cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3746
Views
5
Helpful
3
Replies

IPv6 with BGP

Vitaliy Tsoy
Level 1
Level 1

Hi all,

I need your advice and direction about the IPv6 deployment.
Currently, we have a typical IPv4 network without AS, only block /28 addresses from ISP . Soon, we plan to upgrade our network using new switches (core), ASA, two routers in the Internet Edge, dual links/dual ISP and establish BGP sessions. At this point, we can get PI-addresses only from the new IPv6 scope. Now, I am preparing a few questions for ISP, parallely i think about scenarios of IPv6 in my network. I think I am not ready to change IPv4 addresses on the core, access layers (hosts of users, servers), at first only for Internet Edge. Some questions, can i use "dual-stack" scenario in the Internet Edge? Is the better scenario using RD with ISATAP, when IPv6 addresses in the Internet Edge or NAT64/NAT46? Or any suggestions?

Thanks.

1 Accepted Solution

Accepted Solutions

sean_evershed
Level 7
Level 7

Hi,

Are you saiying that you can't get a PI IPv4 prefix?

There is nothing stopping you from running dual stack on your Internet edge today.

If you have only one ISP now you can use a private ASN to advertise your PI IPv6 prefix to them.

If however you want to multi-home your Internet connectivity to two different ISPs in the future then you will need a public ASN in order to advertise your PI.

The simplest method to implement IPv6 is to deploy dual stack. Running RD with ISATAP adds unnecessary complexity to your network.

Cheers

Sean

View solution in original post

3 Replies 3

sean_evershed
Level 7
Level 7

Hi,

Are you saiying that you can't get a PI IPv4 prefix?

There is nothing stopping you from running dual stack on your Internet edge today.

If you have only one ISP now you can use a private ASN to advertise your PI IPv6 prefix to them.

If however you want to multi-home your Internet connectivity to two different ISPs in the future then you will need a public ASN in order to advertise your PI.

The simplest method to implement IPv6 is to deploy dual stack. Running RD with ISATAP adds unnecessary complexity to your network.

Cheers

Sean

Hi, Sean

Thank you for your answer.

Yes, now we can't get a PI IPv4 prefix.

But one more question. Previously, when we thought that we would have got a PI IPv4 prefix, we planned that the NAT will be on the ASA, which has default gateway the IPv4 address of the router (the HA design with the HSRP/multi-homed/BGP). At this point, if we can get only IPv6 prefix, will we use the NAT46/NAT64 on the ASA, or not? Please, if possible, explain in detail.

Thanks.

Hi,

If you want to run NAT46/NAT64 on your ASA you need to be install version 9.0. The following link provides details:

http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/nat_overview.html

If you can't get an IPv4 PI then talk to your ISP to see they support any of the technologies listed in this whitepaper, eg 6RD, DS-Lite, NAT46 etc.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/white_paper_c11-558744-00.html

Cheers

Sean