2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

The Internet Protocol IPv6: Make a Plan

Preserve your IPv4 Investment

Prepare for an orderly IPv6 transition Prosper through sustained growth

Kumar Reddy
Director, Technical Marketing Engineering

Revenue Recognition Disclaimer

Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

Registry Exhaustion Dates

100 90 80 70 Probability (%) 60 50 40

30
20 10 0
Jan 2011 Jul 2011 IANA Jan 2012 Jul 2012 Jan 2013 RIPENCC Jul 2013 ARIN Jan 2014 Jul 2014 Jan 2015 AFRINIC Jul 2015

APNIC

LACNIC

2010 Cisco and/or its affiliates. All rights reserved.

Source: Geoff Huston, APNIC

V6 in 2010 alpha
Ironport cisco.com

V6-Enabled Cloud-based Services

V6-Enabled V6-Enabled

V6 Enabled

V6 in iOS 4.0

Departments

Functions V6-Enabled

Enterprise Collaboration Tools

Web-enabled Devices

Workgroups/ teams

Consumer Software

V6-Enabled

V6-Enabled

V6-Enabled
Image Source: Forrester, Three Mega Business Trends Will Reshape The Tech Sector

2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Market Factors Driving IPv6 Deployment

IPv4 Address Run-Out National IPv6 Strategies US Federal/Civilian, US DoD, China NGI, EU

IPv6
IPv6 OS, Content & Applications Infrastructure Evolution
SmartGrid, SmartCities DOCSIS 3.0, 4G/LTE ,IPSO

www.oecd.org: Measuring IPv6 adoption

C3RS Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

IPv6 Deployment Strategies by Market

Service Provider Consumer Content

Enterprise

Public Sector

2001:db8:2ef3:a4f0:65b9:e8ff:f36c:84b0
2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Carrier Grade v6
Boundless service opportunities with Smart Grid, Connected Cities, Mobile Video, Cloud Computing
Today Private IP 6-over-4 Transitional 4-over-6 All IPv6
Business / Consumer

IP NGN

Prosper Prepare

Preserve

= IPv4

= Private IP

= IPv6
Cisco Confidential

Smart Grid Opportunity: 110 million households in US alone

8

2010 Cisco Systems, Inc. All rights reserved.

Sales Certs (USGv6, JITC UCR2008)

IPv6 Pilot and Basic Infrastructure

3 4

IPv6 Internet Presence (websites, remote users, B2B )

IPv6 Islands (Wireless/Consumer devices, Labs )

Internal Data Center, Enterprise Apps

6
Mandated 1, 2, 3
Who?
Government Agencies Customers who sell to government agencies

Ubiquitous Dual-Stack

7
Motivated 234
Who?
Customers with IPv4 address exhaustion

IPv4 EOL

Early Adopter 243567

Who?
Companies looking for competitive advantage Companies using IPv6 to solve business problems Early adopters preparing for coexistence

Mainstream 2
Who?
Large US/European Enterprises Small-Medium Enterprises

Global Enterprises with consumer or business interaction on the public internet

Customers with user-provided devices on their networks

2010 Cisco and/or its affiliates. All rights reserved.

IPv6 Co-existence Solutions

Dual Stack
IPv4 IPv6

Recommended Enterprise Co-existence strategy

Tunneling Services
IPv4 over IPv6 IPv6 over IPv4

Connect Islands of IPv6 or IPv4

Translation Services
IPv4

IPv6

Business Partners Government Agencies International Sites Remote Workers Internet consumers

Connect to the IPv6 community

Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

10

Dual Stack

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

11

IPv6 using Dual Stack Backbone

Dual Stack App IPv4 + IPv6 Edge IPv6 + IPv4 Core IPv4 and/or IPv4 edge

CE

PE

PE

CE IPv4

IPv6 IPv4

IPv4/IPv6 Core

IPv4 configured interface IPv6

Some or all interfaces in cloud dual configured

IPv6 configured interface

All P + PE routers are capable of IPv4+IPv6 support Two IGPs supporting IPv4 and IPv6

Memory considerations for larger routing tables

Native IPv6 multicast support All IPv6 traffic routed in global space Good for content distribution and global services (Internet)
Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

12

Application Dual Stack Approach

IPv4 Application IPv6 Enabled Application

TCP

UDP

TCP

UDP

IPv4
0x0800

IPv6
0x86dd

IPv4
0x0800

IPv6
0x86dd Frame Protocol ID

Data Link (Ethernet)

Data Link (Ethernet)

Dual stack in a device means

Both IPv4 and IPv6 stacks enabled Applications can talk to both Choice of the IP version is based on DNS and application preference

Dual stack at edge does not necessarily mean dual stack backbone
Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

13

Tunnels

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

14

Manual Tunnels (RFC 4213 and GRE)

IPv6 Packet
Customer IPv6 Network 200.15.15.1 2001:300::1/64 PE IPv4 Access Network
Manual Tunnel

IPv6 Packet

IPv4 Header

IPv6 Packet
Provider IPv6 Network 200.13.13.1 2001:300::2/64 PE

IPv4 Access Network

IPv6
CE P

IPv6
CE Dual Stack

6in4 was one of the first transition mechanisms developed for IPv6
Static P2P tunnel, IP protocol type = 41, no additional header, NAT breaks IPv4 end point address must be routable IPv6 prefix configured on tunnel interface

An IPv6 in GRE tunnel solution also exists (not shown)

uses 0x86DD to identify IPv6 payload

Usual manual point to point tunnel caveats apply

Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

15

6 to 4 Tunnels (RFC 3056)

IPv6 Packet
IPv6 Network 200.15.15.1 (e0/0) IPv4 Backbone Network
6 to 4 Tunnel

IPv6 Packet

IPv4 Header

IPv6 Packet
IPv6 Network 200.11.11.1 (e0/0) IPv6 2002:c80b:0b0 1 CE

IPv4 Backbone Network

IPv6 2002:c80f:0f01 CE

PE

PE

P 2002:c80f:0f01:100::1

P 2002:c80b:0b01:100::1

Automatic tunnel method using 2002:IPv4::/48 IPv6 range

IPv4 embedded in IPv6 format eg. 2002:c80f:0f01:: = 200.15.15.1

No impact on existing IPv4 or MPLS Core (IPv6 unaware) Tunnel endpoints have to be IPv6 and IPv4 aware (Dual stack) Transition technology not for long term use
Intrinsic linkage between destination IPv6 Subnet and IPv4 gateway interface IPv4 Gateway = Tunnel End point
Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

16

ISATAP (RFC 5214)

ISATAP Host A
IPv4 Network

ISATAP Router 1
E0 IPv6 Network

ISATAP Tunnel
206.123.20.100 2001:db8:ffff:2::5efe:ce7b:1464 206.123.31.200

2001:db8:ffff:2::5efe:ce7b:1fc8

Intra Site Automatic Tunnel Addressing Protocol

Tunnel from a dual stack HOST PC to an IPv6 gateway

ISATAP hosts use a special IPv6 address format

Rightmost 32 bits of Interface ID contains the host IPv4 address Leftmost 32 bits of Interface ID contains 0000:5EFE

Operates within single administrative domain Creates a virtual IPv6 link over an IPv4 backbone
IPv4 network treated as an NBMA link layer

Routers provide ISATAP service

DNS may hold potential router list or ISATAP gateways
Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

17

DMVPN for IPv6

IPv6 Packet
IPv6 Private Network

IPv6 Packet

GRE Header
IPv4 Public Network

IPv4 Next Hop

IPv6 Packet
IPv6 Private Network

IPv6 2000:db8:beef:1::/64 CE SPOKE

PE

IPv4 Public Network

Dynamic Spoke to Spoke Tunnel

PE

IPv6 2000:db8:f00d:1::/64 CE SPOKE

Static Spoke to Hub Tunnel

Static Spoke to Hub Tunnel

PE

NHRP Database

CE HUB

IPv6 2000:db8:cafe:1::/64

Connects private IPv6 islands across public IPv4 cloud Public IPv4 network treated as NBMA network
Static hub and spoke topology Dynamic spoke to spoke topology

Supports dynamic unicast and multicast routing

Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

18

IPv6 VPN 6PE/6VPE (RFC 4659)

IPv6 Packet
IPv6/IPv4 Network 10.1.1.0/24 2001:db8:beef:1::/64

IPv6 Packet

VPN Label

LDP Label

IPv6 Packet
IPv6/IPv4 Network 10.1.2.0/24 2001:db8:beef:2::/64

MPLS IPv4 Backbone

200.10.10.1
VRF

P IPv4 MPLS P

200.11.11.1
VRF

IPv4 IPv6

CE1 6VPE1 172.16.1.0.0/30 2001:db8:cafe:1::/64

6VPE2 CE2 172.16.3.1/30 2001:db8:cafe:3::/64

IPv4 IPv6

6PE connects IPv6 islands over MPLS Core (not shown) 6VPE adds IPv6 support to IPv4 MPLS VPN feature For End Users: VPNv6 is the same as VPNv4 services For Providers: Same configuration operation for VPNv4 and VPNv6 Uses existing IPv4 MPLS infrastructure
Core uses IPv4 control plane (LDPv4, TEv4, IGPv4)

PEs must support dual stack IPv4+IPv6 VRF can contain both VPNv4 and VPNv6 routes
Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

19

LISP Use Cases IPv6 Migration Support

Connecting IPv6 Islands

v6
v6 island

Needs:
Rapid IPv6 Deployment
IPv4 Enterprise Core v6 island IPv4 Internet

xTR

Minimal Infrastructure disruption

xTR

IPv4 Enterprise Core

v4 v6

v6

LISP Solution:
LISP encapsulation is Address Family agnostic
IPv6 interconnected over IPv4 core IPv4 interconnected over IPv6 core
IPv6 Transition Support v6
PxTR
IPv4 Core v6 service

v4 v6
IPv6 Internet IPv4 Internet

xTR

Benefits:
Accelerated IPv6 adoption Minimal added configurations No core network changes Can be used as a transitional or permanent solution
Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

v6

IPv6 Access Support v6

v6 site PxTR PxTR xTR

v4 v6
PxTR IPv4 access & Internet

xTR

v6 home Network

xTR

v6 home Network

v6

. .
v6 home Network

IPv6 Internet

Use-Cases

20

Translation

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

21

Prepare - Address Family Translation (AFT)

Allows access between IPv6 and IPv4 networks (IETF BEHAVE)
Subscribers Provider Internet

IPv6 AFT (NAT64)

IPv6

IPv6

Public IPv4

IPv6

IETF BEHAVE working group on AFT for NAT64 and NAT46

Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

22

Applications Break with Insufficient Ports

Source: Shin Miyakawa, NTT Communications

Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

23

Stateful 1. 2. 3. 4. 5.
IPv6 Network

Stateless

IPv4 Internet
IPv6 Network

IPv4 Internet

IPv6 Internet
IPv4 Network

IPv4 Network

IPv6 Internet
IPv4 Network

Not viable because too few IPv4 addresses

IPv6 Network

6.

IPv4 Network

IPv6 Network

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

24

Stateless NAT64 Operation

IPv6 Network IPv4 Network

Src = 2001:db8:100::c000:0202 Des = 2001:db8:100::c001:0101

Src = 192.0.2.2(c000:0202 ) Des = 192.1.1.1(c001:0101)

IPv6 Packet NAT64

Src = 2001:db8:100::c001:0101 Des = 2001:db8:100::c000:0202

IPv4 Packet
Src = 192.1.1.1(c001:0101) Des = 192.0.2.2(c000:0202) 192.1.1.1

IPv6 Packet
GE 0/1/0 2001:db8:100::1 2001:db8:100::c000:0202 Host IPv6 address is 2001:db8:100::c000:0202 IPv4 translatable address is 192.0.2.2 (i.e. 192.0.2.0/24) NAT64 (stateless) GE 0/2/0 192.0.2.1

IPv4 Packet

IPv4 Network

Application Server or IPv4 Host

Gateway is configured for stateless NAT64 prefix 2001:db8:100::/96 on GE0/1/0 GE 0/2/0 is NAT64 enabled and configured with IPv4 address Gateway is configured to perform stateless translation for 192.0.2.0/24 IPv4 pkts to IPv6 and then direct them towards GE0/1/0 (on the return path)
25

Gateway is 2001:db8:100::1

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

Stateful NAT64 + DNS64 Operation

4
Synthesized response: 2001::A.B.C.D DNS64

DNS Response (company.com) A record (A.B.C.D)

2 1

DNS Request (company.com) A/AAAA query

DNS Request (company.com)

Public IPv4 Internet IPv4

IPv6

6
IPv6 host 2000::100

IPv6 Packet Source: 2000::100 Destination: 2001::A.B.C.D

NAT64 Prefix: 2001::/96

IPv4 Packet Source: C.D.E.F Destination: A.B.C.D

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

26

Translation: Stateful / Stateless

Stateful NAPT (Network Address and Port Translator) NAT is less scalable NAT placement related to network topology Stateless NAT is more scalable

NATs can be located anywhere

IPv4- or IPv6-initiated connections

IPv6-initiated connections
1:N mapping
Many IPv6 hosts consume 1 IPv4 address

1:1 mapping
one IPv4 address is consumed for every participating IPv6 address

Limited TCP ports

Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

27

IPv6 V6-only End User ISP Hosting/ CDN ISP

IPv4

IPv4 Content

Subscribers

4 6 6 4 Considerations: Experience, Scale, Cost, Operations, Technology

Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

28

Design

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

29

IPv6 Borderless Network Architecture

Optimized IPv6 Delivery Security
IPv6 IPsec IPv6 Firewall Security IPv6 IDS

Transition Technologies
Dual Stack IPv4/IPv6 V6 over v4 tunnels: 6vPE/6PE, L3VPNoMGRE, DMVPNv6, Static tunnels 6 to 4 translation

MPLS/ IPv4/IPv6 Core

Internet

Edge

EIGRPv6, OSPFv3, BGPv6 PBR

Core

EIGRPv6, OSPFv3, IS-IS IPv6 support for VSS ECMP, OSPFv3 GR IPv6 PIM-SSM, MLDv2, Embedded RP IPv6 QoS DHCPv6 Relay Agent HSRPv6/GLBPv6 IPv6 support for VSS

IPv6 CoPP

Dual Stack IPv4/IPv6 6to4 tunneling ISATAP

Dual Stack IPv4/IPv6 6vPE/6PE 6to4 tunneling ISATAP tunnels

Distribution

IPv6 ACL IPv6 ACL Atomic Commit/Dry Run uRPF IPv6 Ingress Netflow IPv6 Flexible Netflow

Access

Stateless Auto configuration IPv6 management: SNMP, Syslog, SSH, NTPv4, Tacacs+ IPv6 interface stats

IGMPv3/MLDv2 Snooping IPv6 First Hop Security IPv6 PACL/RA Guard

Dual Stack IPv4/IPv6 ISATAP and static Tunnels

Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to at the sole discretion ofreserved. Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of change 2009 Cisco Systems, Inc. All rights Cisco Confidential Presentation_ the products or features set forth in this document. ID

30

IPv6 Data Center Network Architecture

Translation Point

Internet
Distribution/Core Dual Stack Routing protocols (OPSFv3, ISISv6, BGPv6..) IPv6 Mcast IPv6 security: classification, ACL & policing,CoPP BFD Flexible Netflow 6VPE ECMP Interface stats uRPF

DC Edge

DC Core Firewall

Firewall

L2/L3 Boundary
Towards Access Dual Stack HSRPv6/VRRPv3 BFD SVI Snooping (MLDv2) IGMPv3 First Hop Security (RA guard) PACL/VACL IPv6 Management

DC Agg

Translation Point

IPv6 IPv4

Racks

Rack 1

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

. .

ToR Access

IPv6

IPv4

..

1x10GE per Agg SW

Load balancers

Racks

31

What changes .. examples

Its all IP, but some things change
Applications
In house software may require rewrite to use dual stack - operating systems have support Commercial software may be support IPv6, or refresh to new version

NMS for multi-protocol networks Operations and troubleshooting procedures Typing IPv6 addresses is really painful Address allocation and design

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

32

Sample Real World Issues

PTMUD DNS unHappy Eyeballs 6to4 relays Spurious RAs Disabled stacks/enabled stacks Unknown IPv6 traffic Reachability on the IPv6 Internet Device discovery with subnet scans

Embedded literals
Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

33

Next Steps

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

34

IPv6 Is Not a Rip-and-Replace Proposition

Preserve

Audit and leverage existing IPv6 capabilities

Preserve existing investment

Prepare

Prepare a migration and deployment plan

Identify and enable critical IPv6 functional areas

Prosper

Prosper through the transition to IPv6 Internet

Enable all systems with dual-stack capabilities Grow seamlessly as the Internet transitions to IPv6

IPv6 is the foundation of a lifecycle management discussion

2010 Cisco and/or its affiliates. All rights reserved. 35

Enterprise Action Plan

Start now and position for growth
Next Steps:
Assess, Plan, Design Trial, Train, Roll out

Map out opportunities to be IPv6 ready in planned technology refresh cycles Assess the business impact for having IPv6 support
Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

36

A Phased Approach to IPv6 Adoption

Start with a Phased Plan Aligned with Your Business Strategy

1 2 3 4

Identify the highest priority IPv6-critical areas in your network

Perform IPv6 Assessment on highest-priority areas to determine scope of design

Develop an IPv6 design that enables IPv6 to be introduced without disrupting your IPv4 network Begin IPv6 testing and implementation in pilot mode, then extend over time into production deployment

Repeat for the Next IPv6-Critical Area in Your Network

Presentation_ ID 2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

37

Cisco first to receive IPv6 Education/Training certification from the IPv6 Forum Three Cisco training courses received IPv6 Forum certification

CCNA, CCNP and CCIE

Cisco Certified Engineers may use the Certified Engineer logo

USGv6 and IPv6-ready logo certifications

2010 Cisco and/or its affiliates. All rights reserved.

38

June 8 2011 00h00-23h59 (UTC) 24-hr IPv6 Test Flight IPv6 access on websites front door
(DNS AAAA Record on www.company.com)

Note: This is not about turning off IPv4! http://isoc.org/wp/worldipv6da y/ Coordinated by: http://isoc.org/wp/worldipv6day

http://isoc.org/wp/worldipv6day/participants
http://supportforums.cisco.com/community/netpro/networkinfrastructure/ipv6-transition

World IPv6 Day: Jumping In Together

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39

For more information

http://www.cisco.com/go/ipv6

Presentation_ ID

2009 Cisco Systems, Inc. All rights Cisco reserved. Confidential

40

 2010 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

41

Questions ?