部署IPv6.pdf

1、#CiscoLive#CiscoLiveNicole Wajer Technical Solutions ArchitectVlinder_NLBRKENT-2109Subtitle goes hereLets Deploy IPv6 NOW!2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat with the speaker af

2、ter the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.Al

3、l rights reserved.Cisco PublicBRKENT-21093 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENT-21094 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENT-21095 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNicole

4、Nicole Wajer Technical Solutions Architectvlinder_nlBRKENT-21096Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicWhat should you know?Use Case 1 Working from Home and IPv6Use Case 2 IPv6 in your EnterpriseUse Case 3 IPv6 Only?BRKENT-21097 2023 Cisco and/or its affiliates.All r

5、ights reserved.Cisco Public#CiscoLiveIPv6 interface ID Assignment IPv6 wayState Less Address Auto ConfigurationSLAAC EUI64SLAACTemporary Addresses formally known Privacy Extensions*Secure Neighbor Discovery SeNDBRKENT-21098 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveI

6、Pv6 Addressing9BRKENT-2109IPv6 Address FamilyIPv6 Address FamilyMulticastAssignedSolicited Node MulticastUnicastLink LocalGlobalUnique LocalAnycast 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIPv6 Addresses FormatFull IPv6 address(128 bits represented by 32 Hex charact

7、ers)Generally,50%for network ID,50%for interface ID,current best practiceMeaning a Subnet Prefix is generally a/64Leading 0s can be omittedThe double colon(:)can appear only once2001:0db8:4646:0001:0000:0000:0000:1e2a0000:0000:0000:1e2a2001:db8:4646:1:0:0:0:1e2a0:0:0:1e2a2001:db8:4646:1:1e2a:1e2aGlo

8、bal Prefix(48)Subnet(16)Interface Id(64)BRKENT-210910 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTypes of Unicast IPv6 Addresses11BRKENT-2109First 6464 bits are fixedInterface Identifier can be modifiedEncoding external identifiers for troubleshootingVLAN number Route

9、r IDs IPv4 address Possible to leverage for IGP routingLinkLink-Local addressLocal address 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTypes of Unicast IPv6 Addresses12BRKENT-2109Unique Local AddressUnique Local AddressLinkLink-Local addressLocal addressNot recommended

10、 for end-point addressing(RFC6724)Unless in a closed systemIn Dual-Stack environment the Legacy protocol takes precedenceNeeds Translation(NPTv6 or NAT66)on Internet Edge 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTypes of Unicast IPv6 Addresses13BRKENT-2109Global Add

11、ressGlobal AddressUnique Local AddressUnique Local AddressLinkLink-Local addressLocal addressVast number of prefixesManage just one address space 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive14BRKENT-2109Global AddressGlobal AddressRoutable across the Internet(2000:/320

12、00:/3)Documentation Prefix 2001:0db8:/322001:0db8:/322000:*:*:*2000:*:*:*:xxxx:xxxx:xxxx:xxxx3fff:*:*:*3fff:*:*:*:xxxx:xxxx:xxxx:xxxxUnique Local AddressUnique Local AddressRoutable within administrative domain(fcfc00:/7)fc00:*fc00:*:xxxx:xxxx:xxxx:xxxxfd00:*fd00:*:xxxx:xxxx:xxxx:xxxxLinkLink-Local

13、addressLocal addressNon routable exists on single layer 2 domain(fe80:/10)fe80:0000:0000:0000fe80:0000:0000:0000:xxxx:xxxx:xxxx:xxxx 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNeighbor Discovery Protocol (NDP)OverviewOverview15BRKENT-2109IPv6 NDPNUDDADRANANSRSIPv4IPv4

14、IPv6IPv6ARP RequestNeighbor SolicitationARP ReplyNeighbor AdvertisementBroadcastSolicited Node Multicast 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNeighbor Discovery Protocol (NDP)ConfigurationConfiguration16BRKENT-2109I should use Link Local Link Local(fe80:/64)(fe8

15、0:/64)as NDPs source!And I need to set the hop limithop limit to 255255IPv6 NDPNUDDADRANANSRS 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNeighbor Discovery Protocol (NDP)Neighbor discovery messagesNeighbor discovery messages17BRKENT-2109IPv6 NDPNUDDADRANANSRSRouter so

16、licitation Router solicitation (ICMPv6 type 133)(ICMPv6 type 133)Router advertisement Router advertisement(ICMPv6 type 134)(ICMPv6 type 134)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNeighbor Discovery Protocol (NDP)Neighbor discovery messagesNeighbor discovery messag

17、es18BRKENT-2109IPv6 NDPNUDDADRANANSRSNeighbor Neighbor solicitation(ICMPv6 solicitation(ICMPv6 type 135)type 135)Neighbor advertisement Neighbor advertisement(ICMPv6 type 136)(ICMPv6 type 136)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNeighbor Discovery Protocol (NDP)

18、Error detectionError detection19BRKENT-2109IPv6 NDPNUDDADRANANSRSNeighbor Neighbor Unreachability Unreachability DetectionDetectionDuplicate Address Duplicate Address DetectionDetection 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRFC6724:Default Address Selection for I

19、Pv6BRKENT-210920For YourReferenceHow does it start?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENT-210922 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMy RouterBRKENT-210923 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pub

20、lic#CiscoLiveHow it all startedBRKENT-210924 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMy House Dual Stack with/48BRKENT-210925 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSetupDual Stack-Internet from Xs4all(also now known as KPN)Lapto

21、p work in my case Windows LenovoNo VPN needed to do my work(except for some special tools)Layer 2 home network with Vlans.BRKENT-210926 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat if you dont have IPv6?BRKENT-210927 2023 Cisco and/or its affiliates.All rights rese

22、rved.Cisco Public#CiscoLivePath MTU Discovery28BRKENT-2109SourceSourceDestinationDestinationLinkLinkMTU 1500MTU 1500MTU MTU 15001500MTU MTU 14001400Packet,MTU=1500ICMPv6 Packet Too Big(2),Use MTU=1400Packet|EH type 44|Packet|EH type 44|Payload=1352Packet|EH type 44|Packet|EH type 44|Payload=108R1R1R

23、2R2R3R3 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTraffic my home during a workday in 2022IPv6Legacy Protocol53.4%53.4%46.6%46.6%BRKENT-210929 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDualstack:Always remember both protocolsType“”and

24、 press EnterGET/HTTP/1.1Host:A?“”connect 192.0.43.10AAAA?“”connect 2001:db8:88:200:10BRKENT-210930 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRetrieve and displayThe problem:RFC3484,if IPv6 connection failsUser:“”getaddrinfo(“”)Attempt IPv6 connectAttempt IPv4 connect

25、Connection failureTimeBRKENT-210931 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRFC8305 in a nutshell(RFC6555 Obsolete)Attempt IPv6 lookup and connectAttempt IPv4 lookup and connectUser:“”50msRetrieve and displayTimeBRKENT-210932Source:adynue 2023 Cisco and/or its affi

26、liates.All rights reserved.Cisco Public#CiscoLiveRFC8305:Happy EyeballsHappy Eyeballs:Success with Dual-Stack HostsInternet Engineering Task Force(IETF)D.WingRequest for Comments:6555 A.YourtchenkoCategory:Standards Track CiscoISSN:2070-1721 April 2012Happy Eyeballs:Success with Dual-Stack HostsAbst

27、ractWhen a servers IPv4 path and protocol are working,but the serversIPv6 path and protocol are not working,a dual-stack clientapplication experiences significant connection delay compared to anIPv4-only client.This is undesirable because it causes the dual-stack client to have a worse user experien

28、ce.This documentspecifies requirements for algorithms that reduce this user-visible delay and provides an algorithm.BRKENT-210933For YourReference 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLessons learned working from HomeEvery OS nowadays has IPv6 standard enabled99

29、%It just works without knowingPath MTU discovery issues is a.ICMPv6 should not be filtered but still is34 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENT-2109IPv6 in the Enterprise 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIT department is Lik

30、e VegasBRKENT-210936 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTraffic Cisco Live Vegas 2022BRKENT-210937 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTraffic Cisco Live Vegas 2023BRKENT-21093851%51%2023 Cisco and/or its affiliates.All r

31、ights reserved.Cisco Public#CiscoLiveIPv6 in the EnterpriseMost companies will go nownow Dual Stack(the time is now!)ICMPv6 is your friend!Dont try to force 1:1 feature comparison with the Legacy ProtocolIPv6 address plan is so much easier than the 1990s.Leave the legacy protocol behind Let it GoLet

32、 it GoBRKENT-210939 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIPv6 in the EnterpriseMost companies will go nownow Dual Stack(the time is now!)ICMPv6 is your friend!Dont try to force 1:1 feature comparison with the Legacy ProtocolIPv6 address plan is so much easier th

33、an the 1990s.Leave the legacy protocol behind Let it GoLet it GoBRKENT-210940 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENT-210941 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisc

34、o Public#CiscoLiveTo SLAAC or not to SLAAC?Pros of using SLAACNo need to do stateful DHCPWide device support(Android!)“IPv6 way”Cons of using SLAACSome stacks(iOS)are very aggressive with temp.addressesMore volatility in the binding table/NDAddress tracing is harderQuestion:Would you run both SLAAC

35、and DHCPv6 and why?BRKENT-210942 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNicole I havent started where should I start?Frontend webservicesDNSEmail gatewayBRKENT-210943 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNIST guidelines for se

36、cure IPv6 deployment;RFC4890http:/csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdfhttp:/www.ietf.org/rfc/rfc4890.txtSee BRKSEC-3200 in On Demand LibraryFor YourReferenceBRKENT-210944“Dual Stack where you can Tunnel where you must”45 2023 Cisco and/or its affiliates.All rights reserved.Cisco

37、 PublicBRKENT-2109“IPv6IPv6-OnlyOnlywhere you can,Dual Stack where you must”46 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENT-2109 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLessons learned IPv6 in the EnterpriseEvery OS nowadays has IPv6 stan

38、dard enabledTest your applicationsNAT is not securityAn IPv6 Firewall is so much betterDual Stack is NOT your end goal47 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENT-2109IPv6-only?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIs it possible?BRK

39、ENT-210949 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat do I need to be concerned about?DNS IssuesNAT IssuesWhat is host accessing?How is service offered?Application/Service issuesApplication/Service issuesCan it support IPv6 only?Assessment process is criticalIP L

40、iterals?IPv6IPv6-Only Only ServersServersIPv6IPv6-Only Only HostsHostsBRKENT-210950 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat do you need?DNS64NAT64RDNSSDHCPv6 and/or SLAACBRKENT-210951 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveI

41、Pv6-onlyIts not so lonelyIPv4-stacked turned off on OS and nothing else done breaks 50%.Test your applications there might be hidden legacy protocol code left52 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENT-2109Quiz time!53 2023 Cisco and/or its affiliates.All rights reserv

42、ed.Cisco PublicBRKENT-2109 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENT-210954 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENT-210955 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveShameless self promo

43、tion of my own Quotes-Nicole WajerIPv6 is Internet broccoli.Good for us in the long run but no immediate sugar rush from deploying it nowBRKENT-210956 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKENT-210957Resources 2023 Cisco and/or its affiliates.All rights reserve

44、d.Cisco Public#CiscoLiveAll IPv6-Related Content in CLUS23BRKENT-2109 Lets Deploy IPv6 NOW5 Jun 202308:30 AM Level 2,Oceanside EBRKSEC-2044 Secure Operations for an IPv6 Network5 Jun 202309:30 AM Level 2,Surf CDIBOIPV-1000What should we do about the IPv6-only mandate by Governments?5 Jun 202311:00 A

45、M Level 2,Lagoon BBRKMER-1752 Experience the Journey to IPv6-Only With Cisco Meraki5 Jun 202311:00 AM Level 3,South Seas JBRKIPV-2191IPv6:Its Happening!5 Jun 202301:00 PMLower Level,Mariners ABLTRENT-2052 IPv6 Routing,SD-WAN and Services Lab5 Jun 202301:00 PMLuxor-Level 1,Egyptian Ballroom BCBRKENT-

46、2122 IPv6-Powering the World of IoT5 Jun 202303:00 PMLevel 3,Palm CIBOENT-2811Everything you wanted to know about IPv6 but were afraid to ask!5 Jun 202304:00 PMLevel 2,Lagoon DBRKIPV-2000Verifying your Systems Transition to IPv66 Jun 202310:30 AM Level 2,Oceanside FBRKIPV-2751IPv6 with Cisco IOS Rou

47、ting and Meraki Access-A Practical Guide6 Jun 202301:00 PMLevel 2,Breakers FLBRKENT-2008 Goodbye Legacy,the move to an IPv6-Only Enterprise6 Jun 202302:30 PMLevel 2,Mandalay Bay KBRKIPV-1616IPv6-What Do you Mean there isnt a Broadcast?6 Jun 202303:00 PMLevel 2,Breakers EKBRKENT-3340 HitchHikers Guid

48、e to Troubleshooting IPv66 Jun 202303:00 PMLevel 2,Mandalay Bay FBRKENT-3002 IPv6 Security in the Local Area with First Hop Security6 Jun 202303:00 PMLevel 2,Reef DEBRKIPV-3927Deploying IPv6 in the Cloud7 Jun 202310:30 AM Level 2,Reef DEBRKDCN-2682Routing IPv6 In VXLAN BGP EVPN Fabrics7 Jun 202302:3

49、0 PMLevel 3,South Seas CIBOIPV-2000Sharing Experience on IPv6 Deployments in Enterprise7 Jun 202304:00 PMLevel 2,Lagoon BIBOIPV-2002Discussing IPv6 in a Cloud-managed World with the Cisco Meraki Platform8 Jun 202311:00 AM Level 2,Lagoon BIBOENT-2811Everything you wanted to know about IPv6 but were a

50、fraid to ask!8 Jun 202301:00 PMLevel 2,Lagoon D59BRKENT-2109 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies

51、 last)!These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.BRKENT-210960Your feedback is important to us 2023 Cisco and/or its affiliates.All rights reserved

52、.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL 2023 Cisco and/or its affiliates.All ri

53、ghts reserved.Cisco Public#CiscoLiveGamify your Cisco Live experience!Get points for attending this session!Get points for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and sc

54、an the QR code:How:123462 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKENT-210962 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnterprise IPv6 GuidanceRFC 7381 enterprise IPv6 guidelinesWhite paper CCisco Presslive LessonCode:MARTIN60Offer:60%offI

55、SBN:9780134655512BRKENT-210963 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveResources-BooksAdditional Books:Cisco Press-https:/ Press-https:/ Media https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMore Bookshttps:/amzn.eu/d/1GhV2Gnhttps

56、:/amzn.eu/d/i5PVjAsBRKENT-210965 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTraining OptionsHexaBuildHexaBuildhttps:/hexabuild.arlo.co/w/A Cloud Guru/Linux AcademyA Cloud Guru/Linux Academyhttps:/acloud.guru/learn/aws-ipv6PluralsightPluralsighthttps:/ OReilly LiveLess

57、onsLiveLessonshttps:/ Graziani Rick Graziani YouTube PlaylistYouTube Playlisthttps:/ Live!(OnCisco Live!(On-Demand)Demand)IPv6 Deployment Jim Bailey BRKRST-2619https:/ The Protocol Tim Martin BRKIP6-2191https:/ IPv6 Deployment Nicole Wager BRKIP6-2301https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIPv6 troubleshooting for Helpdeskshttp:/ https:/ you#CiscoLive#CiscoLive