Salman Asadullah Cisco Distinguished EngineerIPv6 Forum Fellow
Service Provider IPv6 Deployment
© 2011 Cisco and/or its affiliates. All rights reserved. 2
Cisco Support Community – Expert Series Webcast Today’s featured expert is Cisco Distinguished Engineer
and IPv6 Forum Fellow, Salman Asadullah
Salman has co-authored several books and RFCsincluding ―Deploying IPv6 in Broadband Access Networks – ISBN # 0470193389‖
Ask him questions now about Service Provider IPv6Deployment
Salman Asadullah2
© 2011 Cisco and/or its affiliates. All rights reserved. 3
Thank You for Joining Us Today
Today’s presentation will include audience polling questions
We encourage you to participate!
© 2011 Cisco and/or its affiliates. All rights reserved. 4
Thank You for Joining Us Today
If you would like a copy of the presentation slides, click the PDF link in the chat box on the right or go to:https://supportforums.cisco.com/community/netpro/network-infrastructure/ipv6-transition
Or, https://supportforums.cisco.com/docs/DOC-21124
© 2011 Cisco and/or its affiliates. All rights reserved. 5
Polling Question 1
a) I know basic IPv6 concepts, but no idea about IPv6 SP Deployment.
b) I know IPv6 SP Deployment concept however do not have any practical experience.
c) I know most of the IPv6 SP Deployment topics, issues and have deployment experience.
d) I’m THE IPv6 SP Deployment Guru.
What is your level of experience in IPv6 SP Deployment?
© 2011 Cisco and/or its affiliates. All rights reserved. 6
Submit Your Questions Now
Use the Q&A panel to submit your questions. Experts will start responding those
Salman Asadullah, Cisco Distinguished Engineer
Service Provider IPv6 Deployment
© 2011 Cisco and/or its affiliates. All rights reserved. 8
Agenda
SP IPv6 Integration Strategy
IPv6 in Core Networks and Deployment Models
Native IPv4 Environments
MPLS Environments
IPv6 Addressing Considerations
IPv6 Multi-homing Considerations
Carrier-Grade IPv6 Solutions – CGv6
Conclusion
Service Provider IPv6 Integration Strategy
© 2011 Cisco and/or its affiliates. All rights reserved. 10
Growing Internet Challenge & EvolutionMoving to 3 IP Address Families: Public IPv4, Private IPv4, IPv6
PublicIPv4
PrivateIPv4
IPv6
PublicIPv4
PrivateIPv4
2011 2012 2020+
Today v4 run out
Preserve IPv4
IPv4/IPv6 Coexistence Infrastructure
Services & Applications running over IPv6
IPv6 Internet
© 2011 Cisco and/or its affiliates. All rights reserved. 11
IPv6 Integration and Co-Existence
Many ways to deliver IPv6 services to End Users, Most important is End to End IPv6 traffic forwarding as applications are located at the edge
SP may have different deployment needs and mechanisms but basic steps are common
IPv6 Addressing Scheme
Routing Protocol(s)
IPv6 Services - QoS, Multicast, DNS, …
Security
Network Management
Resources are shared between the two protocols for both Control and Forwarding Plane. Evaluate processor utilization and memory needs
Most vendors have good IPv6 HW forwarding performance
IPv6 in Core Networks and Deployment Models
© 2011 Cisco and/or its affiliates. All rights reserved. 13
IPv6 Deployment Options — CORE
SP Core Infrastructures – 2 Basic Paths
Native IPv4 core with associated services
L2TPv3, QoS, Multicast, …
MPLS with its associated services
MPLS/VPN, L2 services over MPLS, QoS, …
IPv6 in Native IPv4 Environments
Tunneling IPv6-in-IPv4
Native IPv6 with Dedicated Resources
Dual-Stack IPv4 and IPv6
IPv6 in MPLS Environments
6PE
6VPE
IPv6 in Native IPv4 Environments
© 2011 Cisco and/or its affiliates. All rights reserved. 15
IPv4 SP BB
Tunnelling IPv6 in IPv4
Tunnelling Options
Manual Tunnels (RFC 2893), GRE Tunnels (RFC 2473), L2TPv3, …
SP Scenarios
Configured Tunnels in Core
Configured Tunnels or Native IPv6 to IPv6 Enterprise’s Customers
MP-BGP4 Peering with other IPv6 users
Connection to an IPv6 IX
IPv6 Site A
IPv6 Site B
IPv6 SP
IPv6 IX
U N I V E R S I T YU N I V E R S I T Y
© 2011 Cisco and/or its affiliates. All rights reserved. 16
Native IPv6 over Dedicated Data Link
ISP Scenario
Dedicated Data Links between Core routers
Dedicated Data Links to IPv6 Customers
Connection to an IPv6 IX
IPv6
IPv4
Service Provider ATM Backbone with
IPv4 and IPv6 Services
IPv6 IX
Internet
CampusIPv4 and IPv6 VLANs
© 2011 Cisco and/or its affiliates. All rights reserved. 17
Dual Stack IPv4 and IPv6
All P + PE routers are capable of IPv4+IPv6 support
Two IGPs supporting IPv4 and IPv6
Memory considerations for larger routing tables
Native IPv6 multicast support
All IPv6 traffic routed in global space
Good for content distribution and global services (Internet)
IPv4/IPv6Core
CE
IPv6IPv4
PE P P PE CE
IPv4
IPv6
IPv6 configured interface
IPv4 configured interface
Some or all interfaces in clouddual configured
IPv6 + IPv4 CoreIPv4 + IPv6 Edge IPv4 and/or IPv4 edgeDual Stack App
IPv6 in MPLS Environments
© 2011 Cisco and/or its affiliates. All rights reserved. 19
IPv6 over MPLS
Many ways to deliver IPv6 services to end users
Most important is end-to-end IPv6 traffic forwarding
Many service providers have already deployed MPLS in their IPv4 backbone for various reasons
MPLS can be used to facilitate IPv6 integration
Multiple approaches for IPv6 over MPLS:
IPv6 over L2TPv3
IPv6 over EoMPLS/AToM
IPv6 CE-to-CE IPv6 over IPv4 tunnels
IPv6 Provider Edge Router (6PE) over MPLS
IPv6 VPN Provider Edge (6VPE) over MPLS
Native IPv6 MPLS
6PE Overview
© 2011 Cisco and/or its affiliates. All rights reserved. 21
v4
v6 v6
CE
CE
6PE
6PE 6PE
6PE
192.254.10.0
2001:CAFE::
2003:1::
192.76.10.0
145.95.0.0
2001:F00D::
2001:DB8::
Dual Stack IPv4-IPv6 RoutersDual Stack IPv4-IPv6 Routers
v6
v4
v4
v6
CE
IPv6 Provider Edge Router (6PE) over MPLS
IPv6 global connectivity over and IPv4-MPLS core
Transitioning mechanism for providing unicast IP
PEs are updated to support dual stack/6PE
IPv6 reachability exchanged among 6PEs via iBGP (MBGP)
IPv6 packets transported from 6PE to 6PE inside MPLS
iBGP (MBGP) Sessions
IPv4MPLS
P P
P P
© 2011 Cisco and/or its affiliates. All rights reserved. 22
6PE Benefits/Drawbacks
Core network (Ps) untouched
IPv6 traffic inherits MPLS benefits (fast re-route, TE, etc.)
Incremental deployment possible (i.e., only upgrade the PE routers which have to provide IPv6 connectivity)
Each site can be v4-only, v4VPN-only, v4+v6, v4VPN+v6
P routers won’t be able to send ICMPv6 messages (TTL expired, trace route)
Scalability issues arise as a separate RIB and FIB is required for each connected customer
Good solution only for SPs with limited devices in PE role
Cisco 6PE Documentation/Presentations:http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_data_sheet09186a008052edd3.html
6VPE Overview
© 2011 Cisco and/or its affiliates. All rights reserved. 24
6VPE over MPLS
6VPE ~ IPv6 + BGP-MPLS IPv4VPN + 6PE
Cisco 6VPE is an implementation of RFC4659
VPNv6 address:
Address including the 64 bits route distinguisher and the 128 bits IPv6 address
MP-BGP VPNv6 address-family:
AFI ―IPv6‖ (2), SAFI ―VPN‖ (128)
VPN IPv6 MP_REACH_NLRI
With VPNv6 next-hop (192bits) and NLRI in the form of <length, IPv6-prefix, label>
Encoding of the BGP next-hop
VPN YELLOW
VPN YELLOW
VPN BLUE
v4 and v6 VPNVPN BLUE
v6 Only
v6 Only
v4 and v6 VPN
VPN YELLOW
VPN BLUE
v6 Only
v4 and v6 VPN
MPLS VPNs
P P
P P
iBGP (MBGP) Sessions
6VPE
6VPE
6VPE
6VPE
© 2011 Cisco and/or its affiliates. All rights reserved. 25
6VPE Summary
RFC4659: BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN
6VPE simply adds IPv6 support to current IPv4 MPLSVPN offering
For end-users: v6-VPN is same as v4-VPN services (QoS, hub and spoke, internet access, etc.)
For operators:
Same configuration operation for v4 and v6 VPN
No upgrade of IPv4/MPLS core (IPv6 unaware)
Cisco 6VPE Documentation:
http://www.cisco.com/en/US/docs/net_mgmt/ip_solution_center/5.2/mpls_vpn/user/guide/ipv6.html
IPv6 Addressing Considerations
© 2011 Cisco and/or its affiliates. All rights reserved. 27
IPv6 PA Allocation Hierarchy
Site
/48Site
/48
ISP
/32ISP
/32
IANA
2001::/3
APNIC
::/12 to::/23
AfriNIC
::/12 to::/23
ARIN
::/12 to::/23
LACNIC
::/12 to::/23
RIPE NCC
::/12 to::/23
ISP
/32
Site
/48
Site
/48Site
/48
ISP
/32ISP
/32ISP
/32
Site
/48
Site
/48Site
/48
ISP
/32ISP
/32ISP
/32
Site
/48
Site
/48Site
/48
ISP
/32ISP
/32ISP
/32
Site
/48
Site
/48Site
/48
ISP
/32ISP
/32ISP
/32
Site
/48
© 2011 Cisco and/or its affiliates. All rights reserved. 28
Site
/48Site
/48
IPv6 PI Allocation Hierarchy
IANA
2001::/3
APNIC
::/12 to::/23
AfriNIC
::/12 to::/23
ARIN
::/12 to::/23
LACNIC
::/12 to::/23
RIPE NCC
::/12 to::/23
ORG
/48
Site
/48Site
/48ORG
/48
Site
/48Site
/48ORG
/48
Site
/48Site
/48ORG
/48
Site
/48Site
/48ORG
/48
© 2011 Cisco and/or its affiliates. All rights reserved. 29
What type of addressing should I deploy internal to my network? It depends …
Unique Local Addresses (ULA) – FC00::/7
Prefix FC00::/7 is reserved by IANA for ULA (bit 8 determines if locally or centrally assigned, so ULA or ULA-Central)
Global-only – 2000::/3
Recommended approach, but breaks topology hiding
ULA + Global
Allows for the best of both worlds BUT at a price – much more address management with DHCP, DNS, routing and security
Infrastructure Addressing (ULA vs. Global)
© 2011 Cisco and/or its affiliates. All rights reserved. 30
Link Level – Prefix Length Considerations
64 bits
Considered bad practice
64 bits offers more space for hosts than the media can support efficiently
< 64 bits > 64 bits
Address space conservation
Special cases:/126—valid for p2p/127—valid for p2p /128—loopback
Complicates management
Must avoid overlap with specific addresses:Router Anycast (RFC3513)Embedded RP (RFC3956)ISATAP addresses
Recommended by RFC3177 and IAB/IESG
Consistency makes management easy
MUST for SLAAC (MSFT DHCPv6 also)
Significant address space loss (18.466 Quintillion)
© 2011 Cisco and/or its affiliates. All rights reserved. 31
Prefix Allocation Practices
Many SPs offer /48, /52, /56, /60 or /64 prefixes
Enterprise customers receives a /48
Large Enterprises receive one or more /48 prefixes
Small business customers receive /52 or /56
BB customers using DHCP-PD receives /56 or /60
© 2011 Cisco and/or its affiliates. All rights reserved. 32
Polling Question 2
a) Only /64
b) Only /126
c) Only /127
d) There are several, including /64, /126, /127
What is a valid IPv6 prefix length on a point-to-point interfaces?
IPv6 Multi-homing Solutions
© 2011 Cisco and/or its affiliates. All rights reserved. 34
IPv6 Multi-Homing Solutions Traditional Multi-homing (PI)
Advertise address space to multiple transit providers
Longer prefixes to prefer a ISP and/or Load balancing
Large BGP routing table
Dual Address blocks from upstream ISPs (PA)
Receive and utilize address blocks from both ISPs
Overhead and renumbering problems
NAT66/Proxy
Address independence without PI
NAT again?
Multi-homing without NAT or PI
LISP – Network based http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps10800/whitepaper_c11-665752.pdf
Carrie-Grade IPv6 Solutions (CGv6)
© 2011 Cisco and/or its affiliates. All rights reserved. 36
Carrier-Grade IPv6 Solutions – CGv6
NAT444
Softwires
6rd
DS-Lite
AFT64
© 2011 Cisco and/or its affiliates. All rights reserved. 37
Public IPv4 Exhaustion with NAT444 Solution
Short-term solution to public IPv4 exhaustion issues without any changes on RG and SP Access/Aggregation/Edge infrastructure
Subscriber uses NAT44 (i.e. IPv4 NAT) in addition to the SP using CGN with NAT44 within its network
CGN NAT44 multiplexes several customers onto the same public IPv4 address
CGN performance and capabilities should be analyzed in planning phase
Long-term solution is to have IPv6 deployed
Core Edge AggregationAccess
IP/MPLS
Residential
Private IPv4 (SP Assigned domain)Private IPv4 (Subs.)
Public IPv4
NAT44CGNNAT
44
NAT44
© 2011 Cisco and/or its affiliates. All rights reserved. 38
Core Edge AggregationAccess
IP/MPLS
Residential
Dual-Stack IPv4/IPv6 service on RG LAN side
PPPoE or IPv4oE Termination on IPv4-only BNG
L2TPv2 softwire between RG and IPv6-dedicated L2TP Network Server (LNS)
Stateful architecture on LNS, offers dynamic control and granular accounting of IPv6 traffic
Limited investment & impact on existing infrastructure
IPv4oPPPoE or IPv4oE
IPv6oPPPoL2TPv2
IPv6 over L2TP softwires
IPv4 BNGIPv6 LNS
Broadband Forum WT-242: Getting to Dual Stack
RG
RG
© 2011 Cisco and/or its affiliates. All rights reserved. 39
Introduction of two Components: 6rd CE (Customer Edge) and 6rd BR (Border Relay)
Automatic Prefix Delegation on 6rd CE
Simple, stateless, automatic IPv6-in-IPv4 encap and decap functions on 6rd (CE & BR)
IPv6 traffic automatically follows IPv4 Routing
6rd BRs addressed with IPv4 anycast for load-balancing and resiliency
Limited investment & impact on existing infrastructure
Core Edge AggregationAccess
IP/MPLS
Residential
IPv6 over IPv4 via 6rd (RFC 5569)
6rd BR
6rd BR
6rd CE
6rd CE
IPv4/v6 IPv4/v6IPv4
© 2011 Cisco and/or its affiliates. All rights reserved. 40
IPv4 via IPv6 Using DS-Lite (w/NAT44)
Access, Aggregation, Edge and Core migrated to IPv6. NMS/OSS and network services migrated to IPv6 as well (DNS, DHCP)
IPv4 Internet service still available and overlaid on top of IPv6-only network.
Introduction of two Components: B4 (Basic Bridging Broadband Element) and AFTR (Address Family Transition Router)
– B4 typically sits in the RG
– AFTR is located in the Core infrastructure
Assumption: IPv4 has been phased out, IPv6 only Access/aggregation network
Core Edge AggregationAccess
IP/MPLS
Residential
IPv6IPv4/v6
B4
B4
AFTRRG
RG
© 2011 Cisco and/or its affiliates. All rights reserved. 41
Connecting IPv6-Only with IPv4-Only: AFT64
AFT64 technology is only applicable in case where there are IPv6 only end-points that need to talk to IPv4 only end-points (AFT64 for going from IPv6 to IPv4)
AFT64:= ―stateful v6 to v4 translation‖ or ―stateless translation‖, ALG still required
Key components includes NAT64 and DNS64
Assumption: Network infrastructure and services have fully transitioned to IPv6 and IPv4 has been phased out
Core Edge AggregationAccess
IP/MPLS
Residential
IPv6 ONLY connectivity
NAT64
IPv4 ONLY
DNS64
Public IPv4 Internet
IPv4 Datacenter
Conclusions
© 2011 Cisco and/or its affiliates. All rights reserved. 43
Conclusion
Start now rather than later:
• Multiple technology adoption scenarios available!!!
• Purchase for the future and test, test and then test some more
• Start moving legacy application towards IPv6support
• Don’t assume your favorite vendor/app/gear has an IPv6 plan
• Full parity between IPv4 and IPv6 is still a ways off
© 2011 Cisco and/or its affiliates. All rights reserved. 44
Join Cisco IPv6 Support Community!
Free for anyone with Cisco.com registration
Get timely answers to your technical questions
Find relevant technical documentation
Engage with over 200,000 top technical experts
Seamless transition from discussion to TAC Service Request (Cisco customers and partners only)
Visit the Cisco Support Community booth in the World of Solutions for more information
supportforums.cisco.com
supportforums.cisco.mobi
The Cisco Support Community is your one-stop
community destination from Cisco for sharing
current, real-world technical support knowledge
with peers and experts.
© 2011 Cisco and/or its affiliates. All rights reserved. 45
References Books
•Deploying IPv6 in Broadband Access Networks - Adeel Ahmed, Salman Asadullah, John Wiley & Sons Publications®
•Deploying IPv6 Networks - Ciprian Popoviciu, Patrick Grossetete, Eric Levy-Abegnoli, Cisco Press®
• IPv6 Security - Scott Hogg, Eric Vyncke, Cisco Press®
• IPv6 for Enterprise Networks - Shannon McFarland, MuninderSambi, Nikhil Sharma, Sanjay Hooda, Cisco Press®
Sites
•CCO IPv6 Main Page www.cisco.com/go/ipv6
•Cisco Network Design Central www.cisco.com/go/srnd
•www.ietf.org
•www.ipv6forum.org
© 2011 Cisco and/or its affiliates. All rights reserved. 46
Polling Question 3
a) First enable the core for MPLS then deploy MPLS 6PE/6VPEsolution to provide IPv6 services
b) First disable MPLS from the SP core, make it native IPv4 core network, then using GRE tunneling to provide IPv6 services
c) First disable MPLS from the SP core, make it dual-stack core network to provide IPv6 services.
d) There are several techniques available to enable SP core to provide IPv6 services without any disruption and major changes to current IPv4-native or MPLS enabled core. You could use tunneling, dual-stacked, MPLS 6PE/6VPE and others solutions based on your needs and preferences.
In order to enable the SP core to provide IPv6 services which of the following is the right approach?
© 2011 Cisco and/or its affiliates. All rights reserved. 47
Q&A
© 2011 Cisco and/or its affiliates. All rights reserved. 48
We Appreciate Your Feedback!
The first 5 listeners
who fill out the Evaluation Survey
will receive a free:
$20 USD Gift Certificate
To complete the evaluation, please click on link provided in the chat.
If you have additional questions, you can ask them in the
IPv6 Webcast community located at
https://supportforums.cisco.com/community/netpro/network-infrastructure/ipv6-transition
You can watch the video or read the Q&A five business days after the event at
https://supportforums.cisco.com/community/netpro/ask-the-expert/webcasts
© 2011 Cisco and/or its affiliates. All rights reserved. 50
in Japanese
Wednesday December 14, at
10:00 a.m JST – Tokyo (UTC +9),
Which is Tuesday, December 13 , at
5:00 p.m. Pacific Time - San Francisco (UTC -8)
Join Cisco Support Engineer and double CCIE
Zhao Qin
He will discuss how to troubleshoot NAT configurations and common performance issues on Cisco Firewall Products with focus on Adaptive Security Appliances (ASA) and Firewall Services Modules (FWSM).
During this interactive session you will be able ask all your questions related to this topic.
Register for this live Webcast at
http://tools.cisco.com/gems/cust/customerSite.do?METHOD=E&LANGUAGE_ID=J&PRIORITY_CODE=4&SEMINAR_CODE=S15646
Topic: Troubleshooting NAT and Common
Performance Issues on Cisco Firewall Products
© 2011 Cisco and/or its affiliates. All rights reserved. 51
in English
Tuesday, January 17, 2012 , at 12:30 p.m. India Time8:00 a.m. Paris
Join Cisco Support Engineer
Souvik Ghosh
He will focus on different methods of advanced troubleshooting tools to debug high CPU utilization issues occurring in Cisco Catalyst 6500 switches
During this interactive session you will be able ask all your questions related to this topic.
Register for this live Webcast at
www.CiscoLive.com/ATE
Topic: Troubleshooting tools to analyze high CPU
utilization issues on 6500
© 2011 Cisco and/or its affiliates. All rights reserved. 52
in Spanish
Tuesday January 31st, 2012 at
9:00 a.m. Mexico city (UTC -6)
10:00 a.m. EST (UTC -5),
4:00 p.m. GMT – Paris (UTC +2)
You will be able to register at
https://supportforums.cisco.com/community/spanish
In few weeks.
Topic: To be determined
© 2011 Cisco and/or its affiliates. All rights reserved. 53
https://supportforms.cisco.comhttp://www.facebook.com/CiscoSupportCommunity
http://twitter.com/#!/cisco_support
http://www.youtube.com/user/ciscosupportchannel
http://itunes.apple.com/us/app/cisco-technical-
support/id398104252?mt=8
http://www.linkedin.com/groups/CSC-Cisco-Support-
Community-3210019
© 2011 Cisco and/or its affiliates. All rights reserved. 54
If you speak Polish, Japanese, or Spanish, we invite you
to ask your questions and collaborate in your language.
•Spanish https://supportforums.cisco.com/community/spanish
•Polish https://supportforums.cisco.com/community/etc/netpro-polska
•Japanese https://supportforums.cisco.com/community/csc-japan
We’re also running a pilot for Portuguese and Russian You can register at the following links
•Portuguese: (Launching in January, 2012) https://www.ciscofeedback.vovici.com/se.ashx?s=6A5348A77EE5C0B7
•Russian:https://www.ciscofeedback.vovici.com/se.ashx?s=6A5348A712220E19
Thank You for Your Time
Please Take a Moment to Complete the Evaluation
Top Related