Cisco press deploying IPv6 networks feb 2006 ISBN 1587052105

Publisher: Cisco Press Pub Date: February 10, 2006 Print ISBN-10: 1-58-705210-5 Print ISBN-13: 978-1-58705-210-1 Pages: 672 Configure and troubleshoot IPv6 networks IPv6 scales up to sup

By Ciprian Popoviciu, Eric Levy-Abegnoli,Patrick Grossetete

Publisher: Cisco Press Pub Date: February 10, 2006 Print ISBN-10: 1-58-705210-5 Print ISBN-13: 978-1-58705-210-1 Pages: 672

Configure and troubleshoot IPv6 networks

IPv6 scales up to support new services that require a very large addressing space; it is positioned to provide the infrastructure for a world where mobile devices, home

appliances, and phones will each have their own, unique IP address In the United States, major Enterprise customers interfacing with the Department of Defense, contractors such

as Boeing and Lockheed Martin, have expressed stronger interest in the technology due to their customer requests Microsoft considers IPv6 a strategic technology because it will

free the networks of NATs opening the door to peer-to-peer applications Deploying IPv6

Networks will present the service capabilities of IPv6, the features supporting these

services, and the ways in which they can be implemented in a scalable, production-level network The information will be presented in the context of the existing IPv4 operational and design concepts, anchoring the discussion to familiar ground and the environments

that will be incorporating the IPv6 services After completing Deploying IPv6 Networks the

reader will Understand the state of IPv6 technologies and services and the IPv6 features

as they are applied in service deployments In addition they will know how to design and implement an IPv6 production-level network, using the book's templates and examples Have the ability to configure and troubleshoot IPv6 in production networks and know where IPv6 developments are moving in the future.

By Ciprian Popoviciu, Eric Levy-Abegnoli,Patrick Grossetete

Publisher: Cisco Press Pub Date: February 10, 2006 Print ISBN-10: 1-58-705210-5 Print ISBN-13: 978-1-58705-210-1 Pages: 672

AC Network Environment

Business Drivers to Integrate IPv6 on the AC Network Learning the Technology

information storage and retrieval system, without written

permission from the publisher, except for the inclusion of briefquotations in a review

Printed in the United States of America 1 2 3 4 5 6 7 8 9 0First Printing February 2006

trademark or service mark

Warning and Disclaimer

This book is designed to provide information about the

deployment of IPv6 Every effort has been made to make thisbook as complete and as accurate as possible, but no warranty

or fitness is implied

The information is provided on an "as is" basis The author,Cisco Press, and Cisco Systems, Inc shall have neither liabilitynor responsibility to any person or entity with respect to anyloss or damages arising from the information contained in thisbook or from the use of the discs or programs that may

accompany it

The opinions expressed in this book belong to the author andare not necessarily those of Cisco Systems, Inc

technical community

Readers' feedback is a natural continuation of this process Ifyou have any comments regarding how we could improve thequality of this book, or otherwise alter it to better suit yourneeds, you can contact us through e-mail at

feedback@ciscopress.com Please make sure to include thebook title and ISBN in your message

Book/Cover Designer Louisa Adair

Compositor Interactive Composition Corporation Indexer Interactive Composition Corporation

Luxembourg • Malaysia • Mexico • The Netherlands • New

Zealand • Norway • Peru • Philippines • Poland • Portugal •Puerto Rico • Romania • Russia • Saudi Arabia • Scotland •

Singapore • Slovakia • Slovenia • South Africa • Spain •

Sweden • Switzerland • Taiwan • Thailand • Turkey • Ukraine •United Kingdom • United States • Venezuela • Vietnam •

Study are service marks of Cisco Systems, Inc.; and Aironet,ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco,the Cisco Certified Internetwork Expert logo, Cisco IOS, the

Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems

Capital, the Cisco Systems logo, Empowering the Internet

Generation, Enterprise/Solver, EtherChannel, EtherSwitch, FastStep, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise,the iQ logo, LightStream, MGX, MICA, the Networkers logo,

Ciprian Popoviciu, CCIE No 4499, is a technical leader at

Cisco Systems with more than eight years of experience

designing, testing, and troubleshooting large IP networks Aspart of the Cisco Network Solution Integration Test Engineering(NSITE) organization, he currently focuses on the architecture,design, and test of large IPv6 network deployments in directcollaboration with service providers worldwide He contributed

to various publications and the IETF Ciprian holds a bachelor ofscience degree from Babes-Bolyai University, a master of

science degree and a doctorate degree in physics from the

University of Miami

Eric Levy-Abegnoli is a technical leader in the IP Technologies

Engineering group at Cisco Systems, where he is the technicallead for IPv6 development in IOS Eric has worked with the

Cisco IPv6 implementation since 2001, and has been involved insome of the biggest IPv6 deployments Before joining Cisco,Eric worked for IBM, where he successively led a developmentteam in the Networking Hardware Division and a research team

participation in the forum In June 2003, he received the "IPv6Forum Internet Pioneer Award" at the San Diego summit

Patrick joined Cisco in 1994 as a consulting engineer Beforejoining Cisco, Patrick worked for Digital Equipment Corporation

as a consulting engineer and was involved with network designand deployment He received a degree in computer technology

from the Control Data Institute, Paris, France.

Pascal Thubert has been with the Technology Center since

joining Cisco Systems in 2000 He leads a group that has beenworking on IPv6 networking mobility for the past five years.Pascal is the author of a number of Internet drafts and IETFworking group documents, in particular RFC 3963 (NEMO) Hewrote the initial implementation of IPv6 network mobility andexperimented with a number of additional features for routeoptimization and MANET Some of these experiments wereconducted with automakers, and his team, together with theRenault Prospect & Research division, won the Jun MURAI

award in 2003 for their IPv6 e-Vehicle project Before Cisco,Pascal was a lead network architect at IBM

Blair Buchanan, CCIE No 1427, is a senior technical architect

and convergence strategist with Sherwood Cameron AssociatesLimited, in Ottawa, Canada He has 30 years experience in thecommunications business He began his career as a softwaredeveloper for real-time data communications in process-controlapplications Blair has participated in ISO standards

development and has taken lead roles in internetwork designfor large enterprise and service provider businesses in Canadaand the United States He is currently involved in planning anddesigning internetworks for converged services over metro

implementation of IPv6, since early 2001 Gunter received hismaster's degree in electronics in 1993 After graduating, hisfirst professional activities were based on TDMs, modems, andL2 bridges He joined Cisco Systems in 1997, initially providingreactive worldwide support as part of the Technical AssistanceCenter, specializing in IP routing protocol technologies In 1999,

he joined the Advanced Services organization as a network

consulting engineer, where he has been active in designing

large backbone ISP networks and services

Since 2001, Gunter has been working as a design architect forthe European Commissionsponsored 6NET IPv6 project, and thisyear has become involved with the IETF, for which he is

authoring a number of drafts in the v6ops working group

Gunter is a member of the IPv6 Task Force, and is a regular

Dan Williston is a technical leader at Cisco Systems in Ottawa.

He was a key member of the software development team

responsible for IPv6 on the Cisco 12000 series router Prior tojoining Cisco, he worked at Nortel Networks as a senior

software designer and team leader on inter-LAN switching onthe Passport 6400 In the early 1990s, he worked at NorliteTechnology, which developed PC-based computer integratedtelephony applications and hardware Dan has 17 years

experience in telecommunications and data networking andholds a bachelor's degree in electrical engineering from McGillUniversity

This book benefited from the efforts of all Cisco engineers whoshare our enthusiasm for the next generation of IP and worktirelessly to implement, test, and deploy it Among them, thereare a few to whom we are particularly grateful: Ole Troan, forhis encouragement and support of this work, along with hiscontribution to Chapters 3 and 7; Pascal Thubert, for his keycontribution to Chapter 8; Sean Convery and Darrin Miller, fortheir guidance and contribution to Chapter 9; and Benoit

Lourdelet, for his contribution to Chapter 11 We also want toacknowledge the support of Gunter Van De Velde, Jean-MarcBarozet, Faycal Hadj, Gilles Clugnac, Floris Granvarlet, Tim

Gleeson, Stan Yates, Luc Revardel, Vincent Ribiere, RichardGayraud, Francois Le Faucheur, Alun Evans, Tom Kiely, KevinMiles, Tin Phan, and Min Li

We want to thank our technical reviewersDan Williston, GunterVan de Velde, and Blair Buchananfor their thorough review andtheir valuable suggestions

Special thanks go to our extraordinary editorial team,

particularly Grant Munroe, Raina Han, and John Kane

This project could not have been completed without the support

of our families and friends

Icons Used in This Book

The conventions used to present command syntax in this bookare the same conventions used in the IOS Command Reference.The Command Reference describes these conventions as

There is no doubt that information technologies have become asignificant part of our lives, shaping in great measure the waypeople work, learn, and play Their rise to prominence was

accelerated over the past decade by computer communications.Networked computing devices have proven to be much morethan their sum This concept led to tremendous productivityincreases and a plethora of new services that expanded its

scope from research communities, to offices, to large

corporations, and to the World Wide Web

Unprecedented engineering innovation rapidly improved

networking technologies in lockstep with the fast adoption ofcomputer communications (which naturally require larger,

faster, and feature-rich infrastructures) On the other hand, thetrend of converging all communications, data, voice, and video

to a single networking protocol revealed a resource constraint

to the further adoption of computer-communication-based

services IPv4's address space cannot meet the needs of anever-increasing demand for globally reachable IP devices Newservices make address preservation a futile pursuit, with

mechanisms such as Network Address Translation becominganachronisms that block further innovation

With the looming exhaustion of the global IPv4 address spaceand with the private address space proving inadequate for

today's networks, service providers, enterprises, IP appliancesmanufacturers, application developers, and governments arenow looking at the evolution of IP: IPv6 The foreseen addressexhaustion has been the trigger and the driver for moving into

a new addressing dimension IPv6, however, is more than just

an extension of the address space Significant reengineeringefforts were applied to solving protocol, deployment, and

operation issues You should expect IPv6 to be a better protocol

The IPv6 protocol and its deployment represent the scope ofthis book

The most important goal of this book is to show that IPv6 is amature technology and it is ready for deployment It goes

beyond discussing the basics of the protocol while remainingaccessible to those unfamiliar with IPv6 With this book in hand,you will not only understand IPv6 but, most important, will

know how to plan, design, and deploy IPv6 services

Countless books document and explain the vast set of protocolsand features known under the name of IPv4 Although its

evolutionary nature allows IPv6 to back reference many of itsprotocols and features, detailing all the changes and

improvements made would require more than this book On theother hand, IPv6 has yet to enter the mainstream and is

outpacing many of the reference books on the market This

creates the risk of making any pure deployment case study

discussion difficult to follow These considerations shaped themethodology employed in this book

The most important changes in the foundation of IP, such asaddressing architecture, packet format, and layer 2-to-layer 3address resolution, are reviewed in detail All the other

protocols and features are discussed in the context of a servicesuch as unicast, multicast, virtual private networks, quality ofservice, and security The goal is to provide the reader with theunderstanding and tools needed to deploy the respective

services This approach gives a practical dimension to the

information presented This knowledge is reinforced in the

second part of the book, where the reader can see it applied toconcrete, complete deployment case studies Deployment

planning, deployment costs, performance, and IPv4IPv6

coexistence topics are also covered to further anchor the

discussion into real-life deployment challenges

All covered topics are complemented with configuration

studies start with a description of the existent IPv4 networkenvironment They go through planning and design

Provide you the opportunity to practice the acquired

knowledge on complete case studies

Offer deployment examples that can be used as a reference

in designing IPv6 services

This book will be of interest to a rather large audience,

potentially all people involved with IP communications in oneway or another Researchers, application developers, and IPappliance manufacturers can learn the protocol and possibleways to harness the IPv6 infrastructures of the future However,this book primarily targets those who design, plan, deploy, andoperate IP networks and services Networking professionals willfind this book taking them from minimal or no IPv6 familiarity

to being able to plan, deploy, and operate IPv6 networks

Although each chapter of this book can be used independently

to learn a certain aspect of IPv6, the book's structure has aclear didactic dimension It intends to build the knowledge layer

by layer, or IP service by IP service, and in closing to offer a set

of exercises in the form of case studies

Part I provides the technology tools needed to approach thedesign and deployment of an IPv6 network The knowledge isgrouped around IP services, each mapped to a chapter It startswith enabling unicast connectivity, the foundation of any

network, and follows with QoS, multicast, VPNs, IP mobility,security, and network management The second part of the

book, ushered in by a discussion of deployment planning,

covers three complete case studies that map to three distinctenvironments: MPLS-based service provider, IP-based serviceprovider, and enterprise

Chapters 1 through 15 cover the following topics:

Chapter 2, "An IPv6 Refresher" This chapter discusses

the fundamentals of IPv6 and some of the areas that saw

enhanced functions of ICMP, and the layer 2 address-resolution mechanisms These are concepts fundamental tounderstanding any IPv6-related topic For this reason, theyare presented in detail here

Chapter 3, "Delivering IPv6 Unicast Services" This

chapter discusses the elements necessary for establishingunicast IPv6 connectivity, the foundation of all other IPv6services It covers the relevant protocols at the access,

edge, and core of the network The mechanisms enablingthe transition from IPv4 to IPv6 are discussed along withrecommendations on what IPv6 deployment approach tofollow in relation to the existent IPv4 infrastructure that willhave to host the deployment

examples that capture the various deployment options

Multicast deployment in conjunction with the various

transition mechanisms is also discussed

Chapter 7, "VPN IPv6 Architecture and Services" This

Chapter 8, "Advanced ServicesIPv6 Mobility" This

chapter covers the concepts of IP mobility and their

implementation in IPv6 It discusses the improvements

made, the remaining open issues, and various examples ofapplying the protocol to novel services

Chapter 9, "Securing IPv6 Networks" This chapter

starts with an analysis of the security threats faced by IPv6,the ones specific to the new protocol, and the ones sharedwith IPv4 The dual perspective is critical because the

coexistence of the two protocols can provide new attackvectors on the IPv6-enabled network The chapter also

presents the tools and best practices available to secureIPv6 networks

Chapter 10, "Managing IPv6 Networks" This chapter

discusses the challenges faced in managing IPv6 networks;some challenges are rooted in the protocol specifics,

whereas others stem from the availability of tools It coversthe applications and management systems that can be

leveraged today to operate IPv6 infrastructures and

services

Chapter 11, "Network Performance Consideration: Coexistence of IPv4 and IPv6" This chapter provides

relevant answers to the natural concern about the impactthat IPv6 services will have on existing, revenue-generatingIPv4 services and infrastructures It provides guidelines onhow to evaluate the IPv6 performance of network elements,and reviews the areas where the coexistence of the twoprotocols could lead to resource contention

deployment of IPv6 in an IP service provider network Theensuing infrastructure is dual stack, end to end The variousservices are built in stages, and configuration examples areprovided for each one of them The chapter closes with

addressing specific business needs The planning,

designing, and deployment of the IPv6 services are

presented The chapter closes with a section on networktroubleshooting and its future evolution.

Chapter 1 The Case for IPv6An Updated Perspective

It is not only accepted but almost expected that an IPv6 bookwill try, often hard, to persuade the reader of IPv6's importanceand benefits Countless pages have been written describingbusiness models that would financially justify the deployment ofIPv6 Sometimes innovative, other times controversial, the job

of selling IPv6 has its role in challenging today's tactical

approach to planning network-related capital expenditures Butdespite all these efforts, it might just be that the accelerateddepletion of the IPv4 address space will remain the trigger for amassive upgrade of existing networks to IPv6

The authors decided to steer clear of selling IPv6, and to avoidproviding business models for IPv6 services Instead, we intend

to present to the reader the IPv6's value through technical

arguments We intend to provide a realistic perspective of IPv6,revealing its positives and negatives This exercise, however,cannot be performed in absolute terms For this reason, "thecase for IPv6" is presented relative to the familiar frame of

reference called IPv4 This approach is not original It is in factthe title of an Internet Architecture Board (IAB) document

(http://www.6bone.net/misc/case-for-ipv6.html) Some thingshave changed since that document was completed, so "an

updated perspective" is seen as useful

A deployment perspective is maintained while discussing thevarious IPv6 topics throughout the book The technology is

presented in the context of each network service layer:

Unicast connectivity

Quality of service

pointers to the chapters of this book where these topics aredetailed This chapter prepares the reader for an IPv6

discussion with the help of this overview of today's IPv4

services

Routing and forwarding provide the mechanisms to move trafficbetween IP hosts Whereas forwarding's dependency on IP

version is relatively straightforward, routing has multiple

dependencies on addressing For this reason, it is important tosee whether any of the IPv4 routing challenges were resolved inIPv6

Addressing

IP addressing is a vast topic that influences most of the protocollayers and most of the services It also represents a critical

resource This section briefly discusses address architecture andaddress allocation For a complete and detailed presentation,the following books are helpful references:

IP Routing Fundamentals by Mark A Sportack

efficiently In IPv4, the address has a fixed size of 32 bits That

would allow in theory up to 232 addresses or somewhere

around four billion It is important to note that at the time of itsspecification, these four billion possible addresses appeared to

be more than adequate for years if not centuries to come Assoon as early 1990s, however, the Internet community had tointroduce a number of changes in the address architecture andthe address-allocation scheme to accommodate growing

address needs IPv6, which is based on 128-bit-long addresses,appears to be safe for centuries to come, but who says thathistory cannot repeat itself?

A considerable waste of IPv4 addresses was generated by twofactors:

The unwise allocation of classful addresses; often entitieswith just a little over 255 hosts asked for a Class B, capable

of accommodating 65,000 hosts

Users were not challenged to justify their address requests.When people started to foresee address exhaustion, only 3percent of the allocated addresses were actually in use!

by an increase in the number of networks and this leads to

scalability problems for the routers In 1994, the core routershad approximately 34,000 routes, doubling every year By

2004, it was expected to reach millions routes Variable-lengthsubnet mask (VLSM), Classless Inter-Domain Routing (CIDR),and a new IP address-allocation strategy was the response tothe routing table explosion

Although the core routing table size was predicted to grow from34,000 to 80,000 between 1994 and 1995, in fact it reached76,000 routes only in 2000 and about 160,000 in mid 2004

growth rates (source BGP table

statisticshttp://bgp.potaroo.net/) can be extrapolated to predictthe time left before the complete exhaustion of all availableIPv4 address space Conservative studies estimate the IPv4address-space exhaustion by February 2041, and the

exhaustion of the IPv4 unallocated address pool by April 2020.More aggressive models predict even earlier dates such as

2009 These predictions are based on the underlying

assumption that the current growth models will remain

applicable for years to come, which is not necessarily accurate

IPv6 might change these assumptions With the combination ofthe Internet as an attractive and accessible communicationsmedium, and the emergence of communicating gadgets anddevices of all kind (even the most unexpected ones such asphones, home appliances, cars, and so on) you must be ready

to see them proliferate and stimulate a growth in Internet

usage that cannot be extrapolated from past patterns

Private Versus Public Addresses

Public addresses are registered, globally unique, and can beused to provide reachability over the Internet By contrast,

private addresses are meaningful only within a closed, physical

or virtual domain In IPv4, private addresses have been alwaysassociated with unregistered addresses, which in return havebeen associated with nonunique addresses

There might be many reasons why an organization would want

to use both public and private addresses Public addresses areused to get connectivity across the Internet, to reach publicresources Private addresses are used to accomplish the

following:

Avoid address registration pains

Decorrelate from public addressing changes (for instance, atpeering points) to save the renumbering hassle

Protect the internal network from the public domain by

preventing private addressing/topology exposure

RFC 1918 identifies two categories of hosts that could deal withprivate addresses:

Hosts that do not require access to hosts in other

enterprises or the Internet

Hosts that need access to a limited set of outside services(e-mail, FTP, and so on) that can be handled by

necessary to interface them with the public domain The

simplest one is NAT, discussed in the section "Network AddressTranslation."

One of the benefits of the private address space is the largenumber of addresses available at the discretion of an

enterprise It was, however, only logical to expect that the

private address space will face depletion similar to the overallIPv4 address space In 2005, multiple-systems operators

(MSOs; or cable operators) reported the fact that they are

running out of private address space This is due to the

proliferation of cable modems, Voice over IP (VoIP) phones, andset-top boxes they have to manage over IP This realization

accelerated their plans to deploy IPv6 if not to provide services

at least to manage their devices

Some of the reasons to use private addresses become obsoletewith IPv6 (there are now plenty of public addresses for

everyone) although others will remain VPN solutions exist forIPv6, too, and that could be sufficient to safeguard the privacy

of addressing used within a network The plethora of IPv6

addresses had suggested some different paradigms for privateaddressing, in particular the concept of unique yet private

address These concepts are presented in Chapter 2, "An IPv6Refresher." The concepts and issues that arose when crossingthe boundary between private and public domains are

presented in Chapter 7, "VPN IPv6 Architecture and Services."

Static Versus Dynamic Addresses

Addresses can be assigned to IP nodes either statically or

dynamically The static addresses are allocated "indefinitely" oruntil explicitly removed Dynamic Host Configuration Protocol(DHCP) allows a computer to have a different IP address each

Users with long-life connections such as Digital SubscriberLine (DSL), Integrated Services Digital Network (ISDN), orcable will tend to keep their address for a longer period oftime

There are now advantages and disadvantages with the trend touse more stable source addresses than there were in the past.From a network operation perspective, one could find usefulthat the same user stays behind the same IP address; it is

easier to manage, bill, filter, authenticate, and so on However,this operational model eliminates address reuse, which

conserves the IPv4 address space For this reason, broadbandservices are a significant catalyst in the acceleration of IPv4address consumption When the address-shortage concerns areeliminated with the adoption of IPv6, there could be a tendency

to allocate static addresses, or allocate dynamically the sameaddress to the same user all the time The advantages of

having the IP address uniquely and permanently identify thedevice are counterbalanced by possible privacy issues The

surfing, gaming, and so on) can be used to correlate seeminglyunrelated activities Note that with IPv6, which offers the

possibility of using addresses that embed topological

information such as link identifier, the concern will grow Themechanisms to allocate IPv6 addresses dynamically are

reviewed in Chapter 3, "Delivering IPv6 Unicast Services."

Renumbering

Want to know a network administrator's worst nightmare? It isrenumbering Renumbering is the process of replacing existingnetwork prefixes and host addresses considered as deprecatedthroughout the network with new ones

There can be a large variety of reasons for renumbering:

The topology outside the network has changed (for

instance, because the ISP providing Internet access haschanged)

The network is expanding, hence the internal topology ischanging; more subnets need to interconnect; a

reorganization of the existing ones; more hosts to address;and so on Renumbering, although not always required inthese cases, could potentially improve aggregation and issometimes highly recommended

The network is merging with another one (for instance, inthe case of two companies merging)

The network was private and disconnected from the publicnetwork, and now wants to provide public access to its

hosts and servers