WIXLIB

IPv6 @ CiscoPhilip SmithAfriNIC 7, Durban26th September 2007AfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.1

Cisco IPv6 TimelineScaling the Internet for our Next Generations6NET, 6DISS, u-2010 projectsIPv6 ForumCisco as afoundingmemberCisco IOS IPv6Phase 1 on12.2(2)T &C12K 12.0SIETF IPngWGCisco IOSE-JapanIPv6initiative6Bone prototypecreation on CCO forCisco IPv6customers Statement ofDirection’94-96’98-9920002001US FederalInfrastructureBuild outUS DoC RFIIPv6 HW FWon CRS-1 &C6500/C7600sup720US DoDmemoC12K IPv6 HWFW on E320032004US OMBmemoC12K E5,SANos 3.0,PIX 7.0, C3K20056BonephasedoutC10KGGSN 7.02006MicrosoftWindows Vista &LonghornDOCSIS 3.06VPE Solution,C4K HW,AdvancedTechnologiesIPv62007-09Cisco Leadership: IETF IPv6, NGtrans, DHCP, MIPv6, v6Ops co-chairsAfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.2

Cisco IOS IPv6 Status General ProductionRelease 12.3 (May 2003)Release 12.4Release 12.5 (end of 2007) Technology DevelopmentEarly alpha & beta software (from 1996)Release 12.2T (May 2001) – first TAC supported IOSRelease 12.3T & 12.4TRelease 12.5T (early 2008)AfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.3

Cisco IOS IPv6 Status (cont) CoreRelease 12.0S for GSR & 10720 (Feb 2002)Hardware forwarding on GSR Engine3/4/5/ IOS-XR for CRS-1 and GSR (May 2004) Edge & EnterpriseRelease 12.2SB for 7200/7304/10000Release 12.2SR for 7200 & 7600 L3 switchesRelease 12.2SX for 6500Release 12.2SG for 4500Release 12.2SE for 3750/3560AfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.4

Industry’s Broadest Platform SupportCisco IOS 12.0SCisco 12000 Series RoutersCisco 10720 SeriesCisco IOS 12.4/12.4TCisco IOS-XRCisco 800 Series RoutersCRS-1, Cisco 12000Cisco 1700 Series RoutersCisco 1800 Series RoutersCisco 2600 Series RoutersCisco 2800 Series RoutersCisco IOS 12.2S familyCisco 72/7300 Series RoutersCisco 75/7600 Series RoutersCisco Product PortfolioCisco 3700 Series RoutersCisco 10000 Series RoutersCisco 3800 Series RoutersCatalyst 3750/3560/2960 SeriesCisco 7200 Series RoutersCatalyst 4500 SeriesPIX Firewall (7.x), FWSM 3.1, LMS2.5, MDS9500 series, CNR 6.2,NFC 5.x, NAM 3.x, GGSN 7.0Cisco 7301 Series RoutersCatalyst 6500 SeriesCisco 3600 Series RoutersCisco 7500 Series Routers (EoL)AfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.Coming SoonHome Networking, IP Telephony5

Cisco IOS – IPv6 Feature OverviewCoreSecurity IPv6 std, extended, reflexive&enhanced extended ACLIPv6 IPsec – OSPFv3authentication, site-to-sitetunnelIPv6 FirewallIntegration Configured & AutomaticTunnels (RFC 2893) 6to4 (RFC 3056 & 3068) IPv6 over GRE/IPv4 (Pr. SW) IPv6 over MPLS (6PE) ISATAP NAT-PT (RFC 2765 & 2766) RIPngOSPFv3IS-IS & MT IS-IS for IPv6EIGRP for IPv6MP-BGP IPv6 UnicastMP-BGP IPv6 MulticastPolicy Based RoutingAfriNIC 7 2007 Cisco Systems, Inc. All rights reserved. Cisco VSA AAARadius AAA (RFC 3162) PPPoA,PPPoA, PPPoE,PPPoE, RBE andATM 1483 encapsulationsDHCPv6 Prefix Delegation(RFC3633), DHCPv6 RelayStateless DHCP (RFC 3646)Generic Prefix MulticastCisco IOSSoftwareRelease 12.4(11)T IP over IPv6 TunnelsRoutingIPv6 (RFC 2460)ICMPv6 (RFC 2463)Neighbor Discovery (RFC 2461)Stateless Auto-ConfigurationAnycastCEFv6/dCEFv6uRPF Strict ModeCEFv6 Switched TunnelsHSRP & GLBP for IPv6Default Router SelectionBroadband AccessApplications & Mgnt Telnet, TFTP, DNS resolver,resolver, HTTP,Ping, Traceroute,,SSHTracerouteCisco IP & IP-Forwarding MIBsNetflow for IPv6SNMP over IPv6Syslog over IPv6 MLDv1, v2, Access GroupPIMv2 SM, SSM, Bi-DirPIM Embedded RPIPv6 MC over IPv4 tunnels Scope BoundariesStatic mRoutesBSRIPv6 QoS (MQC)Mobile IPv6 MIPv6 Home Agent Lite Authentication6

Cisco IPv6 compliance Conformance tests Interoperability testsIPv6 Ready Logo – www.ipv6ready.orgUS DoD JITC conformance –http://jitc.fhu.disa.mil/adv ip/register/register.htmlCable Labs DOCSIS 3.0 conformanceMicrosoft Vista/Longhorn interoperability – Vista logo Cisco IOS Release certificationCisco IOS 12.4(11)T achieved JITC certificationCisco IOS 12.3, 12.3T, 12.2SX and 12.0S are compliant withthe IPv6 Ready Logo Phase ICisco IOS 12.4(9)T is compliant with IPv6 Ready Logo Phase IIcore specsAfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.7

Cisco IOS IPv6 MobilityHASatellitePublic & private WLANGPRS, Edge, 3G, EVDOInternet Mobile IPv6 Home Agent (RFC 3775)Cisco IOS 12.3 (14)T, 12.4/12.4T Lite Authentication (RFC 4285)Cisco IOS 12.4(11)T IPsec for MIPv6 (RFC 3776) – FutureTested with BSD, Linux andWindows XP Tech Preview MIPv6client Networks in Motion (NEMO) (RFC 3693) – FutureAfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.8

Cisco IPv6 Security IPv6 IPSec TunnelsIOS 12.4(4)T IPv6 HW Encryption7200 VAM2 SPAISR AIM VPNClient-based IPsec VPNClient-based SSLInternet Cisco VPN Client 4.x IOS 12.4(9)T – RFC4552 – OSPFv3AuthenticationIPv4 IPSec Termination (PIX/ASA/IOS VPN/Concentrator)IPv6 Tunnel Termination (IOS ISATAP orConfigured Tunnels) AnyConnect Client 2.xSSL/TLS or DTLS (datagram TLS TLS overUDPTunnel transports both IPv4 and IPv6 and thepackets exit the tunnel at the hub ASA asnative IPv4 and IPv6.AfriNIC 7 2007 Cisco Systems, Inc. All rights reserved. All IOS – packetfiltering e-ACL IPv6 FirewallIOS Firewall 12.3T, 12.4, 12.4TFWSM 3.xPIX 7.x, including ASA 5500 series9

Other Devices Wireless Access PointsIn a dual stack environment, IPv6 and Multicast traffic isforwarded transparentlyControllers: 4402-12, 4402-25, 4402-50, 4404, WiSM, 3750G,NM-WLCAccess Points: AP1130, AP1240, AP1000, AP1500, AP1300(No IPv6 control plane yet) Multilayer Storage – MDS9000SAN-OS 3.0 adds IPv6 supportAfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.10

CiscoWorks LMS 2.5 – IPv6 SupportAfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.11

Cisco Network Analysis Modules (NAM) Service Modules for C6K, C7600and ISR Release 3.x include IPv6 NetworkManagement capabilities IPv6 monitoring and decodes withNAM Can set up alarms with IPv6addresses Can configure an “easy” IPv6capture filter and IPv6-historicalreportsAfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.12

IPv6 Deployment Scenario for ISPScenarioCisco IOSsupportTunnelsYesDual StackYesDedicated circuits – IPv4 – IPv6Dual StackYesNative IP – Core is IPv6 awareDual StackYesMPLS – Core is IPv6 unaware6PE/6VPEYesEnvironmentAccessCoreFew customers, no native IPv6service form the PoP or Datalink is not (yet) native IPv6capable, ie: Cable Docsis (*)Native IPv4-IPv6 servicesbetween aggregation and endusers(*) Before DOCSIS 3.0AfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.13

Dual Stack IPv4-IPv6 Infrastructure Early trials were initially deployed using IPv6 over IPv4 tunnels Today, “Dual Stack network” is the normal evolution to deliver IPv6services for native IP infrastructures Dual Stack may not necessarily apply to the entire infrastructure.One may begin on network’s portion such as Access or CoreAn alternative is to associate dedicated L2 circuits to each IP protocol,eg. Over ATM or FR PVC, DWDM Lambdas, Network design requirementsSelection of a routing protocol, ie: OSPFv3 or IS-ISDecision on topology alignment or not, eg. Configuring MT IS-ISInstrumentation and ManagementServices, ie: Multicast, QoS, AfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.14

Dual Stack IPv4-IPv6 Case StudyEnterpriseDual-Stack orDedicated L2 circuits6to4 RelayCourtesy ServiceAggregationDSL,DSL, CableFTTHDual-Stack CoreIPv6 Broadband Users IPv6 IX Peering IPv6 Transit services802.11 Hot-Spot IPv6 enables on Core Routers IPv6 services to Enterprise customersPeeringISP’s IPv6 services to Home Users Additional ServicesAfriNIC 76to4 relay courtesy serviceIPv6 Multicastfor streaming (Triple Play)2007 Cisco Systems, Inc. All rights reserved.IPv6 IX15

IPv6 over MPLS Infrastructure Service Providers have already deployed MPLS in their IPv4backbone for various reasonsMPLS/VPN, MPLS/QoS, MPLS/TE, ATM IP switching Several IPv6 over MPLS scenariosIPv6 Tunnels configured on CE (no impact on MPLS)IPv6 over Circuit over MPLS (no impact on IPv6)IPv6 Provider Edge Router (6PE) over MPLS & IPv6 VPN over MPLS(6VPE) with no impact on MPLS coreNative IPv6 MPLS (require full network upgrade) Upgrading software to IPv6 Provider Edge Router (6PE)Low cost and risk as only the required Edge routers are upgraded orinstalledAllows IPv6 Prefix delegation by ISPAfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.16

Minimum Infrastructure Upgrade for 6PEDSLPOP6PE routerv66PE routerMP-iBGP sessionCEv4/v6POPv4MPLS Coreup to OC-768Data Center IPv6 NetworkFTTHGEOnly IPv6segmentNAT-PTGEIPv4 ServerGEMPLS/IPv4 6PE – RFC 4798 – defined by Cisco and available in IOSGECisco 7600Sup.720 as 6PEIPv6 Server MPLS/IPv4 Core Infrastructure is IPv6-unaware PEs are updated to support Dual Stack/6PE IPv6 reachability exchanged among 6PEs via iBGP (MP-BGP) IPv6 packets transported from 6PE to 6PE inside MPLSAfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.17

More Information Cisco’s IPv6 Portal:www.cisco.com/go/ipv6 Detailed IPv6 product ts white paper09186a00802219bc.shtml IPv6 Start Here documents the IPv6 feature set for Cisco l/ps5187/products configuration guide chapter09186a00801d65ed.html Use IOS Feature Navigator to select correct image for purposewww.cisco.com/go/fnAfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.18

Q and AAfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.19

AfriNIC 7 2007 Cisco Systems, Inc. All rights reserved.20

Cisco IPv6 Statement of Direction 2001 Cisco IOS IPv6 Phase 1 on 12.2(2)T & C12K 12.0S US Do memo C12K IPv6 HW FW on E3 2003 US DoC RFI IPv6 HW FW on CRS-1 & C6500/C7600 sup720 2004 US OMB memo C12K E5, SANos 3.0, PIX 7.0, C3K 2005 Cisco Leadership: IETF IPv6, NGtrans, DHCP, MIPv6, v6Ops co-chairs 6NET, 6DISS, u-2010 projects Cisco IPv6 Timeline