cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8801
Views
14
Helpful
30
Replies

Ask the Expert: Enterprise IPv6 Deployment

ciscomoderator
Community Manager
Community Manager

            Read the bioWith Chip Nielsen

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about deploying IPv6 in an enterprise environment with expert Chip Nielsen.

IPv6 is the latest revision of the Internet Protocol and is intended as a replacement for IPv4. As public IPv4 address space continues to be exhausted, IPv6 is becoming more important to the enterprise. In this session, we will discuss the current state of IPv6 deployment and how to deploy IPv6 in your network.

Chip Nielsen (CCIE no. 12369) is a network consulting engineer with Advanced Services Enterprise West. During his eight-year tenure at Cisco, Chip has worked on several global enterprise design and implementation projects. These projects ranged from IPv6 migration planning to provider-managed MPLS WAN design. As an IPv6 Forum Fellow, he has also participated extensively in the IPv6 Forum education programs. In addition, Chip is a proctor for the IPv6 Hands-On Lab at Cisco Live. Prior to Cisco, Chip held various enterprise/commercial consulting and engineering roles in his 14-year networking career. 

Remember to use the rating system to let Chip know if you have received an adequate response. 

Chip might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation in Network Infrastructure community,  sub-community, IPv6 Integration and Transition   discussion forum shortly after the event. This event lasts through February 28, 2014. Visit this forum often to view responses to your questions and the questions of other community members.

30 Replies 30

kkpnaveen1
Level 1
Level 1

Dear Community member,

Please help me on the cisco 888 g.shdsl router to configure

1. The ISP connected by WAN IP Address (172.24.14.10 - 172.24.14.11 255.255.255.252) to the router in wan port(fe4)

2. The public ip address given by the ISP is (218.248.117.11 218.248.117.25) 15 ip address's

3. I have 2 DVR's to be directly connected to the public by using only public ip address (218.248.117.15 218.248.117.16)

4.  I have 2 NVR's to be port forwarded from private ip to public ip  address nvr ip (192.168.11.10-218.248.117.17)  (192.168.11.11-218.248.117.18)

5. I have local area network to be connected to internet (192.168.10.2-254)

6. I am using unmanaged switch to access all network equipments

Please giude me on this

Naveen Kumar K

kkp.naveen@gmail.com

Hello Naveen,

Thank you for your question.  You may want to post your question once more to the WAN, Routing and Switching community here:

https://supportforums.cisco.com/community/netpro/network-infrastructure/routing

We thank you for your participation as always.

Thank you,

Ciscomoderator

Jessica Deaken
Level 1
Level 1

Hello Chip,

Thank you for covering this topic.  My question is can you deploy routing protocols using only link local addresses?  Please advise.

Thank you.

Jessica

Hi Jessica,

Thank you for your question. This topic comes up frequently when discussing IPv6.

It is possible to use only link-local addresses for routing within your network. Most IPv6 routing protocols use link-local for neighbor relationships by default. However, each router requires a loopback interface with a unique-local or global IPv6 address for management purposes. There are caveats to this deployment model:

  • Interfaces with link-local only cannot be pinged remotely.
  • Replies to traceroute packets cannot be sourced from the interface which might impact operations.
    • For routing protocols with static neighbors (e.g. BGP), configuration changes may be required if      hardware is replaced and EUI-64 based link-local addresses are used.
    • NMS tools may have issues if they require a routable address on all interfaces.

    In my experience, customer are deploying global IPv6 addresses on all infrastructure links for management reasons.

    If you're interested, a recent internet draft (draft-ietf-opsec-lla-only-07) covers this topic in more detail.

    Hope that helps,

    Chip

    sean_evershed
    Level 7
    Level 7

    Hi Chip.

    Not sure if this question belongs in this thread or the MPLS forum.

    My question is has there has been any progress made in developing MPLSv6 so that it supports LDPv6 natively over IPv6 without the need for an IPv4 MPLS core?

    See the link below:

    https://blogs.cisco.com/getyourbuildon/moving-networks-to-ipv6-mpls-bye-bye-ipv4-mpls/#more-76099

    Thanks

    Sean

    Hi Sean,

    I reached out to the MPLS product manager for a current status.

    LDPv6 is planned for IOS-XR 5.3.0. For IOS, it is on the roadmap. However, there is not a firm release date for IOS.

    Do you have a requirement for LDPv6 in IOS?

    Thanks,

    Chip

    irfan1729
    Level 1
    Level 1

    Hello Chip,

    My organization was planning IPv4 to IPv6 transition of the complete network.

    These are some details of the the connectivity used. (Also see the attached WAN diagram )

    1. Site A, Site B and Site C are connected using MPLS VPN from two different ISPs.

    2. Each Site have their own independent Internet connections from various ISPs.

    3. LAN IPs are in the range of 10.0.0.0/8 and OSPF used inside LAN.

    4. For internet at locations, various public IPs are given by the respective ISPs.

    5. For MPLS, our router to PE router, 172.31.0.0 IPs are used and with BGP protocols.

    6. A Structure of the WAN is attached with this. I am just showing three Sites for an example. Actually we have about 500+ Sites and we are using SAP ERP for the buisiness managment. Is there any effect of IPv6 on these ?

    Questions:

    1. Should I only do the transition in the public domain ? ( Each Site host some web applications with their own web servers with Public IPs from different ISPs ).

    2. Should i change my complete 10.0.0.0 IPs to IPv6 ??

    3. Since we are using different ISPs for intenet at Sites, should we use Provider independent IPv6 ?

    4. Should I change the 172.31 IP used for eBGP connection with MPLS PE to be changed to IPv6 ?

    5. I read that Dual Stack is a better solution. Where to activate Dual stack ? Is it in the routers or all the servers and PC accross the organization.

    Thanks in Advance

    Irfan

    WAN.PNG

    Hi Irfan,

    Thanks for participating.

    Let me address your questions.

    1.  Should I only do the transition in the public domain ? ( Each Site host  some web applications with their own web servers with Public IPs from  different ISPs ).

    You can start with the edge and the public services as it tends to be the simplest deployment opportunity for IPv6. However, you should also plan for rolling out IPv6 internally. The timeframe may be longer, but having a cohesive IPv6 strategy for both environments is important.

    2. Should i change my complete 10.0.0.0 IPs to IPv6 ??

    This question goes along with both your previous question and question #4/#5. The reality is that IPv4 will be with us for a long time, so you won't be removing that private addressing just yet. However, I do recommend planning for a dual stack rollout within your internal network (i.e. IPv6 coexisting with existing IPv4 implementation).

    3. Since we are using different ISPs for intenet at Sites, should we use Provider independent IPv6 ?

    It depends on your Internet deployment model. Do you need to advertise the same IPv6 range from multiple locations for multi-homing purposes? If so, provider independent space is a better option. Some ISPs might allow you to advertise provider-assigned space from different providers, so you may want to investigate that if you are unable to acquire PI space.

    4. Should I change the 172.31 IP used for eBGP connection with MPLS PE to be changed to IPv6 ?

    No, the existing IPv4 eBGP peering should not be changed. In a dual stack MPLS-based WAN, you will have an IPv4 eBGP peer and an IPv6 eBGP peer.

    5.  I read that Dual Stack is a better solution. Where to activate Dual  stack ? Is it in the routers or all the servers and PC accross the  organization.

    Dual stack is the preferred method for migration from IPv4 to IPv6.With proper planning, deploying dual stack IPv6 on your network infrastructure is fairly straight forward. Many customers start by deploying IPv6 in the core and then working out towards the edge of the network.

    In your case, you'll need to work with your MPLS providers to verify if they support IPv6.

    Servers and PCs represent a bigger challenge that the network due to application issues. It's important to engage the application teams and work with your vendors (e.g. SAP) to validate IPv6 support. In most cases, IPv6 rollout should not impact your IPv4-based applications though.

    I recommend visiting ciscolive365.com and checking out the many great IPv6 presentations by my colleagues here at Cisco. There are sessions covering deployments such as yours that should help you in your planning.

    Please let me know if you have any other questions.

    Thanks,

    Chip

    Hello Chip,

    Thanks for the reply.

    I want some more clarity regarding which IPv6 address to use.

    1. Since each of the my Sites use different ISP, Each ISP gives different IPv6 prefixes. So all the sites will be having different IPv6 prefix ,which will be difficult to manage. So can I use Unique Local Address (ULA FC00::/7 ) for my Sites and use NAT64 at internet edge. Is this method recommended ? ( I think my Management wont recommend any PI prefix )

    2. Is there any good NAT64 translator available in the market ?

    How to handle multi-site provider-aggregated prefixes is one of the biggest pain points in IPv6, not that it isn't equally painful in IPv4.   Another big pain is multiple ISPs for a single site, ditto. There are various things people have tried, all with pro's and con's:

    a) Live with the multiple prefixes, which works, but is a nuisance to document & route.

    b) Big organizations can get provider-independent space; the University of Wisconsin-Madison is on its 3rd IPv6 prefix (the trajectory was 6bone prefix, PA prefix, PI prefix), after deciding they needed to do this and getting a /32.  Makes in the in-house routing easy, but complicates peering and relationships with providers.

    c) If all of your ISP's are toying with Cisco's experimental Location-ID separation protocol, get the PA address space from the provider of your biggest sites, and have the other ISP's tunnel your traffic.  Nice for the customer, but hard to negotiate.

    d) Use ULA's internally, with Cisco's experimental NAT66 prefix substitutions at the border.  Beware!  A lot of clients get horribly confused about which source address to use if they have both an fc00::/7 ULA prefix and a 2000::/3 global unicast prefix.  Also, the NAT66 is header only, so v6 payloads with embedded addresses will break.

    I'm squatting on a fair amount of public v4 and native v6, so I'm the wrong person to ask about NAT64, sorry.

    -- Jim Leinweber, WI State Lab of Hygiene

    Hi Irfan,

    Jim has done an excellent job of laying out the options.

    This particular scenario requires NAT66/NPTv6 and not NAT64. However, the IPv6 community tends to steer people away from ULA with NPTv6 at the edge. One of the primary goals of IPv6 is restoring end-to-end connectivity and removing the requirement for NAT. With that in mind, global addressing is the preferred method. Whether that model is achievable in all scenarios remains to be seen and I expect we'll see more best practices developed as IPv6 deployment continues.

    Currently, the Cisco ASA is the only Cisco platform that supports NAT66. However, NPTv6 is on the roadmap for IOS.

    Thanks,

    Chip

    John Mink
    Level 1
    Level 1

    Hello Chip,

    Since IPv6 isn't backwards compatible with IPv4 when do you think the cut off for IPv4 will be? And if so will it be a gracefull transition or a "lights off" transition?

    Hi John,

    That's a tough question.

    I'm aware of enterprise customers with aggressive timelines for native IPv6 in the next 3-5 years. For commercial and small enterprise, the timeline will probably be longer. However, I've never been much of a prognosticator.

    With a combination of dual stack and minimal use of translation, a graceful transition should be achievable.A "lights off" transition may occur in internal networks due to the operational overhead of dual stack. That scenario is much less likely for the Internet though.

    Hopefully, IPv4 doesn't stick around forever.

    Thanks,

    Chip

    Chip,

      Thanks for the reply. Another question I have is with networks that use encryptors such as Taclanes, how would this transition affect them? Would the Taclanes have to support IPv6 as well? Would all devices enterprise wise have to support IPv6?

    V/R,

    John

    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Innovations in Cisco Full Stack Observability - A new webinar from Cisco