Real, Relevant, Surprising and Fresh: Cisco Brand (Animated)

Real, Relevant, Surprising and Fresh: Cisco Brand (Animated)

Cisco Expo
2011
NAT64 stateless demo
T-SP
Josef Baloun (Cisco)
Michal Gust (ICZ)
Cisco Expo
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
1
IPv6 Expo
• Zájemci si mohou vyzkoušet dual-stack přístup na Internet
• Připojte se k SSID CiscoExpov6 (otevřený přístup)
Běžné OS dostanou IPv6 adresu automaticky pomocí SLAAC a zjistí IPv6 adresy
webů přes běžné DNS (Win7, Vista, MacOS, Linux, novější verze iPhone iOS,
Android, Symbian)
• Jak zjistím, že mi IPv6 funguje?
www.whatismyipv6.net - jaká je moje IPv6 adresa?
www.kame.net - vidíte tančící želvičku? Bez DNS: http://[2001:200:dff:fff1:216:3eff:feb1:44d7]
ShowIP add-on pro Firefox – ukáže IPv6 adresu serveru z DNS (AAAA záznam)
Terminál: ping6 ipv6.google.com, ping6 2a00:1450:8002::6a
• Co dělat na IPv6 Internetu?
www.v6.facebook.com - napište si status update po IPv6
ipv6.google.com - něco si najděte po IPv6
Zkoukněte co se děje – ipv6.novinky.cz, ipv6.lupa.cz, root.cz, ipv6.cnn.com,...
Další IPv6 tipy – mapy.cz, justice.cz, ietf.org, nic.cz, he.net, ipv6day.org
Cisco
ExpoExpo
Cisco
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
www.ipv6.cisco.com
Cisco Public
2
• Teoretický úvod
• Implementace na platformách
• Praktická ukázka
Cisco
ExpoExpo
Cisco
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Cisco Public
3
IPv4
Exhaust
Dual
Stack
Manual
Tunnel
RFC2473
Tunnel
Legend
Cisco
ExpoExpo
Cisco
Tunnel
6over4
GRE
Tunnel
6RD
ISATAP
Tunnel
6to4
Tunnel
DS-Lite
L2TP
4to6
Tunnel
NAT
NAT64
NAT44
NAT444
6PE/6VPE
 These are common solutions used by SP to resolve IPv4 Exhaustion and IPv6 Transition problems,
which is the focus of this presentation
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Cisco Public
4
IPv4 Internet
IPv6 Internet
• Enables communication between IPv4 & IPv6 hosts
Performs packet translation between address families
• Algorithmic mapping of addresses (no state maintained)
ISP
Dual Stack Core
• NAT64 translates IP & L4 header
• A specific range of IPv6 addresses represents the v4 space
NAT64
This range is called the Network Specific Prefix (NSP)
• DNS64 is part of a real world solution
Today’s demo uses hard coded addresses
IPv6 Access
Network
PE
CPE
Subscriber Network
Method3: NAT64
Cisco
ExpoExpo
Cisco
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Cisco Public
5
Cisco
ExpoExpo
Cisco
Stateless
Stateful
State creation
Flow does NOT create
any state in the
translator, algorithmic
operation performed on
packet headers
Each flow creates state
in the translator. amount
of state based on O(# of
translations)
Supported protocols
Any protocol
TCP, UDP, ICMP
Address Savings
1:1 mappings, no IPv4
address savings
N:1 mappings (like NAPT
with NAT44), save IPv4
addresses
Address Space
IPv6 systems must have
“IPv4-translatable
addresses” (RFC6052)
IPv6 systems may use
any IPv6 addresses
Standards
draft-ietf-behave-v6v4xlate
draft-ietf-behave-v6v4xlate-stateful
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Cisco Public
6
stateful
1.
IPv6
Network
IPv4
Internet
2.
IPv4
Internet
IPv6
Network
3.
IPv6
Internet
IPv4
Network
4.
IPv4
Network
5.
IPv6
Network
6.
Cisco
ExpoExpo
Cisco
IPv4
Network
stateless
IPv6
Internet
Not viable because too
few IPv4 addresses
IPv4
Network
IPv6
Network
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Cisco Public
7
The prefix lengths of 32, 40, 48, 56, 64, or 96 are
supported for Stateless NAT64 translation.
The Well Known Prefix (WKP) is not supported.
Cisco
ExpoExpo
Cisco
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Cisco Public
8
Example without ubits-reserved (more on ubits later)
• No state maintained
Algorithmic address translation between IPv4 and IPv6
Network Specific Prefix
192.168.0.1
IPv4 Decimal
C0,A8,00,01
Mapped Address
Suffix
2001:0DB8:00C0:A800:0100:0000::
IPv4 Hex
IPv6
 Highly Scalable
 Supports both IPv4 initiated and IPv6 initiated sessions
 IPv6 nodes need translatable addresses, IPv4 cannot reach all IPv6
 Difference in address space size
 1 to 1 mapping between v4 address and v6 address
 Does not conserve IPv4 address space
 Translates IP, TCP, UDP, & ICMP - L4 ports are copied
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
9
Using NSP with /40 mask
 Without ubits-reserved
Network Specific Prefix
192.168.0.1
IPv4 Decimal
C0,A8,00,01
Mapped Address
Suffix
2001:DB88:00C0:A800:0100::
IPv4 Hex
IPv6
• With ubits-reserved
Network Specific Prefix
192.168.0.1
IPv4 Decimal
Cisco
ExpoExpo
Cisco
C0,A8,00,01
Mapped Address
Suffix
2001:DB88:00C0:A800:0001:0:0:0
IPv4 Hex
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
64-71 set to 0
IPv6
Cisco Public
10
• Teoretický úvod
• Implementace na platformách
• Praktická ukázka
Cisco
ExpoExpo
Cisco
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Cisco Public
11
• ASR1000:
NAT64 stateless supported from IOS-XE 3.2S.
NAT64 stateful is planned from IOS-XE 3.4S (July 2011).
• CRS-1:
Supports stateless NAT64 in IOS-XR 3.9.3.
Stateful NAT64 is planned from IOS-XR 4.1.2 (end of 2011)
• ASR9k
NAT64 stateless planned for IOS-XR 4.3.0 (2nd half 2012), not committed yet.
Cisco
ExpoExpo
Cisco
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Cisco Public
12
• Teoretický úvod
• Implementace na platformách
• Praktická ukázka
Cisco
ExpoExpo
Cisco
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Cisco Public
13
Fa 0/0
2001:22::b01:1/112
Windows 7
Enterprise
Gi 0/0/2.2
10.1.3.2/30
Cisco 2811
ASR1002
Cisco 2821
CPE_1
15.1(2)T1
NAT64
15.1.2S
CPE_2
15.1(2)T1
WWW Server
OpenSUSE 11
Eth0
2001:22::B01:204
Cisco
ExpoExpo
Cisco
Fa 0/1.2
2001:23::2/96
Gi 0/0/0.2
2001:23::1/96
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Gi 0/0.2
10.1.3.1/30
Gi 0/1
10.1.2.2/30
Eth0
10.1.2.1/30
Cisco Public
14
• ASR1000 Configuration guide:
http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_sta
teless_nat64_xe.html
Cisco
ExpoExpo
Cisco
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Cisco Public
16
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
17
T-SP
Prosíme, ohodnoťte
tuto přednášku.
Cisco
ExpoExpo
Cisco
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
© 2011
Cisco
and/or
its affiliates.
All rights
reserved.
Cisco Public
18