- •Contents
- •List of Figures
- •List of Tables
- •About the Author
- •Acknowledgements
- •Abbreviations
- •Introduction
- •1 Hardware Design
- •1.1 Separation of Routing and Forwarding Functionality
- •1.2 Building Blocks
- •1.2.1 Control Module
- •1.2.2 Forwarding Module
- •1.2.4 Stateful Failover
- •1.3 To Flow or Not to Flow?
- •1.4 Hardware Redundancy, Single Chassis or Multi Chassis
- •2 Transport Media
- •2.1 Maximum Transmission Unit (MTU)
- •2.1.1 Path MTU Discovery
- •2.1.2 Port Density
- •2.1.3 Channelized Interfaces
- •2.2 Ethernet
- •2.2.1 Address Resolution Protocol (ARP)
- •2.3 Asynchronous Transfer Mode (ATM)
- •2.4 Packet Over SONET (POS)
- •2.5.1 Intelligent Protection Switching
- •2.6 (Fractional) E1/T1/E3/T3
- •2.7 Wireless Transport
- •2.7.1 Regulatory Constraints
- •2.7.2 Interference
- •2.7.3 Obstructions
- •2.7.4 Atmospheric Conditions
- •3.1.1 Management Ethernet
- •3.1.2 Console Port
- •3.1.3 Auxiliary (Aux) Port
- •3.1.4 Remote Power Management
- •3.1.5 Uninterruptible Power Supplies (UPS)
- •3.2 Network Time Protocol (NTP)
- •3.3 Logging
- •3.4 Simple Network Management Protocol (SNMP)
- •3.4.1 SNMPv1, v2c and v3
- •3.5 Remote Monitoring (RMON)
- •3.6 Network Management Systems
- •3.6.1 CiscoWorks
- •3.6.2 JUNOScope
- •3.7.1 Concurrent Version System (CVS)
- •3.8 To Upgrade or Not to Upgrade
- •3.8.1 Software Release Cycles
- •3.9 Capacity Planning Techniques
- •4 Network Security
- •4.1 Securing Access to Your Network Devices
- •4.1.1 Physical Security
- •4.1.2 Authentication, Authorization and Accounting (AAA)
- •4.2 Securing Access to the Network Infrastructure
- •4.2.1 Authentication of Users, Hosts and Servers
- •4.2.2 Encryption of Information
- •4.2.3 Access Tools and Protocols
- •4.2.4 IP Security (IPsec)
- •4.2.5 Access Control Lists
- •4.2.6 RFC 1918 Addresses
- •4.2.7 Preventing and Tracing Denial of Service (DoS) Attacks
- •5 Routing Protocols
- •5.1 Why Different Routing Protocols?
- •5.2 Interior Gateway Protocols (IGP)
- •5.2.1 Open Shortest Path First (OSPF)
- •5.2.2 Authentication of OSPF
- •5.2.3 Stub Areas, Not So Stubby Areas (NSSA) and Totally Stubby Areas
- •5.2.4 OSPF Graceful Restart
- •5.2.5 OSPFv3
- •5.2.8 IS-IS Graceful Restart
- •5.2.9 Routing Information Protocol (RIP)
- •5.2.10 Interior Gateway Routing Protocol (IGRP) and Enhanced Interior Gateway Routing Protocol (EIGRP)
- •5.2.11 Diffusing Update Algorithm (DUAL)
- •5.2.12 Stuck-in-Active
- •5.2.13 Why use EIGRP?
- •5.3 Exterior Protocols
- •5.3.1 Border Gateway Protocol (BGP)
- •5.3.2 Authentication of BGP
- •5.3.3 BGP Graceful Restart
- •5.3.4 Multiprotocol BGP
- •6 Routing Policy
- •6.1 What is Policy For?
- •6.1.1 Who Pays Whom?
- •6.2 Implementing Scalable Routing Policies
- •6.3 How is Policy Evaluated?
- •6.3.2 The Flow of Policy Evaluation
- •6.4 Policy Matches
- •6.5 Policy Actions
- •6.5.1 The Default Action
- •6.5.2 Accept/Permit, Reject/Deny, and Discard
- •6.6 Policy Elements
- •6.7 AS Paths
- •6.9 Internet Routing Registries
- •6.10 Communities
- •6.11 Multi-Exit Discriminator (MED)
- •6.12 Local Preference
- •6.13 Damping
- •6.14 Unicast Reverse Path Forwarding
- •6.15 Policy Routing/Filter-Based Forwarding
- •6.16 Policy Recommendations
- •6.16.1 Policy Recommendations for Customer Connections
- •6.16.2 Policy Recommendations for Peering Connections
- •6.16.3 Policy Recommendations for Transit Connections
- •6.17 Side Effects of Policy
- •7 Multiprotocol Label Switching (MPLS)
- •7.2 Label Distribution Protocols
- •7.3 Tag Distribution Protocol (TDP)
- •7.4 Label Distribution Protocol (LDP)
- •7.4.1 LDP Graceful Restart
- •7.5.1 RSVP-TE Graceful Restart
- •7.6 Fast Reroute
- •7.7 Integrating ATM and IP Networks
- •7.8 Generalized MPLS (GMPLS)
- •8 Virtual Private Networks (VPNs)
- •8.1 VPNs at Layer 3
- •8.1.1 Layer 3 VPN (RFC 2547bis)
- •8.1.2 Generic Router Encapsulation (GRE)
- •8.1.3 IPsec
- •8.2 VPNs at Layer 2
- •8.2.1 Circuit Cross-Connect (CCC)
- •8.2.3 Martini (Layer 2 circuits)
- •8.2.4 Virtual Private Wire Service (VPWS)
- •8.2.5 Virtual Private LAN Service (VPLS)
- •8.2.6 Layer 2 Tunnelling Protocol (L2TP)
- •9.1 Design and Architectural Issues of CoS/QoS
- •9.2 CoS/QoS Functional Elements
- •9.2.3 Congestion Avoidance Mechanisms
- •9.2.4 Queueing Strategies
- •9.3 QoS Marking Mechanisms
- •9.3.1 Layer 2 Marking
- •9.3.2 Layer 3 QoS
- •9.3.3 MPLS EXP
- •9.4 Integrating QoS at Layer 2, in IP and in MPLS
- •9.4.1 DiffServ Integration with MPLS
- •10 Multicast
- •10.1 Multicast Forwarding at Layer 2
- •10.1.1 Multicast on Ethernet and FDDI
- •10.1.2 Multicast Over Token Ring
- •10.1.3 Internet Group Management Protocol (IGMP)
- •10.1.4 IGMP Snooping
- •10.1.5 PIM/DVMRP Snooping
- •10.1.6 Immediate Leave Processing
- •10.1.7 Cisco Group Management Protocol (CGMP)
- •10.2 Multicast Routing
- •10.2.1 Reverse Path Forwarding (RPF) Check
- •10.2.2 Dense Mode Protocols
- •10.2.3 Sparse Mode Protocols
- •10.2.4 Multicast Source Discovery Protocol (MSDP)
- •10.2.5 Multiprotocol BGP
- •10.2.6 Multicast Scoping
- •11.1 Evolution and Revolution
- •11.2 IPv6 Headers
- •11.3 IPv6 Addressing
- •11.3.1 Hierarchical Allocations
- •11.3.2 Address Classes
- •11.5 Domain Name System (DNS)
- •11.6 Transition Mechanisms
- •11.6.1 Dual Stack
- •11.6.3 Tunnelling IPv6 in IPv4
- •11.7 Routing in IPv6
- •11.7.2 OSPFv3
- •11.7.3 RIPng
- •11.7.4 Multiprotocol BGP
- •11.8 Multicast in IPv6
- •11.9 IPv6 Security
- •11.10 Mobility in IPv6
- •References
- •Index
11.6 TRANSITION MECHANISMS |
159 |
11.6TRANSITION MECHANISMS
It is clear that IPv6 is not going to supplant IPv4 in one hit on one ‘flag day’. So, if IPv6 is to be deployed in more than just isolated pockets, there must be mechanisms to operate both networks in parallel and to provide links between IPv6 ‘islands’ across the ‘sea’ of IPv4. There also must be a mechanism to provide connectivity between hosts using only IPv4 and those using only IPv6. Numerous mechanisms have been devised including dual-stack operation, Network Address Translation—Protocol Translation (NAT-PT) and IPv6 over various tunnelling mechanisms (e.g. IPv4, GRE, MPLS, etc.). Each has its benefits and disadvantages as described below.
11.6.1DUAL STACK
This mode of operation requires each interface to be configured with both an IPv4 and an IPv6 address. On this basis, each incoming packet is handled by the appropriate IP stack for the type of packet. In this mode, both networks are run in parallel. This is similar to running both IPX and IP on a single network. Neither protocol interferes with, or even recognizes the presence of the other.
While this does nothing for the conservation of IP addresses, this is the preferred method of running both IPv4 and IPv6 in a contiguous network and is almost certainly the mode in which most SPs will be operated. It provides native support to both protocols, thus IPv4 hosts use IPv4 to talk to other IPv4 hosts and similarly IPv6 hosts use IPv6 to talk to other IPv6 hosts. One downside is that this provides no inherent mechanism for translating between the two protocols. So IPv4 hosts cannot communicate with IPv6 hosts unless some external gateway mechanism between the two networks is provided.
11.6.2NETWORK ADDRESS TRANSLATION—PROTOCOL TRANSLATION
Having described the constraints of NAT, which have been used by many as a convincing argument for the development of IPv6, it seems somewhat ironic that one of the main mechanisms for joining the IPv4 and IPv6 worlds together is based on NAT-PT. NAT-PT is carried out by routers that support both IPv6 and IPv4. The fact that the hosts at each end of the conversation are not using the same version of IP is (or at least should be) totally opaque to the two hosts.
In addition to mapping the addresses in the headers of IP packets traversing the NATPT router, the router must also understand the protocols where IP addresses are carried within the data and, where appropriate, translate information within the data to match the mapping. For example, when a name server replies to a query from an IPv4-only host with an IPv6 address, the NAT-PT router must create the mapping between an IPv4 and the returned IPv6 address and then modify the DNS reply so that the IPv4-only host receives a DNS response containing IPv4 addresses.
160 |
IPv6 |
Finally, the mapping of IPv4 header information to IPv6 header information is not a simple task. It is not always possible to translate completely from one to the other.
The requirement for such interrogation of every packet traversing the NAT-PT router makes this process exceptionally CPU intensive. Any such process will inevitably limit the scaling of the network.
For all these reasons, it is better to use other transition mechanisms where such mechanisms are available.
11.6.3 TUNNELLING IPv6 IN IPv4
There are several mechanisms based on tunnelling of one sort or another. They include:
•configured IPv6 in IPv4 tunnels;
•automatic IPv6 in IPv4 tunnels;
•IPv6 in MPLS.
11.6.3.1 Configured IPv6 in IPv4 Tunnels
This was the first mechanism widely deployed for the connection of disparate IPv6 networks and formed the basis of the experimental 6bone. This mechanism requires the static configuration of tunnels at both ends. This is administratively time-consuming and also somewhat inefficient (a problem associated with any tunnelling due to the extra overhead of the encapsulating protocol).
11.6.3.2 Automatic IPv6 in IPv4 Tunnels
In order to overcome some of the administrative burden of configuring IPv6 in IPv4 tunnels, a scheme has been developed to use IPv4 compatible addresses to automatically tunnel IPv6 addresses through an IPv4 network. IPv4 compatible IPv6 addresses embed an IPv4 address into an IPv6 address. The last 32 bits of the address is actually represented as a standard dotted quad address of the form:
1234:5678:9ABC:DEF0:0000:0000:192.168.103.112
11.6.3.3 IPv6 in MPLS
Just as MPLS is capable of transporting IPv4 packets across networks not capable of forwarding them without the MPLS encapsulation, it is similarly capable of transporting IPv6 packets. The encapsulation of IPv6 packets is identical to that for IPv4 packets with the exception that there is a different label for IPv6 explicit null (2).