Deploying IPv6 Networks By Ciprian Popoviciu, Eric Levy-Abegnoli, Patrick Grossetete Publisher: Cisco Press Pub Date: February 10, 2006 Print ISBN-10: 1-58-705210-5 Print ISBN-13: 978-1-58705-210-1 Pages: 672 Table of Contents | Index An essential guide to IPv6 concepts, service implementation, and interoperability in existing IPv4 environments Learn about IPv6 services and the relevant IPv6 features that make them possible Plan, deploy, and manage IPv6 services at the production level in existent IPv4 networks Configure and troubleshoot IPv6 networks IPv6 scales up to support new services that require a very large addressing space; it is positioned to provide the infrastructure for a world where mobile devices, home appliances, and phones will each have their own, unique IP address In the United States, major Enterprise customers interfacing with the Department of Defense, contractors such as Boeing and Lockheed Martin, have expressed stronger interest in the technology due to their customer requests Microsoft considers IPv6 a strategic technology because it will free the networks of NATs opening the door to peer-to-peer applications Deploying IPv6 Networks will present the service capabilities of IPv6, the features supporting these services, and the ways in which they can be implemented in a scalable, production-level network The information will be presented in the context of the existing IPv4 operational and design concepts, anchoring the discussion to familiar ground and the environments that will be incorporating the IPv6 services After completing Deploying IPv6 Networks the reader will Understand the state of IPv6 technologies and services and the IPv6 features as they are applied in service deployments In addition they will know how to design and implement an IPv6 production-level network, using the book's templates and examples Have the ability to configure and troubleshoot IPv6 in production networks and know where IPv6 developments are moving in the future Deploying IPv6 Networks By Ciprian Popoviciu, Eric Levy-Abegnoli, Patrick Grossetete Publisher: Cisco Press Pub Date: February 10, 2006 Print ISBN-10: 1-58-705210-5 Print ISBN-13: 978-1-58705-210-1 Pages: 672 Table of Contents | Index Copyright About the Authors About the Contributor About the Technical Reviewers Acknowledgments Icons Used in This Book Command Syntax Conventions Introduction Goals and Methods Who Should Read This Book? How This Book Is Organized Part I: Implementing IPv6 Services Chapter 1 The Case for IPv6An Updated Perspective Unicast Connectivity QoS Services Multicast Services Virtual Private Networks Security IP Mobility IPv6 Is an Evolutionary Step Chapter 2 An IPv6 Refresher IPv6 Addressing IPv6 Packet Format Internet Control Message Protocol for IPv6 Neighbor Discovery Protocol Chapter 3 Delivering IPv6 Unicast Services Overview IPv6 Provisioning IPv6 Network Access IPv6 over the Backbone Translation Mechanisms (NAT-PT) Chapter 4 IPv6 Routing Protocols Distance Vector Routing Protocol Path Vector Routing Protocol Link-State Routing Protocol IPv6 Interior Gateway Protocols BGP Site Multihoming Deploying IPv6 Routing Protocols Chapter 5 Implementing QoS QoS for IPv6 QoS for IPv6 over MPLS Deploying QoS for IPv6 Chapter 6 Providing IPv6 Multicast Services IPv6 Multicast IPv6 Multicast Deployment Examples Chapter 7 VPN IPv6 Architecture and Services Virtual Private Network Overview Using IPsec to Implement CE-Based VPNs BGP-MPLS IPv6 VPNs: A PE-Based VPN Solution Topology Examples Chapter 8 Advanced ServicesIPv6 Mobility Chapter Overview IP Host Mobility Network Mobility IP Mobility in Nonmobile Scenarios Next Steps in Mobility Chapter 9 Securing IPv6 Networks Security Threats and Best Practices to Protect Against Them Tools Available for Securing IPv6 Networks Summary of Best Practices for Securing IPv6 Deployments Chapter 10 Managing IPv6 Networks IPv6 Network Management: The Challenges Network-Management Architecture Retrieving Information from Routers and Switches Fault Management Performance Management Configuration and Provisioning Management Management Platforms IPv6 Network Management Services and Tools at a Glance Chapter 11 Network Performance Considerations: Coexistence of IPv4 and IPv6 Aspects of Router IPv6 Performance Measuring Forwarding Performance The Right Router for the Job IPv6 Router Performance Evaluation Checklist Part II: Deployment Case Studies Chapter 12 Generic Deployment Planning Guidelines Cost Analysis Address Policies and Registration Process Education Chapter 13 Deploying IPv6 in an MPLS Service Provider Network Network Environment Network Design Objectives Network Design Basic Services Design and Implementation Quality of Service Design Operating and Troubleshooting the Network Design Lessons Chapter 14 Deploying IPv6 in an IP Service Provider Network Network Environment and IPv4 Services IPv6 Deployment Plans Basic Services Design and Implementation Advanced Services Design and Implementation Operating and Troubleshooting the Network Deployment Lessons Chapter 15 Deploying IPv6 in an Enterprise Network Introducing AC Corporation AC Network Environment Business Drivers to Integrate IPv6 on the AC Network Learning the Technology Moving IPv6 to Production Design and Setup Troubleshooting Future Evolutions Index Copyright Deploying IPv6 Networks Ciprian Popoviciu, Eric Levy-Abegnoli, Patrick Grossetete Copyright © 2006 Cisco Systems, Inc Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 First Printing February 2006 Library of Congress Cataloging-in-Publication Number: 2004108530 Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized Cisco Press or Cisco Systems, Inc cannot attest to the accuracy of this information Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark Warning and Disclaimer This book is designed to provide information about the deployment of IPv6 Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied The information is provided on an "as is" basis The author, Cisco Press, and Cisco Systems, Inc shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc Corporate and Government Sales Cisco Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales For more information please contact: U.S Corporate and Government Sales 1-800-382-3419 corpsales@pearsontechgroup.com For sales outside the U.S please contact: International Sales international@pearsoned.com Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community Readers' feedback is a natural continuation of this process If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail at feedback@ciscopress.com Please make sure to include the book title and ISBN in your message We greatly appreciate your assistance Publisher John Wait Editor-in-Chief John Kane Cisco Representative Anthony Wolfenden Cisco Press Program Manager Jeff Brady Production Manager Patrick Kanouse Development Editor Deadline Driven Publishing Project/Copy Editor Interactive Composition Corporation Technical Editors Blair Buchanan, Gunter Van de Velde, Dan Williston Team Coordinator Raina Han Book/Cover Designer Louisa Adair Compositor Interactive Composition Corporation Indexer Interactive Composition Corporation Corporate Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Cisco Systems International BV Haarlerbergpark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands www-europe.cisco.com Tel: 31 0 20 357 1000 Fax: 31 0 20 357 1100 Americas Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883 Asia Pacific Headquarters Cisco Systems, Inc Capital Tower 168 Robinson Road #22-01 to #29-01 Singapore 068912 www.cisco.com Tel: +65 6317 7777 Fax: +65 6317 7799 Cisco Systems has more than 200 offices in the following countries and regions Addresses, phone numbers, and fax numbers are listed on the Cisco.com Web site at www.cisco.com/go/offices Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe Copyright © 2003 Cisco Systems, Inc All rights reserved CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, iQ Net Readiness Scorecard, Networking Academy, and ScriptShare are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, The resolvers Resource Records return on investment (ROI) hosts network elements operations overview reverse routability reverse-path forwarding (RPF) RGMP (Routing Group Management Protocol) RIBs (Routing Information Bases) RIPE RIPng configuring IPv6 support RIRs (Regional Registries) roaming rogue devices rollout, service route flapping route optimization 2nd route optimization for NEMO route projection route reflectors MPLS networks PE-based VPNs 2nd route refresh, PE-based VPNs routed access Routed Bridged Encapsulation (RBE) feature Router Group Management Protocol (RGMP) routers architecture first-hop redundancy forwarding performance 6PE/6VPE environments centralized versus distributed forwarding control plane data plane evaluation checklist high-end routers low-end routers measuring mid-range routers overview software versus hardware forwarding mobile VRF-aware commands routing attacks multicast Routing Information Bases (RIBs) Delegating Routers routing protocols [See also specific protocols] BGP-MPLS VPNs deploying network access network core network distribution/edge distance vector routing enterprise networks IPsec VPNs link-state vector routing protocol path vector routing protocol RPF (reverse-pathforwarding) RPs (Rendezvous Points) RPs (rendezvous points) embedded RP 2nd PIM-Bidir PIM-SM PIM-SSM RRs (Requesting Routers) RSVP-TE RTP (Real Time Protocol) Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] scaling PE-based VPNs SEAMOBY (seamless mobility, for context and micromobility routing) security 6PE access best practices Cisco SAFE Blueprint data center edge enterprise network deployments 2nd MIPv6 2nd 3rd MPLS NAT overview 2nd threats address-resolution attacks application layer attacks broadcast-amplification attacks flooding attacks header manipulation host-initialization attacks IP packet fragmentation 2nd man-in-the-middle attacks reconnaissance rogue devices routing attacks sniffing spoofing transition-mechanism attacks unauthorized access viruses worms tools AAA (authentication, authorization, and accounting) ACLs (access control lists) firewalls IPsec overview traffic rate limiting uRPF (Unicast Reverse Path Forwarding) 2nd VPNs 2nd 3rd sensor networks server load balancing service level agreements service provider deployments (MPLS) access design addressing core design CsC-CE configuration design objectives edge design global Internet access design and implementation inter-AS design MTU discovery POP design QoS design route reflector design security troubleshooting VPN IA service design and implementation VPN service design and implementation VRF design service providers services advanced multicast rollout targeted shaping function shortest path trees (SPTs) SIP (Session Initiation Protocol) smurf attacks sniffing software forwarding routers upgrade costs SOLICIT messages Source Specific Multicast [See SSM] spoofing attacks uRPF (Unicast Reverse Path Forwarding) 2nd SPTs (shortest path trees) SSM (Source Specific Multicast) ASM, versus overview SSM mapping for MLDv1 SSM mapping for MLDv2 Start Here manual stateful DHCP stateful filtering stateless autoconfiguration address renumbering operation stateless DHCP static addresses storage switches Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] TACACS+ (Terminal Access Controller Access Control System Plus) targeted services communities of interest content delivery content hosting/storage DNS services Internet access mail services MIPv6 overview unicast connectivity VoIP Teredo tunnels TIB (Tree Information Base) topology hiding Traceroute command traffic conditioning traffic engineering traffic filtering traffic forwarding, PIM traffic rate limiting training transition-mechanism attacks transitioning translation mechanisms Tree Information Base (TIB) troubleshooting enterprise network deployments MPLS service provider networks multicast routing/forwarding overview provisioning securing networks access data center edge overview unicast routing/forwarding tunnels 6to4 brokers GRE IPsec VPNs IPv4 2nd ISATAP layer 2 circuits manually configured multicast deployments overview servers Teredo Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] ULAs (unique local addresses) 2nd unauthorized access unicast access layer media types native access virtualized address space addressing IPv4 NAT public vs private renumbering static vs dynamic connectivity 2nd deployment mechanisms forwarding routing 2nd service rollout tunnels brokers ISATAP manually configured servers Teredo Unicast Reverse Path Forwarding (uRPF) 2nd unicast routing/forwarding unique local addresses (ULAs) 2nd unspecified addresses upgrade costs hosts network elements operations overview uRPF (Unicast Reverse Path Forwarding) 2nd Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] vendor-specific attributes (VSAs) virtual home networks virtual routing and forwarding [See VRF] virtualized access layer L2TPv2 access aggregation L2TPv3 access aggregation overview viruses VLSM (variable-length subnet mask) VoIP VPNs (virtual private networks) addressing 2nd benefits cost savings extended connectivity overview 2nd privacy renumbering security 2nd 3rd services VRF (virtual routing and forwarding) associating to an interface configuring MPLS networks case study overview VRF-aware router commands VSAs (vendor-specific attributes) Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] websites WiFi access points worms .. .Deploying IPv6 Networks By Ciprian Popoviciu, Eric Levy-Abegnoli, Patrick Grossetete Publisher: Cisco Press Pub Date: February 10, 2006 Print ISBN- 10: 1-58-705210-5 Print ISBN- 13: 978-1-58705-210-1... ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet... Future Evolutions Index Copyright Deploying IPv6 Networks Ciprian Popoviciu, Eric Levy-Abegnoli, Patrick Grossetete Copyright © 2006 Cisco Systems, Inc Published by: Cisco Press 800 East 96th Street