Conectividad de Redes-U4-2 2013-02

Transicin entre IPv4 a IPv6

Transicin IPv4 a IPv6

Tecnicas para el periodo de transicin entre IPv4 y IPv6:

Dual-stack :

Los computadoras y dispositivos de red ambos corren IPv4 e IPv6 al mismo tiempo. Emplea mucho reciurso y sobrecarga en la red. Aisla la red IPv6 y lo conecta a travs de una infraestructura IPv4 empleando tunnels. Solo los dispositivos de borde requieren dual-stacked. La escalabilidad puede ser un problema si muchos tunnels son creados. Un traductor convierte IPv6 en IPv4 y viseversa. Solo permite comunicarse dispositivos IPv6 con dispositivos IPv4. La escalabilidad puede ser un problema ya que requiere mucho recurso.

Tunneling :

Translation :

Transicin IPv4 a IPv6

Dual-stack Tunneling Manual Manual IPv6 Tunnel GRE IPv6 Tunnel Dynamic 6to4 Tunnel IPv4-Compatible IPv6 Tunnel (deprecated) ISATAP Tunnel Translation Static NAT-PT for IPv6 Dynamic NAT-PT for IPv6

Dual Stack

Dual Stack

Integration method in which a node has connectivity to both an IPv4 and IPv6 network Node has two protocol stacks. A dual-stack node chooses which stack to use based on destination address: Prefers IPv6 when available

Dual Stack
IPv4: 10.10.10.1/24 R1 IPv6: 2001:12::1/64 IPv4: 10.10.10.2/24 IPv6: 2001:12::2/64 R2 R1(config)# inter fa 0/0 R1(config-if)# ip add 10.10.10.1 255.255.255.0 R1(config-if)# ipv6 add 2001:12::1/64 R1(config)# show ip interface fa 0/0 FastEthernet0/0 is up, line protocol is up Internet address is 10.10.10.1/25 Broadcast address is 255.255.255.255 <output omitted> R1(config)# show ipv6 interface fa 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::219:56FF:FE2C:9F60 Global unicast address(es): 2001:12::1, subnet is 2001:12::/64 Joined group address(es): FF02::1 FF02::2 <output omitted>

R1 is configured as dual-stacked. FastEthernet 0/0 interface has two addresses on it:

IPv4 IPv6

For both protocols the addresses on R1 and R2 are on the same network.

Dual Stack
IPv4: 10.10.10.1/24 IPv4: 10.10.10.2/24 IPv6: 2001:12::2/64

R1

IPv6: 2001:12::1/64

R2

A drawback of dual stacking is the resources required within each device configured with both protocols. The device must keep dual routing tables, routing protocol topology tables, etc.

Tunneling

Tunneling

Tunneling IPv6 Inside IPv4 Packets This enables the connection of IPv6 islands without the need to convert the intermediary network to IPv6. Tunnels can be either manually or automatically configured.

Tunneling

Isolated Dual-Stack

Tunneling can also be done between a host and a router,

The encapsulated tunnel connects the host to the edge router of the IPv6 network.

Tunneling

IPv4 Header

GRE

IPv6 Header

Packet

Some tunneling terminology can be explained using this example:

IPv4 is the transport protocol, the protocol over which the tunnel is created.
IPv6 is the passenger protocol, the protocol encapsulated in the tunnel and carried through the tunnel. Another protocol is used to create the tunnel, and is known as the tunneling protocol. An example of such a protocol is Ciscos Generic Routing Encapsulation (GRE) protocol.

Encapsulates the passenger protocol.

12

Manual IPv6 Tunnel

Simulates a permanent link between two IPv6 domains over an IPv4 backbone. Physical interfaces may also be used as the tunnel source and destination interfaces, which also have IPv4 addresses. Best practice is to use loopback interfaces

The end routers implementing a manual tunnel must be dual-stacked

Manual IPv6 Tunnel

IPv4 Header Protocol 41
20 bytes IPv6 Manual Tunnel

IPv6 Header

IPv6 Data

IPv6 Header

IPv6 Data

IPv6 Header

IPv6 Data

Manually tunneling IPv6 inside of IPv4 uses IPv4 protocol 41 and adds a 20-byte IPv4 header (if there are not any options in the header) before the IPv6 header and payload (data).

Manual IPv6 Tunnel

IPv4 Header Protocol 41
20 bytes

IPv6 Header

IPv6 Data

The IPv6 communication can be made secure with the use of IPsec:

Confidentiality Integrity Authentication

Manual IPv6 Tunnel

There are two IPv6 networks:,

13::/64 and 24::/64

Separated by an IPv4-only network. IPv4 RIP is running between R1 and R2 to provide connectivity between the loopback interface networks. Successful ping and a display of R1s IPv4 routing table.

Manual IPv6 Tunnel

R1(config)# inter tunnel 12 R1(config-if)# no ip address R1(config-if)# ipv6 address 12::1/64 R1(config-if)# tunnel source loopback 101 R1(config-if)# tunnel destination 10.2.2.2 R1(config-if)# tunnel mode ipv6ip R2(config)# ipv6 unicast-routing R2(config)# interface tunnel 12 R2(config-if)# no ip address R2(config-if)# ipv6 address 12::2/64 R2(config-if)# tunnel source loopback 102 R2(config-if)# tunnel destination 10.1.1.1 R2(config-if)# tunnel mode ipv6ip

Objective is to provide full connectivity between the IPv6 islands over the IPv4-only infrastructure. Since the tunnel does not have an IPv4 address, the no ip address command is used. The appropriate loopback address is used as the tunnel source

Its IPv4 address will be the source address for the tunnel.

IPv4 is functioning here as the encapsulation protocol and as the transport protocol. The tunnel destination is the IPv4 address of the other router. The tunnel mode command defines the encapsulation;

Manual IPv6 tunnel with IPv6 as the passenger protocol

Translation

Translation
A
2001:DB8:FFFF:1::1
Source Address: Destination address: 2001:DB8:FFFF:1::1 2001:DB8:FFFF:FFFF::A

IPv6 Network

192.168.2.1 IPv4 Network

D
192.168.30.1

R1
Source Address: Destination address: 192.168.2.2 192.168.30.1

NAT-PT

NAT-PT is a translation mechanism that sits between an IPv6 network and an IPv4 network. The job of the translator (which of course can be a Cisco IOS router) is to:

Translate IPv6 packets into IPv4 packets and vice versa

More than an address translator: it is really a protocol translator.

Transicin IPv4 a IPv6

NAT-PT is another powerful transition technique, but is not a replacement for the other techniques, such as dual-stack and tunneling, discussed so far in this chapter. Used in situations where direct communication between IPv6-only and IPv4-only networks is desired. It would not be appropriate in situations where connectivity between two IPv6 networks is required, since two points of translation would be necessary, which would not be efficient or effective. With NAT-PT, all configuration and translation is performed on the NAT-PT router; the other devices in the network are not aware of the existence of the other protocols network, nor that translations are occurring.

Transicin IPv4 a IPv6

DNS is crucial in real-life NAT-PT architectures, because applications initiate traffic from hosts, and DNS translates domain names to IP addresses.
Since DNS requests may cross the NAT-PT router, a DNS application layer gateway (ALG) is typically implemented in NAT-PT routers to facilitate the name-to-address mapping. The DNS-ALG translates IPv6 addresses in DNS queries and responses into their IPv4 address bindings, and vice versa, as DNS packets traverse between IPv6 and IPv4 domains. NAT-PT uses a 96-bit IPv6 network prefix to direct all IPv6 traffic that needs to be translated to the NAT-PT router. This prefix can be any routable prefix within the IPv6 domain; IPv6 routing must be configured such that all IPv6 packets addressed to this prefix are routed to the NAT-PT device.

Static NAT-PT for IPv6

R4 and R2 need to communicate; R4 only has an IPv6 address and R2 only has an IPv4 address. Two static NAT-PT translations are configured on router R1 to allow bidirectional traffic between the two devices. Both the source and destination addresses in both directions will be translated.

Transicin IPv4 a IPv6

R1(config)# interface serial 0/0/0 R1(config-if)# ipv6 add 14::1/64 R1(config-if)# ipv6 nat R1(config)# interface serial 0/1/0 R1(config-if)# ip add 172.16.123.1 255.255.255.0 R1(config-if)# ipv6 nat R1(config)# ipv6 nat v6v4 source 14::4 172.16.123.100 R1(config)# ipv6 nat v4v6 source 172.16.123.2 1144::1 R1(config)# ipv6 nat prefix 1144::/96

the ipv6 nat v6v4 source command is used to configure the mapping between R4s IPv6 source address (14::4) and the IPv4 address that R4 appears as in the IPv4 world (172.16.123.100). Notice that 172.16.123.100 is a valid address on the subnet between R1 and R2; it is an unused IP address on the destination subnet, so R1 does not need to advertise a new subnet to R2.

Traffic coming from R4 will therefore look like it is coming from this R1-R2 subnet.
shows the ipv6 nat v4v6 source command, used to configure the mapping for return traffic between R2s IPv4 source address (172.16.123.2) and the IPv6 address that R2 appears as in the IPv6 world (1144::1). This IPv6 address does not exist in the IPv6 world; it is an unused address selected to represent IPv4 devices in the IPv6 world; it is on the NAT-PT prefix, which is configured next.

Transicin IPv4 a IPv6

R1(config)# interface serial 0/0/0 R1(config-if)# ipv6 add 14::1/64 R1(config-if)# ipv6 nat R1(config)# interface serial 0/1/0 R1(config-if)# ip add 172.16.123.1 255.255.255.0 R1(config-if)# ipv6 nat

R1(config)# ipv6 nat v6v4 source 14::4 172.16.123.100 R1(config)# ipv6 nat v4v6 source 172.16.123.2 1144::1 R1(config)# ipv6 nat prefix 1144::/96

Traffic destined to this prefix received on R1 will be translated. In this example, 1144::/64 is the NAT-PT prefix selected; it identifies all destinations on the IPv4-only network.

As the example shows, you must configure a 96-bit prefix length.

This is because 32-bit IPv4 addresses are translated into 128-bit IPv6 addresses; the difference is 128-32 = 96 bits, so this is the required number of bits in the prefix. Notice that this ipv6 nat prefix command creates a connected route in R1s routing table.

Transicin IPv4 a IPv6

R1# show ipv6 route static C C C 13::/64 [1/0] via FastEthernet0/0, directly connected 14::/64 [1/0] via Serial0/0/0, directly connected 1144::/96 [0/0] via NV10, directly connected

R1#

displays the output of the show ipv6 route connected command, confirming that the NAT-PT 96-bit prefix is there. Notice that this prefix is directly connected to the interface NVI0; NVI is a NAT virtual interface and exists to allow NAT traffic flows.

Transicin IPv4 a IPv6

R1(config)# interface serial 0/0/0 R1(config-if)# ipv6 add 14::1/64 R1(config-if)# ipv6 nat R1(config)# interface serial 0/1/0 R1(config-if)# ip add 172.16.123.1 255.255.255.0 R1(config-if)# ipv6 nat R1(config)# ipv6 nat v6v4 source 14::4 172.16.123.100 R1(config)# ipv6 nat v4v6 source 172.16.123.2 1144::1 R1(config)# ipv6 nat prefix 1144::/96 R1(config)# ipv6 router rip NAT-PT R1(config-rtr)# redistribute connected metric 3 R4# show ipv6 route rip R 13::/64[120/2] via FE80::1, Serial 1/1.7 1144::/96 [120/4] via FE80::1, Serial 1/1.7

R4#

So, on R1, the redistribute connected command (with a seed metric of 3) is entered under the RIPng process.
R4 now has a route to the 1144 prefix and can forward traffic to it.

Transicin IPv4 a IPv6

R1(config)# interface serial 0/0/0 R1(config-if)# ipv6 add 14::1/64 R1(config-if)# ipv6 nat R1(config)# interface serial 0/1/0 R1(config-if)# ip add 172.16.123.1 255.255.255.0 R1(config-if)# ipv6 nat

R1(config)# ipv6 nat v6v4 source 14::4 172.16.123.100 R1(config)# ipv6 nat v4v6 source 172.16.123.2 1144::1 R1(config)# ipv6 nat prefix 1144::/96
R1(config)# ipv6 router rip NAT-PT R1(config-rtr)# redistribute connected metric 3 R4# ping 1144::1 !!!!! R4# R1# show ipv6 nat translations Prot IPv4 source IPv4 destination ----172.16.123.2 icmp 172.16.123.100, 7364 172.16.123.2, 7364 172.16.123.100

IPv6 source IPv6 destination --1144::1 14::4, 7364 1144::1, 7364 14::4

Successful ping is sent from R4 to 1144::1, the IPv6 address representing R2; two static translation entries: 172.16.123.100 to 14::4, and 172.16.123.2 to 1144::1, as well as the ICMP entry created for the ping.