1
Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks
presented by [email protected]
2007.05.14 tech3 R322
rfc 4554
2
VLAN Overview - 1
3rd floor
2nd floor
1st floor
SALES
ADMIN
ENG
physical LAN = A broadcast domain
3
VLAN Overview - 2
3rd floor
2nd floor
1st floor
SALES
ADMIN
ENG
physical LAN = A broadcast domain
!?
4
VLAN Overview - 3
3rd floor
2nd floor
1st floor
SALES ADMINENG
A VLAN = A broadcast domain = Logical network (subnet)
• Segmentation
• Flexibility
• Security
5
VLAN Operations - 1
Switch A
ADMINVLAN
SALESVLAN
ENGVLAN
Switch B
ADMINVLAN
SALESVLAN
ENGVLAN
• Each logical VLAN is like a separate physical bridge• VLANs can span across multiple switches
6
VLAN Operations - 2
• Each logical VLAN is like a separate physical bridge• VLANs can span across multiple switches• Trunks carries traffic for multiple VLANs
Trunk
Fast Ethernet
Switch A
ADMINVLAN
SALESVLAN
ENGVLAN
Switch B
ADMINVLAN
SALESVLAN
ENGVLAN
7
For a LAN environment…IPv6 host IPv6 hostIPv4 host IPv4 host
Layer 2 switch
IPv6 host IPv6 host IPv4 host IPv4 host
Can be treated as separate LANs
noise noise noisenoise
8
Routing works….
IPv6 host IPv4 host
Layer 2 switch
IPv6 only router
R1
IPv4 only router
R2
9
Separate to 2 domains
IPv6 host IPv6 hostIPv4 host IPv4 host
Layer 2 switch
IPv6 host IPv6 host IPv4 host IPv4 host
10
Pure IPv4/IPv6..
R
10 11 12 19
R
13 14 15 19 16 17 18 19
R
Data Link
Network
VLAN trunking
IPv6 hosts
Vlan 19
IPv4 only router IPv4 only router IPv6 only router
IPv6 hosts
Vlan 19
IPv6 hosts
Vlan 19
A case for providing pure IPv4 and pure IPv6 by using same physical link
11
Congruent IPv4 and IPv6 subnets
IPv6 hostIPv4 host
Dual stack router
IPv4 /IPv6
R
Layer 2 switch
Dual stack host
12
A mix of IPv4 and IPv6 Solutions
13
Cisco cmd: sh run int fa9/35
!interface FastEthernet9/35 description "R3-R0-1" no ip address switchport switchport access vlan 39 switchport mode accessend
14
Cisco cmd: sh run int vlan39
interface Vlan39 description "Computer Classroom" ip address 10.10.39.254 255.255.255.0 ip access-group 139 in ip helper-address 163.22.2.3 no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow ip igmp snooping querier ip policy route-map ADSL1!
15
Cisco cmd: show vlan
39 VLAN0039 active Fa9/35
41 VLAN0041 active Gi7/43
47 VLAN0047 active Fa9/24
80 VLAN0080 active Fa9/18
16
Example: Create vlan of Layer 2
17
Example: Delete vlan of Layer 2
18
Example: Delete vlan of Layer 2
19
Example: create a routing interface
20
Example: create a IPv6 routing interface
21
Example: assign an interface to a vlan
22
Example: assign an interface to a vlan
23取自 http://solomon.ipv6.club.tw/Course/IPv6/ch2.pdf page5
try to remember…..
24
Draft-ietf-ngtrans-isatap-13.txt
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
取自 www.ipv6.org.tw/seminar/92_v6_training/2a.ppt
RFC 4212
25
ISATAP
The primary function of ISATAP is to allow hosts that are multiple IPv4 hops away from an IPv6 router to participate in the IPv6 network by automatically tunneling IPv6 packets over IPv4 to the next-hop address.
Example: ISATAP host communicates with IPv6 host (no ISATAP support).
The ISATAP host is isolated in an IPv4 network whereas the IPv6 host is a IPv6 network
IPv4 IPv4 InfrastructureInfrastructure
HOST B ISATAPISATAPSupportedSupported
ISATAP IPv6 IPv6
NetworkNetwork
IPv6 HOST
取自 www.ipv6.org.tw/seminar/92_v6_training/2a.ppt
26
ISATAP
27
ISATAP
In the reverse direction, the ISATAP router automatically performs IPv6-in-IPv4 tunneling for packets from the native IPv6 host to the ISATAP host even though the native IPv6 host has no knowledge of the legacy IPv4 infrastructure or addressing architecture.
IPv4 IPv4 InfrastructureInfrastructure
HOST B ISATAPISATAPSupportedSupported
ISATAP IPv6 IPv6
NetworkNetwork
IPv6 HOST
取自 www.ipv6.org.tw/seminar/92_v6_training/2a.ppt
28
Construction of ISATAP addressISATAP interface identifier can be combined with any 64-bit prefix (including 6to4 prefixes) to form an RFC 2373 compliant IPv6 globally aggregatable unicast address.
IPv4 address inside EUI-64 interface identifier
::0:5EFE:A.B.C.D for IPv4 address A.B.C.D
The 0:5EFE portion is formed from the combination of the
Oganizational Unit Identifier (OUI) that is assigned to IANA,
and a type that indicates an embedded IPv4 address (FE).
Interface IdentifierPrefix
ISATAP Prefix Specially constructed EUI64 Interface ID
64-bits 64-bits
ISATAP Address Format
取自 www.ipv6.org.tw/seminar/92_v6_training/2a.ppt
29
ISATAP Address Example
If TYPE = 0xFF and TSE = 0xFE, TSD contains legacy EUI48 (TSE = 0xFF reserved by IEEE).If TYPE = 0xFE, TSE and TSD together contain embedded IPv4 address.
IPv4 address is: 140.173.129.3 routing prefix is: 3FFE:1A05:510:2412
ISATAP IPv6 address is:
OUI Extension ID24-bits 40-bits
EUI-64 Format Interface Identifier
00 00 5e TYPE TSE TSD
:0:5EFE:3FFE:1A05:510:2412 140.173.129.3
Link-local variant is: FE80::0:5EFE:140.173.129.3
Specially constructed EUI64 Interface IDSpecially constructed EUI64 Interface ID
取自 www.ipv6.org.tw/seminar/92_v6_training/2a.ppt
30
ISATAP OperationSimple Deployment Scenario of ISATAP (Hosts….)
The Automatic Tunneling Pseudo-Interface uses the link-local ISATAP address assigned to the interface as a source, and uses the last 32 bits in the source and destination IPv6 addresses (corresponding to the embedded IPv4 addresses) as the source and destination IPv4 addresses
FE80::5EFE:10.40.1.29IPv4 IPv4
InfrastructureInfrastructureIPv6Header
IPv6Data
IPv6Header
IPv6Data
IPv4Header
192.168.41.3010.40.1.29
FE80::5EFE:192.168.41.30
HOST A ISATAPISATAPSupportedSupported
HOST B ISATAPISATAPSupportedSupported
IPv6Header
IPv6Data
Src = FE80::5EFE:10.40.1.29Dst = FE80::5EFE:192.168.41.30
Src = FE80::5EFE:10.40.1.29Dst = FE80::5EFE:192.168.41.30
Src = 10.40.1.29Dst = 192.68.41.30
取自 www.ipv6.org.tw/seminar/92_v6_training/2a.ppt
31
ISATAP Operation
Simple Deployment Scenario of ISATAP (Routers…)
IPv6 IPv6 NetworkNetwork
IPv4 IPv4 NetworkNetwork
IPv6 in IPv4ISATAP
IPv6 HOST
ISATAP HOST
3FFE:1A05:5102412:5EFE:10.40.1.2910.40.1.29
IPv6Header
IPv6Data
3FFE:1A05:5102412:5EFE:192.168.41.25
192.168.41.25
IPv6Header
IPv6Data
IPv4Header
IPv6Header
IPv6Data
Src = 3FFE:1A05:5102412:5EFE:10.40.1.29Dst = 3FFE:3600:8::1
Src = 10.40.1.29Dst = 192.68.41.25
Src = 3FFE:1A05:5102412:5EFE:10.40.1.29Next = 3FFE:1A05:5102412:5EFE:192.168.41.25Dst = 3FFE:3600:8::1
取自 www.ipv6.org.tw/seminar/92_v6_training/2a.ppt
32
Thank you!