Managing Address Spaces with NAT and IPv6

Managing Address Spaces with NAT and IPv6

Transitioning to IPv6

The ability to scale networks for future demands requires a limitless supply of IP addresses and improved mobility. IP version 6 (IPv6) satisfies the increasingly complex requirements of hierarchical addressing that IP version 4 (IPv4) does not provide. IPv6 uses some different address types that make IPv6 more efficient than IPv4. This section describes the different types of addresses that IPv6 uses and how to assign these addresses. Transitioning to IPv6 from IPv4 deployments can require a variety of techniques, including an auto-configuration function. The transition mechanism you will use depends on the needs of your network. This section describes the different types of transition mechanisms for an IPv6 network.

Reasons for Using IPv6

The IPv4 address space provides approximately 4.3 billion addresses. Of that address space, approximately 3.7 billion addresses are actually assignable; the other addresses are reserved for special purposes such as multicasting, private address space, loopback testing, and research. Based on some industry figures as of January 1, 2007, about 2.407 billion of these available addresses are currently assigned to either end users or Internet service providers (ISPs). That leaves roughly 1.3 billion addresses still available from the IPv4 address space.

An IPv6 address is a 128-bit binary value, which can be displayed as 32 hexadecimal digits, as shown in the figure. It provides 3.4 * 1038 IP addresses. This version of IP addressing should provide sufficient addresses for future Internet growth needs. Figure 7-8 illustrates the differences between the address space for IPv4 and IPv6.

Figure 7-8 IPv4 and IPv6

In addition to its technical and business potential, IPv6 offers a virtually unlimited supply of IP addresses. Because of its generous 128-bit address space, IPv6 generates a virtually unlimited stock of addresses—enough to allocate more than 4.3 billion addresses (the entire IPv4 Internet address space) to every person on the planet.

The Internet will be transformed after IPv6 fully replaces IPv4. Many people within the Internet community have analyzed the issue of IPv4 address exhaustion and published their reports. However, the estimates of when IPv4 address exhaustion will occur vary greatly among the reports. Some predict IPv4 address exhaustion by 2008 or 2009, and others say it will not happen until 2013 or beyond. Nevertheless, IPv4 will not disappear overnight. Rather, it will coexist with and then gradually be replaced by IPv6.

The change from IPv4 to IPv6 has already begun, particularly in Europe, Japan, and the Asia-Pacific region. These areas are exhausting their allotted IPv4 addresses, which makes IPv6 all the more attractive and necessary. Some countries, such as Japan, are aggressively adopting IPv6. Others, such as those in the European Union, are moving toward IPv6, and China is considering building new networks dedicated for IPv6.

As of October 1, 2003, the U.S. Department of Defense mandated that all new equipment purchased be IPv6-capable. In fact, all U.S. government agencies must start using IPv6 across their core networks by 2008, and the agencies are working to meet that deadline. As these examples illustrate, IPv6 enjoys strong momentum.

IPv6 is a powerful enhancement to IPv4. Several features in IPv6 offer functional improvements. What IP developers learned from using IPv4 suggested changes to better suit current and probable network demands:

  • Larger address space: Larger address space includes several enhancements:
    • Improved global reachability and flexibility
    • The aggregation of prefixes that are announced in routing tables
    • Multihoming to several ISPs
    • Autoconfiguration that can include data link layer addresses in the address space
    • Plug-and-play options
    • Public-to-private readdressing end to end without address translation
    • Simplified mechanisms for address renumbering and modification
  • Simpler header: A simpler header offers several advantages over IPv4:
    • Better routing efficiency for performance and forwarding-rate scalability
    • No broadcasts and thus no potential threat of broadcast storms
    • No requirement for processing checksums
    • Simpler and more efficient extension header mechanisms
    • Flow labels for per-flow processing with no need to open the transport inner packet to identify the various traffic flows
  • Mobility and security: Mobility and security help ensure compliance with mobile IP and IPsec standards functionality. Mobility enables people with mobile network devices—many with wireless connectivity—to move around in networks:
    • Mobile IP is an Internet Engineering Task Force (IETF) standard that is available for both IPv4 and IPv6. The standard enables mobile devices to move without breaks in established network connections. Because IPv4 does not automatically provide this kind of mobility, you must add it with additional configurations.
    • In IPv6, mobility is built in, which means that any IPv6 node can use mobility when necessary. The routing headers of IPv6 make mobile IPv6 much more efficient for end nodes than mobile IPv4 is.
    • IPsec is the IETF standard for IP network security, available for both IPv4 and IPv6. Although the functionalities are essentially identical in both environments, IPsec is mandatory in the IPv6 protocol. IPsec is enabled on every IPv6 node and is available for use, making the IPv6
      Internet more secure. IPsec also requires keys for each party, which implies global key deployment and distribution.
  • Transition richness: You can incorporate existing IPv4 capabilities with the added features of IPv6 in several ways:
    • First, you can implement a dual-stack method, with both IPv4 and IPv6 configured on the interface of a network device.
    • Second, you can use tunneling, which will become more prominent as the adoption of IPv6 grows. A variety of IPv6 over IPv4 tunneling methods exist. Some methods require manual configuration, whereas others are more automatic.
    • Third, Cisco IOS Software Release 12.3(2)T and later include Network Address Translation-Protocol Translation (NAT-PT) between IPv6 and IPv4. This translation allows direct communication between hosts that use different versions of the IP protocol.
Understanding IPv6 Addresses

Colons separate entries in a series of 16-bit hexadecimal fields that represent IPv6 addresses. The hexadecimal digits A, B, C, D, E, and F that are represented in IPv6 addresses are not case sensitive.

IPv6 does not require explicit address string notation. Use the following guidelines for IPv6 address string notations:

  • The leading zeros in a field are optional, so 09C0 equals 9C0 and 0000 equals 0.
  • Successive fields of zeros can be represented as :: only once in an address.
  • An unspecified address is written as :: because it contains only zeros.

Using the :: notation greatly reduces the size of most addresses. For example, FF01:0:0:0:0:0:0:1 becomes FF01::1.

NOTEAn address parser identifies the number of missing zeros by separating the two parts and entering 0 until the 128 bits are complete. If two :: notations are placed in the address, there is no way to identify the size of each block of zeros.

Broadcasting in IPv4 results in a number of problems. Broadcasting generates a number of interrupts in every computer on the network and, in some cases, triggers malfunctions that can completely halt an entire network. This disastrous network event is known as a broadcast storm.

In IPv6, broadcasting does not exist. IPv6 replaces broadcasts with multicasts and anycasts. Multicast enables efficient network operation by using a number of functionally specific multicast groups to send requests to a limited number of computers on the network. The multicast groups prevent most of the problems that are related to broadcast storms in IPv4. The range of multicast addresses in IPv6 is larger than in IPv4. For the near future, allocation of multicast groups is not being limited.

IPv6 also defines a new type of address called an anycast address. An anycast address identifies a list of devices or nodes; therefore, an anycast address identifies multiple interfaces. Anycast addresses are like a cross between unicast and multicast addresses.

These addresses are designed for commonly used services such as DNS. Unicast sends packets to one specific device with one specific address, and multicast sends a packet to every member of a group. Anycast addresses send a packet to any one member of the group of devices with the anycast address assigned.

For efficiency, a packet that is sent to an anycast address is delivered to the closest interface—as defined by the routing protocols in use—that is identified by the anycast address, so anycast can also be thought of as a “one-to-nearest” type of address. Anycast addresses are syntactically indistinguishable from global unicast addresses because anycast addresses are allocated from the global unicast address space.

NOTE There is little experience with widespread, arbitrary use of Internet anycast addresses, and there are some known complications and hazards when using them in their full generality. Until more experience has been gained and solutions have been agreed upon for those problems, the following restrictions are imposed on IPv6 anycast addresses: (1) An anycast address must not be used as the source address of an IPv6 packet. (2) An anycast address must not be assigned to an IPv6 host; that is, it may be assigned to an IPv6 router only.

Several basic types of IPv6 unicast addresses exist: global, reserved, private (link-local and site-local), loopback, and unspecified. The sections that follow describe these address types in greater detail.

Global Addresses

The IPv6 global unicast address is the equivalent of the IPv4 global unicast address. A global unicast address is an IPv6 address from the global unicast prefix. The structure of global unicast addresses enables the aggregation of routing prefixes, which limits the number of routing table entries in the global routing table. Global unicast addresses that are used on links are aggregated upward through organizations and eventually to the ISPs.

Reserved Addresses

The IETF reserves a portion of the IPv6 address space for various uses, both present and future. Reserved addresses represent 1/256th of the total IPv6 address space. Some of the other types of IPv6 addresses come from this block.

Private Addresses

A block of IPv6 addresses is set aside for private addresses, just as is done in IPv4. These private addresses are local only to a particular link or site; therefore, they are never routed outside of a particular company network. Private addresses have a first octet value of “FE” in hexadecimal notation, with the next hexadecimal digit being a value from 8 to F.
These addresses are further divided into two types, based on their scope.

  • Site-local addresses, described further as follows:
    • These are addresses similar to RFC 1918, “Address Allocation for Private Internets,” in IPv4 today. The scope of these addresses is an entire site or organization. They allow addressing within an organization without needing to use a public prefix. Routers forward datagrams using site-local addresses within the site, but not outside the site, to the public Internet.
    • In hexadecimal, site-local addresses begin with FE and then C to F for the third hexadecimal digit. So, these addresses begin with FEC, FED, FEE, or FEF.
  • Link-local addresses, described further as follows:
    • The concept of link-local scope is new to IPv6. These addresses have a smaller scope than site-local addresses; they refer only to a particular physical link (physical network). Routers do not forward datagrams using link-local addresses, not even within the organization; they are only for local communication on a particular physical network segment.
    • These addresses are used for link communications such as automatic address configuration, neighbor discovery, and router discovery. Many IPv6 routing protocols also use link-local addresses.
Loopback Address

Just as in IPv4, a provision has been made for a special loopback IPv6 address for testing; datagrams sent to this address “loop back” to the sending device. However, IPv6 has just one address, not a whole block, for this function. The loopback address is 0:0:0:0:0:0:0:1, which is normally expressed using zero compression as ::1.

Unspecified Address

In IPv4, an IP address of all zeroes has a special meaning; it refers to the host itself and is used when a device does not know its own address. In IPv6, this concept has been formalized, and the all-zeroes address (0:0:0:0:0:0:0:0) is named the “unspecified” address. It is typically used in the source field of a datagram that is sent by a device that seeks to have its IP address configured. You can apply address compression to this address; because the address is all zeroes, the address becomes just ::.

Global unicast addresses are defined by a global routing prefix, a subnet ID, and an interface ID. The IPv6 unicast address space encompasses the entire IPv6 address range, with the exception of FF00::/8 (1111 1111), which is used for multicast addresses. The current global unicast address that is assigned by the Internet Assigned Numbers Authority (IANA) uses the range of addresses that start with binary value 001 (2000::/3), which is 1/8 of the total IPv6 address space and is the largest block of assigned block addresses.

Addresses with a prefix of 2000::/3 (001) through E000::/3 (111) are required to have 64- bit interface identifiers in the extended universal identifier (EUI)-64 format. The IANA is allocating the IPv6 address space in the ranges of 2001::/16 to the registries. Figure 7-9 outlines the IPv6 format for a global unicast or anycast address.

Figure 7-9 IPv6 Address Format

The global unicast address typically consists of a 48-bit global routing prefix and a 16-bit subnet ID. Individual organizations can use a 16-bit subnet field called “Subnet ID” to create their own local addressing hierarchy and to identify subnets. This field allows an organization to use up to 65,535 individual subnets. For more information, refer to RFC 3587, “IPv6 Global Unicast Address Format,” which replaces RFC 2374.

IPv6 over Data Link Layers

IPv6 is defined on most of the current data link layer protocols, including the following protocols:

  • Ethernet*
  • PPP*
  • High-Level Data Link Control (HDLC)*
  • FDDI
  • Token Ring
  • Attached Resource Computer network (ARCnet)
  • Nonbroadcast multiaccess (NBMA)
  • ATM**
  • Frame Relay***
  • IEEE 1394
    * Cisco supports these data link layers.
    ** Cisco supports only ATM permanent virtual circuit (PVC), not switched virtual circuit (SVC) or ATM LAN Emulation (LANE).
    ***Cisco supports only Frame Relay PVC, not SVC.

An RFC describes the behavior of IPv6 in each of these specific data link layers, but Cisco IOS Software does not necessarily support all of them. The data link layer defines how IPv6 interface identifiers are created and how neighbor discovery deals with data link layer address resolution.

Larger address spaces make room for large address allocations to ISPs and organizations. An ISP aggregates all the prefixes of its customers into a single prefix and announces the single prefix to the IPv6 Internet. The increased address space is sufficient to allow organizations to define a single prefix for their entire network. Figure 7-10 shows how this aggregation occurs.

Figure 7-10 IPv6 Address Aggregation

Aggregation of customer prefixes results in an efficient and scalable routing table. Scalable routing is necessary to expand broader adoption of network functions. Scalable routing also improves network bandwidth and functionality for user traffic that connects the various devices and applications.
Internet usage—both now and in the future—can include the following elements:

  • A huge increase in the number of broadband consumers with high-speed connections that are always on
  • Users who spend more time online and are generally willing to spend more money on communications services (such as downloading music) and high-value searchable offerings
  • Home networks with expanded network applications such as wireless VoIP, home surveillance, and advanced services such as real-time video on demand (VoD)
  • Massively scalable games with global participants and media-rich e-learning, providing learners with on-demand remote labs or lab simulations
Assigning IPv6 Addresses

Interface identifiers in IPv6 addresses are used to identify interfaces on a link. They can also be thought of as the “host portion” of an IPv6 address. Interface identifiers are required to be unique on a specific link. Interface identifiers are always 64 bits and can be dynamically derived from a Layer 2 media and encapsulation. There are several ways to assign an IPv6 address to a device:

  • Static assignment using a manual interface ID
  • Static assignment using an EUI-64 interface ID
  • Stateless autoconfiguration
  • DHCP for IPv6 (DHCPv6)
Manual Interface ID Assignment

One way to statically assign an IPv6 address to a device is to manually assign both the prefix (network) and interface ID (host) portion of the IPv6 address. To configure an IPv6 address on a Cisco router interface and enable IPv6 processing on that interface, use the ipv6 address ipv6-address/prefix-length command in interface configuration mode.

To enable IPv6 processing on the interface and configure an address based on the directly specified bits, you will use the command demonstrated here:

EUI-64 Interface ID Assignment

Another way to statically assign an IPv6 address is to configure the prefix (network) portion of the IPv6 address and derive the interface ID (host) portion from the Layer 2 MAC address of the device, which is known as the EUI-64 interface ID.

To configure an IPv6 address for an interface and enable IPv6 processing on the interface using an EUI-64 interface ID in the low order 64 bits of the address (host), use the ipv6 address ipv6-prefix/prefix-length eui-64 command in interface configuration mode.
To assign the IPv6 address 2001:0DB8:0:1::/64 to Ethernet interface 0 and use an EUI-64 interface ID in the low order 64 bits of the address, enter the following commands:

Stateless Autoconfiguration

As the name implies, autoconfiguration is a mechanism that automatically configures the IPv6 address of a node. In IPv6, it is assumed that non-PC devices, as well as computer terminals, will be connected to the network. The autoconfiguration mechanism was introduced to enable plug-and-play networking of these devices, to help reduce administration overhead.

DHCPv6 (Stateful)

DHCP for IPv6 enables DHCP servers to pass configuration parameters such as IPv6 network addresses to IPv6 nodes. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to IPv6 stateless address autoconfiguration (RFC 2462), and it can be used separately or concurrently with IPv6 stateless address autoconfiguration to obtain configuration parameters.

Use of EUI-64 Format in IPv6 Addresses

The 64-bit interface identifier in an IPv6 address identifies a unique interface on a link. A link is a network medium over which network nodes communicate using the link layer. The interface identifier can also be unique over a broader scope. In many cases, an interface identifier is the same as, or is based on, the link-layer (MAC) address of an interface. As in IPv4, a subnet prefix in IPv6 is associated with one link. Figure 7-11 illustrates the IPv6 EUI-64 interface identifier.

Figure 7-11 IPv6 EUI-64 Interface Identifier

Interface identifiers in global unicast and other IPv6 address types must be 64 bits long and can be constructed in the 64-bit EUI-64 format. The EUI-64 format interface ID is derived from the 48-bit link-layer (MAC) address by inserting the hexadecimal number FFFE between the upper 3 bytes (Organizational Unique Identifier [OUI] field) and the lower 3 bytes (serial number) of the link layer address. To ensure that the chosen address is from a unique Ethernet MAC address, the seventh bit in the high-order byte is set to 1 to indicate the uniqueness of the 48-bit address. Stateless autoconfiguration is a key feature of IPv6. It enables serverless basic configuration of the nodes and easy renumbering.

Stateless autoconfiguration uses the information in the router advertisement messages to configure the node. The prefix included in the router advertisement is used as the /64 prefix for the node address. The other 64 bits are obtained by the dynamically created interface identifier, which in the case of Ethernet, is the modified EUI-64 format.

Routers periodically send router advertisements. When a node boots up, the node needs its address in the early stage of the boot process. It can be “long” to wait for the next router advertisement to get the information to configure its interfaces. Instead, a node sends a router solicitation message to the routers on the network asking them to reply immediately with a router advertisement so the node can immediately autoconfigure its IPv6 address. All the routers respond with a normal router advertisement message with the all-nodes multicast address as the destination address. Figure 7-12 illustrates stateless autoconfiguration.

Figure 7-12 Stateless Autoconfiguration

Autoconfiguration enables plug-and-play configuration of an IPv6 device, which allows devices to connect themselves to the network without configuration from an administrator and without servers, such as DHCP servers. This key feature enables deployment of new devices on the Internet, such as cellular phones, wireless devices, home appliances, and home networks.

NOTEStateless DHCP is a concept, developed in February 2004, that strikes a middle ground between stateless autoconfiguration and the thick-client approach of stateful DHCP. Stateless DHCP for IPv6 is also called “DHCP-lite.” See RFC 3736, “Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6.”

DHCPv6 is an updated version of DHCP for IPv4. It supports the addressing model of IPv6 and benefits from new IPv6 features. DHCPv6 has the following characteristics:

  • Enables more control than serverless or stateless autoconfiguration
  • Can be employed in an environment that uses only servers and no routers
  • Can be used concurrently with stateless autoconfiguration
  • Can be used for renumbering
  • Can be used for automatic domain name registration of hosts using dynamic DNS

The process for acquiring configuration data for a DHCPv6 client is similar to that in IPv4, with a few exceptions. Initially, the client must detect the presence of routers on the link by using neighbor discovery messages. If at least one router is found, then the client examines the router advertisements to determine if DHCPv6 should be used. If the router advertisements enable the use of DHCPv6 on that link or if no router is found, then the client starts a DHCP solicit phase to find a DHCP server.

DHCPv6 uses multicast for many messages. When the client sends a solicit message, it sends the message to the ALL-DHCP-Agents multicast address with link-local scope. Agents include both servers and relays.

When a DHCP relay forwards a message, it can forward it to the All-DHCP-Servers multicast address with site-local scope. This means that you do not need to configure a relay with all the static addresses of the DHCP servers, as in IPv4. If you want only specific DHCP servers to receive the messages, or if there is a problem forwarding multicast traffic to all the network segments that contain a DHCP server, a relay can contain a static list of DHCP servers.

You can configure different DHCPv6 servers, or the same server with different contexts, to assign addresses based on different polices. For example, you could configure one DHCPv6 server to give global addresses using a more restrictive policy, such as, “do not give addresses to printers.” You could then configure another DHCPv6 server, or the same server within a different context, to give site-local addresses using a more liberal policy, such as, “give to anyone.”

Routing Considerations with IPv6

IPv6 uses longest-prefix match routing just like IPv4 classless interdomain routing (CIDR) does. Many of the common routing protocols have been modified to handle longer IPv6 addresses and different header structures.

You can use and configure IPv6 static routing in the same way you would with IPv4. There is an IPv6-specific requirement per RFC 2461 that a router must be able to determine the link-local address of each of its neighboring routers to ensure that the target address of a redirect message identifies the neighbor router by its link-local address. This requirement means that using a global unicast address as a next-hop address with IPv6 routing is not recommended.

The Cisco IOS global command to enable IPv6 is ipv6 unicast-routing. You must enable IPv6 unicast routing before an IPv6-capable routing protocol, or an IPv6 static route, will work.

Routing Information Protocol next generation (RIPng) (RFC 2080) is a distance vector routing protocol with a limit of 15 hops that uses split horizon and poison reverse to prevent routing loops. RIPng includes the following features:

  • Is based on IPv4 Routing Information Protocol (RIP) version 2 (RIPv2) and is similar to RIPv2
  • Uses IPv6 for transport
  • Includes the IPv6 prefix and next-hop IPv6 address
  • Uses the multicast group FF02::9, the all-RIP-routers multicast group, as the destination address for RIP updates
  • Sends updates on UDP port 521
  • Is supported by Cisco IOS Release 12.2(2)T and later

Strategies for Implementing IPv6

The transition from IPv4 does not require upgrades on all nodes at the same time. Many transition mechanisms enable smooth integration of IPv4 and IPv6. Other mechanisms that allow IPv4 nodes to communicate with IPv6 nodes are available. All of these mechanisms are applied to different situations. Figure 7-13 shows how IPv6 hosts may have to travel across IPv4 networks during this transition.

Figure 7-13 IPv4-to-IPv6 Transition

The three most common techniques to transition from IPv4 to IPv6 are as follows:

  • Dual stack: Dual stack is an integration method in which a node has implementation and connectivity to both an IPv4 and IPv6 network. As a result, the node and its corresponding routers have two protocol stacks.
  • Tunneling: Several tunneling techniques are available:
    • Manual IPv6-over-IPv4 tunneling: An integration method in which an IPv6 packet is encapsulated within the IPv4 protocol. This method requires dual-stack routers.
    • Dynamic 6to4 tunneling: A method that automatically establishes the connection of IPv6 islands through an IPv4 network, typically the
      Internet. The 6to4 tunneling method dynamically applies a valid, unique IPv6 prefix to each IPv6 island, which enables the fast deployment of IPv6 in a corporate network without address retrieval from the ISPs or registries.
    • Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunneling: An automatic overlay tunneling mechanism that uses the underlying IPv4 network as a link layer for IPv6. ISATAP tunnels allow individual IPv4 or IPv6 dual-stack hosts within a site to communicate with other such hosts on a virtual link, creating an IPv6 network using the IPv4 infrastructure.
    • Teredo tunneling: An IPv6 transition technology that provides host-tohost automatic tunneling instead of gateway tunneling. It is used to pass unicast IPv6 traffic when dual-stacked hosts (hosts that are running both IPv6 and IPv4) are located behind one or multiple IPv4 Network Address Translators.
  • Proxying and translation (NAT-PT): A translation mechanism that sits between an IPv6 network and an IPv4 network. The job of the translator is to translate IPv6 packets into IPv4 packets and vice versa.
    Dual stack is an integration method in which a node has implementation and connectivity to both an IPv4 and IPv6 network; thus, the node has two stacks, as illustrated in Figure 7-14.

Figure 7-14 Cisco IOS Dual Stack

You can accomplish this configuration on the same interface or on multiple interfaces. Features of the dual-stack method are as follows:

  • A dual-stack node chooses which stack to use based on the destination address. A dualstack node should prefer IPv6 when it is available. The dual-stack approach to IPv6 integration, in which nodes have both IPv4 and IPv6 stacks, will be one of the most commonly used integration methods. Old IPv4-only applications continue to work as before. New and modified applications take advantage of both IP layers.
  • A new application programming interface (API) is defined to support both IPv4 and IPv6 addresses and DNS requests. This new API replaces the gethostbyname and gethostbyaddr calls. A converted application can use both IPv4 and IPv6. An application can be converted to the new API while still using only IPv4.
  • Experience in porting IPv4 applications to IPv6 suggests that, for most applications, there is a minimal change in some localized places inside the source code. This technique is well known and has been applied in the past for other protocol transitions. It enables gradual application upgrades, one by one, to IPv6.

Cisco IOS Software Releases 12.2(2)T and later are IPv6-ready. As soon as you configure basic IPv4 and IPv6 on the interface, the interface is dual-stacked and forwards IPv4 and IPv6 traffic on that interface. Figure 7-15 shows an example of this configuration.

Figure 7-15 Dual-Stack Configuration

Using IPv6 on a Cisco IOS router requires the global configuration command ipv6 unicastrouting. This command enables the forwarding of IPv6 datagrams.

NOTE You must configure all interfaces that forward IPv6 traffic with an IPv6 address using the interface command ipv6 address IPv6-address [/prefix length].

Tunneling is an integration method in which an IPv6 packet is encapsulated within another protocol, such as IPv4. Figure 7-16 shows how IPv6 tunneling operates.

Figure 7-16 IPv6 Tunneling

When IPv4 is used to encapsulate the IPv6 packet, a protocol type of 41 is specified in the IPv4 header, and the packet has the following characteristics:

  • Includes a 20-byte IPv4 header with no options and an IPv6 header and payload.
  • Requires dual-stack routers. This process enables the connection of IPv6 islands without the need to also convert an intermediary network to IPv6. Tunneling presents these two issues:
    • The maximum transmission unit (MTU) is effectively decreased by 20 octets if the IPv4 header does not contain an optional field.
    • A tunneled network is often difficult to troubleshoot. Tunneling is an intermediate integration and transition technique that should not be considered a final solution. A native IPv6 architecture should be the ultimate goal.

In a manually configured tunnel, you configure the IPv4 and IPv6 addresses statically on the routers at each end of the tunnel. These end routers must be dual stacked, and the configuration cannot change dynamically as network and routing needs change. You must also properly set up routing to forward a packet between the two IPv6 networks.
Figure 7-17 illustrates the requirements for IPv6 tunnels.

Figure 7-17 IPv6 Tunnel Requirements

Tunnel endpoints can be unnumbered, but unnumbered endpoints make troubleshooting difficult. The IPv4 practice of saving addresses for tunnel endpoints is no longer an issue for IPv6.

Configuring IPv6

There are two basic steps to activate IPv6 on a router. First you must activate IPv6 traffic forwarding on the router, and then you must configure each interface that requires IPv6. By default, IPv6 traffic forwarding is disabled on a Cisco router. To activate IPv6 traffic forwarding between interfaces, you must configure the global command ipv6 unicastrouting. This command enables the forwarding of unicast IPv6 traffic.

The ipv6 address command can configure a global IPv6 address. The link-local address is automatically configured when an address is assigned to the interface. You must specify the entire 128-bit IPv6 address or specify to use the 64-bit prefix by using the eui-64 option. You can completely specify the IPv6 address or compute the host identifier (rightmost 64 bits) from the EUI-64 identifier of the interface. In the example shown in Figure 7-18, the IPv6 address of the interface is configured using the EUI-64 format.

Alternatively, you can completely specify the entire IPv6 address to assign an address to a router interface using the ipv6 address ipv6-address/prefix-length command in interface configuration mode.

NOTE The configuration of the IPv6 address on an interface automatically configures the link-local address for that interface.

You can perform name resolution from the Cisco IOS Software process in two ways:

  • It is possible to define a static name for IPv6 addresses using the command ipv6 host name [port] ipv6-address1 [ipv6-address2 . . . ipv6-address4]. You can define up to four IPv6 addresses for one hostname. The port option refers to the Telnet port that should be used for the associated host.
  • To specify the DNS server used by the router, use the ip name-server address command. The address can be an IPv4 or IPv6 address. You can specify up to six DNS servers with this command.
Configuring and Verifying RIPng for IPv6

The following paragraph describes the syntax of some commands that are commonly used to configure RIPng. The syntax is similar, if not identical, to their IPv4 counterparts. For RIPng, instead of using the network command to identify which interfaces should run RIPng, you use the command ipv6 rip tag enable in interface configuration mode to enable RIPng on an interface. The tag parameter that you use for the ipv6 rip enable command must match the tag parameter in the ipv6 router rip command.

NOTE Enabling RIP on an interface dynamically creates a “router rip” process if necessary.
Example: RIPng for IPv6 Configuration

Figure 7-18 shows a network of two routers. Router Y is connected to the default network. On both Router X and Router Y, “RT0” is a tag that identifies the RIPng process. RIPng is enabled on the first Ethernet interface of Router Y using the ipv6 rip RT0 enable command. Router X shows that RIPng is enabled on both Ethernet interfaces using the ipv6 rip RT0 enable command.

Figure 7-18 RIPng Configuration Example

More Resources

About the author


Leave a Comment