Has anyone deployed IPv6 yet? As I'm going to be doing this soon, might keep writing back here on my deployment.
Today I've been reading deployment guides and configuration guides specifically for the Cisco WLC. As I already have IPv6 deployed at home from my ISP, I'm making use of this since SLAAC and DHCPv6 are already working :)
The WLC needs ipv6 multicast enabled so that Neighbour Discovery Protocol can work more efficiently, otherwise NDP packets are retransmitted back out to all wifi clients.
Quote
The NDP process initially uses multicast addresses to perform address resolution. This process consumes valuable wireless airtime because the multicast addresses are sent to all the clients in the network segment.
To increase the efficiency of the NDP process, neighbor discovery caching allows the controller to act as a proxy and responds back to the NS queries
Thought this was interesting enough to share :)
IPv6 is now working on my 1832 AP / WLC, although it's not configurable from the gui at all so it's a double learning process :)
IPv6 was already working on the switch port that the AP was connected into. But I could not ping any v6 addresses from my laptop, and internet was a bit slow from my phone and my laptop since they were able to resolve IPv6 addresses through DNS. To get it working I had to disable the WLAN on the WLC, Give the management interface an IPv6 address and enable multicast for IPv6. Finally reenable the WLAN.
Now IPv6 is working:
C:\Users\Tony>ping facebook.com
Pinging facebook.com [2a03:2880:2130:cf24:face:b00c:0:25de] with 32 bytes of data:
Reply from 2a03:2880:2130:cf24:face:b00c:0:25de: time=265ms
Reply from 2a03:2880:2130:cf24:face:b00c:0:25de: time=262ms
Reply from 2a03:2880:2130:cf24:face:b00c:0:25de: time=265ms
Is it worth having an IPV6 forum section? I a few things to find out / write about. For example, IPv6 natively supports IPSEC. Would this negate the need for BOVPN or RA IPSEC VPNs like they are configured now with IPv4? There's quite a few improvements / advances in IPv6, as it's not just a swap over to gain more address space; I'd like to use it to its full capability if possible. :)
IPv6 section? It's called "Routing and Switching." :)
I've deployed it in an all static environment. No DHCP. BGP and OSPF were nice and easy. We upgraded to Infoblox appliances to handle the extra DNS/IPAM pieces, DHCP would have been used if we needed it. It went nice and smooth though.
Like a lot of people I have v6 deployed at home using HE. At work we started the deployment, but other things get in the way. Right now it isn't important to anyone but the network team. We want to get the infrastructure ready so when it becomes important, and we are given a one day deadline we can just through it over to the systems team to enable it on the servers.
We got a /48 PI, and have an addressing plan worked up, but no outside peering yet. One peer is configured, but they required paperwork updates to do v6. Now the paperwork is done we just have to submit a ticket to enable the v6 peering. Our other peers we verified they support v6, but have not started the process to turn it on. Once all that is done we will begin moving inwards.
Maybe by late 2016 we will have all the network gear speaking it, and just waiting for a use case from the business to start using it.
-Otanx
Quote from: deanwebb on March 05, 2016, 08:13:56 PM
IPv6 section? It's called "Routing and Switching." :)
You're right I suppose :)
So with my deployment, I have one internet circuit (for the purpose of this deployment) and various vlans / subnets as you would expect. The eventual goal is to be able to speak on the internet with IPv6. Currently, we use IPv4 of course, with DHCP serving phones and computers as normal. Servers are statically assigned as are all other things that require static addressing like printers and security cameras. The cameras are on a legacy network so I may not be implementing IPv6 there for simplicity. At the moment, I don't see any benefit of implementing IPv6 on our storage network. This is layer 2 from the VMs to the storage anyway but there is a default gateway on the core switches.
Implementing v6 is not going to give me anything internally at one site, from hosts accessing servers on v6. If anything it will add a bit of complexity but at least will gain knowledge so that when I'm 50 and need to implement only IPv6 networks I'll be able to do it.
Today I have started to plan an addressing scheme. We have a /56 for this office. This gives lots of /64s (these are all technical terms here :) ). I've decided that since the v6 address space has a nice rounding with ~xxxx:0700::/64 to ~xxxx:07ff::/64 I'll use hex on the last two digits to represent the VLAN ID since I'm using something similar with IPv4 anyway. Example, 192.168.7.0/24 being vlan 7. So v6 address space will be ~xxxx:707::/64
Also, at the moment I've had a thought to use the last hextet for static network devices (as this will then follow the existing IP plan, somewhat), and use the 2nd to last hextet for static servers. The v4 IP scheme I laid out has blocks for these already within a /24. So from 1-24 is network devices (some subnets only have the 2 core switches and a HSRP address). There's a block for DHCP, a block for Physical servers and a block for Virtual servers. I'm probably repeating things that you guys already do anyway.
One thing I have found is that HSRP with IPv6 is a little bit different. I originally (and foolishly) assumed that HSRP would follow the same for v6 as it did for v4. But while doing some tests, I recalled that default gateway addresses are link-local addresses. The reasoning is that the IP address might change but the link-local one wont. Ref: https://learningnetwork.cisco.com/thread/67929
However this confuses me as to statically assigning v6 addresses to servers and other things..
Basically, HSRP for IPv6, you can set a virtual IP or you can tell the devices to make up a link-local address. Here's my dummy test config on my nexus switches:
SW1
interface Vlan35
no shutdown
ipv6 address xxxx:xxxx:xxxx:735::2/64
hsrp version 2
hsrp 35 ipv6
preempt delay minimum 60 reload 60
priority 100 forwarding-threshold lower 1 upper 100
timers 1 4
ip autoconfig
SW2
interface Vlan35
no shutdown
ipv6 address xxxx:xxxx:xxxx:735::3/34
hsrp version 2
hsrp 35 ipv6
preempt delay minimum 60 reload 60
priority 90 forwarding-threshold lower 1 upper 90
timers 1 4
ip autoconfig
SW1
# show hsrp brief ipv6
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan35 35 100 P Active local fe80::7ead:74ff:fec7:cc01 fe80::5:73ff:fea0:23 (conf auto EUI64)
# show hsrp ipv6
Vlan35 - Group 35 (HSRP-V2) (IPv6)
Local state is Active, priority 100 (Cfged 100), may preempt
Forwarding threshold(for vPC), lower: 1 upper: 100
Preemption Delay (Seconds) Reload:60 Minimum:60
Hellotime 1 sec, holdtime 4 sec
Next hello sent in 0.692000 sec(s)
Virtual IP address is fe80::5:73ff:fea0:23 (Auto)
Active router is local
Standby router is fe80::7ead:74ff:fec7:cc01 , priority 90 expires in 3.949000 sec(s)
Authentication text "cisco"
Virtual mac address is 0005.73a0.0023 (Default MAC)
4 state changes, last state change 00:26:49
IP redundancy name is hsrp-Vlan35-35-V6 (default)
SW2
# show hsrp ipv6
Vlan35 - Group 35 (HSRP-V2) (IPv6)
Local state is Standby, priority 90 (Cfged 90), may preempt
Forwarding threshold(for vPC), lower: 1 upper: 90
Preemption Delay (Seconds) Reload:60 Minimum:60
Hellotime 1 sec, holdtime 4 sec
Next hello sent in 0.145000 sec(s)
Virtual IP address is fe80::5:73ff:fea0:23 (Auto)
Active router is fe80::6e41:6aff:fe33:cb3c, priority 100 expires in 1.225000 sec(s)
Standby router is local
Authentication text "cisco"
Virtual mac address is 0005.73a0.0023 (Default MAC)
4 state changes, last state change 00:27:42
IP redundancy name is hsrp-Vlan35-35-V6 (default)
journey continues.
I forgot to say, in my "testing", before I had configured HSRP, a Windows computer had auto discovered the link-local addresses of both Layer 3 VLAN interfaces of the nexus. I'm not sure what would happen if one of L3 VLAN interfaces had failed. I didn't check a route print so I don't know if would be doing round robin or preferred one.
Your second switch has a /34 mask on the standby IP. Copypaste error? :)
Typo!
:zomgwtfbbq:
Please help me to know, what is the fundamental difference between IPV4 and IPV6.
Are we really need IPV6.
Quote from: zarawatsonn on March 30, 2016, 12:44:33 AM
Please help me to know, what is the fundamental difference between IPV4 and IPV6.
Are we really need IPV6.
https://en.wikipedia.org/wiki/IPv4_address_exhaustion
Quote from: zarawatsonn on March 30, 2016, 12:44:33 AM
Please help me to know, what is the fundamental difference between IPV4 and IPV6.
Are we really need IPV6.
IPv6 offers a larger address space, that is the key difference.
I think that, yes, we do need IPv6 going to home markets, given the number of internet-enabled devices that everyone wants to connect.
In the corporate world, not so much. They can continue to use the limited IPv4 address space thanks to network address translation (NAT) and private address spaces.
IPV6 there is no such thing as network broadcast. nor is there any Address Resolution Protocol. among many other
Ip addresses are a bit different and the notation is new , ie dropping leading zero's in a hexette, or using multiples colons :: to drop successive zero value hexettes
IPv6 is more compatible to mobile networks than IPv4.
IPv6 allows for bigger payloads than what is allowed in IPv4.
IPv6 packetrs are built a bit different than IPv4
IPV6 benefit No more NAT (Network Address Translation)
IPV6 benefit Auto-configuration
IPV6 benefit No more private address collisions
IPV6 benefit Better multicast routing
IPV6 benefit Simpler header format
IPV6 benefit Simplified, more efficient routing
IPV6 benefit True quality of service (QoS), also called "flow labeling"
IPV6 benefit Built-in authentication and privacy support
IPV6 benefit Flexible options and extensions
IPV6 benefit Easier administration (say good-bye to DHCP)