Stateful and Stateless NAT64

It's very easy to deploy IPv6 for MPLSVPN service provider who uses IPv4 as transport IPv6 traffic. But in the case of mobile users or normal enterprise users, it is totally different.
In my previous post, I have mentioned traffic flow of DNS64 when IPv6 host communicates with IPv4 server. NAT64(Network Address Translation) works in either stateless or stateful mode. Both modes has its own advantages and disadvantages.

Stateless NAT64

Figure 1

In stateless NAT64, state is not preserved which means for every IPv6 user a dedicated IPv4 address is required. As we are in IPv4 depletion phase, its very difficult to adopt this mode of NAT64. The only advantage of using stateless NAT64 when you have few numbers of IPv6 addresses(NAT46). NAT64 stateless is useless because of the reasons mentioned by Ivan in his post.

Stateful NAT64

Figure 2

In stateful NAT64, states are maintained like it is happened in NAT-PT scenarios. A single IP Address is used for all the private users with different port numbers. In the above diagram, a single IPv4 address is used with different port numbers for all the users of IPv6 which are in that LAN to access a public IPv4 server.

Read the white paper stating the difference between stateless and stateful NAT64

Click Here To Read Rest Of The Post...

World IPv6 Day

8th June, World IPv6 day will be celebrated across the globe. Companies are trying to push their content over IPv6 and test drive will work for 24 hours. This seems to be good initiative as all the companies are toddler in IPv6.
As per ISOC "The goal of the Test Flight Day is to motivate organizations across the industry – Internet service providers, hardware makers, operating system vendors and web companies – to prepare their services for IPv6 to ensure a successful transition as IPv4 addresses run out."


A list of Ipv6 enabler websites is available on ISOC website. Check the name of your company, if it is not there try to add and join the global IPv6 hands.
Click Here To Read Rest Of The Post...

APNIC IPv4 Exhaustion Information

APNIC delegates addressed the IPV4 exhaustion and trying to pass the message now we should move towards the era of IPv6. Read full story

APNIC IPv4 Exhaustion Timeline?
-------------------------------

Due to a large number of variables, the timeline for APNIC IPv4
exhaustion is not predictable with any assured accuracy. However, it is
the APNIC Secretariat's role to make as much information as possible
available to all stakeholders, so they may make their own assessments.

You can view the current APNIC IPv4 address pool, which is updated
daily:



Deploy IPv6 Now
---------------

If you are an APNIC Member, you can start your IPv6 deployment process
today with the APNIC Kickstart IPv6 program.



APNIC actively supports IPv6 deployment in the following ways:

- APNIC services and website are accessible over IPv6
- IPv6 addresses are readily available to Members
- APNIC provides IPv6 training courses
- IPv6 liaison services
- Regional IPv6 awareness initiatives

For more information click here to read how APNIC can assist you to deploy IPv6.

Click Here To Read Rest Of The Post...

IPv6 Packet Pusher Podcast

IPv4 addresses are vanishing drastically and organizations/IT heads need to think to start with IPv6. This is what the discussion held yesterday with packet pushers team. The discussion is very open and everyone is giving their feedback about the IPv6 migration strategies.
To know more about it listen to the podcast and provide your valuable comments.

Click Here To Read Rest Of The Post...

World IPv6 Day

On 8 June, 2011, http://googleblog.blogspot.com/2011/01/world-ipv6-day-firing-up-engines-on-new.html, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations that will offer their content over IPv6 for a 24-hour "test drive". The goal of the Test Drive Day is to motivate organizations across the industry – Internet service providers, hardware makers, operating system vendors and web companies – to prepare their services for IPv6 to ensure a successful transition as IPv4 addresses run out.
For more information click on world IPv6 Day and register your self.

Click Here To Read Rest Of The Post...

IPv6 Tutorial

Till now I have published various IPv6 tutorials on MPLS cloud. Those IPv6 tutorials tell about how to connect IPv6 sites overs MPLS cloud. Given is the list of the IPv6 MPLS Tutorials:-
1. IPv6 From MPLS
2. IPv6 Addressing Architecture For Service Providers
3. IPv6 Internet In VRF Over MPLS Cloud
4. IPv6 Internet in VRF Over IPv4 MPLS Cloud
5. Troubleshooting Command Difference Between VPNv4 and VPNv6

But I have not posted any good material on the basics of IPv6. I am planning to post some good tutorials of IPv6 subnetting. But in this post I am adding one of the IPv6 videos which clears all about the IPv6 w.r.t design and implementation.




Click Here To Read Rest Of The Post...

Top IPv6 Sites

This summary is not available. Please click here to view the post.
Click Here To Read Rest Of The Post...

Troubleshooting Command Difference Between VPNv4 and VPNv6

Few last posts (IPv6 Internet In VRF Over MPLS Cloud, IPv6 Addresing Architecture, IPv6 From MPLS But Not In VRF) are almost describing about IPv6 deployment. But currently most of the service providers are providing vpnv4 and every network operation engineer is well known to the troubleshooting and provisioning process. In this post, I am depicting about the basic command line difference between the configuration and troubleshooting of VPNv4 and VPNv6. Except vrf configuration rest all commands are same, only we need to use IPv6 instead if IPv4.

IPv4 aVpnv4 Commands	Ipv6 and VPNv6 Commands
Global Commands
Ip routing	Ipv6 unicat-routing
Ip cef	Ipv6 cef
Interface Specific Commands
Ip address	Ipv6 address
Ip vrf forwarding MPLSVPN	Vrf forwarding MPLSVPN
VRF Specific Commands
Ip vrf MPLSVPN Rd 1:1 Route-target both 1:1	vrf definition ABC  rd 1:1  route-target export 1:1  route-target import 1:1  !  address-family ipv4  exit-address-family  !  address-family ipv6  exit-address-family
router bgp 1  address-family vpnv4  exit-address-family !  address-family ipv4  exit-address-family ! address-family ipv4 vrf MPLSVPN  exit-address-family	router bgp 1  address-family vpnv6  exit-address-family !  address-family ipv6  exit-address-family ! address-family ipv6 vrf MPLSVPN  exit-address-family
Static Vrf Route
Ip route vrf MPLSVPN	ipv6 route vrf MPLSVPN /
Show vrf commands
Show ip vrf interface	Show vrf ipv6 interface
Show ip interface brief	Show ipv6 interface brief
Troubleshooting Command
Show ip bgp vpnv4 all summary Show bgp vpnv4 all summary	Show ip bgp vpnv6 unicast all summary Show bgp vpnv6 unicast all summary
Show bgp vpnv4 all	Show bgp vpnv6 unicast all
Show ip bgp vpnv4 vrf MPLSVPN	Show bgp vpnv6 unicast vrf MPLSVPN
Show mpls forwarding-table vrf MPLSVPN detail	Show mpls forwarding-table vrf MPLSVPN detail
Show ip cef vrf MPLSVPN	Show ipv6 cef vrf MPLSVPN
Ping vrf MPLSVPN	Ping vrf MPLSVPN ipv6
Traceroute vrf MPLSVPN	Traceroute vrf MPLSVPN ipv6

Click Here To Read Rest Of The Post...

IPv6 Internet in VRF Over IPv4 MPLS Cloud

In my recent post of IPv6 over MPLS, I have shown the high level design of serving IPv6 internet from existing MPLS cloud. The crucial advantage of using this type of design is to bypass IGP for IPv6. Definitely this design is having its own limitations and challenges but we are parallelly working on those problems also. Before moving ahead make sure you have better understanding of Penultimate Hop Popping (PHP) and basic concept of accessing internet in vrf.
I have added a document with full configuration and results of serving IPv6 internet in VRF Over IPv4 MPLS cloud.

Click Here To Read Rest Of The Post...

IPv6 Internet In VRF Over MPLS

In the previous post, I have used 6PE concept to access the IPv6 Internet over IPv4 MPLS VPN cloud through global routing table. But this post is little bit different from the previous one. In this post, I will be using IPv6 Internet VRF to serve the IPv6 internet over IPv4 MPLS cloud. The main advantage of using this model is that the entire IPv6 internet route will be a part of vrf but in IPv6 from MPLS post entire ipv6 traffic was a part of global route table. Provisioning of serving IPv6 internet will remain same as it happens in IPv4. For IPv4 internet provisioning in vrf please refer to post Provisioning Internet with Internet VRF. The only difference is that in IPv6 we need to use the address family VPNv6 and IPv6. Given depicted images shows the graphical flow of serving IPv6 internet in VRF over IPv4 MPLS cloud.

Figure 1 is depicted about the default route announcement in IPv6 Internet VRF and the same route is being forwarded by label 100 to the remote PE.

Figure 1

Figure 2 is depicting about the CPE IPv6 prefixes in IPv6 Internet VRF with label 200.

Figure 2

Figure 3 is depicting about the forwarding traffic in IPv6 Internet VRF from CPE to PE.

Figure 3

Figure 4 is depicting about the reverse traffic from IPv6 Internet cloud to IPv6 Internet VRF.

Figure 4

26DC33AXBVX7


Click Here To Read Rest Of The Post...

IPv6 Addressing Architecture For Service Providers

ARIN has given IPv6 addressing plan for service providers. The points of IPv6 allocation is given below:-

1. Separate address block for infrastructure from other uses (enterprise, loopbacks),it may be two /48s per PoP.
2. Each individual site should receive a /48 assignment which 65536 subnets (2^16).
3. Any prefixes shorter than /48 will only be assigned when there is written justification to show that this prefix will meet the RIR HD ratio guidelines within 5 years.
4. Each PoP is a site therefore assign a /48 for infrastructure.
5. No subnets will use prefixes longer than /64.
6. Assign a /64 per LAN / VLAN / subnet.
7. The enterprise network should receive a prefix sufficient to provide a /48 allocation for each site (office/campus/PoP) at which the company has employees or systems.
8. If you need private addresses, generate a ULA prefix as defined in RFC 4193.
Source:- ARIN WIki

Click Here To Read Rest Of The Post...

IPv6 From MPLS

If the service provider is having MPLSVPN backbone and would like to serve IPv6 internet; In that case with the help of MP-iBGP this objective can be achieved with no infrastructure changes. This technique is also known as 6PE. Given depicted figure 1 shows the MPLS VPN ip4 cloud with ldp as label distribution protocol and OSPF is implemented as IGP. Edge routers PE1 and PE2 are configured as dual stack router which supports both IPv4 as well as IPv6 addressing. Both edge routers are configured with IPv6 - MP-iBGP with route reflector router. A default IPv6 route is configured on PE2 towards IPv6 Internet Cloud. PE2 is advertising default IPv6 route to RR with label 100 as next hop PE2 ipv4 BGP router id. The same default IPv6 route is installed on PE1 with outgoing IPv6 label 200 with PE2 BGP IPv4 router-id as next hop address.

Figure 1

In the given depicted figure 2, 6CE is wants to access the IPv6 Internet backbone. So a static point to point peering is configured with PE1. 6CE is having a default route towards PE1 and PE1 is having IPv6 route of 6CE loopback which is 2001::ABCD::1/64. The 6CE static route is advertised by PE1 to RR with label 200 as PE1 BGP IPv4 address as next hop address. The same route is being received by PE2.

Figure 2

In the given depicted figure 3,

Figure 3

It shows the pictorial view of forwarding traffic from 6CE to IPv6 Internet cloud. The traffic is first forwarded towards PE 1 which appends the IPv6 label 100 for destination 2001::1::1 and label 20 for the next hop address which is PE2 BGP router id. Then the traffic next moves to IPv4-P1 router which only swaps the topmost 20 label to 21 and forwards towards IPv4-P4/RR router. RR swaps the topmost label 21 to 22 and forwards to the next hop which is IPv4-P2. IPv4 performs the PHP (Penultimate Hop Popping) function and forwards the traffic with IPv6 label towards PE2. PE2 removes the all label and forwards the traffic to IPv6 internet cloud. The main advantage of using MP-iBGP is that the 6CE customers can access the IPv6 internet cloud by using the existing IPv4 cloud. By using LDP IPv6 route becomes hide as in legacy VPNv4, so the core routers doesn’t know about the IPv6 route and only look for the next hop address which is reachable by IGP.

Figure 4 shows the reverse traffic from IPv6 Internet cloud to 6CE.

Figure 4

By using the above mentioned technique, service provider need to use OSPF or IS-IS for IPv6. Also refer to my previous post about the selection of IGP protocol.
Click Here To Read Rest Of The Post...

Which Protocol Is Used As IGP For IPv6?

Selection of IGP for IPv6 is agnostic for dual stack scenarios in mpls vpn backbones or ip backbones. Everyone is having a question that we are using OSPF as IGP for IPv4, which protocol is used as IGP for IPv6. No one is actually putting light which one is best for IPv6 where in OSPF already deployed for IPv4 in most of the cases. During reading RFC 4029 “Selection and Analysis For Introducing IPv6 into SP Networks”, I found section 4.3.1 of IGP which is explicitly defining the protocols require for IGP in IPv6 deployments. According to RFC OSPFv3,IS-IS is used but CISCO is also providing IPv6 support for EIGRP and RIPng is clearly renounce. If we are using the same protocol for both IPv6 as well as for IPv6, it may lead to lot of the problems in case of instability of links because every time protocol has to calculate the path for each and every link. But in case of different protocols for IPv4 and IPv6, the problem in one protocol may not affect another but this requires lot of CPU as well as memory.

Possible combinations are as follows:
1. OSPFv2 for IPv4, IS-IS for IPv6 (only)
2. OSPFv2 for IPv4, OSPFv3 for IPv6
3. IS-IS for IPv4, OSPFv3 for IPv6
4. S-IS for both IPv4 and IPv6
When IS-IS is used for both IPv4 as well as for IPv6, the IPv6/IPv6 topologies must be convex, unless multiple-topology IS-IS extensions have been implemented.


Click Here To Read Rest Of The Post...

Establish IPv6 Peering

During the lab, one must look forward for ipv6 addresses for testing purposes. Tunnel Broker is the organisation which is providing free of cost tunnelling and bgp peering with them. Only need to provide the ipv4 address incase of tunnel and as number incase if bgp peering. Once its done, global ipv6 cloud is reachable free of cost. After creating ipv6 session, telnet to route-server.he.net and look for the show ipv6 route or show ipv6 bgp. Now ping ip addresses found in route server from your ipv6 tunnel router.

Click Here To Read Rest Of The Post...