12-22-2012 11:44 AM - edited 03-01-2019 05:38 PM
Hi all,
I need your advice and direction about the IPv6 deployment.
Currently, we have a typical IPv4 network without AS, only block /28 addresses from ISP . Soon, we plan to upgrade our network using new switches (core), ASA, two routers in the Internet Edge, dual links/dual ISP and establish BGP sessions. At this point, we can get PI-addresses only from the new IPv6 scope. Now, I am preparing a few questions for ISP, parallely i think about scenarios of IPv6 in my network. I think I am not ready to change IPv4 addresses on the core, access layers (hosts of users, servers), at first only for Internet Edge. Some questions, can i use "dual-stack" scenario in the Internet Edge? Is the better scenario using RD with ISATAP, when IPv6 addresses in the Internet Edge or NAT64/NAT46? Or any suggestions?
Thanks.
Solved! Go to Solution.
12-23-2012 01:05 AM
Hi,
Are you saiying that you can't get a PI IPv4 prefix?
There is nothing stopping you from running dual stack on your Internet edge today.
If you have only one ISP now you can use a private ASN to advertise your PI IPv6 prefix to them.
If however you want to multi-home your Internet connectivity to two different ISPs in the future then you will need a public ASN in order to advertise your PI.
The simplest method to implement IPv6 is to deploy dual stack. Running RD with ISATAP adds unnecessary complexity to your network.
Cheers
Sean
12-23-2012 01:05 AM
Hi,
Are you saiying that you can't get a PI IPv4 prefix?
There is nothing stopping you from running dual stack on your Internet edge today.
If you have only one ISP now you can use a private ASN to advertise your PI IPv6 prefix to them.
If however you want to multi-home your Internet connectivity to two different ISPs in the future then you will need a public ASN in order to advertise your PI.
The simplest method to implement IPv6 is to deploy dual stack. Running RD with ISATAP adds unnecessary complexity to your network.
Cheers
Sean
12-23-2012 09:52 AM
Hi, Sean
Thank you for your answer.
Yes, now we can't get a PI IPv4 prefix.
But one more question. Previously, when we thought that we would have got a PI IPv4 prefix, we planned that the NAT will be on the ASA, which has default gateway the IPv4 address of the router (the HA design with the HSRP/multi-homed/BGP). At this point, if we can get only IPv6 prefix, will we use the NAT46/NAT64 on the ASA, or not? Please, if possible, explain in detail.
Thanks.
12-23-2012 04:06 PM
Hi,
If you want to run NAT46/NAT64 on your ASA you need to be install version 9.0. The following link provides details:
http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/nat_overview.html
If you can't get an IPv4 PI then talk to your ISP to see they support any of the technologies listed in this whitepaper, eg 6RD, DS-Lite, NAT46 etc.
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/white_paper_c11-558744-00.html
Cheers
Sean
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide