inside cisco it: making the leap to ipv6lisp.cisco.com/docs/cocrst-3464.pdf · inside cisco it:...

Inside Cisco IT: Making the Leap to IPv6 COCRST-3464

Khalid Jawaid

Member of Technical Staff

‟A session focused on the technical/business drivers, successes/challenges and lessons learned around Cisco IT's implementation of IPv6 on internal and customer-facing networks with an insight to how Cisco IT used LISP to accelerate their IPv6 deployment across regions where the architecture does not natively support IPv6 as a transport.

© 2014 Cisco and/or its affiliates. All rights reserved. COCRST-3464 Cisco Public

Visit Inside Cisco IT Booth!

4

Want to find out more?

Just turn up at the Cisco IT booth

Level 1 South, Mezzanine,

next to World of Solutions

Come & experience Cisco IT, talk to our

experts & download related content from the

Content Kiosk


EVENT OFFERINGS

“INSIDE CISCO IT” CASE STUDY SESSIONS. Check availability & register via Schedule Builder: http://cs.co/schedulebuilder

Wed 11:30 – Solving real network challenges using

SDN

Thu 11:30 – Evolving to a Cloud Ready Wide Area

Network

Thu 11:30 – The New, Automated, Virtualized Cisco IT

Data Center

Thu 14:30 – Application Centric Design for Cloud

Services

Tue 11:15 – Future Network Management &

Automation Strategy

Tue 11:5 – Engineering Solutions for Monitoring &

Investigations

Tue 16:45 – Making the Leap to IPv6

Wed 16:30 – Mobility Strategy

IT BOOTH DEMOS. Just turn up at the Cisco IT booth (Level 1 South, Mezzanine, next to World of Solutions)

Tue 16:45 – New Collaboration Tools Today &

Tomorrow

Wed 11:30 – Making Video the New Voice – a Cisco IT

Cookbook

Wed 14:30 – Cisco eStore Modernises Shopping &

Automation for IT Services & Mobile Apps

MISSED A PRESENTATION SESSION? Access recordings (including IT Management sessions) via Cisco Live Online. Search “Inside Cisco IT”: http://cs.co/ciscoliveonline

MEET THE ENGINEER. Connect & consult with those who design & develop Cisco IT solutions. Check availability & book slots via Schedule Builder: http://cs.co/schedulebuilder

onePK Traffic Steering

onePK Threat Detection and Mitigation

Cisco ONE ENC EasyQoS (Note: demo available at the

Cisco Campus)

LISP IPv6

Bring Your Own Device (BYOD)

Business Video

estore

ACE

Cisco Maps (Internet of Everything)

N/A

See how Cisco Technology Architectures are transforming IT

into a Service Organization.

Browse your IT Themes of interest below & learn from top Cisco IT experts who share practical

experience, strategies, lessons learned & business results.

IT Themes – “Inside Cisco IT”

Infrastructure Programmability

Data Center & Cloud Automation

Intelligent Networking Collaboration & Pervasive

Video

Developing smarter adaptive enterprise network

utilizing Cisco ONE/SDN & API technologies

Deploying cloud services & virtualization

solutions to simplify DC application provisioning

to reduce costs & achieve business agility

Building a secure network foundation to connect

anyone, anywhere, on any device, at any time

(IPv6, Network Mgmt, Mobility, Security, BYOD)

Enabling organizations to seamlessly

collaborate across borders, helping transform

business and productivity

http://cs.co/schedulebuilder

http://cs.co/ciscoliveonline

http://cs.co/schedulebuilder


ON DEMAND OFFERINGS

Infrastructure Programmability

Data Center & Cloud Automation

Intelligent Networking Collaboration & Pervasive

Video

Developing smarter adaptive enterprise network utilizing Cisco ONE/SDN & API technologies

Deploying cloud services & virtualization solutions to simplify DC application provisioning to reduce costs & achieve business agility

Building a secure network foundation to connect anyone, anywhere, on any device, at any time (IPv6, Network Mgmt,

Mobility, Security, BYOD)

Enabling organizations to seamlessly collaborate across borders, helping transform business and productivity

Find, Friend, Follow Cisco IT -

Case Study: EIGRP Implementation

Case Study: IPv6 Implementation

Case Study: Unified Access Network

Case Study: BYOD Overview

Case Study: Cisco Ironport

IT Method: Cloud Web Security (NEW!)

vBlog: SDN and Network Programmability

Blog: SDN, 1st 5 Use Cases for Cisco IT

Blog: SDN 101

Case Study: Application Migration

Case Study: Big Data

Case Study: CITEIS Gen 2

Case Study: Tidal Enterprise Scheduler & Big Data (NEW!)

Blog: Private Cloud Best Practices

Blog: CITEIS Private Cloud Use

IT Method: CITEIS (NEW!)

Case Study: WebEx Cloud Connected Audio

Case Study: UC on UCS

Blog: Making Video Calls Easy for Users

Blog: Why So Many CUCM Clusters

Blog: The Road to UC – Flexibility, Mobility, Simplicity (NEW!)

Blog: What is Cisco IT’s UC Global Cluster Architecture (NEW!)

http://cs.co/itblog http://cs.co/facebookciscoi t http://cs.co/twitterciscoit http://cs.co/youtubeciscoit

REQUEST A CISCO IT BRIEFING. For a deeper conversation with Cisco IT, please contact your local briefing centre: http://cs.co/ciscoitbriefing

See how Cisco Technology Architectures are transforming IT

into a Service Organization.

Browse your IT Themes of interest below & learn from top Cisco IT experts who share practical

experience, strategies, lessons learned & business results.

IT Themes – “Inside Cisco IT”

CISCO IT LIVE WEBINARS. Join Cisco IT experts for 1 hour sessions on Cisco IT’s strategy on a variety of topics.

Email [email protected] for upcoming webinars.

TOP CISCO IT CONTENT. Search for & Download Case Studies via our App, search "Cisco Customer Success Stories" from App Store, or from our website: http://cs.co/ciscoitonline

http://cs.co/itblog

http://cs.co/itblog

http://cs.co/facebookciscoit

http://cs.co/facebookciscoit

http://cs.co/twitterciscoit

http://cs.co/twitterciscoit

http://cs.co/youtubeciscoit

http://cs.co/ciscoitbriefing

http://cs.co/ciscoitbriefing

mailto:[email protected]





http://cs.co/ciscoitonline

http://cs.co/ciscoitonline


Agenda

Overview

– Introduction to Cisco IT

– Making the case for IPv6

– IPv6 Journey

– Target State

Preparation

Implementation Tracks

– Ubiquitous IPv6 Access

– IPv6 Internet Presence

LISP as an IPv6 Transition Mechanism

Lessons Learned

7


Cisco IT Network - Technology and People

8

More Than 180,000

People Worldwide in the

Extended Cisco Family

• 369 locations in 90 countries

• 450+ buildings

• 51 data centers and

server rooms

• 1500+ labs worldwide (500+ in San Jose)

• 66,000+ employees

• 30,000 contractors

• 20,000 channel partners

• 110+ application

service providers

• 210+ business and support

development partners


Cisco IT Global Tier One WAN Backbone

OC3 / STM1

OC12 / STM4

OC48 / STM16

Europe N. America ASIAPAC

New York

LAX

Sao Paulo

Orlando

Bangalore

LATAM Middle East

Tokyo

Singapore

Bangalore

Sydney

Amsterdam

London Brussels Shanghai

San Jose

RTP

Hong Kong

10GigE

9

Core BB/Campus

ASR1K - 532

C6k - 1700

4500-X - 50

C6k(L2) -1650

C4k(L2) - 291

Branch Office

ISR(3845) – 1778

ISR(3945) – 1265

3750* - 2912

3850 - 18

Evolving to a Cloud Ready

Wide Area Network Thursday, Jan 3011:30 AM - 1:00 PM

Dipesh Patel Snr IT Architect

Chris Herl Design Manager


IPv4 Exhaustion

10

APNIC RIPE ARIN LACNIC AFRINIC

IANA

19-04-11 14-09-12 13-01-15 17-02-15 17-01-22

https://ipv6.he.net/statistics/

http://www.potaroo.net/tools/ipv4/index.html

Date

0.8 0.85 1.3 1.4 3.34 % Left


IPv6

Making the Case for IPv6

11

Business Drivers

Leadership and Mindshare

Product Readiness

Internet Evolution

IT Drivers

Product Development and Testing

Continuity and Growth

Cisco On Cisco

Constraints

Maintain IPv4 SLA & Security Posture

Funding & Resourcing

Product & Service Gaps

Goals

IPv6 Internet Presence

Ubiquitous IPv6 Access


Cisco IT “Stack”

DC (Compute,

Storage, VDI)

Client

Access

(PCs) Printers

VOIP,

Collaboration

Devices &

Gateways

Sensors &

Controllers

DNS &

DHCP

Load Balancing

&

Content

Switching

Security

(Firewall &

IDS/IPS)

Content

Distribution

Optimization

(WAAS, SSL

Acceleration)

VPN

Access

IP Services (QoS, Multicast, Mobility, Translation)

Hardware

Support Connectivity

IP

Addressing

Routing

Protocols Instrumentation

Infrastructure Devices and Services

Network-embedded Services

Basic Network Infrastructure

Sta

ff Tra

inin

g &

Opera

tions

Security

Inspectio

n &

Monito

ring

Middleware and Databases

Application Environments

Mobility,

Email

ASP Integration

(Salesforce.com)

Internal Apps (CEC,

IWE, etc.)

Cisco.com

and DMZ

Apps

Web Servers

(Apache, IIS)

Application Servers

(Weblogic/ Liferay)

Middleware

(Messaging, Web

Services

Gateway)

Databases (Oracle, MY

SQL, MS SQL)

12


Setting IPv6 Scope

DC (Compute,

Storage, VDI)

Client

Access

(PCs) Printers

VOIP,

Collaboration

Devices &

Gateways

Sensors &

Controllers

DNS &

DHCP

Load Balancing

&

Content

Switching

Security

(Firewall &

IDS/IPS)

Content

Distribution

Optimisation

(WAAS, SSL

Acceleration)

VPN

Access

IP Services (QoS, Multicast, Mobility, Translation)

Hardware

Support Connectivity

IP

Addressing

Routing

Protocols Instrumentation

Infrastructure Devices

Network-embedded Services

Basic Network Infrastructure

Sta

ff Tra

inin

g &

Opera

tions

Security

Inspectio

n &

Monito

ring

Middleware and Databases

Application Environments

Mobility,

Email

ASP Integration

(Salesforce.com)

Internal Apps (CEC,

IWE, etc.)

Cisco.com

and DMZ

Apps

Web Servers

(Apache, IIS)

Application Servers

(Weblogic/ Liferay)

Middleware

(Messaging, Web

Services

Gateway)

Databases (Oracle, MY

SQL, MS SQL)

Pervasive IPv6 adoption

with IPv4 co-existence

13


Cisco IT’s IPv6 Target State

Ubiquitous IPv6 Access • Globalization

• Technology Leadership

• Product Development

Dual-Stack Enterprise

IPv6 Internet Presence • Internet Evolution

• Business Continuity

• Customers, partners,

employees IPv6 Internet

14


The IPv6 Journey – A High Level View

IPv4-only IPv4 and IPv6 co-exist IPv6-only

2014 2013 2012 2011 2010 2002-2009

Ubiquitous IPv6 Access (Inside-Out)

IPv6 Internet Presence (Outside-In) www.ipv6.cisco.com www.cisco.com

accessible over IPv6

Entire cisco.com platform


On-demand tunnel services

Dual stack “alpha” networks

Dual stack global core

Resilient tunnel services

Dual stack user

access (pilot)

Dual stack user access (prod)

Dual stack internal DC and apps

!

15


Agenda

Overview



– IPv6 Journey

– Target State

Preparation





Lessons Learned

16


Preparation

17

Cross

Functional

Collaboration

Assessment Architect &

Design

Address

Planning

Implementation

Strategy & Plan


IPv6

Preparation Cross Functional Collaboration

Example of the need for wide cross functional collaboration across IT on IPv6

Preparation and execution required participation of team members from 7 of 9 of CIO’s direct reports

18


Preparation

Cisco products, features

– Engaged Advanced Services for network IPv6 readiness report

Other vendors

Tools

– Security

– Network management

Service providers

Applications behind www.cisco.com

Assessment

19

http://www.cisco.com


Preparation

Architectural decisions

– Which routing protocol?

– SLAAC vs DHCPv6?

– Which IPv6 transition technologies?

– Code selection and qualification

Documentation

– Any new documentation required?

– Assess which existing designs are impacted and assign owners

– Extra review board resources

Architect and Design

20


Preparation

Address management tool support for IPv6

Established IPv6 Addressing policy

Hierarchical Model – Global, Regional, Sub-Regional and Site levels

Template-based addressing - easy for Implementation and Operations Teams

IPv6 Address Planning

21


/34 Global Level

(50% spares)

/35 - /36

per Region

/37 - /39

per Sub-Region

/40 per Campus

(256 Buildings)

/48 per Building/Branch

(16 PINs per Building/Branch)

PIN = Place In the Network A framework to classify functional areas of the network

eg, Lab, Desktop, DC, DMZ etc

/52 per PIN

(4096 Subnets / PIN)

Preparation IPv6 Address Planning

22



23

/52 /48 Building PIN

/64 Subnets / PIN

0 = Infra

1 = Desktop / Wireless

2 = Lab

3 = Guest

4 = Voice

D = Building DC

... etc 2001:0420:028C:1000::/52 - Desktop PIN

2001:0420:028C:1300::/64 – Desktop VLAN 300

2001:0420:028C:1301::/64 – Desktop VLAN 301

2001:0420:028C:2000::/52 - Lab PIN 2001:0420:028C:2001::/64 – Lab Subnet 1

2001:0420:028C:2002::/64 – Lab Subnet 2



24


Preparation

Long term plan that absorbs cost in established lifecycle process

Have a quick and scalable solution in hand to relieve delivery pressure

Rip and replace only where necessary (Fast track projects)

Management via IPv4 with IPv6 service monitoring

On going training and exposure for implementation and operations teams

25

“Dual stack where you can, tunnel where you can’t

and NAT only when you have no choice”

Implementation Strategy and Plan


Agenda

Overview



– IPv6 Journey

– Target State

Preparation





Lessons Learned

26




2014 2013 2012 2011 2010 2002-2009










Dual stack user

access (pilot)



!

27



Core to edge rollout

Multi-year plan absorbed into existing lifecycle management

– Simultaneous projects across Desktop, DC, Remote Access, iPoPs

– Accelerated deployment for select remote sites / services

Dual stacked services

– DNS, IP address management, DHCPv6

Routing protocol same as IPv4 - EIGRP

SLA same as IPv4

Long Term Plan - Dual Stack the Network

28


IPv6 Tunnel

Overlay

Ubiquitous IPv6 Access Short Term Plan – Tunnel Infrastructure

29

Building / Lab = Manual 6in4 tunnels

User = Anycast ISATAP

SLA same as IPv4

Dual stacked core + Global tunnel infrastructure


Ubiquitous IPv6 Access Dual Stack Deployment Status

30

85%

DMZ

Complete

In Process 100%

DCs

Complete

38%

DNS

Complete

In Process

49%

Offices

Complete

In Process


Ubiquitous IPv6 Access Dual Stack Deployment Status

31

71%

Labs

Complete

In Process100%

External E-mail

Complete



Google is seeing about 8% of traffic from Cisco using IPv6

Performance is increasing significantly

Adoption Metrics

Source: Google

32


Agenda

33

Overview



– IPv6 Journey

– Target State

Preparation





Lessons Learned




2014 2013 2012 2011 2010 2002-2009










Dual stack user

access (pilot)



!

34

35

24 hour IPv6 “test flight” 8th June 2011

http://www.internetsociety.org/ipv6/archive-2011-world-ipv6-day











World IPv6 Day

36

6to4 reverse proxy solution

Returned A and AAAA records for www.cisco.com

CDN

Production

Network

Non-production Sandbox

Network

WWW

6to4

Proxy HTTP/S

HTTP/S

IPv6

IPv4 DNS

http://www.cisco.com/


World IPv6 Day

Network traffic volume based on NetFlow data

– 1.11% of all traffic to/from www.cisco.com was IPv6

Support Cases

– No support cases for www.cisco.com related to World IPv6 Day

Our Experience

37

SanFrancisco

London Melbourne

IPv4 Latency

IPv6 Latency

IPv6 performance - Content served over IPv6 was NOT cached/accelerated by CDN. All content was served from a single origin in San Jose.


www.worldipv6launch.org 3000+ WEB sites, 50+ Operators, 4 RHG vendors

38

http://www.worldipv6launch.org


World IPv6 Launch @ Cisco

www.cisco.com

www.webex.com

home.cisco.com

39


http://www.webex.com

http://Home.cisco.com


Cisco’s IPv6 Web Presence Architecture for www.cisco.com

Cisco.com Web Servers

Server Load Balancer (ACE)

DMZ Network, Security, Proxy

Database

App Platforms

Data Centre Network

Svc

Assu

ran

ce

Middleware

Content IdM, Authz

AKAMAI

IPv6 IPv4 Internet

ww

w.c

isco.c

om

ww

w.c

isco.c

om

Model 1 – 6to4 Proxy at

Internet Edge

Dual Stack Component

IPv4-only Component

IPv4 Traffic Flow

IPv6 Traffic Flow

Legend

40


Model 1 – 6to4 Proxy

at Internet Edge



DMZ Network, Security

Database

App Platforms

Data Centre Network

Svc

Assu

ran

ce

Svc

Assu

ran

ce

Middleware

Content IdM, Authz

AKAMAI

IPv6 IPv4 Internet

ww

w.c

isco.c

om

ww

w.c

isco.c

om

Model 2 – SLB64





Database

App Platforms

Data Centre Network

Svc

Assu

ran

ce

Middleware

Content IdM, Authz

AKAMAI

IPv6 IPv4 Internet

ww

w.c

isco.c

om

ww

w.c

isco.c

om

41


Model 2 – SLB64 Model 3 – Dual Stack

Web Servers

IPv6 IPv4




Database

App Platforms

Data Centre Network

Internet

Svc A

ssu

ran

ce

S

vc

Assu

ran

ce

Middleware

Content IdM, Authz

AKAMAI

ww

w.c

isco.c

om

ww

w.c

isco.c

om



at Internet Edge




Database

App Platforms

Data Centre Network

Svc

Assu

ran

ce

Svc

Assu

ran

ce

Middleware

Content IdM, Authz

AKAMAI

IPv6 IPv4 Internet

ww

w.c

isco.c

om

ww

w.c

isco.c

om




Database

App Platforms

Data Centre Network

Svc

Assu

ran

ce

Middleware

Content IdM, Authz

AKAMAI

IPv6 IPv4 Internet

ww

w.c

isco.c

om

ww

w.c

isco.c

om

42



Model 2 – SLB64 Model 3 – Dual Stack

Web Servers

IPv6 IPv4




Database

App Platforms

Data Centre Network

Internet

Svc A

ssu

ran

ce

S

vc

Assu

ran

ce

Middleware

Content IdM, Authz

AKAMAI

ww

w.c

isco.c

om

ww

w.c

isco.c

om


at Internet Edge




Database

App Platforms

Data Centre Network

Svc

Assu

ran

ce

Svc

Assu

ran

ce

Middleware

Content IdM, Authz

AKAMAI

IPv6 IPv4 Internet

ww

w.c

isco.c

om

ww

w.c

isco.c

om




Database

App Platforms

Data Centre Network

Svc

Assu

ran

ce

Middleware

Content IdM, Authz

AKAMAI

IPv6 IPv4 Internet

ww

w.c

isco.c

om

ww

w.c

isco.c

om

43


Cisco’s IPv6 Web Presence Design for www.cisco.com

Intrusion Detection & Prevention

(IPS 4260)

Internet

Edge (ASR

1000)

6to4 Load Balancer

ACE 30 origin-www.cisco.com

2001:420:1101:1::a

Internet

IPv4 Load Balancer


72.163.4.161

IPv4 IPv6

IPv6

IPv4

Internal Edge

Firewall

(ASA 5585)

DMZ Core

(6500) DC Gateway

(N7000)

44









IPS 4260

ASR 1000 ACE 30 origin-www.cisco.com

2001:420:1101:1::a


72.163.4.161

www.cisco.co

m

www.cisco.com

ASA 5585

6500 N7000

Akamai

Internet

IPv4 IPv6

IPv6

IPv4

45









IPS 4260


2001:420:1101:1::a


72.163.4.161

ASA 5585

6500 N7000

Akamai

Internal

IPv6

IPv4

Internet

IPv4 IPv6

IPv6

IPv4

46









IPS 4260


2001:420:1101:1::a


72.163.4.161

ASA 5585

6500 N7000

Akamai

Internal

IPv6 IPv4 In-band HTTP/S probes for

monitoring availability and

performance over IPv6

Internet

IPv4 IPv6

IPv6

IPv4

47








Cisco’s IPv6 Web Presence Security

IPS 4260

ASR 1002

Internet

IPv6

IPv4

ASA 5585

6500 N7000 ACE30

ACE20

Firewall Policy

Anti-Spoofing

NetFlow v9

- forensic records

- Arbor (anomaly detection)

Firewall Policy

V6-only signatures

V4+V6 signatures

SLB64 Logging

BGP Blackhole

BGP Sinkhole (Arbor)

48


World IPv6 Launch Metrics for www.cisco.com

On June 6, 2012, IPv6 page views for www.cisco.com accounted for about 0.6% of all page views

As of April 1, 2013, this number had increased to 1%

Let’s compare this to what Google sees…

0.00%

0.20%

0.40%

0.60%

0.80%

1.00%

1.20%

0

100,000

200,000

300,000

400,000

500,000

600,000

700,000

800,000

20/05/2012

Pag

e V

iew

s

IPv6…IPv6…

Source: Cisco IT web analytics

49


Google Traffic Metrics Since World IPv6 Launch

50

Source: http://www.google.com/intl/en/ipv6/statistics.html


Agenda

51

Overview



– IPv6 Journey

– Target State

Preparation





Lessons Learned


Cisco IT LISP Use-case IPv6 Transition Support

52

IPv6 Deployment

strategy

Dual stack

Overlay

Long term plan that absorbs cost in

established lifecycle process

Have a quick and scalable solution in

hand to relieve delivery pressure

IPv6 deployment

challenges

Financial investment required Migration to L2 VPN

Anycast ISATAP Manual 6in4 Tunnel

Business Impact

Next-Generation overlay architecture

Locator/ID Separation Protocol

IPv4 only WAN Backbone

L3 MPLS VPN

Day-1 tunneling techniques

do not scale very well

Delayed deployment of IPv6

affects product development/testing

and IPv6 adoption.


Why LISP ?

Anycast ISATAP

End-Client centric solution

Support challenge

Manual 6in4 tunnels

Configuration overhead

Performance impact (Hub & Spoke)

Locator/ID Separation Protocol

Configuration & Troubleshooting simplicity

Any-to-any traffic flows

IPv4 exit-strategy (IPv4 over IPv6)

New capabilities (Mobility, Virtualization)

DMVPN

Potential routing challenges when multi-homing

Scalability concerns

Any-to-any traffic flows

Day-1 tunneling techniques Next-Generation overlay


Mapping System

Proxy Tunnel Router ASR1006

EMEAR LISP IPv6 Deployment overview

Cisco Managed CE

Map-Resolver, Map-Server, Proxy Ingress/Egress Tunnel Router

Cisco Managed CE Ingress/Egress Tunnel Router

IPSEC VPN Tunnel head-end

From an interim to permanent solution ?

“LISP allows us to postpone some of our WAN

migrations in locations where services are not

available or cost inefficient “

Tunnel Router ASR 1006 & ISR 3945

London Amsterdam

Carrier Managed

L3VPN MPLS Internet

Load Sharing Primary/Backup Primary/Backup

Cisco Enterprise Backbone Network DC Internet

DC

DC

DS3 DS3 DS3 E1 E1 BB

Dual Stack

Dual Stack

Geographically diverse

Standalone / Self-managed

Primary / Backup PxTR

Default Route / HSRPv6 to attract traffic

Load sharing defined by WAN topology

Liveliness features

RLOC route-loss detection

RLOC probing

Locator Status Bits (LSB)

Solicited Map-Request (SMR)

LISP IPv6 in IPv4

Cisco Remote Offices

IPv4 Only


Deployment Status

Istanbul

(Turkey)

Pilot Deployment (Completed September 2013)

Accelerated Deployment (Completed November 2013)

General Deployment (Target completion May 2014)

Greenpark

(UK)

Galway

(Ireland)

Munich

(Germany)

Vimercatie

(Italy)

Moscow

(Russia)

Dubai

(UAE)

80+ Remote Offices

7000+ end-users

3 Engineering Data Centers

Target = IPv6 configuration

automation via scripts !

LISP is the easy part !

1700 end-users

1300 IPv6 endpoints

+ 30 Mbps IPv6 peak BW

0 LISP related cases opened !!!

Internal LISP Design (Guidelines, Cut-sheet, test plan)

Resource training (Configuration & Troubleshooting)

Implementation (Test plan execution and monitoring)

Operational support

In numbers …


Lesson learned

Network convergence

Minor routing architecture changes required to match IPv4 convergence SLA

RLOC route-down detection provides fastest convergence (/32 Prefix leakage)

RLOC Probing detects all other failures

MTU handling

Only stateful fragmentation (pMTU) supported as per IPv6 best practices

Previous overlay solutions provided stateful fragmentation

Our LISP implementation uncovered some pMTU support problems

Feature Support

Most exciting capabilities/enhancements included in more recent versions of code


LISP across European MPLS Network

1

2

EID RLOC

2001:420:8000::/3

4

172.16.0.5

3

4

5

6

7

8


Agenda

58

Overview



– IPv6 Journey

– Target State

Preparation





Lessons Learned


Lessons Learned

Making the case

– Business case for IPv6 internet presence is simpler to articulate

– Business case for IPv6 on internal corporate network may be more difficult to justify

Cross functional effort across the IT Stack

– Starts with networking team taking the lead

– Early engagement of security team, infrastructure and application teams follow

Early planning is key

Absorb the IPv6 effort into existing network lifecycle management process

– Hardware upgrades

– Software image upgrades

– Configuration (automate where you can)

Creating The IPv6 Program

59


Lessons Learned

Network hardware, software, functionality

– Routers, server load balancers

– Wireless, switches

Network management and service assurance

– External and internal availability and performance monitoring

Security

– Firewalls, IDS/IPS, security event management and forensics logging

Product Support

60


Lessons Learned

The goal is security parity with IPv4

– User attribution (IPv6-to-MAC binding), custom Internal tools, third party vendors, incident response playbook, firewalls, anomaly detection, netflow, IDS, log data, pen testing, transparent proxy with anti-malware

Opportunities to improve security as IPv6 is introduced

– First hop security in our access networks

Unique security considerations with IPv6

– ICMPv6

– Privacy extensions for SLAAC

– Hop by hop extension header

Security

61


Lessons Learned

IPv6 requires NetFlow v9 – Some collectors cannot receive/process NetFlow v9

– Some routing platforms don’t support for both NetFlow v5 and NetFlow v9

– Some routing platforms are constrained to two export destinations

We had to shift NetFlow collection in our DMZ devices to deal with the constraints above

Use of NetFlow reflectors can bring some relief

Product Support - Netflow

62


Lessons Learned

Will the same SLA apply for IPv6?

Can the circuit that services the existing IPv4 connection be converted to dual-stack without the physical changes?

Are full IPv6 global routes available to end customers?

Is there an IPv6 “looking glass”?

Are there any restrictions on prefix advertisements?

What percentage of your IPv4 peers to you currently peer with for IPv6

Are you partitioned from any other major networks? (i.e. lacking global reach-ability to other major networks)

Service Provider Support - ISP

63

See http://docwiki.cisco.com/wiki/What_To_Ask_From_Your_Service_Provider_About_IPv6


Lessons Learned

ISPs

IP WAN providers

External content monitoring providers

Content distribution providers

Service Provider Support

64


Lessons Learned

Geo-location and web analytics Client_IpAddress := X-forwarded-for address first address;

If null then

Client_IpAddress := remoteAddress

end if;

use Client_IpAddress for IPCheck

Development, testing, and QA teams require IPv6 access

– How will they get IPv6 access from within the corporate network?

– Supports the business case for an internal corporate network IPv6 deployment

IPv6 Implications for Applications

65


Lessons Learned

Allow PMTUD across the network

– PMTUD allows devices to negotiate the MTU size between hosts

– PTB (Packet Too Big) messages must be permitted

PTB for hosts behind Tunnels (IPSec/GRE) with reduced MTU

PMTUD works between hosts for end-to-end communication. If this is broken, hosts may not be able to communicate over IPv6

IPv6 Path MTU Issues

66


Lessons Learned

Many of our end devices are already IPv6 enabled

– From Microsoft Vista and Server 2008

– From OS X Lion (10.7)

“Happy Eyeballs” can mask IPv6 connectivity issues

Cisco traffic to Facebook, Yahoo! and Google:

End Devices

67

Source: http://www.worldipv6launch.org/measurements/


Lessons Learned IPv6 Growth

68

Source: Google World IPv6 Day

World IPv6

Launch

IPv4 / IPv6 Co-existence

IPv6 Transition Technologies

IPv4 Prevalence

Dual Stack

IPv6 Prevalence

IPv4 as a Service

IPv6-Only

IPv4-Only

We’re Here!

69


$40 Billion annual run rate for the main web portal for quoting,

configuring and buying Cisco solutions (CCW)

$1.3 Billion annual run rate of IPv6 traffic on

tools.cisco.com

By The Numbers

3.37%* = IPv6 traffic on tools.cisco.com**


By The Numbers

529 eman application monitors

18 extranet partner access

3,420 infrastructure hours

DCNI (1520), GNIS (100), GFS (1800)

33 Cisco Teams

285 vanity domains dual stacked

364 apps prod testing

119 Akamai

edge servers

260 apps dual stacked


Conclusion

Build the case and create the program

IPv6 affects everyone across IT but is led by the network team

Multi-year effort with early planning key

Assessment of product and service gaps

Dual stack where you can, tunnel where you can’t and NAT only when you have to

Take iterative steps on our way to the target state

72


Cisco IT IPv6 Case Study

73

http://www.cisco.com/en/US/solutions/collateral/ns340/ns1176/borderless-networks/IPv6-Implementation_CS.html


Join Cisco IPv6 Support Community!

Free for anyone with Cisco.com registration

Get timely answers to your technical questions

Find relevant technical documentation

Engage with over 200,000 top technical experts

Seamless transition from discussion to TAC Service Request (Cisco customers and partners only)

Visit the Cisco Support Community booth in the World of Solutions for more information supportforums.cisco.com

supportforums.cisco.mobi

The Cisco Support Community is your one-stop

community destination from Cisco for sharing

current, real-world technical support knowledge

with peers and experts.


Ubiquitous IPv6 Access IPv6 Access to WebEx collaboration services from within Cisco

75


World of Solutions – IPv6 enabled demonstrations: look for the badges

IP Video - Application Metadata correlation to Prefix coloring

Autonomic Networking

Cisco Modeling Labs (based on Virtual Internet Routing Lab technology)

nLight/GMPLS UNI

ASR9k nV Satellite

Transition the Campus for IPv6 using LISP

Location Analytics with Mobile App Engage

High Speed Wireless Connectivity (802.11AC)

VSS Quad Sup SSO plus IA

Data center core

UCS on a IPV6 environment

Touch, see and feel IPv6 in action in the World of Solutions

76


Call to Action…

Visit the World of Solutions:-

Cisco Campus

Walk-in Labs

Technical Solutions Clinics

Meet the Engineer

Lunch Time Table Topics, held in the main Catering Hall

Recommended Reading: For reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2014

77

http://www.pearson-books.com/CLMilan2014





Complete your online session evaluation

Complete four session evaluations and the overall conference evaluation to receive your Cisco Live T-shirt

Complete Your Online Session Evaluation

78

inside cisco it: making the leap to ipv6lisp.cisco.com/docs/cocrst-3464.pdf · inside cisco it:...

Documents