ipv6 architecture overview and deployment scenarios
DESCRIPTION
32nd Asia Pacific Advanced Network (APAN) chapter was their first ever meeting in South Asia. Cisco leveraged this opportunity to sponsor and participate in this 5-day event hosted by ERNET India. The event consisted of of tutorials, technical presentations and demonstrations covering advanced network technologies.Anil Nileshwar paper on Cloud Security received an overwhelming responseTRANSCRIPT
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
Chinna Pellacuru [email protected] Technical Leader
August 23, 2011
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
• IPv6 Enterprise Deployment Scenarios
• IPv6 Service Provider Deployment Scenarios
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
IPv6 Internet Presence (websites, remote users, B2B …)
IPv6 Islands (Wireless/Consumer devices, Labs …)
Internal Data Center, Enterprise Apps
Ubiquitous Dual-Stack
IPv6 Pilot and Basic Infrastructure
IPv4 EOL
Sales Certs (IPv6 Ready, USGv6, JITC)
“Mandated”
1, 2, 3
Who?
•Government Agencies
•Customers who sell to
government agencies
“Motivated”
2 3 4
Who?
•Customers with IPv4 address
exhaustion
•Global Enterprises with
consumer or business
interaction on the public internet
•Customers with user-provided
devices on their networks
“Early Adopter”
2 4 3 5 6 7
Who?
•Companies looking for
competitive advantage
•Companies using IPv6 to solve
business problems
•Early adopters preparing for
coexistence
“Mainstream”
2
Who?
•Large Enterprises
•Small-Medium Enterprises
1
2
3
5
6
7
4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
• Based on Timeframe/Use case
• Core-to-Edge – Fewer things to touch
• Edge-to-Core – Challenging but doable
• Internet Edge – Business continuity
Servers
Branch Branch
WAN
DC Access
DC Aggregation
DC/Campus Core
Campus Block
ISP ISP
Internet Edge
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Tunneling
Services
Connect Islands of IPv6 or IPv4
IPv4 over IPv6 IPv6 over IPv4
Dual Stack
Recommended Enterprise Co-existence strategy
Translation Services
IPv4
IPv6
Business Partners
Internet consumers
Remote
Workers
International Sites
Government Agencies
IPv6
IPv4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
• Dual Stack = Two protocols running at the same time (IPv4/IPv6)
• #1 requirement—switching/ routing platforms must support hardware based forwarding for IPv6
• Expect to run the same IGPs as with IPv4
Dual-stack Server
L2/L3
v6-Enabled
v6- Enabled
v6-Enabled
v6- Enabled
IPv6/IPv4 Dual Stack Hosts
v6- Enabled
v6- Enabled
Aggregation Layer (DC)
Access Layer (DC)
Access Layer
Distribution Layer
Core Layer
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
• Provides ability to rapidly deploy IPv6 services without touching existing network
• Provides tight control of where IPv6 is deployed and where the traffic flows (maintain separation of groups/locations)
• Get lots of operational experience with limited impact to existing environment – Ideal for Pilot
• challenges – Lots of tunneling
• 1) Leverage existing ISP block for both IPv4 and IPv6 access
• 2) Use dedicated ISP connection just for IPv6—Can use FW on router or dedicated appliance
Primary ISATAP Tunnel
Secondary ISATAP Tunnel
ISATAP
IPv6 Service Block
Inte
rne
t
Dedicated FW
FW on router
Data Center Block
VLAN 2
WAN/ISP Block
IPv4-only Campus Block
Agg Layer
VLAN 3
2
1
Access Layer
Dist. Layer
Core Layer
Access Layer
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
IPv6
Internet
IPv4-only Host
Server Load Balancer Stateful NAT64
IPv6
IPv4
IPv6
Internet
IPv4-only Host
IPv6
IPv4
IPv6
Internet
IPv4-only Host
Proxy
IPv6
IPv4
-Apache
ReverseProxy
-MSFT
PortProxy
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
• Establish the network starting point
• Importance of a network assessment and available tools
• Build a pilot or lab environment
• Obtain addressing or use ULA or documentation prefix (in lab)
• Learn the basics (DNS, routing changes, address assignment)
Pre-Deployment
Phases
Deployment
Phases
• Transport considerations for integration
• Internet Edge (ISP, Apps)
• Campus IPv6 integration options
• Data Center integration options
• WAN IPv6 integration options
• Execute on gaps found in assessment
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Early
Adopters
Globalization
IPv6 Government
Mandate Deadlines
IPv4/IPv6
Co-existence
High Risk Low Risk Moderate Risk
2010 2012 2014
Transition
Planning
2011: Internet Evolution begins – ―…IPv6 is important to all of us (…) to everyone around the world, It is crucial to our ability to tie together everyone and every device”. John Chambers
•2012: Mandates take effect – Transition to IPv6 forces customers to acquire product or managed services to sustain business and customer reach
IPv6 Business Impact – The Cost of Waiting Goes Up
• 2010: Low Impact – Buying behavior shift
limited to mandated and early adopter sites
• 2014: IPv6 is mainstream – customers without transition
infrastructure experience reduced service levels, diminished
customer reach, increase operational complexity
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 11
IPv6 SP core Deployment Options
SP Core Infrastructures – 2 Basic Paths
Native IPv4 core with associated services
L2TPv3, QoS, Multicast, …
MPLS with its associated services
MPLS/VPN, L2 services over MPLS, QoS, …
IPv6 in Native IPv4 Environments
Tunneling IPv6-in-IPv4
Native IPv6 with Dedicated Resources
Dual-Stack IPv4 and IPv6
IPv6 in MPLS Environments
6PE
6VPE
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 12
IPv4 SP BB
SP IPv4 Core: Tunnelling IPv6 in IPv4
Tunnelling Options
Manual Tunnels (RFC 2893), GRE Tunnels (RFC 2473), L2TPv3, …
IPv6 Site A
IPv6 Site B
IPv6 SP
IPv6 IX
U N I V E R S I T YU N I V E R S I T Y
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 13
SP IPv4 Core: Native IPv6 over Dedicated Data Link
ISP Scenario
Dedicated Data Links between Core routers
Dedicated Data Links to IPv6 Customers
Connection to an IPv6 IX
IPv6
IPv4
Service Provider ATM Backbone with
IPv4 and IPv6 Services
IPv6 IX
Internet
Campus IPv4 and IPv6 VLANs
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 14
SP IPv4 Core: Dual Stack IPv4 and IPv6
All P + PE routers are capable of IPv4+IPv6 support
IPv4/IPv6 Core
CE
IPv6 IPv4
PE P P PE CE
IPv4
IPv6
IPv6 configured interface
IPv4 configured interface
Some or all interfaces in cloud dual configured
IPv6 + IPv4 Core
IPv4 + IPv6 Edge IPv4 and/or IPv4 edge Dual Stack App
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 15
Carrier-Grade IPv6 Solutions – CGv6 for SP Access
NAT444
Softwires
6rd
AFT64
DS-Lite
4rd
dIVI
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 16
SP Access: Public IPv4 Exhaustion with NAT444 Solution
Everything is IPv4
NAT44 at CPE
Additional NAT44 in SP core
CGN NAT44 multiplexes several customers onto the same public IPv4 address
Core Edge Aggregation Access
IP/MPLS
Residential
Private IPv4 (SP Assigned domain) Private IPv4 (Subs.)
Public IPv4
NAT44 CGN
NAT44
NAT44
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 17
Core Edge Aggregation Access
IP/MPLS
Residential
SP network is IPv4
Dual-Stack IPv4/IPv6 customer network
IPv4oPPPoE or IPv4oE Termination on IPv4-only BNG
L2TPv2 softwire between RG and IPv6-dedicated L2TP Network Server (LNS)
NAT used for IPv4
IPv4oPPPoE or IPv4oE
IPv6oPPPoL2TPv2
SP Access: IPv6 over L2TP softwires
IPv4 BNG IPv6 LNS
Broadband Forum WT-242: Getting to Dual Stack
RG
RG
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 18
SP network is IPv4
Customer network is Dual Stack
Automatic Prefix Delegation on 6rd CE, using ISP IPv6 Prefix
IPv6 encapsulated in IPv4 in the SP network
IPv6 addresses are by embedding IPv4 addresses
Simple, stateless, automatic IPv6-in-IPv4 encap and decap functions on 6rd (CE & BR)
NAT used for IPv4
Core Edge Aggregation Access
IP/MPLS
Residential
SP Access: IPv6 over IPv4 via 6rd (RFC 5569)
6rd BR
6rd BR
6rd CE
6rd CE
IPv4/v6 IPv4/v6 IPv4
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 19
SP Access: Connecting IPv6-only with IPv4-only: AFT64
Entire ISP network is IPv6 only
Endpoints are IPv6 only
AFT64 is used for IPv6 only client to talk to IPv4 Internet or IPv4 Datacenter
Core Edge Aggregation Access
IP/MPLS
Residential
IPv6 ONLY connectivity
NAT64
IPv4 ONLY
DNS64
Public IPv4 Internet
IPv4 Datacenter
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 20
SP Access: IPv4 via IPv6 using DS-Lite
ISP network is IPv6 only
Customer network is Dual Stack
IPv4 over IPv6 Tunnel (Stateful)
CGN doing NAT44 for IPv4 traffic
Core Edge Aggregation Access
IP/MPLS
Residential
IPv6 IPv4/v6
CGN NAT44
B4
B4
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 21
IPv6
Internet IPv4 Internet
End User End User
SP Access: 4rd and Transition Strategy from 6rd
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Advanced IPv6 22
2001:beef:1.1.1.1:3:007::
Boundary
Router
Public IPv4
Gateway (L3) Residential Edge
IPv6 or
IPv6+IPv4
or 6PE Public IPv6
NAT64 NAT446
dIP 8.8.8.8
sPort 5555
dIP 8.8.8.8
sPort 1034
dIP
2001:DB80:FF:8.8.8.8
sPort
1034
dIP 8.8.8.8
sPort 1034
dIP 1.1.1.1
sPort 80
dIP
2001:DB80:FF:1.1.1.1:3002::
sPort
80
dIP 1.1.1.1
sPort 80
dIP 192.168.0.5
sPort 80
NAT44
NAT46
NAT64
NAT46
NAT64
NAT44
SP Access: Dual IVI (dIVI)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Establish IPv6
project
management
team
2
4
6 8
10
Evaluate effect
on business
model
1
Decide on IPv6
Architecture
Strategy
3
5
7
9
Business Case Identified/Justified
Assess network including
hardware and software
Applications and back end operations
Obtain IPv6 Prefix
Develop Addressing Plan
Develop Security Plan
Develop Adoption Timelines
Develop Cost Analysis
Develop procurement Plan
Test Solution with
applications , network
management for
first deployment.
Develop IPv6
exception
strategy
Create Detailed
Design for phase 1
Train Engineering and
Operations on Technology
and Solution in place
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Next Steps For IPv6 Adoption
Share your IT priorities
Visit Cisco booth and tick-your priorities in our feedback
form
Contact Cisco rep-
Vinod Patani – [email protected] ; 9899105886
Chinna Pellacuru , [email protected]
Get started with IPv6 Adoption Workshop
Thank you.