© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 3
IPv6 Fundamentals Why IPv6?
IPv6 is emerging to become the preferred Layer 3 protocol used on
the Internet
US government networks are already migrating from IPv4 to IPv6
IPv6 has unique traits which require a different approach to ADX
Layer 4-7 operations
Many of Brocade’s IP switching and routing platforms already offer
support for IPv6
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 4
IPv6 Fundamentals IPv6 Overview
IPv4s 32-bit address is unable to satisfy current networking needs:
– Volume of networking users
– Geographical needs
– Emerging applications
NAT provides temporary workaround for exhaustion of public IPv4
addresses
The IPv6 128-bit address allows for
340,282,366,920,938,000,000,000,000,000,000,000,000
addresses!
– IPv4 only allows for 4.3 billion
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 5
IPv6 Fundamentals Address Format
Uses new 128-bit address format
Composed of 8 fields of 16-bit hexadecimal values, separated by
colons (:)
Example IPv6 Address:
– 2001:0000:130F:0000:0000:00C0:876A:12EB
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 6
IPv6 Fundamentals Address Representation
An IPv6 address is 128 bits (eight 16-bit fields) in length and is represented in the colon hexadecimal notation. For example: – 2001:0000:130F:0000:0000:00C0:876A:12EB
Leading zeros in each 16-bit field are optional. The above address can be represented as: – 2001:0:130F:0:0:C0:876A:12EB
The double colon ( :: ) can represent 1 or more consecutive 16-bit fields of zero’s Examples: – 2001:0:130F::C0:876A:12EB
– 0:0:0:0:0:0:0:1 (loopback address) may be represented as ::1
– 0:0:0:0:0:0:0:0 (unspecified address) may be represented as ::
– 2001:0.0.0.0.0.0.1 may be represented as 2001::1
Note that a double colon may be used only once in an address. Below is an example of incorrect address format:
- 2001::130F::C0:876A:2EB
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 7
IPv6 Fundamentals Address Types
IPv6 defines three address types:
– Unicast: Identifies an interface of an individual node
– Multicast: Identifies a group of interfaces
– Anycast: Identifies a group of interfaces on different nodes; packets that are
sent to the anycast address go to the anycast group member node that is
physically closest to the sender
The table below shows IPv6 address types and their prefixes:
Address Type Usage Network Prefix (in hex)
Global unicast Publicly Unique Address (Routable) 2000::/3
Link-local unicast Used on Single Physical Link FE80::/10
Site-local unicast Similar to RFC1918 in IPv4 FEC0::/10
Multicast All Interfaces in Multicast Group FF00::/8
Loopback Logical IP Address of Device ::1/128
Unspecified Commonly for Static Default Routes ::/128
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 9
Configuring SLB Using IPv6 Configure IPv6 Real Servers
• Configuring IPv6 real servers is very similar to IPv4 servers. These
application servers are also either directly attached to the ADX or
Layer 2 connected
ADX> enable
No password has been assigned yet...
ADX# config term
ADX(config)# ipv6 enable
ADX(config)# ipv6 add 2002:a990:a00::a990:a0b/64
ADX(config)# server real rs61 2002:a0a:a00:0:0:0:a0a:ac9
ADX(config-rs-rs61)# port ftp
ADX(config-rs-rs61)# server real rs62 2002:a0a:a00:0:0:0:a0a:aca
ADX(config-rs-rs62)# port ftp
ADX(config-rs-rs62)# port http
ADX(config-rs-rs62)# port http keepalive
ADX(config-rs-rs62)# server real rs63 2002:a0a:a00:0:0:0:a0a:acb
ADX(config-rs-rs63)# port http
ADX(config-rs-rs63)# port http keepalive
ADX(config-rs-rs63)# exit
ADX# write memory
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 10
rs2(ftp, http)
10.10.10.202
rs62 (ftp, http)
2002:a0a:a00::a0a:aca
Configuring SLB Using IPv6 IPv4 and IPv6 Server Bindings
IPv4 virtual server cannot
be bound to IPv6 real
server address
IPv6 virtual server cannot
be bound to IPv4 real
server address
(v12.1 and earlier)
A single server can be a
Real Server for both IPv4
and IPv6
rs3 (http)
10.10.10.203
rs63 (http)
2002:a0a:a00::a0a:acb
rs1 (ftp)
10.10.10.201
rs61 (ftp)
2002:a0a:a00::a0a:ac9
vip1 (ftp)
169.144.10.100
vip61 (ftp)
2002:a990:a00::a990:a64
vip2 (http)
169.144.10.200
vip62 (http)
2002:a990:a00::a990:ac8
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 11
Configuring SLB Using IPv6 Configure IPv6 Virtual Servers
(config)# server virtual-name vip61 2002:a990:a00::a990:a64
(config-vs-vip61)# port ftp
(config-vs-vip61)# bind ftp rs61 ftp rs62 ftp
(config-vs-vip61)# server virtual vip62 2002:a990:a00::a990:ac8
(config-vs-vip62)# port ftp
(config-vs-vip62)# port http
(config-vs-vip62)# bind http rs62 http rs63 http
• After you define the actual
application server’s physical
addresses (real server), you then
need to configure
• The external application
server address on the ADX,
the external application
server is the virtual server
• It is the IP address or server
name to which client
browsers send requests
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 12
Configuring SLB Using IPv6 View the Final Configuration ADX 1000#show running-config
!
!
server real rs61 2002:a0a:a00::a0a:ac9
port ftp
!
server real rs62 2002:a0a:a00::a0a:aca
port ftp
port http
port http keepalive
port http url "HEAD /"
!
server real rs63 2002:a0a:a00::a0a:acb
port http
port http keepalive
port http url "HEAD /"
!
!
server virtual vip61 2002:a990:a00::a990:a64
port ftp
bind ftp rs61 ftp rs62 ftp
!
server virtual vip62 2002:a990:a00::a990:ac8
port http
bind http rs62 http rs63 http
!
ipv6 address 2002:a990:a00::a990:a0b/64
< Output Truncated >
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 13
Configuring SLB Using IPv6 “show server virtual” Command
ADX 1000# show server virtual
Virtual Servers Info
Name: vip61 State: Enabled IP:2002:a990:a00::a990:a64: 1
Pred: least-conn ACL-Id: 0 TotalConn: 0
VIP state: healthy
Port State Sticky Concur Proxy DSR CurConn TotConn PeakConn
---- ----- ------ ------ ----- --- ------- ------- --------
default enabled NO NO NO NO 0 0 0
ftp enabled NO NO NO NO 2 549 2
Name: vip62 State: Enabled IP:2002:a990:a00::a990:ac8: 1
Pred: least-conn ACL-Id: 0 TotalConn: 0
VIP state: healthy
Port State Sticky Concur Proxy DSR CurConn TotConn PeakConn
---- ----- ------ ------ ----- --- ------- ------- --------
default enabled NO NO NO NO 0 0 0
http enabled NO NO NO NO 1 1423 2
<output truncated>
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 14
Configuring SLB Using IPv6 “show server real” Command
ADX 1000# show server real
Real Servers Info
========================
State - ACT:active, ENB:enabled, FAL:failed, TST:test, SUS:suspect,
GDN:grace-dn, DIS:disabled, UNK:unknown, UNB:unbind,
AWU:await-unbind, AWD: await-shutdown
Name: rs61 State: Enabled IP:2002:a0a:a00:0:0:0:a0a:ac9: 1
Mac: 001a.4b7c.6b3e Weight: 1/1 MaxConn: 2000000
SrcNAT: not-cfg, not-op DstNAT: not-cfg, not-op Serv-Rsts: 0
Port St Ms CurConn TotConn Rx-pkts Tx-pkts Rx-octet Tx-octet Reas
---- -- -- ------- ------- ------- ------- -------- -------- ----
default UNB 0 0 0 0 0 0 0 0
ftp ENB 0 0 0 0 0 0 0 0
Server Total 0 0 0 0 0 0 0
Name: rs62 State: Active IP:2002:a0a:a00:0:0:0:a0a:aca: 1
Mac: 0023.3296.3fd1 Weight: 1/1 MaxConn: 2000000
SrcNAT: not-cfg, not-op DstNAT: not-cfg, not-op Serv-Rsts: 0
Port St Ms CurConn TotConn Rx-pkts Tx-pkts Rx-octet Tx-octet Reas
---- -- -- ------- ------- ------- ------- -------- -------- ----
default UNB 0 0 0 0 0 0 0 0
ftp ACT 0 1 549 2510 2375961 184725 581939487 0
http ACT 0 2 274 247 231 184502 57993 0
Server Total 0 0 0 0 0 0 0
<<Truncated>>
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 15
Configuring SLB Using IPv6 “show server bind” Command
ADX 1000# show server bind
Bind info
Virtual server: vip61 Status: enabled IP: 2002:a990:a00::a990:a64
ftp -------> rs61: 2002:a0a:a00:0:0:0:a0a:ac9, ftp (Failed)
rs62: 2002:a0a:a00:0:0:0:a0a:aca, ftp (Active)
Virtual server: vip62 Status: enabled IP: 2002:a990:a00::a990:ac8
http -------> rs62: 2002:a0a:a00:0:0:0:a0a:aca, http (Active)
rs63: 2002:a0a:a00:0:0:0:a0a:acb, http (Failed)
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 17
IPv6 Server Health Checks Startup Health Checks
Layer 2
– IPv6 neighbor solicitation message
Layer 3
– IPv6 ping
Layer 4 (TCP)
– Complete TCP 3-way handshake (same as IPv4)
Layer 4 (UDP)
– Sends garbage packet (same as IPv4)
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 18
IPv6 Server Health Checks Startup Health Checks — Layer 2-3
IPv6 Neighbor Discovery (ND) protocol
– All real servers are located using an ND Neighbor Solicitation message
unless they are designated as remote servers
– Unlike ARP in IPv4, the Neighbor Solicitation message is not
broadcast, but sent as a Layer 2 multicast to the servers solicited-node
multicast address as defined in the ND protocol
Send IPv6 ping only when:
– ND entry times out
– Time between last packet sent to server and last packet received
increases
– If no response to the ping, repeat at 2 second intervals
– 4 retries with no response then the server is marked as down
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 19
IPv6 Server Health Checks Startup Health Checks — Layer 4 (Same as IPv4)
After bind — Layer 4 or 7 health check to bring up application port
(application not known, uses Layer 4 health check)
TCP check — Based on the 3-way handshake
UDP — Sends a garbage packet
– If response with ICMP ―Port Unreachable‖, port is down
– If no response, assumes port is up
– Looks for ICMP port unreachable response to determine if the ADX
should take the port down
Layer 4 health checks for each service configured. Only works
when real server port is bound to a VIP port
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 20
IPv6 Server Health Checks Ongoing Health Checks — HTTP
More detailed checks on the Server’s ability
to respond to user’s request
– Layer 2 ND Solicitation and Layer 3 Pings
only validate that the Network stack is
responding, not if the service has failed
HTTP keepalives
– We need to know that the HTTP service is responding
properly
– Open a TCP session to the Server (TCP SYN)
ACK = OK, no ACK = Server is Suspect or Down
– Optionally do a HTTP GET or HEAD request and monitor the
return status
– Improper response or no response:
Take Server #2 out of the rotation for HTTP load balancing
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 21
Continuing IPv6 Leadership
Support for complete IPv6 server load balancing deployments
– IPv6 VIP IPv6 Real (SLB666)
– IPv6 VIP IPv4 Real (SLB664)
– IPv6 VIP IPv4 + IPv6 Real (SLB664+6)
– IPv4 VIP IPv6 Real (SLB446)
– IPv4 VIP IPv6 + IPv4 Real (SLB446+4)
NEW in 12.4
Complete IPv6 SLB: Migration, Translation and Address Preservation
IPv4 Clients
IPv
4
VIP
IPv6 Clients
IPv
6
VIP
IPv6 App Servers
Brocade
ADX
IPv4 App Servers
© 2010 Brocade Communications Systems, Inc.
All Rights Reserved. 22
Enabling End-to-end IPv6 Services Complete Service Provider IPv6 Solution
Brocade ADX
IPv4 servers
10 GbE Backbone
Brocade MLX
Central Office/ Head-end
Brocade MLX
Brocade CERs
IPv6 servers
1. Transformation and preservation: 1. Transformation and preservation: * SLB664, SLB446, SLB666* SLB664, SLB446, SLB666
3. IPv6 3. IPv6 peeringpeering
4. Dual4. Dual--stack,stack, tunneling,tunneling,
native IPv6native IPv6
IPv4
peer
IPv6
peer
IPv6 IPv6
SLBSLB
Brocade ADX NAT64NAT64
22. NAT Translation (NAT. NAT Translation (NAT6464))
Stateful NAT64: Content-side use-cases This uses NORMAL IPv6 DNS – it does NOT use or need DNS64
23
NAT64 Gateway (shown logically in-line; actually uses Routed topology)
Unchanged
IPv4
Resources IPv6 Clients
Rapid v6-enablement for existing v4 server farms & infrastructure
“Listening” on
IPv6 prefix
IPv4 dynamic
pool of source IPs
Unchanged
IPv4
Infrastructure
IPv6 Interoperability Use Case:
Authoritative
IPv6 DNS
Servers,
standard AAAA
IPv6
Internet
Stateless “NAT46” for Legacy IPv4-only devices Example: IPv4-only Set-Top Boxes requiring access to new IPv6 services,
or as a point solution to enable 3rd-parties during transition
24
NAT64 Gateway
Specifically
defined
IPv6 servers IPv4-only
(legacy)
clients
IPv6 Interoperability Use Case:
Enabling non-upgradeable IPv4-only Clients to Access New IPv6-only Resources
“Listening” on
static map of
IPv4 addresses
IPv6 prefix for
outbound /
inbound
mapping
Native IPv6 passes
through unchanged (optional)
IPv4 DNS
w/map
table
IPv6
networks
(internal or
Internet)