fórum regional lx.br access platforms update · 20/09/2019 · • colaboration (voz, video,...
TRANSCRIPT
Fabio Marques
Date: November 2016
Cisco Confidential
Service Provider Infrastructure Group
Access Platforms UpdateFórum Regional lX.br Como ir do IPv4 para o IPv6, passando pelo CGNAT e NAT64.
Março de 2019
Adalberto Lins
Perguntas
1. Esse assunto é relevante para vocês?
2. Tem IPv4 válido sobrando para atender? SEM CGNAT
3. Quem esta fazendo CGNAT?
4. Você se sente a vontade para experimentar e implementar IPv6?
5. Quem já esta fazendo peering e recebendo IPV6 na Borda BGP?
6. Quem já tem IPv6 implementado em clientes ou em piloto?
Política implemetada em 2011 com 3 fases:
• FASE 1 “Estoque” /9 – Mai 2014
• FASE 2 “Estoque” /10 – jun 2014 (esgotamento)
• FASE 3 (atual) – Jan 2017
• Alocação inicial somente (/24 a /22)
Previsão atual de esgotamento: Jan/2020
Ricardo Patara (NIC.br)
Panorama do esgotamento do IPv4 e implantação do IPv6 na Internet
10anos.ipv6.br - Out/2018
Esgotamento no LACNIC
https://www.aelius.com/njh/google-ipv6/
http://6lab.cisco.com/stats/
http://6lab.cisco.com/stats/
http://6lab.cisco.com/stats/
https://10anos.ipv6.br/
“O dado que é público é que a rede da VIVO como um todo somando todos
os produtos é em torno de quase 50% de tráfego IPv6. Na móvel ele é ainda
mais concetrado” ... “esta em torno de 70%”.
“O Nat64 passa a fazer sentido quando ele passa da metade, pois passamos
a economizar efetivamente”
Fábio Scartoni (Vivo)
Painel: Desafios da implantação do IPv6 e desligamento do IPv4
Fórum Brasileiro de IPv6 – 09.10.2018
• On-line gaming
• Video streaming (Netflix, Hulu, …)
• IP cameras
• Security
• BitTorrent/Limewire (seeding – uploading)
• Port forwarding (Surveillance, Home-Automation)
• VoIP
• UPnP-IGD (Universal Plug & Play - Internet Gateway Device protocol)
• NAT-PMP (NAT Port Mapping Protocol)
• Other NAT Traversal mechs
• AJAX (Asyncronous Javascript And XML)
• FTP (big files)
• Tunnels, VPN, IPsec, ... https://conference.apnic.net/46/
Tutorial 6-13 de Setembro: IPv6-only transition with demo
Problemas conhecidos do CGNAT
Esforços já adiantados para concluir as últimas pendencias práticas
• Trusted Systems, IoT & IPv6
• IPv6, NTP, Routing Security & IoT
• IPv6, TLS, DNS Privacy & Other Crypto
https://www.internetsociety.org/issues/ipv6/
Internet Society IETF Meeting Nov/2018
Key Takeaway – No one size fits allMultiple technology adoption scenarios
▪ Preserve IPv4, Prepare and Prosper with IPv6
▪ Remember: IPv6 Makes IPv4 network with NAT44 works better
time
IPv6 only endpoints
technically viable
New end-systems deployment (handset/RG)
Large Scale NAT
(LSN) introduction
IPv4 address pool
exhausted
•6rd introduction
IPv6 Internet
(IPv6 only transport
viable from a market
perspective)
Dual-Stack
deployment
•NAT64
NAT46
IPv6 enabled
endpoints
IPv4 enabled
endpoints
Key Takeaway – No one size fits allMultiple technology adoption scenarios
time
IPv6 only endpoints
technically viable
New end-systems deployment (handset/RG)
Large Scale NAT
(LSN) introduction
IPv4 address pool
exhausted
•6rd introduction
IPv6 Internet
(IPv6 only transport
viable from a market
perspective)
Dual-Stack
deployment
•NAT64
NAT46
IPv6 enabled
endpoints
IPv4 enabled
endpoints
▪ Preserve seu IPv4, Prepare e Prospere com IPv6
▪ LEMBRE-SE: IPv6 torna a rede IPv4 com NAT44 muito melhor
Topologia de Referencia
FTTH, PON
GPON, STP,
REP, 802.1Q
Etc,
BGP, BNG (PPPoE/IPoE/BRAS)
CGNAT,
NAT64
OSPF, MPLS,
VPLS, L3VPN
Segment Routing
BGP-eVPN
DWDM
CPE
WiFi
SD WAN
Security
IPv6
BGP
BGP Full
IPv4/IPv6
DDoS
BNG
BGP
IPv4 e IPv6 sobre PPPoE
IPv4 IPv4IPv4
Qual parte do backbone precisa fornecer trânsito IPv6 ?
Trânsito IPv6
e IPv6 e IPv6
• Peering IPv6
• Endereçamento IPv6
• Roteamento IPv6
• Serviços IPv6
e IPv6
e IPv6
e IPv6
CGNAT
0
LINK
1
LINK
2
LINK
3
LINKCLASS 1LASER 1
ASR 1001STAT
PWR
CRIT
MAJ
MIN
USB
BF
LINK
MGMT CON AUX
0
C/A A/L0 IDC-4XT3
1
C/A A/L1
2
C/A A/L2
3
C/A A/L3
CISCO NEXUS N9K-C93180YC-EX
53 5451 5249 501 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
BCN
STS
ENV
ASR920
0 2 4 6 8 101 3 5 7 9 11AUXCON
PS-1
PS-0PWR STAT
26 27
ALARM
USB MEM
CONSOLE
MGMT
1G PORTS12 14 16 18 20 2213 15 17 19 21 23
1G PORTS 24 25
ASR920
0 2 4 6 8 101 3 5 7 9 11AUXCON
PS-1
PS-0PWR STAT
26 27
ALARM
USB MEM
CONSOLE
MGMT
1G PORTS12 14 16 18 20 2213 15 17 19 21 23
1G PORTS 24 25
INTERNET
Cisco 2900 Series
SYS ACT POE RPS PSU
I
AC OK100-120/200-240V~
4/2A, 50-60 Hz
Cisco 1800 Series
SYS
PWR
SYS
OK
SYS ACT POE
Cisco 1900 Series
Cisco NCS-540Core
Cisco ASR 1001-XBORDA
ServiçosBorda BGP
Autenticação BNGConcentrador PPPoE
CGNAT / NAT64
ServidorSoftware de Gestão
Autenticação
AnelOSPF / MPLS
L2VPN
Cisco 1900CPE – Cliente
PPPoE
Cisco 1800CPE – Cliente
PPPoE
Cisco 2900BGP
179.160.44.52 /28
192.168.10.9 /24
192.168.1.0 /24 192.168.1.0 /24
100.64.20.3 /24100.64.20.2 /24
CGNAT179.160.44.52 =➔ 100.64.20.0 / 24
172.16.1.0 /24
172.16.2.0 /24
172.16.4.0 /24172.16.3.0 /24
172.16.5.0 /24PE
PE
PP
PPP
P
PE
2804:414:1004::/56
2804:414:1004:1::/64
2804:414:1004:1::/642804:414:1004:1::/64
ANELCisco ASR 920Cisco IE 3400
Bridge Domain
TOPOLOGIA FISICA DO LAB
Cisco ME 3400 Series
SYSTEM
16X
13X
14X
23X
24X
16X
1X
2X
11X
12X
1
2
RATING
100-240V~
1A-0.5A, 50-60Hz
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CONSOLE
Cisco ME 3400 Series
SYSTEM
16X
13X
14X
23X
24X
16X
1X
2X
11X
12X
1
2
RATING
100-240V~
1A-0.5A, 50-60Hz
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CONSOLE
ASR-9001 FAN
STATUSMGT LAN 1
LINK ACT
LINK ACT
MGT LAN 0
BITS J.211
SYNC 0
SYNC 1BITS J.211 CONSOLE
AUX
BAY 1
BAY 0
TOD
LINK ACT
IEEE 1588
GPS INTERFACE
10MHz 1PPS CRIT
MAJ
MIN
EUSB
ACO
SYNC
RSPFAIL
LCFAIL
CLUSTER 0
CLUSTER 1
SFP+ 1
SFP+ 3
SFP+ 0
SFP+ 2
Cisco ASR-9001
PSU1PSU0
AT
TE
NT
ION
ON
-OF
F F
OR
EN
TIR
E S
HE
LF
Cisco ASR 9001-SBORDA
NAT6464:FF9B::/96 =➔ IP PUBLICO
Agregação
Acesso
Borda
TOPOLOGIA LOGICA DO LAB
Roteador BGP - Recebe o IP = 179.160.44.52
Cisco ISR 2900
BORDA - ASR-1001-X
BGP – PPPoE – BNG
CGNAT / NAT64
IPv4 e IPV6
Distribuição
Router NCS – 540
Topo do ANEL
Servidor
Autenticação
Distribuição
Anel MPLS / OSPF / L2VPN
Cisco ASR-920
Cisco IE 3400
CPE cliente PPPoE
Cisco ASR 1800
Cisco ASR 1900
= 179.160.44.52 / 28
2804:414:1004::/56
IP = CGNAT = 100.64.20.0 /24
192.168.10.9 /24
MPLS/OSPF
L2VPNL2VPN
Partindo de um Ambiente IPv4 Only
ASR – 1001-X• BGPv4
• PPPoE IPv4
• BNG – RADIUS
• CGNAT
Partindo de um Ambiente IPv4 Only
ASR – 1001-X• BGPv4 BGPv6
• PPPoE IPv6
• BNG – RADIUS
• CGNAT
Partindo de um Ambiente IPv4 Only
ASR – 1001-X• BGPv4 BGPv6
• PPPoE IPv6
• BNG – RADIUS
• CGNAT NAT64
➔ Tutorial NIC.br Como ir do IPv4 para o IPv6, passando pelo CGNAT e NAT64.
https://tutoriais.semanainfrabr.nic.br/2018/
➔ Canal ISP.Express
https://isp.express/
➔ Cursos e Eventos NIC.brhttp://ipv6.br/
➔ Estatísticas IPv6 - CISCO6lab.cisco.com/stats/
➔ IPv6 Country Rankhttps://www.aelius.com/njh/google-ipv6/
Mais informações
Resumo oferta CISCO para o seu Cliente .:|:.:|:.
• Serviço de Conectividade: (Infra do provedor)
✓ Internet (Rede Metro, BNG, BGP, DWDM etc)
✓ LAN to LAN (MPLS, VPWS, SR)
• SD-WAN – Meraki e Viptela
• Datacenter (Backup)
• Serviços gerenciados: (Infra do Cliente)
• Residencial: Umbrela (DNS, Ransomware, BotNet, Parental Control)
• Corporativa: Umbrela, Firewal UTM (Meraki/ASA), Anti-DDoS, EndPoint(AMP),
• Simple IT Dashboard: Meraki (Segurança, Cameras, WiFi, Rede)
• Managed Service: Find-IT SMB
• Colaboration (Voz, Video, Conferencia, EaD)
• HotSpots e Monetização de HotSpots
EoS/EoL Product Announcement Date Migration Platform
ME 3600X October 2016 ASR 920
ME 3800X October 2016 ASR 900 RSP3
ASR 901S October 2016 TBD
Source:
Upcoming End of Sale Product Plan
OBRIGADO !!!
Adalberto [email protected]
Slides de Backup
ASR1001-XCPU
Memory
DDR3
USBConsole and Aux
MgmtENET
Bootdisk
CPU
(2.0 GHz Quad-Core)
nvram
ASR 1001-X Block Diagram
Crypto
SA table DRAM
Temp Sensor
Power Ctlr
EEPROM
OversubDDR3
Rsrc/PktDDR3
TCAM4(10 Mbit)
Processor Pool
PPE0PPE0PPE0PPE1
PPE0PPE0PPE0PPE6
PPE0PPE0PPE0PPE2
PPE0PPE0PPE0PPE5
PPE0PPE0PPE0PPE3
… PPE0PPE0PPE0PPE31
PPE0PPE0PPE0PPE4 QFP
Buffer, queue, schedule (BQS)Buffer, queue, schedule (BQS)
Dispatcher/PktBuffer
NIM
Boot Flash (OBFL, …)
10 GE
10 GE
GE GE GE GE
Stratum-3ENetwork
clock circuit
SPA
GE GE
PCIe
SPA ControlSPA Bus
Other
1G
Solid State Drive
200G or 400G
Optionally in NIM
Slot
Integrated
Control Plane
- Quad Core CPU
Integrated
SIP & Enet I/O
Subsystem
2nd Generation QFP: 20
Gbps Forwarding &
Feature processing
Encryption
Coprocessor
8G Crypto
Suite-B
10GE
Resource /
Packet Buffer
Memory (4G)
ASR 1001-X Block Diagram
SSD
200G/400G in NIM
PCI
Other
GE, 1Gbps
I2C
SPA Control
SPA Bus
CPU
2.0 GHz dual-coreI2C Chassis
Management Bus
Interconnect
CPU Memory DDR3
(8GB) - Default
Management
Ethernet
USBConsole
& Aux
NVRAM
Card Infrastructure
Boot Flash
(OBFL,…)
QFP complexTCAM
(10Mbit)
Resource
DRAM
(4GB)Packet
Buffer
DRAM
(512MB)
Dispatcher Packet Buffer
BQSPPEs
PPE1 PPE2 PPE3
PPE4 PPE31
Crypto
(Nitrox-II
CN6645
10 Cores)
HHSPA
TenGE0
TenGE1
NIM
GE4
GE5
GE2
GE3
GE0
GE1
MACSec Quad
1GE PHYMACSec Dual
1GE PHY
MACSec Dual
10GE PHY
Lab 1: Partindo de um AmbienteIPv4 Only
ASR-9001 FAN
STATUSMGT LAN 1
LINK ACT
LINK ACT
MGT LAN 0
BITS J.211
SYNC 0
SYNC 1BITS J.211 CONSOLE
AUX
BAY 1
BAY 0
TOD
LINK ACT
IEEE 1588
GPS INTERFACE
10MHz 1PPS CRIT
MAJ
MIN
EUSB
ACO
SYNC
RSPFAIL
LCFAIL
CLUSTER 0
CLUSTER 1
SFP+ 1
SFP+ 3
SFP+ 0
SFP+ 2
Cisco ASR-9001
PSU1PSU0
AT
TE
NT
ION
ON
-OF
F F
OR
EN
TIR
E S
HE
LF
ASR- 90012 RU 24 ports on the faceplate : 4 X 10G20X1G, 4X 10G,12X 10G
2X100G(QSFP28)PAYG mode for 120G,4 FULL TABLE BGPBNG 32 MIL SESSÕES PPPoEIPoEMac-secMPLS FULLSATELITE c/ ASR 920FIREWALL
BGPBNG
0
LINK
1
LINK
2
LINK
3
LINKCLASS 1LASER 1
ASR 1001STAT
PWR
CRIT
MAJ
MIN
USB
BF
LINK
MGMT CON AUX
0
C/A A/L0 IDC-4XT3
1
C/A A/L1
2
C/A A/L2
3
C/A A/L3
ASR920
MGMTAUX CONCONSOLE
1
0
PWR STAT
ZTP4 5
10G PORTS
ALARMUSB CON USB MEM
TOD BITS 2 30 11G PORTS+ GND -
PS-0 24-60V 6A
+ GND -
PS-1 24-60V 6A ASR- 9201 RU 24 ports on the faceplate : 24X1G, 4X 10G, FULL MPLS, VPLS,L3VPNBNG-eVPNMac-secSATELITE
AGREGAÇÃO ACESSO
ASR- 1001-X1 RU 20G6 x PORT GIGA + 2 x PORT 10GIGA+ 4K PPPoE + CGNAT 2 MILHOES DE SESSÕES + BGP +FIREWALL1.000.000 IPv4 or 1.000.000 IPv6 routes Up- grade até 8K PPPoEFIREWALL
BGPBNGCGNAT
NCS 5401 RU
24X1G/10G , 8X 25G,2X 100G
FULL MPLS, VPLS,L3VPNBNG-eVPN
Mac-secSATELITE
AGREGAÇÃO ACESSO
SYS ACT POE
Cisco 1900 Series
Cisco 2900 Series
SYS ACT POE RPS PSU
I
AC OK100-120/200-240V~
4/2A, 50-60 Hz
Cisco 1800 Series
SYS
PWR
SYS
OK
ISR 2911ISR 1905 ISR 1800
Cisco ME 3400 Series
SYSTEM
16X
13X
14X
23X
24X
16X
1X
2X
11X
12X
1
2
RATING
100-240V~
1A-0.5A, 50-60Hz
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CONSOLE
ME 3400
EQUIPAMENTOS DO LAB
TOPOLOGIA LOGICA DO LAB
Roteador BGP - Recebe o IP = 179.160.44.52
Cisco ISR 2900
BORDA - ASR-1001-X
BGP – PPPoE – BNG
CGNAT / NAT64
IPv4 e IPV6
Distribuição
Router NCS – 540
Topo do ANEL
Servidor
Autenticação
Distribuição
Anel MPLS / OSPF / L2VPN
Cisco ASR-920
Cisco IE 3400
CPE cliente PPPoE
Cisco ASR 1800
Cisco ASR 1900
= 179.160.44.52 / 28
2804:414:1004::/56
IP = CGNAT = 100.64.20.0 /24
192.168.10.9 /24
MPLS/OSPF
L2VPNL2VPN
0
LINK
1
LINK
2
LINK
3
LINKCLASS 1LASER 1
ASR 1001STAT
PWR
CRIT
MAJ
MIN
USB
BF
LINK
MGMT CON AUX
0
C/A A/L0 IDC-4XT3
1
C/A A/L1
2
C/A A/L2
3
C/A A/L3
CISCO NEXUS N9K-C93180YC-EX
53 5451 5249 501 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
BCN
STS
ENV
ASR920
0 2 4 6 8 101 3 5 7 9 11AUXCON
PS-1
PS-0PWR STAT
26 27
ALARM
USB MEM
CONSOLE
MGMT
1G PORTS12 14 16 18 20 2213 15 17 19 21 23
1G PORTS 24 25
ASR920
0 2 4 6 8 101 3 5 7 9 11AUXCON
PS-1
PS-0PWR STAT
26 27
ALARM
USB MEM
CONSOLE
MGMT
1G PORTS12 14 16 18 20 2213 15 17 19 21 23
1G PORTS 24 25
INTERNET
Cisco 2900 Series
SYS ACT POE RPS PSU
I
AC OK100-120/200-240V~
4/2A, 50-60 Hz
Cisco 1800 Series
SYS
PWR
SYS
OK
SYS ACT POE
Cisco 1900 Series
Cisco NCS-540Core
Cisco ASR 1001-XBORDA
ServiçosBorda BGP
Autenticação BNGConcentrador PPPoE
CGNAT / NAT64
ServidorSoftware de Gestão
Autenticação
AnelOSPF / MPLS
L2VPN
Cisco 1900CPE – Cliente
PPPoE
Cisco 1800CPE – Cliente
PPPoE
Cisco 2900BGP
179.160.44.52 /28
192.168.10.9 /24
192.168.1.0 /24 192.168.1.0 /24
100.64.20.3 /24100.64.20.2 /24
CGNAT179.160.44.52 =➔ 100.64.20.0 / 24
172.16.1.0 /24
172.16.2.0 /24
172.16.4.0 /24172.16.3.0 /24
172.16.5.0 /24PE
PE
PP
PPP
P
PE
2804:414:1004::/56
2804:414:1004:1::/64
2804:414:1004:1::/642804:414:1004:1::/64
ANELCisco ASR 920Cisco IE 3400
Bridge Domain
TOPOLOGIA FISICA DO LAB
Cisco ME 3400 Series
SYSTEM
16X
13X
14X
23X
24X
16X
1X
2X
11X
12X
1
2
RATING
100-240V~
1A-0.5A, 50-60Hz
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CONSOLE
Cisco ME 3400 Series
SYSTEM
16X
13X
14X
23X
24X
16X
1X
2X
11X
12X
1
2
RATING
100-240V~
1A-0.5A, 50-60Hz
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CONSOLE
ASR-9001 FAN
STATUSMGT LAN 1
LINK ACT
LINK ACT
MGT LAN 0
BITS J.211
SYNC 0
SYNC 1BITS J.211 CONSOLE
AUX
BAY 1
BAY 0
TOD
LINK ACT
IEEE 1588
GPS INTERFACE
10MHz 1PPS CRIT
MAJ
MIN
EUSB
ACO
SYNC
RSPFAIL
LCFAIL
CLUSTER 0
CLUSTER 1
SFP+ 1
SFP+ 3
SFP+ 0
SFP+ 2
Cisco ASR-9001
PSU1PSU0
AT
TE
NT
ION
ON
-OF
F F
OR
EN
TIR
E S
HE
LF
Cisco ASR 9001-SBORDA
NAT6464:FF9B::/96 =➔ IP PUBLICO
Agregação
Acesso
Borda
Partindo de um Ambiente IPv4 Only
ASR – 1001-X• BGPv4
• PPPoE IPv4
• BNG – RADIUS
• CGNAT
CONFIGURAÇÃO DO POOL PPPoE CGNAT - BNG SR 1001-X
interface Virtual-Template10
mtu 1480
ip unnumbered Loopback10
no ip unreachables
no ip proxy-arp
ip nat inside
no ipv6 nd ra suppress
peer default ip address pool v4cgn-pool1
ppp authentication chap pap calin
ppp ipcp dns 8.8.8.8 8.8.4.4
ip local pool v4cgn-pool1 100.64.20.10 100.64.20.110
CONFIGURAÇÃO CGNAT - BNG SR 1001-X
ip nat settings mode cgn
access-list 1 permit 100.64.20.0 0.0.0.255
ip nat settings pap bpa set—size 512 step-size 8
ip nat log translations flow-export v9 udp destination 192.168.10.16 2055
Proporção de Tradução x alocação de portas
1 IP Valido == > 100 Ips de CGNAT = 512 portas
ip nat pool POOL_CGNAT 179.150.55.106 179.150.55.106 prefix-length 28
ip nat inside source list 1 pool POOL_CGNAT
Passo 1: Preparando o Backbone IPv6
IPv6 sobre PPPoEDual Stack CGNAT
Partindo de um Ambiente IPv4 Only
ASR – 1001-X• BGPv4 BGPv6
• PPPoE IPv6
• BNG – RADIUS
• CGNAT
Qual parte do backbone precisa fornecer trânsito IPv6 ?
BNG
BGP
IPv4 sobre PPPoE
IPv4 IPv4IPv4
CGNAT
BNG
BGP
IPv4 e IPv6 sobre PPPoE
IPv4 IPv4IPv4
Qual parte do backbone precisa fornecer trânsito IPv6 ?
Trânsito IPv6
e IPv6 e IPv6
• Peering IPv6
• Endereçamento IPv6
• Roteamento IPv6
• Serviços IPv6
e IPv6
e IPv6
e IPv6
CGNAT
CONFIGURAÇÃO DE INTERFACES E POOL PPPoE IPv6 - BNG
BGPv6 SR 1001-Xinterface GigabitEthernet0/0/1
description BGP_ISR2900
ip address 172.31.200.2 255.255.255.0
ip nat outside
negotiation auto
ipv6 address 2804:414:1004:5::1/64
ipv6 enable
router bgp 65500
bgp router-id 172.31.200.2
bgp log-neighbor-changes
neighbor 2804:414:1004:5::2 remote-as 65600
neighbor 2804:414:1004:5::2 description BGP_ISR2900
neighbor 172.31.200.1 remote-as 65600
neighbor 172.31.200.1 description BGP_ISR2900
CONFIGURAÇÃO DE INTERFACES E POOL PPPoE IPv6 - BNG
BGPv6 SR 1001-Xinterface Virtual-Template10
ipv6 unnumbered Loopback10
ipv6 enable
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 nd router-preference High
ipv6 dhcp server dhcpv6
peer default ipv6 pool v6-pool1
ipv6 dhcp pool dhcpv6
prefix-delegation pool dhcpv6-pool1 lifetime 1800 600
dns-server 2001:4860:4860::8888
domain-name cisco.ainet.com.br
ipv6 local pool dhcpv6-pool1 2804:414:1004:4::/64
Lab 3: NAT64 – IPv6
CGNAT
Onde Chegamos
BNG
BGP
IPv4 sobre PPPoE
IPv4 IPv4IPv4
e IPv6 e IPv6 e IPv6
IPv6 e
IPv4
IPv6IPv6IPv4
NAT64
IPv6IPv4
CGNAT
CONFIGURAÇÃO DE NAT64
interface GigabitEthernet0/0/1
nat64 enable
ipv6 access-list MYLIST
permit ipv6 64:FF9B::/96 any
permit ipv6 2804:414:1004:4::/64 any
permit ipv6 2804:414:1004::/56 any
permit ipv6 2804:414:1004:1::/64 any
nat64 prefix stateful 2804:414:1004::/96
nat64 v4 pool NAT64 172.31.201.2 172.31.201.3
nat64 v6v4 list MYLIST pool NAT64 overload
v4(Público)
O que falta ser tratado?No Passado
v4
Hoje No Futuro
v4(Público)
v4(Público)
NAT
v4(Público)
v4(Privado)
v6
NAT
v4(Privado)
v6
CGN
v6
v4(Público)
v6v4(Privado)
v6
4to6 4to6
6to46to4
v4v4 v6 v6
v4(Privado)
IPv4 e IPv6 Operando em Paralelo
v4
v6v6
NAT64