Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5897
Views
0
Helpful
11
Replies

IPv6 Migration from IPv4

rsrikant
Level 1
Level 1

‎12-08-2018 08:26 PM - edited ‎03-01-2019 05:56 PM

We have a small organization with IPv4 address.

We are planning to migrate to IPv6 addresses. I have the below basic questions which I need to clarify.

1- What is the standard practice for migrating from IPv4 to IPv6 ? Should we only consider migrating the internet facing segments to IPv6 or should we also consider migrating our internal private segments also ?

2 - Like IPv4, is there any private IP Addressing spacing in IPv6 ?

 

Labels:
0 Helpful
11 Replies 11

balaji.bandi
Hall of Fame
Hall of Fame

‎12-08-2018 09:31 PM

You need to consider couple facts here.

 

1. Why do you need to ipv6 ? is the exiting IPv4 address space not enough for you.

2. Do you have your Own IPv6 address space allocated to your organisations.

3. or your provider able to provide routable ipv6 address space for you.

 

Organisation question :

 

1. does all your device support IPv6

2. you can use RFC 1918 address space same like ipv4 as below link give you address space :

https://en.wikipedia.org/wiki/Private_network

3. If you provider not accepting ipv6 then you need to do Ipv6 to ipv4 conversion before you sending to internet.

4. you can not remember ipv6 address as easy you do with ipv4, so you need DNS naming convention setup correctly.

 

Personally my view still overall 60% - 90% of the internet world uses ipv4 address space.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

rsrikant
Level 1
Level 1
In response to balaji.bandi

‎12-09-2018 06:02 AM

Thanks.

My service provider is going to provide routable ipv6 address space for me.

Regarding my question what is the standard practice for internal private IP4 address which are used only internally & never exposed to internet.

Is it required to migrate those private IPV4 address to private IPV6 address ?

What is the standard & recommended practice every organization do ? 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to rsrikant

‎12-09-2018 08:20 AM

If you have valid IPv6  you can use that on outside, and you can retain ipv4 as it is for now, until you like to migrate them ipv6 RFC 1981 private address space.

 

 

There is no standard as per i know, it all depends on how business like to move forward. since most of the legacy  devices in enterprise may not be ready with IPv6.

 

so its all business call, but most of the standard is they retain both and Ipv4 and Ipv6, when ipv6 devices ready, then slowly move.

 

if you have outside ipv6 and ipv4 internal you need to consder NAT64.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Harold Ritter
Spotlight
Spotlight

‎12-10-2018 08:57 AM

Hi,

 

1- For enterprise customers, I normally recommend to start deploying IPv6 in the Internet facing part of your network. The internal network can then follow. It is normally recommended to deploy IPv6 to the current IPv4 based network, therefore making it dual stack.

 

2- In the IPv6 world, there are addresses that are similar to RFC1918 addreses. They are referred to as unique local addreses (ULA). It is recommended to deploy global IPv6 addresses in your internal network, which allows internal users to reach the Internet without using NAT.

 

Regards,  

 

 

 

 

Regards,
Harold Ritter, CCIE #4168 (EI, SP)
0 Helpful

rsrikant
Level 1
Level 1
In response to Harold Ritter

‎12-10-2018 10:53 PM

Thanks.

 

In the IPv6 world, there are addresses that are similar to RFC1918 addreses. They are referred to as unique local addreses (ULA). It is recommended to deploy global IPv6 addresses in your internal network, which allows internal users to reach the Internet without using NAT.

 

Regarding the above statement,  I understand that we can use either ULA or global IPv6 address for the internal network.

If we use global IPv6 address should we consider about security. Is there any security concerns ?

 

As you have mentioned it is the recommended way, it is only because we can avoid NAT or is there any other reasons to use global IPv6 address for internal.

 

 

0 Helpful

rsrikant
Level 1
Level 1
In response to Harold Ritter

‎12-10-2018 10:53 PM

Thanks.

 

In the IPv6 world, there are addresses that are similar to RFC1918 addreses. They are referred to as unique local addreses (ULA). It is recommended to deploy global IPv6 addresses in your internal network, which allows internal users to reach the Internet without using NAT.

 

Regarding the above statement,  I understand that we can use either ULA or global IPv6 address for the internal network.

If we use global IPv6 address should we consider about security. Is there any security concerns ?

 

As you have mentioned it is the recommended way, it is only because we can avoid NAT or is there any other reasons to use global IPv6 address for internal.

 

 

0 Helpful

Harold Ritter
Spotlight
Spotlight
In response to rsrikant

‎12-11-2018 06:26 AM

Yes, you need to have proper FW configuration to avoid exposing the internal devices.

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)
0 Helpful

Yinchuan
Level 1
Level 1
In response to rsrikant

‎01-14-2019 10:23 AM

https://tools.ietf.org/html/rfc4864 is a good read if you are thinking private addressing and your network's security border.

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni

‎12-11-2018 02:35 AM

Hi there,

I recommend you have a read of RFC7381:

https://tools.ietf.org/rfc/rfc7381.txt

 

...it answers a huge range of questions you may have or may not have though of yet and provides plenty additional references to dig even further into the topic.

 

cheers,

Seb.

0 Helpful

rsrikant
Level 1
Level 1
In response to Seb Rupik

‎12-30-2018 10:12 PM

Attached is the reference from Cisco IPv6 document. Not exactly getting regarding the loopback address. Can one knows pls explain what exactly the sentence means regarding loopback address
Preview file
31 KB
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎01-10-2019 10:09 PM - edited ‎01-10-2019 10:10 PM

Hi,

Yes, there is private address same as IPV4 called as ULA. But it is required NATing to access the Internet. The Best way to implement that IPv6 as Global address space, of course, You must check your NGFW documents about security configurations as best practice as well. 

 

Now to come on the point what is the best way to implement IPv6 address as Dual Stack. As per recommendation form expertise, If you are working on routing environment then must keep sperate routing protocol as Ipv4 is working on EIGRP then you can choose OSPF for IPv6. The idea behind the sperate routing protocol to avoid any downtime or routing issues.

 

If you are working on layer 2 network then you can use dual IP address configuration on the same SVI. But Here, I want to mention you about your DNS query and behavior with IPv6. The End-user system will give priority to IPv6 network for DNS and HTTP/HTTPS traffic. So if you're not getting Global IPv6 from your ISP then you must be implemented NAT64.

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents