Showing results for 
Search instead for 
Did you mean: 

IPv6 Deployment Guidance

Greetings to the forum. Let me start by admitting I am way behind here on deploying IPv6. I tried to get this moving last year but other projects were in front. Now its being requested so I am starting on a deployment plan for our network. I would like some general guidance on the use of some of the standard IPv4 tools and how to implement them with IPv6 versions. I have been doing significant amount of reading on the subject and am trying to nail down some best practices with regards to deploying IPv6.

First a little background. We have two sites: A collocated DC with most of our servers and networking gear and an office site connected via redundant 200Mbps Ethernet L3 links. At each site we have twin Core switches (4507R at colo site and 3750E series at the office). Using the typical multi-vlan for traffic segmentation at each site, with VLAN interfaces using HSRPv1. We use OSPF as our IGP (single area). We do not have any EGP as we just default route out of Cisco ASA's to our providers at each site (each site has its own Internet connection). The ASAs at the colo serve VPN connections for remote users and I redistribute the VPN host routes into OSPF for the VPN clients connectivity to our office site over VPN. The firewalls at each site also inject their default routes into OSPF. We use typical DHCP relay on the vlan interfaces.

So we want to continue supporting IPv4 and will run both IPv6 and v4 dual stack. I have a /48 IPv6 allocation from our Colo provider. So again would like some guidance on the best way to deploy IPv6. Specifics are as follows:

1. I have read that OSPFv3 is required to support IPv6. Should I run my existing OSPFv2 for existing v4 routing and run OSPFv3 for v6 or just run OSPFv3 for both using the address family feature

2. My switches all with the IP Services license or the Enterprise Services (4507R) do not seem to be able to do the OSPFv3 Address Families (router ospfv3 1 address-family ipv4)to use the same OSPF version for both protocols. I could not find any reference to the Address Families in the feature navigator for these switches. Anyone know if this is available for these.

3. We need to use HSRPv2 to support IPv6. I think v2 uses a different Multicast Address. Can I just add the command 'version 2' in the HSRP config without affecting my current v4 HSRP configurations and then add another HSRP group for the v6 addressing? Could it be that simple?

4. The issue of v6 NAT still seems to be hotly debated. I like NAT for what it can do for you when it comes to renumber time, not so much for any sort of security mechanism. Since we are at a colo a renumber is never out of the realm of possibility. I was going to roll with no NAT but just would like to get comments from others about what they think. I am just not sure either way.

5. My provider gave me a small allocation for the outside interface of my ASA. What I was going to do was not run NAT between the outside and inside interfaces, assign an IP out of my routed v6 allocation to the INSIDE interface, default route to the provider gear via the outside interface and small v6 allocation network, and then place an outside v6 ACL on the outside interface. Hosts on the inside interface would connect to the Internet using their assigned address from my v6 allocation and there would be no NAT. Does anyone see any reason this would not work? I am using v4 NAT so was wondering if it would be an issue to run NAT for v4 but not for v6?

As always thanks in advance for your help.

Everyone's tags (1)