IPv 6 Using IPv 6 and IPv 4

  • Slides: 75
Download presentation
IPv 6 Using IPv 6 and IPv 4 Integration and Co-existence Integration and o-existence

IPv 6 Using IPv 6 and IPv 4 Integration and Co-existence Integration and o-existence

Integration and Co-existence Strategy l l The transition from IPv 4 to IPv 6

Integration and Co-existence Strategy l l The transition from IPv 4 to IPv 6 does not require an upgrade on all nodes at the same time. Many transition mechanisms enable smooth integration of IPv 4 to IPv 6. There are mechanisms available that allow IPv 4 nodes to communicate with IPv 6 nodes. All of these mechanisms can be applied to different situations. Integration and o-existence 2

Integration Methods 1. Dual Stack (Dual IP) l l 2. Tunnelling Techniques l 3.

Integration Methods 1. Dual Stack (Dual IP) l l 2. Tunnelling Techniques l 3. Complete support for both Internet protocols, IPv 4 and IPv 6, in hosts and routers. Most preferred mechanism. The encapsulation of packets of one IP version number within packets of a second IP version number in order to traverse clouds of the second IP version number. Translation Techniques l l Enables IPv 6 -only devices to communicate with IPv 4 -only devices and vice versa. Least desirable set of mechanisms. Integration and o-existence 3

Dual Stack Integration and o-existence

Dual Stack Integration and o-existence

Dual Stack l l l Conceptually easiest ways of introducing IPv 6 to a

Dual Stack l l l Conceptually easiest ways of introducing IPv 6 to a network is called the “dual stack mechanism”, as described in [NG 05], which is an update of RFC 2893 [RFC 2893]. A host or a router is equipped with both IPv 4 and IPv 6 protocol stacks in the operating system (though this may typically be implemented in a hybrid way). Each node, called an “IPv 4/IPv 6 node”, is configured with both IPv 4 and IPv 6 addresses. It can both send and receive datagrams belonging to both protocols and thus communicate with every node in the IPv 4 and IPv 6 network. Well known and has been applied in the past for other protocol transitions. Integration and o-existence 5

Application Supporting both IPv 4 and IPv 6 Can use both stacks Integration and

Application Supporting both IPv 4 and IPv 6 Can use both stacks Integration and o-existence 6

Stack Selection l l Dual-stack node itself can not randomly decide to use one

Stack Selection l l Dual-stack node itself can not randomly decide to use one of the two stacks to communicate. Two methods to force a dual-stack node to use its IPv 6 stack: 1. Manual entry by the user 2. Using a naming service Integration and o-existence 7

1. Stack Selection: Manual entry by the user l l l If the user

1. Stack Selection: Manual entry by the user l l l If the user knows the IPv 6 address of the destination IPv 6 hostname, can fill in the IPv 6 address to establish the session The legal format of IPv 6 must be used This method is good enough for debugging but best for daily use of applications. Integration and o-existence 8

2. Stack Selection: Using a Naming service l By configuring FQDN in DNS with

2. Stack Selection: Using a Naming service l By configuring FQDN in DNS with IPv 4 and IPv 6 addresses l An FQDN may be available through one IPv 4 address represented by an A record or through one IPv 6 address represented by an AAAA record in the DNS server. The same FQDN might be available with both IPv 4 and IPv 6 addresses. DNS servers can be queried to provide information about a server’s availability and host service either over IPv 4 or IPv 6. As defined in RFC 2553, Basic Socket Interface Extensions for IPv 6, a new API is defined to handle both IPv 4 and IPv 6 in DNS queries. The functions gethostbyname and gethostbyaddr in applications must be modified to get the benefits of the IPv 6 protocol in legacy IPv 4 -based applications. l l Integration and o-existence 9

Stack Selection: Using a Naming service Possible querying scenarios l Querying for an IPv

Stack Selection: Using a Naming service Possible querying scenarios l Querying for an IPv 4 address l l Querying for an IPv 6 Address l l A record AAAA record Querying for all types of Addresses l l First look for an AAAA record, if not Then look for an A record Integration and o-existence 10

Querying the Naming Service for an IPv 4 Address l When an application is

Querying the Naming Service for an IPv 4 Address l When an application is IPv 4 aware only, it asks the DNS server to get only the IPv 4 address for the host name to communicate. Integration and o-existence 11

Querying the Naming Service for an IPv 6 Address IPv 6 application requesting an

Querying the Naming Service for an IPv 6 Address IPv 6 application requesting an FQDN AAAA record from DNS l Application may also support IPv 6 only. It asks the DNS server to resolve an FQDN to get the host name ‘s IPv 6 address to communicate. Integration and o-existence 12

Querying the Naming Service for all types of Addresses l l Application first looks

Querying the Naming Service for all types of Addresses l l Application first looks for AAAA record. If does not find one, it looks for an A record to communicate with a host name. Application supporting both is coded to give preference to IPv 6 address received from DNS Integration and o-existence 13

Enabling Dual Stack on Cisco routers l When both IPv 4 and IPv 6

Enabling Dual Stack on Cisco routers l When both IPv 4 and IPv 6 addresses are assigned to a network interface, the interface is considered dual-stacked. Integration and o-existence 14

Applications supports Dual-Stack on Cisco routers l DNS Resolver l l l Telnet l

Applications supports Dual-Stack on Cisco routers l DNS Resolver l l l Telnet l l IOS EXEC accepts both IPv 4 and IPv 6 address as an argument TFTP server l l It may resolve host names into IPv 4 and IPv 6 addresses. It can be configured ip name-server ipv 6 -address command. It can accept upto six name servers IOS EXEC accepts both IPv 4 and IPv 6 address as an argument HTTP server l Accepts incoming sessions over IPv 4 and IPv 6 Integration and o-existence 15

Tunnelling IPv 6 Packets over Existing IPv 4 Network Note: Tunnelling is an intermediate

Tunnelling IPv 6 Packets over Existing IPv 4 Network Note: Tunnelling is an intermediate integration and transition technique that should not be considered a final solution. Native IPv 6 architecture should be the ultimate goal. Integration and o-existence

Why Tunneling? l l Tunnels are generally used on the network to carry incompatible

Why Tunneling? l l Tunnels are generally used on the network to carry incompatible protocols or specific data over an existing network. For deployment of IPv 6, it provides a basic way for IPv 6 hosts or island of IPv 6 hosts, servers, and routers to reach other IPv 6 island IPv 6 networks using IPv 4 routing domain as the transport layer. Edge routers at the border of the IPv 6 islands and the Internet can handle the tunnelling of IPv 6 packets in IPv 4. Tunnelling can be configured between border routers or between a border router and a host; however, both tunnel endpoints must support both the IPv 4 and IPv 6 protocol stacks. Integration and o-existence 17

How Does Tunnelling IPv 6 Packets in IPv 4 Work? l l l Tunnelling

How Does Tunnelling IPv 6 Packets in IPv 4 Work? l l l Tunnelling encapsulates IPv 6 packets in IPv 4 packets for delivery across an IPv 4 infrastructure (a core network or the Internet). When IPv 6 packets are tunneled in IPv 4, their original header and payload are not modified. One IPv 4 header is inserted over the IPv 6 header. At each side of the tunnel, encapsulation and decapsulation of IPv 6 packets are performed. Edge device must support both IPv 4 and IPv 6. Integration and o-existence 18

IPv 6 Packets Delivered Through IPv 4 Tunnel Integration and o-existence 19

IPv 6 Packets Delivered Through IPv 4 Tunnel Integration and o-existence 19

Issues with Tunnelling l Tunnel MTU and Fragmentation l l l IPv 4 header

Issues with Tunnelling l Tunnel MTU and Fragmentation l l l IPv 4 header = 20 octets is inserted before the IPV 6 packet decreasing IPv 6 effective MTU by 20 octets Min IPv 6 MTU = 1280 octets Due to fragmentation of IPv 6 – leads to performance issues Handling IPv 4 ICMPv 4 errors Filtering Protocol 41 NAT Integration and o-existence 20

IPv 6 Tunneling Scenarios in IPv 4 Host-to-host 1. l l Isolated hosts with

IPv 6 Tunneling Scenarios in IPv 4 Host-to-host 1. l l Isolated hosts with a dual stack on an IPv 4 network can establish a tunnel to another dual-stack host. Allows the establishment of end-to-end IPv 6 sessions between hosts Host to router 2. l Isolated hosts with a dual stack on an IPv 4 network can establish a tunnel to the dual-stack router Router to router 3. l Routers with a dual-stack on an Ipv 4 network can establish a tunnel to another dual-stack router. Integration and o-existence 21

IPv 6 Tunneling Scenarios in IPv 4 Integration and o-existence 22

IPv 6 Tunneling Scenarios in IPv 4 Integration and o-existence 22

Isolated Dual-Stack Host l Encapsulation can be done by edge routers between hosts or

Isolated Dual-Stack Host l Encapsulation can be done by edge routers between hosts or between a host and a router. Integration and o-existence 23

Deploying Tunnels 1. 2. 3. 4. 5. 6. 7. Configured Tunnels (Manual) Tunnel Broker

Deploying Tunnels 1. 2. 3. 4. 5. 6. 7. Configured Tunnels (Manual) Tunnel Broker Tunnel Server 6 to 4 GRE Tunnels Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) Automatic IPv 4 -compatible tunnel Integration and o-existence 24

1. Configured Tunnels (Manual) l l l The very first transition mechanism supported by

1. Configured Tunnels (Manual) l l l The very first transition mechanism supported by IPv 6 Configured tunnels are enabled and configured statically on dual-stack nodes. A manually configured tunnel is equivalent to a permanent link between two IPv 6 domains over an IPv 4 backbone. The primary use is for stable connections that require regular secure communication between two edge routers or between an end system and an edge router, or for connection to remote IPv 6 networks. The host or router at each end of a configured tunnel must support both the IPv 4 and IPv 6 protocol stacks. Integration and o-existence 25

1. Configured Tunnels (Manual) contd. l l l An IPv 6 address is manually

1. Configured Tunnels (Manual) contd. l l l An IPv 6 address is manually configured on a tunnel interface, and manually configured IPv 4 addresses are assigned to the tunnel source and the tunnel destination. Manually configured tunnels can be configured between border routers or between a border router and a host. On each side of a configured tunnel, IPv 4 and IPv 6 addresses must be assigned manually to configure the tunnel interface. Local IPv 4 address l Used as the source IPv 4 address for outbound traffic Far-end IPv 4 address l Used as the destination IPv 4 for outbound traffic Local IPv 6 address l Assigned locally to the tunnel interface Integration and o-existence 26

Enabling configured Tunnels on Cisco Integration and o-existence 27

Enabling configured Tunnels on Cisco Integration and o-existence 27

Addresses Assigned to a configured Tunnel Interface l l IPv 6 addresses assigned to

Addresses Assigned to a configured Tunnel Interface l l IPv 6 addresses assigned to both ends of the tunnel are within the same subnet IPv 6 routing must be configured properly to enable forwarding of IPv 6 packets between the two IPv 6 networks. Integration and o-existence 28

Enabling a Configured Tunnel: Example Integration and o-existence 29

Enabling a Configured Tunnel: Example Integration and o-existence 29

Example of a Configured Tunnel - 1 Integration and o-existence 30

Example of a Configured Tunnel - 1 Integration and o-existence 30

2. Tunnel Broker l l l It is an external system, rather than a

2. Tunnel Broker l l l It is an external system, rather than a router that acts as a server on the IPv 4 networks and that receives requests for tunnelling from dual-stack nodes. Requests are sent over IPv 4 by dual-stack nodes to the tunnel broker using HTTP. End users can fill a webpage to request a configured tunnel The tunnel-broker sends back information over HTTP to the dual-stack nodes such as the IPv 4 addresses, IPv 6 addresses, default IPv 6 routes to apply for the establishment of a configured tunnel to a dual-stack router. Tunnel-broker remotely applies commands on a dual-stack router to enable a configured tunnel. Integration and o-existence 31

2. Tunnel Broker Integration and o-existence 32

2. Tunnel Broker Integration and o-existence 32

3. Tunnel Servers l l l Simplified mode of tunnel broker & considered an

3. Tunnel Servers l l l Simplified mode of tunnel broker & considered an open model It combines the broker and dual-stack router in the same system. Request method is still HTTP over IPv 4 Dual-stack host on an IPv 4 network reaches tunnel server using HTTP End user fills the web form and receives the config. End user applies the configuration to his dual-stack host to enable configured tunnel Integration and o-existence 33

3. Tunnel Servers Tunnel server locally applies the far-end configuration of the configured tunnel.

3. Tunnel Servers Tunnel server locally applies the far-end configuration of the configured tunnel. At this time, when the configuration is applied on the both ends, configured tunnel is fully established and can be used. Integration and o-existence 34

4. 6 to 4 Tunnels l l l An automatic 6 to 4 tunnel

4. 6 to 4 Tunnels l l l An automatic 6 to 4 tunnel may be configured on a border router in an isolated IPv 6 network, which creates a tunnel on a per-packet basis to a border router in another IPv 6 network over an IPv 4 infrastructure. The key difference between automatic 6 to 4 tunnels and manually configured tunnels is that the tunnel is not point-topoint; it is point-to-multipoint. “Connection of IPv 6 Domains via IPv 4 Clouds without Explicit Tunnels", provides a solution to the complexity problem of using manually configured tunnels by specifying a unique routing prefix for each end-user site that carries an IPv 4 tunnel endpoint address Integration and o-existence 35

Automatic 6 to 4 Tunnels l l The simplest deployment scenario for 6 to

Automatic 6 to 4 Tunnels l l The simplest deployment scenario for 6 to 4 tunnels is to interconnect multiple IPv 6 sites, each of which has at least one connection to a shared IPv 4 network. This IPv 4 network could be the global Internet or a corporate backbone. The key requirement is that each site have a globally unique IPv 4 address; the Cisco IOS software uses this address to construct a globally unique 6 to 4/48 IPv 6 prefix. As with other tunnel mechanisms, appropriate entries in a Domain Name System (DNS) that map between hostnames and IP addresses for both IPv 4 and IPv 6 allow the applications to choose the required address. Integration and o-existence 36

6 to 4 Tunnels Integration and o-existence 37

6 to 4 Tunnels Integration and o-existence 37

Characteristic l Automatic Tunneling l l Enabled at the Edge of the site l

Characteristic l Automatic Tunneling l l Enabled at the Edge of the site l l l Tunneling of IPv 6 packets between 6 to 4 sites is done dynamically according to the destination IPv 6 addresses of packets originating from IPv 6 nodes on 604 sites. 6 to 4 should be enabled in border routers at the edge of sites. 6 to 4 routers must be able to reach other 6 to 4 sites and 6 to 4 routers using IPv 4 routing infrastructure Automatic prefix assignment l l l Provides one aggregatable global unicast IPv 6 prefix to each 6 to 4 site – based on the 2002: : /16 address space Each 6 to 4 site uses on globally unicast IPv 4 address assigned on a router This Ipv 4 address is converted into hexadecimal format and is appended to the 2002: : /16 prefix Final representation – 2002: : ipv address: : /48 Each site gets one /48 prefix. Integration and o-existence 38

6 to 4 routers Integration and o-existence 39

6 to 4 routers Integration and o-existence 39

End-to-End IPv 6 session Between IPv 6 hosts Through 6 to 4 Routers Integration

End-to-End IPv 6 session Between IPv 6 hosts Through 6 to 4 Routers Integration and o-existence 40

Enabling 6 to 4 Router Configuration on Cisco Integration and o-existence 41

Enabling 6 to 4 Router Configuration on Cisco Integration and o-existence 41

Enabling 6 to 4 Router Configuration on Cisco (contd. ) Integration and o-existence 42

Enabling 6 to 4 Router Configuration on Cisco (contd. ) Integration and o-existence 42

Enabling 6 to 4 Router Configuration on Cisco – Example Integration and o-existence 43

Enabling 6 to 4 Router Configuration on Cisco – Example Integration and o-existence 43

ACL Rule l l No IP ACL denying protocol 41. With 6 to 4,

ACL Rule l l No IP ACL denying protocol 41. With 6 to 4, following ACLs are recommended l l l Inbound ipv 4 packets with protocol 41 from any source address on the IPv 4 Internet permit 41 any host 132. 214. 1. 10 (incoming 6 to 4 traffic) permit 41 host 132. 214. 1. 10 any (outgoing 6 to 4 traffic) Integration and o-existence 44

6 to 4 Relay Service l l l To allow hosts and networks using

6 to 4 Relay Service l l l To allow hosts and networks using 6 to 4 addresses to exchange traffic with hosts using "native" IPv 6 addresses, "relay routers" have been established. A relay router connects to an IPv 4 network and an IPv 6 network. 6 to 4 packets arriving on an IPv 4 interface will have their IPv 6 payloads routed to the IPv 6 network, while packets arriving on the IPv 6 interface with a destination address prefix of 2002: : /16 will be encapsulated and forwarded over the IPv 4 network. A 6 to 4 relay service is a 6 to 4 border router that offers traffic forwarding to the IPv 6 Internet for remote 6 to 4 border routers. A 6 to 4 relay forwards packets that have a 2002: : /16 source prefix. 6 to 4 tunnels and connections to a 6 to 4 relay service need not be requested or negotiated between customers and the ISP. Integration and o-existence 45

6 to 4 Relay Service l l To allow a 6 to 4 router

6 to 4 Relay Service l l To allow a 6 to 4 router to communicate with the native IPv 6 Internet, it must have its IPv 6 default gateway set to a 6 to 4 address which contains the IPv 4 address of a 6 to 4 relay router. To avoid the need for users to set this up manually, the 6 to 4 relay anycast address of 192. 88. 99. 1 (which when wrapped in 6 to 4 with the subnet and hosts fields zero becomes 2002: c 058: 6301: : ) has been allocated for the purpose of sending packets to a relay router. For routing reasons the whole of 192. 88. 99. 0/24 has been allocated for routes pointed at 6 to 4 relay routers that use the anycast IP. Providers willing to provide 6 to 4 service to their clients or peers should advertise the anycast prefix like any other IP prefix, and route the prefix to their 6 to 4 relay. Integration and o-existence 46

Configuring 6 to 4 Relay Service l l Anycast IPv 4 prefix is supported

Configuring 6 to 4 Relay Service l l Anycast IPv 4 prefix is supported in Cisco IOS. Cisco router can act as a 6 to 4 relay with the anycast IPv 4 prefix. Integration and o-existence 47

IPv 6 -Only-to-IPv 4 -Only Transition Mechanisms Integration and o-existence

IPv 6 -Only-to-IPv 4 -Only Transition Mechanisms Integration and o-existence

IPv 6 -Only-to-IPv 4 -Only Communication l l l Networks made of native IPv

IPv 6 -Only-to-IPv 4 -Only Communication l l l Networks made of native IPv 6 only and IPv 4 -only protocols have to interact and co-exist. Full interaction between the two types of networks is mandatory to maintain complete compatibility between both protocols. Examples: l l l A node in an IPv 6 -only domain sending an email using SMTP to a destination node in an IPv 4 -only domain. A node in an IPv 4 -Only domain replying to the source IPv 6 Only node in the IPv 6 domain. Nodes in an IPv 4 domain connecting using HTTP to a destination web server running in an IPv 6 domain. Integration and o-existence 49

Methods Two methods are used to provide communication between IPv 6 -only and IPv

Methods Two methods are used to provide communication between IPv 6 -only and IPv 4 only domains: l 1. 2. Application-Level Gateways (ALGs) NAT-PT Integration and o-existence 50

Application-Level Gateways (ALGs) l ALG technique is a network architecture in which gateways with

Application-Level Gateways (ALGs) l ALG technique is a network architecture in which gateways with dual-stack support allow nodes in an IPv 6 -only domain to interact with nodes on IPv 6 only domain Integration and o-existence 51

Application-Level Gateways (ALGs) l l IPv 6 host A establishes an IP session to

Application-Level Gateways (ALGs) l l IPv 6 host A establishes an IP session to the IPv 4 -only server B through ALG C maintains one independent session with the IPv 6 only host A using IPv 6 as the transport protocol and another independent session with the IPv 4 only server B over IPv 4. ALG C converts the IPv 6 session into IPv 4, and vice versa. ALG C has dual-stack support. Integration and o-existence 52

NAT-PT l l Network Address Translation - Protocol Translation (NAT-PT) is an IPv 6

NAT-PT l l Network Address Translation - Protocol Translation (NAT-PT) is an IPv 6 -IPv 4 translation mechanism, as defined in RFC 2765 and RFC 2766, allowing IPv 6 -only devices to communicate with IPv 4 -only devices and vice versa. Before implementing NAT-PT, you must configure IPv 4 and IPv 6 on the router interfaces that need to communicate between IPv 4 -only and IPv 6 -only networks. Using a protocol translator between IPv 6 and IPv 4 allows direct communication between hosts speaking a different network protocol. Users can use either static definitions or IPv 4 -mapped definitions for NAT-PT operation. Integration and o-existence 53

IPv 6 -Only node A communicates with IPv 4 only node B through a

IPv 6 -Only node A communicates with IPv 4 only node B through a NAT-PT device Integration and o-existence 54

NAT-PT Operations Integration and o-existence 55

NAT-PT Operations Integration and o-existence 55

NAT-PT l l l One of the benefits of NAT-PT is that no changes

NAT-PT l l l One of the benefits of NAT-PT is that no changes are required to existing hosts because all the NATPT configurations are performed at the NAT-PT router. NAT-PT should not be used when other native communication techniques exist. Types of NAT-PT 1. 2. 3. Static NAT-PT Dynamic NAT-PT PAT Integration and o-existence 56

Static NAT-PT Operation l l Static NAT-PT uses static translation rules to map one

Static NAT-PT Operation l l Static NAT-PT uses static translation rules to map one IPv 6 address to one IPv 4 address. IPv 6 network nodes communicate with IPv 4 network nodes using an IPv 6 mapping of the IPv 4 address configured on the NAT-PT router. Static NAT-PT is useful when applications or servers require access to a stable IPv 4 address. Accessing an external IPv 4 DNS server is an example where static NAT PT can be used. Integration and o-existence 57

Static NAT-PT Operation l l l The NAT-PT device is configured to map the

Static NAT-PT Operation l l l The NAT-PT device is configured to map the source IPv 6 address for node A of 2001: 0 db 8: bbbb: 1: : 1 to the IPv 4 address 192. 168. 99. 2. NAT-PT is also configured to map the source address of IPv 4 node C, 192. 168. 30. 1 to 2001: 0 db 8: : a. When packets with a source IPv 6 address of node A are received at the NAT-PT router they are translated to have a destination address to match node C in the IPv 4 -only network. Integration and o-existence 58

Dynamic NAT-PT Operation l l l Dynamic NAT-PT allows multiple NAT-PT mappings by allocating

Dynamic NAT-PT Operation l l l Dynamic NAT-PT allows multiple NAT-PT mappings by allocating addresses from a pool. NAT-PT is configured with a pool of IPv 6 and/or IPv 4 addresses. At the start of a NAT-PT session a temporary address is dynamically allocated from the pool. The number of addresses available in the address pool determines the maximum number of concurrent sessions. The NAT-PT device records each mapping between addresses in a dynamic state table. Dynamic NAT-PT translation operation requires at least one static mapping for the IPv 4 DNS server. Integration and o-existence 59

Dynamic NAT-PT Operation l l l The NAT-PT device is configured with an IPv

Dynamic NAT-PT Operation l l l The NAT-PT device is configured with an IPv 6 access list, prefix list, or route map to determine which packets are to be translated by NAT-PT. A pool of IPv 4 addresses - 10. 21. 8. 1 to 10. 21. 8. 10 is configured When an IPv 6 packet to be translated is identified, NAT-PT uses the configured mapping rules and assigns a temporary IPv 4 address from the configured pool of IPv 4 addresses. After the IPv 6 to IPv 4 connection is established, the reply packets going from IPv 4 to IPv 6 take advantage of the previously established dynamic mapping to translate back from IPv 4 to IPv 6. If the connection is initiated by an IPv 4 -only host then the explanation is reversed. Integration and o-existence 60

Port Address Translation (PAT) or Overload l l PAT allows a single IPv 4

Port Address Translation (PAT) or Overload l l PAT allows a single IPv 4 address to be used among multiple sessions by multiplexing on the port number to associate several IPv 6 users with a single IPv 4 address. PAT can be accomplished through a specific interface or through a pool of addresses. Integration and o-existence 61

Implementing NAT-PT 5. Configuring Basic IPv 6 to IPv 4 Connectivity for NAT-PT (required)

Implementing NAT-PT 5. Configuring Basic IPv 6 to IPv 4 Connectivity for NAT-PT (required) Configuring IPv 4 -Mapped NAT-PT (required) Configuring Mappings for IPv 6 Hosts Accessing IPv 4 Hosts (required) Configuring Mappings for IPv 4 Hosts Accessing IPv 6 Hosts (optional) Configuring Port Address Translation 6. Verifying NAT-PT Configuration and Operation (optional) 1. 2. 3. 4. Integration and o-existence 62

1. Configuring Basic IPv 6 to IPv 4 Connectivity for NAT-PT l NAT-PT Prefix

1. Configuring Basic IPv 6 to IPv 4 Connectivity for NAT-PT l NAT-PT Prefix l An IPv 6 prefix with a prefix length of 96 must be specified for NAT-PT to use. l The IPv 6 prefix can be a unique local unicast prefix, a subnet of allocated IPv 6 prefix, or even an extra prefix obtained from ISP. l The NAT-PT prefix is used to match a destination address of an IPv 6 packet. l If the match is successful, NAT-PT will use the configured address mapping rules to translate the IPv 6 packet to an IPv 4 packet. l The NAT-PT prefix can be configured globally or with different IPv 6 prefixes on individual interfaces. l Using a different NAT-PT prefix on several interfaces allows the NAT-PT router to support an IPv 6 network with multiple exit points to IPv 4 networks. Integration and o-existence 63

Configuring NAT-PT Prefix l l l l ipv 6 nat prefix ipv 6 -prefix/prefix-length

Configuring NAT-PT Prefix l l l l ipv 6 nat prefix ipv 6 -prefix/prefix-length interface type number ipv 6 address ipv 6 -prefix {/prefix-length | link-local} ipv 6 nat exit interface type number ip address ip-address mask [secondary] ipv 6 nat Integration and o-existence 64

2. Configuring IPv 4 -Mapped NAT-PT l l To enable customers to send traffic

2. Configuring IPv 4 -Mapped NAT-PT l l To enable customers to send traffic from their IPv 6 network to an IPv 4 network without configuring IPv 6 destination address mapping. Commands l l l interface type number ipv 6 nat prefix ipv 6 -prefix v 4 -mapped {access-list-name | ipv 6 -prefix} Example: l l Router(config)# interface ethernet 3/1 Router(config-if)# ipv 6 nat prefix 2001: : /96 v 4 -mapped v 4 map_acl Integration and o-existence 65

3. Configuring Mappings for IPv 6 Hosts Accessing IPv 4 Hosts l l To

3. Configuring Mappings for IPv 6 Hosts Accessing IPv 4 Hosts l l To configure static or dynamic IPv 6 to IPv 4 address mappings. The dynamic address mappings include assigning a pool of IPv 4 addresses and using an access list, prefix list, or route map to define which packets are to be translated. l l l l ipv 6 nat v 6 v 4 source ipv 6 -address ipv 4 -address or ipv 6 nat v 6 v 4 source {list access-list-name | route-map map-name} pool name ipv 6 nat v 6 v 4 pool name start-ipv 4 end-ipv 4 prefix-length ipv 6 nat translation [max-entries number] {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout | icmp-timeout} {seconds | never} ipv 6 access-list-name permit {protocol} {source-ipv 6 -prefix/prefix-length | any | host source-ipv 6 -address} [operator [port-number]] {destination-ipv 6 -prefix/prefixlength | any | host destination-ipv 6 -address} exit show ipv 6 nat translations [icmp | tcp | udp] [verbose] show ipv 6 nat statistics Integration and o-existence 66

ipv 6 nat translation command Integration and o-existence 67

ipv 6 nat translation command Integration and o-existence 67

4. Configuring Mappings for IPv 4 Hosts Accessing IPv 6 Hosts l To configure

4. Configuring Mappings for IPv 4 Hosts Accessing IPv 6 Hosts l To configure static or dynamic IPv 4 to IPv 6 address mappings. l Commands l l ipv 6 nat v 4 v 6 source ipv 4 -address ipv 6 -address or ipv 6 nat v 4 v 6 source list {access-list-number | name} pool name ipv 6 nat v 4 v 6 pool name start-ipv 6 end-ipv 6 prefix-length access-list {access-list-name | number} {deny | permit} [source-wildcard] [log] Example l Router(config)# ipv 6 nat v 4 v 6 source 10. 21. 8. 11 2001: 0 db 8: yyyy: : 2 or Router(config)# ipv 6 nat v 4 v 6 source list 1 pool v 6 pool l Router(config)# ipv 6 nat v 4 v 6 pool v 6 pool 2001: 0 db 8: yyyy: : 1 2001: 0 db 8: yyyy: : 2 prefix-length 128 l Router(config)# access-list 1 permit 192. 168. 30. 0. 0. 255 Integration and o-existence 68

5. Configuring Port Address Translation l ipv 6 nat v 6 v 4 source

5. Configuring Port Address Translation l ipv 6 nat v 6 v 4 source {list access-list-name | route-map map-name} pool name overload l Router(config)# ipv 6 nat v 6 v 4 source 2001: 0 db 8: yyyy: 1: : 1 10. 21. 8. 10 or l l l ipv 6 nat v 6 v 4 source {list access-list-name | route-map map-name} interface name overload l Router(config)# ipv 6 nat v 6 v 4 source list pt-list 1 pool v 4 pool overload ipv 6 nat v 6 v 4 pool name start-ipv 4 end-ipv 4 prefix-length l Router(config)# ipv 6 nat v 6 v 4 pool v 4 pool 10. 21. 8. 10 prefix-length 24 ipv 6 nat translation [max-entries number] {timeout | udp-timeout | dns-timeout | tcptimeout | finrst-timeout | icmp-timeout} {seconds | never} l Router(config)# ipv 6 nat translation udp-timeout 600 ipv 6 access-list-name l Router(config)# ipv 6 access-list pt-list 1 permit {protocol} {source-ipv 6 -prefix/prefix-length | any | host source-ipv 6 -address} [operator [port-number]] {destination-ipv 6 -prefix/prefix-length | any | host destination-ipv 6 address} l Router(config-ipv 6 -acl)# permit ipv 6 2001: 0 db 8: bbbb: 1: : /64 any Integration and o-existence 69

Static NAT-PT Configuration: Example interface Ethernet 3/1 ipv 6 address 2001: 0 db 8:

Static NAT-PT Configuration: Example interface Ethernet 3/1 ipv 6 address 2001: 0 db 8: 3002: : 9/64 ipv 6 enable ipv 6 nat ! interface Ethernet 3/3 ip address 192. 168. 30. 9 255. 0 ipv 6 nat ! ipv 6 nat v 4 v 6 source 192. 168. 30. 1 2001: 0 db 8: 0: : 2 ipv 6 nat v 6 v 4 source 2001: 0 db 8: bbbb: 1: : 1 10. 21. 8. 10 ipv 6 nat prefix 2001: 0 db 8: 0: : /96 Integration and o-existence 70

Enabling Traffic to be Sent from an IPv 6 Network to an IPv 4

Enabling Traffic to be Sent from an IPv 6 Network to an IPv 4 Network without Using IPv 6 Dastination Address Mapping: Example ipv 6 nat prefix 2000: : /96 v 4 -mapped v 4 map_acl ipv 6 access-list v 4 map_acl permit ipv 6 2001: : /96 2000: : /96 Integration and o-existence 71

Dynamic NAT-PT Configuration for IPv 6 Hosts Accessing IPv 4 Hosts: Example interface Ethernet

Dynamic NAT-PT Configuration for IPv 6 Hosts Accessing IPv 4 Hosts: Example interface Ethernet 3/1 ipv 6 address 2001: 0 db 8: bbbb: 1: : 9/64 ipv 6 enable ipv 6 nat ! interface Ethernet 3/3 ip address 192. 168. 30. 9 255. 0 ipv 6 nat ! ipv 6 nat v 4 v 6 source 192. 168. 30. 1 2001: 0 db 8: 0: : 2 ipv 6 nat v 6 v 4 source list pt-list 1 pool v 4 pool ipv 6 nat v 6 v 4 pool v 4 pool 10. 21. 8. 10 prefix-length 24 ipv 6 nat translation udp-timeout 600 ipv 6 nat prefix 2001: 0 db 8: 1: : /96 ! ipv 6 access-list pt-list 1 permit ipv 6 2001: 0 db 8: bbbb: 1: : /64 any Integration and o-existence 72

Dynamic NAT-PT Configuration for IPv 4 Hosts Accessing IPv 6 Hosts Example interface Ethernet

Dynamic NAT-PT Configuration for IPv 4 Hosts Accessing IPv 6 Hosts Example interface Ethernet 3/1 ipv 6 address 2001: 0 db 8: bbbb: 1: : 9/64 ipv 6 enable ipv 6 nat ! interface Ethernet 3/3 ip address 192. 168. 30. 9 255. 0 ipv 6 nat ! ipv 6 nat v 4 v 6 source list pt-list 2 pool v 6 pool ipv 6 nat v 4 v 6 pool v 6 pool 2001: 0 db 8: 0: : 1 2001: 0 db 8: 0: : 2 prefix-length 128 ipv 6 nat v 6 v 4 source 2001: 0 db 8: bbbb: 1: : 1 10. 21. 8. 0 ipv 6 nat prefix 2001: 0 db 8: 0: : /96 ! access-list pt-list 2 permit 192. 168. 30. 0. 0. 255 Integration and o-existence 73

Lab-Exercise l Case-study: Using IPv 6 Integration and coexistence strategies using Cisco routers Integration

Lab-Exercise l Case-study: Using IPv 6 Integration and coexistence strategies using Cisco routers Integration and o-existence 74

Q&A Integration and o-existence

Q&A Integration and o-existence