Dual Stack

cu.ipv6tf.org

Dual Stack

IPv6 Transition

Tony Hain

Cisco Systems

ahain@cisco.com

Session Number

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

1


Outline

Business Case

Deployment Tool Set

Environments

Strategy

Session Number

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

2


Transition Variables

• Business Requirements

Time frame required to meet a set of business requirements

Need for applications to communicate between administrative domains

New functions that can exist without extensive access to legacy IPv4 nodes

Mission critical applications that must interoperate with legacy nodes

• Network Security Requirements

Firewall support for both IPv4 & IPv6

Telecommuters and Mobile Node access methods

• Availability of software & hardware upgrades for existing nodes

Source code availability for custom applications

• Order and rate for IPv6 deployment within a network

Current use of IPv4 private addresses and NAT

Provider support for IPv6

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

3


Outline

Business Case

Deployment Tool Set

Environments

Strategy

Session Number

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

4


IPv4-IPv6 Transition / Co-Existence

A wide range of techniques have been identified and

implemented, basically falling into three categories:

(1) Dual-stack techniques, to allow IPv4 and IPv6 to

co-exist in the same devices and networks

(2) Tunneling techniques, to avoid order dependencies when

upgrading hosts, routers, or regions

(3) Translation techniques, to allow IPv6-only devices to

communicate with IPv4-only devices

Expect all of these to be used, in combination

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

5


Tools – Dual Stack

IPv6 Enabled

Internet

• Primary tool

• Allows continued 'normal'

operation with IPv4-only nodes

• Address selection rules generally

prefer IPv6

• DSTM variant allows temporary

use of IPv4 pool

IPv6 Enabled

IPv4-Only

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

6


Dual Stack Approach

Legacy Application

IPv6-enable

Application

Preferred method on

Application’s servers

TCP

UDP

TCP

UDP

IPv4 IPv6

0x0800 0x86dd

Data Link (Ethernet)

IPv4 IPv6

0x0800 0x86dd

Data Link (Ethernet)

Frame

Protocol ID

Dual stack node means:

Both IPv4 and IPv6 stacks enabled

Applications can talk to both

Choice of the IP version is based on name lookup and application

preference

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

7


Dual-Stack Approach

• When adding IPv6 to a system, do not delete IPv4

this multi-protocol approach is familiar and

well-understood (e.g., for AppleTalk, IPX, etc.)

note: in most cases, IPv6 will be bundled with

new OS releases, not an extra-cost add-on

• Applications (or libraries) choose IP version to use

when initiating, based on DNS response:

prefer scope match first, when equal scope IPv6 over IPv4

when responding, based on version of initiating packet

• This allows indefinite co-existence of IPv4 and IPv6, and

gradual app-by-app upgrades to IPv6 usage

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

8


Dual Stack Approach & DNS

www.a.com

= * ?

IPv4

DNS

Server

3ffe:b00::1

10.1.1.1

• In a dual stack case, an application that:

Is IPv4 and IPv6-enabled

Asks the DNS for all types of addresses

IPv6

3ffe:b00::1

Chooses one address and, for example, connects to the IPv6

address

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

9


Cisco IOS Dual Stack Configuration

IPv6 and IPv4

Network

Dual-Stack

Router

IPv4: 192.168.99.1

router#

ipv6 unicast-routing

interface Ethernet0

ip address 192.168.99.1 255.255.255.0

ipv6 address 2001:410:213:1::/64 eui-64

IPv6: 2001:410:213:1::/64 eui-64

• Cisco IOS is IPv6-enable:

If IPv4 and IPv6 are configured on one interface, the router is

dual-stacked

Telnet, Ping, Traceroute, SSH, DNS client, TFTP,…

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

10


Tools – Tunneling

IPv6 Enabled

• Nodes view IPv4 network as a

logical NBMA link-layer

• May be used in conjunction with

dual-stack

Internet

IPv4-Only

IPv6 Enabled

Note: Tunnels may be end to middle as shown, or middle to middle, or end to end.

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

11


IPv6 over IPv4 Tunnels

IPv6 Header

Transport

Header

Data

IPv6

Host

IPv6

Network

Dual-Stack

Router

IPv4

Dual-Stack

Router

IPv6

Network

IPv6

Host

IPv4 Header

Tunnel: IPv6 in IPv4 packet

IPv6 Header

Transport

Header

Data

• Tunneling is encapsulating the IPv6 packet in the IPv4

packet

• Tunneling can be used by routers and hosts

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

12


Tunneling Mechanisms (operationally challenging)

• Configured

Prearranged addresses for both IPv4 & IPv6, manually

configured

• Tunnel Broker

Builds on configured tunnel via IPv4 auth scheme to

establish mapping ; typically default route

• 6over4

Any address, but requires IPv4 multicast for ND

• Automatic

Host-to-host – IPv4 address embedded in low 32 bits with

prefix ::/96

deprecated as it requires injecting IPv4 BGP table into IPv6 routing

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

13


Tunneling Mechanisms (primary set)

• 6to4

Automatic prefix allocation based on public IPv4

• ISATAP

Intra-site automatic tunneling with any prefix

• Teredo

IPv6 over UDP/IPv4 to traverse NAT

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

14


Manually Configured Tunnel (RFC 2893)

IPv6

Network

Dual-Stack

Router1

IPv4

Dual-Stack

Router2

IPv6

Network

router1#

IPv4: 192.168.99.1

IPv6: 3ffe:b00:c18:1::3

IPv4: 192.168.30.1

IPv6: 3ffe:b00:c18:1::2

router2#

interface Tunnel0

ipv6 address 3ffe:b00:c18:1::3/64

tunnel source 192.168.99.1

tunnel destination 192.168.30.1

tunnel mode ipv6ip

interface Tunnel0

ipv6 address 3ffe:b00:c18:1::2/64

tunnel source 192.168.30.1

tunnel destination 192.168.99.1

tunnel mode ipv6ip

Presentation_ID

• Manually Configured tunnels require:

Dual stack end points

Both IPv4 and IPv6 addresses configured at each end

© 2003 Cisco Systems, Inc. All rights reserved.

15


IPv4 Compatible Tunnel (RFC 2893)

Dual-Stack

Router

IPv4

Dual-Stack

Router

IPv4: 192.168.99.1

IPv6: ::192.168.99.1 IPv4: 192.168.30.1

IPv6: ::192.168.30.1

• IPv4-compatible addresses are easy way to

autotunnel, but it:

May be deprecated soon

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

16


6to4 Tunnel (RFC 3056)

Presentation_ID

2002

/16

IPv6

Network

Network prefix:

2002:c0a8:6301::/48

• 6to4 Tunnel:

Public IPv4

address

E0

© 2003 Cisco Systems, Inc. All rights reserved.

SLA

/48 /64

6to4

Router1

IPv4

Is an automatic tunnel method

Gives a prefix to the attached

IPv6 network

2002::/16 assigned to 6to4

Requires one global IPv4 address

on each Ingress/Egress site

6to4

Router2

192.168.99.1 192.168.30.1

= =

Interface ID

E0

IPv6

Network

Network prefix:

2002:c0a8:1e01::/48

router2#

interface Loopback0

ip address 192.168.30.1 255.255.255.0

ipv6 address 2002:c0a8:1e01:1::/64 eui-64

interface Tunnel0

no ip address

ipv6 unnumbered Ethernet0

tunnel source Loopback0

tunnel mode ipv6ip 6to4

ipv6 route 2002::/16 Tunnel0

17


6to4 Relay

IPv6

Network

Network prefix:

2002:c0a8:6301::/48

6to4

Router1

192.168.99.1

router1#

interface Loopback0

ip address 192.168.99.1 255.255.255.0

ipv6 address 2002:c0a8:6301:1::/64 eui-64

interface Tunnel0

no ip address

ipv6 unnumbered Ethernet0

tunnel source Loopback0

tunnel mode ipv6ip 6to4

ipv6 route 2002::/16 Tunnel0

ipv6 route ::/0 2002:c0a8:1e01::1

=

IPv4

6to4

Relay

IPv6

Network

IPv6 address:

2002:c0a8:1e01::1

• 6to4 relay:

IPv6

Internet

Is a gateway to the rest of

the IPv6 Internet

Default router

Anycast address (RFC 3068) for

multiple 6to4 Relay

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

18


Tunneling issues

• IPv4 fragmentation needs to be reconstructed at tunnel

endpoint.

• No translation of Path MTU messages between IPv4 & IPv6.

• Translating IPv4 ICMP messages and pass back to IPv6

originator.

• May result in an inefficient topology.

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

19


Tunneling issues II

• Tunnel interface is always up. Use routing protocol to

determine link failures.

• Be careful with using the same IPv4 source address for

several tunneling mechanisms. Demultiplexing incoming

packets is difficult.

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

20


Tools – BGP tunnel

IPv6

Island

IPv4-only

core

• Service provider can incrementally

upgrade PE routers with active

customers

• Sites are connected to Dual Stack

MP-BGP-speaking edge router

• Transport across the IPv4 core can

be any tunneling mechanism

IPv6

Island

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

21


IPv6 Provider Edge Router (6PE) over MPLS

2001:0620::

v6

MP-iBGP sessions

v6

2001:0420::

145.95.0.0

v4

6PE

P

P

6PE

v6

2001:0421::

Dual Stack IPv4-IPv6 routers

Dual Stack IPv4-IPv6 routers

2001:0621::

192.76.10.0

v6

v4

CE

CE

6PE

P

IPv4

MPLS

P

6PE

CE

v4

192.254.10.0

• IPv4 or MPLS Core Infrastructure is IPv6-unaware

• PEs are updated to support Dual Stack/6PE

• IPv6 reachability exchanged among 6PEs via iBGP (MP-BGP)

• IPv6 packets transported from 6PE to 6PE inside MPLS

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

22


Tools – Translation

IPv6 Enabled

Internet

• Tool of last resort

• Allows for the case where some

components are IPv6-only while

others are IPv4-only

• Pay attention to scaling properties

• Same application issues as

IPv4/IPv4 translation

IPv4-Only

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

23


IPv6-IPv4 Translation Mechanisms

• Stateful

NAT-PT (RFC 2766)

requires ALG for each

application

TRT TCP-UDP Relay

(RFC 3142)

SOCKS-based Gateway

(RFC 3089)

IGMP / MLD proxy

Joins opposing groups &

maps addresses

• Stateless

SIIT

Address & protocol

translation

BIS (Bump-In-the-Stack)

Augmentation between

IPv4 stack & device

driver (RFC 2767)

BIA (Bump-In-the-API

Supports IPv4 apps

over IPv6 stack

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

24


NAT-PT Overview

IPv4-only

network

ipv6 nat prefix 2010::/96

NAT-PT

IPv6-only

network

IPv4 Host

172.16.1.1

Presentation_ID

2

Src: 172.17.1.1

Dst: 172.16.1.1

3

Src: 172.16.1.1

Dst: 172.17.1.1

© 2003 Cisco Systems, Inc. All rights reserved.

IPv6 Host

2001:0420:1987:0:2E0:B0FF:FE6A:412C

1

Src: 2001:0420:1987:0:2E0:B0FF:FE6A:412C

Dst: PREFIX::1

4

Src: PREFIX::1

Dst: 2001:0420:1987:0:2E0:B0FF:FE6A:412C

PREFIX is a 96-bit field that allows routing back to

the NAT-PT device

25


Translation

• May prefer to use IPv6-IPv4 protocol translation for:

new kinds of Internet devices (e.g., cell phones, cars,

appliances)

benefits of shedding IPv4 stack (e.g., serverless autoconfig)

• This is a simple extension to NAT techniques, to translate

header format as well as addresses

IPv6 nodes behind a translator get full IPv6 functionality when

talking to other IPv6 nodes located anywhere

they get the normal (i.e., degraded) NAT functionality when

talking to IPv4 devices

drawback : minimal gain over IPv4/IPv4 NAT approach

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

26


Configuring Cisco IOS NAT-PT

.200

LAN2: 192.168.1.0/24

NATed prefix 2010::/96

LAN1: 2001:2::/64

2001:2::1

DNS

.100

Ethernet-2

Ethernet-1

Network Address Translation-Protocol Translation

RFC 2766

• IP Header and Address translation

• Support for ICMP and DNS embedded translation

• Auto-aliasing of NAT-PT IPv4 Pool Addresses

interface ethernet-1

ipv6 address 2001:2::10/64

ipv6 nat prefix 2010::/96

ipv6 nat

!

interface ethernet-2

ip address 192.168.1.1 255.255.255.0

ipv6 nat

!

ipv6 nat v4v6 source 192.168.1.100 2010::1

!

ipv6 nat v6v4 source route-map map1 pool v4pool1

ipv6 nat v6v4 pool v4pool1 192.168.2.1 192.168.2.10

prefix-length 24

!

route-map map1 permit 10

match interface Ethernet-1

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

27


Outline

Business Case

Deployment Tool Set

Environments

Strategy

Session Number

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

28


Transition environments

Dual Stack

Enterprise

WAN: 6to4, IPv6

over IPv4, Dual Stack

Aggregation

6to4 Relay

IPv6 over IPv4 tunnels or

Dedicated data link layers

Cable

IPv6 over IPv4 Tunnels

Residential

6Bone

DSL,

FTTH,

Dial

Telecommuter

IPv6 over IPv4 tunnels

or Dual stack

Dual Stack or MPLS & 6PE

ISATAP

IPv6 over IPv4 tunnels or

Dedicated data link layers

IPv6 IX

ISP’s

Presentation_ID

Enterprise

© 2003 Cisco Systems, Inc. All rights reserved.

29


Environments

Service Provider

Unmanaged

Enterprise

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

30


Environments – Unmanaged

• No administrative staff to manage

configuration or policies

• Devices need to be plug-n-play

appliances

• Network & hosts share

administrative policies

• Tool automation a primary

concern

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

31


Issues

• ISP offers IPv6 service

Edge device acquires a prefix to redistribute

• ISP still IPv4-only service

(may be due to device limitations like docsis modems)

Tunneling required

Prefix from tunnel broker or automated 6to4/Teredo

• If no auto-tunnel to native relays, may need both

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

32


PROLIANT

PROLIANT

PROLIANT

PROLIANT

1850R

1850R

1850R

1850R

SD

SD

SD

SD

Environments – Managed Enterprise

• Dedicated management staff &

tools

Campus Network

• Network & hosts share

administrative policies

• Applications will likely require

recertification

WAN

Campus Network

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

33


Managed networks differentiation

Single geographic region, single administration & policy

Multiple geographic regions, single administration & policy

Multiple geographic regions, multiple administrations & policy

Use of public network for transit service

Simple routed case looks like multi-multi above

VPN tunneled case would look like multi-single w/circuit setup

New enterprise, looking to avoid a transition

Deployment order - All at once by definition

For each of the 5 categories consider

Deployment order - Hosts & Apps first vs. Network first

ISP offering - IPv4-only IPv4 & IPv6 IPv6-only

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

34


Infrastructure concerns

• Critical Applications

• Addressing : Dynamic vs. controlled

• DNS : Dynamic vs. controlled

Public visibility of name space

• AAA : Internal & external

Mobility of road warrior & telecommuters

Mobility of nodes within the enterprise

• ICMP : PMTU & neighbor discovery

• Management tools

Trust between host & network management teams

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

35


Multiple Address Issues

Renumbering simplified as old & new can overlap

Privacy addresses reduce attack profile

Preferred vs. valid lifetimes

Improper configuration could lead to 100’s per interface

Diagnostics require more effort

TE via addressing limits multi-homing flexibility

Site-local allows internal stability

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

36


Routing Issues

• Allocations of ::/48 should allow self aggregation by

organizations with multiple IPv4 prefixes

• Tunneling

Decouples network from end system deployment

Multicast less efficient

• Native service

May require hardware upgrades

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

37


PROLIANT

PROLIANT

PROLIANT

PROLIANT

1850R

1850R

1850R

1850R

SD

SD

SD

SD

Environments – Managed Service Provider

Tunnel Relay

AAA

DNS

SMTP

NAT-PT

Backbone

Peer SP

• Dedicated management staff & tools

• Network has different administrative

policies than connected hosts or

networks

• Interaction with Peer networks may

require translation

• Services as Dual-stack

• Distributed tunnel relay service

minimizes overhead

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

38


Address Allocation Issues

• From Regional Registries

::/32 minimum

• To Customers

HD ratio based on .8 utilization of ::/48s

::/48 Prefix delegation via DHCPv6

(normal customer allocation)

::/64 Prefix delegation via RA or DHCPv6

(for single subnet sites, ie: 802.11 hotspots)

• RFC 3041 addresses allow end system anonymity as

they move between networks, but the allocated prefix

still allows customer identification for LI conformance

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

39


Routing Issues

• Allocations should allow massive aggregation

Current allocation policy all PA based, so global BGP table

should approach number of origin AS’s

• Multi-homed sites still an unsolved problem

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

40


DNS Issues

Dual-stack servers

• Consistency of the client and referral chain

• IPv6 glue records

• Sub-domain delegation to consumer

customers?

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

41


SMTP Issues

Dual-stack MTAs

• Consistency of clients and MX to A/AAAA

mappings

• Broken DNS servers return 'nxdomain' for missing

AAAA

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

42


Outline

Business Case

Deployment Tool Set

Environments

Strategy

Session Number

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

43


How Do we Get There from Here?

• Network managers must include IPv6 as a

core element of their deployment

strategy.

Applications must become protocol

agnostic

• IPv4 & IPv6 will coexist for the

foreseeable future

No network wide Flag Day

• Education & Careful Planning are crucial.

How long does it take to make changes in

the environment?

• IPv4 & IPv6 implementations must be

scalable, reliable, secure and feature rich.

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

Strategy that reflects this …

Starting with Edge upgrades enable IPv6 service offerings now

44


Strategy - Value to early deployment

• Allows early customer needs to help shape

vendor priorities

• Enables smooth interaction with global

economic partners motivated by limited

IPv4 allocations

• Allows managing the pace of local action

before the inevitable urgency arises

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

45


Strategy - Value in caution

• Allows others to work through early

implementation inconsistencies

• Allows extended development and testing

time for custom applications

• Allows normal life-cycle replacements to

establish a capability baseline before

turning on IPv6

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

46


Strategy - Value in transition tools

• Primary approach of dual-stack enables

independent deployment of applications in

line with local business need

• Tunneling tools decouple decisions about

application & end system deployment from

infrastructure deployment

• Transition tools allow timing upgrades as

part of a normal life-cycle plan, or to

optimize investments

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

47


Impediments to IPv6 deployment

Applications

Applications

Applications

The time to move to the new APIs is NOW

The most interesting applications will address business

models that are not possible (or costly due to escalating

operational complexity) using IPv4.

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

48


Summary

• Audit for business requirements and impacts

• Multiple transition technologies enable a wide

variety of situations

Dual-stack is the primary approach

Tunneling decouples end-system & infrastructure timing

Translation as last resort - only when absolutely necessary

• Environment characteristics will dictate technology

• Production use of IPv6 is controlled by applications

that are using the new APIs.

Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

49


Questions?

© 2000, Cisco Systems, Inc.

Presentation_ID © 2003 Cisco Systems, Inc. All rights reserved.

50


Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

51


Presentation_ID

© 2003 Cisco Systems, Inc. All rights reserved.

52

More magazines by this user
Similar magazines