Académique Documents
Professionnel Documents
Culture Documents
Dual-stack :
Los computadoras y dispositivos de red ambos corren IPv4 e IPv6 al mismo tiempo. Emplea mucho reciurso y sobrecarga en la red. Aisla la red IPv6 y lo conecta a travs de una infraestructura IPv4 empleando tunnels. Solo los dispositivos de borde requieren dual-stacked. La escalabilidad puede ser un problema si muchos tunnels son creados. Un traductor convierte IPv6 en IPv4 y viseversa. Solo permite comunicarse dispositivos IPv6 con dispositivos IPv4. La escalabilidad puede ser un problema ya que requiere mucho recurso.
Tunneling :
Translation :
Dual-stack Tunneling Manual Manual IPv6 Tunnel GRE IPv6 Tunnel Dynamic 6to4 Tunnel IPv4-Compatible IPv6 Tunnel (deprecated) ISATAP Tunnel Translation Static NAT-PT for IPv6 Dynamic NAT-PT for IPv6
Dual Stack
Dual Stack
Integration method in which a node has connectivity to both an IPv4 and IPv6 network Node has two protocol stacks. A dual-stack node chooses which stack to use based on destination address: Prefers IPv6 when available
Dual Stack
IPv4: 10.10.10.1/24 R1 IPv6: 2001:12::1/64 IPv4: 10.10.10.2/24 IPv6: 2001:12::2/64 R2 R1(config)# inter fa 0/0 R1(config-if)# ip add 10.10.10.1 255.255.255.0 R1(config-if)# ipv6 add 2001:12::1/64 R1(config)# show ip interface fa 0/0 FastEthernet0/0 is up, line protocol is up Internet address is 10.10.10.1/25 Broadcast address is 255.255.255.255 <output omitted> R1(config)# show ipv6 interface fa 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::219:56FF:FE2C:9F60 Global unicast address(es): 2001:12::1, subnet is 2001:12::/64 Joined group address(es): FF02::1 FF02::2 <output omitted>
IPv4 IPv6
For both protocols the addresses on R1 and R2 are on the same network.
Dual Stack
IPv4: 10.10.10.1/24 IPv4: 10.10.10.2/24 IPv6: 2001:12::2/64
R1
IPv6: 2001:12::1/64
R2
A drawback of dual stacking is the resources required within each device configured with both protocols. The device must keep dual routing tables, routing protocol topology tables, etc.
Tunneling
Tunneling
Tunneling IPv6 Inside IPv4 Packets This enables the connection of IPv6 islands without the need to convert the intermediary network to IPv6. Tunnels can be either manually or automatically configured.
Tunneling
Isolated Dual-Stack
Tunneling
IPv4 Header
GRE
IPv6 Header
Packet
IPv4 is the transport protocol, the protocol over which the tunnel is created.
IPv6 is the passenger protocol, the protocol encapsulated in the tunnel and carried through the tunnel. Another protocol is used to create the tunnel, and is known as the tunneling protocol. An example of such a protocol is Ciscos Generic Routing Encapsulation (GRE) protocol.
Simulates a permanent link between two IPv6 domains over an IPv4 backbone. Physical interfaces may also be used as the tunnel source and destination interfaces, which also have IPv4 addresses. Best practice is to use loopback interfaces
IPv6 Header
IPv6 Data
IPv6 Header
IPv6 Data
IPv6 Header
IPv6 Data
Manually tunneling IPv6 inside of IPv4 uses IPv4 protocol 41 and adds a 20-byte IPv4 header (if there are not any options in the header) before the IPv6 header and payload (data).
IPv6 Header
IPv6 Data
The IPv6 communication can be made secure with the use of IPsec:
Separated by an IPv4-only network. IPv4 RIP is running between R1 and R2 to provide connectivity between the loopback interface networks. Successful ping and a display of R1s IPv4 routing table.
Objective is to provide full connectivity between the IPv6 islands over the IPv4-only infrastructure. Since the tunnel does not have an IPv4 address, the no ip address command is used. The appropriate loopback address is used as the tunnel source
Its IPv4 address will be the source address for the tunnel.
IPv4 is functioning here as the encapsulation protocol and as the transport protocol. The tunnel destination is the IPv4 address of the other router. The tunnel mode command defines the encapsulation;
Translation
Translation
A
2001:DB8:FFFF:1::1
Source Address: Destination address: 2001:DB8:FFFF:1::1 2001:DB8:FFFF:FFFF::A
IPv6 Network
D
192.168.30.1
R1
Source Address: Destination address: 192.168.2.2 192.168.30.1
NAT-PT
NAT-PT is a translation mechanism that sits between an IPv6 network and an IPv4 network. The job of the translator (which of course can be a Cisco IOS router) is to:
NAT-PT is another powerful transition technique, but is not a replacement for the other techniques, such as dual-stack and tunneling, discussed so far in this chapter. Used in situations where direct communication between IPv6-only and IPv4-only networks is desired. It would not be appropriate in situations where connectivity between two IPv6 networks is required, since two points of translation would be necessary, which would not be efficient or effective. With NAT-PT, all configuration and translation is performed on the NAT-PT router; the other devices in the network are not aware of the existence of the other protocols network, nor that translations are occurring.
DNS is crucial in real-life NAT-PT architectures, because applications initiate traffic from hosts, and DNS translates domain names to IP addresses.
Since DNS requests may cross the NAT-PT router, a DNS application layer gateway (ALG) is typically implemented in NAT-PT routers to facilitate the name-to-address mapping. The DNS-ALG translates IPv6 addresses in DNS queries and responses into their IPv4 address bindings, and vice versa, as DNS packets traverse between IPv6 and IPv4 domains. NAT-PT uses a 96-bit IPv6 network prefix to direct all IPv6 traffic that needs to be translated to the NAT-PT router. This prefix can be any routable prefix within the IPv6 domain; IPv6 routing must be configured such that all IPv6 packets addressed to this prefix are routed to the NAT-PT device.
R4 and R2 need to communicate; R4 only has an IPv6 address and R2 only has an IPv4 address. Two static NAT-PT translations are configured on router R1 to allow bidirectional traffic between the two devices. Both the source and destination addresses in both directions will be translated.
the ipv6 nat v6v4 source command is used to configure the mapping between R4s IPv6 source address (14::4) and the IPv4 address that R4 appears as in the IPv4 world (172.16.123.100). Notice that 172.16.123.100 is a valid address on the subnet between R1 and R2; it is an unused IP address on the destination subnet, so R1 does not need to advertise a new subnet to R2.
Traffic coming from R4 will therefore look like it is coming from this R1-R2 subnet.
shows the ipv6 nat v4v6 source command, used to configure the mapping for return traffic between R2s IPv4 source address (172.16.123.2) and the IPv6 address that R2 appears as in the IPv6 world (1144::1). This IPv6 address does not exist in the IPv6 world; it is an unused address selected to represent IPv4 devices in the IPv6 world; it is on the NAT-PT prefix, which is configured next.
R1(config)# ipv6 nat v6v4 source 14::4 172.16.123.100 R1(config)# ipv6 nat v4v6 source 172.16.123.2 1144::1 R1(config)# ipv6 nat prefix 1144::/96
Traffic destined to this prefix received on R1 will be translated. In this example, 1144::/64 is the NAT-PT prefix selected; it identifies all destinations on the IPv4-only network.
R1#
displays the output of the show ipv6 route connected command, confirming that the NAT-PT 96-bit prefix is there. Notice that this prefix is directly connected to the interface NVI0; NVI is a NAT virtual interface and exists to allow NAT traffic flows.
R4#
So, on R1, the redistribute connected command (with a seed metric of 3) is entered under the RIPng process.
R4 now has a route to the 1144 prefix and can forward traffic to it.
R1(config)# ipv6 nat v6v4 source 14::4 172.16.123.100 R1(config)# ipv6 nat v4v6 source 172.16.123.2 1144::1 R1(config)# ipv6 nat prefix 1144::/96
R1(config)# ipv6 router rip NAT-PT R1(config-rtr)# redistribute connected metric 3 R4# ping 1144::1 !!!!! R4# R1# show ipv6 nat translations Prot IPv4 source IPv4 destination ----172.16.123.2 icmp 172.16.123.100, 7364 172.16.123.2, 7364 172.16.123.100
IPv6 source IPv6 destination --1144::1 14::4, 7364 1144::1, 7364 14::4
Successful ping is sent from R4 to 1144::1, the IPv6 address representing R2; two static translation entries: 172.16.123.100 to 14::4, and 172.16.123.2 to 1144::1, as well as the ICMP entry created for the ping.