SlideShare une entreprise Scribd logo
1  sur  76
Télécharger pour lire hors ligne
#CNSF2011
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public           1
Reference Materials

§ New/Updated IPv6 Cisco Sites:
  http://www.cisco.com/go/ipv6
  http://www.cisco.gom/go/entipv6
§ Deploying IPv6 in Campus Networks:
  http://www.cisco.com/en/US/docs/solutions/Enterpri
  se/Campus/CampIPv6.html
§ Deploying IPv6 in Branch Networks:
  http://www.cisco.com/en/US/solutions/ns340/ns414/
  ns742/ns816/landing_br_ipv6.html




Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   2
Recommended Reading




Deploying IPv6 in Broadband
Networks - Adeel Ahmed, Salman                                                                 Now available!!
Asadullah ISBN0470193387, John
Wiley & Sons Publications®
   Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                     3
Agenda

§ The Need for IPv6
§ Planning and Deployment Summary
§ Address Considerations
§ General Concepts
§ Infrastructure Deployment
          Campus/Data Center
          WAN/Branch
          Remote Access

§ Communicating with the Service Providers


Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   4
#CNSF2011
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public           5
Dramatic Increase in Enterprise Activity
           Why?

                                                                             • Enterprise that is or will be expanding into new markets
                     Growth/Protection                                       • Address exhaustion
Pressure
External




                                                                             • Enterprise that partners with other
                             Partnership                                       companies/organizations doing IPv6
                                                                             • Governments, enterprise partners, contractors


                                                                             • Microsoft Windows 7, Server 2008
                              OS/Apps                                        • Microsoft DirectAccess
Pressure
Internal




                             Fixing Old                                      • Mergers &Acquisitions
                             Problems                                        • NAT Overlap


                                                                             • High Density Virtual Machine environments (Server
                     New Technologies                                          virtualization, VDI)
                                                                             • SmartGrid


           Presentation_ID      © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                                   6
Innocent W2K3 -to- W2K8 Upgrade
Windows 2003
C:>ping svr-01

Pinging svr-01.example.com [10.121.12.25] with 32 bytes of data:
Reply from 10.121.12.25: bytes=32 time<1ms TTL=128
Reply from 10.121.12.25: bytes=32 time<1ms TTL=128
Reply from 10.121.12.25: bytes=32 time<1ms TTL=128
Reply from 10.121.12.25: bytes=32 time<1ms TTL=128

Upgraded Host to Windows 2008
C:>ping svr-01

Pinging svr-01 [fe80::c4e2:f21d:d2b3:8463%15] with 32 bytes of data:
Reply from fe80::c4e2:f21d:d2b3:8463%15: time<1ms
Reply from fe80::c4e2:f21d:d2b3:8463%15: time<1ms
Reply from fe80::c4e2:f21d:d2b3:8463%15: time<1ms
Reply from fe80::c4e2:f21d:d2b3:8463%15: time<1ms

No. Time                  Source                    Destination                           Protocol    Info
3969 244.938775           fe80::c4e2:f21d:d2b3:8463 ff02::1:3                             UDP          Source port: 63828 Destination port: llmnr
3970 244.938958           10.121.12.25              224.0.0.252                           UDP          Source port: 53753 Destination port: llmnr
...........svr-01….....


§ Can happen if the circumstances are right
§ http://technet.microsoft.com/en-
  us/library/bb878128.aspx
  Presentation_ID           © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                                                 7
#CNSF2011
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public           8
Enterprise Adoption Spectrum
                                             • Mostly or completely
                                             past the “why?” phase
                                             • Assessment (e2e)
                                             • Weeding out vendors
                                             (features and $)
                                             • Focus on training and                        Production/Looking
       Preliminary                           filling gaps                                      for parity and
        Research                                                                                  beyond




                                                     Pilot/Early
                                                    Deployment
                                                                                             • Still fighting vendors
• Is it real?
                                                                                             • Content and wide-scale
• Do I need to deploy
                                                                                             app deployment
everywhere?
                                                                                             • Review operational cost
• Equipment status?
                                                                                             of 2 stacks
• SP support?
                                                                                             • Competitive/Strategic
• Addressing
                                                                                             advantages of new
• What does it cost?
                                                                                             environment
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                                9
Cisco IPv6 Deployment - A Lifecycle
Approach
                                           Coordinated
                                           Planning and Strategy
                                           Make Sound Financial
                                           Decisions

                                                                           Prepare


 Operational Excellence                                                                                      Assess Readiness
    Adapt to Changing                       Optimize                                                Plan     Can Your Network Support
Business Requirements                                                                                        the Proposed System?



Maintain Network Health                                                                                      Design the Solution
      Manage, Resolve,                        Operate                                               Design   Products, Service, Support
        Repair, Replace                                                                                      Aligned to Requirements
                                                                         Implement



                                            Implement the Solution
                                            Integrate Without Disruption
                                            or Causing Vulnerability

   Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.        Cisco Public                                    10
IPv6 Integration Outline

                  Pre-Deployment                                                                Deployment
                      Phases                                                                      Phases

 • Establish the network                                                         • Transport considerations
   starting point                                                                  for integration
 • Importance of a network                                                       • Campus IPv6 integration
   assessment and available tools                                                  options
 • Defining early IPv6 security                                                  • WAN IPv6 integration options
   guidelines and requirements
                                                                                 • Advanced IPv6
 • Additional IPv6 “pre-                                                           services options
   deployment” tasks needing
   consideration




Presentation_ID       © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                     11
Where do I start?
          § Based on Timeframe/Use case
          § Core-to-Edge - Ideal
          § Edge-to-Core – Challenging but doable


                                                     DC                                DC/Campus
                                                 Aggregation                              Core
                    DC
                   Access


                                                                                                            Campus
                                                                                                             Block




                                                                                       WAN
                  Servers



                                                                      Branch                       Branch


Presentation_ID     © 2006 Cisco Systems, Inc. All rights reserved.     Cisco Public                                 12
#CNSF2011
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public          13
Hierarchical Addressing and
        Aggregation
                                Site 1
2001:DB8:0001:0001::/64
                                                                                                          Only
2001:DB8:0001:0002::/64                                                                                   Announces
                                                                                                          the /32 Prefix
                                                                                                    ISP
                2001:DB8:0001::/48
                                                                                     2001:DB8::/32
                            Site 2
2001:DB8:0002:0001::/64
                                                                                                              IPv6 Internet
2001:DB8:0002:0002::/64
                                                                                                                2000::/3
                2001:DB8:0002::/48
      § Default is /48 – can be larger:
        http://www.ripe.net/ripe/docs/ipv6policy.html
      § Provider independent - http://www.ripe.net/rs/ipv6/



        Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                             14
Unique-Local Addressing (RFC4193)
§ Used for internal communications, inter-site VPNs
          Not routable on the internet—basically RFC1918 for IPv6 only better—less likelihood
          of collisions
§ Default prefix is /48
          /48 limits use in large organizations that will need more space
          Semi-random generator prohibits generating sequentially ‘useable’ prefixes—no easy
          way to have aggregation when using multiple /48s
          Why not hack the generator to produce something larger than a /48 or even sequential
          /48s?
          Is it ‘legal’ to use something other than a /48? Perhaps the entire space? Forget legal,
          is it practical? Probably, but with dangers—remember the idea for ULA; internal
          addressing with a slim likelihood of address collisions with M&A. By consuming a
          larger space or the entire ULA space you will significantly increase the chances of pain
          in the future with M&A
§ Routing/security control
          You must always implement filters/ACLs to block any packets going in or out of your
          network (at the Internet perimeter) that contain a SA/DA that is in the ULA range—
          today this is the only way the ULA scope can be enforced
§ Generate your own ULA: http://www.sixxs.net/tools/grh/ula/
Generated ULA= fd9c:58ed:7d73::/48

       * MAC address=00:0D:9D:93:A0:C3 (Hewlett Packard)
       * EUI64 address=020D9Dfffe93A0C3
       * NTP date=cc5ff71943807789 cc5ff71976b28d86
Presentation_ID       © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public        15
Not Recommended
                                                                                                                 Today
   ULA-Only
                                                                                                      Internet
                                                                                 Global –                           NAT66 Required
                                         Branch 1                                2001:DB8:CAFE::/48
                                                                                                                        Corp HQ

FD9C:58ED:7D73:2800::/64
                                                                                  Corporate
                                      Branch 2                                    Backbone


                                                                     ULA Space FD9C:58ED:7D73::/48

FD9C:58ED:7D73:3000::/64                                                                                     FD9C:58ED:7D73::2::/64
  § Everything internal runs the ULA space
  § A NAT supporting IPv6 or a proxy is required to access IPv6 hosts on the
    internet — must run filters to prevent any SA/DA in ULA range from being
    forwarded
  § Works as it does today with IPv4 except that NAT66 products/solutions do
    not yet scale like NAT44 and are not widely available…yet
  § Removes the advantages of not having a NAT (i.e. application
    interoperability, global multicast, end-to-end connectivity)
    Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.       Cisco Public                                    16
Not Recommended

    ULA + Global
                                                                                                      Internet
                                                                                 Global –
                                         Branch 1                                2001:DB8:CAFE::/48
                                                                                                                       Corp HQ

FD9C:58ED:7D73:2800::/64
                                                                                  Corporate
2001:DB8:CAFE:2800::/64
                                      Branch 2                                    Backbone

                                                                     ULA Space FD9C:58ED:7D73::/48
                                                                     Global – 2001:DB8:CAFE::/48
FD9C:58ED:7D73:3000::/64                                                                                   FD9C:58ED:7D73::2::/64
2001:DB8:CAFE:3000::/64                                                                                    2001:DB8:CAFE:2::/64
  § Both ULA and Global are used internally except for internal-only hosts
  § Source Address Selection (SAS) is used to determine which address to use when
    communicating with other nodes internally or externally
  § In theory, ULA talks to ULA and Global talks to Global—SAS ‘should’ work this out
  § ULA-only and Global-only hosts can talk to one another internal to the network
  § Define a filter/policy that ensures your ULA prefix does not ‘leak’ out onto the
    Internet and ensure that no traffic can come in or out that has a ULA prefix in the
    SA/DA fields
  § Management NIGHTMARE for DHCP, DNS, routing, security, etc…
    Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.       Cisco Public                               17
Recommended

    Global-Only
                                                                                                      Internet
                                                                                 Global –
                                         Branch 1                                2001:DB8:CAFE::/48
                                                                                                                       Corp HQ

2001:DB8:CAFE:2800::/64
                                                                                  Corporate
                                      Branch 2                                    Backbone

                                                                     Global – 2001:DB8:CAFE::/48

2001:DB8:CAFE:3000::/64                                                                                    2001:DB8:CAFE:2::/64

  § Global is used everywhere
  § No issues with SAS
  § No requirements to have NAT for ULA-to-Global translation—but, NAT
    may be used for other purposes
  § Easier management of DHCP, DNS, security, etc.
  § Only downside is breaking the habit of believing that topology hiding is a
    good security method J
    Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.       Cisco Public                                 18
Link Level—Prefix Length
Considerations


                         64 bits                                                             > 64 bits

                  § Recommended by                                           § Address space conservation
                    RFC5375 and
                    IAB/IESG                                                 § Special cases:
                                                                               /126—valid for p2p
                  § Consistency makes                                          (RFC3627)
                    management easy                                            /127—(RFC6164)
                                                                               /128—loopback
                  § MUST for SLAAC (a
                    few other                                                § Complicates management
                    technologies)
                                                                             § Must avoid overlap with
                  § Significant address                                        specific addresses:
                    space loss                                                 Router Anycast (RFC3513)
                                                                               Embedded RP (RFC3956)
                                                                               ISATAP addresses

Presentation_ID        © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public              19
SLAAC & Stateful/Stateless DHCPv6

§ StateLess Address AutoConfiguration (SLAAC)
§ Stateful and stateless DHCPv6 server
          Cisco Network Registrar:
          http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/
          Microsoft Windows Server 2008:
          http://technet2.microsoft.com/windowsserver2008/en/library/bab0f1
          a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=true
§ DHCPv6 Relay—supported on routers and switches

                                                                                             IPv6 Enabled Host
 interface FastEthernet0/1
   description CLIENT LINK
                                                                                                                 Network
   ipv6 address 2001:DB8:CAFE:11::1/64
   ipv6 nd prefix 2001:DB8:CAFE:11::/64 no-advertise
   ipv6 nd managed-config-flag
   ipv6 dhcp relay destination 2001:DB8:CAFE:10::2

                                                                                                                 DHCPv6
                                                                                                                  Server
Presentation_ID    © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                            20
#CNSF2011
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public          21
First Hop Router Redundancy
                                                        HSRP for v6
                                                         § Modification to Neighbor Advertisement, router
      HSRP                          HSRP                   Advertisement, and ICMPv6 redirects
      Active                      Standby
                                                         § Virtual MAC derived from HSRP group number
                                                           and virtual IPv6 link-local address

                                                        GLBP for v6
                                                        § Modification to Neighbor Advertisement, Router
      GLBP                             GLBP               Advertisement—GW is announced via RAs
      AVG,                              AVF,
       AVF                              SVF             § Virtual MAC derived from GLBP group number
                                                          and virtual IPv6 link-local address

                                                        Neighbor Unreachability Detection
    RA Sent                                             § For rudimentary HA at the first HOP
Reach-time =
 5,000 msec                                             § Hosts use NUD “reachable time” to cycle to
                                                          next known default gateway (30s by default)
                                                            No longer needed
        Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public           22
HSRP for IPv6
§ Many similarities with HSRP for IPv4
§ Changes occur in Neighbor
  Advertisement, Router Advertisement,                                                        HSRP                        HSRP
  and ICMPv6 redirects                                                                                                   Standby
                                                                                              Active
§ No need to configure GW on hosts (RAs
  are sent from HSRP
  active router)
§ Virtual MAC derived from HSRP group
  number and virtual IPv6 link-
  local address                                                                   interface FastEthernet0/1
§ IPv6 Virtual MAC range:                                                          ipv6 address 2001:DB8:66:67::2/64
        0005.73A0.0000 - 0005.73A0.0FFF                                            ipv6 cef
        (4096 addresses)
                                                                                   standby version 2
§ HSRP IPv6 UDP Port Number 2029
  (IANA Assigned)                                                                  standby 1 ipv6 autoconfig
§ No HSRP IPv6 secondary address                                                   standby 1 timers msec 250 msec 800
§ No HSRP IPv6 specific debug                                                      standby 1 preempt
                                                                                   standby 1 preempt delay minimum 180
                                                                                   standby 1 authentication md5 key-string cisco
                                                                                   standby 1 track FastEthernet0/0
                   Host with GW of Virtual IP
                   #route -A inet6 | grep ::/0 | grep eth2
                   ::/0      fe80::5:73ff:fea0:1                                                       UGDA   1024   0     0 eth2


 Presentation_ID       © 2010 Cisco and/or its affiliates. All rights reserved.     Cisco Public                                   23
IPv6 QoS Policy & Syntax

§ Unified QoS Policy (v4/v6 in same policy) or separate?
§ IPv4 syntax has used “ip” following match/set statements
          Example: match ip dscp, set ip dscp
§ Modification in QoS syntax to support IPv6 and IPv4
          New match criteria
                  match dscp — Match DSCP in v4/v6
                  match precedence — Match Precedence in v4/v6
          New set criteria
                  set dscp — Set DSCP in v4/v6
                  set precedence — Set Precedence in v4/v6
§ Additional support for IPv6 does not always require new
  Command Line Interface (CLI)
          Example—WRED


Presentation_ID      © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   24
Scalability and Performance
§ IPv6 Neighbor Cache = ARP for IPv4
      In dual-stack networks the first hop routers/switches will now have more memory
      consumption due to IPv6 neighbor entries (can be multiple per host) + ARP entries
      ARP entry for host in the campus distribution layer:
      Internet       10.120.2.200                                                          2        000d.6084.2c7a    ARPA   Vlan2
      IPv6 Neighbor Cache entry:
      2001:DB8:CAFE:2:2891:1C0C:F52A:9DF1                                                  4       000d.6084.2c7a    STALE Vl2
      2001:DB8:CAFE:2:7DE5:E2B0:D4DF:97EC                                                  16 000d.6084.2c7a         STALE Vl2

      FE80::7DE5:E2B0:D4DF:97EC                                                            16 000d.6084.2c7a         STALE Vl2
§ Full internet route tables—ensure to account for TCAM/memory requirements for both IPv4/IPv6—not
  all vendors can properly support both

§ Multiple routing protocols—IPv4 and IPv6 will have separate routing protocols. Ensure enough
  CPU/Memory is present

§ Control plane impact when using tunnels—terminate ISATAP/configured tunnels in HW platforms when
  attempting large scale deployments (hundreds/thousands of tunnels)




   Presentation_ID       © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                                     25
Start Here: Cisco IOS Software Release Specifics for IPv6 Features
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-
  roadmap.html




                                                                                             #CNSF2011
 Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public          26
IPv6 Co-existence Solutions
                                                 IPv4
 Dual Stack                                         IPv6



                                                      Recommended Enterprise Co-existence strategy


  Tunneling
  Services
                                                                    IPv4 over IPv6                  IPv6 over IPv4

                                                                            Connect Islands of IPv6 or IPv4


                                                                                                             Business Partners
Translation Services                                                                               IPv6
                                                                                                             Government Agencies
                                                                                                              International Sites
                                                                                                             Remote Workers
                                                                             IPv4                           Internet consumers

                                                                        Connect to the IPv6 community
    Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.      Cisco Public                             27
Deploying IPv6 in Campus Networks:
http://www.cisco.com/univercd/cc/td/doc/solution/campipv6.pdf




                                                                                             #CNSF2011
 Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public          28
Campus IPv6 Deployment Options
 Dual-Stack IPv4/IPv6
                                                                                     IPv6/IPv4 Dual Stack Hosts
§ #1 requirement—switching/
  routing platforms must support
                                                                                                                                             Access
  hardware based forwarding for                                                                                                               Layer
  IPv6                                                                                                                          L2/L3
§ IPv6 is transparent on L2                                                                                                                Distribution
                                                                                                                                              Layer
  switches but—                                                                        v6-
                                                                                       Enabled
                                                                                                                                v6-
                                                                                                                                Enabled

        L2 multicast—MLD snooping




                                                                                                    Dual Stack


                                                                                                                 Dual Stack
        IPv6 management—                                                             v6-                                         v6-       Core Layer
                                                                                     Enabled                                     Enabled
        Telnet/SSH/HTTP/SNMP
        Intelligent IP services on WLAN

§ Expect to run the same IGPs as                                                   v6-Enabled                                 v6-Enabled
                                                                                                                                           Aggregation
                                                                                                                                            Layer (DC)
  with IPv4
§ VSS supports IPv6                                                                                                                         Access
                                                                                                                                           Layer (DC)


                                                                                             Dual-stack
                                                                                             Server

 Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                                                            29
Distribution Layer: HSRP, EIGRP and
         DHCPv6-relay (Layer 2 Access)
ipv6 unicast-routing                            interface Vlan4
!                                                 description Data VLAN for Access
interface GigabitEthernet1/0/1                    ipv6 address 2001:DB8:CAFE:4::2/64
  description To 6k-core-right                    ipv6 nd prefix 2001:DB8:CAFE:4::/64 no-advertise
  ipv6 address 2001:DB8:CAFE:1105::A001:1010/64 ipv6 nd managed-config-flag
  ipv6 eigrp 10                                   ipv6 dhcp relay destination 2001:DB8:CAFE:10::2
  ipv6 hello-interval eigrp 10 1                  ipv6 eigrp 10
  ipv6 hold-time eigrp 10 3                       standby version 2
  ipv6 authentication mode eigrp 10 md5           standby 2 ipv6 autoconfig
  ipv6 authentication key-chain eigrp 10 eigrp    standby 2 timers msec 250 msec 750
!                                                 standby 2 priority 110
interface GigabitEthernet1/0/2                    standby 2 preempt delay minimum 180
  description To 6k-core-left                     standby 2 authentication ese
  ipv6 address 2001:DB8:CAFE:1106::A001:1010/64 !
  ipv6 eigrp 10                                 ipv6 router eigrp 10
  ipv6 hello-interval eigrp 10 1                  no shutdown
  ipv6 hold-time eigrp 10 3                       router-id 10.122.10.10
  ipv6 authentication mode eigrp 10 md5           passive-interface Vlan4
  ipv6 authentication key-chain eigrp 10 eigrp    passive-interface Loopback0




                       Some OS/patches may need “no-autoconfig”
         Presentation_ID    © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   30
Campus IPv6 Deployment Options
 Hybrid Model
                                                                                          IPv6/IPv4 Dual Stack Hosts
§ Offers IPv6 connectivity via multiple
  options
        Dual-stack                                                                                                                                Access
                                                                                                                                                   Layer
        Configured tunnels—L3-to-L3
                                                                                                                                     L2/L3




                                                                                                         ISATAP


                                                                                                                      ISATAP
        ISATAP—Host-to-L3
                                                                                                                                                Distribution
§ Leverages existing network                                                                   NOT v6-                               NOT v6-
                                                                                                                                                   Layer

§ Offers natural progression to                                                                Enabled                               Enabled

  full dual-stack design
§ May require tunneling to                                                               v6-
                                                                                         Enabled
                                                                                                                                      v6-
                                                                                                                                      Enabled
                                                                                                                                                Core Layer
  less-than-optimal layers
  (i.e. core layer)




                                                                                                         Dual Stack


                                                                                                                      Dual Stack
§ ISATAP creates a flat network (all                                                                                                             Aggregation
  hosts on same tunnel are peers)                                                      v6-Enabled                                  v6-Enabled     Layer (DC)
        Create tunnels per VLAN/subnet to keep
        same segregation as existing design (not
        clean today)                                                                                                                              Access
                                                                                                                                                 Layer (DC)
§ Provides basic HA of ISATAP tunnels
  via old Anycast-RP idea                                                                        Dual-stack
                                                                                                 Server

 Presentation_ID     © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                                                               31
Campus Hybrid Model 1
QoS
1.        Classification and marking of IPv6 is done on the egress interfaces on the
          core layer switches because packets have been tunneled until this point—
          QoS policies for classification and marking cannot be applied to the ISATAP
          tunnels on ingress
2.        The classified and marked IPv6 packets can now be examined by
          upstream switches (e.g. aggregation layer switches) and the appropriate
          QoS policies can be applied on ingress. These polices may include trust
          (ingress), policing (ingress) and queuing (egress)
                  Access             Distribution                    Core                Aggregation          Access
                   Layer                Layer                        Layer                Layer (DC)         Layer (DC)

      IPv6/IPv4                                                                                                           IPv6/IPv4
   Dual-stack Hosts                                                                                                       Dual-stack
                                                                                                                            Server

                                                                                 1          2



                                                                                 1          2


 Access                                                                                                                      Data Center
  Block                                                                                                                        Block



                                                                                              IPv6 and IPv4 Enabled
Presentation_ID       © 2010 Cisco and/or its affiliates. All rights reserved.       Cisco Public                                          32
Campus IPv6 Deployment Options
 IPv6 Service Block—an Interim Approach
                                                                                      VLAN 2             VLAN 3       IPv4-only
                                                                                                                      Campus
§ Provides ability to rapidly deploy                                                                                  Block
  IPv6 services without touching
  existing network                                                                                                           ISATAP
                                                                          Access
§ Provides tight control of where IPv6                                    Layer
  is deployed and where the traffic
  flows (maintain separation of
  groups/locations)                                                                                                     IPv6 Service Block
§ Offers the same advantages as
                                                                          Dist.
                                                                          Layer
                                                                                                                                  Dedicated FW
                                                                                                                                                 2
  Hybrid Model without the alteration
  to existing code/configurations
§ Configurations are very similar to
                                                                          Core
  the Hybrid Model                                                        Layer




                                                                                                                                                     Internet
        ISATAP tunnels from PCs in access layer to
        service block switches (instead of core layer—
        Hybrid)
§ 1) Leverage existing ISP block for
  both IPv4 and IPv6 access                                                       Agg                                                IOS FW
                                                                                  Layer
§ 2) Use dedicated ISP connection
  just for IPv6—Can use IOS FW or                                                Access
  PIX/ASA appliance                                                              Layer




                   Primary ISATAP Tunnel
                                                                                                                  1
                                                                                                                          WAN/ISP Block
                   Secondary ISATAP Tunnel
                                                                                      Data Center Block

 Presentation_ID           © 2010 Cisco and/or its affiliates. All rights reserved.       Cisco Public                                               33
IPv6 Data Center Integration

                                                                   § The single most overlooked and
                                                                     potentially complicated area of IPv6
                                                                     deployment
                                                                   § Route/Switch design will be similar to
                                                                     campus based on feature, platform and
                                                                     connectivity similarities – Nexus, 6500
                                                                     4900M
                                                                   § IPv6 for SAN is supported in SAN-OS 3.0
                                                                   § Stuff people don’t think about:
                                                                             NIC Teaming, iLO, DRAC, IP KVM, Clusters
                                                                             Innocent looking Server OS upgrades – Windows
                                                                             Server 2008 - Impact on clusters – Microsoft
                                                                             Server 2008 Failover clusters full support IPv6
                                                                             (and L3)

                                                                   § Build an IPv6-only server farm?


Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.      Cisco Public                                   34
Virtualized DC Solutions
DC Core

                               Nexus® 7000




                                                                                                   Nexus®
DC Aggregation                                                                                      7000

 Cisco® Catalyst ®                                                                                               ACE/ASA/WAAS
 6500 VSS                                                                                                        DC Services
 10GbE DC Services

DC Access

Cisco               Cisco                            CBS
Catalyst            Catalyst                         3100               Nexus             Nexus             Nexus                            Unified
6500                49xx                                                7000              2000              5000         Nexus               Computing
                                                                                                                         1000v               System
                                                     MDS
                                                                                          Nexus
                                                     9124e
                                                                                          1000v


DC SAN


                        MDS                                                                               MDS                    Gigabit Ethernet
                        9500                                                                              9500                   10 Gigabit Ethernet

                                                                                                                                 10 Gigabit DCB

                                                                                                                                 4Gb Fibre Channel

                                                                                                                                 10 Gigabit FCoE/DCB
            Presentation_ID    © 2010 Cisco and/or its affiliates. All rights reserved.    Cisco Public                                              35
IPv6 in the Enterprise Data Center
Biggest Challenges Today
§ Network services above L3
          SLB, SSL-Offload, application monitoring (probes) – ACE and GSS
          Application Optimization – WAAS and ACE
          High-speed security inspection/perimeter protection – ASA/IPS/IDS/IronPort

§ Application support for IPv6 – Know what you don’t know
          If an application is protocol centric (IPv4):
                  Leave as-is
                  Needs to be rewritten
                  Needs to be translated until it is replaced
                  Wait and pressure vendors to move to protocol agnostic framework

§ Virtualized and Consolidated Data Centers
          Virtualization ‘should’ make DCs simpler and more flexible
          Lack of robust DC/Application management is often the root cause of all evil
          Ensure management systems support IPv6 as well as the devices being
          managed

Presentation_ID        © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   36
Commonly Deployed IPv6-enabled OS/Apps


Operating Systems                                                              Virtualization & Applications
§ Windows 7                                                                    § VMware vSphere 4.1
§ Windows Server 2008/R2 § Microsoft Hyper-V
§ SUSE                                                                         § Microsoft Exchange 2007
                                                                                 SP1/2010
§ Red Hat
                                                                               § Apache/IIS Web Services
§ Ubuntu
                                                                               § Windows Media Services
§ The list goes on
                                                                               § Multiple Line of Business
                                                                                 apps
             Most commercial applications won’t be your problem
             – it will be the custom/home-grown apps
  Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.      Cisco Public                 37
IPv6 Deployment in the Data Center
       Services/Appliances Do Not Support IPv6
       Transparent                                     One-Armed                                                Routed             Dedicated Server Farm

§ IPv6 traffic is bridged               § IPv6 traffic bypasses                                § Create trunk between             § New IPv6 only servers
between VLANs                           services                                               switch and server                  can be connected to
                                                                                                                                  existing access/agg pair
§ Permit Ethertype                      § IPv4 traffic is sent to                              § IPv4 has default
                                                                                                                                  on different VLANs
0x86dd (IPv6)                           one-arm attached                                       gateway on service
                                        module/appliance                                       module                             § New access/agg
                                                                                                                                  switches just for IPv6
                                                                                               § IPv6 on separate VLAN
                                                                                                                                  servers
                                                                                               to MSFC

                                                                                                                         Switch                      Switch


    VLAN103

                          Permit
                          0x86dd
    VLAN203

  Switch                                                                       Switch            VLAN10                  VLAN11

                                                                                                     Trunk


     Dual stack server                                   Dual stack server                           Dual stack server             IPv4 server   IPv6 server
                                            IPv4                                              IPv6
        Presentation_ID            © 2010 Cisco and/or its affiliates. All rights reserved.      Cisco Public                                              38
ACE + IPv6 / ACE + ASR + NAT64
                               ACE SLB66
                                                                                                  v4/v6
                                   v6                                         v6
                                                                                                  v6
                                   HW available now – SW coming


NAT64 + SLB44                                                                            SLB66 + NAT64

 v6
 v4
                                                                                          v6
                                                                                          v4




                        v4 server                                                                         v4 server
 Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.        Cisco Public                       39
Deploying IPv6 in Branch Networks:
http://www.cisco.com/univercd/cc/td/doc/solution/brchipv6.pdf




                                                                                                 #CNSF2011
     Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public          40
WAN/Branch Deployment
§ Cisco routers have supported IPv6 for a
  long time                                                                                          Corporate
§ Dual-stack should be the focus of your                                                              Network
  implementation—but, some situations
  still call for tunneling
§ Support for every media/WAN type you
  want to use (Frame
  Relay, leased-line, broadband, MPLS,
  etc.)
                                                                                                       SP
§ Don’t assume all features                                                                           Cloud
  for every technology are
  IPv6-enabled                                                                                        Dual
§ Better feature support in WAN/branch                                                                Stack
  than in
  campus/DC
                                                                                             Dual                Dual
                                                                                             Stack               Stack




 Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                           41
IPv6 Enabled Branch
     Focus more on the provider and less on the gear
      Branch                                                                Branch                          Branch
     Single Tier                                                            Dual Tier                       Multi-Tier
                                                 SP
                       HQ                        support                                  HQ                         HQ
                                                 for various
                                                 WAN
                       SP                        types?
                       support
                       for port-to-                                                                          MPLS
                       port IPv6?
                                                             Internet                  Frame
      Internet




Dual-Stack                                                                                            Dual-Stack
IPSec VPN (IPv4/IPv6)                                     Dual-Stack                                  IPSec VPN or
Firewall (IPv4/IPv6)                                      IPSec VPN or Frame Relay                    MPLS (6PE/6VPE)
Integrated Switch                                         Firewall (IPv4/IPv6)                        Firewall (IPv4/IPv6)
(MLD-snooping)                                            Switches (MLD-snooping)                     Switches (MLD-snooping)
     Presentation_ID        © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                        42
Hybrid Branch Example

          § Mixture of attributes from each profile
          § An example to show configuration for different tiers
          § Basic HA in critical roles is the goal
                                                                                                                               Headquarters
                                     Branch                                                    Primary DMVPN Tunnel
                                                                                               2001:DB8:CAFE:20A::/64
               VLAN 101:                           2001:DB8:CAFE:1000::/64                     Backup DMVPN Tunnel (dashed)
               2001:DB8:CAFE:1002::/64                                                         2001:DB8:CAFE:20B::/64          2001:DB8:CAFE:202::/64
                                         ASA-1                                     BR1-1 ::2                              ::1 HE1
                       BR1-LAN     ::1                                   ::2                                                          ::2               Enterprise
                                                   ::4                                                                                                   Campus
                                                                                                                                                        Data Center
                                   ::2
                                                                                                           WAN                        ::3
     BR1-LAN-SW
                             ::3                   ::5                  ::3
                                                                                  BR1-2 ::3                              ::1   HE2

                                                      HSRP for IPv6 VIP Address
VLAN Interfaces:                                      - FE80::5:73FF:FEA0:2
104 - 2001:DB8:CAFE:1004::/64 – PC
105 - 2001:DB8:CAFE:1005::/64 – Voice
106 - 2001:DB8:CAFE:1006::/64 – Printer




           Presentation_ID          © 2010 Cisco and/or its affiliates. All rights reserved.    Cisco Public                                                  43
DMVPN with IPv6
          Hub Configuration Example

crypto isakmp policy 1
                                                                                                       interface Tunnel0
    encr aes 256                                                                                        description DMVPN Tunnel 1
    authentication pre-share                                                                            ip address 10.126.1.1 255.255.255.0
    group 2                                                                                             ipv6 address 2001:DB8:CAFE:20A::1/64
                                                                                                        ipv6 mtu 1416
!
                                                                                                        ipv6 eigrp 10
crypto isakmp key CISCO address 0.0.0.0 0.0.0.0                                                         ipv6 hold-time eigrp 10 35
crypto isakmp key CISCO address ipv6 ::/0                                                               no ipv6 next-hop-self eigrp 10
                                                                                                        no ipv6 split-horizon eigrp 10
!
                                                                                                        ipv6 nhrp authentication CISCO
crypto ipsec transform-set HUB esp-aes 256 esp-sha-hmac                                                 ipv6 nhrp map multicast dynamic
!                                                                                                       ipv6 nhrp network-id 10
crypto ipsec profile HUB                                                                                ipv6 nhrp holdtime 600
                                                                                                        ipv6 nhrp redirect
    set transform-set HUB                                                                               tunnel source Serial1/0
                                                                                                        tunnel mode gre multipoint
                                                                                                        tunnel key 10
                                                               Primary DMVPN Tunnel                     tunnel protection ipsec profile HUB
                                                               2001:DB8:CAFE:20A::/64
                                                               Backup DMVPN Tunnel (dashed)
                                                               2001:DB8:CAFE:20B::/64
                                           BR1-1 ::2                                                  ::1 HE1
                                                                                                                ::2

                                                                              WAN                               ::3

                                           BR1-2 ::3                                             ::1     HE2

          Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                                       44
DMVPN with IPv6
         Spoke Configuration Example
crypto isakmp policy 1
  encr aes 256
  authentication pre-share
  group 2
!
crypto isakmp key CISCO address 0.0.0.0 0.0.0.0
crypto isakmp key CISCO address ipv6 ::/0
!
crypto ipsec transform-set SPOKE esp-aes 256 esp-sha-hmac
!
                                                         interface Tunnel0
crypto ipsec profile SPOKE
                                                          description to HUB
  set transform-set SPOKE
                                                          ip address 10.126.1.2 255.255.255.0
                                                          ipv6 address 2001:DB8:CAFE:20A::2/64
                                                          ipv6 mtu 1416
                                                          ipv6 eigrp 10
                 Primary DMVPN Tunnel                     ipv6 hold-time eigrp 10 35
                 2001:DB8:CAFE:20A::/64                   no ipv6 next-hop-self eigrp 10
                 Backup DMVPN Tunnel (dashed)
                 2001:DB8:CAFE:20B::/64                   no ipv6 split-horizon eigrp 10
                                                          ipv6 nhrp authentication CISCO
       BR1-1 ::2                             ::1 HE1      ipv6 nhrp map 2001:DB8:CAFE:20A::1/64 172.16.1.1
                                                     ::2
                                                          ipv6 nhrp map multicast 172.16.1.1
                          WAN                        ::3
                                                          ipv6 nhrp network-id 10
                                                          ipv6 nhrp holdtime 600
                                                 HE2      ipv6 nhrp nhs 2001:DB8:CAFE:20A::1
       BR1-2 ::3                           ::1
                                                          ipv6 nhrp shortcut
                                                          tunnel source Serial1/0
                                                          tunnel mode gre multipoint
                                                          tunnel key 10
                                                          tunnel protection ipsec profile SPOKE
         Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   45
ASA with IPv6
      Snippet of full config – examples of IPv6 usage
name 2001:db8:cafe:1003:: BR1-LAN description VLAN on EtherSwitch
name 2001:db8:cafe:1004:9db8:3df1:814c:d3bc Br1-v6-Server
!
interface GigabitEthernet0/0
  description TO WAN
  nameif outside
  security-level 0
  ip address 10.124.1.4 255.255.255.0 standby 10.124.1.5
  ipv6 address 2001:db8:cafe:1000::4/64 standby 2001:db8:cafe:1000::5
!
interface GigabitEthernet0/1
  description TO BRANCH LAN
  nameif inside
  security-level 100
  ip address 10.124.3.1 255.255.255.0 standby 10.124.3.2
  ipv6 address 2001:db8:cafe:1002::1/64 standby 2001:db8:cafe:1002::2
!
ipv6 route inside BR1-LAN/64 2001:db8:cafe:1002::3
ipv6 route outside ::/0 fe80::5:73ff:fea0:2
!
ipv6 access-list v6-ALLOW permit icmp6 any any
ipv6 access-list v6-ALLOW permit tcp 2001:db8:cafe::/48 host Br1-v6-Server object-group RDP
!
failover
failover lan unit primary
failover lan interface FO-LINK GigabitEthernet0/3
failover interface ip FO-LINK 2001:db8:cafe:1001::1/64 standby 2001:db8:cafe:1001::2
access-group v6-ALLOW in interface outside

      Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   46
Branch LAN
      Connecting Hosts
ipv6 dhcp pool DATA_W7
  dns-server 2001:DB8:CAFE:102::8
  domain-name cisco.com
!
interface GigabitEthernet0/0
  description to BR1-LAN-SW
  no ip address                                                                                                       BR1-LAN
  duplex auto
  speed auto
!                                                                                                      BR1-LAN-SW
interface GigabitEthernet0/0.104
  description VLAN-PC
  encapsulation dot1Q 104
                                                                                                  VLAN Interfaces:
  ip address 10.124.104.1 255.255.255.0                                                           104 - 2001:DB8:CAFE:1004::/64 – PC
  ipv6 address 2001:DB8:CAFE:1004::1/64                                                           105 - 2001:DB8:CAFE:1005::/64 – Voice
  ipv6 nd other-config-flag                                                                       106 - 2001:DB8:CAFE:1006::/64 – Printer

  ipv6 dhcp server DATA_W7
  ipv6 eigrp 10
!
interface GigabitEthernet0/0.105
  description VLAN-PHONE
  encapsulation dot1Q 105
  ip address 10.124.105.1 255.255.255.0
  ipv6 address 2001:DB8:CAFE:1005::1/64
  ipv6 nd prefix 2001:DB8:CAFE:1005::/64 0 0 no-autoconfig
  ipv6 nd managed-config-flag
  ipv6 dhcp relay destination 2001:DB8:CAFE:102::9
  ipv6 eigrp 10

      Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                                             47
#CNSF2011
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public          48
Cisco Remote VPN – IPv6

 Client-based IPsec VPN




 Client-based SSL
                                                                         Internet



§ Cisco VPN Client 4.x
       IPv4 IPSec Termination (PIX/ASA/IOS VPN/
       Concentrator)
       IPv6 Tunnel Termination (IOS ISATAP or Configured
       Tunnels)
§ AnyConnect Client 2.x
       SSL/TLS or DTLS (datagram TLS = TLS over UDP)
       Tunnel transports both IPv4 and IPv6 and the
       packets exit the tunnel at the hub ASA as native IPv4
       and IPv6.

 Presentation_ID        © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   49
AnyConnect 2.x—SSL VPN
                                            asa-edge-1#show vpn-sessiondb svc
                                            Session Type: SVC
                                            Username     : ciscoese               Index       :           14
                                            Assigned IP : 10.123.2.200            Public IP   :           10.124.2.18
                                            Assigned IPv6: 2001:db8:cafe:101::101
                                            Protocol     : Clientless SSL-Tunnel DTLS-Tunnel
                                            License      : SSL VPN
                                            Encryption   : RC4 AES128             Hashing     :           SHA1
                                            Bytes Tx     : 79763                  Bytes Rx    :           176080
                                            Group Policy : AnyGrpPolicy           Tunnel Group:           ANYCONNECT
                                            Login Time   : 14:09:25 MST Mon Dec 17 2007
                                            Duration     : 0h:47m:48s
                                            NAC Result   : Unknown
                                            VLAN Mapping : N/A                    VLAN        :           none




                                                                                              Cisco ASA



Dual-Stack Host
AnyConnect Client
  Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                      50
AnyConnect 2.x—Summary
     Configuration
interface GigabitEthernet0/0
  nameif outside
  security-level 0
  ip address 10.123.1.4 255.255.255.0
  ipv6 enable                                                                                                                Outside
!
interface GigabitEthernet0/1
  nameif inside
  security-level 100
  ip address 10.123.2.4 255.255.255.0                                                              2001:db8:cafe:101::ffff   Inside
  ipv6 address 2001:db8:cafe:101::ffff/64
!
ipv6 local pool ANYv6POOL 2001:db8:cafe:101::101/64 200
webvpn
 enable outside
 svc enable
 tunnel-group-list enable
group-policy AnyGrpPolicy internal
group-policy AnyGrpPolicy attributes
 vpn-tunnel-protocol svc
 default-domain value cisco.com
 address-pools value AnyPool
tunnel-group ANYCONNECT type remote-access                                        http://www.cisco.com/en/US/docs/security/vp
tunnel-group ANYCONNECT general-attributes                                        n_client/anyconnect/anyconnect20/administra
 address-pool AnyPool
                                                                                  tive/guide/admin6.html#wp1002258
 ipv6-address-pool ANYv6POOL
 default-group-policy AnyGrpPolicy
tunnel-group ANYCONNECT webvpn-attributes
 group-alias ANYCONNECT enable
     Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.     Cisco Public                                       51
#CNSF2011
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public          52
Top SP Concerns for Enterprise Accounts

                  Port to Port
                                                                                                Multi-Homing
                   Access

                                                                         IPv6

                   Content                                                                      Provisioning




Presentation_ID       © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                  53
Port-to-Port Access
      Port to Port Access                                            Multi-Homing

                                            IPv6

                  Content                                             Provisioning




  Basic Internet*                                                • Dual-stack or native IPv6 at each POP
                                                                 • SLA driven just like IPv4 to support VPN, content access


                                                                 • 6VPE
                  MPLS                                           • IPv6 Multicast
                                                                 • End-to-End traceability


     Hosted (see                                                 • IPv6 access to hosted content
                                                                 • Cloud migration (move data from Ent DC to Hosted DC)
      content)
Presentation_ID             © 2010 Cisco and/or its affiliates. All rights reserved.        * = most common issue
                                                                                       Cisco Public                           54
Multi-Homing

      Port to Port Access                                            Multi-Homing

                                            IPv6

                  Content                                             Provisioning



                                                                      • PA is no good for customers with multiple providers or change
     PI/PA Policy *                                                     them at any pace
                                                                      • PI is new, constantly changing expectations and no “guarantee” an
                                                                        SP won’t do something stupid like not route PI space
      Concerns                                                        • Customers fear that RIR will review existing IPv4 space and want it
                                                                        back if they get IPv6 PI

                                                                      • Religious debate about the security exposure – not a multi-homing
                                                                        issue
                    NAT                                               • If customer uses NAT like they do today to prevent address/policy
                                                                        exposure, where do they get the technology from – no scalable
                                                                        IPv6 NAT exists today


                                                                      • Is it really different from what we do today with IPv4? Is this policy

             Routing                                                    stuff?
                                                                      • Guidance on prefixes per peering point, per theater, per ISP,
                                                                        ingress/egress rules, etc.. – this is largely missing today


Presentation_ID             © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                                              55
Content

      Port to Port Access                                            Multi-Homing

                                            IPv6

                  Content                                             Provisioning




Hosted/Cloud Apps
      today
                                                      *               • IPv6 provisioning and access to hosted or cloud-based
                                                                        services today (existing agreements)
                                                                      • Salesforce.com, Microsoft BPOS (Business Productivity
                                                                        Online Services), Amazon, Google Apps


          Move to                                                     • Movement from internal-only DC services to
                                                                        hosted/cloud-based DC
        Hosted/Cloud                                                  • Provisioning, data/network migration services, DR/HA



 Contract/Managed                                                     • Third-party marketing, business development,
                                                                        outsourcing
 Marketing/Portals                                                    • Existing contracts – connect over IPv6


Presentation_ID             © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                             56
Provisioning

      Port to Port Access                                            Multi-Homing

                                            IPv6

                  Content                                             Provisioning




           SP Self-                                                   • Not a lot of information from accounts on this but it does
                                                                        concern them
           Service                                                    • How can they provision their own services (i.e. cloud) to
                                                                        include IPv6 services and do it over IPv6
           Portals

                                                      *               • More of a management topic but the point here is that
                                                                        customers want the ability to alter their services based on
                    SLA                                                 violations, expiration or restrictions on the SLA
                                                                      • Again, how can they do this over IPv6 AND for IPv6
                                                                        services


Presentation_ID             © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                                   57
The Scope of IPv6 Deployment
                                Web Content Management
                             Applications & Application Suites
     Data                     Client                                                      Collaboration
                                                                                                                   Sensors &
    Center                    Access                        Printers                       Devices &
                                                                                                                   Controllers




                                                                                                                                                                    Roll-out Releases & Planning
                                                                                                                                    Staff Training and Operations
    Servers                   (PC’s)                                                       Gateways
                                    Networked Device Support

                  Load
                                         Security                                                         Optimization
DNS &           Balancing                                                        Content                                    VPN
                                        (Firewalls                                                        (WAAS, SSL
DHCP            & Content                                                      Distribution                                Access
                                        & IDS/IPS)                                                        acceleration)
                Switching
                             Networked Infrastructure Services
Deployment                      IPv6 over IPv4 Tunnels                                                             IPv6 over MPLS
                               (Configured, 6to4, ISATAP, GRE)
                                                                                           Dual-Stack                (6PE/6VPE)
Scenario
                          IP Services (QoS, Multicast, Mobility, Translation)
 Hardware                                                     IP                             Routing
                          Connectivity                                                                            Instrumentation
  Support                                                 Addressing                        Protocols

        Presentation_ID
                                 Basic Network Infrastructure
                               © 2010 Cisco and/or its affiliates. All rights reserved.    Cisco Public                                                             58
IPv6 + VDI and/or High-density VM

§ Movement to Virtual Desktop Infrastructure and large scale
  VM deployments leads customers to the question – how many
  VMs can I get on a single VLAN?
             Today - Limited to broadcast domain and ARP scaling
             IPv6 has no broadcast – what is the control plane impact of having only
             IPv6 multicast for neighbor/router activity? Less/Same??
             Can I greatly increase the number of hosts/VMs per VLAN without IPv4?

§ Can IPv6 solve my internal RFC1918 starvation
  issue – specifically inside my Data Center?
             Most VDI deployments are ‘additive’ in host count not a
             direct 1:1 replacement from thick-to-thin/zero client

§ Building on interest and possibilities with LISP


Presentation_ID       © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   59
Conclusion

§ “Dual stack where you can – Tunnel where you must –
  Translate only when you have a gun to your head”
§ Create a virtual team of IT representatives from every area of
  IT to ensure coverage for OS, Apps, Network and
  Operations/Management
§ Microsoft Windows Vista, Windows 7 and Server 2008 will
  have IPv6 enabled by default—understand what impact any
  OS has on the network
§ Deploy it – at least in a lab – IPv6 won’t bite
§ Things to consider:
          Focus on what you must have in the near-term (lower your
          expectations) but pound your vendors and others to support your long-
          term goals
          Don’t be too late to the party – anything done in a panic is likely going
          to go badly



Presentation_ID     © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   60
#CNSF2011
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public          61
#CNSF2011
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public          62
Thank you.




             #CNSF2011
#CNSF2011
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public          64
Information about Cisco
§ 300 locations in 90 countries                                                    § 66,000+ Employees
§ 400 buildings                                                                         20,000 Channel Partners
§ 51 data centers and                                                              § 110+ Application
  server rooms                                                                       Service Providers
§ 1500+ labs world wide                                                            § 210+ Business and Support
  (500+ in San Jose)                                                                 Development Partners




                                                                                      Over 180,000 people around the
                                                                                     world in the extended Cisco family
                     ASIAPAC                                               N. America             S. America   Europe   Middle East
   Presentation_ID      © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                                 65
Drivers and Goals
§ Business Drivers
          1. IPv6 leadership and mindshare
          2. IPv6 product and solution readiness
§ IT Drivers
          1. Corporate Growth (IPv4 Address Depletion)
          2. Enable IPv6 Infrastructure for development and testing
          3. Cisco on Cisco

§ Goals
          1. cisco.com IPv6 Internet presence
          2. Enable ubiquitous IPv6-enabled user access in the
             network
          3. End to end IPv6 (Dual Stack)


Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   66
Cisco IT’s IPv6 Strategy
                                                                                                                                   Future


                                  IPv6 Internet Presence (cisco.com)
                            Static Content                                             All Content            All Content         Long-Term
                                 Only                                                   and Apps                                     IPv6
                                                                                                               and Apps          Investments
                            Separate URL                                           Separate URL              Single URL         Apps & services
                            Separate Web                                           Separate Web              Converged
                              Front-end                                              Front-end              Web Front-End        Collaboration

                                                                                                                                Communication

                                                                                                                                Enterprise Apps

                                           Ubiquitous IPv6 User Access                                                             Content


                            Limited IPv6
                           Tunnel Service-                                       Dual Stack                   Dual Stack
  Limited IPv6                                                                                             Desktop Networks
 Tunnel Service            Dual Stack Core                                    Desktop Networks

Corp and Internet          Corp and Internet                                     SJC and RTP                All global sites,
access on request               access                                          Corp and Internet           remote access
                              on request                                            Access                 Corp and Internet
                           GGSG Dual Stack                                                                       Access




         Presentation_ID    © 2010 Cisco and/or its affiliates. All rights reserved.        Cisco Public                                  67
IPv6 Deployment Plan
 (Ubiquitous IPv6 User Access)
§ Pilot Phase (Completed)
       Ø Single Tunnel Head End with Tunnelled IPv6 Internet Connectivity
       Ø Offers 6in4 Tunnels for Labs and ISATAP for Desktop users
§ Phase 1 – Dual Stacked Core and Tunnelling Infrastructure
       Ø Dual Stacked CAPNet and Partial Core
       Ø Five Regional Tunnels Head Ends
       Ø Native IPv6 in SJ with Dual stacked Alpha DMZ
       Ø Native IPv6 in RTP with Dual Stacked Alpha DMZ
§ Phase 2 – Desktop (Wired and Wireless) and DC Pilot
       Ø Dual Stack Pilot Desktop Wired and Wireless
       Ø Isolated Dual Stacked DC Pod (IPv6 DC Island)
§ Phase 3 – DC, DMZ, RO, OOB, Lab, Remaining Core, MPLS
  VPNs, Multicast, QoS, Extranet (TBD)


  Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   68
Cisco.com Phase I Solution Overview

§ Replication
          Replicate •g
                     static content•hto v6 environment
          Directories with secure content in them will not be replicated
          200G of content is replicated to IPv6 environment

§ Content Delivery
          AAAA record for www.ipv6.cisco.com served from DNS
          •g
           Static Content•hserved locally
          Dynamic Content redirected to WWW




Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   71
www.ipv6.cisco.com – 2001:420:80:1::5




Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   72
#CNSF2011
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public          74
§ June 8, 2011 from 0:00 UTC to June 9, 2011 0:00 UTC
§ Coordinated, cooperative IPv6 activation by websites and CDNs
§ Worldwide testbed for data gathering
§ http://isoc.org/wp/worldipv6day/




    Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   75
Step Back: How are Clients Served?
                                                                                            § Dual stacked (IPv4
                                                                                              and IPv6 enabled
                                                                                              hosts) as well as
                                                                                              IPv6 only hosts use
                                                                                              IPv6 network

                                                                                            § IPv4 only clients will
                                                                                              use IPv4 network




§ IPv6 data paths are independent of IPv4 paths
§ IPv6 capable devices will prefer IPv6 connectivity
§ IPv6 paths will see unprecedented stress on June 8
§ IPv4 only sites will see no changes
Presentation_ID   © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public                              76
Website Owners

                                                                                                                      Dual Stack
                                                             IPv4                                  Dual Stack
                                                                                                                       with IPv6
                                                             Only                                  (IPv4/IPv6)
                                                                                                                       problem
Network Operators




                            IPv4 Only
    (end users)




                          Dual Stack
                          (IPv4/IPv6)

                           Dual Stack
                            with IPv6
                            problem




                    Presentation_ID     © 2010 Cisco and/or its affiliates. All rights reserved.       Cisco Public                77
§ Estimated impacted Internet population:
   • 0.05% of all users or ~ 500,000 hosts *
§ Most sites or hosts will not notice the change
§ Typical impacts
   •     Slow connection startup as IPv6 fails and falls back to IPv4
   •     Slow performance due to congested IPv6 paths
   •     Failed connectivity for misconfigured devices or networks
   •     DNS lookup failures




   * Source: http://www.isc.org/solutions/survey


       Presentation_ID     © 2010 Cisco and/or its affiliates. All rights reserved.   Cisco Public   78
Thank you.




             #CNSF2011

Contenu connexe

Tendances

2012 07 Low Carbon Green Building Performance Design
2012 07 Low Carbon Green Building Performance Design2012 07 Low Carbon Green Building Performance Design
2012 07 Low Carbon Green Building Performance DesignSteve Lojuntin
 
How to build a Wood house
How to build a Wood houseHow to build a Wood house
How to build a Wood househariprasath143
 
Light emitting concrete [OR] Translucent concrete
Light emitting concrete [OR] Translucent concreteLight emitting concrete [OR] Translucent concrete
Light emitting concrete [OR] Translucent concreteShaik Asif Ahmed
 
Sustainable Design Principles
Sustainable Design PrinciplesSustainable Design Principles
Sustainable Design PrinciplesZMM, Inc.
 
Building the Future: Net Zero and Net Zero Ready
Building the Future: Net Zero and Net Zero ReadyBuilding the Future: Net Zero and Net Zero Ready
Building the Future: Net Zero and Net Zero ReadyRDH Building Science
 
green building by Priyanshu kumar,9608684800
green building by Priyanshu kumar,9608684800green building by Priyanshu kumar,9608684800
green building by Priyanshu kumar,9608684800PRIYANSHU KUMAR
 
Stone coated metal roof tile catalogue
Stone coated metal roof tile catalogueStone coated metal roof tile catalogue
Stone coated metal roof tile catalogueAllen Humphrey
 
Community Architecture
Community ArchitectureCommunity Architecture
Community ArchitectureNick Wates
 
TERI-The Energy And Resource Institute
TERI-The Energy And Resource  InstituteTERI-The Energy And Resource  Institute
TERI-The Energy And Resource InstituteApoorva Gupta
 
Sustainable Architecture Design
Sustainable Architecture DesignSustainable Architecture Design
Sustainable Architecture DesignKevin Francis
 
Zero energy building
Zero energy buildingZero energy building
Zero energy buildingANIL SINGH
 
Carbon Nano-tubes in Civil Engineering
Carbon Nano-tubes in Civil EngineeringCarbon Nano-tubes in Civil Engineering
Carbon Nano-tubes in Civil EngineeringAnkit Chandan
 
HBIM Leinster House, Laser Scan Survey Modelling and Conservation documentati...
HBIM Leinster House, Laser Scan Survey Modelling and Conservation documentati...HBIM Leinster House, Laser Scan Survey Modelling and Conservation documentati...
HBIM Leinster House, Laser Scan Survey Modelling and Conservation documentati...CARARE
 
Understanding Net Zero
Understanding Net ZeroUnderstanding Net Zero
Understanding Net ZeroRob Freeman
 
BIM-Era of digital construction
BIM-Era of digital constructionBIM-Era of digital construction
BIM-Era of digital constructionBIMLABS GLOBAL
 
Architectural Design Concepts Approaches - كونسيبت التصميم المعمارى و الفكرة ...
Architectural Design Concepts Approaches - كونسيبت التصميم المعمارى و الفكرة ...Architectural Design Concepts Approaches - كونسيبت التصميم المعمارى و الفكرة ...
Architectural Design Concepts Approaches - كونسيبت التصميم المعمارى و الفكرة ...Galala University
 

Tendances (20)

2012 07 Low Carbon Green Building Performance Design
2012 07 Low Carbon Green Building Performance Design2012 07 Low Carbon Green Building Performance Design
2012 07 Low Carbon Green Building Performance Design
 
How to build a Wood house
How to build a Wood houseHow to build a Wood house
How to build a Wood house
 
Light emitting concrete [OR] Translucent concrete
Light emitting concrete [OR] Translucent concreteLight emitting concrete [OR] Translucent concrete
Light emitting concrete [OR] Translucent concrete
 
Sustainable Design Principles
Sustainable Design PrinciplesSustainable Design Principles
Sustainable Design Principles
 
Green building
Green buildingGreen building
Green building
 
Building the Future: Net Zero and Net Zero Ready
Building the Future: Net Zero and Net Zero ReadyBuilding the Future: Net Zero and Net Zero Ready
Building the Future: Net Zero and Net Zero Ready
 
green building by Priyanshu kumar,9608684800
green building by Priyanshu kumar,9608684800green building by Priyanshu kumar,9608684800
green building by Priyanshu kumar,9608684800
 
Stone coated metal roof tile catalogue
Stone coated metal roof tile catalogueStone coated metal roof tile catalogue
Stone coated metal roof tile catalogue
 
Community Architecture
Community ArchitectureCommunity Architecture
Community Architecture
 
TERI-The Energy And Resource Institute
TERI-The Energy And Resource  InstituteTERI-The Energy And Resource  Institute
TERI-The Energy And Resource Institute
 
Sustainable Architecture Design
Sustainable Architecture DesignSustainable Architecture Design
Sustainable Architecture Design
 
Leed for SWE WE 14
Leed for SWE WE 14Leed for SWE WE 14
Leed for SWE WE 14
 
Zero energy building
Zero energy buildingZero energy building
Zero energy building
 
Green buildings
Green buildingsGreen buildings
Green buildings
 
Carbon Nano-tubes in Civil Engineering
Carbon Nano-tubes in Civil EngineeringCarbon Nano-tubes in Civil Engineering
Carbon Nano-tubes in Civil Engineering
 
Green Building Materials
Green Building MaterialsGreen Building Materials
Green Building Materials
 
HBIM Leinster House, Laser Scan Survey Modelling and Conservation documentati...
HBIM Leinster House, Laser Scan Survey Modelling and Conservation documentati...HBIM Leinster House, Laser Scan Survey Modelling and Conservation documentati...
HBIM Leinster House, Laser Scan Survey Modelling and Conservation documentati...
 
Understanding Net Zero
Understanding Net ZeroUnderstanding Net Zero
Understanding Net Zero
 
BIM-Era of digital construction
BIM-Era of digital constructionBIM-Era of digital construction
BIM-Era of digital construction
 
Architectural Design Concepts Approaches - كونسيبت التصميم المعمارى و الفكرة ...
Architectural Design Concepts Approaches - كونسيبت التصميم المعمارى و الفكرة ...Architectural Design Concepts Approaches - كونسيبت التصميم المعمارى و الفكرة ...
Architectural Design Concepts Approaches - كونسيبت التصميم المعمارى و الفكرة ...
 

Similaire à Enterprise IPv6 Deployment

Run Your Oracle BI QA Cycles More Effectively
Run Your Oracle BI QA Cycles More EffectivelyRun Your Oracle BI QA Cycles More Effectively
Run Your Oracle BI QA Cycles More EffectivelyKPI Partners
 
MSA, TBD, DDD, TDD, BDD, WTF?
MSA, TBD, DDD, TDD, BDD, WTF?MSA, TBD, DDD, TDD, BDD, WTF?
MSA, TBD, DDD, TDD, BDD, WTF?Michael Lambert
 
Consolidation Planning: Getting the Most from Your Virtualization Initiative
Consolidation Planning: Getting the Most from Your Virtualization InitiativeConsolidation Planning: Getting the Most from Your Virtualization Initiative
Consolidation Planning: Getting the Most from Your Virtualization InitiativeNovell
 
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & OpportunitiesJoint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & OpportunitiescVidya Networks
 
Astute oracle i participate webinar series - v1
Astute   oracle i participate webinar series - v1Astute   oracle i participate webinar series - v1
Astute oracle i participate webinar series - v1Arvind Rajan
 
The Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryThe Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryOpSource
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleSanjeev Sharma
 
IDC & Gomez Webinar --Best Practices: Protect Your Online Revenue Through Web...
IDC & Gomez Webinar --Best Practices: Protect Your Online Revenue Through Web...IDC & Gomez Webinar --Best Practices: Protect Your Online Revenue Through Web...
IDC & Gomez Webinar --Best Practices: Protect Your Online Revenue Through Web...Compuware APM
 
XebiaLabs, CloudBees, Puppet Labs Webinar Slides - IT Automation for the Mode...
XebiaLabs, CloudBees, Puppet Labs Webinar Slides - IT Automation for the Mode...XebiaLabs, CloudBees, Puppet Labs Webinar Slides - IT Automation for the Mode...
XebiaLabs, CloudBees, Puppet Labs Webinar Slides - IT Automation for the Mode...XebiaLabs
 
Developers Driving DevOps at Scale: 5 Keys to Success
Developers Driving DevOps at Scale: 5 Keys to SuccessDevelopers Driving DevOps at Scale: 5 Keys to Success
Developers Driving DevOps at Scale: 5 Keys to SuccessDevOps.com
 
Migrating Mission-Critical Workloads to Intel Architecture
Migrating Mission-Critical Workloads to Intel ArchitectureMigrating Mission-Critical Workloads to Intel Architecture
Migrating Mission-Critical Workloads to Intel ArchitectureIntel IT Center
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudMicro Focus
 
1221 raise expectations_for_the_ always_on_enterprise
1221 raise expectations_for_the_ always_on_enterprise1221 raise expectations_for_the_ always_on_enterprise
1221 raise expectations_for_the_ always_on_enterpriseScott Simmons
 
Cloud-enabled Development: Putting the Agile into the Infrastructure
Cloud-enabled Development: Putting the Agile into the InfrastructureCloud-enabled Development: Putting the Agile into the Infrastructure
Cloud-enabled Development: Putting the Agile into the Infrastructurebrian.white
 
FACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern WorldFACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern WorldReal-Time Innovations (RTI)
 
Value Of Cloud Computing For Fed Governmen Oct 8 Tim May
Value Of Cloud Computing For Fed Governmen Oct 8 Tim MayValue Of Cloud Computing For Fed Governmen Oct 8 Tim May
Value Of Cloud Computing For Fed Governmen Oct 8 Tim MayGovCloud Network
 
Konsolider, optimer og automatiser dit servermiljø med IBM PureApplications S...
Konsolider, optimer og automatiser dit servermiljø med IBM PureApplications S...Konsolider, optimer og automatiser dit servermiljø med IBM PureApplications S...
Konsolider, optimer og automatiser dit servermiljø med IBM PureApplications S...IBM Danmark
 
The 7 Secrets of Performance Management in Virtualized Environments
The 7 Secrets of Performance Management in Virtualized EnvironmentsThe 7 Secrets of Performance Management in Virtualized Environments
The 7 Secrets of Performance Management in Virtualized EnvironmentseG Innovations
 

Similaire à Enterprise IPv6 Deployment (20)

Run Your Oracle BI QA Cycles More Effectively
Run Your Oracle BI QA Cycles More EffectivelyRun Your Oracle BI QA Cycles More Effectively
Run Your Oracle BI QA Cycles More Effectively
 
Telcom Offshoring
Telcom OffshoringTelcom Offshoring
Telcom Offshoring
 
MSA, TBD, DDD, TDD, BDD, WTF?
MSA, TBD, DDD, TDD, BDD, WTF?MSA, TBD, DDD, TDD, BDD, WTF?
MSA, TBD, DDD, TDD, BDD, WTF?
 
Consolidation Planning: Getting the Most from Your Virtualization Initiative
Consolidation Planning: Getting the Most from Your Virtualization InitiativeConsolidation Planning: Getting the Most from Your Virtualization Initiative
Consolidation Planning: Getting the Most from Your Virtualization Initiative
 
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & OpportunitiesJoint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
 
Astute oracle i participate webinar series - v1
Astute   oracle i participate webinar series - v1Astute   oracle i participate webinar series - v1
Astute oracle i participate webinar series - v1
 
The Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryThe Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS Delivery
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scale
 
IDC & Gomez Webinar --Best Practices: Protect Your Online Revenue Through Web...
IDC & Gomez Webinar --Best Practices: Protect Your Online Revenue Through Web...IDC & Gomez Webinar --Best Practices: Protect Your Online Revenue Through Web...
IDC & Gomez Webinar --Best Practices: Protect Your Online Revenue Through Web...
 
XebiaLabs, CloudBees, Puppet Labs Webinar Slides - IT Automation for the Mode...
XebiaLabs, CloudBees, Puppet Labs Webinar Slides - IT Automation for the Mode...XebiaLabs, CloudBees, Puppet Labs Webinar Slides - IT Automation for the Mode...
XebiaLabs, CloudBees, Puppet Labs Webinar Slides - IT Automation for the Mode...
 
Developers Driving DevOps at Scale: 5 Keys to Success
Developers Driving DevOps at Scale: 5 Keys to SuccessDevelopers Driving DevOps at Scale: 5 Keys to Success
Developers Driving DevOps at Scale: 5 Keys to Success
 
Migrating Mission-Critical Workloads to Intel Architecture
Migrating Mission-Critical Workloads to Intel ArchitectureMigrating Mission-Critical Workloads to Intel Architecture
Migrating Mission-Critical Workloads to Intel Architecture
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
 
101 cd 1445-1515
101 cd 1445-1515101 cd 1445-1515
101 cd 1445-1515
 
1221 raise expectations_for_the_ always_on_enterprise
1221 raise expectations_for_the_ always_on_enterprise1221 raise expectations_for_the_ always_on_enterprise
1221 raise expectations_for_the_ always_on_enterprise
 
Cloud-enabled Development: Putting the Agile into the Infrastructure
Cloud-enabled Development: Putting the Agile into the InfrastructureCloud-enabled Development: Putting the Agile into the Infrastructure
Cloud-enabled Development: Putting the Agile into the Infrastructure
 
FACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern WorldFACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern World
 
Value Of Cloud Computing For Fed Governmen Oct 8 Tim May
Value Of Cloud Computing For Fed Governmen Oct 8 Tim MayValue Of Cloud Computing For Fed Governmen Oct 8 Tim May
Value Of Cloud Computing For Fed Governmen Oct 8 Tim May
 
Konsolider, optimer og automatiser dit servermiljø med IBM PureApplications S...
Konsolider, optimer og automatiser dit servermiljø med IBM PureApplications S...Konsolider, optimer og automatiser dit servermiljø med IBM PureApplications S...
Konsolider, optimer og automatiser dit servermiljø med IBM PureApplications S...
 
The 7 Secrets of Performance Management in Virtualized Environments
The 7 Secrets of Performance Management in Virtualized EnvironmentsThe 7 Secrets of Performance Management in Virtualized Environments
The 7 Secrets of Performance Management in Virtualized Environments
 

Plus de Cisco Canada

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco Canada
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018   iot demo kinetic frCisco connect montreal 2018   iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco Canada
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco Canada
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018    secure dcCisco connect montreal 2018    secure dc
Cisco connect montreal 2018 secure dcCisco Canada
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018   enterprise networks - say goodbye to vla nsCisco connect montreal 2018   enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco Canada
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco Canada
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Canada
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco Canada
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Cisco Canada
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018   compute v finalCisco connect montreal 2018   compute v final
Cisco connect montreal 2018 compute v finalCisco Canada
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco Canada
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018   DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018   DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Canada
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018   an introduction to Cisco kineticCisco Connect Toronto 2018   an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Canada
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Canada
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018  DevNet OverviewCisco Connect Toronto 2018  DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Canada
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018  DNA assuranceCisco Connect Toronto 2018  DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Canada
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018   network-slicingCisco Connect Toronto 2018   network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Canada
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018   the intelligent network with cisco merakiCisco Connect Toronto 2018   the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018   sixty to zeroCisco Connect Toronto 2018   sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Canada
 

Plus de Cisco Canada (20)

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devops
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018   iot demo kinetic frCisco connect montreal 2018   iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic fr
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018    secure dcCisco connect montreal 2018    secure dc
Cisco connect montreal 2018 secure dc
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018   enterprise networks - say goodbye to vla nsCisco connect montreal 2018   enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybrides
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018   compute v finalCisco connect montreal 2018   compute v final
Cisco connect montreal 2018 compute v final
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018   DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018   DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018   an introduction to Cisco kineticCisco Connect Toronto 2018   an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018   IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018  DevNet OverviewCisco Connect Toronto 2018  DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018  DNA assuranceCisco Connect Toronto 2018  DNA assurance
Cisco Connect Toronto 2018 DNA assurance
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018   network-slicingCisco Connect Toronto 2018   network-slicing
Cisco Connect Toronto 2018 network-slicing
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018   the intelligent network with cisco merakiCisco Connect Toronto 2018   the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018   sixty to zeroCisco Connect Toronto 2018   sixty to zero
Cisco Connect Toronto 2018 sixty to zero
 

Dernier

COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 

Dernier (20)

20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 

Enterprise IPv6 Deployment

  • 1. #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
  • 2. Reference Materials § New/Updated IPv6 Cisco Sites: http://www.cisco.com/go/ipv6 http://www.cisco.gom/go/entipv6 § Deploying IPv6 in Campus Networks: http://www.cisco.com/en/US/docs/solutions/Enterpri se/Campus/CampIPv6.html § Deploying IPv6 in Branch Networks: http://www.cisco.com/en/US/solutions/ns340/ns414/ ns742/ns816/landing_br_ipv6.html Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  • 3. Recommended Reading Deploying IPv6 in Broadband Networks - Adeel Ahmed, Salman Now available!! Asadullah ISBN0470193387, John Wiley & Sons Publications® Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  • 4. Agenda § The Need for IPv6 § Planning and Deployment Summary § Address Considerations § General Concepts § Infrastructure Deployment Campus/Data Center WAN/Branch Remote Access § Communicating with the Service Providers Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  • 5. #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  • 6. Dramatic Increase in Enterprise Activity Why? • Enterprise that is or will be expanding into new markets Growth/Protection • Address exhaustion Pressure External • Enterprise that partners with other Partnership companies/organizations doing IPv6 • Governments, enterprise partners, contractors • Microsoft Windows 7, Server 2008 OS/Apps • Microsoft DirectAccess Pressure Internal Fixing Old • Mergers &Acquisitions Problems • NAT Overlap • High Density Virtual Machine environments (Server New Technologies virtualization, VDI) • SmartGrid Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  • 7. Innocent W2K3 -to- W2K8 Upgrade Windows 2003 C:>ping svr-01 Pinging svr-01.example.com [10.121.12.25] with 32 bytes of data: Reply from 10.121.12.25: bytes=32 time<1ms TTL=128 Reply from 10.121.12.25: bytes=32 time<1ms TTL=128 Reply from 10.121.12.25: bytes=32 time<1ms TTL=128 Reply from 10.121.12.25: bytes=32 time<1ms TTL=128 Upgraded Host to Windows 2008 C:>ping svr-01 Pinging svr-01 [fe80::c4e2:f21d:d2b3:8463%15] with 32 bytes of data: Reply from fe80::c4e2:f21d:d2b3:8463%15: time<1ms Reply from fe80::c4e2:f21d:d2b3:8463%15: time<1ms Reply from fe80::c4e2:f21d:d2b3:8463%15: time<1ms Reply from fe80::c4e2:f21d:d2b3:8463%15: time<1ms No. Time Source Destination Protocol Info 3969 244.938775 fe80::c4e2:f21d:d2b3:8463 ff02::1:3 UDP Source port: 63828 Destination port: llmnr 3970 244.938958 10.121.12.25 224.0.0.252 UDP Source port: 53753 Destination port: llmnr ...........svr-01…..... § Can happen if the circumstances are right § http://technet.microsoft.com/en- us/library/bb878128.aspx Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  • 8. #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  • 9. Enterprise Adoption Spectrum • Mostly or completely past the “why?” phase • Assessment (e2e) • Weeding out vendors (features and $) • Focus on training and Production/Looking Preliminary filling gaps for parity and Research beyond Pilot/Early Deployment • Still fighting vendors • Is it real? • Content and wide-scale • Do I need to deploy app deployment everywhere? • Review operational cost • Equipment status? of 2 stacks • SP support? • Competitive/Strategic • Addressing advantages of new • What does it cost? environment Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  • 10. Cisco IPv6 Deployment - A Lifecycle Approach Coordinated Planning and Strategy Make Sound Financial Decisions Prepare Operational Excellence Assess Readiness Adapt to Changing Optimize Plan Can Your Network Support Business Requirements the Proposed System? Maintain Network Health Design the Solution Manage, Resolve, Operate Design Products, Service, Support Repair, Replace Aligned to Requirements Implement Implement the Solution Integrate Without Disruption or Causing Vulnerability Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  • 11. IPv6 Integration Outline Pre-Deployment Deployment Phases Phases • Establish the network • Transport considerations starting point for integration • Importance of a network • Campus IPv6 integration assessment and available tools options • Defining early IPv6 security • WAN IPv6 integration options guidelines and requirements • Advanced IPv6 • Additional IPv6 “pre- services options deployment” tasks needing consideration Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  • 12. Where do I start? § Based on Timeframe/Use case § Core-to-Edge - Ideal § Edge-to-Core – Challenging but doable DC DC/Campus Aggregation Core DC Access Campus Block WAN Servers Branch Branch Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 12
  • 13. #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
  • 14. Hierarchical Addressing and Aggregation Site 1 2001:DB8:0001:0001::/64 Only 2001:DB8:0001:0002::/64 Announces the /32 Prefix ISP 2001:DB8:0001::/48 2001:DB8::/32 Site 2 2001:DB8:0002:0001::/64 IPv6 Internet 2001:DB8:0002:0002::/64 2000::/3 2001:DB8:0002::/48 § Default is /48 – can be larger: http://www.ripe.net/ripe/docs/ipv6policy.html § Provider independent - http://www.ripe.net/rs/ipv6/ Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  • 15. Unique-Local Addressing (RFC4193) § Used for internal communications, inter-site VPNs Not routable on the internet—basically RFC1918 for IPv6 only better—less likelihood of collisions § Default prefix is /48 /48 limits use in large organizations that will need more space Semi-random generator prohibits generating sequentially ‘useable’ prefixes—no easy way to have aggregation when using multiple /48s Why not hack the generator to produce something larger than a /48 or even sequential /48s? Is it ‘legal’ to use something other than a /48? Perhaps the entire space? Forget legal, is it practical? Probably, but with dangers—remember the idea for ULA; internal addressing with a slim likelihood of address collisions with M&A. By consuming a larger space or the entire ULA space you will significantly increase the chances of pain in the future with M&A § Routing/security control You must always implement filters/ACLs to block any packets going in or out of your network (at the Internet perimeter) that contain a SA/DA that is in the ULA range— today this is the only way the ULA scope can be enforced § Generate your own ULA: http://www.sixxs.net/tools/grh/ula/ Generated ULA= fd9c:58ed:7d73::/48 * MAC address=00:0D:9D:93:A0:C3 (Hewlett Packard) * EUI64 address=020D9Dfffe93A0C3 * NTP date=cc5ff71943807789 cc5ff71976b28d86 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  • 16. Not Recommended Today ULA-Only Internet Global – NAT66 Required Branch 1 2001:DB8:CAFE::/48 Corp HQ FD9C:58ED:7D73:2800::/64 Corporate Branch 2 Backbone ULA Space FD9C:58ED:7D73::/48 FD9C:58ED:7D73:3000::/64 FD9C:58ED:7D73::2::/64 § Everything internal runs the ULA space § A NAT supporting IPv6 or a proxy is required to access IPv6 hosts on the internet — must run filters to prevent any SA/DA in ULA range from being forwarded § Works as it does today with IPv4 except that NAT66 products/solutions do not yet scale like NAT44 and are not widely available…yet § Removes the advantages of not having a NAT (i.e. application interoperability, global multicast, end-to-end connectivity) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  • 17. Not Recommended ULA + Global Internet Global – Branch 1 2001:DB8:CAFE::/48 Corp HQ FD9C:58ED:7D73:2800::/64 Corporate 2001:DB8:CAFE:2800::/64 Branch 2 Backbone ULA Space FD9C:58ED:7D73::/48 Global – 2001:DB8:CAFE::/48 FD9C:58ED:7D73:3000::/64 FD9C:58ED:7D73::2::/64 2001:DB8:CAFE:3000::/64 2001:DB8:CAFE:2::/64 § Both ULA and Global are used internally except for internal-only hosts § Source Address Selection (SAS) is used to determine which address to use when communicating with other nodes internally or externally § In theory, ULA talks to ULA and Global talks to Global—SAS ‘should’ work this out § ULA-only and Global-only hosts can talk to one another internal to the network § Define a filter/policy that ensures your ULA prefix does not ‘leak’ out onto the Internet and ensure that no traffic can come in or out that has a ULA prefix in the SA/DA fields § Management NIGHTMARE for DHCP, DNS, routing, security, etc… Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  • 18. Recommended Global-Only Internet Global – Branch 1 2001:DB8:CAFE::/48 Corp HQ 2001:DB8:CAFE:2800::/64 Corporate Branch 2 Backbone Global – 2001:DB8:CAFE::/48 2001:DB8:CAFE:3000::/64 2001:DB8:CAFE:2::/64 § Global is used everywhere § No issues with SAS § No requirements to have NAT for ULA-to-Global translation—but, NAT may be used for other purposes § Easier management of DHCP, DNS, security, etc. § Only downside is breaking the habit of believing that topology hiding is a good security method J Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  • 19. Link Level—Prefix Length Considerations 64 bits > 64 bits § Recommended by § Address space conservation RFC5375 and IAB/IESG § Special cases: /126—valid for p2p § Consistency makes (RFC3627) management easy /127—(RFC6164) /128—loopback § MUST for SLAAC (a few other § Complicates management technologies) § Must avoid overlap with § Significant address specific addresses: space loss Router Anycast (RFC3513) Embedded RP (RFC3956) ISATAP addresses Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  • 20. SLAAC & Stateful/Stateless DHCPv6 § StateLess Address AutoConfiguration (SLAAC) § Stateful and stateless DHCPv6 server Cisco Network Registrar: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1982/ Microsoft Windows Server 2008: http://technet2.microsoft.com/windowsserver2008/en/library/bab0f1 a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=true § DHCPv6 Relay—supported on routers and switches IPv6 Enabled Host interface FastEthernet0/1 description CLIENT LINK Network ipv6 address 2001:DB8:CAFE:11::1/64 ipv6 nd prefix 2001:DB8:CAFE:11::/64 no-advertise ipv6 nd managed-config-flag ipv6 dhcp relay destination 2001:DB8:CAFE:10::2 DHCPv6 Server Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  • 21. #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  • 22. First Hop Router Redundancy HSRP for v6 § Modification to Neighbor Advertisement, router HSRP HSRP Advertisement, and ICMPv6 redirects Active Standby § Virtual MAC derived from HSRP group number and virtual IPv6 link-local address GLBP for v6 § Modification to Neighbor Advertisement, Router GLBP GLBP Advertisement—GW is announced via RAs AVG, AVF, AVF SVF § Virtual MAC derived from GLBP group number and virtual IPv6 link-local address Neighbor Unreachability Detection RA Sent § For rudimentary HA at the first HOP Reach-time = 5,000 msec § Hosts use NUD “reachable time” to cycle to next known default gateway (30s by default) No longer needed Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  • 23. HSRP for IPv6 § Many similarities with HSRP for IPv4 § Changes occur in Neighbor Advertisement, Router Advertisement, HSRP HSRP and ICMPv6 redirects Standby Active § No need to configure GW on hosts (RAs are sent from HSRP active router) § Virtual MAC derived from HSRP group number and virtual IPv6 link- local address interface FastEthernet0/1 § IPv6 Virtual MAC range: ipv6 address 2001:DB8:66:67::2/64 0005.73A0.0000 - 0005.73A0.0FFF ipv6 cef (4096 addresses) standby version 2 § HSRP IPv6 UDP Port Number 2029 (IANA Assigned) standby 1 ipv6 autoconfig § No HSRP IPv6 secondary address standby 1 timers msec 250 msec 800 § No HSRP IPv6 specific debug standby 1 preempt standby 1 preempt delay minimum 180 standby 1 authentication md5 key-string cisco standby 1 track FastEthernet0/0 Host with GW of Virtual IP #route -A inet6 | grep ::/0 | grep eth2 ::/0 fe80::5:73ff:fea0:1 UGDA 1024 0 0 eth2 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  • 24. IPv6 QoS Policy & Syntax § Unified QoS Policy (v4/v6 in same policy) or separate? § IPv4 syntax has used “ip” following match/set statements Example: match ip dscp, set ip dscp § Modification in QoS syntax to support IPv6 and IPv4 New match criteria match dscp — Match DSCP in v4/v6 match precedence — Match Precedence in v4/v6 New set criteria set dscp — Set DSCP in v4/v6 set precedence — Set Precedence in v4/v6 § Additional support for IPv6 does not always require new Command Line Interface (CLI) Example—WRED Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  • 25. Scalability and Performance § IPv6 Neighbor Cache = ARP for IPv4 In dual-stack networks the first hop routers/switches will now have more memory consumption due to IPv6 neighbor entries (can be multiple per host) + ARP entries ARP entry for host in the campus distribution layer: Internet 10.120.2.200 2 000d.6084.2c7a ARPA Vlan2 IPv6 Neighbor Cache entry: 2001:DB8:CAFE:2:2891:1C0C:F52A:9DF1 4 000d.6084.2c7a STALE Vl2 2001:DB8:CAFE:2:7DE5:E2B0:D4DF:97EC 16 000d.6084.2c7a STALE Vl2 FE80::7DE5:E2B0:D4DF:97EC 16 000d.6084.2c7a STALE Vl2 § Full internet route tables—ensure to account for TCAM/memory requirements for both IPv4/IPv6—not all vendors can properly support both § Multiple routing protocols—IPv4 and IPv6 will have separate routing protocols. Ensure enough CPU/Memory is present § Control plane impact when using tunnels—terminate ISATAP/configured tunnels in HW platforms when attempting large scale deployments (hundreds/thousands of tunnels) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  • 26. Start Here: Cisco IOS Software Release Specifics for IPv6 Features http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6- roadmap.html #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
  • 27. IPv6 Co-existence Solutions IPv4 Dual Stack IPv6 Recommended Enterprise Co-existence strategy Tunneling Services IPv4 over IPv6 IPv6 over IPv4 Connect Islands of IPv6 or IPv4 Business Partners Translation Services IPv6 Government Agencies International Sites Remote Workers IPv4 Internet consumers Connect to the IPv6 community Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
  • 28. Deploying IPv6 in Campus Networks: http://www.cisco.com/univercd/cc/td/doc/solution/campipv6.pdf #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
  • 29. Campus IPv6 Deployment Options Dual-Stack IPv4/IPv6 IPv6/IPv4 Dual Stack Hosts § #1 requirement—switching/ routing platforms must support Access hardware based forwarding for Layer IPv6 L2/L3 § IPv6 is transparent on L2 Distribution Layer switches but— v6- Enabled v6- Enabled L2 multicast—MLD snooping Dual Stack Dual Stack IPv6 management— v6- v6- Core Layer Enabled Enabled Telnet/SSH/HTTP/SNMP Intelligent IP services on WLAN § Expect to run the same IGPs as v6-Enabled v6-Enabled Aggregation Layer (DC) with IPv4 § VSS supports IPv6 Access Layer (DC) Dual-stack Server Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
  • 30. Distribution Layer: HSRP, EIGRP and DHCPv6-relay (Layer 2 Access) ipv6 unicast-routing interface Vlan4 ! description Data VLAN for Access interface GigabitEthernet1/0/1 ipv6 address 2001:DB8:CAFE:4::2/64 description To 6k-core-right ipv6 nd prefix 2001:DB8:CAFE:4::/64 no-advertise ipv6 address 2001:DB8:CAFE:1105::A001:1010/64 ipv6 nd managed-config-flag ipv6 eigrp 10 ipv6 dhcp relay destination 2001:DB8:CAFE:10::2 ipv6 hello-interval eigrp 10 1 ipv6 eigrp 10 ipv6 hold-time eigrp 10 3 standby version 2 ipv6 authentication mode eigrp 10 md5 standby 2 ipv6 autoconfig ipv6 authentication key-chain eigrp 10 eigrp standby 2 timers msec 250 msec 750 ! standby 2 priority 110 interface GigabitEthernet1/0/2 standby 2 preempt delay minimum 180 description To 6k-core-left standby 2 authentication ese ipv6 address 2001:DB8:CAFE:1106::A001:1010/64 ! ipv6 eigrp 10 ipv6 router eigrp 10 ipv6 hello-interval eigrp 10 1 no shutdown ipv6 hold-time eigrp 10 3 router-id 10.122.10.10 ipv6 authentication mode eigrp 10 md5 passive-interface Vlan4 ipv6 authentication key-chain eigrp 10 eigrp passive-interface Loopback0 Some OS/patches may need “no-autoconfig” Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  • 31. Campus IPv6 Deployment Options Hybrid Model IPv6/IPv4 Dual Stack Hosts § Offers IPv6 connectivity via multiple options Dual-stack Access Layer Configured tunnels—L3-to-L3 L2/L3 ISATAP ISATAP ISATAP—Host-to-L3 Distribution § Leverages existing network NOT v6- NOT v6- Layer § Offers natural progression to Enabled Enabled full dual-stack design § May require tunneling to v6- Enabled v6- Enabled Core Layer less-than-optimal layers (i.e. core layer) Dual Stack Dual Stack § ISATAP creates a flat network (all Aggregation hosts on same tunnel are peers) v6-Enabled v6-Enabled Layer (DC) Create tunnels per VLAN/subnet to keep same segregation as existing design (not clean today) Access Layer (DC) § Provides basic HA of ISATAP tunnels via old Anycast-RP idea Dual-stack Server Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  • 32. Campus Hybrid Model 1 QoS 1. Classification and marking of IPv6 is done on the egress interfaces on the core layer switches because packets have been tunneled until this point— QoS policies for classification and marking cannot be applied to the ISATAP tunnels on ingress 2. The classified and marked IPv6 packets can now be examined by upstream switches (e.g. aggregation layer switches) and the appropriate QoS policies can be applied on ingress. These polices may include trust (ingress), policing (ingress) and queuing (egress) Access Distribution Core Aggregation Access Layer Layer Layer Layer (DC) Layer (DC) IPv6/IPv4 IPv6/IPv4 Dual-stack Hosts Dual-stack Server 1 2 1 2 Access Data Center Block Block IPv6 and IPv4 Enabled Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
  • 33. Campus IPv6 Deployment Options IPv6 Service Block—an Interim Approach VLAN 2 VLAN 3 IPv4-only Campus § Provides ability to rapidly deploy Block IPv6 services without touching existing network ISATAP Access § Provides tight control of where IPv6 Layer is deployed and where the traffic flows (maintain separation of groups/locations) IPv6 Service Block § Offers the same advantages as Dist. Layer Dedicated FW 2 Hybrid Model without the alteration to existing code/configurations § Configurations are very similar to Core the Hybrid Model Layer Internet ISATAP tunnels from PCs in access layer to service block switches (instead of core layer— Hybrid) § 1) Leverage existing ISP block for both IPv4 and IPv6 access Agg IOS FW Layer § 2) Use dedicated ISP connection just for IPv6—Can use IOS FW or Access PIX/ASA appliance Layer Primary ISATAP Tunnel 1 WAN/ISP Block Secondary ISATAP Tunnel Data Center Block Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
  • 34. IPv6 Data Center Integration § The single most overlooked and potentially complicated area of IPv6 deployment § Route/Switch design will be similar to campus based on feature, platform and connectivity similarities – Nexus, 6500 4900M § IPv6 for SAN is supported in SAN-OS 3.0 § Stuff people don’t think about: NIC Teaming, iLO, DRAC, IP KVM, Clusters Innocent looking Server OS upgrades – Windows Server 2008 - Impact on clusters – Microsoft Server 2008 Failover clusters full support IPv6 (and L3) § Build an IPv6-only server farm? Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
  • 35. Virtualized DC Solutions DC Core Nexus® 7000 Nexus® DC Aggregation 7000 Cisco® Catalyst ® ACE/ASA/WAAS 6500 VSS DC Services 10GbE DC Services DC Access Cisco Cisco CBS Catalyst Catalyst 3100 Nexus Nexus Nexus Unified 6500 49xx 7000 2000 5000 Nexus Computing 1000v System MDS Nexus 9124e 1000v DC SAN MDS MDS Gigabit Ethernet 9500 9500 10 Gigabit Ethernet 10 Gigabit DCB 4Gb Fibre Channel 10 Gigabit FCoE/DCB Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
  • 36. IPv6 in the Enterprise Data Center Biggest Challenges Today § Network services above L3 SLB, SSL-Offload, application monitoring (probes) – ACE and GSS Application Optimization – WAAS and ACE High-speed security inspection/perimeter protection – ASA/IPS/IDS/IronPort § Application support for IPv6 – Know what you don’t know If an application is protocol centric (IPv4): Leave as-is Needs to be rewritten Needs to be translated until it is replaced Wait and pressure vendors to move to protocol agnostic framework § Virtualized and Consolidated Data Centers Virtualization ‘should’ make DCs simpler and more flexible Lack of robust DC/Application management is often the root cause of all evil Ensure management systems support IPv6 as well as the devices being managed Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
  • 37. Commonly Deployed IPv6-enabled OS/Apps Operating Systems Virtualization & Applications § Windows 7 § VMware vSphere 4.1 § Windows Server 2008/R2 § Microsoft Hyper-V § SUSE § Microsoft Exchange 2007 SP1/2010 § Red Hat § Apache/IIS Web Services § Ubuntu § Windows Media Services § The list goes on § Multiple Line of Business apps Most commercial applications won’t be your problem – it will be the custom/home-grown apps Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
  • 38. IPv6 Deployment in the Data Center Services/Appliances Do Not Support IPv6 Transparent One-Armed Routed Dedicated Server Farm § IPv6 traffic is bridged § IPv6 traffic bypasses § Create trunk between § New IPv6 only servers between VLANs services switch and server can be connected to existing access/agg pair § Permit Ethertype § IPv4 traffic is sent to § IPv4 has default on different VLANs 0x86dd (IPv6) one-arm attached gateway on service module/appliance module § New access/agg switches just for IPv6 § IPv6 on separate VLAN servers to MSFC Switch Switch VLAN103 Permit 0x86dd VLAN203 Switch Switch VLAN10 VLAN11 Trunk Dual stack server Dual stack server Dual stack server IPv4 server IPv6 server IPv4 IPv6 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
  • 39. ACE + IPv6 / ACE + ASR + NAT64 ACE SLB66 v4/v6 v6 v6 v6 HW available now – SW coming NAT64 + SLB44 SLB66 + NAT64 v6 v4 v6 v4 v4 server v4 server Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
  • 40. Deploying IPv6 in Branch Networks: http://www.cisco.com/univercd/cc/td/doc/solution/brchipv6.pdf #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
  • 41. WAN/Branch Deployment § Cisco routers have supported IPv6 for a long time Corporate § Dual-stack should be the focus of your Network implementation—but, some situations still call for tunneling § Support for every media/WAN type you want to use (Frame Relay, leased-line, broadband, MPLS, etc.) SP § Don’t assume all features Cloud for every technology are IPv6-enabled Dual § Better feature support in WAN/branch Stack than in campus/DC Dual Dual Stack Stack Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
  • 42. IPv6 Enabled Branch Focus more on the provider and less on the gear Branch Branch Branch Single Tier Dual Tier Multi-Tier SP HQ support HQ HQ for various WAN SP types? support for port-to- MPLS port IPv6? Internet Frame Internet Dual-Stack Dual-Stack IPSec VPN (IPv4/IPv6) Dual-Stack IPSec VPN or Firewall (IPv4/IPv6) IPSec VPN or Frame Relay MPLS (6PE/6VPE) Integrated Switch Firewall (IPv4/IPv6) Firewall (IPv4/IPv6) (MLD-snooping) Switches (MLD-snooping) Switches (MLD-snooping) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
  • 43. Hybrid Branch Example § Mixture of attributes from each profile § An example to show configuration for different tiers § Basic HA in critical roles is the goal Headquarters Branch Primary DMVPN Tunnel 2001:DB8:CAFE:20A::/64 VLAN 101: 2001:DB8:CAFE:1000::/64 Backup DMVPN Tunnel (dashed) 2001:DB8:CAFE:1002::/64 2001:DB8:CAFE:20B::/64 2001:DB8:CAFE:202::/64 ASA-1 BR1-1 ::2 ::1 HE1 BR1-LAN ::1 ::2 ::2 Enterprise ::4 Campus Data Center ::2 WAN ::3 BR1-LAN-SW ::3 ::5 ::3 BR1-2 ::3 ::1 HE2 HSRP for IPv6 VIP Address VLAN Interfaces: - FE80::5:73FF:FEA0:2 104 - 2001:DB8:CAFE:1004::/64 – PC 105 - 2001:DB8:CAFE:1005::/64 – Voice 106 - 2001:DB8:CAFE:1006::/64 – Printer Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
  • 44. DMVPN with IPv6 Hub Configuration Example crypto isakmp policy 1 interface Tunnel0 encr aes 256 description DMVPN Tunnel 1 authentication pre-share ip address 10.126.1.1 255.255.255.0 group 2 ipv6 address 2001:DB8:CAFE:20A::1/64 ipv6 mtu 1416 ! ipv6 eigrp 10 crypto isakmp key CISCO address 0.0.0.0 0.0.0.0 ipv6 hold-time eigrp 10 35 crypto isakmp key CISCO address ipv6 ::/0 no ipv6 next-hop-self eigrp 10 no ipv6 split-horizon eigrp 10 ! ipv6 nhrp authentication CISCO crypto ipsec transform-set HUB esp-aes 256 esp-sha-hmac ipv6 nhrp map multicast dynamic ! ipv6 nhrp network-id 10 crypto ipsec profile HUB ipv6 nhrp holdtime 600 ipv6 nhrp redirect set transform-set HUB tunnel source Serial1/0 tunnel mode gre multipoint tunnel key 10 Primary DMVPN Tunnel tunnel protection ipsec profile HUB 2001:DB8:CAFE:20A::/64 Backup DMVPN Tunnel (dashed) 2001:DB8:CAFE:20B::/64 BR1-1 ::2 ::1 HE1 ::2 WAN ::3 BR1-2 ::3 ::1 HE2 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
  • 45. DMVPN with IPv6 Spoke Configuration Example crypto isakmp policy 1 encr aes 256 authentication pre-share group 2 ! crypto isakmp key CISCO address 0.0.0.0 0.0.0.0 crypto isakmp key CISCO address ipv6 ::/0 ! crypto ipsec transform-set SPOKE esp-aes 256 esp-sha-hmac ! interface Tunnel0 crypto ipsec profile SPOKE description to HUB set transform-set SPOKE ip address 10.126.1.2 255.255.255.0 ipv6 address 2001:DB8:CAFE:20A::2/64 ipv6 mtu 1416 ipv6 eigrp 10 Primary DMVPN Tunnel ipv6 hold-time eigrp 10 35 2001:DB8:CAFE:20A::/64 no ipv6 next-hop-self eigrp 10 Backup DMVPN Tunnel (dashed) 2001:DB8:CAFE:20B::/64 no ipv6 split-horizon eigrp 10 ipv6 nhrp authentication CISCO BR1-1 ::2 ::1 HE1 ipv6 nhrp map 2001:DB8:CAFE:20A::1/64 172.16.1.1 ::2 ipv6 nhrp map multicast 172.16.1.1 WAN ::3 ipv6 nhrp network-id 10 ipv6 nhrp holdtime 600 HE2 ipv6 nhrp nhs 2001:DB8:CAFE:20A::1 BR1-2 ::3 ::1 ipv6 nhrp shortcut tunnel source Serial1/0 tunnel mode gre multipoint tunnel key 10 tunnel protection ipsec profile SPOKE Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
  • 46. ASA with IPv6 Snippet of full config – examples of IPv6 usage name 2001:db8:cafe:1003:: BR1-LAN description VLAN on EtherSwitch name 2001:db8:cafe:1004:9db8:3df1:814c:d3bc Br1-v6-Server ! interface GigabitEthernet0/0 description TO WAN nameif outside security-level 0 ip address 10.124.1.4 255.255.255.0 standby 10.124.1.5 ipv6 address 2001:db8:cafe:1000::4/64 standby 2001:db8:cafe:1000::5 ! interface GigabitEthernet0/1 description TO BRANCH LAN nameif inside security-level 100 ip address 10.124.3.1 255.255.255.0 standby 10.124.3.2 ipv6 address 2001:db8:cafe:1002::1/64 standby 2001:db8:cafe:1002::2 ! ipv6 route inside BR1-LAN/64 2001:db8:cafe:1002::3 ipv6 route outside ::/0 fe80::5:73ff:fea0:2 ! ipv6 access-list v6-ALLOW permit icmp6 any any ipv6 access-list v6-ALLOW permit tcp 2001:db8:cafe::/48 host Br1-v6-Server object-group RDP ! failover failover lan unit primary failover lan interface FO-LINK GigabitEthernet0/3 failover interface ip FO-LINK 2001:db8:cafe:1001::1/64 standby 2001:db8:cafe:1001::2 access-group v6-ALLOW in interface outside Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
  • 47. Branch LAN Connecting Hosts ipv6 dhcp pool DATA_W7 dns-server 2001:DB8:CAFE:102::8 domain-name cisco.com ! interface GigabitEthernet0/0 description to BR1-LAN-SW no ip address BR1-LAN duplex auto speed auto ! BR1-LAN-SW interface GigabitEthernet0/0.104 description VLAN-PC encapsulation dot1Q 104 VLAN Interfaces: ip address 10.124.104.1 255.255.255.0 104 - 2001:DB8:CAFE:1004::/64 – PC ipv6 address 2001:DB8:CAFE:1004::1/64 105 - 2001:DB8:CAFE:1005::/64 – Voice ipv6 nd other-config-flag 106 - 2001:DB8:CAFE:1006::/64 – Printer ipv6 dhcp server DATA_W7 ipv6 eigrp 10 ! interface GigabitEthernet0/0.105 description VLAN-PHONE encapsulation dot1Q 105 ip address 10.124.105.1 255.255.255.0 ipv6 address 2001:DB8:CAFE:1005::1/64 ipv6 nd prefix 2001:DB8:CAFE:1005::/64 0 0 no-autoconfig ipv6 nd managed-config-flag ipv6 dhcp relay destination 2001:DB8:CAFE:102::9 ipv6 eigrp 10 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
  • 48. #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
  • 49. Cisco Remote VPN – IPv6 Client-based IPsec VPN Client-based SSL Internet § Cisco VPN Client 4.x IPv4 IPSec Termination (PIX/ASA/IOS VPN/ Concentrator) IPv6 Tunnel Termination (IOS ISATAP or Configured Tunnels) § AnyConnect Client 2.x SSL/TLS or DTLS (datagram TLS = TLS over UDP) Tunnel transports both IPv4 and IPv6 and the packets exit the tunnel at the hub ASA as native IPv4 and IPv6. Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
  • 50. AnyConnect 2.x—SSL VPN asa-edge-1#show vpn-sessiondb svc Session Type: SVC Username : ciscoese Index : 14 Assigned IP : 10.123.2.200 Public IP : 10.124.2.18 Assigned IPv6: 2001:db8:cafe:101::101 Protocol : Clientless SSL-Tunnel DTLS-Tunnel License : SSL VPN Encryption : RC4 AES128 Hashing : SHA1 Bytes Tx : 79763 Bytes Rx : 176080 Group Policy : AnyGrpPolicy Tunnel Group: ANYCONNECT Login Time : 14:09:25 MST Mon Dec 17 2007 Duration : 0h:47m:48s NAC Result : Unknown VLAN Mapping : N/A VLAN : none Cisco ASA Dual-Stack Host AnyConnect Client Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
  • 51. AnyConnect 2.x—Summary Configuration interface GigabitEthernet0/0 nameif outside security-level 0 ip address 10.123.1.4 255.255.255.0 ipv6 enable Outside ! interface GigabitEthernet0/1 nameif inside security-level 100 ip address 10.123.2.4 255.255.255.0 2001:db8:cafe:101::ffff Inside ipv6 address 2001:db8:cafe:101::ffff/64 ! ipv6 local pool ANYv6POOL 2001:db8:cafe:101::101/64 200 webvpn enable outside svc enable tunnel-group-list enable group-policy AnyGrpPolicy internal group-policy AnyGrpPolicy attributes vpn-tunnel-protocol svc default-domain value cisco.com address-pools value AnyPool tunnel-group ANYCONNECT type remote-access http://www.cisco.com/en/US/docs/security/vp tunnel-group ANYCONNECT general-attributes n_client/anyconnect/anyconnect20/administra address-pool AnyPool tive/guide/admin6.html#wp1002258 ipv6-address-pool ANYv6POOL default-group-policy AnyGrpPolicy tunnel-group ANYCONNECT webvpn-attributes group-alias ANYCONNECT enable Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
  • 52. #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
  • 53. Top SP Concerns for Enterprise Accounts Port to Port Multi-Homing Access IPv6 Content Provisioning Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
  • 54. Port-to-Port Access Port to Port Access Multi-Homing IPv6 Content Provisioning Basic Internet* • Dual-stack or native IPv6 at each POP • SLA driven just like IPv4 to support VPN, content access • 6VPE MPLS • IPv6 Multicast • End-to-End traceability Hosted (see • IPv6 access to hosted content • Cloud migration (move data from Ent DC to Hosted DC) content) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. * = most common issue Cisco Public 54
  • 55. Multi-Homing Port to Port Access Multi-Homing IPv6 Content Provisioning • PA is no good for customers with multiple providers or change PI/PA Policy * them at any pace • PI is new, constantly changing expectations and no “guarantee” an SP won’t do something stupid like not route PI space Concerns • Customers fear that RIR will review existing IPv4 space and want it back if they get IPv6 PI • Religious debate about the security exposure – not a multi-homing issue NAT • If customer uses NAT like they do today to prevent address/policy exposure, where do they get the technology from – no scalable IPv6 NAT exists today • Is it really different from what we do today with IPv4? Is this policy Routing stuff? • Guidance on prefixes per peering point, per theater, per ISP, ingress/egress rules, etc.. – this is largely missing today Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
  • 56. Content Port to Port Access Multi-Homing IPv6 Content Provisioning Hosted/Cloud Apps today * • IPv6 provisioning and access to hosted or cloud-based services today (existing agreements) • Salesforce.com, Microsoft BPOS (Business Productivity Online Services), Amazon, Google Apps Move to • Movement from internal-only DC services to hosted/cloud-based DC Hosted/Cloud • Provisioning, data/network migration services, DR/HA Contract/Managed • Third-party marketing, business development, outsourcing Marketing/Portals • Existing contracts – connect over IPv6 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
  • 57. Provisioning Port to Port Access Multi-Homing IPv6 Content Provisioning SP Self- • Not a lot of information from accounts on this but it does concern them Service • How can they provision their own services (i.e. cloud) to include IPv6 services and do it over IPv6 Portals * • More of a management topic but the point here is that customers want the ability to alter their services based on SLA violations, expiration or restrictions on the SLA • Again, how can they do this over IPv6 AND for IPv6 services Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
  • 58. The Scope of IPv6 Deployment Web Content Management Applications & Application Suites Data Client Collaboration Sensors & Center Access Printers Devices & Controllers Roll-out Releases & Planning Staff Training and Operations Servers (PC’s) Gateways Networked Device Support Load Security Optimization DNS & Balancing Content VPN (Firewalls (WAAS, SSL DHCP & Content Distribution Access & IDS/IPS) acceleration) Switching Networked Infrastructure Services Deployment IPv6 over IPv4 Tunnels IPv6 over MPLS (Configured, 6to4, ISATAP, GRE) Dual-Stack (6PE/6VPE) Scenario IP Services (QoS, Multicast, Mobility, Translation) Hardware IP Routing Connectivity Instrumentation Support Addressing Protocols Presentation_ID Basic Network Infrastructure © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
  • 59. IPv6 + VDI and/or High-density VM § Movement to Virtual Desktop Infrastructure and large scale VM deployments leads customers to the question – how many VMs can I get on a single VLAN? Today - Limited to broadcast domain and ARP scaling IPv6 has no broadcast – what is the control plane impact of having only IPv6 multicast for neighbor/router activity? Less/Same?? Can I greatly increase the number of hosts/VMs per VLAN without IPv4? § Can IPv6 solve my internal RFC1918 starvation issue – specifically inside my Data Center? Most VDI deployments are ‘additive’ in host count not a direct 1:1 replacement from thick-to-thin/zero client § Building on interest and possibilities with LISP Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
  • 60. Conclusion § “Dual stack where you can – Tunnel where you must – Translate only when you have a gun to your head” § Create a virtual team of IT representatives from every area of IT to ensure coverage for OS, Apps, Network and Operations/Management § Microsoft Windows Vista, Windows 7 and Server 2008 will have IPv6 enabled by default—understand what impact any OS has on the network § Deploy it – at least in a lab – IPv6 won’t bite § Things to consider: Focus on what you must have in the near-term (lower your expectations) but pound your vendors and others to support your long- term goals Don’t be too late to the party – anything done in a panic is likely going to go badly Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
  • 61. #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
  • 62. #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
  • 63. Thank you. #CNSF2011
  • 64. #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
  • 65. Information about Cisco § 300 locations in 90 countries § 66,000+ Employees § 400 buildings 20,000 Channel Partners § 51 data centers and § 110+ Application server rooms Service Providers § 1500+ labs world wide § 210+ Business and Support (500+ in San Jose) Development Partners Over 180,000 people around the world in the extended Cisco family ASIAPAC N. America S. America Europe Middle East Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
  • 66. Drivers and Goals § Business Drivers 1. IPv6 leadership and mindshare 2. IPv6 product and solution readiness § IT Drivers 1. Corporate Growth (IPv4 Address Depletion) 2. Enable IPv6 Infrastructure for development and testing 3. Cisco on Cisco § Goals 1. cisco.com IPv6 Internet presence 2. Enable ubiquitous IPv6-enabled user access in the network 3. End to end IPv6 (Dual Stack) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
  • 67. Cisco IT’s IPv6 Strategy Future IPv6 Internet Presence (cisco.com) Static Content All Content All Content Long-Term Only and Apps IPv6 and Apps Investments Separate URL Separate URL Single URL Apps & services Separate Web Separate Web Converged Front-end Front-end Web Front-End Collaboration Communication Enterprise Apps Ubiquitous IPv6 User Access Content Limited IPv6 Tunnel Service- Dual Stack Dual Stack Limited IPv6 Desktop Networks Tunnel Service Dual Stack Core Desktop Networks Corp and Internet Corp and Internet SJC and RTP All global sites, access on request access Corp and Internet remote access on request Access Corp and Internet GGSG Dual Stack Access Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
  • 68. IPv6 Deployment Plan (Ubiquitous IPv6 User Access) § Pilot Phase (Completed) Ø Single Tunnel Head End with Tunnelled IPv6 Internet Connectivity Ø Offers 6in4 Tunnels for Labs and ISATAP for Desktop users § Phase 1 – Dual Stacked Core and Tunnelling Infrastructure Ø Dual Stacked CAPNet and Partial Core Ø Five Regional Tunnels Head Ends Ø Native IPv6 in SJ with Dual stacked Alpha DMZ Ø Native IPv6 in RTP with Dual Stacked Alpha DMZ § Phase 2 – Desktop (Wired and Wireless) and DC Pilot Ø Dual Stack Pilot Desktop Wired and Wireless Ø Isolated Dual Stacked DC Pod (IPv6 DC Island) § Phase 3 – DC, DMZ, RO, OOB, Lab, Remaining Core, MPLS VPNs, Multicast, QoS, Extranet (TBD) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
  • 69. Cisco.com Phase I Solution Overview § Replication Replicate •g static content•hto v6 environment Directories with secure content in them will not be replicated 200G of content is replicated to IPv6 environment § Content Delivery AAAA record for www.ipv6.cisco.com served from DNS •g Static Content•hserved locally Dynamic Content redirected to WWW Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
  • 70. www.ipv6.cisco.com – 2001:420:80:1::5 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
  • 71. #CNSF2011 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
  • 72. § June 8, 2011 from 0:00 UTC to June 9, 2011 0:00 UTC § Coordinated, cooperative IPv6 activation by websites and CDNs § Worldwide testbed for data gathering § http://isoc.org/wp/worldipv6day/ Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
  • 73. Step Back: How are Clients Served? § Dual stacked (IPv4 and IPv6 enabled hosts) as well as IPv6 only hosts use IPv6 network § IPv4 only clients will use IPv4 network § IPv6 data paths are independent of IPv4 paths § IPv6 capable devices will prefer IPv6 connectivity § IPv6 paths will see unprecedented stress on June 8 § IPv4 only sites will see no changes Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
  • 74. Website Owners Dual Stack IPv4 Dual Stack with IPv6 Only (IPv4/IPv6) problem Network Operators IPv4 Only (end users) Dual Stack (IPv4/IPv6) Dual Stack with IPv6 problem Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
  • 75. § Estimated impacted Internet population: • 0.05% of all users or ~ 500,000 hosts * § Most sites or hosts will not notice the change § Typical impacts • Slow connection startup as IPv6 fails and falls back to IPv4 • Slow performance due to congested IPv6 paths • Failed connectivity for misconfigured devices or networks • DNS lookup failures * Source: http://www.isc.org/solutions/survey Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
  • 76. Thank you. #CNSF2011