© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Robert Beckett Services Technical Leader November 14, 2012
Jan 12, 2015
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Robert BeckettServices Technical Leader
November 14, 2012
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
• Network backbone – routers, switches, etc.
• Terminal servers, telnet, ssh, VNC, RDP, etc.
• File servers, VMware, etc.
• Services – DNS, DHCP, AAA, NTP, SNMP, etc.
• NMS – vendor and home-grown
• IP Phones, Wireless
• Power management, Room Access, Surveillance
• Thermostat, Cooling, Fire detectors, Lights …
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
• Network backbone – routers, switches, etc.
• Terminal servers, telnet, ssh, VNC, RDP, etc.
• File servers – VMware, etc.
• Enable IPv6 connectivity within lab
• Enable IPv6 connectivity between labs
• Enable IPv6 connectivity to Internet where needed
• IPv6 available for devices that need/want it
• Groundwork for future
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
San Jose
RCDNBXB
RTP
Brussels
Beijing
Tokyo
Sydney
Bangalore
Emerging MarketsUS & Canada European Markets Asia Pacific/Japan
Strategy: combine the labs into one unified, scaled, virtual
system with common architecture and processes: One lab
service “cloud.”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
• Support more TAC IPv6 cases -- recreates
• Be ready for the World IPv6 Launch Day: June 6th, 2012
• Greater Internet Addressability in lieu of very limited public IPv4 address space
• Greater Cisco Addressability in lieu of limited RFC1918 IPv4 Address Availability
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
• Dual stack
• Direct vs. 6in4 Tunnel
• RIPv6 / EIGRPv6 / OSPFv3 / IS-IS
• Only IS-IS is truly integrated, but this advantage is not too useful in a typical lab that has on the order of dozens of pods and hundreds of subnets
• We traditionally used EIGRP inside the lab, but RIPv6 is what Cisco IT uses for the 6in4 tunnels it creates
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
• Assigned /56 via IP transported via direct or GRE tunnel
• Full mesh tunnels, or home all tunnels to single router or to where IT tells you
• In our case, not a terribly strict hierarchy – mix of main gateway, intermediate gateways, L2/L3 switches, etc.
• Route IPv6 on all routers and L3 switches
• No need to worry about L2, except as hosts for mgmt
• Lab backbone via RIP for now – because of IT and desire to keep things simple, migrate to OSPF or EIGRP later
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
ipv6 unicast-routing
!
interface Tunnel0
description for 2001:db8:1bf:400::/56
no ip address
ipv6 address 2001:DB8:1BF:400::2/64
tunnel source Loopback0
tunnel destination 10.27.90.77
tunnel mode ipv6ip
!
interface Loopback0
ip address 131.108.84.1 255.255.255.255
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
interface Vlan11
description BACKBONE ETHERNET SWITCH VLAN
ipv6 address 2001:DB8:1BF:401::1/64
ipv6 rip v6 enable
ipv6 rip v6 default-information originate
!
interface Vlan240
ipv6 address 2001:DB8:1BF:4F0::1/64
!
ipv6 route ::/0 Tunnel0
ipv6 router rip v6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
ipv6 unicast-routing
!
interface GigabitEthernet0/0
ipv6 address 2001:DB8:1BF:401::11/64
ipv6 rip v6 enable
!
interface GigabitEthernet0/1.54
encapsulation dot1Q 54
ipv6 address 2001:DB8:1BF:436::1/64
!
ipv6 router rip v6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
• Via SLAAC/DHCP – address, subnet, gateway, DNS if available
interface x/y
ipv6 address autoconfig
• Static
interface x/y
ipv6 address 2001:DB8:1BF:436::88/64
!
ipv6 route ::/0 2001:DB8:1BF:436::1
ip name server X:X:X:X::X
ip domain name abc.org
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
• Some HW may need upgrading
• Likely some SW needs upgrading
• Cisco IPv6 feature support – EIGRP in SXI, IPv6 in ipbase, etc.
• Lab topology has “evolved” over so many years
• LARGE lab
• Little manpower for lab architecture
• IT infra not all IPv6 enabled; need some 6in4 tunnels
• Labeling! IPv6 subnets are longer and devices with more and more ports have less empty space to write them….
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
• In IPv6, subnet size worries gone
• DHCP vs. static range concerns gone – basically no chance of IPv6 address collision
• Switch feature -- Broadcast suppression no longer needed, multicast suppression still useful
• Subnet manager … IT / CALO
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
• Configure IPv6 addresses on more devices by default for IPv6 management – telnet, ssh, snmp, etc.
• Move from SLAAC to Stateless DHCPv6 and Stateful DHCPv6
• Migrate away from non-routable IPv4 address space in favor of corporate routable IPv6 address space
• Get IPv6 on our DMZ network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
• Cisco Support Community:
https://supportforums.cisco.com/community/netpro/network-
infrastructure/ipv6-transition
• CCO IPv6 Main Page www.cisco.com/go/ipv6
Thank you.
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 17
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
• Discover Layer 3 device on local subnet
• Address assignment
Stateful (DHCP) vs Stateless Address assignment (SLAAC)
Server sends Network-Type Information
Prefix
Default Route
Host Address Is:
Prefix Received
+
Link-Layer Address
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 19
Centralized server performs all addressing tasks
• Assigns IP addresses
• Keeps track of Client to address mapping
• Provides additional network information
DNS server
Default gateway
Examples of Stateful Address protocols
• DHCP
Client dynamically takes on addressing tasks
• Chooses own IP address
EUI-64
• DAD used to avoid address duplication
• Additional network information not provided by default
Provided by supporting server
Examples of Stateless Address protocols
• SLAAC (StateLess Address AutoConfiguration)
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 20
DHCPv6 server will allocate one or more IPv6 addresses or prefixes to a DHCPv6 client
DHCP options can be provided to client
• DNS server
• Domain name
DHCPv6 server maintains state
• Stores the leased IPv6 addresses and lease details in its database
Two messages are used
• INFORMATION-REQUEST
• REPLY
DHCPv6 server only provides configuration information
• DNS server
• Domain name
Assumption:
• Client will acquire IPv6 address through other means (SLAAC)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
• RA can be disabled because DHCP takes care of address assignment
ipv6 dhcp pool IPV6_DHCPPOOL
address prefix 2001:DB8:1000::/64 lifetime infinite infinite
link-address 2001:DB8:1000::1/64
dns-server 2001:DB8:1000::4222
domain-name cisco.com
!
interface Ethernet0/0
ipv6 address 2001:DB8:1000::1/64
ipv6 enable
ipv6 nd ra suppress
ipv6 dhcp server IPV6_DHCPPOOL
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
• By default, SLAAC only allows the client to configure an IP address and default route, no additional information
• SLAAC must be configured to use other-config-flag options in order to provide DNS and domain name information via the DHCP config
This information is still provided through SLAAC, just configured via DHCP
ipv6 dhcp pool IPV6_DHCPPOOL
dns-server 2001:DB8:1000::4222
domain-name cisco.com
!
interface Ethernet0/0
ipv6 address 2001:DB8:1000::1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server IPV6_DHCPPOOL
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
• IPv6’s larger address space enables:
Use of link layer addresses inside the address space via eui-64 format
Dynamic client address autoconfiguration with “no collisions” (DAD)
Plug and play support