With Chip Nielsen
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about deploying IPv6 in an enterprise environment with expert Chip Nielsen.
IPv6 is the latest revision of the Internet Protocol and is intended as a replacement for IPv4. As public IPv4 address space continues to be exhausted, IPv6 is becoming more important to the enterprise. In this session, we will discuss the current state of IPv6 deployment and how to deploy IPv6 in your network.
Chip Nielsen (CCIE no. 12369) is a network consulting engineer with Advanced Services Enterprise West. During his eight-year tenure at Cisco, Chip has worked on several global enterprise design and implementation projects. These projects ranged from IPv6 migration planning to provider-managed MPLS WAN design. As an IPv6 Forum Fellow, he has also participated extensively in the IPv6 Forum education programs. In addition, Chip is a proctor for the IPv6 Hands-On Lab at Cisco Live. Prior to Cisco, Chip held various enterprise/commercial consulting and engineering roles in his 14-year networking career.
Remember to use the rating system to let Chip know if you have received an adequate response.
Chip might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation in Network Infrastructure community, sub-community, IPv6 Integration and Transition discussion forum shortly after the event. This event lasts through February 28, 2014. Visit this forum often to view responses to your questions and the questions of other community members.
Dear Community member,
Please help me on the cisco 888 g.shdsl router to configure
1. The ISP connected by WAN IP Address (172.24.14.10 - 172.24.14.11 255.255.255.252) to the router in wan port(fe4)
2. The public ip address given by the ISP is (188.8.131.52 184.108.40.206) 15 ip address's
3. I have 2 DVR's to be directly connected to the public by using only public ip address (220.127.116.11 18.104.22.168)
4. I have 2 NVR's to be port forwarded from private ip to public ip address nvr ip (192.168.11.10-22.214.171.124) (192.168.11.11-126.96.36.199)
5. I have local area network to be connected to internet (192.168.10.2-254)
6. I am using unmanaged switch to access all network equipments
Please giude me on this
Naveen Kumar K
Thank you for your question. You may want to post your question once more to the WAN, Routing and Switching community here:
We thank you for your participation as always.
Thank you for covering this topic. My question is can you deploy routing protocols using only link local addresses? Please advise.
Thank you for your question. This topic comes up frequently when discussing IPv6.
It is possible to use only link-local addresses for routing within your network. Most IPv6 routing protocols use link-local for neighbor relationships by default. However, each router requires a loopback interface with a unique-local or global IPv6 address for management purposes. There are caveats to this deployment model:
In my experience, customer are deploying global IPv6 addresses on all infrastructure links for management reasons.
If you're interested, a recent internet draft (draft-ietf-opsec-lla-only-07) covers this topic in more detail.
Hope that helps,
Not sure if this question belongs in this thread or the MPLS forum.
My question is has there has been any progress made in developing MPLSv6 so that it supports LDPv6 natively over IPv6 without the need for an IPv4 MPLS core?
See the link below:
I reached out to the MPLS product manager for a current status.
LDPv6 is planned for IOS-XR 5.3.0. For IOS, it is on the roadmap. However, there is not a firm release date for IOS.
Do you have a requirement for LDPv6 in IOS?
Thanks for participating.
Let me address your questions.
It depends on your Internet deployment model. Do you need to advertise the same IPv6 range from multiple locations for multi-homing purposes? If so, provider independent space is a better option. Some ISPs might allow you to advertise provider-assigned space from different providers, so you may want to investigate that if you are unable to acquire PI space.
Dual stack is the preferred method for migration from IPv4 to IPv6.With proper planning, deploying dual stack IPv6 on your network infrastructure is fairly straight forward. Many customers start by deploying IPv6 in the core and then working out towards the edge of the network.
In your case, you'll need to work with your MPLS providers to verify if they support IPv6.
Servers and PCs represent a bigger challenge that the network due to application issues. It's important to engage the application teams and work with your vendors (e.g. SAP) to validate IPv6 support. In most cases, IPv6 rollout should not impact your IPv4-based applications though.
I recommend visiting ciscolive365.com and checking out the many great IPv6 presentations by my colleagues here at Cisco. There are sessions covering deployments such as yours that should help you in your planning.
Please let me know if you have any other questions.
Thanks for the reply.
I want some more clarity regarding which IPv6 address to use.
1. Since each of the my Sites use different ISP, Each ISP gives different IPv6 prefixes. So all the sites will be having different IPv6 prefix ,which will be difficult to manage. So can I use Unique Local Address (ULA FC00::/7 ) for my Sites and use NAT64 at internet edge. Is this method recommended ? ( I think my Management wont recommend any PI prefix )
2. Is there any good NAT64 translator available in the market ?
How to handle multi-site provider-aggregated prefixes is one of the biggest pain points in IPv6, not that it isn't equally painful in IPv4. Another big pain is multiple ISPs for a single site, ditto. There are various things people have tried, all with pro's and con's:
a) Live with the multiple prefixes, which works, but is a nuisance to document & route.
b) Big organizations can get provider-independent space; the University of Wisconsin-Madison is on its 3rd IPv6 prefix (the trajectory was 6bone prefix, PA prefix, PI prefix), after deciding they needed to do this and getting a /32. Makes in the in-house routing easy, but complicates peering and relationships with providers.
c) If all of your ISP's are toying with Cisco's experimental Location-ID separation protocol, get the PA address space from the provider of your biggest sites, and have the other ISP's tunnel your traffic. Nice for the customer, but hard to negotiate.
d) Use ULA's internally, with Cisco's experimental NAT66 prefix substitutions at the border. Beware! A lot of clients get horribly confused about which source address to use if they have both an fc00::/7 ULA prefix and a 2000::/3 global unicast prefix. Also, the NAT66 is header only, so v6 payloads with embedded addresses will break.
I'm squatting on a fair amount of public v4 and native v6, so I'm the wrong person to ask about NAT64, sorry.
-- Jim Leinweber, WI State Lab of Hygiene
Jim has done an excellent job of laying out the options.
This particular scenario requires NAT66/NPTv6 and not NAT64. However, the IPv6 community tends to steer people away from ULA with NPTv6 at the edge. One of the primary goals of IPv6 is restoring end-to-end connectivity and removing the requirement for NAT. With that in mind, global addressing is the preferred method. Whether that model is achievable in all scenarios remains to be seen and I expect we'll see more best practices developed as IPv6 deployment continues.
Currently, the Cisco ASA is the only Cisco platform that supports NAT66. However, NPTv6 is on the roadmap for IOS.
Since IPv6 isn't backwards compatible with IPv4 when do you think the cut off for IPv4 will be? And if so will it be a gracefull transition or a "lights off" transition?
That's a tough question.
I'm aware of enterprise customers with aggressive timelines for native IPv6 in the next 3-5 years. For commercial and small enterprise, the timeline will probably be longer. However, I've never been much of a prognosticator.
With a combination of dual stack and minimal use of translation, a graceful transition should be achievable.A "lights off" transition may occur in internal networks due to the operational overhead of dual stack. That scenario is much less likely for the Internet though.
Hopefully, IPv4 doesn't stick around forever.
Thanks for the reply. Another question I have is with networks that use encryptors such as Taclanes, how would this transition affect them? Would the Taclanes have to support IPv6 as well? Would all devices enterprise wise have to support IPv6?