Welcome to the Cisco Networking Professionals Ask the Expert conversation. Service Provider and Enterprise network engineers are facing one of the major challenges since the inception of the Internet; the transition to IPv6. Several tools and techniques are available today to ease this major undertaking. This ask the expert session with Harold Ritter focuses on some of the tunneling techniques such as static tunnels, 6to4, isatap, 6rd and some of the translation mechanisms such as nat444, nat64, dual stack lite that will help network engineers reach their objective of making IPv6 ubiquitous. Harold Ritter is a technical leader with the Cisco Advanced Services Central Engineering team. He is responsible for helping Cisco top-tier Service Provider customers to design, implement and troubleshoot routing protocols and multicast, for both IPv4 and IPv6, and MPLS solutions in their environment. He is a regular contributor to CiscoLive. He has been a network engineer for more than 14 years. Harold is a CCIE (#4168) for Routing & Switching and Service Provider.
Remember to use the rating system to let Harold know if you have received an adequate response.
Harold might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through November 5, 2010. Visit this forum often to view responses to your questions and the questions of other community members.
Pls could you explain the IOS (software) feature
"IPv6 data link: VLANs using IEEE 802.1Q encapsulation",
which is formally not a part of the Catalyst IOS IP BASE set.
a) ASA <== 802.Q ==> Catalyst Layer-2-only <== 802.Q ==> ISR 15.M/T
b) ASA <== 802.Q ==> Catalyst Layer-2-only <== access ==> any servers
No problems exist with the case b) - ND is working very well in both directions.
In a) the ND (ipv6 neighborhoods) are not completed for global unicast addresses.
LL-addresses are reachable (e.g. by ping). the ASA is the default gateway for
ISR subinterfaces. So we are able to ping the unicast address ASA from ISR; just
thereafter, the ASA has the ISR addresses and transit traffic to the outside...
I assume we run into an issue with the "feature". We'd like to
stay with IP Base; nevertheless we have tested IP Services too
For "802.Q-Multi-Hop" the current workaround is entering of static neighbors
on ASA 8.3(2)-x.
MLD snooping is Disabled on Catalyst
in response to tarhan_a:
This should not be an issue in either one of the above scenarios. I also suspect that you are hitting and issue with the specific level of code you are using. May I suggest that you work with TAC to narrow down on the specific issue you are hitting.
in response to steve_vanburen:
There is definitely a lot of activities currently in the SP field surronding IPv6. All SP customers I work with or come across these days have either already deployed IPv6 or have concrete plans to do so in the very near future. The ways in which they deploy are very different from one SP customer to another. Some have decided to bite the bullit and to deploy IPv6 in dual stack mode throughtout their core infrastructures. Some use thei existing MPLS core to simply tunnel IPv6 through their core. Some go with a mix and match of dual stack and tunneling techniques. Let me know if you need more information.
I have an AP 1131 AG and it is in H-Reap mode; for right now both radio 802.11a and 802.11b/g are disable, when I try to make it enable it give me error in WCS "Error Common-1: Some unexpected internal error has occurred. If the problem persist report to the Tech Support. And the second error
" Error : SNMP operation to Device Failed; Attempted to set conflicting attribute value.
I will appreciate your help.
Not sure how this question ties to the curent topic. It would be better answered in the WIFI forum.
Harold, is 6RD currently supported by Cisco. If so, on what platforms?
6RD is indeed available on some platforms. Mainly on the ASR1k and on the Carrier Grade Service Engine (AKA CGSE). The CGSE is a service blade that inserts in a CRS-1 (or CRS-3) to provide a variety of services among which 6RD and NAT44. The CGSE is used to implement all the services normally available in the context of a Large Scale Nat (LSN) device. It is also planned for IOS.
Recently i revived your forum about the Topic - IPV6 MIGIRATION TOOLs. Am actually looking for the roadmap to migigration only, so can you guide me on this to proceed further.
Our Network is currently running with IP-Version4 completely, but we are planning to update with IP-Version6 only. OUr network device and connection and all given in below for your reference.
Internet link -1 (BGP ) --------> Cisco Router -1(2901 ) ----------l
HSRP | SWITCH ------------> Cisco ASA --------------> LAN
Internet link -2 (BGP ) --------> Cisco Router -2(2901 ) ----------l
So am planning this network to migrate to IP-Version6.. Kindly guide me on this with step by step sequence.
Note: Am planning to migrate with the Dual-Stack method only.
Thanks in Advance.....
Both the ASA and the 2901 provide IPv6 support. The IPv6 support for the ASA started with version 7.0. You first need to make sure that your Internet service provider(s) can offer IPv6 transit. You might need to request a provider independent IPv6 address allocation if you are dual home. Refer to www.cisco.com/go/ipv6 for a wealth of ipv6 information and white papers.
Please let me know if you have additional questions
Thanks for your timely reply....
We working with the BGP-Multihoming setup only with two ISP's. Am already confirmed with the ISP's for Ipv6 wan ip address. But, i need some clarification about the Address only, because we brought only one IP-Block (/24 - Subnet mask) from the APNIC. Hence we migrated means who many IP-Address we will get from the APNIC either same or different valid IP-Address.
If, we getting only the 254 Valid Ip-Address from the APNIC means, what address will be used for all the remaning system. Is it so, all the host needs to have the Public IPv6 Address only.
Can you explain me about some inputs about the Private/Public address in IPv6. and what concept we will use here.
Note that IPv6 addresses are 128 bits long. /24 provides a lot more addressing in the V6 worls than in its V4 counterpart. /24 would normally be given to large service providers.
If you request a Provider Independant (PI) address block from APNIC, they will most probably give you a /48 by default. This would give you plenty of address address for decades to come. In theory, you could address as many as 65535 /64 subnets out of that /48 blocks. Remember that a /64 to an interface for StateLess Automatic AutoConfiguration (SLACC) to work. This will allow you to address all of your hosts, servers, etc with global (what yo refer to as public) IPv6 address. I do not really see a need for you to use unique local addresses (what you refer to as private).
Let me know if I answered all of your concerns.
So, you mean to say like APNIC will provide /48 by default with that we use plenty of system to use that IP-Address. But, my concern is actually what IP Address will be assiged to the System. For example, in IP-Version4 we use Private IP-Address inside the Network and doing the NAT to Outside world with any one type of NAT(static,Dyanmic or PAT). Hence inside the network accessing with the Private Ip-Address and Outside with NATted Global IP-Address.
But my confusion here about this process in IP-Version 6, because am planing to Dual Stack method to migrate. So, am assuming that Gateway interface will having both the IPv4 & Ipv6 address. And the end system also will have the same like system will have both the IPv4 & IPv6 address to communicate within the LAN. Correct me If Am wromg means.!!!!
If, possible means can you give some example for LAN communication within IPv6 and between ipv6 and ipv4.
Thanks & Regards
The main reason to do pricate to public translation in v4 is addres space preservation. It is not necessary with v6. If you run dual stack, you could still dot it for v4 though.
Here is a very basic example of what the ipv6 configuration might look on a given gateway:
description LAN interface
ipv6 address 2001:db8:0:1::1/64
description WAN interface
ipv6 address 2001:db8::1/64
ipv6 route ::/0 2001:db8::2
ipv6 devices on the LAN segment should be able to get IPv6 addresses automatically using SLAAC as mentioned in a previous posting.
Can you talk a little bit about how IPv6 will work at the subscriber level. Will subscribers keep thier v4 address and be tunneled at the CPE device or will they have an actual IPv6 address on thier PCs. The latter concerns me because now my computer has a global address that is reachable via the internet. The nice thing about IPv4 and NAT was the fact that I could "hide" my devices behind the CPE device. How will this work with IPv6?
Yes, the PC will get a global IPv6 address. Contrary to what some people think, NAT is not an efficient security measure and on top of it it breaks end to end connectivity. So in my view, moving away from NAT on the CPE is a good thing.
Is Dual Stack currently supported in the Carrier Grade Solution Engine?
I appreciate your help.
The CGSE does support services such as NAT44, NAT64, 6RD, ds-lite,etc. Can you elaborate on what you mean by, does the CGSE support dual-stack?
Regarding dual stak, the question is if it is possible to configure IPv4 and IPv6 in the interfaces ServiceApp belonging to the CGSE?.
If you mean support IPv4 based and IPv6 based services in parallel, the answer is yes.