Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conference

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Robert BeckettServices Technical Leader

November 14, 2012


• Network backbone – routers, switches, etc.

• Terminal servers, telnet, ssh, VNC, RDP, etc.

• File servers, VMware, etc.

• Services – DNS, DHCP, AAA, NTP, SNMP, etc.

• NMS – vendor and home-grown

• IP Phones, Wireless

• Power management, Room Access, Surveillance

• Thermostat, Cooling, Fire detectors, Lights …


• Network backbone – routers, switches, etc.

• Terminal servers, telnet, ssh, VNC, RDP, etc.

• File servers – VMware, etc.

• Enable IPv6 connectivity within lab

• Enable IPv6 connectivity between labs

• Enable IPv6 connectivity to Internet where needed

• IPv6 available for devices that need/want it

• Groundwork for future


San Jose

RCDNBXB

RTP

Brussels

Beijing

Tokyo

Sydney

Bangalore

Emerging MarketsUS & Canada European Markets Asia Pacific/Japan

Strategy: combine the labs into one unified, scaled, virtual

system with common architecture and processes: One lab

service “cloud.”


• Support more TAC IPv6 cases -- recreates

• Be ready for the World IPv6 Launch Day: June 6th, 2012

• Greater Internet Addressability in lieu of very limited public IPv4 address space

• Greater Cisco Addressability in lieu of limited RFC1918 IPv4 Address Availability


• Dual stack

• Direct vs. 6in4 Tunnel

• RIPv6 / EIGRPv6 / OSPFv3 / IS-IS

• Only IS-IS is truly integrated, but this advantage is not too useful in a typical lab that has on the order of dozens of pods and hundreds of subnets

• We traditionally used EIGRP inside the lab, but RIPv6 is what Cisco IT uses for the 6in4 tunnels it creates


• Assigned /56 via IP transported via direct or GRE tunnel

• Full mesh tunnels, or home all tunnels to single router or to where IT tells you

• In our case, not a terribly strict hierarchy – mix of main gateway, intermediate gateways, L2/L3 switches, etc.

• Route IPv6 on all routers and L3 switches

• No need to worry about L2, except as hosts for mgmt

• Lab backbone via RIP for now – because of IT and desire to keep things simple, migrate to OSPF or EIGRP later


ipv6 unicast-routing

!

interface Tunnel0

description for 2001:db8:1bf:400::/56

no ip address

ipv6 address 2001:DB8:1BF:400::2/64

tunnel source Loopback0

tunnel destination 10.27.90.77

tunnel mode ipv6ip

!

interface Loopback0

ip address 131.108.84.1 255.255.255.255


interface Vlan11

description BACKBONE ETHERNET SWITCH VLAN


ipv6 rip v6 enable

ipv6 rip v6 default-information originate

!

interface Vlan240

ipv6 address 2001:DB8:1BF:4F0::1/64

!

ipv6 route ::/0 Tunnel0

ipv6 router rip v6


ipv6 unicast-routing

!

interface GigabitEthernet0/0

ipv6 address 2001:DB8:1BF:401::11/64

ipv6 rip v6 enable

!

interface GigabitEthernet0/1.54

encapsulation dot1Q 54


!

ipv6 router rip v6


• Via SLAAC/DHCP – address, subnet, gateway, DNS if available

interface x/y

ipv6 address autoconfig

• Static

interface x/y

ipv6 address 2001:DB8:1BF:436::88/64

!

ipv6 route ::/0 2001:DB8:1BF:436::1

ip name server X:X:X:X::X

ip domain name abc.org


• Some HW may need upgrading

• Likely some SW needs upgrading

• Cisco IPv6 feature support – EIGRP in SXI, IPv6 in ipbase, etc.

• Lab topology has “evolved” over so many years

• LARGE lab

• Little manpower for lab architecture

• IT infra not all IPv6 enabled; need some 6in4 tunnels

• Labeling! IPv6 subnets are longer and devices with more and more ports have less empty space to write them….


• In IPv6, subnet size worries gone

• DHCP vs. static range concerns gone – basically no chance of IPv6 address collision

• Switch feature -- Broadcast suppression no longer needed, multicast suppression still useful

• Subnet manager … IT / CALO


• Configure IPv6 addresses on more devices by default for IPv6 management – telnet, ssh, snmp, etc.

• Move from SLAAC to Stateless DHCPv6 and Stateful DHCPv6

• Migrate away from non-routable IPv4 address space in favor of corporate routable IPv6 address space

• Get IPv6 on our DMZ network


• Cisco Support Community:

https://supportforums.cisco.com/community/netpro/network-

infrastructure/ipv6-transition

• CCO IPv6 Main Page www.cisco.com/go/ipv6

https://supportforums.cisco.com/community/netpro/network-infrastructure/ipv6-transition

http://www.cisco.com/go/ipv6

Thank you.

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 17


• Discover Layer 3 device on local subnet

• Address assignment

Stateful (DHCP) vs Stateless Address assignment (SLAAC)

Server sends Network-Type Information

Prefix

Default Route

Host Address Is:

Prefix Received

+

Link-Layer Address


Centralized server performs all addressing tasks

• Assigns IP addresses

• Keeps track of Client to address mapping

• Provides additional network information

DNS server

Default gateway

Examples of Stateful Address protocols

• DHCP

Client dynamically takes on addressing tasks

• Chooses own IP address

EUI-64

• DAD used to avoid address duplication

• Additional network information not provided by default

Provided by supporting server

Examples of Stateless Address protocols

• SLAAC (StateLess Address AutoConfiguration)


DHCPv6 server will allocate one or more IPv6 addresses or prefixes to a DHCPv6 client

DHCP options can be provided to client

• DNS server

• Domain name

DHCPv6 server maintains state

• Stores the leased IPv6 addresses and lease details in its database

Two messages are used

• INFORMATION-REQUEST

• REPLY

DHCPv6 server only provides configuration information

• DNS server

• Domain name

Assumption:

• Client will acquire IPv6 address through other means (SLAAC)


• RA can be disabled because DHCP takes care of address assignment

ipv6 dhcp pool IPV6_DHCPPOOL

address prefix 2001:DB8:1000::/64 lifetime infinite infinite

link-address 2001:DB8:1000::1/64

dns-server 2001:DB8:1000::4222

domain-name cisco.com

!

interface Ethernet0/0

ipv6 address 2001:DB8:1000::1/64

ipv6 enable

ipv6 nd ra suppress

ipv6 dhcp server IPV6_DHCPPOOL


• By default, SLAAC only allows the client to configure an IP address and default route, no additional information

• SLAAC must be configured to use other-config-flag options in order to provide DNS and domain name information via the DHCP config

This information is still provided through SLAAC, just configured via DHCP

ipv6 dhcp pool IPV6_DHCPPOOL

dns-server 2001:DB8:1000::4222

domain-name cisco.com

!

interface Ethernet0/0

ipv6 address 2001:DB8:1000::1/64

ipv6 enable

ipv6 nd other-config-flag

ipv6 dhcp server IPV6_DHCPPOOL


• IPv6’s larger address space enables:

Use of link layer addresses inside the address space via eui-64 format

Dynamic client address autoconfiguration with “no collisions” (DAD)

Plug and play support

Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conference

Documents

cisco confidential

cisco andor i

ipv6 connectivity

route ipv6

ipv6 subnets

ip address ipv6 address

ipv6 addresses

cisco support community