Translation is a different type of solution, allowing IPv6 devices to communicate with IPv4
devices, without requiring either to be dual stack.
Stateless IP/ICMP Translation (SIIT) translates IP header fields, and NAT Protocol Translation (NAT-PT) maps IPv6 addresses to IPv4 addresses. If IPv6 is used on the inside of a network and IPv4 is used on the outside, a NAT-PT device receives IPv6 traffic on its inside interface and replaces the IPv6 header with an IPv4 header before sending it to an outside interface. Reply traffic follows the mapping backwards, enabling two-way communication.
Good NAT implementations interpret application traffic and understand when IP information is included in the application data; NAT-PT inherits this capability. For example, DNS packets
include IP addresses; therefore, NAT-PT must recognize DNS traffic and change the IPv4
addresses into IPv6 addresses, and vice-versa.
IPv4 and IPv6 routing domains can also be connected using application-level gateways (ALG) or proxies. A proxy intercepts traffic and converts between the two protocols; it can increase the transmission speed by responding to some requests using information in its cache. A separate ALG is required to support each protocol, so this method only solves specific types of translation problems.
понедельник, 19 января 2009 г.
IPv6 tunneling
1) Manual
2) 6to4
3) Teredo
4) ISATAP
Manual
Another type of tunnel is called Teredo (also known as shipworm). Teredo encapsulates IPv6
packets in IPv4/UDP segments and works similarly to other tunnels but with the added benefit of
being able to traverse network address translation (NAT) devices and firewalls. Teredo is described
in RFC 4380, Teredo: Tunneling IPv6 over UDP through Network Address Translations (NAT).
ISATAP
ISATAP treats the IPv4 network as an NBMA network and allows an IPv4 private network to
incrementally implement IPv6 without upgrading the network. ISATAP is documented in RFC
4214, Intra-Site Automatic Tunnel Addressing Protocol (ISATAP).
2) 6to4
3) Teredo
4) ISATAP
Manual
Example configuration:
Router(config)# interface tunnel0
Router(config-if)# ipv6 address 2001:0:1:5::1/64
Router(config-if)# tunnel source 192.168.1.1
Router(config-if)# tunnel destination 192.168.2.1
Router(config-if)# tunnel mode ipv6ip
6-to-4 Tunnels
6-to-4 tunnels work similar to manual tunnels but are set up automatically.6-to-4 tunnels concatenate 2002::/16 with the 32-bit IPv4 address of the edge router, creating a 48-bit prefix.
Ex: The tunnel interface on Router A has
an IPv6 prefix of 2002:C0A8:501::/48, where C0A8:501 is the hexadecimal equivalent of
192.168.5.1, the IPv4 address of its interface in the IPv4 network.
Another type of tunnel is called Teredo (also known as shipworm). Teredo encapsulates IPv6
packets in IPv4/UDP segments and works similarly to other tunnels but with the added benefit of
being able to traverse network address translation (NAT) devices and firewalls. Teredo is described
in RFC 4380, Teredo: Tunneling IPv6 over UDP through Network Address Translations (NAT).
ISATAP
ISATAP treats the IPv4 network as an NBMA network and allows an IPv4 private network to
incrementally implement IPv6 without upgrading the network. ISATAP is documented in RFC
4214, Intra-Site Automatic Tunnel Addressing Protocol (ISATAP).
воскресенье, 18 января 2009 г.
Route Maps
■ Each route map statement has permit or deny permission. Traffic that matches a permit is
affected by the route map. Traffic that matches a deny, or does not find a match in the list, is
not affected by the route map.
■ Traffic that is not explicitly permitted is implicitly denied.
■ Each route map statement has zero or more match conditions. A statement without a match
applies to all traffic (like the any option in an access list).
пятница, 16 января 2009 г.
Route Redistribution
It is important to consider the following rules when redistributing between IP routing protocols:
■ If more than one routing protocol is running on a router, the routing table process will place
the route with the best administrative distance into the routing table.
■ Routing protocols can only redistribute routes they know. Thus, if RIP is being redistributed
into EIGRP, the routing table must have an entry for the RIP network.
■ When a route is redistributed, it inherits the default administrative distance of the new routing
protocol.
■ Redistributed routes are called external. External routes in EIGRP are given a different
(higher) AD, while OSPF tracks the route as external and prefers internal routes.
■ If more than one routing protocol is running on a router, the routing table process will place
the route with the best administrative distance into the routing table.
■ Routing protocols can only redistribute routes they know. Thus, if RIP is being redistributed
into EIGRP, the routing table must have an entry for the RIP network.
■ When a route is redistributed, it inherits the default administrative distance of the new routing
protocol.
■ Redistributed routes are called external. External routes in EIGRP are given a different
(higher) AD, while OSPF tracks the route as external and prefers internal routes.
Potential problems:
■ Routing loops because routers send routing information received from one autonomous
system back into the same autonomous system.
■ Suboptimal routing decisions are made because of the difference in routing metrics.
■ The convergence time increases because of the different technologies involved. If the routing
protocols converge at different rates, this might result in timeouts and the temporary loss of
networks.
■ The decision-making process and the information sent within the protocols might be
incompatible and not easily exchanged, leading to errors and complex configuration.
Control Methods:
■ Passive interfaces
■ Static routes
■ Default routes
■ The null interface
■ Distribute lists
■ Route maps
среда, 14 января 2009 г.
воскресенье, 11 января 2009 г.
IPv6 basics
IPv6 address format
-8 groups, 4 hex (16 each: 2001:0db8:0000:0000:0000:0000:1428:57ab
-::1/128 - loopback address
Address types
1)Link-local scope - адреса для коннективити внутри L2-домена только. Аналог 169.254.x.x в Windows. Позволяет обмен трафика без настроек внутри сабнета по IP.
-Генерится автоматом при включении хоста.
-Всегда начинается с FE80 (1111 1110 1000), потом 54 bit нулей и последние 64 bit - MAC address c внедренным внутри "FFFE" (Ex: 0019.D122.DCF3 ---> 0019.D1FF.FE22.DCF3 ).
MAC адрес преобразованный таким образом называется EUI-64 (Extended Universal Identifier 64-bit) и служит Interface ID
2) Unique/ Site-local scope - аналог private subnets. Внутренние адреса организации. Depricated ?
3) Global - глобальные адреса.
Address optimization rules:
1) Можно убирать нули идущие подряд
2001:0db8:0000:0000:0000:0000:1428:57ab
2001:0db8:0:0:0:0:1428:57ab
2001:0db8::1428:57ab
NOTE! Символ :: нормально интерпретируется только один раз. Тоесть нельзя полностью убрать нули в двух разделенных другими символами октетах !NOTE
2) Можно убирать ведущие нули
2001:0db8::1428:57ab
2001:db8::1428:57ab
Communication types
1) Unicast - one-to-one, same as IPv4
2) Multicast - same as IPv4, but broadcast now is a kind of multicast group "to all"
3) Anycast - one-to-closest. Фактически встроенный load-balancing. Можно назначить один адрес многим устройствам аля "виртуальный ip в hsrp " и отвечать будет ближайший к клиенту.
IPv6 configuration
-8 groups, 4 hex (16 each: 2001:0db8:0000:0000:0000:0000:1428:57ab
-::1/128 - loopback address
Address types
1)Link-local scope - адреса для коннективити внутри L2-домена только. Аналог 169.254.x.x в Windows. Позволяет обмен трафика без настроек внутри сабнета по IP.
-Генерится автоматом при включении хоста.
-Всегда начинается с FE80 (1111 1110 1000), потом 54 bit нулей и последние 64 bit - MAC address c внедренным внутри "FFFE" (Ex: 0019.D122.DCF3 ---> 0019.D1FF.FE22.DCF3 ).
MAC адрес преобразованный таким образом называется EUI-64 (Extended Universal Identifier 64-bit) и служит Interface ID
2) Unique/ Site-local scope - аналог private subnets. Внутренние адреса организации. Depricated ?
3) Global - глобальные адреса.
Address optimization rules:
1) Можно убирать нули идущие подряд
2001:0db8:0000:0000:0000:0000:1428:57ab
2001:0db8:0:0:0:0:1428:57ab
2001:0db8::1428:57ab
NOTE! Символ :: нормально интерпретируется только один раз. Тоесть нельзя полностью убрать нули в двух разделенных другими символами октетах !NOTE
2) Можно убирать ведущие нули
2001:0db8::1428:57ab
2001:db8::1428:57ab
Communication types
1) Unicast - one-to-one, same as IPv4
2) Multicast - same as IPv4, but broadcast now is a kind of multicast group "to all"
3) Anycast - one-to-closest. Фактически встроенный load-balancing. Можно назначить один адрес многим устройствам аля "виртуальный ip в hsrp " и отвечать будет ближайший к клиенту.
IPv6 configuration
(config)#ipv6 unicast-routing
(config)#ipv6 cef
(config-if)# ipv6 address [address]/[prefix] [eui-64]пятница, 9 января 2009 г.
Multicast basics
quick facts
-udp only
-224.0.0.0 - 239.255.255.255
|Client| -------|Switch|----------|Router|------|Internet|------|multicast server|
IGMP используется для организации подписки клиента к мультикаст группе. Служит своего рода source based routing protocol, для нахождения лучшего пути к источнику "вещания" ( например серверу видео stream)
Существует IGMPv3, наиболее используемым является IGMPv2
Если свитч не сконфигурирован для multicast, то по умолчанию он обрабатывает multicast traffic как броадкаст, тоесть рассылает всем.
Есть два метода поддержки multicast свитчом
1) Cisco Group Managment Protocol (CGMP) - cisco proprietary. Роутер по протоколу CGMP сообщает L2-свитчу, для каких маков пересылать трафик
2)IGMP snooping - Стандарт.Фактически весь функционал поддержки multicast переносится на свитч. Необходим L3 свитч. Если клиентов много, может создать сильную нагрузку на свитч.
Подписаться на:
Сообщения (Atom)