ipv4 to ipv6 transition at cisco: case specification, by srikanth narasimhan
DESCRIPTION
Cisco and Department of Telecommunication (DoT) organized the India IPv6 Launch Event- Switch to 6 on June 7th at New Delhi. The overwhelming presence of senior C-level officers clearly indicated the importance of IPv6 as a topic of national importance and indicated that there is a need to fill the knowledge gaps and DoT and Cisco’s proactive initiative was welcomed by the industry.TRANSCRIPT
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
Srikanth Narasimhan,
Distinguished IT Engineer, Cisco Systems
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
The Global Cisco Family 300 locations in 90 countries
450+ buildings
51 data centers and server rooms
1500+ labs world wide (500+ in San Jose)
66,000+ Employees
20,000 Channel Partners
110+ Application Service Providers
210+ Business and Support Development Partners
Over 180,000 people around the world in the extended Cisco
family Estimated Numbers
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 3
Massively distributed
Blurring of Edge & Core IT
Instant business
Work @ home
Profitable interactions
Grassroots
innovation
Personalization
Consumer within
Virtualized, Secure Real-time
Information
Borderless Enterprise
Empowered User
Common Issues to Solve
Escalating User Expectations
Compliance and Security
Global Scalability
Infrastructure Quality and High Availability
Speed to Deployment Flexible Capacity,
Power and Cooling
Growth, Productivity and
Innovation
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Business and IT Drivers for IPv6 • Enterprise Business Drivers
Corporate Growth in the face of IPv4 address depletion in the future – depletion on the outside vs inside
Partners/business ecosystem requirements
Regulatory compliance
• IT Goals cisco.com IPv6 Internet presence
Enable ubiquitous IPv6-enabled user access in the network
End to end IPv6 (Dual Stack)
• Cisco Business Drivers Cisco on Cisco
IPv6 leadership and mindshare/product and solution readiness
Enable IPv6 Infrastructure for development and testing
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Architecture for Agile Delivery of the Borderless Experience
BORDERLESS
INFRASTRUCTURE
Application Networking/ Optimization
Switching Security Routing Wireless
BORDERLESS
NETWORK
SYSTEMS
BORDERLESS
NETWORK
SERVICES
BORDERLESS
END-POINT/
USER SERVICES Securely, Reliably, Seamlessly: AnyConnect
Mobility:
Motion
App
Performance:
App Velocity
Energy
Management:
EnergyWise
Multimedia
Optimization:
Medianet
Security:
TrustSec
Unified Fabric
Extended Cloud
Extended Edge
Unified Access
POLICY
MANAGEMENT
SMART SERVICES: PROFESSIONAL AND TECHNICAL
Realize the Value of Borderless Networks Faster
APIs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Tunneling
Services
Connect Islands of IPv6 or IPv4
IPv4 over IPv6 IPv6 over IPv4
Dual Stack
Recommended Enterprise Co-existence strategy
Translation Services
Connect to the IPv6 community
IPv4
IPv6
Business Partners
Internet consumers
Remote Workers
International Sites
Government Agencies
IPv6
IPv4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
DC
(Compute,
Storage,
VDI)
Client
Access
(PCs) Printers
VOIP,
Collaboration
Devices &
Gateways
Sensors &
Controllers
DNS &
DHCP
Load
Balancing &
Content
Switching
Security
(Firewall &
IDS/IPS)
Content
Distribution
Optimization
(WAAS, SSL
Acceleration)
VPN
Access
IP Services (QoS, Multicast, Mobility, Translation)
Hardware
Support Connectivity
IP
Addressing
Routing
Protocols Instrumentation
Infrastructure Device Enablement
Networked Infrastructure Services
Basic Network Infrastructure
Sta
ff Tra
inin
g &
Op
era
tion
s
Ro
ll-Ou
t Rele
ases &
Pla
nn
ing
CS
PO
Secu
rity In
sp
ectio
n &
Mo
nito
ring
(IP
Pro
tectio
n, N
IDS
, Ne
tFlo
w, W
SA
, WA
F, P
en
testin
g)
Middleware and Databases
Application Environments
Mobility,
ASP Integration
(Salesforce.com)
Internal Apps
(CEC, IWE, etc.)
Cisco.com
and DMZ
Apps
Web Servers
(Apache, IIS)
Application Servers
(Weblogic/ Liferay)
Middleware
(Messaging,
Web Services
Gateway)
Databases (Oracle,
MY SQL, MS SQL)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Use case Special handling required
I store IP addresses in a database
IPv6 addresses are 128-bit hexadecimal, with colons separating the octets. IPv4 addresses are 32-
bit, written in decimal, with periods separating the octets. You may need to adjust your database
fields.
I store IP addresses in log files IPv6 addresses are longer. Your log files will grow faster.
My monitoring tools look at IP
address
IPv6 addresses are 128-bit hexadecimal, with colons separating the octets. IPv4 addresses are 32-
bit, written in decimal, with periods separating the octets. Your tools and analysis will need to
handle 2 address formats and lengths.
Also, since CSG datacenters will translate incoming IPv6 traffic to IPv4, the IPv4 address that the
back-end server will see is the IP address of our translation module. This might not meet the needs
of your monitoring tool. The tool might need the customer's IP address. If so, it is possible to pass
the original IPv6 address along as an X-Forwarded-For header.
I analyze IP addresses stored in a
database or a log file
IPv6 addresses are 128-bit hexadecimal, with colons separating the octets. IPv4 addresses are 32-
bit, written in decimal, with periods separating the octets. You will need to adjust your analysis to
handle both formats and to handle the longer length of IPv6.
Also, since CSG datacenters will translate incoming IPv6 traffic to IPv4, the IPv4 address that the
back-end server will see is the IP address of our translation module. This might not meet the needs
of your analysis. The analysis might need the customer's IP address. If so, it is possible to pass the
original IPv6 address along as an X-Forwarded-For header.
I identify a customer by his IP
address, or differentiate customers by
their IP addresses
Our datacenters will translate incoming IPv6 traffic to IPv4. The back-end server will see the same
IPv4 address for all IPv6 users. It is possible to pass the original IPv6 address along as an X-
Forwarded-For header. This will require some change in your product’s code.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Use case Special handling required
I use IP-based geo-location
The IP-based geo-location databases are not yet ready for IPv6. Contact your vendor to find out
their plans to provide IPv6 coverage.
In addition, our datacenters will translate incoming IPv6 traffic to IPv4. The back-end server will
see all IPv6 traffic as coming from our internal translator. It is possible to pass elements of the
original request along as an XFF header. This would require some change in your product’s code.
My product lets the user
connect to another product or
website
For example, Connect has a “Join Meeting” button to let the user use Meeting Center, and
www.webex.com has a link to Facebook. The other product or website might not support IPv6
traffic. You need to ensure graceful handling behind the scenes if it does not. The user should not
see an error message.
I block/blacklist an abuser’s IP
address
Our datacenters will translate incoming IPv6 traffic to IPv4. The back-end server will see all IPv6
traffic as coming from our internal translator, so this abuse management solution will not work
properly for IPv6 users. It is possible to pass elements of the original request along as an X-
Forwarded-For header. This would require some change in your product’s code.
I use 3rd-party utilities and
open-source code in my
product
Ensure that the 3rd-party utilities and open-source code handle IPv6 properly. If you are using an
old version, you will probably need to upgrade to a recent version. If the utility or open-source
code does not have a version that supports IPv6, then you will need to do development work.
My product is installed on the
end-user’s box (such as WebEx
Client)
A product installed on the end-user's box must be able to handle an IPv6 environment. The IPv6-
to-IPv4 translation module cannot help you because it's located at the datacenter.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Use case Special handling required
My product is used before the
traffic reaches our IPv6-to-
IPv4 translator
The product must be able to handle an IPv6 environment. The IPv6-to-IPv4 translation module
cannot help you because it's located at the datacenter.
My product uses Akamai or
other CDNs (content
distribution networks used for
caching popular content, etc.)
You will need to tell your CDN about your IPv6 plans. Akamai will enable v6 for you. Akamai
IPv6 functionality is opt-in, not automatic.
My users connect with mobile
devices
You will need to check that users with various mobile devices can access your application over
IPv6 as well as IPv4.
My application allows users to
directly connect to each other
(peer-to-peer communication)
IPv6 and IPv4 cannot directly communicate with each other -- they require an intermediary. This
traffic will need to route through the IPv6-to-IPv4 translation module in the datacenter. You will
need to make this appear to the user to be peer-to-peer communication, even though
communication between an IPv6 user and an IPv4 user is not actually peer-to-peer. Users should
not see an error message or functionality failure. It should not require the user to do any special
setup.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
• Dual Stack where we can, tunnel where we can’t
• Have a quick and scalable solution in hand to relieve delivery pressure
• Absorb cost in established upgrade process rather than rip and replace
• Rip and replace only where necessary (Fast track projects)
• Develop a short term (relief) plan and a long term (absorbed) plan
• Management via IPv4 with IPv6 Service Monitoring
• Ongoing Training and exposure for the teams
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Thank you.