ipv4 to ipv6 transition at cisco: case specification, by srikanth narasimhan

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

Srikanth Narasimhan,

Distinguished IT Engineer, Cisco Systems


The Global Cisco Family 300 locations in 90 countries

450+ buildings

51 data centers and server rooms

1500+ labs world wide (500+ in San Jose)

66,000+ Employees

20,000 Channel Partners

110+ Application Service Providers

210+ Business and Support Development Partners

Over 180,000 people around the world in the extended Cisco

family Estimated Numbers

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 3

Massively distributed

Blurring of Edge & Core IT

Instant business

Work @ home

Profitable interactions

Grassroots

innovation

Personalization

Consumer within

Virtualized, Secure Real-time

Information

Borderless Enterprise

Empowered User

Common Issues to Solve

Escalating User Expectations

Compliance and Security

Global Scalability

Infrastructure Quality and High Availability

Speed to Deployment Flexible Capacity,

Power and Cooling

Growth, Productivity and

Innovation


Business and IT Drivers for IPv6 • Enterprise Business Drivers

Corporate Growth in the face of IPv4 address depletion in the future – depletion on the outside vs inside

Partners/business ecosystem requirements

Regulatory compliance

• IT Goals cisco.com IPv6 Internet presence

Enable ubiquitous IPv6-enabled user access in the network

End to end IPv6 (Dual Stack)

• Cisco Business Drivers Cisco on Cisco

IPv6 leadership and mindshare/product and solution readiness

Enable IPv6 Infrastructure for development and testing


Architecture for Agile Delivery of the Borderless Experience

BORDERLESS

INFRASTRUCTURE

Application Networking/ Optimization

Switching Security Routing Wireless

BORDERLESS

NETWORK

SYSTEMS

BORDERLESS

NETWORK

SERVICES

BORDERLESS

END-POINT/

USER SERVICES Securely, Reliably, Seamlessly: AnyConnect

Mobility:

Motion

App

Performance:

App Velocity

Energy

Management:

EnergyWise

Multimedia

Optimization:

Medianet

Security:

TrustSec

Unified Fabric

Extended Cloud

Extended Edge

Unified Access

POLICY

MANAGEMENT

SMART SERVICES: PROFESSIONAL AND TECHNICAL

Realize the Value of Borderless Networks Faster

APIs


Tunneling

Services

Connect Islands of IPv6 or IPv4

IPv4 over IPv6 IPv6 over IPv4

Dual Stack

Recommended Enterprise Co-existence strategy

Translation Services

Connect to the IPv6 community

IPv4

IPv6

Business Partners

Internet consumers

Remote Workers

International Sites

Government Agencies

IPv6

IPv4


DC

(Compute,

Storage,

VDI)

Client

Access

(PCs) Printers

VOIP,

Collaboration

Devices &

Gateways

Sensors &

Controllers

DNS &

DHCP

Load

Balancing &

Content

Switching

Security

(Firewall &

IDS/IPS)

Content

Distribution

Optimization

(WAAS, SSL

Acceleration)

VPN

Access

IP Services (QoS, Multicast, Mobility, Translation)

Hardware

Support Connectivity

IP

Addressing

Routing

Protocols Instrumentation

Infrastructure Device Enablement

Networked Infrastructure Services

Basic Network Infrastructure

Sta

ff Tra

inin

g &

Op

era

tion

s

Ro

ll-Ou

t Rele

ases &

Pla

nn

ing

CS

PO

Secu

rity In

sp

ectio

n &

Mo

nito

ring

(IP

Pro

tectio

n, N

IDS

, Ne

tFlo

w, W

SA

, WA

F, P

en

testin

g)

Middleware and Databases

Application Environments

Mobility,

Email

ASP Integration

(Salesforce.com)

Internal Apps

(CEC, IWE, etc.)

Cisco.com

and DMZ

Apps

Web Servers

(Apache, IIS)

Application Servers

(Weblogic/ Liferay)

Middleware

(Messaging,

Web Services

Gateway)

Databases (Oracle,

MY SQL, MS SQL)


Use case Special handling required

I store IP addresses in a database

IPv6 addresses are 128-bit hexadecimal, with colons separating the octets. IPv4 addresses are 32-

bit, written in decimal, with periods separating the octets. You may need to adjust your database

fields.

I store IP addresses in log files IPv6 addresses are longer. Your log files will grow faster.

My monitoring tools look at IP

address


bit, written in decimal, with periods separating the octets. Your tools and analysis will need to

handle 2 address formats and lengths.

Also, since CSG datacenters will translate incoming IPv6 traffic to IPv4, the IPv4 address that the

back-end server will see is the IP address of our translation module. This might not meet the needs

of your monitoring tool. The tool might need the customer's IP address. If so, it is possible to pass

the original IPv6 address along as an X-Forwarded-For header.

I analyze IP addresses stored in a

database or a log file


bit, written in decimal, with periods separating the octets. You will need to adjust your analysis to

handle both formats and to handle the longer length of IPv6.

Also, since CSG datacenters will translate incoming IPv6 traffic to IPv4, the IPv4 address that the

back-end server will see is the IP address of our translation module. This might not meet the needs

of your analysis. The analysis might need the customer's IP address. If so, it is possible to pass the

original IPv6 address along as an X-Forwarded-For header.

I identify a customer by his IP

address, or differentiate customers by

their IP addresses

Our datacenters will translate incoming IPv6 traffic to IPv4. The back-end server will see the same

IPv4 address for all IPv6 users. It is possible to pass the original IPv6 address along as an X-

Forwarded-For header. This will require some change in your product’s code.



I use IP-based geo-location

The IP-based geo-location databases are not yet ready for IPv6. Contact your vendor to find out

their plans to provide IPv6 coverage.

In addition, our datacenters will translate incoming IPv6 traffic to IPv4. The back-end server will

see all IPv6 traffic as coming from our internal translator. It is possible to pass elements of the

original request along as an XFF header. This would require some change in your product’s code.

My product lets the user

connect to another product or

website

For example, Connect has a “Join Meeting” button to let the user use Meeting Center, and

www.webex.com has a link to Facebook. The other product or website might not support IPv6

traffic. You need to ensure graceful handling behind the scenes if it does not. The user should not

see an error message.

I block/blacklist an abuser’s IP

address

Our datacenters will translate incoming IPv6 traffic to IPv4. The back-end server will see all IPv6

traffic as coming from our internal translator, so this abuse management solution will not work

properly for IPv6 users. It is possible to pass elements of the original request along as an X-

Forwarded-For header. This would require some change in your product’s code.

I use 3rd-party utilities and

open-source code in my

product

Ensure that the 3rd-party utilities and open-source code handle IPv6 properly. If you are using an

old version, you will probably need to upgrade to a recent version. If the utility or open-source

code does not have a version that supports IPv6, then you will need to do development work.

My product is installed on the

end-user’s box (such as WebEx

Client)

A product installed on the end-user's box must be able to handle an IPv6 environment. The IPv6-

to-IPv4 translation module cannot help you because it's located at the datacenter.



My product is used before the

traffic reaches our IPv6-to-

IPv4 translator

The product must be able to handle an IPv6 environment. The IPv6-to-IPv4 translation module

cannot help you because it's located at the datacenter.

My product uses Akamai or

other CDNs (content

distribution networks used for

caching popular content, etc.)

You will need to tell your CDN about your IPv6 plans. Akamai will enable v6 for you. Akamai

IPv6 functionality is opt-in, not automatic.

My users connect with mobile

devices

You will need to check that users with various mobile devices can access your application over

IPv6 as well as IPv4.

My application allows users to

directly connect to each other

(peer-to-peer communication)

IPv6 and IPv4 cannot directly communicate with each other -- they require an intermediary. This

traffic will need to route through the IPv6-to-IPv4 translation module in the datacenter. You will

need to make this appear to the user to be peer-to-peer communication, even though

communication between an IPv6 user and an IPv4 user is not actually peer-to-peer. Users should

not see an error message or functionality failure. It should not require the user to do any special

setup.


• Dual Stack where we can, tunnel where we can’t

• Have a quick and scalable solution in hand to relieve delivery pressure

• Absorb cost in established upgrade process rather than rip and replace

• Rip and replace only where necessary (Fast track projects)

• Develop a short term (relief) plan and a long term (absorbed) plan

• Management via IPv4 with IPv6 Service Monitoring

• Ongoing Training and exposure for the teams


Thank you.

ipv4 to ipv6 transition at cisco: case specification, by srikanth narasimhan

Technology

store ip addresses

customers

original ipv6

ipv4 translation

ip address

translation

original request

ipv6 addresses