

Anycast IPv4 prefix is supported in Cisco IOS.
Cisco router can act as a 6to4 relay with the
anycast IPv4 prefix.

48
IPv6-Only-to-IPv4-Only Transition Mechanisms
49
IPv6-Only-to-IPv4-Only Communication

Networks made of native IPv6 only and IPv4-only
protocols have to interact and co-exist.
Full interaction between the two types of
networks is mandatory to maintain complete
compatibility between both protocols.
Examples
A node in an IPv6-only domain sending an email
using SMTP to a destination node in an IPv4-only
domain.
A node in an IPv4-Only domain replying to the
source IPv6-Only node in the IPv6 domain.
Nodes in an IPv4 domain connecting using HTTP to
a destination web server running in an IPv6
domain.

50
Methods

Two methods are used to provide communication
between IPv6-only and IPv4 only domains
Application-Level Gateways (ALGs)
NAT-PT

51
Application-Level Gateways (ALGs)

ALG technique is a network architecture in which
gateways with dual-stack support allow nodes in
an IPv6-only domain to interact with nodes on
IPv6 only domain

52
Application-Level Gateways (ALGs)

IPv6 host A establishes an IP session to the
IPv4-only server B through ALG.
ALG C maintains one independent session with the
IPv6 only host A using IPv6 as the transport
protocol and another independent session with the
IPv4 only server B over IPv4.
ALG C converts the IPv6 session into IPv4, and
vice versa.
ALG C has dual-stack support.

53
NAT-PT

Network Address Translation - Protocol
Translation (NAT-PT) is an IPv6-IPv4 translation
mechanism, as defined in RFC 2765 and RFC 2766,
allowing IPv6-only devices to communicate with
IPv4-only devices and vice versa.
Before implementing NAT-PT, you must configure
IPv4 and IPv6 on the router interfaces that need
to communicate between IPv4-only and IPv6-only
networks.
Using a protocol translator between IPv6 and IPv4
allows direct communication between hosts
speaking a different network protocol.
Users can use either static definitions or
IPv4-mapped definitions for NAT-PT operation.

54
IPv6-Only node A communicates with IPv4-only node
B through a NAT-PT device
55
NAT-PT Operations
56
NAT-PT

One of the benefits of NAT-PT is that no changes
are required to existing hosts because all the
NAT-PT configurations are performed at the NAT-PT
router.
NAT-PT should not be used when other native
communication techniques exist.
Types of NAT-PT
Static NAT-PT
Dynamic NAT-PT
PAT

57
Static NAT-PT Operation

Static NAT-PT uses static translation rules to
map one IPv6 address to one IPv4 address.
IPv6 network nodes communicate with IPv4 network
nodes using an IPv6 mapping of the IPv4 address
configured on the NAT-PT router.
Static NAT-PT is useful when applications or
servers require access to a stable IPv4 address.
Accessing an external IPv4 DNS server is an
example where static NAT PT can be used.

58
Static NAT-PT Operation

The NAT-PT device is configured to map the source
IPv6 address for node A of 20010db8bbbb11 to
the IPv4 address 192.168.99.2.
NAT-PT is also configured to map the source
address of IPv4 node C, 192.168.30.1 to
20010db8a.
When packets with a source IPv6 address of node A
are received at the NAT-PT router they are
translated to have a destination address to match
node C in the IPv4-only network.

59
Dynamic NAT-PT Operation

Dynamic NAT-PT allows multiple NAT-PT mappings by
allocating addresses from a pool.
NAT-PT is configured with a pool of IPv6 and/or
IPv4 addresses.
At the start of a NAT-PT session a temporary
address is dynamically allocated from the pool.
The number of addresses available in the address
pool determines the maximum number of concurrent
sessions.
The NAT-PT device records each mapping between
addresses in a dynamic state table.
Dynamic NAT-PT translation operation requires at
least one static mapping for the IPv4 DNS server.

60
Dynamic NAT-PT Operation

The NAT-PT device is configured with an IPv6
access list, prefix list, or route map to
determine which packets are to be translated by
NAT-PT.
A pool of IPv4 addresses - 10.21.8.1 to
10.21.8.10 is configured
When an IPv6 packet to be translated is
identified, NAT-PT uses the configured mapping
rules and assigns a temporary IPv4 address from
the configured pool of IPv4 addresses.
After the IPv6 to IPv4 connection is established,
the reply packets going from IPv4 to IPv6 take
advantage of the previously established dynamic
mapping to translate back from IPv4 to IPv6.
If the connection is initiated by an IPv4-only
host then the explanation is reversed.

61
Port Address Translation (PAT) or Overload

PAT allows a single IPv4 address to be used among
multiple sessions by multiplexing on the port
number to associate several IPv6 users with a
single IPv4 address.
PAT can be accomplished through a specific
interface or through a pool of addresses.

62
Implementing NAT-PT

Configuring Basic IPv6 to IPv4 Connectivity for
NAT-PT (required)
Configuring IPv4-Mapped NAT-PT (required)
Configuring Mappings for IPv6 Hosts Accessing
IPv4 Hosts (required)
Configuring Mappings for IPv4 Hosts Accessing
IPv6 Hosts (optional)
Configuring Port Address Translation
Verifying NAT-PT Configuration and Operation
(optional)

63
1. Configuring Basic IPv6 to IPv4 Connectivity
for NAT-PT

NAT-PT Prefix
An IPv6 prefix with a prefix length of 96 must be
specified for NAT-PT to use.
The IPv6 prefix can be a unique local unicast
prefix, a subnet of allocated IPv6 prefix, or
even an extra prefix obtained from ISP.
The NAT-PT prefix is used to match a destination
address of an IPv6 packet.
If the match is successful, NAT-PT will use the
configured address mapping rules to translate the
IPv6 packet to an IPv4 packet.
The NAT-PT prefix can be configured globally or
with different IPv6 prefixes on individual
interfaces.
Using a different NAT-PT prefix on several
interfaces allows the NAT-PT router to support an
IPv6 network with multiple exit points to IPv4
networks.

64
Configuring NAT-PT Prefix

ipv6 nat prefix ipv6-prefix/prefix-length
interface type number
ipv6 address ipv6-prefix /prefix-length
link-local
ipv6 nat
exit
interface type number
ip address ip-address mask secondary
ipv6 nat

65
2. Configuring IPv4-Mapped NAT-PT

To enable customers to send traffic from their
IPv6 network to an IPv4 network without
configuring IPv6 destination address mapping.
Commands
interface type number
ipv6 nat prefix ipv6-prefix v4-mapped
access-list-name ipv6-prefix
Example
Router(config) interface ethernet 3/1
Router(config-if) ipv6 nat prefix 2001/96
v4-mapped v4map_acl

66
3. Configuring Mappings for IPv6 Hosts Accessing
IPv4 Hosts

To configure static or dynamic IPv6 to IPv4
address mappings.
The dynamic address mappings include assigning a
pool of IPv4 addresses and using an access list,
prefix list, or route map to define which packets
are to be translated.
ipv6 nat v6v4 source ipv6-address
ipv4-addressoripv6 nat v6v4 source list
access-list-name route-map map-name pool name
ipv6 nat v6v4 pool name start-ipv4 end-ipv4
prefix-length prefix-length
ipv6 nat translation max-entries number
timeout udp-timeout dns-timeout
tcp-timeout finrst-timeout icmp-timeout
seconds never
ipv6 access-list access-list-name permit
protocol source-ipv6-prefix/prefix-length
any host source-ipv6-address operator
port-number destination-ipv6-prefix/prefix-len
gth any host destination-ipv6-address
exit
show ipv6 nat translations icmp tcp udp
verbose
show ipv6 nat statistics

67
ipv6 nat translation command
68
4. Configuring Mappings for IPv4 Hosts Accessing
IPv6 Hosts

To configure static or dynamic IPv4 to IPv6
address mappings.
Commands
ipv6 nat v4v6 source ipv4-address
ipv6-addressoripv6 nat v4v6 source list
access-list-number name pool name
ipv6 nat v4v6 pool name start-ipv6 end-ipv6
prefix-length prefix-length
access-list access-list-name number deny
permit source source-wildcard log
Example
Router(config) ipv6 nat v4v6 source 10.21.8.11
20010db8yyyy2orRouter(config) ipv6 nat
v4v6 source list 1 pool v6pool
Router(config) ipv6 nat v4v6 pool v6pool
20010db8yyyy1 20010db8yyyy2 prefix-length
128
Router(config) access-list 1 permit 192.168.30.0
0.0.0.255

69
5. Configuring Port Address Translation

ipv6 nat v6v4 source list access-list-name
route-map map-name pool name overload
Router(config) ipv6 nat v6v4 source
20010db8yyyy11 10.21.8.10
or
ipv6 nat v6v4 source list access-list-name
route-map map-name interface interface name
overload
Router(config) ipv6 nat v6v4 source list
pt-list1 pool v4pool overload
ipv6 nat v6v4 pool name start-ipv4 end-ipv4
prefix-length prefix-length
Router(config) ipv6 nat v6v4 pool v4pool
10.21.8.1 10.21.8.10 prefix-length 24
ipv6 nat translation max-entries number
timeout udp-timeout dns-timeout
tcp-timeout finrst-timeout icmp-timeout
seconds never
Router(config) ipv6 nat translation udp-timeout
600
ipv6 access-list access-list-name
Router(config) ipv6 access-list pt-list1
permit protocol source-ipv6-prefix/prefix-lengt
h any host source-ipv6-address operator
port-number destination-ipv6-prefix/prefix-len
gth any host destination-ipv6-address
Router(config-ipv6-acl) permit ipv6
20010db8bbbb1/64 any