Federal Agencies and the Transition to IPv6

Similar documents
CCNA Questions/Answers IPv6. Select the valid IPv6 address from given ones. (Choose two) A. FE63::0043::11:21 B :2:11.1 C.

Unit 5 - IPv4/ IPv6 Transition Mechanism(8hr) BCT IV/ II Elective - Networking with IPv6

Executive Summary...1 Chapter 1: Introduction...1

IPv6 in Campus Networks

Network Working Group. Category: Informational Bay Networks Inc. September 1997

Transition Strategies from IPv4 to IPv6: The case of GRNET

IPv6 Addressing. There are three types of IPV6 Addresses. Unicast:Multicast:Anycast

Table of Contents Chapter 1 Tunneling Configuration

Chapter 15 IPv6 Transition Technologies

Transition To IPv6 October 2011

Business Objects Product Suite

IPv6 over IPv4 GRE Tunnels

Deploy CGN to Retain IPv4 Addressing While Transitioning to IPv6

Migration to IPv6 from IPv4. Is it necessary?

How Cisco IT Is Accelerating Adoption of IPv6

Implementing Cisco IP Routing

Migration Technologies. Dual Stack and Tunneling Using GRE, 6to4, and 6in4.

Locator ID Separation Protocol (LISP) Overview

IPv6 over IPv4 GRE Tunnels

IPv6 over IPv4 GRE Tunnels

IPv6 Feature Facts

What does IPv6 mean to me and my organization?

Secure Extension of L3 VPN s over IP-Based Wide Area Networks

Transitioning to IPv6

VXLAN Overview: Cisco Nexus 9000 Series Switches

Question No : 1 Which three options are basic design principles of the Cisco Nexus 7000 Series for data center virtualization? (Choose three.

IPv6 migration challenges and Security

Internet Protocol Version 6

IPv6 Enablement for Enterprises. Waliur Rahman Managing Principal, Global Solutions April, 2011

Enhanced IGRP. Chapter Goals. Enhanced IGRP Capabilities and Attributes CHAPTER

Case Study: Professional Services Firm Ensures Secure and Successful IPv6 Deployments for Customers with the OptiView XG Network Analysis Tablet

IPv6 Transition Mechanisms

IPv6 Transition Mechanisms

Migrating from Dynamic Multipoint VPN Phase 2 to Phase 3: Why and How to Migrate to the Next Phase

INTRODUCTION 2 DOCUMENT USE PREREQUISITES 2

IPv6 Transition Technologies (TechRef)

Cisco IOS IPv6. Cisco IOS IPv6 IPv6 IPv6 service provider IPv6. IPv6. data link IPv6 Cisco IOS IPv6. IPv6

System Performance Analysis of IPv6 Transition Mechanisms over MPLS

How To Forward GRE Traffic over IPSec VPN Tunnel

The Migration from IPv4 to IPv6

Workshop on the IPv6 development in Saudi Arabia 8 February 2009; Riyadh - KSA

The link-local prefix ff00::/8 specifies any addresses which are used only in software.

IPv6 in Internet2. Rick Summerhill Associate Director, Backbone Network Infrastructure, Internet2

IPv6 Rapid Deployment: Provide IPv6 Access to Customers over an IPv4-Only Network

IPv6 Switching: Provider Edge Router over MPLS

IPv6 Rapid Deployment (6rd) in broadband networks. Allen Huotari Technical Leader June 14, 2010 NANOG49 San Francisco, CA

LISP: Intro and Update

IPv6 Transition Strategies

Planning for Information Network

Holistic IPv6 Transition Yanick Pouffary HP Distinguished Technologist HP IPv6 Global Leader, HP Technology Services Office of the CTO

Enterprise IPv6 Transition Strategy

Overview. Overview. OTV Fundamentals. OTV Terms. This chapter provides an overview for Overlay Transport Virtualization (OTV) on Cisco NX-OS devices.

Table of Contents. Cisco Introduction to EIGRP

Impact of IPv6 to an NGN and Migration Strategies. Gyu Myoung Lee ETRI

IPv6: a real opportunity for ISPs

Integrated Security 22

Manually Configured IPv6 over IPv4 Tunnels

Virtualisierung nur im RZ? Werden Netzwerke immer komplexer? Göran Friedl Senior Network Consultant, Avaya Deutschland GmbH


Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

Implementing Tunneling for IPv6

IPv6 Transition Strategies

IPv6 Transition Mechanisms

Managing Costs in Growing Networks with SEGway STPs and Point Code Emulation

MIGRATING TO INTERNET PROTOCOL VERSION 6 (IPV6)

Course 20741B: Networking with Windows Server 2016

2610:f8:ffff:2010:04:13:0085:1

IPv6 Planning (Session 9267)

Scalability Considerations

Networking with Windows Server 2016

Transition mechanism from IPv4 to IPv6 -A Review

CSCI-1680 Network Layer:

IPv4/v6 Considerations Ralph Droms Cisco Systems

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Introduction. Executive Summary. Test Highlights

Planning IPv4 addressing Configuring an IPv4 host Managing and troubleshooting IPv4 network connectivity

Networking with Windows Server 2016

IPv6 Switching: Provider Edge Router over MPLS

Providing Reliable IPv6 Access Service Based on Overlay Network

IP Mobility Design Considerations

Cisco Director Class SAN Planning and Design Service

Necessity to Migrate to IPv6

Key Steps in the Transition to IPv6 WHITE PAPER

Performance Analysis of Video Conferencing over Various IPv4/IPv6 Transition Mechanisms

FiberstoreOS IPv6 Security Configuration Guide

Deploying IPv6 in Campus Networks

Experience working with Windows Server 2008 or Windows Server Experience working in a Windows Server infrastructure enterprise environment

LISP Locator/ID Separation Protocol

Scalability Considerations

Configuring Tunneling on the RV130W

LOGICAL ADDRESSING. Faisal Karim Shaikh.

NETLOGIC TRAINING CENTER

IPv6 Features and Benefits: A Technical Update Based on the Federal Government Agency IPv6 Transition Plan Found in the Public Domain

Akamai's V6 Rollout Plan and Experience from a CDN Point of View. Christian Kaufmann Director Network Architecture Akamai Technologies, Inc.

White Paper. Managing IPv6 Networks

Deploying LISP Host Mobility with an Extended Subnet

IPv6 Migration - Why do I care anyway? WELCOME Rick Wylie KeyOptions MacSysAdmin 2012

Sony Adopts Cisco Solution for Global IPv6 Project

Managing the Migration to IPv6 Throughout the Service Provider Network White Paper

IPv6 support. Chris Mitchell. Program Manager Microsoft Corporation Windows Networking & Communications IPv6

Transcription:

Federal Agencies and the Transition to IPv6 Introduction Because of the federal mandate to transition from IPv4 to IPv6, IT departments must include IPv6 as a core element of their current and future IT strategies. Although migrating from IPv4 to IPv6 may be strategically and technically challenging, many organizations are actually more prepared to begin the transition than they may realize: much of the current IPv4 infrastructure is IPv6 capable, and approximately one-third of the deployed desktop systems are IPv6 capable. Additionally, a key part of the IPv6 design is its ability to integrate into and coexist with existing IPv4 networks, which means that as anticipated IPv4 can and will coexist for the foreseeable future. Because there is no single day on which a planned outage will occur and by which all network changes must be complete, with careful planning, federal agencies can conduct business as usual throughout the long transition process. This white paper introduces several specific transition mechanisms and campus designs that can help federal agencies with the planning process. The mechanisms and campus designs discussed in this document are based on the Cisco High Availability Campus Design reference architectures (http://www.cisco.com/en/us/netsol/ns656/networking_solutions_design_guidances_list.html). Transition Mechanisms Federal agencies can use a number of mechanisms to guide their transition from IPv4 to IPv6. Because each transition mechanism involves different implementation technologies and features, they offer varying degrees of effectiveness and success depending on the current state of the network. The most highly recommended mechanisms are dual stack, manually configured tunnels, and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnels. Dual Stack Dual stack (Figure 1) runs both IPv4 and IPv6 protocol stacks on a router in parallel, making it similar to the multiprotocol network environments of the past, which often ran Internetwork Packet Exchange (IPX), AppleTalk, IP, and other protocols concurrently. The technique of deploying IPv6 using dual-stack backbones allows IPv4 and IPv6 applications to coexist in a dual IP layer routing backbone. The IPv4 communication uses the IPv4 protocol stack, and the IPv6 communication uses the IPv6 stack. As a transition strategy, dual stack is ideal for campus networks with a mixture of IPv4 and IPv6 applications. The technology is not difficult to implement, though it may require router upgrades because all routers must be dual stack with IPv4 and IPv6 addresses. Dual stack also requires access to the IPv6 Domain Name System (DNS) and enough memory for both IPv4 and IPv6 routing tables. Given that the dual management of protocols can introduce challenges such as memory and CPU exhaustion and additional security requirements, such potential challenges should be addressed proactively to help ensure as smooth and cost-effective a solution as possible. Figure 1. Dual-Stack Example All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 7

Manually Configured Tunnels Tunneling is the encapsulation of IPv6 traffic within IPv4 packets so that they can be sent over an IPv4 backbone, thus allowing isolated IPv6 end systems and routers to communicate without the need to upgrade the IPv4 infrastructure that exists between them. Manually configured tunneling is one of many tunneling techniques currently available (Figure 2). Manually configured tunnels are used primarily as stable links for regular communication; they use standards-based security mechanisms such as those provided by IP Security (IPsec) to help ensure the security of that communication. With manually configured tunnels, an IPv6 address is manually configured on a tunnel interface, and the IPv4 addresses are manually configured at the tunnel source and the tunnel destination. Because they are configured one-to-one between wellknown endpoints, manually configured tunnels make traffic information available for each endpoint; when IPsec is used, they also provide extra security against injected traffic. This transition strategy is easily deployed over existing IPv4 infrastructures However, it is important to note that because manually configured tunnels require configuration at both ends of the tunnel and because the tunnel can be between two points only they have a larger management overhead when multiple tunnels are implemented. The independence of the tunnel and link topologies also requires additional diagnostics. For this reason, manually configured tunnels are ideal for networks with a limited number of required tunnels. Figure 2. Manually Configured Tunnel Example ISATAP Tunnels Intra-site Automatic Tunnel Addressing Protocol (ISATAP) is another tunneling technique (Figure 3). It differs from manually configured tunneling in that ISATAP tunnels are automatically defined rather than statically defined. Also, ISATAP tunnels are primarily used between hosts and routers whereas manually configured tunnels are used between routers, as described in the Manually Configured Tunnels section. With ISATAP, a tunnel is created from a host, such as a PC, to a router or Layer 3 switch. The tunnel is established by using the IPv4 addresses of both the host and the router. The tunnel is automatic in that the host establishes the tunnel only when it needs to; the host is also able to discover the tunnel destination (that is, the router s IPv4 address) dynamically through DNS or a local definition. Because both IPv4 and tunneled IPv6 packets are transported over a single All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 7

common IPv4 infrastructure, IPv4-dependent applications can continue to use IPv4 while newer IPv6-capable applications can be deployed immediately. As a transition strategy, ISATAP is ideal for campus and branch sites because ISATAP allows organizations to activate IPv6 connectivity on the existing IPv4-only network while the infrastructure is gradually migrated to integrate native IPv6 capabilities. Thus, the immediate effect on the IPv4 support infrastructure is reduced to the configuration of one ISATAP router, though Cisco Systems recommends the deployment of at least two ISATAP routers for high availability. Additionally, because ISATAP allows native IPv6 connectivity to be activated first in the backbone, other parts of the IPv4 infrastructure can preserve their investment as they naturally evolve to support IPv6. ISATAP islands can also be created to allow gradual evolution to native IPv6 capabilities within different parts of the organization without blocking end-to-end IPv6 service deployments. Although it has many benefits, ISATAP does not support IPv6 multicast, so this would not be the most appropriate transition strategy for organizations requiring that capability. Figure 3. ISATAP Example Campus Design Models There are three campus design models that Cisco generally recommends for deploying IPv6, each of which uses one or more of the transition mechanisms described in the preceding sections. Cisco defines these three campus design models as dual stack, hybrid, and service block. Dual Stack The Cisco dual-stack campus design model uses the dual-stack transition strategy in its design (Figure 4). To implement the dual-stack campus design model, each site should have an IPv6 unicast global or unique local prefix and appropriate entries in a DNS that map between host names and IP addresses for both IPv4 and IPv6. As previously noted, all routers in the network also need to be upgraded to dual stack so that IPv4 and IPv6 can run together over the same backbone. IPv4 communication uses the IPv4 protocol stack, with forwarding of IPv4 packets based on routes learned through running IPv4-specific routing protocols, whereas IPv6 communication uses the IPv6 stack with routes learned through the IPv6-specific routing protocols. Applications choose between IPv4 or IPv6 based on the response from the DNS, with the application selecting the correct address based on the type of IP traffic and the particular requirements of the communication. All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 7

Today, dual stack is a valid campus design model for specific network infrastructures with a mixture of IPv4 and IPv6 applications such as on a campus or an aggregation point of presence. A consideration for this approach in addition to ensuring that network routers are IPv6 capable is that the routers require a dual addressing scheme to be defined. Additionally, the IPv4 and IPv6 routing protocols require dual management and must both be configured with enough memory and CPU performance to support both the IPv4 and IPv6 protocols. Figure 4. Campus Dual-Stack Example Hybrid The Cisco hybrid campus design model (Figure 5) is a mix, or hybrid, that offers IPv6 connectivity using any or all of the aforementioned IPv6 transition mechanisms (dual stack, manually configured, and ISATAP). The particular combination of mechanisms depends on the hardware capabilities of the network. The hybrid model allows organizations to use their existing network design and network equipment and offers a natural progression to full dual-stack design. It also offers a tremendous amount of flexibility for IPv6 deployment, as it allows IPv6 services to be delivered over a large-scale environment or over a network that may have just a few IPv6-capable devices. All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 7

Depending on the hardware capability of the campus network components (mainly routers and switches), a transition mechanism can be deployed to provide access to IPv6-capable services. For example, if the campus distribution layer does not have Layer 3 IPv6 hardware capabilities, ISATAP tunnels can be used from the hosts to the core layer. The core layer, which may have IPv6 capabilities, would then use dual stack into the data center area of the network (see Figure 5, example 1). Alternatively, if the distribution and data center aggregation layers have Layer 3 IPv6 hardware capabilities but the core layer does not, dual stack can be used from the hosts to the distribution layer, and then manually configured tunnels can be used from the distribution to the data center aggregation layer. There are some issues to be aware of with this campus design model, such as the fact that the tunnels especially ISATAP cause the infrastructure to function in unnatural ways; for example, with the core acting as the access layer. Figure 5. Campus Hybrid Example Service Block The Cisco service block campus design model (Figure 6) offers interim connectivity for the IPv6 overlay network during the transition process. It is similar to the hybrid model in that it offers the same flexibility options and allows the deployment of the various transition mechanisms based on the application, location, or performance and scalability requirements. However, with the hybrid model, the existing network infrastructure devices are used for tunnel termination; with the service block model, all transition mechanisms terminate in the newly created service block. Also, whereas the hybrid campus design uses the network design as it currently exists, the service block campus design adds a new network layer (or block) to the existing network design that is used solely for IPv6 and the various transition mechanisms. In this way, it provides the capability to rapidly deploy IPv6 services without touching the existing network. All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 7

An important benefit of the service block campus design model is that as hardware is upgraded, the tunnels can be replaced with dual-stack connections, eventually freeing the service block equipment for other purposes. Consider, for example, an IPv6-capable application that is hosted in the data center, with hosts in the access layer of the campus that need access to that application. ISATAP tunnels can be used from the hosts, and manually configured tunnels can be used from the data center aggregation layer, both terminating on the service block switches. As network components such as core layer switches become dual-stack capable, the tunnels can be replaced with dual-stack links. Eventually, the service block can be removed entirely and the network equipment repurposed. Note that because the service block campus design does not fully use the existing infrastructure design, it is more costly because organizations are required to purchase additional equipment. Furthermore, this model is not a substitute for a real dual-stack deployment, which means that organizations still must make appropriate plans for such a deployment. Figure 6. Campus Service Block Example All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 7

For More Information To learn more about IPv6 transition mechanisms dual stack, manually configured tunnels, ISATAP tunnels, and other mechanisms that Cisco supports or for additional information about campus designs that Cisco recommends, please visit http://www.cisco.com/ipv6. Cisco will also publish a series of IPv6 implementation documents at http://www.cisco.com/ipv6 and http://www.cisco.com/go/srnd as its work on IPv6 reference models continues. Printed in USA C11-390660-01 10/08 All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback