CR01-U4-2 Transicion ipv4 a ipv6.pdf
Transcript of CR01-U4-2 Transicion ipv4 a ipv6.pdf
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
1/27
Conectividad de Redes-U4-2
2013-02
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
2/27
Transicin entre IPv4 a IPv6
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
3/27
Transicin IPv4 a IPv6Tecnicas para el periodo de transicin entre IPv4 y IPv6:
Dual-stack :
Los computadoras y dispositivos de red ambos corren IPv4 e IPv6 al mismo
tiempo.
Emplea mucho reciurso y sobrecarga en la red.
Tunneling : Aisla la red IPv6 y lo conecta a travs de una infraestructura IPv4 empleando
tunnels.
Solo los dispositivos de borde requieren dual-stacked.
La escalabilidad puede ser un problema si muchos tunnels son creados.
Translation :
Un traductor convierte IPv6 en IPv4 y viseversa.
Solo permite comunicarse dispositivos IPv6 con dispositivos IPv4.
La escalabilidad puede ser un problema ya que requiere mucho recurso.
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
4/27
Transicin IPv4 a IPv6
Dual-stack Tunneling
Manual
Manual IPv6 Tunnel
GRE IPv6 Tunnel
Dynamic 6to4 Tunnel
IPv4-Compatible IPv6 Tunnel (deprecated)
ISATAP Tunnel
Translation
Static NAT-PT for IPv6
Dynamic NAT-PT for IPv6
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
5/27
Dual Stack
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
6/27
Dual Stack
Integration method in which a node has connectivity to both an IPv4 and IPv6
network
Node has two protocol stacks.
A dual-stack node chooses which stack to use based on destination address: Prefers IPv6 when available
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
7/27
Dual Stack
R1 is configured as dual-stacked.
FastEthernet 0/0 interface has two addresses on it:
IPv4
IPv6
For both protocols the addresses on R1 and R2 are on the same network.
IPv4: 10.10.10.1/24 IPv4: 10.10.10.2/24
IPv6: 2001:12::1/64 IPv6: 2001:12::2/64
R1(config)# inter fa 0/0
R1(config-if)# ip add 10.10.10.1 255.255.255.0
R1(config-if)# ipv6 add 2001:12::1/64
R1(config)# show ip interface fa 0/0
FastEthernet0/0 is up, line protocol is up
Internet address is 10.10.10.1/25
Broadcast address is 255.255.255.255
R1(config)# show ipv6 interface fa 0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::219:56FF:FE2C:9F60
Global unicast address(es):
2001:12::1, subnet is 2001:12::/64
Joined group address(es):
FF02::1
FF02::2
R1 R2
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
8/27
Dual Stack
IPv4: 10.10.10.1/24 IPv4: 10.10.10.2/24
IPv6: 2001:12::1/64 IPv6: 2001:12::2/64R1 R2
A drawback of dual stacking is the resources required within eachdevice configured with both protocols.
The device must keep dual routing tables, routing protocol topology
tables, etc.
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
9/27
Tunneling
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
10/27
Tunneling
Tunneling IPv6 Inside IPv4 Packets
This enables the connection of IPv6 islands without the need to convert
the intermediary network to IPv6. Tunnels can be either manually or automatically configured.
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
11/27
Tunneling
Isolated Dual-Stack
Tunneling can also be done between a host and a router,
The encapsulated tunnel connects the host to the edge router of
the IPv6 network.
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
12/27
Tunneling
Some tunneling terminology can be explained using this example:
IPv4 is the transport protocol, the protocol over which the tunnel is created.
IPv6 is the passenger protocol, the protocol encapsulated in the tunnel and
carried through the tunnel.
Another protocol is used to create the tunnel, and is known as the tunnelingprotocol.
An example of such a protocol is Ciscos Generic Routing Encapsulation (GRE)
protocol.
Encapsulates the passenger protocol.
12
Packet
IPv6
Header
IPv4
Header
GRE
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
13/27
Manual IPv6 Tunnel
Simulates a permanent link between two IPv6 domains over an IPv4
backbone.
Physical interfaces may also be used as the tunnel source and
destination interfaces, which also have IPv4 addresses. Best practice is to use loopback interfaces
The end routers implementing a manual tunnel must be dual-stacked
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
14/27
Manual IPv6 Tunnel
IPv6 DataIPv6HeaderIPv4Header Protocol41
IPv6 DataIPv6
Header
20 bytes
IPv6 Manual Tunnel
IPv6 DataIPv6
Header
Manually tunneling IPv6 inside of IPv4 uses IPv4 protocol 41 and adds a 20-byteIPv4 header (if there are not any options in the header) before the IPv6 header
and payload (data).
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
15/27
Manual IPv6 Tunnel
IPv6 DataIPv6
Header
IPv4
Header
Protocol
4120 bytes
The IPv6 communication can be made secure with the use of IPsec:
Confidentiality
Integrity Authentication
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
16/27
Manual IPv6 Tunnel
There are two IPv6 networks:,
13::/64 and 24::/64 Separated by an IPv4-only network.
IPv4 RIP is running between R1 and R2 to provide connectivity between the
loopback interface networks.
Successful ping and a display of R1s IPv4 routing table.
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
17/27
Manual IPv6 Tunnel
Objective is to provide full connectivity between the IPv6 islands over the IPv4-only infrastructure.
Since the tunnel does not have an IPv4 address, the no ip address command is used.
The appropriate loopbackaddress is used as the tunnel source
Its IPv4 address will be the source address for the tunnel.
IPv4 is functioning here as the encapsulation protocol and as the transport protocol.
The tunnel destination is the IPv4 address of the other router.
The tunnel mode command defines the encapsulation;
Manual IPv6 tunnel with IPv6 as the passenger protocol
R1(config)# inter tunnel 12
R1(config-if)# no ip address
R1(config-if)# ipv6 address 12::1/64
R1(config-if)# tunnel source loopback 101
R1(config-if)# tunnel destination 10.2.2.2
R1(config-if)# tunnel mode ipv6ip
R2(config)# ipv6 unicast-routing
R2(config)# interface tunnel 12
R2(config-if)# no ip address
R2(config-if)# ipv6 address 12::2/64
R2(config-if)# tunnel source loopback 102
R2(config-if)# tunnel destination 10.1.1.1
R2(config-if)# tunnel mode ipv6ip
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
18/27
Translation
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
19/27
Translation
NAT-PT is a translation mechanism that sits between an IPv6 network and an IPv4
network.
The job of the translator (which of course can be a Cisco IOS router) is to:
Translate IPv6 packets into IPv4 packets and vice versa
More than an address translator: it is really aprotocol translator.
A
R1
D
NAT-PT
IPv6
Network192.168.2.1 IPv4 Network
2001:DB8:FFFF:1::1 192.168.30.1
Source Address: 2001:DB8:FFFF:1::1
Destination address: 2001:DB8:FFFF:FFFF::A
Source Address: 192.168.2.2
Destination address: 192.168.30.1
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
20/27
Transicin IPv4 a IPv6
NAT-PT is another powerful transitiontechnique, but is not a replacement for the
other techniques, such as dual-stack and
tunneling, discussed so far in this chapter.
Used in situations where direct communication
between IPv6-only and IPv4-only networks is
desired. It would not be appropriate in situations where
connectivity between two IPv6 networks is
required, since two points of translation would
be necessary, which would not be efficient or
effective.
With NAT-PT, all configuration and translation isperformed on the NAT-PT router; the other
devices in the network are not aware of the
existence of the other protocols network, nor
that translations are occurring.
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
21/27
Transicin IPv4 a IPv6 DNS is crucial in real-life NAT-PT architectures,
because applications initiate traffic from hosts,and DNS translates domain names to IP
addresses.
Since DNS requests may cross the NAT-PT
router, a DNS application layer gateway (ALG) is
typically implemented in NAT-PT routers to
facilitate the name-to-address mapping. The DNS-ALG translates IPv6 addresses in DNS
queries and responses into their IPv4 address
bindings, and vice versa, as DNS packets traverse
between IPv6 and IPv4 domains.
NAT-PT uses a 96-bit IPv6 network prefix to
direct all IPv6 traffic that needs to be translatedto the NAT-PT router.
This prefix can be any routable prefix within the
IPv6 domain; IPv6 routing must be configured
such that all IPv6 packets addressed to this prefix
are routed to the NAT-PT device.
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
22/27
Static NAT-PT for IPv6
R4 and R2 need to communicate; R4 only has an IPv6 address and R2 only has anIPv4 address.
Two static NAT-PT translations are configured on router R1 to allow
bidirectional traffic between the two devices.
Both the source and destination addresses in both directions will be translated.
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
23/27
Transicin IPv4 a IPv6
the ipv6 nat v6v4 source command is used to configure the mapping between R4s IPv6 source
address (14::4) and the IPv4 address that R4 appears as in the IPv4 world (172.16.123.100).
Notice that 172.16.123.100 is a valid address on the subnet between R1 and R2; it is an unused IP
address on the destination subnet, so R1 does not need to advertise a new subnet to R2.
Traffic coming from R4 will therefore look like it is coming from this R1-R2 subnet.
shows the ipv6 nat v4v6 source command, used to configure the mapping for return traffic
between R2s IPv4 source address (172.16.123.2) and the IPv6 address that R2 appears as in the IPv6
world (1144::1).
This IPv6 address does not exist in the IPv6 world; it is an unused address selected to represent IPv4
devices in the IPv6 world;
it is on the NAT-PT prefix, which is configured next.
R1(config)# interface serial 0/0/0
R1(config-if)# ipv6 add 14::1/64R1(config-if)# ipv6 nat
R1(config)# interface serial 0/1/0
R1(config-if)# ip add 172.16.123.1 255.255.255.0
R1(config-if)# ipv6 nat
R1(config)# ipv6 nat v6v4 source 14::4 172.16.123.100
R1(config)# ipv6 nat v4v6 source 172.16.123.2 1144::1
R1(config)# ipv6 nat prefix 1144::/96
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
24/27
Transicin IPv4 a IPv6
Traffic destined to this prefix received on R1 will be translated.
In this example, 1144::/64 is the NAT-PT prefix selected; it identifies all destinations on the
IPv4-only network.
As the example shows, you must configure a 96-bit prefix length.
This is because 32-bit IPv4 addresses are translated into 128-bit IPv6 addresses;
the difference is 128-32 = 96 bits, so this is the required number of bits in the prefix.
Notice that this ipv6 nat prefix command creates a connected route in R1s routing table.
R1(config)# interface serial 0/0/0
R1(config-if)# ipv6 add 14::1/64
R1(config-if)# ipv6 nat
R1(config)# interface serial 0/1/0
R1(config-if)# ip add 172.16.123.1 255.255.255.0
R1(config-if)# ipv6 nat
R1(config)# ipv6 nat v6v4 source 14::4
172.16.123.100
R1(config)# ipv6 nat v4v6 source 172.16.123.21144::1
R1(config)# ipv6 nat prefix 1144::/96
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
25/27
Transicin IPv4 a IPv6
displays the output of the
show ipv6 route connected
command, confirming that the
NAT-PT 96-bit prefix is there.
Notice that this prefix is
directly connected to the
interface NVI0;
NVI is a NAT virtual interface
and exists to allow NAT traffic
flows.
R1# show ipv6 route static
C 13::/64 [1/0]
via FastEthernet0/0, directly connected
C 14::/64 [1/0]
via Serial0/0/0, directly connected
C 1144::/96 [0/0]
via NV10, directly connected
R1#
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
26/27
Transicin IPv4 a IPv6
So, on R1, the redistribute connected command (with a seed metric of
3) is entered under the RIPng process.
R4 now has a route to the 1144 prefix and can forward traffic to it.
R1(config)# interface serial 0/0/0
R1(config-if)# ipv6 add 14::1/64
R1(config-if)# ipv6 nat
R1(config)# interface serial 0/1/0
R1(config-if)# ip add 172.16.123.1 255.255.255.0
R1(config-if)# ipv6 nat
R1(config)# ipv6 nat v6v4 source 14::4 172.16.123.100
R1(config)# ipv6 nat v4v6 source 172.16.123.2 1144::1
R1(config)# ipv6 nat prefix 1144::/96
R1(config)# ipv6 router rip NAT-PT
R1(config-rtr)# redistribute connected metric 3
R4# show ipv6 route rip
R 13::/64[120/2]
via FE80::1, Serial 1/1.7
R 1144::/96 [120/4]
via FE80::1, Serial 1/1.7
R4#
-
7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf
27/27
Transicin IPv4 a IPv6
Successful ping is sent from R4 to 1144::1, the IPv6 address representing R2;
two static translation entries: 172.16.123.100 to 14::4, and 172.16.123.2 to 1144::1, as well as the
ICMP entry created for the ping.
R1(config)# interface serial 0/0/0
R1(config-if)# ipv6 add 14::1/64
R1(config-if)# ipv6 nat
R1(config)# interface serial 0/1/0
R1(config-if)# ip add 172.16.123.1 255.255.255.0
R1(config-if)# ipv6 nat
R1(config)# ipv6 nat v6v4 source 14::4 172.16.123.100
R1(config)# ipv6 nat v4v6 source 172.16.123.2 1144::1
R1(config)# ipv6 nat prefix 1144::/96
R1(config)# ipv6 router rip NAT-PT
R1(config-rtr)# redistribute connected metric 3
R1# show ipv6 nat translations
Prot IPv4 source IPv6 source
IPv4 destination IPv6 destination
--- --- ---
172.16.123.2 1144::1icmp 172.16.123.100, 7364 14::4, 7364
172.16.123.2, 7364 1144::1, 7364
172.16.123.100 14::4
R4# ping 1144::1
!!!!!
R4#