Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
BRKCRT-2000
Agenda
Introduction
IPv6 Basics
IPv6 Addressing Best Practices
BRKCRT-2000
Cisco Public
BRKCRT-2000
Cisco Public
Create a redistribution implementation plan based upon the results from a redistribution analysis
Create a redistribution verification plan
Configure a redistribution solution
Verify that a redistribution was implemented
Document results of a redistribution implementation and verification plan
Identify the differences between implementing an IPv4 and IPv6 redistribution solution
BRKCRT-2000
Cisco Public
Cisco Public
IPv6 Basics
Short History Of IP
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
BRKCRT-2000
Cisco Public
Example: abf1:dc71:0000:0000:0000:8375:7887:1109:0510
BRKCRT-2000
Cisco Public
10
IPv6 Addresses
IPv6 addresses are 128 bits long
8 groups of four HEX characters
Interface ID
Network Portion
nnnn:nnnn:nnnn: ssss:
Global Routing Prefix
3 bits
48 bits
2400:0000:134A:
xxxx:xxxx:xxxx:xxxx
Subnet ID
48 64
bits
00A1:
Host
0000:0000:0000:8A21
Cisco Public
11
Abbreviated Format
BRKCRT-2000
Cisco Public
12
Multicast
One to many (assigned grouping)
Example: Video Server to a group of clients
Anycast
One to many (assigned grouping)
Could be used to find nearest service
NO BROADCAST IN IPv6
BRKCRT-2000
Cisco Public
14
Unspecified SRC
Loopback
Loop Back Address
IPv4: 127.0.0.1
IPv6: ::1/128
Multicast
Link-local unicast
Unique local unicast
Global unicast
BRKCRT-2000
Binary Prefix
IPv6 Notation
00 0 (128 bits)
::/128
00 1 (128 bits)
::1/128
1111 1111
FF00::/8
1111 1110 10
FE80::/10
1111 110
FC00::/7
Everything else
Cisco Public
15
Cisco Public
16
:0xxx
/32
:xxxx
/48
/64
:ssss
Interface ID
Cisco Public
17
RFC4941
Address Allocation
ISP are being allocated /32s
Customer are being allocated /48s
Same as /16 in v4 terms
BRKCRT-2000
Cisco Public
18
Cisco Public
19
IANA
2000::/3
/48
BRKCRT-2000
2000::/3
Registries
/12
/32
Provider Independent
ISP
Org
Level Four
Enterprise
Cisco Public
/12
20
/48
IPv6 Aggregation
Customer A
ASEAN ISP
2401:04A0:0001:/48
2401:04A0::/32
Customer B
2401:04A0:0002:/48
BRKCRT-2000
Only
announces
the /32
prefix
APNIC
Region of the
IPv6 Internet
2400::/12
Cisco Public
21
IPv6 Multihoming
BRKCRT-2000
Cisco Public
22
Cisco Public
23
0010 0100 0000 0001: 1110 0100 1111 1111:| 0001 0000 0000 0000
0010 0100 0000 0001: 1110 0100 1111 1111:| 0001 1111 1111 1111
If you only wanted to support residential customers there are aprox.16,7 Million /56s in
an entire /32 LIR allocation(24 bits)
BRKCRT-2000
Cisco Public
24
/48
/52
4096
subnets
Then you wish to divide out /56s from the /52 for departments
2401:04A8:0000 : 00 | 00 : 0000 0000 or 2401:04A8::/5
2401:04A8:0000 : FF | ff : 0000 0000 or 2401:04A8:1f00::/56
/32
/48
/56 256
subnets
8 bits for local subnets per department gives 256 networks per department of
a nearly unlimited # of hosts (64bits for hosts!)
BRKCRT-2000
Cisco Public
25
BRKCRT-2000
Cisco Public
26
IPv6 Notation
Unspecified
00 0 (128 bits)
::/128
Loopback
00 1 (128 bits)
::1/128
Multicast
1111 1111
FF00::/8
1111 1110 10
FE80::/10
1111 110
FC00::/7
Everything else
Link-local unicast
Unique local unicast
Global unicast
BRKCRT-2000
Cisco Public
27
BRKCRT-2000
Cisco Public
28
Link-Local
Global
BRKCRT-2000
Cisco Public
29
Cisco Public
30
BRKCRT-2000
Meaning
Scope
FF02::1
All nodes
Link-local
FF02::2
All routers
Link-local
FF02::9
Link-local
FF02::1:FFXX:XXXX
Solicited-node
Link-local
FF05::101
Site-local
FF05::1:3
All-DHCP servers
Site-local
Cisco Public
31
33
33
0B
AD
Multicast Prefix
for Ethernet
Multicast
BRKCRT-2000
Cisco Public
32
BE
EF
Subnetting Techniques
Similar to IPv4 Subnetting
Make address meaningful!
Base Address on Location
Type of Service
User community
BRKCRT-2000
Cisco Public
33
Subneting Example
We are assigned 2011:0524:0000:0000::/48
Goal: Divide this into eight subnets.
Solution use bits 49, 50, and 51 as the subnet bits
First Three Bits of the first character in the fourth group
2011:0524:0000:0000::/48
BRKCRT-2000
Cisco Public
34
Subnet
BRKCRT-2000
Subnet
Binary
Group
Binary
HEX
000
0000
001
0010
010
0100
011
0110
100
1000
Cisco Public
35
2011:0524:0000:8000::/48
2011:0524:0000:A000::/48
2011:0524:0000:C000::/48
2011:0524:0000:E000::/48
BRKCRT-2000
Cisco Public
36
ICMPv6
Required for IPv6 to work properly - MUST NOT BE FILTERED!!!!
Completely Changed note new header type
Now includes IGMP
Types organized as follows 0-127 error messaging and 128-255
informational messaging
1 4 Error messages
128 129 Ping
130 132 Group membership
133 137 Neighbor discovery
BRKCRT-2000
Cisco Public
38
Description
Destination Unreachable
Time Exceeded
Parameter Problem
128
Echo Request
129
Echo Reply
130
131
132
133
Router Solicitation
134
Router Advertisement
135
Neighbor Solicitation
136
Neighbor Advertisement
137
Redirect
BRKCRT-2000
Cisco Public
39
NUD
Redirects
Address Resolution (equivalent to ARP)
BRKCRT-2000
Cisco Public
40
Cisco Public
41
Autoconfiguration
IPv6 hosts can configure their own addresses automatically
Similar in function to IPv4 DHCP
Two methods:
Stateless autoconfiguration
Stateful autoconfiguration
BRKCRT-2000
Cisco Public
42
Router Advertisement
Used to configure hosts
Periodically sent to the all-nodes multicast group
Also sent in response to a router solicitation message
Options can contain:
Layer 2 address of the advertising router
On-link prefixes and lifetimes
MTU
Type=134
Code
Checksum
Hop Limit M O RSV
Router lifetime
Reachable Time
Retransmit Timer
Options
32 bits
BRKCRT-2000
Cisco Public
43
Router Solicitation
Sent by hosts to locate on-link routers
Usually sent to the all-routers multicast group
Source address can be:
Unspecified
Local address
Code
Checksum
Reserved
Options
32 bits
BRKCRT-2000
Cisco Public
44
Stateless Autoconfiguration
Host 1
Send NS
My address is unique!
Send RS
No routers!
Try stateful configuration
Link-local only
BRKCRT-2000
Cisco Public
45
Stateless Autoconfiguration
Build link-local address
Join all-nodes multicast group
Join solicited node multicast group
Send NS
My address is unique!
Send RS
Send RA
Build on-link addresses
BRKCRT-2000
Cisco Public
46
Stateful Autoconfiguration (1 of 2)
Build link-local address
Join all-nodes multicast group
Join solicited node multicast group
Send own NS
My address is unique!
Send RS
Send RA
(M bit = 0, O bit = 1)
Build on-link addresses
BRKCRT-2000
Cisco Public
47
Stateful Autoconfiguration (2 of 2)
Send DHCP request
to FF05::1:3 (All DHCP Servers)
Send DHCP reply
(Unicast)
Read options and configure
parameters
BRKCRT-2000
Cisco Public
48
Windows 7
Windows 7 Microsoft rebuilt the IPv6 stack for this release
Supports:
Selects IPv6 by default
Neighbor discovery
DHCPv6
Tunneling: ISATAP, Teredo, 6to4
Cisco Public
49
Windows 7 doesnt use the EUI-64 technique by default when forming its interface identifier, but
uses their randomly-generated interface identifiers
C:\>netsh int ipv6 sh addr
Interface 1: Loopback Pseudo-Interface 1
BRKCRT-2000
Cisco Public
MAC OS X
Mac OS X 10.7 (supported from 10.4 onwards)
Mac OS X IPv6 stack is based on the KAME project (http://www.kame.net/)
Supports:
IPv6 enabled by default
GUI preferences tool or /usr/sbin/ip6 # ip6 a | # ip6 x
To accept Router Advertisements
sysctl -w net.inet6.ip6.accept_rtadv=1
BRKCRT-2000
Cisco Public
51
Cisco Public
52
https://ripe64.ripe.net/presentations/78-2012-04-16-ripe64.pdf
BRKCRT-2000
Cisco Public
53
Concluding Thoughts
IPv6 is simply an address change at layer-3. So why is it so
complicated?
This stuff was supposedly finalized in 2000. So why are their new
RFCs and working groups forming every day to figure this stuff out?
Most OSs (x)NIXs implemented SLACC and thought they were
done. Not enough great support yet for DHCPv6
We will have to suffer through behavior changes until the end of
IPv4. My prediction is 10 yrs from now we will be about 85-95% fully
converted to IPv6
BTW we will have another round of issues to fight when we start
trying to reach IPv4 legacy resources via IPv6 only hosts at the tail
end of this decade of conversion
BRKCRT-2000
Cisco Public
54
IPv6 Multicast
IPv4 Solution
IPv6 Solution
32-bit, Class D
PIM-DM, PIM-SM,
PIM-SSM, PIM-bidir, PIM-BSR
PIM-SM, PIM-SSM,
PIM-bidir, PIM-BSR
IGMPv1, v2, v3
MLDv1, v2
Boundary, Border
Scope Identifier
Addressing Range
Routing
Forwarding
Group Management
Domain Control
Interdomain Solutions
Embedded RP
BRKCRT-2000
Cisco Public
57
PIMv6
Ipv6 multicast-routing
Ipv6 pim rp-address (ipv6#)
Ipv6 pim anycast-rp address (anycast#) (peer addr#)
BRKCRT-2000
Cisco Public
58
Quality of Service
IPv6 QoS
Same architectural models as IPv4
Differentiated Services (Traffic Class field)
Integrated Services (RSVP)
Version
Traffic Class
Payload Length
Flow Label
Next Header
Source Address
Transition
Mapping between IPv6 DSCP & IPv4 ToS or MPLS EXP
BRKCRT-2000
Cisco Public
60
Destination Address
Hop Limit
BRKCRT-2000
Cisco Public
61
IPv6 Security:
Access-List Filtering
Known extension headers (HbH, AH, RH, MH, destination, fragment) are scanned
until:
Layer 4 header found
Unknown extension header is found
No VLAN ACL
Port ACL on Nexus-7000, Cat 3750 (12.2(46)SE), Cat 4K (12.2(54)SG),
Cat 6K (12.2(33)SXI4)
BRKCRT-2000
Cisco Public
63
BRKCRT-2000
Cisco Public
64
others
ipv6 access-list MY_ACL
remark basic anti-spoofing
permit any 2001:db8:2c80:1000::1/128
deny 2001:db8:2c80:1000::/64 any
interface Serial 0
ipv6 traffic-filter MY_ACL in
IPv6 Internet
Serial 0
Prefix: 2001:db8:2c80:1000::/64
BRKCRT-2000
Cisco Public
65
BRKCRT-2000
Cisco Public
66
Cisco Public
67
switchport
ipv6 traffic-filter ACCESS_PORT in
Cisco Public
68
Concept
IPv6 uses a separate routing table than IPv4
Routed vs- Routing Protocols
Routed Protocols transmit Payload
Routing Protocols transmit Path
Routed Protocols do not change
Example: HTTP and SMTP
BRKCRT-2000
Cisco Public
70
Ping (ipv6-addr)
BRKCRT-2000
Cisco Public
71
L2 to L3 Mapping
Dont forget that this is another protocol!
BRKCRT-2000
Cisco Public
72
HSRP
Standby
GLBP for v6
GLBP
AVG,
AVF
GLBP
AVF,
SVF
BRKCRT-2000
Cisco Public
73
BRKCRT-2000
Cisco Public
74
RA
interface FastEthernet0/0
R1
ipv6 nd prefix 3000:b00:c18:1::/64
Fa0/0
LAN1: 3000:b00:c18:1::/64
Fa0/0
RA
BRKCRT-2000
43200 43200
interface FastEthernet0/0
ipv6 nd prefix 3000:b00:c18:1::/64 43200 43200
ipv6 nd ra-lifetime 0
interface FastEthernet0/1
R2
ipv6 nd prefix 3000:b00:c18:2::/64
Fa0/1
LAN2: 3000:b00:c18:2::/64
Cisco Public
75
43200 43200
Prefix Renumbering
Router configuration after renumbering:
interface FastEthernet0/0
ipv6 nd prefix 3ffe:b00:c18:1::/64 43200 0
ipv6 nd prefix 3ffe:b00:c18:2::/64 43200
OR:
interface FastEthernet0/0
ipv6 nd prefix 3ffe:b00:c18:1::/64 at Sep 1 2012 23:59 Sep 1 2012 23:59
ipv6 nd prefix 3ffe:b00:c18:2::/64 43200 43200
Hosts:
Router advertisements
with expiration dates
Autoconfigured
IPv6 hosts
BRKCRT-2000
Cisco Public
76
Concluding Thoughts
Subnetting in IPv6 is actually easier than IPv4
Only a few Bit boundaries to worry about:
/32 LIR (ISP) allocations
/48 Enterprise allocations
/56 Residential allocations
BRKCRT-2000
Cisco Public
77
OSPF
IS-IS
EIGRP
BGP
For all intents and purposes, IPv6 IGPs are similar to their IPv4 counterparts
IPv6 IGPs have additional features that could lead to new designs
BRKCRT-2000
Cisco Public
78
Routing Protocols
Static Routes
Multitopology IS-IS
Unicast
Multicast
BGP
Authentication
BGP peering to IPv6 endpoints
IPv6 routes over IPv4 peering
IPv6 Prefix Limits
Interface counters
Graceful Restart and NSR
Routing Policy
IPv6 multicast scoping
IPv6 address family
IPv6 prefixes
IPv6 route destination address
BFD
RIPng
OSPFv3
IPv6 EH authentication
Overloading
BFD (9.3)
IS-IS
Authentication
BRKCRT-2000
Cisco Public
79
Routing Protocols
MPLS Protocols
IPv6 Tunneling over MPLS LSPs
RSVP-TE for IPv6 (not scheduled yet)
LDP for IPv6 (not scheduled yet)
IPv6 PIM
MPLS VPNs
6PE, 6VPE
VRF Table-label
L3VPN Multicast
NG MVPN: IPv6 multicast (2H2009)
BRKCRT-2000
Cisco Public
80
BRKCRT-2000
Cisco Public
82
Static Options
All static parameters are optional
Parameters are like any other static route
R1(config)#ipv6 route 2300:0106:aa23::/48 fa0/0 ?
<1-254>
Administrative distance
X:X:X:X::X
multicast
nexthop-vrf
tag
Tag value
unicast
<cr>
BRKCRT-2000
Cisco Public
83
Routing Policy
Configured in the same way as routing policy for IPv4
Similar match conditions and actions
Create policy first
then apply to inteface (PBR), neighbor (BGP), or routing protocol
BRKCRT-2000
Cisco Public
84
OSPFv3
Changes from OSPFv2
BRKCRT-2000
Cisco Public
86
OSPFv3
Per Link Processing
IPv6 uses the term link instead of network or subnet to indicate communication
Interfaces connect to links
Adjacencies are formed on link local addresses
BRKCRT-2000
Cisco Public
87
OSPFv3
Flooding Scope
Each LSA now contains two bits indicating the flooding scope
AS scope, LSA is flooded throughout the AS
Area scope, LSA is flooded only within an area
Link-local scope, LSA is flooded only on the local link
BRKCRT-2000
Cisco Public
88
OSPFv3
Flooding Scope
BRKCRT-2000
LSA Name
LS Type code
Flooding scope
Router LSA
0x2001
Area scope
Network LSA
0x2002
Area scope
Inter-Area-Prefix-LSA
0x2003
Area scope
Inter-Area-Router-LSA
0x2004
Area scope
AS-External-LSA
0x4005
AS scope
Group-membership-LSA
0x2006
Area scope
Type-7-LSA
0x2007
Area scope
Link-LSA
0x0008
Link-local scope
Intra-Area-Prefix-LSA
0x2009
Area scope
Cisco Public
89
OSPFv3
Handling Unknown LSA Types
Each LSA now contains an unknown LSA bit
0: Treat this LSA as a link local
1: Store and flood this LSA even if you dont understand it
BRKCRT-2000
Cisco Public
90
OSPFv3
Virtual Link Requirements
At least one global/unique local IPv6 address in the transit area
OSPFv3 normally sends LSAs with a link local source address
This wont work over a virtual link the packet needs to be forwarded through the intervening area
BRKCRT-2000
Cisco Public
91
OSPFv3
Authentication
OSPFv3 currently only supports IPsec for authentication
Group keying is painful for IPsec
There is current work in GDOI and other spaces to make group keying work better for this space
There is current work in the OSPF working group to allow HMAC-SHA and other forms
of in packet authentication
BRKCRT-2000
Cisco Public
92
OSPFv3
Configuration & Show Example
Router1#
interface POS1/1
ipv6 address 2001:410:FFFF:1::1/64
ipv6 enable
ipv6 ospf 100 area 0
Area 1
interface POS2/0
ipv6 address 2001:B00:FFFF:1::2/64
ipv6 enable
ipv6 ospf 100 area 1
ipv6 router ospf 100
router-id 10.1.1.3
Router2#
interface POS3/0
ipv6 address 2001:B00:FFFF:1::1/64
ipv6 enable
ipv6 ospf 100 area 1
Cisco Public
2001:b00:ffff:1::2/64
POS 2/0
POS 1/1
2001:410:ffff:1::1/64
Area 0
POS 3/0
2001:b00:ffff:1::1/64
93
OSPFv3
BRKCRT-2000
Cisco Public
94
Area 1
POS 3/0
2001:b00:ffff:1::1/64
2001:b00:ffff:1::2/64
POS 2/0
POS 1/1
2001:410:ffff:1::1/64
Area 0
OSPFv3
Cisco Public
95
2001:b00:ffff:1::2/64
POS 2/0
POS 1/1
2001:410:ffff:1::1/64
Area 0
BRKCRT-2000
POS 3/0
2001:b00:ffff:1::1/64
OSPFv3
BRKCRT-2000
Cisco Public
96
POS 3/0
2001:b00:ffff:1::1/64
2001:b00:ffff:1::2/64
POS 2/0
POS 1/1
2001:410:ffff:1::1/64
Area 0
Same As OSPFv2
Similarities:
BRKCRT-2000
Cisco Public
97
Enabled on an interface
R1(config-if)# ipv6 ospf (#) area-id (#)
R1(config-if)# ipv6 ospf (#) neighbor (addr)
BRKCRT-2000
Cisco Public
98
BRKCRT-2000
Cisco Public
99
BRKCRT-2000
Cisco Public
100
Router ID Selection
Router ID selection:
IPv6 networks preserve the 32-bit router ID
This is not an IPv4 address, it just looks like one!
You can set RID manually under routing-options, although an existing IPv4 address
can be used
The Junos OS uses the first non-127/8 address it finds as the RID
lo0 is the first interface activated, so a non-127/8 configured here serves as the RID
If the Junos software does not find a suitable address on lo0, it examines the next interface
activated (normally fxp0)
IPv6 functionality should not depend on another protocol being configured, so set RID
manually!
BRKCRT-2000
Cisco Public
101
MP-BGP Basics
Si
Si
AS 101
Peering
Si
AS 201
Si
Si
AS 301
Path Vector Protocol
Carries sequence of AS numbers indicating path
Cisco Public
103
Router ID
When no IPv4 is configured, an explicit bgp router-id needs to be configured
This is needed as a BGP Identifier, this is used as a tie breaker, and is sent within the
OPEN message
BRKCRT-2000
Cisco Public
104
Router A
:1
router bgp 1
no bgp default ipv4 unicast
2001:db8:ffff:2/64
:2
AS 2
B
BRKCRT-2000
Cisco Public
105
To make BGP-4 available for other network layer protocols, RFC 2858
(obsoletes RFC 2283) defines multi-protocol extensions for BGP-4
Enables BGP-4 to carry information of other protocols e.g MPLS,IPv6
New BGP-4 optional and non-transitive attributes:
MP_REACH_NLRI
MP_UNREACH_NLRI
BRKCRT-2000
Cisco Public
106
BRKCRT-2000
Cisco Public
107
The value of the length of the next hop field on MP_REACH_NLRI attribute is
set to 16 when only global is present and is set to 32 if link local is present as
well
Link local address as a next-hop is only set if the BGP peer shares the subnet
with both routers (advertising and advertised)
A
B
AS1 AS2
BRKCRT-2000
Cisco Public
108
BGP Overview
Path-vector EGP that uses multiple path attributes to select the active route
Originally designed for IPv4
Extended to carry additional information
Multicast
VPNs
IPv6
MBGP specifications
Multiprotocol extensions for BGP-4
RFC 4760January 2007
BRKCRT-2000
Cisco Public
109
IPv6-specific extensions:
Scoped addresses: NEXT_HOP contains a global IPv6 address and potentially a linklocal address (only when there is link-local reachability with the peer)
NEXT_HOP and NLRI are expressed as IPv6 addresses and prefixes in the
multiprotocol attributes
BRKCRT-2000
Cisco Public
110
BRKCRT-2000
Cisco Public
111
BRKCRT-2000
Cisco Public
112
[Connections]
Neighbor 10.1.1.4 remote-as 1001
Neighbor 10.1.1.4 update-source loopback 0
address-family ipv4
Neighbor 10.1.1.4 route-map Bob in
Neighbor 10.1.1.4 activate
Neighbor 10.1.1.4 send-community
Network 10.1.100.0 mask 255.255.255.0
Network 10.1.101.0 mask 255.255.255.0
Redistribute static
BRKCRT-2000
Cisco Public
113
BRKCRT-2000
Cisco Public
114
MBGP Configuration
Router1
Router2
AS 65001
AS 65002
3ffe:b00:c18:2:1::F
3ffe:b00:c18:2:1::1
Router1#
interface FastEthernet0/0
ipv6 address 3FFE:B00:C18:2:1::F/64
router bgp 65001
no bgp default ipv4-unicast
neighbor 3FFE:B00:C18:2:1::1 remote-as 65002
address-family ipv6
neighbor 3FFE:B00:C18:2:1::1 activate
neighbor 3FFE:B00:C18:2:1::1 prefix-list bgp65002in in
neighbor 3FFE:B00:C18:2:1::1 prefix-list bgp65002out out
exit-address-family
BRKCRT-2000
Cisco Public
115
3FFE:0B00:0001::/48
3FFE:0300::/32
3FFE:0B00::/24
Router1#
router bgp 65001
no bgp default ipv4-unicast
neighbor 3FFE:B00:C18:2:1::1 remote-as 65002
address-family ipv6
neighbor 3FFE:B00:C18:2:1::1 activate
neighbor 3FFE:B00:C18:2:1::1 prefix-list bgp65002in in
neighbor 3FFE:B00:C18:2:1::1 prefix-list bgp65002out out
network 3FFE:B00::/24
exit-address-family
ipv6 prefix-list bgp65002in seq 5 permit 3FFE::/16 le 24
ipv6 prefix-list bgp65002out seq 5 permit 3FFE::/16 le 24
BRKCRT-2000
Cisco Public
116
Router2
3ffe:b00:c18:2:1::1
AS
router bgp 65001
no bgp default ipv4-unicast
neighbor 3FFE:B00:C18:2:1::1 remote-as 65002
neighbor 3FFE:B00:C18:2:1::2 remote-as 65003
address-family ipv6
neighbor 3FFE:B00:C18:2:1::1 activate
neighbor 3FFE:B00:C18:2:1::2 activate
neighbor 3FFE:B00:C18:2:1::1 prefix-list Legal in
neighbor 3FFE:B00:C18:2:1::2 prefix-list Legal in
network 3FFE:B00::/24
exit-address-family
ipv6 prefix-list
ipv6 prefix-list
ipv6 prefix-list
ipv6 prefix-list
BRKCRT-2000
Cisco Public
117
AS 65002
65001
3ffe:b00:c18:2:1::1
AS 65003
3ffe:b00:c18:2:1::2
Configuration EIGRP
hostname R1
!
ipv6 unicast-routing
!
interface Loopback0
no ip address
ipv6 address 1010:AB8::/64 eui-64
ipv6 enable
ipv6 eigrp 1
!
ipv6 router eigrp 1
router-id 2.2.2.2
no shutdown
!
BRKCRT-2000
Cisco Public
118
Troubleshooting
show ipv6 eigrp events
show ipv6 eigrp interfaces
show ipv6 eigrp neighbors
BRKCRT-2000
Cisco Public
119
Tunnels
Bypass firewalls (protocol 41 or UDP)
Can cause asymmetric traffic (hence breaking stateful firewalls)
BRKCRT-2000
Cisco Public
121
Host security controls should block and inspect traffic from both IP versions
Host intrusion prevention, personal firewalls, VPN
clients, etc.
IPv6 HDR
IPv6 Exploit
Cisco Public
122
BRKCRT-2000
Cisco Public
123
BRKCRT-2000
Cisco Public
124
IP address
to
hostname
BRKCRT-2000
IPv6
A record:
AAAA record:
www.abc.test. A
192.168.30.1
www.abc.test. AAAA
2001:db8:C18:1::2
PTR record:
PTR record:
1.30.168.192.in-addr.arpa.
PTR
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.
1.c.0.
8.b.d.0.1.0.0.2.ip6.arpa. PTR
www.abc.test.
www.abc.test.
Cisco Public
125
DNS Server
DNS Request (h.root-servers.net) (QTYPE=A)
H.ROOT-SERVERS.NET. 210892
IN
BRKCRT-2000
Cisco Public
126
128.63.2.53
DNS Server
DNS Request (h.root-servers.net) (QTYPE=AAAA)
IPv6 AAAA Response (2001:500:1::803f:235 )
H.ROOT-SERVERS.NET. 210892
IN
AAAA
BRKCRT-2000
Cisco Public
127
2001:500:1::803f:235
I prefer IPv6
addresses
H.ROOT-SERVERS.NET. 210892
H.ROOT-SERVERS.NET. 210892
IN
IN
AAAA
A
2001:500:1::803f:235
128.63.2.53
BRKCRT-2000
Cisco Public
128
DNS
Server
Cisco Public
129
IN
AAAA
2001:DB8::1:DD48:AB34:D07C:3914
Cisco Public
130
IN
PTR
2.
3.
4.
5.
6.
7.
LLMNR support
8.
9.
Cisco Public
131
DNS Issues
Upgrade DNS servers to support IPv6
Adding AAAA record for a specific server to the DNS Server requires ALL
services to be IPv6 aware
LDAP or AD IPv6 Aware
All Services running on the Server
BRKCRT-2000
Cisco Public
132
Forward Lookups
Uses AAAA records for assign IPv6 addresses to names.
Multiple addresses possible for any given name for example, in a multihomed situation.
Can assign A records and AAAA records to a given name/domain.
BRKCRT-2000
Cisco Public
133
Upstream Support
How to get IPv6?
Tunnel Brokers
Hurricane Electric
RoutintHouse.com
SixXS
Others: http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers
6 to 4 Gateway
BRKCRT-2000
Cisco Public
134
You can submit an entry for more than one of your favorite speakers
Dont forget to follow @CiscoLive and @CiscoPress
View the official rules at http://bit.ly/CLUSwin
BRKCRT-2000
Cisco Public
135
Description
Cisco Certification
This course covers the implementation of routing protocols (OSPF, ISIS, BGP), route manipulations, and high availability routing features
within SP IP NGN environments.
Cisco Public
136
Description
Cisco Certification
Configure, implement and troubleshoot local and widearea IPv4 and IPv6 networks. Also available in self study
eLearning format with Cisco Learning Lab.
Cisco Public
137
BRKCRT-2000
Cisco Public
138
BRKCRT-2000
Cisco Public
139