CR01-U4-2 Transicion ipv4 a ipv6.pdf

7/27/2019 CR01-U4-2 Transicion ipv4 a ipv6.pdf

1/27

Conectividad de Redes-U4-2

2013-02


2/27

Transicin entre IPv4 a IPv6


3/27

Transicin IPv4 a IPv6Tecnicas para el periodo de transicin entre IPv4 y IPv6:

Dual-stack :

Los computadoras y dispositivos de red ambos corren IPv4 e IPv6 al mismo

tiempo.

Emplea mucho reciurso y sobrecarga en la red.

Tunneling : Aisla la red IPv6 y lo conecta a travs de una infraestructura IPv4 empleando

tunnels.

Solo los dispositivos de borde requieren dual-stacked.

La escalabilidad puede ser un problema si muchos tunnels son creados.

Translation :

Un traductor convierte IPv6 en IPv4 y viseversa.

Solo permite comunicarse dispositivos IPv6 con dispositivos IPv4.

La escalabilidad puede ser un problema ya que requiere mucho recurso.


4/27

Transicin IPv4 a IPv6

Dual-stack Tunneling

Manual

Manual IPv6 Tunnel

GRE IPv6 Tunnel

Dynamic 6to4 Tunnel

IPv4-Compatible IPv6 Tunnel (deprecated)

ISATAP Tunnel

Translation

Static NAT-PT for IPv6

Dynamic NAT-PT for IPv6


5/27

Dual Stack


6/27

Dual Stack

Integration method in which a node has connectivity to both an IPv4 and IPv6

network

Node has two protocol stacks.

A dual-stack node chooses which stack to use based on destination address: Prefers IPv6 when available


7/27

Dual Stack

R1 is configured as dual-stacked.

FastEthernet 0/0 interface has two addresses on it:

IPv4

IPv6

For both protocols the addresses on R1 and R2 are on the same network.

IPv4: 10.10.10.1/24 IPv4: 10.10.10.2/24

IPv6: 2001:12::1/64 IPv6: 2001:12::2/64

R1(config)# inter fa 0/0

R1(config-if)# ip add 10.10.10.1 255.255.255.0

R1(config-if)# ipv6 add 2001:12::1/64

R1(config)# show ip interface fa 0/0

FastEthernet0/0 is up, line protocol is up

Internet address is 10.10.10.1/25

Broadcast address is 255.255.255.255

R1(config)# show ipv6 interface fa 0/0

FastEthernet0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::219:56FF:FE2C:9F60

Global unicast address(es):

2001:12::1, subnet is 2001:12::/64

Joined group address(es):

FF02::1

FF02::2

R1 R2


8/27

Dual Stack

IPv4: 10.10.10.1/24 IPv4: 10.10.10.2/24

IPv6: 2001:12::1/64 IPv6: 2001:12::2/64R1 R2

A drawback of dual stacking is the resources required within eachdevice configured with both protocols.

The device must keep dual routing tables, routing protocol topology

tables, etc.


9/27

Tunneling


10/27

Tunneling

Tunneling IPv6 Inside IPv4 Packets

This enables the connection of IPv6 islands without the need to convert

the intermediary network to IPv6. Tunnels can be either manually or automatically configured.


11/27

Tunneling

Isolated Dual-Stack

Tunneling can also be done between a host and a router,

The encapsulated tunnel connects the host to the edge router of

the IPv6 network.


12/27

Tunneling

Some tunneling terminology can be explained using this example:

IPv4 is the transport protocol, the protocol over which the tunnel is created.

IPv6 is the passenger protocol, the protocol encapsulated in the tunnel and

carried through the tunnel.

Another protocol is used to create the tunnel, and is known as the tunnelingprotocol.

An example of such a protocol is Ciscos Generic Routing Encapsulation (GRE)

protocol.

Encapsulates the passenger protocol.

12

Packet

IPv6

Header

IPv4

Header

GRE


13/27

Manual IPv6 Tunnel

Simulates a permanent link between two IPv6 domains over an IPv4

backbone.

Physical interfaces may also be used as the tunnel source and

destination interfaces, which also have IPv4 addresses. Best practice is to use loopback interfaces

The end routers implementing a manual tunnel must be dual-stacked


14/27

Manual IPv6 Tunnel

IPv6 DataIPv6HeaderIPv4Header Protocol41

IPv6 DataIPv6

Header

20 bytes

IPv6 Manual Tunnel

IPv6 DataIPv6

Header

Manually tunneling IPv6 inside of IPv4 uses IPv4 protocol 41 and adds a 20-byteIPv4 header (if there are not any options in the header) before the IPv6 header

and payload (data).


15/27

Manual IPv6 Tunnel

IPv6 DataIPv6

Header

IPv4

Header

Protocol

4120 bytes

The IPv6 communication can be made secure with the use of IPsec:

Confidentiality

Integrity Authentication


16/27

Manual IPv6 Tunnel

There are two IPv6 networks:,

13::/64 and 24::/64 Separated by an IPv4-only network.

IPv4 RIP is running between R1 and R2 to provide connectivity between the

loopback interface networks.

Successful ping and a display of R1s IPv4 routing table.


17/27

Manual IPv6 Tunnel

Objective is to provide full connectivity between the IPv6 islands over the IPv4-only infrastructure.

Since the tunnel does not have an IPv4 address, the no ip address command is used.

The appropriate loopbackaddress is used as the tunnel source

Its IPv4 address will be the source address for the tunnel.

IPv4 is functioning here as the encapsulation protocol and as the transport protocol.

The tunnel destination is the IPv4 address of the other router.

The tunnel mode command defines the encapsulation;

Manual IPv6 tunnel with IPv6 as the passenger protocol

R1(config)# inter tunnel 12

R1(config-if)# no ip address

R1(config-if)# ipv6 address 12::1/64

R1(config-if)# tunnel source loopback 101

R1(config-if)# tunnel destination 10.2.2.2

R1(config-if)# tunnel mode ipv6ip

R2(config)# ipv6 unicast-routing

R2(config)# interface tunnel 12

R2(config-if)# no ip address

R2(config-if)# ipv6 address 12::2/64

R2(config-if)# tunnel source loopback 102

R2(config-if)# tunnel destination 10.1.1.1

R2(config-if)# tunnel mode ipv6ip


18/27

Translation


19/27

Translation

NAT-PT is a translation mechanism that sits between an IPv6 network and an IPv4

network.

The job of the translator (which of course can be a Cisco IOS router) is to:

Translate IPv6 packets into IPv4 packets and vice versa

More than an address translator: it is really aprotocol translator.

A

R1

D

NAT-PT

IPv6

Network192.168.2.1 IPv4 Network

2001:DB8:FFFF:1::1 192.168.30.1

Source Address: 2001:DB8:FFFF:1::1

Destination address: 2001:DB8:FFFF:FFFF::A

Source Address: 192.168.2.2

Destination address: 192.168.30.1


20/27


NAT-PT is another powerful transitiontechnique, but is not a replacement for the

other techniques, such as dual-stack and

tunneling, discussed so far in this chapter.

Used in situations where direct communication

between IPv6-only and IPv4-only networks is

desired. It would not be appropriate in situations where

connectivity between two IPv6 networks is

required, since two points of translation would

be necessary, which would not be efficient or

effective.

With NAT-PT, all configuration and translation isperformed on the NAT-PT router; the other

devices in the network are not aware of the

existence of the other protocols network, nor

that translations are occurring.


21/27

Transicin IPv4 a IPv6 DNS is crucial in real-life NAT-PT architectures,

because applications initiate traffic from hosts,and DNS translates domain names to IP

addresses.

Since DNS requests may cross the NAT-PT

router, a DNS application layer gateway (ALG) is

typically implemented in NAT-PT routers to

facilitate the name-to-address mapping. The DNS-ALG translates IPv6 addresses in DNS

queries and responses into their IPv4 address

bindings, and vice versa, as DNS packets traverse

between IPv6 and IPv4 domains.

NAT-PT uses a 96-bit IPv6 network prefix to

direct all IPv6 traffic that needs to be translatedto the NAT-PT router.

This prefix can be any routable prefix within the

IPv6 domain; IPv6 routing must be configured

such that all IPv6 packets addressed to this prefix

are routed to the NAT-PT device.


22/27

Static NAT-PT for IPv6

R4 and R2 need to communicate; R4 only has an IPv6 address and R2 only has anIPv4 address.

Two static NAT-PT translations are configured on router R1 to allow

bidirectional traffic between the two devices.

Both the source and destination addresses in both directions will be translated.


23/27


the ipv6 nat v6v4 source command is used to configure the mapping between R4s IPv6 source

address (14::4) and the IPv4 address that R4 appears as in the IPv4 world (172.16.123.100).

Notice that 172.16.123.100 is a valid address on the subnet between R1 and R2; it is an unused IP

address on the destination subnet, so R1 does not need to advertise a new subnet to R2.

Traffic coming from R4 will therefore look like it is coming from this R1-R2 subnet.

shows the ipv6 nat v4v6 source command, used to configure the mapping for return traffic

between R2s IPv4 source address (172.16.123.2) and the IPv6 address that R2 appears as in the IPv6

world (1144::1).

This IPv6 address does not exist in the IPv6 world; it is an unused address selected to represent IPv4

devices in the IPv6 world;

it is on the NAT-PT prefix, which is configured next.

R1(config)# interface serial 0/0/0

R1(config-if)# ipv6 add 14::1/64R1(config-if)# ipv6 nat


R1(config-if)# ip add 172.16.123.1 255.255.255.0

R1(config-if)# ipv6 nat

R1(config)# ipv6 nat v6v4 source 14::4 172.16.123.100

R1(config)# ipv6 nat v4v6 source 172.16.123.2 1144::1

R1(config)# ipv6 nat prefix 1144::/96


24/27


Traffic destined to this prefix received on R1 will be translated.

In this example, 1144::/64 is the NAT-PT prefix selected; it identifies all destinations on the

IPv4-only network.

As the example shows, you must configure a 96-bit prefix length.

This is because 32-bit IPv4 addresses are translated into 128-bit IPv6 addresses;

the difference is 128-32 = 96 bits, so this is the required number of bits in the prefix.

Notice that this ipv6 nat prefix command creates a connected route in R1s routing table.


R1(config-if)# ipv6 add 14::1/64



R1(config-if)# ip add 172.16.123.1 255.255.255.0


R1(config)# ipv6 nat v6v4 source 14::4

172.16.123.100

R1(config)# ipv6 nat v4v6 source 172.16.123.21144::1



25/27


displays the output of the

show ipv6 route connected

command, confirming that the

NAT-PT 96-bit prefix is there.

Notice that this prefix is

directly connected to the

interface NVI0;

NVI is a NAT virtual interface

and exists to allow NAT traffic

flows.

R1# show ipv6 route static

C 13::/64 [1/0]

via FastEthernet0/0, directly connected

C 14::/64 [1/0]

via Serial0/0/0, directly connected

C 1144::/96 [0/0]

via NV10, directly connected

R1#


26/27


So, on R1, the redistribute connected command (with a seed metric of

3) is entered under the RIPng process.

R4 now has a route to the 1144 prefix and can forward traffic to it.





R1(config-if)# ip add 172.16.123.1 255.255.255.0





R1(config)# ipv6 router rip NAT-PT

R1(config-rtr)# redistribute connected metric 3

R4# show ipv6 route rip

R 13::/64[120/2]

via FE80::1, Serial 1/1.7

R 1144::/96 [120/4]

via FE80::1, Serial 1/1.7

R4#


27/27


Successful ping is sent from R4 to 1144::1, the IPv6 address representing R2;

two static translation entries: 172.16.123.100 to 14::4, and 172.16.123.2 to 1144::1, as well as the

ICMP entry created for the ping.





R1(config-if)# ip add 172.16.123.1 255.255.255.0





R1(config)# ipv6 router rip NAT-PT

R1(config-rtr)# redistribute connected metric 3

R1# show ipv6 nat translations

Prot IPv4 source IPv6 source

IPv4 destination IPv6 destination

--- --- ---

172.16.123.2 1144::1icmp 172.16.123.100, 7364 14::4, 7364

172.16.123.2, 7364 1144::1, 7364

172.16.123.100 14::4

R4# ping 1144::1

!!!!!

R4#

CR01-U4-2 Transicion ipv4 a ipv6.pdf

Documents

Transcript of CR01-U4-2 Transicion ipv4 a ipv6.pdf