Cisco Ipv6 SG01

J
IP6FD I
u
J
0 IPv6 Fundamentals,
u Design, and
u Deployment
u
Volume 1
u Version 3.0
LJ
U
()
(J
U
Student Guide
()
U Text Part Number: 97-2945-01
U
(j)
(j)
.]:)0.. ."" "'"\ (." o" "
CNT i:.~
.\
Amerlcas Headquarters Asia Pacific Headquarlers Europa Headquarters

Cisco systoms.lnc. Cisco Systems (USA) PIe. Ud. Cisco Systems International BV Amsterdam.
San Jase, CA Singapore The Netherlands
Cisco has mote Ihan 200 aflices worldwide. Addresses, phone numbers. and fax numbers are listad on Ihe Cisco Website al www.cisco.com/go/offices.
o Cisco and Iha Cisco lago are trademarks ef Cisco SYSlems. (nc. andlor ¡Is af{¡liales in !he U.S. and alhor counlries. A lisling af Cisco's trademarks can be found al
wwwciscO.co-n/go/tradomarks. Third party tradcmarks mon\ionod aro Ihe proporty af thcir rospoctivo owncrs. Tha uso af lho word patinar daos nol imply a
partnership relationship between Cisco and any alhar company. (1 005R)
DISCLAIMER WARRANTY: TI liS CONTENT IS BEING PROVIDED "AS IS." CISCO MAKES AND YOU R[CEIVE NO WARRANTIES IN
CONNECTION WITII THE CONTENT PROVIDED IIEREUNDER. EXPRESS.IMPLlED. STATUTORY OR IN ANY OTIIER PROVISION OF
TIIIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFlCALLY DlSCLAIMS AL!. IMPLlED
WARRANTIES. INCl.lIDING WARRANTIES 01' MERClIANTABlLlTY. NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR
PlJRPOSE. OR ARISING FROM A ('OURSE OF DEALlNG. USAGE OR TRADE PRACTICE. This Icarning product nm)' contuin cmly rclcasc
conlcnt.lll1d while Cisco bclicvcs it 10 he accuflllc, il j¡¡lIs suhjccl lo Ihe disclaimcr above.
Sludenl Guide © 201 OCisco andfor its affiliates. Al! rights reserved.
I I •.
•I I •I
CISCO,
Studen/s. /his /etfer describes important

course eva/ua/ion access injórmation!
Welcome to Cisco Systems Learning. Through the Cisco Learning Partner Program,
Cisco Syste111s is com111itted lo bringing you lhe highest-quality training in the industry.
Cisco learning products are designed to advance your professional goals and give yOll
the expertise you need to build and 111aintain strategic networks.
Cisco relies on customer feedback to guide business decisions; therefore, your valuable
input will help shape future Cisco course curricula, products, and training offerings.
We would appreciate a few minutes ofyour time to complete a briefCisco online
course evaluation of your instructor and the course materials in this student kit. On the
final day of c1ass, your instructor will provide you wilh a URL directing you to a short
post-course evaluation. Ifthere is no Internet access in the c1assro0111, please complete
the evaluation within the next 48 hours 01' as soon as you can access the web.
On behalf of Cisco. thank you for choosing Cisco Learning Partners for your
Internet technology training.
Sincerely,
Cisco S)'stems Learning

Table of Contents
Volume 1
Course Introduction 1
Overview 1
Learner Skills and Knowledge 1
Course Goal and Objectives 2
Course Flow 3
Additional Relerences 4
Cisco Glossary 01 Terms 4
Introduction to IPv6 1-1
Overview 1-1
Module Objectives 1-1
Explaining the Rationale for IPv6 1-3
Overview 1-3
Objectives 1-3
IP Address Allocation 1-4
History 01 IPv4 1-7
Next Generation 01 IP 1-9
IPv4 Workarounds 1-11
Summary 1-16
Evaluating IPv6 Features and Benefits 1-17
Overview 1-17
Objectives 1-17
Features and Benefits 01 IPv6 1-18
IPv6 Addresses 1-20
IPv6 Autoconliguration and Aggregation 1-22
Advanced IPv6 Features 1-26
Transition Strategies to IPv6 1-35
Summary 1-38
Understanding Market Drivers 1-39
Overview 1-39
Objectives 1-39
Market Growth lor IPv6 1-40
Enterprise and Consumer Markets 1-41
Common Technologies 1-43
Native IPv6 Content 1-47
Drivers lor Adoption 1-48
Exhaustion 01 IPv4 Addresses 1-48
IPv6 in Modern Operating Systems 1-51
IPv6 on Other Platlorms 1-53
Government Mandates 1-56
Summary 1-57
References 1-57
Module Summary 1-59
Module Sell-Check 1-61
Module Sell-Check Answer Key 1-63
IPv6 Operations 2-1
Overview 2-1
Understanding the IPv6 Addressing Architecture 2-3
Overview 2-3
Objectives 2-3
IPv6 Addressing Architecture 2-4
IPv6 Address Formats and Types 2-9
IPv6 Address Uses 2-16
Required IPv6 Addresses 2-22
Summary 2-27
Describing the IPv6 Header Format 2·29
Overview 2-29
Objectives 2-29
IPv6 Header Changes and Benelits 2-30
IPv6 Header Fields 2-33
IPv6 Extension Headers 2-35
Summary 2-45
Enabling IPv6 on Hosts 2·47
Overview 2-47
Objectives 2-47
Enabling IPv6 on Hosts 2-48
Enabling IPv6 on Windows 2-49
Enabling IPv6 on Mac OS X 2-56
Enabling IPv6 on Linux 2-57
Summary 2-60
Enabling IPv6 on Cisco Routers 2·61
Overview 2-61
Objectives 2-61
Enabling IPv6 on Cisco Routers 2-62
IPv6 Address Conliguration 2-63
Autoconliguration 2-67
Summary 2-71
Using ICMPv6 and Neighbor Discovery 2·73
Overview 2-73
Objectives 2-73
ICMPv6 2-75 ~
ICMP Errors 2-76
Echo 2-79
IPv6 over Data Link Layers 2-80
Neighbor Discovery 2-81
Stateless Autoconliguration 2-90
Value 01 Autoconliguration 2-91
Renumbering 2-92
Cisco lOS Neighbor Discovery Command Syntax 2-93
Cisco lOS Network Prelix Renumbering Scenario 2-95
ICMPMLD 2-97
IPv6 Mobility 2-98
Summary 2-99
ii IPv6 Fundamentals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Troubleshooting IPv6 2-101
Overview 2-101
Objectives 2-101
Cisco lOS IPv6 Configuration Example 2-102
Cisco lOS show Commands 2-104
Cisco lOS debug Commands 2-105
Cisco lOS debug Command Example 2-106
Summary 2-107
Module Summary 2-109
IPv6 Services 3-1

Overview 3-1
IPv6 Mobility 3-3
Overview 3-3
Objectives 3-3
Introduction lo IP Mobility 3-4
Mobile IPv6 3-7
Network Mobility Examples 3-18
Summary 3-27
Resources 3-27
Describing DNS in an IPv6 Environment 3-29
Overview 3-29
Objectives 3-29
DNS Objects and Records 3-30
DNS Basics 3-30
DNS Tree Structure 3-33
DNS Tree Structure Components 3-35
Dynamic DNS 3-37
Summary 3-42
Resources 3-42
Understanding DHCPv6 Operations 3-43
Overview 3-43
Objectives 3-43
DHCPv6 3-44
DHCPv6 Operation 3-45
DHCPv6 Multicast Addresses 3-53
DHCPv6 Prelix Delegation Process 3-54
DHCPv6 Troubleshooting 3-58
Summary 3-61
Understanding QoS Support in an IPv6 Environment 3-63
Overview 3-63
Objectives 3-63
IPv6 Header Fields Used lor QoS 3-64
IPv6 and the Flow Label Field 3-67
IPv6 QoS Conliguration 3-70
Summary 3-77
Resources 3-77
© 2010 Cisco Systems, Ine. IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 ¡¡¡
Using Cisco 105 Software Features 3-79
Overview 3-79
Objectives 3-79
Cisco lOS Software Features 3-80
Cisco lOS IPv6 Tools 3-85
IPv6 Support lor Cisco Discovery Protocol 3-96
Cisco Express Forwarding IPv6 3-98
IP Service Level Agreements 3-102
Summary 3-110
Relerences 3-110
IPv6-Enabled Routing Protoco/s 4-1
Overview 4-1
Routing with RIPng 4-3
Overview 4-3
Objectives 4-3
Introducing RIPng lor IPv6 4-4
Examining RIPng Enhancements 4-6
RIPng Delault Route Announcement 4-6
RIPng Route Redistribution Capabilities 4-7
RIP Equal-Cost Multipathing 4-8
Conliguring RIPng 4-9
Summary 4-13
Relerences 4-13
Examining OSPFv3 4-15
Overview 4-15
Objectives 4-15
OSPFv3 Key Characteristics 4-16
OSPFv3 Enhancements 4-20
OSPFv3 Configuration 4-23
OSPFv3 IPsec ESP Authentication and Encryption 4-25
OSPFv3 Advanced Functionalities 4-30
Summary 4-36
Examining Integrated 15-15 4-37
Overview 4-37
Objectives 4-37
Integrated IS-IS Characteristics 4-38 --~,
Changes Made to IS-IS to Support IPv6 4-40

Single SPF Architecture 4-41
Multitopology IS-IS lor IPv6 4-44
IS-IS IPv6 Conliguration on Cisco Routers 4-46
Summary 4-56
Relerences 4-56
Examining EIGRP for IPv6 4-57
Overview 4-57
Objectives 4-57
EIGRP lor IPv6 4-58
Cisco lOS EIGRP lor IPv6 Commands 4-61
Summary 4-66
iv IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Understanding MP-BGP 4-67
Overview 4-67
Objectives 4-67
MP-BGP Support for IPv6 4-68
IPv6 as Payload and Transport Mechanism in MP-BGP 4-70
BGP Peering Over Link-Local Addresses 4-73
BGP Prefix Filtering 4-76
MP-BGP Configuration and Troubleshooting 4-79
Summary 4-82
Resources 4-82
Configuring IPv6 Policy-Based Routing 4-83
Overview 4-83
Objectives 4-83
Policy-Based Routing 4-84
Routing Using IPv6 Extension Headers 4-88
Configure PBR 4-90
Specification of Criteria for PBR 4-91
Route Maps in PBR 4-92
Applying the Policy 4-94
Configuration Example 4-95
PBR and Cisco Express Forwarding 4-95
Summary 4-96
References 4-96
Configuring FHRP for IPv6 4-97
Overview 4-97
Objectives 4-97
First Hop Redundancy Protocols and Concepts 4-98
FHRP for Redundancy 4-99
FHRP for Load Balancing 4-101
Interface Tracking 4-103
HSRP for IPv6 4-104
HSRP Priority and Object Tracking 4-106
Configuring and Monitoring HSRP for IPv6 4-108
Monitoring HSRP 4-109
Configuring Object Tracking 4-110
GLBP for IPv6 4-111
GLBP Terminology 4-112
GLBP for IPv6 4-113
GLBP Priority and Object Tracking 4-114
Configuring GLBP for IPv6 4-115
Monitoring GLBP 4-117
Summary 4-118
References 4-118
Configuring Route Redistribution 4-119
Overview 4-119
Objectives 4-119
Route Redistribution 4-120
PE-CE Redistribution for Service Providers 4-127
Summary 4-130
Resources 4-130
Module Self-Check 4-133
Module Self-Check Answer Key 4-135
© 2010 Cisco Systems, [ne. IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 v
vi IPv6 Fundamenlals, Oesign, and Oeploymenl (IP6FO) v3.0 © 2010 Cisco Systems, Inc.
IP6FD I
Course Introduction
Overview
The IPI,6 Fundalllentals, Design, and Deplo)'lIIent (IP6FD) 3.0 course is an instructor-Ied
course presented by Cisco training partners to their end-user customers. This five-day course
aims at enabling learners to study and configure Cisco lOS Software IP version 6 (IPv6)
features. The course is a technology COlll'se covering I Pv6 design and implementation topics. It
provides an overview of IPv6 teehnologies, briefly covers history of IPv6, describes IPv6
operations, addressing, routing, services, t!'ansition, and deployment of IPv6 in enterprise
networks. The course also ineludes case studies useful fol' deployment seenal'ios.
Learner Skills and Knowledge

This subtopic lists the skills and knowledge that learnel's must possess to benefit fully fl'om the
coul'se. The subtopic also ineludes I'eeommended Cisco learning offerings that learnel's should
-
first complete to benefit fully fl'om this eourse.
2i2!d id
Learner Skills and Knowledge
• Cisco CCNA® certification:

- Interconnecting Cisco Network Devices 1 (ICND1)
- Interconnecting Cisco Network Devices 2 (ICND2)
• Understanding 01 networking and routing (on Cisco CCNp®
level, but no lormal certilication is required).
• Working knowledge 01 the Microsoft Windows operating
system.
'~.¡ , "
Course Goal and Objectives
This topic describes the course goal and o~iectives.
IPv6 Fundamenlals. Design, and Oep!oyment
Upon completing this course, you will be able to meet these objectives:
~
• Describe the factors that led to the development oflPv6, and the possible usages ofthis , I
new IP structure
• Describe the structure ofthe IPv6 address format, how IPv6 interacts with link-Iayer
technologies, and how IPv6 is supported in Cisco lOS software
• Describe the nature of changes to DNS and DHCP to support IPv6, and how networks can
be renumbered using both services
• Understand the updates to IPv4 routing protocols needed to SUppOlt IPv6 topologies
• Understand multicast concepts and IPv6 multicast specifics
• Describe IPv6 (ransition mechanisms and which methods will be most effective in your
network
• Describe security isslles, how security for IPv6 is different than for IPv4, and emerging
practices for I Pv6-enabled networks
• Describe the standards bodies that define IPv6 address allocation, as well as one ofthe
leading IPv6 deployment isslles, mllltihoming
• Describe the deployment strategies service providers are facing when deploying I Pv6
• Describe case studies for en(erprise, service provider, branch, and access networks
2 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Course Flow
This topie presents the suggested flolV ofthe course ll1aterials.
LiE¿LLiL l2 a:::¡¡JIi
Course Flow
Course
Introduclion
Module 4
Module 1: (Cont.)
A lnlroduclion lo Module 3 Module 7 Module 9
M lPv6 (Cont.) (Cont.) (Cont.)
Module 5: IPv6
Module 2: ¡Pv6 Mumeast
Operations Servlces
LUnch
Module 5 Module 7 Module 9
(Con!.) (Con!.) (Cont.)
Module 2
(Cont.) Module 4: Module 6: ¡Pv6
P IPv6-Enabled Transition
Module 8: Module 10:
Routing Deploying ¡Pv6 ¡pve Case
M Mechanisms
Protocots Sludies
Module 3: IPv6 Module 9: ¡Pv6
Module 7: ¡Pv6 and SefViee Course
Services Security Providers Wrap-Up
,:t"(_'.',,, ~ " ,H,,'., V"
The schedule refleels Ihe reeoll1ll1ended struclure for this course. This slruclure allows enough
time for lhe instruclor lo presenl Ihe course information and for you to 1V0rk through the lab
aclivilies. The exact timing oflhe subject ll1alerials and labs depends on the pace ofyour
specifie class.
© 2010 Cisco Systems, Inc. Course Introduction 3

Additional References
This topic presents the Cisco icons and sYll1bols that are lIsed in this COllrse, as weJl as
-
infonnation on where to tind additional technical references.
Cisco Icons and Symbols

JU
Cisco lOS Router Multilayer Workgroup

Switch Switch
Nelwork
Cloud Laplop SelVer
Cisco Glossary of Terms

For additional inforll1ation on Cisco terminology, refer to the Cisco Jlllemelll'orkillg Terms al/{I
ACl'ol1yms glossary ofterms at
htlp://doc\viki.cisco.com/\viki/Calegory: Internclwork ing_Tenns_and _ Acronyll1s_ %281TA %29.
4 IPv6 Fundamenlals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Module 1\
Introduction to IPv6
Overview
The growth ofthe Internet and (he adoption ofnetworking over the past 20 years are pushing
the IP version 4 (IPv4) to the limits of its addressing capacity and its ability for continued
growth. To sustain the evolution ofthe Internet, the Internet Engineering Task Force (lETF)
developed a next-generation protocol, IP version 6 (IPv6). This module describes the factors
leading tOlVard IPv6 development and compares IPv4 with IPv6.
Module Objectives
Upon completing this module, you \Viii be able to describe the factors that led to the
development oflPv6 and possible uses ofthis new IP structure. This ability includes being able
to meet these objectives:
• Describe the hislory of IPv4 and the rationale for implementing IPv6 to resolve IPv4
addressing and security issues
• Explain Ihe benefits ofaddressing with IPv6, and describe ho\V larger IPv6 address sizes
facilitate autoconfiguration 311d aggregatioll
• Describe market drivers and the rationale to 1110ve to IPv6; explain the i111portance ofnative
IPv6 content and how its availability is a 1110tivatioll to 1110ve
1-2 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, 1nc.
Lesson 1
Explaining the Rationale for

IPv6
Overview
The development of IP version 6 (1 Pv6) is a process that has been under way since 1993.
Fearing that the world may exhaust the IP version 4 (IPv4) address space. developers ofthe
next-generation protocol. IPv6, not only remedied the address shortage isslle but also enhanced
the IP. The process of developing a transition plan will also require jllstification for adopting
IPv6. This lesson describes the history oflP networking, defines the IP address shortage isslle,
and provides fOllndationalmaterials for advocating a transition to IPv6.
Objectives
Upon completing this lesson, you will be able to describe the histOly oflPv4 and the rationale
for implementing IPv6 to resolve IPv4 addressing and security issues. This ability includes
being able to meet these objectives:
• Describe the expansion anel adoption of I Pv4
• Describe address exhaustion in IPv4
• Describe the rationale for creating a next-generation IP
• Describe why existing solutions, such as NAT, C1"eate new issues
IP Address Allocation
This topic describes the expansion and adoption of IPv4.
i&ID ¡¡¿
Feaíurelssuesin IPv4
• IPv4 was designed in a time with different network
requirements:
- Originally a military protocol
- Provided resilient communications and independent path
selection
• While becoming a standard lor communications, mechanisms
were added later to support the evolution 01 networks:
- Security: IPsec protocol suite
- Device roaming: Mobile IP
- OoS: RSVP, DiffServ
- Address scarcity: DHCP, NAT, CIDR, VLSM
When the concept ofTCP/lP was originally developed by Vint Cerf and Robert Khan under the
auspices ofthe Defense Advanced Research Projects Agency (DARPA), a U.S. Department of
Defense (DoD) agency, modern-day network requirements-such as security, quality of
service, device autoconfiguration, privacy, and a high level of network device diversity-clid
not necessarily apply. The DARPA (then known only as ARPA) network was expected to be a
closed network lhat is limited to a rew thousand users, mostly scientists from government and
academia.
As the use of networking exploded and the Internet emerged, many modern-day network
requirements became necessary for lhe continued growth ofthe Internet and the large-scale
adoption of networking anel computers in an enterprise environment.
Nowadays, the I P supports networks all aroul1d the worlel, including businesses, social
nelworks, and governmenls. To address usage growth, many mechanisms had lo be developecl
lo provide security, qualily ofservice (QoS), mobility, and so 011.
1·4 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Ine.
2Z illi22 11111 II1 &!&22Ji 11 .11 a 21111 2Ji
IP Address Allocation and History
• Address pool usage introduced conservation and optimization efforls,

including:
- PPP and DHCP address sharing, and endpoints behind NAT
.'H Subscriber-Grade NAT and Carrier-Grade NAT
- CIDR and VLSM for address c1ass segmentation and improved routing
.. Theoreticallimit af 32-bit space ls approximately 4.3 hillion devices .
.. Practicallimit af 32-bit space ls approximately 250 million devices .
.. Neither (¡f' (hese can accomrnodate one IP address per persono
1981: lPv4 published 100.00%

90,00%
1985: -1116 01 lolal space used 80,00%
70.00%
1990: - 1/8 of lolal space used 60.00%
1995: - 1/3 of total space used 50,00%
40.00%
2000: - 1/2 01 lotal space used 30.00%
20.00%
2003: - 2/3 of lotal space used 10.00%
0.00%
2005: - 3/4 of lolal space used
1980 19QO 2000 2010
2010: - 9/10 of tolal space used
,.".,-',- .. " .. ,., ..
The American Registly for Internet Numbers (ARIN) has 15 /8s alIocated directly from the
Internet Address and Numbering Authority (lANA). This does not include the 20 /8s for U.S.
corporations (nondefense) or the 64 /8s ofthe legacy /16s. (These are the address blocks
alIocated direetly from lANA before the formation of ARIN, more commonly referred to as
"swal11p~' space.)
China has approximately one /8, with a larger student population than North America. India has
a smalIer alIoeation, but its population is expected to surpass the population ofChina.
Many alIocated Class A addresses are not used and can probably be reclaimed. However, it is
much more difficult to obtain new addresses, because they are an increasingly scarce resource.
Many conservation efforts, ineluding elassless interdomain routing (CIDR), Network Address
Translation (NAT), address reclamation, and DHCP, have significantly extended the lifetime of
IPv4 and allo\Ved deployment of IP-based networks that would have otherwise been forced to
use alternative methods.
Note A 18 is equivalent to a Class A block 01 IPv4 addresses, or 16 million IP addresses. A 116 is

equal to a Class B address block or 65,536 IPv4 addresses.
Temporary or semipermanent connections, such as dialup or cable-modem xDSL, whieh are

given eithel' temporaly 01' private IPv4 addresses, prohibit the end user from deploying certain
IP-based services. New networks find il increasingly difficult to obtain IPv4 addresses fmm the
registries. With IPv4, technologies such as wireless telephones, personal digital assistants, in-
ear computers, and home appliances will not be allocated global addresses, beeause there are
too many such devices. In some countries, end users are at a third, fOlllih, or even fifth layer of
NAT networks, limiting them to the most basic ofservices.
The 32-bit address space of IPv4 accommodates more than 4 billion devices. No addressing
scheme is optimal, but to compare different addressing schemes a logarithmie ratio, known as
the I-ID-ratio, is applied to other address spaces-such as the address spaces used in telephone
numbers-to compare efficieney of use. IPv4 was not better 01' worse than others, but the class
hierarchy (A, B, C) makes the IPv4 address space less efficient.
© 2010 Cisco Systems, Inc. Introduction to IPv6 1-5

Tip The phone syslem illuslrales Ihe inefficiencies in number allocation when Ihe number space
is hierarchically arranged. Suppose Ihal two cilies need new area codes, lrom which new
local exchanges can be drawn. Each city is assigned one new area codeo Soon thereafter,
one cily grows more quickly and needs more numbers, while Ihe olher cily experiences no
addilional growlh. Because numbers are grouped inlo area codes, Ihe responsible
organization cannol "borrow" exchange numbers Irom Ihe "no-growlh" cily lo give lo Ihe
"growlh" cily. Exchanges are only valid wilhin a given area code. The inabilily lo easily
reallocale phone number assignmenls belween area codes adds inefficiency lo Ihe use 01
Ihe overall number space. Similarly, wilh IP addresses, so me allocalions are densely used
(mosllP addresses assigned) while olhers are sparsely assigned. The resull is Ihal Ihe lolal
"praclical" limil 01 available phone numbers (or IP addresses) is much smaller Ihan Ihe
theoretical maximum.
1-6 IPv6 Fundamenlals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco $ystems, Ine.
History of IPv4
This topic describes address exhallstion in I Pv4.
¡:g ¡¡ ¡¿¡di ¡¡¡¡Ui:e.
IPv4 Improvement Opportunities
Three decades of IPv4 use have identified several

opportunities for improvement:
• Variable-Iength options make padding inefficient for hardware
im plementations ..
• The fragmentation process creates undue overhead and
necessilales using the Flag, Fragment Offset, and Header
Checksum fields. /"
• It is inefficient to add new services lo IPv4 packet, which are
then implemented using Layer 4 protocols . ./
DlIring the past 30 years, a remarkable nllmber ofservices have been cleveloped for networks
and the Internet. Experience with IP has helped to identify several areas for improvement.
During development ofthe next-gcneration IP, attempts were made to improve several
inefficiencies, sllch as these:
• The IPv4 header may be ofvariable length. The Options ¡¡eld provides the abilily to do
sOllrce rollting, record the packet route, and provide address extension information. (See
http://www.iana.org/assignments/ip-parameters for a more detailed list of options.) Since
the option data is not a consistent lenglh, padding is afien applied to the ¡¡eld. Padding the
Options ¡¡eld ensures that the data will start on a 32-bit bOllndary. Conseqllently, the ¡¡eld
has variable-Iength headers, creating more overhead in the forwarding process.
• Heterogeneolls networks muy have many different path maximllm transmission lInits
(MTUs). For example. link A on a path may be 1500 bytes, while link B on the same path
may be 1300 bytes. necessitaling packet fragmentation. This creates overhead for the
rOllting device forwarding the packets, both in fragmentation and in recalclllating the
checksum.
© 2010 Cisco Systems, Inc. lntroduction to IPv6 1-7

&al J
Short History of IPv4
1969 - r- OARPA is commissioned by Ihe DaD for research networking.
1972 - f- Firsl public test of ARPANET held al Icce in Washington, D.C.

1973 - r- Kahn and Cerf push concepl of "Internet:
1974 - f- Kahn and Cerf pUblish the delails tor Te?

1975 _!- Te? 1s split into Tep and IP.
1981 -:- IPv4 specification 1s published in RFC 791.
1991 -¡- World Wide Web is developed.
1993 -~ Masaje i5 released.
1993 -f- CIDR published, RFC 1519.
1994 -r- NAT developed, RFC 1631.
1996 -r- Privale IP address space, RFC 1918.
2001 -r 50% of IPv4 32~b¡t address space alloeated.
2005 - t- 75% of IPv4 32-bit address space aHceatad.
2009 -1- First "serious" IP address shortage. also in "developed" countries.

., ,.
The concept ofnetworking was introdllced by J.C.R. Licklider ofthe Massachllsetts Institllte of
Technology in AlIgllst 1962, when he disclIssed his "Galactic Network" concept. DlIring Ihe
1960s, the idea took form in nllmerolls papers, clllminating with the U.S. DoD commissioning
DARPA lo develop the network concept. Throllgh a series of development iterations, TCP and,
evenlllally, IP were created. IPv4 \Vas standardized in 1981.
1-8 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Next Generation of IP
This topic describes the rationale for creating a next-generation IP.
a 2 2 2.
Short History of IPv6
1990 - - Exhaustion of IPv4 Class B by 1994 predicted.

1991 - - Routing and Addressing (ROAO) group formed lo address rouling.
1993 - - IPng proposals (RFC 1550) solicited.
1994 - - NAT RFC approved (RFC 1631-now out of dale).
1995 - - Firsl specificalion: RFC 1883.
1996 - - 6bone slarted.

1997 - - Firsl allempt al provider-based address formal.
1998 - - Firsl IPv6 exchange: 6tap.

1999 - - Registries asslgn IPv6 prefixes. IPv6 Forum formad.
2001 - - Major vendors bundle IPv6 in Iheir mainslream producllines.
2006 - - 6bone closed.

2007 _.... IETF working group closed.
2009 - Firsl FeS of IPv6 UCS.
Following the new ac1dress space study, the consensus was that there was enollgh time to
develop a new protocol with added fllnctionalities instead of deploying a new protocol thatjllst
adc1ed larger new addresses. This meant that there was an opportunity to fix problems
associated with the IPv4 addressing scheme anc1 create a new protocol for fllture needs.
The process included collecting requirements from various industries: cable, wireless, electric
power utilities, military, cmporate networks, service providers, and others. A call for proposals
(RFC 1550) was issued, and several proposals were studied.
Of all the proposals, three warranted more extensive analysis and attention: Common
Architecture forNext Generation IP (CATNIP), Simple Internet Protocol Plus (SIPP), and TCP
and User Datagram Protocol (UDP) \Vith Bigger Adc1l'esses (TUBA). The recommended
proposal, sllbmitted by the Internet Engineering Task Force (IETF) (RFC 1752), was the SIPP,
with a larger address space. The main author of SIPP \Vas Steve Deering. A working group was
established, anc1 the firsl specification came in late 1995 (RFC 1883).
The major milestones oflPv6 are as follows:
• 1996: A testbed of IPv6, called lhe 6bone, was started over the Interne!. At this time, Cisco
already had support for IPv6 on a Iimited number ofCisco hardware platforms.
• 1997: A first attempt \Vas made for a provider-based address forma!.
• 1999: Registries started to assign IPv6 prefixes to ISPs.
• 1999: The IPv6 Fortlm was founded.
• 2000: Many vendors began to bundle IPv6 into their mainstream prodllct lines.
• 2002: Cisco introduced IPv6 generic availability in Cisco lOS Software Release 12.2(I)T.
© 2010 Cisco Systems, Ine. Introduction to IPv6 1-9

dEL II & E
What About IPv5? ~""Iov,
• IPv5 is the IP number 01 the Internet Strearn Protocol,

beca use it uses Ihe same data link layer Iraming as IPv4:
- Experirnental protocol
- Addresses resource reservation
- Designed lo coexisl wilh IPv4; nol a replacemenl-same
addressing scheme
• Resource reservalion is now done using o!!ler prolocols/
IPv5 \Vas an experimental Resource Reservation Protocol thal is inlended lo provide quality of
service (QoS) and defined as Ihe Internet Stream Protocol version 2 (ST2). It is based on the
\Vork of.lim Forgie in 1979, as documented in I/ltemer Experime/lt Notes (lEN) 119, and
consists ofl\Vo prolocols:
• ST2, for the data transport
• Stream Control Message Protocol (SCMP)
ST2 is designecl to coexist with IP on each node. A typical distribuleclmultimedia application

\Voulcluse both protocols: IP for the transfer oftraditional data and control information and ST2
for the transfer of real-time data. It uses the same addressing schemes to identify hosts.
ST2 cloes not replace IP, bul it has an IP version number (5) because it uses the same data link
layer framing as IPv4. Resource reservalionnow uses other protocols, for example, Resource
Reservation Protocol (RSVP).
ST2 protocol is documentecl in RFC 1819.
1-10 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, lnc.
IPv4 Workarounds
This topic describes why existing solutions, such as NAT, create new issues.
i ¡ 2 En Mi 3
IPv4 Exhaustion Workarounds
• To extend the lifetime and usefulness of IPv4 and circumvent

address shortage, several mechanisms were created:
- Classless Interdomain Routing (CIDR)
- Variable Length Subnet Masks (VLSM)
- Network Address Translation (NAT)
._. Dynamic Host Configuration Protocol (DHCP)
• Over the years, hardware support has been added lo devices
to support IPv4 enhancemenls.
<.".
IPv4 ac1dresses were originally assigned in several fixec1-length blocks, commonly referred to as
"classes." Address recipients were allocated Class A, B, or C address blocks, which ranged
from approximately 16 million addresses for Class A to 255 addresses for Class C. This
allocation policy was not very efficient and resulted in entities receiving many more addresses
than they required. As early as 1993, it was stated in RFC 1519 that address depletion was an
eventuality.
In an effort to allocate addresses more efficiently, CIDR was developed, which allowed the
address space to be divided into smaller blocks. In 1994 it was clear that CIDR alone would not
provide enough room in the IPv4 address space to allow time for its successor to be developed
anc1 deployed. NAT was the proposed lemporary IVorkaround. NAT introduced a model in
which a device facing outward to the Internet would have a globally routable IPv4 address,
while the internalnetwork would be configured with private addresses. These private addresses
could never leave the site, so they could be identical in many different enterprise networks. In
this way, even large enterprises with thousands of systems could hide behind few routable
public networks. As long as the number of client systems behind the NAT (thal is, those with
hidc1en private addresses) is large, anc1 those c1ienls are using "well-behaved" applications and
are truly clients, nol servers, NAT does indeed conserve address space.
Variable-Iength subnet masks (VLSMs) allow more efficienl use of IP ac1dresses, specifically
on small segments su eh as point-to-point seriallinks. VLSM usage was recommended in 1995
in RFC 1817, and in fact, CIDR and VLSM support is a prerequisite for ISPs to receive
additional allocations.

Tip VLSM improves address allocation efficiency at the expense 01 simplicity. It is simpler to
have a standard subnet size-perhaps a /24 or "Class C" subnet. That is inefficient,
however, il most subnets in an organization only have 30 or 40 (or even 5) nodes on them.
Using VLSM, a 30-node subnet can be allocated a /27, and eight /27 networks can be
allocated Irom a single /24. This complexity must be managed, however, and has other
impacts. For example, routing protocols used belore VLSM was introduced did not have to
carry subnet masks; they assumed that networks had a fixed, consistent netmask. For IPv4,
with its limited address space, VLSM has greatly extended the liletime 01 the protocol.
1-12 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
11111&1 SJI 111 blJlLi 100&l1li11122 lJIJ&21LUI ¡ I i 1 1i21¡¡
Network Address Translation
• NAT provides a way to use a public external address to

connect several endpoints with internal addresses behind
one or a small number 01 routable addresses .
• NAT has many implications:
-- Breaks the end-to-end model 01 IP, especially lor inbound
connections
- Mandates that the network keeps the state 01 connections;
however, statelul devices introduce greater security
192.0.2.1
NAT Device
10.10.10.20 10.10.10.21 10.10.10.1
One of the arguments against deploying IPv6 is that NA T \Viii solve the problems of limited
address space in IPv4. NAT lypically translates packets from a net\Vork tha! uses the private
address space (RFC 1918) to the Internet. The use ofNAT merely delays lhe exhaustion ofthe
IP,,4 address space by using global addresses for large internalnet\Vorks.
These address spaces are used within private net\Vorks:
• 10.0.0.0/8
• 172.16/12
• 192.168/16
There are severalnegative implications of using NA T. some of which are identified in RFC
2775 and RFC 2993, as follows:
• NAT breaks the encl-to-encl model of IP. IP \Vas clefinecl so that underlying layers do not
process the connection; only the endpoints process the connection.
• NAT implies that the network neecls to keep the state ofthe connections because it has to
remember the translation of adclresses ami pOltS. The need to keep the state ofthe
connections in NAT makes fast rerouting clifficult in case the NAT device fails 01' the links
ncar the NA T device fail.
© 2010 Cisco Systems, Ine. Introduclion to IPv6 1-13

MiL
Network Address Translation (Cont.)
NAT has additional implications:

• Inhibits end-to-end network security (IPsec)
• Requires upgrade when a new application is not NAT-friendly
• Application Layer Gateways not as fas! as IP forwarding
• Merging of private networks difficult (if they use overlapping
IP address ranges)
These are other negative implications ofNA T:

• NA T inhibits end-to-end network security. To protect the integrity of the I P header by
some cryptographic functions, the IP header cannot be changed between the origin ofthe
packet (to protect the integrily oflhe header) and Ihe final deslinalion (lo check the
integrity of Ihe received packet). Any lranslalion of parts of a header on the path will break
the integrity check. In some cases, you can use adaptations to partially solve the security
issue. For example, user hacking.
• When applications are not "NAT-friendly"-which means that, for a specific application,
more thanjust port and address mapping are necessary to forward the packet through Ihe
NA T device-NA T has to embed complete knowledge of all the applications to perform
correctly. This is especially the case for dynamically allocated p011s with rendezvous ports,
embedded IP addresses in application protocols, security associations, and so on.
Therefore, the NAT device needs to be upgraded each time a new non-NAT-friendly
application is deployed. For example, peer-to-peer.
• When different networks use the same private address space, such as 10.0.0.0/8, and they
have to merge or connect, there is an address-space collision. Different hosts have the same
address, and routing disables reaching the other network. This can be resolved by
techniques such as renumbering or Twice NA T. (Twice NA T is the practice of changing
both the source and destination address of a packe!.) However, these techniques are costly
and, later on, increase NA T complications.
·111111 IJM 2 ¡ IIIIIIMI I1 Mili h 2i 2 JII
NAT Inhibits Access to Internal Servers
• When many internal servers need to be reachable from

outside, NAT becomes an important issue.
,
".-,,06\\,,""'<--. .
NAT can be useful when there are many devices inside and very few reachable addresses
outside. The ratio of internal to reachable must be large to make NA T effective. Howeve,',
when there are many servers inside, NAT becomes a problem because the same protocol cannot
be multiplexed on the same port using Ihe NAT extemal address. For example, t\Vo intemal
servers using the same port cannot use the same extemal address without changing the port
number.
Each inside server that has to be reachable from the outside will start using one external
address. As lhe number ofnodes acting like servers increases (applications running on a node
that would make it act like a serve,,, even temporarily), so can the consumption of externallPv4
addresses. With a limited pool of extemal addresses, NAT effectiveness decreases.

Summary
This topic sllmmarizes the key points that were disclIssed in this lesson.
.ii ji ji! ¡¡¡ Ji::
Summary
• The adoption 01 networking and particular services, such as

email and the web, drove IPv4 address consumption.
• Initial inefficient IPv4 address allocation methods and
subsequent Internet growth is exhausting the IPv4 address
space.
• Advanced leatures, such as OoS, IPsec, and the growing
scarcity 01 IPv4 addresses, prompted the development 01
IPv6.
• NAT, while stalling IPv4 address exhaustion, has several
limitations, inc1uding inhibiting end-to-end security and
increasing the complexity 01 nelwork administration.
, .
1-16 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Lesson 21
Evaluating IPv6 Features and

Benefits
Overview
Similar to any lIpgrade in technology, there should be enough enhancements and benefits to
warrant the time, effort, and cost associated with the lIpgrade process. IP version 6 (IPv6)
provides several improvements over its predecessor and has ne\V features that will help SllppOlt
the continued growth ofthe Internet. This lesson describes IPv6 features and benefits.
Objectives
Upon completing this lesson, you \Viii be able to explain the benefits ofaddressing with IPv6
and describe ho\V larger IPv6 address sizes facilitate autoconfiguration and aggregation. This
ability includes being able to meet these objectives:
• Describe the features and benefits of I Pv6
• Explain the size ofan IPv6 address
• Describe how a larger IPv6 address space enables autoconfigllration and aggregation
• Discuss advanced IPv6 features
• Discllss the transition strategies to IPv6
Features and Benefits of IPv6
This topi c describes the features and benefits of IPv6.
IPv6 Main Features
• Larger address space: Global reach capability, f1exibility,

aggregation, (!lultihoming, ~utocoDfigl!@tion, "[llug-and-play," ,,~.
renumbering . .
\ , ..,.('\, ,t;. ..... .
'- .....'>.. ,""~,,,,-.'v""'" I~~" ()
• Simpler header: Routing code streamlined, simpler
processing in hardware
• Security and mobility: Built into the standard, not as
extensions
• Transition ri chness: Several mechanisms available, incJuding
"?ual-s~king"
\(>'l\' 7 ~ .~.\ \~\l '"
~' " ,,-.-.
IPv6 includes a number offeatures that make it attraetive for building global-seale, highly
effeetive networks. The larger address spaee, striet aggreg3tion, and autoeonfiguration provide
important eapabilities.
Streamlined header struetures make proeessing JPv6 paekets faster and more effieient for
intermediate routers within the network. This is espeeially true when large numbers ofpaekets
()
are routed in the eore oflhe IPv6 Internet. Features that were not parl ofthe originallPv4
specification, sueh as security and mobility, are now built into IPv6.
IPv6 also includes a rieh set oftrans ition lools to allow 3n easy, nondisruptive transition over
n
time to IPv6-dominant networks.
o
1-18 IPv6 Fundamental s, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Largar Address Space
IPv4:
• 32 bits
• = 4,294,967,296 possible addressable nades
IPv6:
• 128 bits: 4 times larger in bits
• =-3.4 * 1038 possible addressable nades
• =340,282,366,920,938,463,463,374,607,431,768,211,456
1Pv4 = 32 Bits'
1Pv6 increases the nU111ber of address bits by a factor of four, fr0111 32 to 128 bits. During the
IPv6 design specification, there was a debate about whether to use 64, 128, or 160 bits. Tlle
choice of 128 bits \Vas found to be the 1110St appropriate, because it enables a very large numbel'
of possible addressable nodes. However, as in any addressing scheme, not all the addresses can
be used.
Increasing the number ofbits for tlle address also means an increase in the header size. Since
eacll IP header contains both a source address and a destination address, the size oftlle Ileader
fields containing tlle addresses is 64 bits for IPv4 al1(1256 bits for IPv6.
Witll tlle upcoming pllenomenon of social networks and persons owning multiple devices
connected at tlle same time (mobile pilones, Ilome-tlleater pes, content servers, and so on),
IPv6 is suitable to enable end-to-end com111unication.

IPv6 Addresses
This topic describes the size of an IPv6 address.
II!
•
Global ReachabiJity
• Endpoints have a globally reachable address lor incoming

connections .
• End-to-end reachability, lull support 01 application protocols,
and end-to-end security boosts peer-to-peer communication.
The important isslle thal motivated the IPv6 effOlt was the stlldy predicting that address space
exhaustion wOllld reslllt n'om the attempt to give an address to each device on the Internet. By
using a much larger adclress space than IPv4, IPv6 enables the use ofa global ancl reachable
address for almost evely kind of device: computers, IP phones. IP faxes, TV setllp boxes,
cameras, pagers, wireless personal digital assistants (POAs), cell phones, home networking
systems, and vehicles. Tlying lo fit all those devices into the current IPv4 address space is
ncarly impossible.
A lInique address for each clevice cnables lhe end-to-end reachabilily that is especially
important for telephone ca lis. Unlike Network Address Translation (NAT) devices, IPv6
enables complete SllppOrt of application protocols wilhout needing special processing at the
edges oflhe networks. It also enables end-Io-end security.
l1li1 l1li1= 1111
Multiple Levels of Addressing Hierarchy
• Multiple levels 01 hierarchy inside the address space allow

belter segmentation 01 the network to lollow organizational
structure (/48 or 156 given to end users)
• More flexibility, more privacy, new lunctionalities
IPv6 - 128 Bits
A Illuch larger address space allows the use ofmultiple levels ofhierarchy inside the address
space. Each level can help aggregate the traffic and enhance the allocation function. By using
Illultiple levels in the hierarchy, the larger address space permits flexibility and new
functionalities, such as the scoping of addresses (site-Iocal. link-local) in the protoco!. A
flexible addressing architecture is often crucial lo a network protocol.
Typical allocations of address space are as follows:
• /32 for a large Isr
• /4801' /56 for a typical enterprise, home, 01' other place needing more than one network
• /64 for environments where only one network is needed
• /128 for environlllents where one, and only one, host willneed an address
Within the enterprise scenario, it is expected that the first 48 bits are the overall enterprise
allocation, which will be split into 16 bits for networks (65,535 networks). Each network will
have 64 host bits (primarily for autoconfiguration. not beca use there would be that many hosts
on a single network).

IPv6 Autoconfiguration and Aggregation
This lopic describes how a larger IPv6 address space enables auloconfiguralion and
aggregation.
¿ Mil;
Aggregation
• Aggregation 01 prelixes announced in global routing table

• Efficient and scalable routing because 01 simpler routing
tables
Customer1 /,,2001:410:1:1::/64
/" 2001:410:1:2::/64
2001 :0410:0002::/48
A larger address spaee makes room for large address alloeations lo serviee providers and
organizations. Having a large ellollgh prefix fOI" the whole network ofan organizatioll enables
Ihal organizalion lo use only one prefix. On anolher level, Ihe ISP is able lo aggregate all of ils
eustomer pretixes inlo a single prelix and announee this one prefix lo the IPv6 Interne!.
This aggregation promotes effieienl and scalable routing. To conneel all kinds of deviees and
networks on Ihe Internet in the fulure, scalable rouling will be required.
I-Iowever, this is an oversimplified view. In fael, private peering agreements among all Tier-2
ISPs can undermine complete aggregation. For the core backbone Internet routers, however, a
maximum prefix length will be earried (perhaps /32, perhaps something a little longer, bul
almost eertainly not/48). Therefore, route aggregation will be better than it is on the IPv4
Interne!.
• Mulliple simultaneous addresses for hosts and networks
• Mullihoming support: provider-based or provider-independenl
(since 2009)
\>..,\'\,CM
, Only announces
ISP I ' its /32 prelix
2001:04 10::/32 ) / >C
i ~ ~ -.....<!~.,..~ .~ IPv6 Inlernel
Customer 2 /~, / '
f
2000::/3
ísp t , / . . .
2001:04 18::!32 ~--¡.:!:....,
u 200 10410.0002:/48 (""'\
200 1:0418:0001 :/48 \.., I ,,,) Only announces
ils /32 prelix
~ l'-"~\ , ',e.
~O'-l\ ~ .....¡,..... " . r. ,
u It is nol simple lo connect a network to mulliple providers wilh IPv4. Al Ihe very leasl,
mullihoming breaks any kind of aggregation in the globa l !"Ouling lable. However, nlllltihoming
u is desirable for networks thal require high availability.

Having a much larger address space, IPv6 enab les the use of mulliple simultaneous prefixes for
u a network, allowing 111ultihoming withoul slress ing the globa l !"Ouling lable. Thi s siluation is nol
currenlly possible in IPv4.
The IPv6 model, however, is nol wilhoul fl alVs. Having 111ulti ple prefi xes avai lable lo
u enterprises introduces new cha llenges. These challenges include overc0111 ing Ihe reslrict ive
nature of aggregation for globalnetlVorks, delecling \Vhen a prefix is no longer being routed
(due lo an ISP oulage). added complex ily lo the Domain Na me Serv ice (DNS) infraslructure,
and choosing wh ich prefix lo sOllrce packels f!"Om IVhen mulli ple, globally !"Oulable addresses
are available.
Note There are many ways to make the source address selection, which is covered more fully in
Defaull Address Selee/ion for IP version 6 (IPv6) (RFC 3484).
u To suppart "Iradilional" multihoming using BGP for path se leclion in Ihe Same way as IPv4.
Réseaux IP Européens (RIPE) opened the applica lions (i n 2009) for the enlerprises lo request
u IPv6 provider-indepelldent address space. Thi s way, the customer adverti ses the same IPv6
prefix lo both serv ice providers, and BGP lakes care of customer reachability in the serv ice
provider backbones.
u
© 20 10 Cisco Systems, Ine. Introduction to IPv6 1-23
Stateless Autoconfiguration
• Olten uses Layer 2 identifier (derived from OUI)

• Autoconfiguration with no collisions
• "Plug-and-play"
• Suitable for embedded networks for industrial use (dispersed
seismic sensors, etc.), but lack.of capability to communicate
DNS settings ()'I,\"!f"\'''' "",~,,<>""s :looo \0\)(1') ()
MAC Address: ..
00:2c:04:00:le:56 1
<~ /
-
I
Hostau:to=c=o=n;li~gU~r=e=d~a=d:d=re=s=s~:-::::::::::::::::::::
Rouler sends
prefix received + 64-bit
interface ID network-type inlormation
~\l;-~ '" (prefix, delaul! route, and so on) /
~~J )" a«>I...'':' [)\H- f"
S¡"1L'» t,\~~!,~...,
Having a much larger address space available, IPv6 engineers designed a \Vay to enable
autoconfiguration ofthe addresses \Vhile still keeping the globaluniqueness. A router on the
local link \ViII send network-type infonllation. such as the prefix oflhe local link and the
default l"Oute, to all the nodes onlhe local link. A hosl can autoconfigure itselfby appending ils
data link layer adclress (in a specia l64-bit extended unique identifier [EUI]-64 format) to the
local link prefix (64 bits). This auloconfiguralion resulls in a complete I 28-bit IPv6 address that
is usable on Ihe local link and is, most likely, globa lly unique. To avoid Ihe rare evenl of
address colli sion, a process is enabled lo detect duplicate addresses.
Auloconfiguration enables "plug and play," which connects devices lo the net\Vork wilhout any
configuration and without any staleful servers (such as DHCP servers). Auloconfiguration is an
important feature for enabling deployment ofnew devices on the Internet, such as cel! phones,
wireless devices, home appliances and net\Vorks, and so on.
Autoconfiguration can be accomplished in t\Vo ways: slateless-v ia neighbor discovery and
router advertisements- as described aboye, and stateful , using a DHCPv6 server. The
differcnce betweenlhe t\Vo is that with the statefulmethod, a record is kept ofwhich hosls are
assigned which addresses. The stateless method maintains no such records.
1-24 IPv6 Fundamentals, Design, and Deploymenl (IP6FD) v3.0 © 201 o Cisco Systems. Ine.
n
Stateful Autoconfiguration
• Router announeement can indieate to hosts whether or not

additional eonfiguration parameters are available via stateful
eonfiguration (DHCPv6), sueh ans DNS, IP options, and so
on.
MAC Address:
00:2c:04:00:le:56
"<:\J') •~l
Host receiv:e=s-=ro:::u-::t=er:---::==========
announcement that includes Router sends network-type
indication 01 whether to do inlormation and optionally sets
stateless or statelul "DHCP available" flag.
configuration.
Stateless alltoconfigllration is a powerfulmechanism for zero-administration contiguration. A

typical full-featured client, such as an enterprise desktop computer, however, can require a
mueh larger set ofinitial configmation settings than stateless autoconfigmation can provide.
For these applications, there are aclditional settings, such as DNS servers, Network Time
Protoeol (NTP) servers, Session Initiation Protocol (SIP) servers, Novel! Direetory Services,
and others.
Hosts use stateless autoeonfiguration to receive base information (in so me cases) along with an
indieation ofwhether 01' not additional eonfiguration settings are available via a DHCP server.
This can include the IP options, in acldition to autoconfigure hardware such as IP phones,
IVireless access points, video enclpoints, ancl so on.
© 2010 Cisco Systems, Ine, Introduction to IPv6 1-25

Advanced IPv6 Features
This topic describes advanced IPv6 features.
n
Renumbering
• Renumbering, using autoeonfiguration and mulliple

G~.\~\ ~"
\,~ '" \ ••
o
s~ - L~.
addresses
• Old address slill held for a lime for possible ineoming traffie;
o
new address is used for oulgoing eonneelions firsl
o
o!;': .: ' ;'~;', !
Ho~s~ta~u~t~oc~o~n~l~ig:u~re~d~--~:=::::::~::::::~
o
address: Router sends NEW
NEW prefix received +
SAME data link layer
address
network-type inlormation (prelix,
delault route, and so on) n
n
IPv6 has a mueh larger address space. This allows organizations to receive prefixes that are
large enough for their present and future needs. Because ofthe strict aggregation oflhe global
routing table_ networks without portable prefix space (most small and mid-size organizations
n
will have ISP-provided prefixes) must be renumbered when organizations change their
upstream provider. n
Renumbering is a very diflicult, time-consuming, and error-prone task with IPv4. In IPv6,
auloconfiguration enables s implified renumbering by sending the new prefix from the new
upstream provider in the router announcements. Hosts will automatically receive the new prefix
and then use the new address.
Note, however, that renu111bering lISillg this method does not take ¡nto élccount statically
assigned systems, such as roulers, switches, and servers registered in DNS. These nodes must
o
still be renumbered by hand as they are with IPv4_ IPv6, using autoconfigl1l'ation, can make the
process of renumbering hosl devices easier.
o
Some operating systems use renumbering ofthe suflix as a security measure (1'01' example,
Microsoft Windows). Using the MAC address and EUI-64 suffix autogenerated from it,
someone could track the host move around the IPv6 Internet. To prevent this, Windows uses
o
randomizat ion ofthe suffix to assure privacy.
1-26 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems. Ine.
o
l1li1 III1 Jil.UIE: :i ¡ I¿ in ¡¿¡ mm 11111111iIi&J2dLJU 1111 11
Multicast Use
• Broadcasts in IPv4:
- Interrupt all computers on the LAN, even il the destination
is only one or two computers
... Can completely bring down a network ("broadcast storm")
• No broadcast in IPv6:
- Replaced by scoped mullicast
• Mullicas!:
.... Enables efficient use 01 the network
- Has much larger address range
Broadcast in IPv4 causes many problems. It generates interrupts in evely computer on the
network, even if only one or two computers are involved. In some cases, broadcast completely
brings down or severely degrades performance on a network; this is generally called a
'~broadcast storm."
In IPv6, broadcast is replaced by multicast. Multicast enables the efficient use ofthe network
by replacing most broadcast processes with more elegant multicast-based processes, using
specific multicast groups fOl" different functions. This prevents most problems caused by
broadcast storms in IPv4, When an IPv4-style broadcast is needed, there is an all-nodes
multicast address that is, essentially, a broadcast. IPv6 has no concept of"directed broadcast"
The range ofmulticast addresses inlPv6, essentially 2 A 112, is much larger than in IPv4, so it
should be easy to obtain a permanent multicast assignment for most services.
Multicast also has a scope parameter integrally delined in the address itself.
© 2010 Cisco Systems, Ine. Introduction to IPv6 1·27

&Ji 1jlL II ¡ji
Simple and Efficient Header
• 64-bit aligned fields and fewer fields

• Hardware-based, efficient processing
• Improved routing efficiency, performance, and forwarding rate
scalability
IPv4 Header IPv6 Header
~r~tt.~'I~~L~'~II~í:===i;!-----
The new IPv6 header is simpler than the IPv4 header.

a I-Ialf ofthe previous IPv4 header fields are removed. This enables simpler processing oflhe
packets, enhancing the performance and routing efficiency.
a AII fields are aligned to 64 bits, which enables direct storage and access inmemory by fast
lookups.
These and other enhancements improve hardware-based processing, which provides scalability
ofthe forwarding rate for the next generation ofhigh-speed networks. This benefit, however,
rcmains lO be seen beca use I 28-bit addresses are larger than the word-size ofthe current
processors. This situation resulls in more lookup to oblain the complete I 28-bit address.
1-28 IPv6 Fundamentals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
i¡iflifh 2 ¡ i2i 2 ti 11111111.2 1 it!¿¡¡ llIIl ¡¡ 2 A&IEII
No Checksum I
• No checksum at the IP layer, no recalculation by the routers

• Improved routing efficiency, performance, and forwarding-rate
scalability
• Error detection done by data link layer and transport layer
IPv6 Header
The IPv6 header is also simpler due to the rel110val of the checksul11. Not only is the space in
the header I·eused. but more imporlantly, the routers in Ihe palh do not do recalculation, which
also provides routing efficiency.
This does no! mean that lhere is no error detection-l11os! data link layer technologies address
error detection. Additionally, the transport layer that l11akes the end-to-end connection has a
checksum that enables error detection. In IPv4. Tep checksums are available and User
Datagram Protocol (UDP) checksums are optionally available. In IPv6, checksul11s are required
for both transpolt pl'Otocols.
© 2010 Cisco Systems, ¡nc. Introduction to lPv6 1-29

Flow Label Field Enables Per-Flow
~
, ----- ~ .,,).,. ""-
( \ <NI.. ~-o
I
,-...c.....-..J .
• A new flow label inside IP header

• Enables per-flow processing lor differentiation at the IP layer
• Length 01 20 bits
(í'q\.p" S",\\cl...., ) <;"" -, , ~~,,)-\¡,·:,,~ n

IPv6 Header ~o S;
;-::;:::;-----,
l " o.,\. ,-.., b......»
A new field has been added to lhe header inlPv6. The new Flow Label field enables per-flow
process ing by lhe routers in the path, whieh provides traffie differentiation at the IP layer
withoul requiring addilional work to identify the flows. With this label, a router does nol have
lo open the lranspOlt layer segmenl lo idenlify lhe flow; it finds the information in lhe IP paeket
heade r.
Note IPv6 Flow Label Specification (RFC 3697) specifies the Flow label lormat and the
requiremenls lar IPv6 nades labeling or lorwarding flows_ It does not, however. define a
melhod 01 using lhe Flow label lo implement nondelault qua lity 01 serviee or any other n
serviees. lhis area remains a work in progress in the IElF.
o
()
n
Extension Headers
E"-t~l,""-a ~ •
• Flexible extension headers

• More efficient handling 01 IP options
• Faster lorwarding rate and end-node processing
IPv6 Basie Header
Any Number of IPv6

Extension Headers Paeket
Data (sueh as Tep or
UDP)
u ,·..,·, ... r. ,"o
u IPv6 uses a different approach frol11 IPv4 to l11anage optional infonnation in the header. It
defines extension headers that forl11 a chain ofheaders linked by the Next Header field
u contained in each extension header. This approach provides efliciency ga ins over IPv4 in the
\Vay that options and special functions are packaged. It enables a faster forwarding rate and
leaves the router with less work to do lor each packet.
()
u
o
u
o
"A E
Extension Headers (Cont.)
• Extension headers are daisy-ehained.
TCP Header'
~+ Data
TC~ Header
... Data
TCF' Heáder
, +,Dáta
Here is anolher view of extension headers. AII extension headers are daisy-chained, each
header poinling lo Ihe nexl header IInlil lhey reaeh lhe transport layer data. This arrangement
allows an IPv6 packello be cllstomized wilh features and functionality.
LiIIIlMII ih tU aa:: 2
Mobility
• Mobile devices are fully supported while moving.

• Mobility is built in with IPv6-any node can use il.
• Efficient routing means performance for end users;
elimination of "triangle routing" (using IP options) for return
traffic as well.
Mobility is a very importanl feature in networks oftoday. Mobile IP is an IETF standard

available for bolh IPv4 and IPv6. Mobile IP allows mobile devices to change the IPv6 address
oftheir current point-of-attachment withoul breaking existing Layer 4 sessions. In IPv6,
mobilily is likely lo be widely supporled, which means thal mosl nodes will evenlually be able
lo use il. In IPv4, mobility was not widely adopled, for a number ofreasons.
The IPv6 routing header makes Mobile IPv6 much more efficienl for end nodes than Mobile
IPv4. IPv6 uses many enhancemenls. For example, Home Agent binding uses some header
options (destination) Ihal are mandalory for every IPv6 device. Roule optimization is also
supported in IPv6.
These optimizations eliminate "triangle J'Outing" for incoming traffie lO Ihe endpoinl. Using
IPv6 header options, a direct path lo Ihe enclpoint is eommunicated lo Ihe peer, which does nol
need lo send Ihe lraffic lo Ihe home agenl rouler anymore.
© 2010 Cisco Systems, Ine. Inlroduction to IPv6 1-33

j i ¡ilhlIl z & ji
Security
• End-to-end network security (integrity, authentication,

confidentiality)
• Inherent (built-in) with IPv6-usable by any node
IP Security (IPsec) is the IETF standard for IP network security. IPsec ensures integrity,
authentication. and confidentiality. IPsec is available for both IPv4 and IPv6. and is delined
with the same RFCs. While the functionalities are essentially identical in both IPv4 and IPv6
environments, IPsec is mandatory in IPv6. This means that every IPv6 node will have IPsee
enabled and will be able to use its features righl away, allowing the IPv6 Internet to have betler
security because IPsec will be available on allnodes. IPsec also requires a key for each pmty,
whieh, for \Vide deployment to be achievecl. implies a global key deployment and distribulion
mechanism. This topie is beyoncl Ihe scope ofthis course.
1-34 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Ine.
Transition Strategies to IPv6
This tapie describes the transition strategies for IPv6.
Lilli &Ji !2 Ui
Transition Richness
• No fixed day to convert, no need lo converl al! al once

• Differenl Iransilion mechanisms available:
- Smoolh inlegralion of IPv4 and IPv6
• Differenl compalibilily mechanisms:
.... Communicalion belween IPv4 and IPv6 nodes
IPv6 IPv6
Hos! 6104 6104 Hosl
lPv6 Traffie
The transition to IPv6 has been designed so that all nades moving to IPv6 are not required lo be
upgraded at the same time. Many transition mechanisms have been designed to enable smooth
integration of IPv4 and IPv6. Other mechanisms are available for compatibility, which IPv4
nades can talk to IPv6 nades, and vice versa. AII these mechanisl11s can be applied to different
situations anel cases.
The figure shows one example ofa transition and integration mechanism. The 6t04 routers
automatically encapsulate the IPv6 traffic inside IPv4 packets. This mechanism is described in
more detail in the "Describing IPv6 Tunneling Mechanisms" lesson.

.. JII
Quality of Service: Not a New Feature
• QoS has been mentioned as an IPv6 fealure-in fael, IPv6

eurrently does QoS Ihe same way Ihal IPv4 does.
• IPv6 uses Ihe Traffie Class field in Ihe same manner as IPv4.
• There is no differenee belween QoS proloeols and melhods
in IPv4 and IPv6.
• The IPv6 flow label eould be used for QoS deviees lo idenlify
specifie flows.
• The flow label ilself is nol eurrently specified as a QoS
fealure.
QoS is orten characlerized as a new fealure of 1Pv6. That is overstated. The current way to
manage QoS in IPv4 is the same as in IPv6. The only difference is that IPv6 has a Flow Label
field that can conlain a label identifying a flow. This label is generated by the source oflhe
packet. Having a flow label allows QoS devices in the path lo make actions based on this label,
but Ihe exislence of Ihe label is not a fealure of QoS.
However, Ihe majorily ofQoS implementalions slilluse Ihe DiffServ approach (Per-I-Iop
Behavior Irealment ofpackels based on lhe local QoS policy).
1-36 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine,
IPv6 Technology Scope
'. Addressing R"ng~ .. '., 32-bit, Network .128-bit, nlulliplé" .. '

AddressTranslation scopes
Autoconfiguration DHCP Stateless, Stateful
(DHCPv6)
Security IPsec IPsec-mandated,
works ond-to-enq ,
Mobility Mobile IP {L,)-., --...:,,~
Mobile IP with
optimizad routing
Differentiated seNice, Differentiáted servic~::
. integrated service integratedservice
IP Multicast IGMP, PIM, Mullicast MLD, PIM, multicast /
BGP BGP, scope identifier
IPv6 ofTers these general features and benefits:

• A large address space makes globalreachability possible from every IPv6 node.
a Autoconfiguration is essential for deploying a large number of appliances. It would not be
possible, practically, to manually configure 11' addresses; you need some autoconfiguration
mechanism that scales. DHCP may not be the righ! way to manage millions of clients.
• IPsec is mandated in the arehitecture.
a NA T ineludes end-to-end security in networks by requiring that you trust the end devices.
a Mobile IPv6 improves routing effieiency over IPv4.
• IPv6 is the same as IPv4 in QoS and headereompression features. Both areas benefited
from the \York on IPv6. The IPv6 header eompresses belter than the IPv4 header beeause
there are fewer fields.
a Other features are equivalent, except for a few details, such as seoped addresses in
multicast, 01' the concept of stateless DI-ICP in whieh only static parameters are provided by
the DI-ICP server.
© 2010 Cisco Systems, Inc. Introduclion to IPv6 1-37

Summary
This topie slll11l11arizes Ihe key poinls that \Vere disclIssed in this lesson.
;w 2
Surnrnary
• IPv6 has l11any compelling features and real benefits over IPv4 in
supporting global networks effectively. Several feature
enhancements, sueh as the way IPv6 performs autoeonfiguration
or aggregates routing information, make IPv6 attraetive.
• The large address spaee is one IPv6 benefit. With the 128-bit
address spaee of IPv6, rather than the 32-bit address space of
IPv4, the number of devices that can be connected to the network
inereases exponentially.
• The large address space for IPv6 supports autoconfiguration by
reserving 64 bits for the host number on a given subnet.
• The large and standardized address spaee allows routers to send
configuration information to hosts, enabling routers to configure
their own global-scope address. With such a large addressing
space, strict route aggregation is critical to avoid explosion in the
size of the default-free routing tables on the global Internet
backbone.
"., .:
1-38 IPv6 Fundamenlals, Design, and Deployment (IP6FD) v3.0 © 201 oCisco Systems, Ine.
Lesson 31
Understanding Market Drivers

Overview
This lesson describes the market drivers that help promote IPv6 as the key technology ofthe
future. It defines the key markets for IPv6 solutions, outlines the impOltance of native IPv6
content and the relation to IPv6-only endpoints.
Objectives
Upon completing this lesson, you will be able to describe market drivers and the rationale to
move to IPv6. This ability includes being able to meet these objectives:
• Describe the huge potential in market growth forlPv6 (mobile) endpoints
• Explain the importance of native IPv6 content and how its availability is a motivation to
Illove
• Explain that IPv6 in Microsoft, open-source products, and government mandates are
additional drivers for adoption
Market Growth for IPv6
This topic describes lhe huge potential in market growth for IPv6 (mobile) endpoints.
lb Mipi
Market Growth for IPv6
• There are two major markets lor IPv6:

- Large enterprises
- Consumer marke!
• Large enterprises need IPv6 when:
- 10.0.0.0/8 subnet is too small to lollow organizational
schemes
- Too many endpoints, or when NAT is unwanted
- To service IPv6-only endpoints and give access to IPv6-
only networks
• Service providers need IPv6 to service consumers:
- Accommodate requirements lor peer-to-peer
communication
- Pro vide access to IPv6 conten!
- Large number 01 fixed or mobile endpoints
.. .... . .....
The IPv6 protocol will experience usage growth in enlerprise, service provider, and consumer
markets. Enterprises and service providers have already been encouraged to adopt IPv6. The
longer they postpone, the more it will impact them when their customers demand IPv6 services.
Large enterprises have already found themselves experiencing problems \Vith I Pv4 address
scarcity in the private addressing blocks (10.0.0.0/8, 172.16.0.0-172.31.255.255/16, and
192.168.0.0-192.168.255.255/24). Either they can implement internal NA T and face the
disadvantages of it blocking end-to-end communication, or they can move to IPv6. Many ofthe
largest companies have eh osen to adopt IPv6, but face problems with minor incompatibilities or
features not yet available. Such examples are network management systems, 11' Telephony, and
proprietary applications. In the last five years, the majority ofthese issues have been resolved.
Service providers need to be prepared to provide their customers IPv6 services. Generally this
does not require network redesigns or major hardware upgrades. The core technologies in
service provider backbones remain MPLS and Multiprotocol BGP, which do support IPv6.
Other applicalions, such as network management, slill rely on IPv4, but progressively adopt
IPv6.
1-40 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, tnc.
J1i a ¡¡im 11II1II1b= W¡¡¡¡,
Enterprise Market
• IPv6 endpoints solve problems of IPv4 address scarcity and

eliminate NAT.
• Dual stack is usually implemented for seamless transition.
• Challenges: Establishing VPNs, security implications for end-to-
end encrypted traffic (moving towards host-based security).
• IPv6 in Data Centers: Required to serve content to IPv6-only
endpoints; challenging to provide IP Services, such as server
load balancing (SLB), etc.
Enterprise and Consumer Markets

The enterpl'ise and consumer markets form the primary markels for IPv6 acceptance.
In Ihe enterprise networks, IPv6 allows for end-to-end connectivilY, meaning any server in any
part of the network can accept connections without configuring address translations anywhere
in the network.
For seamless transition, dual stack is implemented in enterprise networks. Dual stack means
that both IPv4 and IPv6 run concurrenlly on network devices (endpoints and routers) over the
same Layel' 2 netIVork. IPv6 content and services are then accessed using the IPv6 bearer, and
IPv4 content and services are accessed over the IPv4 bearer.
Enterprise customers require secure connections to establish viltual private networks (VPNs).
VPNs secure communication flows ayer public nelIVorks, and this feature is built in into the
IPv6 protocol stack natively. In enterprise nellVorks, firewalls on netIVork edges terminate such
flows, declypt them. and pass these flows unencrypted to secured parts ofthe network.
l-IolVever, securily in IPv6 is meant to be end-to-end, and an enclypted flolV "blinds" the
firewalling device beca use the firewall does not tenllinate the secure connection anymore.
Instead, the endpoint c1oes; this inlroduces the necessity for host-based security, such as host-
based firewalls and hast intrusion prevention syslems (1-11 PS).
Another aspect of IPv6 deployment is in data centers. When data centers start servicing IPv6-
only endpoints, then IPv6 support in data center equipment IVi 11 be required. The most
challenging requirements are server load balancing (SLB) devices. proxies, and security
devices. Network infrastructure supparts IPv6 without major issues.
© 2010 Cisco Systems, Inc. Introduction to IPv6 1·41

- Consumar Markat
2 d
• Adopts IPv6 where technically feasible and in areas with IPv4

address scarcity
• Many service providers invested in carrier-grade NAT (GGN)
equipment, which currently solves the IPv4 address shortage
problem but inhibits investments in IPv6
• End-to-end connectivity is excellent for peer-to-peer applications,
such as file sharing and games
• IPv6 content availability is a prerequisite for growth!
This relates to the IPv6 Enterprise/Data Genter market segment
IPv4 Internet IPv6 Internet
NoNAT
',-. -"." .
It is not really important to consumers whether they access infonnation over IPv6, I Pv4, or any
other protocol, aS long as they can obtain the information they desire. The goal ofthe network
layer is to be transparent to higher cOlllmunication layers.
Ifthe user has an IPv6-only end device to access data, then the information IllUSt be served
using IPv6. Using such end devices will contribute to the popularity of IPv6.
Currently, many service providers (and mobile operators) have invested in IPv4 solutions.
These solutions include carrier-grade NAT (CGN) or A+P, which introduce additional
translation points or assign only a nUlllber ofports (Layer 4, in the range of -200) to a user.
Compare this solution to the unlimited ports assigned in classic implementations. Typically,
service providers introduce CNG and IPv6 in parallel.
However, the absence ofNAT in IPv6 brings substantial advantages to the end consumer,
especially when using peer-to-peer applications such as file sharing, VolP (Skype and others),
and online games. Such systems can connect directly without having to use proxies or find
creative ways to bypass NA T and firewalls.
IPv6 content availability is something like a "chicken and egg" problem-which one comes
first? Should IPv6-only endpoints be deployed first to influence the requirement for content
served on IPv6? Or, should data centers and IP Services upgrade to IPv6 to be able to serve
IPv6 content first?
il
1·42 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
_,AilIJIIIU I ¡JI IliJl ¡¡¡¡ lllU ¡i ¡ II11
IPv6 VolP
• VolP deployments:
- IPv6 provides peer-to-peer communication, making
deployments simple (no NAT bypass) .
• IP Telephony deployments:
_.- IPv4 prevailing, although the introduction of IPv6 bearer
networks will push the need for IPv6.
Voice over IPv6
- - Voice Flow
............ Signalling Flow
Common Technologies
The common technologies for adopting IPv6 are VoIP, IP Television, IT business support, and
education.
The IPv6 addresses peer-to-peer commllnication and enables it to work end-to-end, that is,
without NAT 01' firewall bypassing techniques. This will boost the use of IPv6 for VolP
applications that follow the peer-to-peer model. The voice data stream can be transferred
directly between the endpoints, improving connection setup speeels, reelucing the amount of
signaling. and so 011.
On the contrary, eleployment of IP Telephony systems-enterprise IP Telephony solutions such
as Cisco Unifieel Commllnications Manager, Cisco IP phones, and so OIl-are bounel to
networks of smaller unel manageable size, which generally I Pv4 can accommoelate. For truly
global enterprises, IPv6 can simplify IP Telephony networks. IPv6 will become manelatoly
when IPv4 is removed in at least one part of the enterprise network.
Note Peer-to-peer communication is otherwise praised in the consumer market beca use it allows
file-sharing applications and games to function without obstades (such as NAT). Such traffie
does consume serviee provider bandwidth and resourees, but on the other hand, Internet
access brings revenue to serviee providers.

IlIWi
IP Television
• IPTV uses mullicasl dala plane and conlrol plane: IPv4

mullicasl, IGMP, SSM/PIM.
• The dala is usually lransmitled inlo a VPN-a ne!work
separaled from olher dala nelworks lo provide slabilily and
OoS; lypically IPv4-based.
• IPv6 has services lo accommodale mullicasl dala
lransmission and mullicasl rouling.
• IPTV will swilch lo IPv6 when lhe bearer will be IPv6-only;
ePE IPv6 supporl is crucial lo achieve this goal.
IPTV deployments are, similarly to IP lelephony deployments, bound to closed networks al Ihe
service provider. The customer base at lhe service provider defines Ihe size oflhe network,
which can currently be accommodated using IPv4 solutions.
Sen'ice providers introduce separate networks lo carry IPTV. By using this approach, IPTV
traffic is not mixed wilh other customer traffic, and it is, therefore, possible lo maintain screen
image and sound quality.
A driver to move IPTV lo IPv6 would be a shutdown of IPv4 services and easier IPv6 multicasl
deployment in contrast to IPv4. More mullicasl groups are available in IPv6, and addressing is
easier to designo A move lo an IPv6-only user access would be feasible, in this case, and will
encourage IPv6 development for m issing components.
Implementing IPv6 on the customer premises equipmenl (ePE) is nol particularly challenging,
but on the other side, service providers are trying to keep ePE costs as low as possible. Since
llsers demand IPTV ePE to support recording on built-in disk drives, and so on, IPv6 support
should nol be a big issue.
• liL2 Iml I 2i. 21 &i112il l2i2
IT Business Support
• For businesses, the biggest drivers are:

-- Demand to serve IPv6-only content lar I Pv6-only
endpoints
- Demand to access critical content over IPv6-only
networks
- Limited growth in the IPv4 private address space
• Until then:
.- No apparent development
- Use 01 workarounds
When implementing IPv6, enterprise clients often encounter problems with equipment
compatibility 01' software suppor!. Such examples are management software, security products,
authenticatioll servers, server load-balancing devices, firewalls in failover cOllfigurations, and
so forth. This does not stop the deployment of I Pv6, but prolongs the dual-stack setup in which
mixed IPv4 and IPv6 services are deployed.
Obviously, the demand for critical content from the client side will push the development oflT
business services to move to IPv6. Several business applications-from enterprise resource
planning to customer relationship management, desktop virtualization, and so on- will benefit
fmm moving to IPv6. The main drivers are system scalability and logicalnetwork simplicity;
both of these decrease the cost of own ing a network.

s ji
Education
• The education and academic sphere supported the

development of IPv6 .
• This sphere is also one of the biggest users of technologies
such as e-Iearning, live broadcasting, and collaboration, in
which IPv6 excels by providing end-to-end connectivity.
The academic education sphere has been adopting IPv6 since its beginnings and has pioneered
many ofthe technologies that businesses use today.
For business education services, the benetit oflPv6 will be similar to the benefits ofusing peer-
to-peer VoIP, videoconferencing. collaboration, and IPTV. These solutions use either point-to-
point connectivity, where IPv6 excels, and they use the benefit of good scalability and
simplicity. IPv6 e-Iearning solulions willrequire less time lo set up, and Ihey willuse
bandwidth more efficiently by taking advantage of IPv6 QoS and multicast routing capabilities.
Collaboration performance requirements can be compared to the requiremenls for online
gaming; Ihe goal is efficient connectivity belween severalusers and sites.
1-46 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 o Cisco Systems, Ine.
Native IPv6 Content
This topic describes the importance ofnative IPv6 content and how its availability is a
l11otivation to move.
al¿ J2
= ,
Native IPv6 Content
• Users do not care il the content is translerred over IPv6 or

IPv4-it must be available.
• Current IPv4 networks are adequate only in areas without IP
address shortages.
• IPv6-only mobile devices would not be usable in parts 01 the
world except lor their home market.
IPv6-0nly
Client
IPv4-0nly
Client
",',._"
The growth of IPv6 devices in markets with IPv4 address shortages will have a worldwide
impact. The most affected market is the Asian region. Becallse Asian cOllntries are the biggest
prodllcers of electronics, it is expected that new (mobile) devices \Viii come with a native IPv6
protocol stack. However, these devices willlack the IPv4 stack dlle to its limitations and
additional implementation costs.
TraditionallPv4 networks willneed immediate lIpgrades to sllpport sllch IPv6-only endpoints if
the content providers willnot \Vant to lose revenlle from these IPv6-only lIsers.
On the other hand, all content providers will switch to dllal-stack configurations, serving the
same content both over IPv4 and IPv6. This will remain for so me time (maybe decades) to
sllpport IPv4-only devices in the IPv6 next-generation Internet.

Drivers for Adoption
This topic describes how II'v6 in Microsoft, open-source products, and government mandates
are additional drivers for adoption.
¡I; ::
Exhaustion of IPv4 Address Space
• Classless interdomain routing (CIDR, 1993), Network

Address Translation (NAT, 1998) and DHCP allow for more
efficient use of IPv4 address space and reuse of addresses.
• A transition to IPv6 is the only practical and available long-
term solution.
• Always-on connectivity, households having persistent
connections.
• ISP-wide NAT (CGN) + public routable addresses for a
surcharge.
• Creation of a market for IPv4 addresses?
Exhaustion of IPv4 Addresses

This subtopic outlines the problem ofll'v4 address exhaustion and points to the solutions for
addressing il.
There have been several enhancements in the II'v4 Internet to improve the efficiency ofhow
the address space is used. The distribution of II'v4 adclresses within classes (especially in larger
e1asses) is scattered, ancl Ihe host density ratio is usually pOOl'.
In certain markets, sen'ice providers atlracted customers by offering them always-on
connectivity. For this conncctivity, the service provider needed a pool of 11' adclresses that, once
assigned, could not be used for another user beca use these addresses were constantly
"occupied." Users grew accustomed to it and did not want to setlle for anything less, which
then left fewer unused addresses available.
A small number of service providers introduced carrier-grade NA T (CGN) devices that
performed ISI'-wide NAT. Consequently, customers were unable to accept inbound
connections from the Internet. For customers thal need to accept incoming connections, this
option \Vas usually offered with Ihe possibility of obtaining a complete public routable II'v4
address for a surcharge.
CGN is now used mostly by mobile operators for their users that access the Internet using
mobile phones, which usually do not host 11' Services. Thus they do not need incoming
connections. Mobile third-generation networks are asymmetrical in terms of user-available
bandwidth (upslream much less than downstream to the user). Therefore, hosting services do
not make sen se on a mobile device, and global inbound reachability is not needed.
One idea is to make address blocks available fOl' sale, but that would conflict wilh Ihe defillitioll
that IP add¡'esses are free, Secondly, once bOllght, they wOllld not be resold withollt reasonable
profit. Thirdly, bllying an IPv4 block and renllmbering yOllr hosts every time an enterprise
grows costs more than switching to IPv6 once,
© 2010 Cisco Systems, Inc. lntroduction to IPv6 1-49

m
1" 111111
After Exhaustion?
• Afterofficial exhaustion 01 IPv4, there will still be unused IPv4

addresses.
• Possible evolution 01 mechanisms to use "reserved" IPv4
ranges; the leasibility is questionable because moving to
IPv6 is a belter direction.
• Trade IPv4 blocks between organizations.
• lANA will run out 01 addresses first, then regional Internet
registrars (RIRs), and then local Internet registrars (LlRs).
The process will take approximately one year.
After officiallPv4 address exhaustion, there will still be IPv4 addresses available, but only at
organizations. Trade for this space among organizations could be possible, but introduces legal
issues and additional complexity to the global rou!ing table.
Another option \Vould be to use the reserved IPv4 ranges, such as Class E (240.0.0.0-
255.255.255.254), but this effor! would require software updates at both host and ne!work
devices and has been rejected by IETF. The necessary effo.1 and cost would be comparable or
worse than switching to IPv6 entirely.
One ofthe most »famous« recent recoveries was the reclamation ofthe 14.0.0.0/8 IPv4 address
range with assignments from 15 years ago. This range was once used to interconnect the
Internet \Vith other networks.
Forecas!s are tha! lANA \Viii run out oflPv4 addressing space in 2011-2012, and consequently,
regional and local Internet registrars \ViII run out of allocatiol1s afler tha!. 1t is possible that this
process might advance more slowly as IPv6 adop!ion in most "crowded" markets grows.
1111I1111.a: 2121
• & ¡¡¡1¡Mil 12 11111111 11 :a
IPv6 in Microsoft Products
• Modern Microsoft desktop operating systems (Windows 7,

Windows 2008 Server) support IPv6 and IPv4 concurrently.
• IPv6 connectivity is always preferred over IPv4 if both options
are available.
• Windows Vista started preferring IPv6 in the user interface as
well.
'!lWindows
~1i:l.
IPv6 in Modern Operating Systems

This topic describes IPv6 support in the most populm' operating systems, including Microsoft
and open-source platforms.
The new Microsoft Windows' operating systems support IPv6 natively. Windows XP already
had an IPv6 protocol stack, but it \Vas managed through the command line. In previous versions
of Windows, the IPv6 protocol staek had to be added manually.
IPv6 e01111eetivity is preferred over IPv4 ifboth options are present. This is one ofthe ways to
promote the use oflPv6. but it brings "diseomfort" as \Vell: ifthe IPv6 path is not fU11ctional in
the e11terprise net\Vork, the user willnot have connectivity u11less the application 01' Tep stack
falls back eorreetly to IPv4.
The operating system \ViII find a11 operating IPv6 stack i11 the system, and it will default to it.
However, it ean110t deteet ifthe upstream11etwork is 110t fully fU11ctio11al, and the traffic \Viii be
lost. The user has t\Vo options: either disable lhe local IPv6 stack 01' make a11 IPv6 path
fU11ctional towards the ISP.
The supp0l1 of IPv6 i11 Microsoft Windows is of key importance in e11abling user access to
IPv6-based c011te11t. Network i11frastructure a11e1 IP Services (sueh as DNS, and so on) must be
enabled.
I Windows logo: source Microsoft
© 2010 Cisco Systems, ¡ne. Introduclion to IPv6 1-51

111111111111111i Elb
IPv6 in Open-Source Products
• The open-source community adopted the IPv6 protocol very

quickly from its beginnings and supported the development of
the prolocol and its fealures.
• Open-source operaling syslems (UNIX- or Linux-based)
support IPv6.
• Various server software is available, including web, mail,
DNS, and DHCPv6 servers.
", .
The open-source community contriouted to Ihe development ofthe IPv6 prolocol suite. This
explains why IPv6 is very \Vell suppOlted in operating systems oased on open-source codeo
Major credit also goes lo the acacIemic communities and research networks, especially to the
communily maintaining the IPv6 test ground-the "6oone" network. This network ceased
operation when it achieved its goals: IPv6 standards development and testing.
For UNIX and Linux operating systems, all sorts of server software is availaole: fi'om \Veo
servers, to email servers, DNS servers, DHCPv6 servers, and others.
CEJa_1 111111 III ¡ 1111 I aL 11111 UiII22ll21212;. ilJlI 21111
IPv6 on Mobile Platforms
• Mobile devices are the key demand generators for IPv6

networks.
• Large potential base of users.
• Large areas of the world without "wired" network coverage can
be covered with wireless networks (3G and 4G, WiMax, etc.).
• One person can have many mobile devices and in-house
devices that need to synchronize online.
IPv6
Addresses
IPv6 on Other Platforms

Here we list important platforms that will encollrage the development and deployment of IPv6:
mobile platforms, cable networks, and indllstrial lIse.
Mobile lIsers are one ofthe first target markets 101' IPv6 deployments becallse, in many
cOllntl'Íes, the wired infrastrllctllre is not able to allow mllltiple millions ofllsers. Wireless
infrastrllcture (\Vith mobile clients) will be lIsed instead. User additions generally do not reqllire
lIpgrades to the infrastrllcture, and if lIpgrades are necessary, a large number of lIsers wi II
bcnefit. The crllcialmarkets for IPv6 development in this area are Asian cOllntries with high
poplIlation density and large potential for mobile network growth.
IPv6 will also accommodate the facl that one person can have many devices with IP addresses,
inclllding mobile phones, mobile email appliances. home thealer eqllipmenl, and devices for
intelligent home systems. These devices need to communicate with each other and be online at
the same time, each one requiring an IP address. With market growth, the IPv4 address
shortage pl'Oblem becomes even worse.
© 2010 Cisco Systems, Ine. Introduction to lPv6 1-53

li I
IPv6 on Cable Networks
• Every cable modem needs an IP address.

• Large cable service providers have run oul 01 IPv4 address
space lo manage cable modems and have moved lo IPv6.
• IPv6 addresses are supported on DOCSIS 3.0 devices.
Large cable operators are adopting IPv6 as wel!. In Ihe cable modem world, every cable
modem-as a customer premises equipmenl (CPE) device-needs an IP address lo
c0111municate. Obviously, this address musl come out of a range that a service provider uses,
and it must be publicly reachable for the user to have access lo the Internet.
IPv6 fils in very large cable networks, in which service providers need to manage a large
number of cable modems inside a single system. This scenario cannot be achieved using IPv4
as it wilI reach ils limits ofscalability. Major cable providers are performing tests to switch to
IPv6.
The communication in cable networks is defined using the Data-over-Cable Service Interface
Specifications (DOCSIS) standards, and the latest version that alIows IPv6 addresses is
DOCSIS 3.0. IPv6 was also supported as an inlerim solution on devices adhering to "DOCSIS
2.0 + IPv6" specifications.
ki di Jli i ¡1m I J2iIII!iI &i2 J12222
IPv6 in Industrial Applications
• IPv6 is suitable lorindustrial applications, where there are

many devices (tens 01 thousands) that need to communicate.
• Impossible to fit in IPv4 subnets, even using the 10.0.0.0/8
private IP address range.
• Examples are temperature or seismic sensors, RFID tags,
LED lighting systems, and so on.
In industrial environments, IPv6 is usable in micro-devices that perform a specific task and
retmn the result to a central management system. Examples ofsuch devices are sensors, valves,
lighting objects, electrical measurement devices (Smart Grids) etc., which can be controlled
remotely. For remote control, however, they need to be reachable. With IPv6, it is possible to
cleploy tholtsands of devices-each one with its own IPv6 aclclress-and to configure them
ltsing IPv6 autoconfigurationmethocls.
Note LED screens on the 2008 Beijing Olympics were controlled by LED arrays, each one having
its own IPv6 address.

ii
Government Mandates
• There are several governments and agencies encouraging

the transition to IPv6, including:
- U.S. (Office of Management and Budget)
- European Union (Europea n Commission)
- "BRIC" countries (Brazil, Russia, India, China) and
emerging markets
• Usually, a percentage of networks to use IPv6 is mandated.
• Availability of content over IPv6 and dual stack, or dual stack.
"20% by 2011!"
Government Mandates
Governments around the globe encourage the adoption oflPv6 lO maintain eompetitiveness of
their eeonomies.
lnsisting on IPv4 networks and developing meehanisms to inerease the utilization oflPv4
addresses adels eomplexity lo nelworks. These eomplex networks need maintenanee. which
involves higher operating eosts. These eosts eoulel be avoided iflhe networks developed
towards simpler protoeols, such as IPv6, whieh are more scalable anel easier to mainlain.
To boost the effieiency in enterprises and inerease eompeliliveness economy as a whole.
governmenls reeognizeel the oppOliunity anelmandated the use oflPv6 in networks. Sueh
examples are. among others, the European Union (with the European Commission to en force
the rules) and the U.S. (Offiee of Managemenl and Budgel).
The rules elefine the amount of content to be aeeessible Ihrough IPv6 and Ihe percenlage (01'
porlion) ofpublic entity nelworks lo use IPv6 as Iheir core prolocol, or dual slack.
1-56 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, tne.
Summary
This topie sllmmarizes the key points that were disclIssed in this lesson.
liii 2 :a ES: 2
Summary
• IPv6 acceplance in Ihese crucialmarket segments is required:

enterprises, conlenl providers, consumers, and service
providers.
• To boost growth, IPv6 is added as the primary palh in operaling
syslems and is mandated by governmenls lo mainlain economic
compelitiveness.
• IPv6 has potential in areas with large population densily and in
industrial applications, wherever many IP addresses are
required.
• Users will hold several IP addresses, from their office computer
lo Iheir mobile and home appliances, lo cars, ele.
• Efforts lo mainlain IPv4 have increased network complexily and
the costs lo mainlain such networks, while potentially slowing
down Ihe developmenl lowards IPv6 networks.
References
For additional informalion, refer to these reSOllrees:
• A Pragmatie Report on IPv4 Address Space Consllmption
http://www.cisco.eom/web/abollt/aeI23/acI47/archivedjssues/ip.L8-3/ipv4.html
• Microsoft Internet Protocol Version 6 (lPv6)
http://tee hncLm ieroso rt.eom/cn-lIs/netlVork/bb5 3096 J.aspx
• US Government lIsing IPv6
hUp:/lipv6 .comlartic les/genera l/U S_Govern ment_1 Pv6. hlm
• ElIropean Commission IPv6 Task Force
http://IVIVIV .ell. ipv6tf.org/i n/i- index. ph p#
• CabJeLabs Issues DOCSIS 3.0 Speeifieations Enabling 160 Mbps
http://wIVIV.eablelabs.com/ncws/pr/2006/06_pl~dacs is3 0_.080706. hlml
• IPv4 Address Exhallstion
htlp:/len. \Vik iped ia.org/wik ill Pv4_ address_exhallstion#Mobi le_ devices
© 2010 Cisco Systems, Ine. Introduction to IPv6 1·57

Module Surnrnary
-
This topie summarizes the key points that were diseussed in this module.
Module Summary
• ia
• Advaneed features, sueh as QoS, IPsee, and the growing

searcity of IPv4 addresses, prompted the development of
IPv6.
• The large address space for IPv6 supports autoconfiguration
by reserving 54 bits for the host number on a given subnet.
• IPv5 has potential in areas with large population density and
in industrial applications-wherever many IP addresses are
required.
© 2010 Cisco Systems, lnc. Introduction to lPv6 1-59

1-60 IPv6 Fundamenlals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Module Self-Check
Use the questions here to review what yotl learned in this module. The eorreet answers and
solutions are found in the Module Self-Cheek Answer Key.
Q 1) Whieh three are I Pv4 address eonservation meehanisms? (Choose three.) (Souree:
Explaining the Rationale for IPv6)
A) NAT
B) CIDR
C) address subnetting
D) address alloeation
E) DHCP
Q2) New featme support, sueh as quality of serviee, IP seeurity, and mobile IP, were driven
by what force? (Somee: Explaining the Rationale for IPv6)
A) DARPA
B) ARPA
C) address shortages
D) Internet growth
E) defense eontraets
Q3) Whieh two issues did NAT ereate while helping with IPv4 address eonservation?
(Choose t\Vo.) (Souree: Explaining the Rationale for IPv6)
A) breaks the end-to-end model
B) requires no traeking oftranslation transaetions
C) requires end-to-end seeurity
D) breaks end-to-end secmity
E) requires the deployment of application-Iayer gateways
Q4) The IPv6 header is eonstructed differently from an IPv4 header. Which two key
benefits result from the redesign? (Choose two.) (Source: Evaluating IPv6 Features and
Benefits)
A) inereases the number of lookups for processing
B) aligns the header on 64 bits to allow for faster proeessing
C) reduces the number of lookups for processing
D) removes a number of fields, thus requiring less proeessing
E) changes the header placements, requiring less proeessing
Q5) In which way \Viii seeurity in IPv6-enabled environments be different? (Somee:
Evaluating IPv6 Featmes and Benefits)
A) IPsee support is mandated for every IPv6 node.
B) IPsee has been improved for IPv6 nodes.
C) IPsec support in IPv6 now includes a global key deployment.
D) I Psec is no longer used in I Pv6 networks.

Q6) Which three IPv4 header fields were dropped when IPv6 was created? (Choose three.)
(Sollrce: Understanding Market Drivers)
A) IHL
B) Type of Service
C) Header Checksllm
D) Flags
E) Flow Label
Q7) The extension headers serve which important fllnction in IPv6 networks? (Source:
UnderstancIing Market Drivers)
A) identity optional processes that can be rlln on each I Pv6 packet
B) allow IPv6 nodes to maniplllate rOllters
C) identify processes that maniplIlate the rollters in the path of a packet
D) replace (he traditional role ofTCP and UDP in a network
1·62 IPv6 Fundamentals. Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, lnc.
Module Self-Check Answer Key
QI) ¡\,Il,E
Q2) D
Q3) ¡\,D
Q4) Il,D
Q5) ¡\
(6) ¡\, C, D
(7) ¡\
© 201 o Cisco Systems, Inc. Introduction to IPv6 1-63

·~
• 1
Module 21
IPv60perations
Overview
As a Layer 3 protocol, IP version 6 (IPv6) has a broad impact on the operations ofthe network
and the interactions with other s)'stems and other layers ofthe Open Systems Interconnection
(OSI) model. This module describes the structure ofthe IPv6 address format, how IPv6
interacts with data link layer technologies, and holV IPv6 is suppOlted in Cisco lOS Software.
With anunderstanding ofbasic IPv6 operations, yOll will be more successful in your IPv6
integration efforts.
Module Objectives
Upon completing this module, you will be able to describe the structure oflhe IPv6 address
format, how IPv6 interacts with data link layer technologies, and how IPv6 is supported in
Cisco lOS Software. This ability ineludes being able to meet these objectives:
• Describe the IPv6 addressing architecture, including types of addresses and ade!ress
representation
• Describe changes in Ihe I Pv6 heae!er ane! the purpose of extension headers
• Configure IPv6 on the Windows XP, Windows 7, and Linux operating systems
• Describe and use Cisco lOS commane!s to enable IPv6 on Cisco routers
• Describe ICMPv6 message types ane! how they are used to troubleshoot IPv6 issues, and
describe the neighbor discovely protocol
• Configure ane! troubleshoot a Cisco lOS router to sllpport IPv6 operation
Lesson 1
Understanding the IPv6

Addressing Architecture
Overview
The IP addressing architecture is fundamental to how addresses are allocated, how nodes are
numbered, how routing tables are constructed, and how packets are routed throughout the
network, With a 128-bit address length, the I P version 6 (IPv6) address space is significantly
larger and more diverse, and thus is more complicated lo manage, This lesson describes the
IPv6 addressing architecture, including types ofaddresses and address representation and the
types of addresses that difTerent types of devices are expected to have.
Objectives
Upon completing this lesson, you will be able to describe the IPv6 addressing architecture,
including types ofaddresses and address representalion. This ability ineludes being able to
meet these objectives:
• Describe the IPv6 addressing architecture
• Describe the format and uses of the various types of IPv6 addresses
• Create and use the various types of IPv6 addresses
Determine the required IPv6 addresses for an IPv6 host and an IPv6 muter
IPv6 Addressing Architecture
This topic describes the IPv6 addressing architecture.
.2 1iI1'IIlIIIiImn ¡al 2 Ui iJ a
IPv6 Addressing Architecture

Address Representation: Format
• X:X:X:X:X:X:X:X, where x is a 16-bit hexadecimal field:
- Example: 2001 :ODB8:010F:0001 :OOOO:OOOO:OOOO:OACD
-" Case-insensitive
• Leading zeros in a field are optional:
- Example: 2001:DB8:10F:1:0:0:0:ACD
• Successive fields of O are represented as "::", but only once
in an address:
- Example: 2001:DB8:10F:1::ACD
'. 000
IPv6 addresses are represented as a series of eight 16-bit hexadecimal fields that are separated
by colons. The A, B, e, D, E, and F in hexadecimal fields are case-insensitive.
These are some ways to shorten the writing of IPv6 addresses:
• The leading zeros in a field are optional, so 01 OF can be written as I OF and 0000 can be
written as O.
• Successive fields ofzeros can be represented as a double colon (::), but only once in an
address. An address parser can identify the number ofmissing zeros by separating the two
parts and filling in zeros until the 128 bits are completed. However, iftwo double colons
are placed in the address, there is no way to identify the size of each block ofzeros.
Therefore, only one double colon is possible in a valid IPv6 address.
The use ofthe double-colon technique makes many addresses very small; for example,
FFO I :0:0:0:0:0:0: I becomes rro 1:: l. The unspecified address is written as a double colon
beca use it contains only zeros.
2-4 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Ine.
11m 2i 2 111m ti 111111 aH 1111
IPv6 Addressing Architecture (Cont.)

Address Representation: Example
• Full address:
.- 2001 :ODB8:0000:0000:FFFF:0000:0000:OADC
• Correet representations:
- 2001 :DB8::FFFF:0:0:ADC
_ 2001:DB8:0:0:FFFF::ADC --? "(\c:',\,, '/J I 5~. ""
• Ineorreet representation:
- 2001:DB8::0FF::AD
This figure sho\Vs the use ofthe double colon to represent ll1ultiple contiguous 16-bit chunks of
zeros in an I Pv6 address. The last representation that is sho\Vn in the figure is incorrect: The
"::" notation can appear only once in an address because ll1ultiple uses can ll1ake the address
all1biguous. In that last exall1ple, the parser cannot tell whether the ll1issing bits (four 16-bit
sections) are apportioned with 16 at the first double colon and 48 at the last double colon or
SOll1e other cOll1bination.
© 2010 Cisco Systems, Ine. IPv6 Operations 2-5

IPv6 Addressing Architecture (Cont.) n
Address Representation: Further Examples
()
()
FullAddress Correct Represenla1lon
FF02:0:0:Ó:0:0:0:1 FF02::1
, .
FF15:0:0:0:0:0:1 :e001 FF15::1:C001
0:0:0:0:0:0:0:1
• :: 1 l •• ~\;,:., \<.
0:0:0:0:0:0:0:0 "-"1 1\<: '- ~~\ ~~,ut\u"
These are more examples of corree! IPv6 address representations: o

• FF02:: 1 represents all IPv6 nodes lVi/hin the link-Iocalmulticast/
• FF 15:: 1:COO 1 represellls temporary site-Iocal multicas!. / O
• :: 1 represents loopback. /
• :: is unspec ified. I
2·6 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
12 111111111111 1 1&211
• mil lii 2iIllUIIJ 2
IPv6 Addressing Architectljre (Cont.)

IPv4-Compatible and IPv4-Mapped Formats
• IPv4-compatible (deprecated, RFC 4291) :
- 0:0:0:0:0:0:192.0.2.100
- =::192.0.2.100
... =::COOO:0264
• IPv4-mapped:
- 0:0:0:0:0:FFFF:192.0.2.100
_. =::FFFF:COOO:0264
~
To process automatic tunnels overlP version 4 (IPv4), a speciallPv4-compatible IPv6 address

format is defined as ::A, B, e, D. where A. B. e, and D are the I Pv4 addresses in decimal form.
Few systems will accept this addressing formal. More often, the IPv4 address will need to be
converted lo hexadecimal, a transition mechanism that is not implemented in every IPv6 stack.
IPv4-compatible addressing has been deprecated but is included here for reference.
The IPv4-mapped IPv6 address is used for internal system mechanisms and should never be
transmitted to the network by a nade. This mechanism allows systems lo represent IPv4
addresses as 128-bit IPv6 addresses.

11 l1li
IPv6 Addressing Architecture (Cont.)

URL ~""u'.¡'7
http://2001:088:1003::F:8080/index.html
• Is 8080 part of the address or a por! number?
In a URL, the address is enclosed in brackets:
• Example: http://[2001:0B8:1003::F]:8080/index.html
• Not a new concep!: works with IPv4 addresses
';)"~')'J,lo..\.;~ .
• Cumbersome for users
• Mostly for diagnostic purposes /
• Use ~9D1'-Is whenever possible v
. 00', •. ,;>
In a URL, the colon is already used to place an optional port number, as illustrated in the URL
http://www.example.com:8080Iindex.html. A URL parser musl Ihen differentiate between Ihe
colon of a porl nllmber and Ihe colon inside an IPv6 address, which is impossible because of
the compression technique. To idenlifY ils IPv6 address while keeping Ihe colon, Ihe address
musl be enclosed belwecn brackets, as shown in Ihe figure.
Using IPv6 addresses inside a URL is cumbersome for users and should be used only for
diagnostic purposes or when no naming service is available. Olherwise, fully qualified doma in
names (FQDNs) should be lIsed in place ofthese literallPv6 addresses (called literals).
2,8 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Ine.
o IPv6 Address Formats and Types
o This topic describes Ihe format and uses ofthe various types of IPv6 addresses.
u IPv6 Address Formats and Types

o Address Types
L' \)\. ~ ~~<:..~",.... ~ ..... :"('o. \~ \) . ..:\C u.. ,'}.,,). ,L':I ;}Q\,,,\ .
•
\ : \ ')
• Unicast
u • Mullicast
• Anycast
• • •
o • No broadcas t in IPv6
• /' •
o •
•
o •
"'. •
u
..-.. .
'U
. , ., ~
IPv6 supports three types of addresses:

u • Unicast
• Multicast
o • Anycast
o Each address type has specific rules regarding its construction and use.
IPv6 has no support for broadcast addresses in the way that they are used in IPv4 . Instead,
o specific mullicast addresses (such as the all nodes multicasl address) are used.
o
o
o
o
o
o
o © 2010 Cisco Systems, Ine. IPv6 Operations 2-9
IPv6 Address Formats and Types (Cont.)
Unicast
• Unicast addresses are used in a one-to-one context.
• IPv6 unicast addresses:
o
- Global unicast addresses
- Link-local addresses -, ~ ",N ; , ~ (,:)..,)\,., ..... -:::, .
- Unique local addresses -) ;'", ~< \ :, \-oc . .\. . . "o'\..~ .. ' "
- Special-purpose unicast:
• Unspecified
• Loopback
• IPv4-mapped
n
o
o
IPv6 unicast addresses can be aggregated with prefixes ofarbitrary bit length, like IPv4
adclresses under classless interdomain routing (CIDR).
There are several types ofunicast adclresses in IPv6, including global addresses, site-Iocal
adclresses (cleprecated), unique loca l acldresses, and link-local addresses, There are also some
spec ial-purpose subtypes of globalunicast, such as the unspecified address, loopback address,
ancllPv6 acldresses with embedded IPv4 addresses. Additional address types or subtypes might
be defined in the future.
o
o
o
()
u
u IPv6 Address Formats and Types (Cont.)
Link-Local Addresses
TTl
u • Have a scope limited to the link
o...\c:.u..... c.....
• Are automatically configured with the interface ID
u • When used, must be paired with outgoing interface

information
u .......
' h-"
.......
I o
128 Bits
interface ldenilfler
u 1111111010
FE80 ::110
64 Bits
u 10 Bits
~,\ ",~"",~ \~,
\
¡:
~-.---J
u
AIIIPv6-enabled interfaces must have a link-local address.
Link-local addresses are used for addressing on a single link, so they have a scope thal is
limiled lo the link. Link-local addresses are creMed dynamically on alllPv6 inlerfaces by using
a specific link- local prefix, FE80::/ IO, and a 64-bit interface idenlifrer.
Link-local addresses are used for automatic address contiguration, neighbor discovery, and
u ro uler di scovery. Many rouling prolocols also use Ihe addresses.
Link-local addresses can serve as a \Vay lo connect devices on Ihe same localnetwork, withoul
u requiring global or unique local addresses.
When communicating \Vilh a link-loca l address, you musl spec ify Ihe outgoing inlerface
u bec3use every interface connects lO FE80::/1 O.
Tip IPv6 has a 128-bit address space, but 64 bits are used for the host numbe r on the subne!. A
u belter way to look at the address space is to say that IPv6 supports 2" subnets, and each
subnet can have a practically unlimited number of hosts. In any case, there are more than
enough networks and hosts for the future.
G
u
o
u
Interface Identifiers \. ~o,~,;. " Ol\ )
• Used to identify interfaces on a link:
- Must be unique on that link
v"'~'" .
- Can be globally unique
• Unicast addresses should have a 64-bit interface ID:
n
- Except for unicast addresses that start with binarv 000 ~ Q:, "'.,' ()" '. o ~ .
- Interface ID constructed in modified EUI-64 format ,;,,,1>-.,, " 1..
128 Bits
n
Interface Iden!ifier
64 Bits
n
Interface identifiers in IPv6 tlnicast addresses are used to identify interfaces on a link. The
identifiers can also be thought of as lhe host portion of an IPv6 address and mus! be unique on
tha! link. These identifiers Illay a lso be unique over a broader scope: When the iden!ifier is ()
derived direclly fromlhe data link layer address oflhe interface (for example, IEEE 802 MAC),
Ihe scope ofthat identifier is assullled to be uni ve rsa l (global).
Interface identifiers are always 64 bits and can be crealed dyna111ically, based on Layer 2
addresses stlch as Ethernet MAC addresses.
n
n
n
n
2-12 IPv6 Fundamenlals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
n
u
Global Unicast Addresses
u • Global unicast addresses are addresses lor generic use 01 IPv6
• Interface identilier should be kept at 64 bits
u
o Provider Site Interface
n Bits m Bits 128-n-m Bits

u \ \
I Gldpar Routl.ng Prefix SubnOl, ID ' I"terface Idenfifier .1
u I
1Z'!l
,2
\ \s í \ ( \ ,,,'k,
, 1--+
'S \\-~
r--I \'"
u
u Globalllnicast addresses correspond to the principalllse oflPv6 addresses for generic global
IPv6 traffic and conSllme the most important part ofthe address space,
u The strllctme of a globalllnicast address is as follows:

• A global rollting prefix, typically a /48, is assigned to a site,
u • A sllbnet iclentifier, typically 16 bits, is lIsed to identify links within a site.

• A 64-bit interface identifier identifies the interface ofthe node,
u The interface identifier can be or arbitrary length bllt shollld be kept at 64 bits fOl" several
rea$ons:
u • Stateless alltoconfigllration ofhosts depends on the 64-bit length ofthe interface identifier.
• Some operating systems, sllch as Microsoft Windows XP, do not allow the changing ofthe
u defalll! network mask.
• Becallse ofthe greater length ofaddresses inlPv6, some hardware platforms might be
u limited to hardware-assisted forwarding ofpretixes that are as long as 64 bits, Longer

prefixes are processed in software.
u Examples of global addresses can be fOllnd in RFC 3587, IPv6 Global Unicasl Address
Forll/al. The strllctllre that is proposed in this docllment provides for aggregation ofrollting
prefixes to limit the nllmber of entries in the global rollting table.
Later in the COllrse, yOll will see ho\V the Internet Assigned NlImbers AlIthority (lANA) and the
Regional Internet Reg istries (RlRs) allocate IPv6 globalllnicast address space from the range
of addresses that start lVith binary vallle 00 I (2000::/3).
o
© 2010 Cisco Systems, Inc. IPv6 Operations 2-13
IPv6 Address Formats and Types (Cont.) n
Unique Local Unicast Addresses (RFC 4193)
• FCOO::/7
- FCOO: :/8 planned to be globally managed I \ <\-"'1'> , L" L""'C
n
' ,,\~ ,,~) ...J..,
- FOOO::/8 assigned locally by network administration / C., ..... '" "
• For network in which only internal IPv6 communication is ¡:: t~P.· ¡: \") (} ~:I
required
• Not routable on the Internet n
Random
Prefix Identifier
Site Interface
n
8 Bits 40 Bits 16 Bits 64 Bits
/
I FDOO:l8 I Global ID ISub""IID I Interface Identili,er
.~ .....
Uniqlle loca l addresses were designed as a replacemellt for site-Iocal addresses, specilica lly to
reso lve some scopillg isslles. Uniqlle loca l addresses have a site-specific scope bllt are almost
g lobally IIllique; that is, they are highly unlikely to have an address-space clash.
The structure of a unique loca l address is as follows:
• The FDOO: :/8 prefix:
Indicates a loca lly assigned unique loca l address
Is reserved for possible use as a centrally registered unique local address n
• A 40-bit, pselldo-ra lldom globa l ID: the least significant 40 bits from the result o f Secure
I-Iash Algorithm 1 (SHA-I) (64- bit time of day + extended IInique identifier [EU 1)-64)
• A 16-bit subnet ID to idelltify the subnet within the site
n
• A 64-bit interface identifier
Ullique loca l addresses are defined in RFC 4193 , Ulliq/le Loca11P,,6 Ul1icost Addresses. These
addresses are used spec ifically to add ress implementation problems with the use of site-Iocal
addresses, as well as address space clashes that such use might cause. Uniqlle local addresses
also provide an IP addressing mechanism for organizations that prefer the concept ofprivate
address space for most internal comlllunications and as part oftheir security policy architecture.
Tip Today, many companies use RFC 1918 addresses within the ir organizations. Nelwark
engineers tend to gravitate toward the 10.0.0.0/8 reserved block. This practice leads to n
problems when companies merge. The Internet Engineering Task Force (IETF) was
concerned that the same issue wou ld ari se with site-Ioca l addresses, so it designed unique
local addresses lo introduce a large random component ¡nto the nonroutable prefix space.
There is almost no chance of a prefix collision when two merging companies use properly
self-a llocated unique loca l address prefixes.
2-14 IPv6 Fundamentals, Design , and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
o
o IPv6 Address Formats and Types (Cont.)
Unspecified and Loopback Addresses
o • Unspecified address:
- 0:0:0:0:0:0:0:0 M t,.",,~
u - Used as a placeholifer when no address is available

(initial DHCP request, DAD)
• Loopback address:
o - 0:0:0:0:0:0:0:1
- Same as 127.0.0.1 in IPv4
- Identifies self
u cA \ ~ f'I"I ;"d"'1 ,
u
u
u An unspecified address is 0:0:0 :0: 0:0:0:0, or simply ":: ".
An unspecified address is used on a network only as a source address For special purposes. An
u un specitied address is a placeholder whenno address is available. For examp le, an unspecified
address is used when a hosl requests an add ress to a DH C P server or when a Duplicale ~
Delection (DAD) packet is sen!. An unspecified address should never be lhe source address oF
u an IPv6 packet, and routers must not Forward packets with an unspecified source.
The loopback address identifies a local interFace in lhe IP stack. Thi s address is lhe IPv6
u equiva lent oFthe IPv4 127.0.0. 1 loopback. The address is 0:0:0:0:0:0:0: 1, or simply :: l .
o
o
o
o
o
o © 2010 Cisco Systems, Ine. IPv6 Operalions 2-15
IPv6 Address Uses
This tapie describes how to create and use the various types of IPv6 addresses.
UZjm
IPv6 Address Uses

I Pv4-Mapped Addresses
• Used to represent the addresses 01 IPv4 nades as IPv6
addresses
• Used lar next-hop representation in 6PE and 6VPE
• Used in network stacks when both address lamilies are
processed internally as IPv6 (e.g., Linux)
80 Bits 16 Bits 32 Bits
O:O:O:O:O:FFFF: 192.0.2.1 00
= ::FFFF:192.0.2.100
:::
= ::FFFF:COOO:0246
IPv4-mapped addresses are IPv6 addresses that represent an IPv4 address. On a dual-stack nade
(a nade that SUppOlts both IPv6 and IPv4), an IPv6 application that sends traffic to a destination
tha! is represented by an IPv4-mapped IPv6 address will send IPv4 packets to that IPv4
destination.
In most cases, the IPv4-mapped addresses are used inside the dual-stack nade application
programming interface (API; see RFC 2133). RFC 2765, Sta/eless ¡PI/CMP Transla/ioll
AIgori/{¡1II (SffT), specifies a transition mechanism in which IPv4-mapped addresses are used in
IPv6 packets. Dual-stack nades often internally treat IPv4 addresses as IPv4-mapped addresses,
to process IP addresses as 128 bits. Syslog entries on a dual-stack system that logs IPv4
addresses are often logged as 1Pv4-mapped 128-bit addresses. These entries are also used for
next-hop represcntation with Cisco IPv6 Provider Edge (6PE) and IPv6 Virtual Private
Network (VPN) Provider Edge (6VPE) routers, when anlPv4 address is used for the next hop
ofan IPv6 prefix.
2-16 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, lnc,
o
u IPv6 Address Uses '(Cont.)
Mullicasl Addresses
• Mullicasl is used in Ihe conlexl 01 one lo many.
CJ • Explicil mullicasl scope is a new concepl in IPv6.
o . .) n !
112 Bils
Group ID
u 1111 1'~';';"":::" """"""""" " """"""

Flags = { 4 Bits = "O", "R", "P", "T"
F.! F Flag9,·1 SCO~ .1
o 8 Bits
\
T
/ '--
8Bits l
~
1 = Interface-Local ( \ • o p
2 = Link-Local (D.~"., lfr"')
\". ,1<. )
3 = Subnet-Local;\ '" i . ~. ;,1-.. \
u 5co ('~ Scope = 4 = Admin-Local (C .. ~~L !')...JL<I.\--1 "A 5corº

5= Site-Local , (. ~. "' ,:he
8 = Organization ).
E = Global (1.1, _'o \ .) ~'"
o (l .
p ¡:: O 1. .•• ;. 1"
•
MJ\\,rv r' \:\(,~
u A multicast address identifies a group of interfaces. Traffíc that is sent to a mu lticast address is
sent to multiple destinations at the same time. An interface may belong to any number of
multicast groups. Multicast is used in the core ofmany functions inlPv6.
ü Multicast addresses are defined by the prefix FFOO::/8. The second octet defines the flags and
the scope ofthe multicast address. Flags are defined as ORPT, and these conditions apply:
o • O is reserved and must equal O.
• R indicates rendezvous point and is almost al\Vays set to O.
o • P indicates prefix dependency and is almost always set to O.
o • T is the temporary bit. For a temporary multicast address, T equals 1; for a pennanent
multicast address, T equals O.
o Note II R equals 1, P and T must also equal 1.
o The scope parameter equals I for the scope oflhe interface (Ioopback transmission); 2 for the
link scope (Iike the unicast link· local seo pe): J for Ihe subnet-Iocal scope, in which subnels
may span multiple links; 4 for the administrative-Iocal scope (administratively configured); 5
o for the site scope: 8 for the organizational scope (multiple sites): and E for the global scope. For
example, a mullicasl address that starts with FF02: :116 is a permanent multicast address with a
link-local scope.
o The lower 112 bits ofthe multicast address con slilute the multicast grollp ID.
MlIlticast is freqllently used in IPv6 and replaces broadcast. There is no broadcast in IPv6 .
u There is no Time to Live (TTLl in IPv6 multicas!. The scoping is defined inside the address.
o
o
© 2010 Cisco Systems, lnc. IPv6 Operations 2-17
u
[ ji! &
IPv6 Address Uses (Cont.)

Mullicasl Assigned Addresses (RFC 2375)
• FFOX:: is reserved (X is from Ihe range from o lo F) .
• Inside Ihis range, Ihe foliowing addresses are assigned:
FF02::2 AII routers Link-local (

f~<
FF02::9 AH RIP routers Link-local

FF02:: 1: FFXX:XXXX Solicited-node Link-local
FF05::101 . AH NTP servers ..• : Site-Ioeal.:
- ~- ~ "< :
FF05::1:3 AH DHCP servers Site-Iocal

FFOX::127. CISCO-RP-ANNOUNCE·· Any scope .....
FFOX::128 CISCO-RP-DISCOVERY Any scope
The mullicast addresses FFOO:: to FFOF:: are reserved. Inside that range, RFC 2375 assigns
these addresses, nJnong others:
• FF02:: 1 represents all nades on the link-local scope.
• FF02::2 represents all routers on the link-local seo pe.
• FF02::9 represents all Routing Information Protocol (RIP) routers on the link.
• FF02:: 1 represents FFXX:XXXX: solicited-node.
• FF05::IOI represents all Network Time Protocol (NTP) servers on the site-Iocal scope.
• FF05:: 1:3 represents all DHCP servers in site.
• FFOX:: 127 represe.lIs CISCO-RP-ANNOUNCE (multicas! rendezvous poin!).
• FFOX:: 128 represents CISCO-RP-DISCOVERY.
u
u IPv6 Address Uses (Cont.)
AnycastAddresses
u • Used in the context 01 one-to-nearest (\', \ )
• Assigned to more than one interface (\: '" ~~ > .. \ in'>" (" l )
• Allocated lrom the unicast address space <-

u \ t" y <>. ...~Q
• Indistingu!~~~~~,:" Irom regular unicl!§!.addresses

• Must be explicitly conligured as anycast on the node
u • AII nodes with the same anycast address should behave the
sameway,
u n Bits 128-n Bits
u Préfix Il)tertace IdenlUler
u
u An IPv6 anycast address is assigned to an interface on more than one node, When a packet is
sent to an anycast address, it is routed to the neal'est interface that has that add ress, The nearest
interface is found according to the measure ofd istance ofthe particular routing protocol , AII
u nades that share the sa me address should beha ve the same way so that the service is offered
similarly regardless ofthe nade that services the reques!.
u The idea ofanycast in IP was proposed in 1993, For IPv6, anycast is defined as a way to send a
packet to the nearest interface that is a mem ber o fth e anycast group, This technique enables a
type of mechanism that can discover the neal'est nade of a spec ific group,
u Anycast addresses are a llocated from the unicast address space, so they are indistingui shable
from the unicast address, When the anycast addresses are assigned to a node interface, the nade
must be explicitly configured to know that the address is an anycast add ress,
There is li!tle widespread experience with anycast usage, The router-subnet anycast and the
u Mobile IPv6 home agent anycast are among the few anycast addresses that are currently
assigned.
u Tip The root Domain Name System (DNS) servers use IPv4 anycasl. There are 13 root server
'-
addresses, but a much larger number 01 widely dispersed hosts provide D~e rvices .
Anycast is a powerful lunction 01 IP networks and is probably underused today, /
-
u
o
© 2010 Cisco Syslems, Ine. IPv6 Operations 2-19
( \

IPv4 Anycast Example
• BGP determines whieh destination will reeeive traffie .
• Used for root ONS servers, 6t04 relays , etc.
n
192.5.5.24 1
(
BGP Announce
192.5.5.0/24
BGP Announce
192.5.5.0124
Delivered lo the
nearesl f.root-
n
Sender
.... .... "" "'''J:'' .,- •. .<

~_ ' ... " . ,r. .....,
n
This example shows how anycasl is be ing lIsed on the IPv4 Internet.
The 1Pv4 address of Ihe F root na me server is 192.5.5.24 1. The I Pv4 network 192.5.5.0/24 is
adveltised by a rew alllonomolls systems across the Intemet. A packe! Iha! is deslined for
192 .5.5.24 1 wi ll go lo Ihe nemes! aclverl is ing alltonomolls system. based on the Border
Gateway Protneol <BGP) I'OlIli ng table. Therefore, more than one physical server and network
can prov ide the same serv ice in different geographical locations, making Ihe service more
resilient to falllts.
Thi s example al so app lies for IPv6 . The IPv6 address ofthe same server is 2001 :500:2F::F. / 0')
;
n
2·20 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems. Inc.
n
111 II ¡ti a lZii J I UUI ¡ ¡¡¡ElIIIII 12 111211l1li11

Anycast Addresses: LAN
• Nearest anycast address is whichever host is put into Node
Q neighbor cache lirst.
• DAD is not done lar these addresses.
2001 :088::20 2001 :088::20 2001:088::20 2001 :088::30

NodeA Node B Nade e Nade Q
This exa1l1ple shows how, in IPv6, anycast addressing can be acc01l1plished on-link. When an
address is assigned to an interface, an option 01' switch specifies that the address is an anycast
address. When an anycast address is applied to an interface, that interface processes neighbor
discovery differelltly (sllch as sllppressillg DAD) to acc01l11l10date dllplicate addresses oll-link.

Required IPv6 Addresses
This topic describes how to determine lhe required IPv6 addresses for an IPv6 host and an IPv6
router.
&
Required IPv6 Addresses

Required Hast Addresses
An IPv6 hast interface requires the following IPv6
addresses for proper operation:
• A link-local address
• Loopback address (::1)
• AII-nodes mullicasl address (FF02::1)
• Any additional unicast and anycast addresses configured
(aulomatically or manually)
• Solicited-node mullicast address for each of ils unicasl and
anycasl addresses
• Mullicasl addresses of all olher groups lo which Ihe hosl belongs
An IPv6 hosl has many IPv6 addresses, all ofwhich are used in different contexts. This is a
good example of the power of IPv6. lis address space enables efficient use of addresses for
protocol designo
Solicited-node mullicast addresses are discussed with Ihe neighbor discove.y prolocol, later in
Ihe course.
2-22 IPv6 Fundamentats. Design. and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
mlllllllll • ¡ l&llll!11 i ;;12 Ji Ji 2iil1
Required IPv6 Addresses (Cont.)

Required Router Addresses
An IPv6 router interface requires the following IPv6
addresses for proper operation: '
• Al! 01 the required host addresses ,/
• Al! router multicast addresses (FF02::2) Q..,,\., \'»
• Other unic~st or anycast-configured addresses
An IPv6 rouler is firsl an IPv6 nade, so il has all Ihe required host addresses. In ils funclion as a
router, il has additional addresses, as lisled in Ihe figure.

..
Addressing Architecture
The graph shows the lANA assignments of IPv6
addresses:
• X axis = Full address space
• y axis =O or 1 if space is alloca!ed
• 1 does no! mean !ha! space is used, only !ha! i! is reserved
by lANA
IPv6 Addresslng Architecture
11 21 31 41 51 61 71 81 91 101 111 121 131 141 151 161 171 181 191 201 211 221 231 241 251
Full Address Space
., ~-'~ .,.,- "
In the figure, !he X axis represents the complete address space, divided into 256 parts, from I to
256. The Y axis is binary and is I when the space is assigned.
The assigned address range is not related to the actual allocation to users and networks:
• Jl:.:/3 represents the specialunicast address space (uns~ified, loopb~k, IPv4-compatible,
and IPv4-mapped addresses).
• 2000::/3 is the range from which the lANA allocates IPv6 unicast addresses. That range
represents 1/8 of the address space and is shown as the largest black part on the char!.
• FCOO::/7 is the unique localunicast address range. whieh uses 1lJ.28.Q[the address spaee
and is shown by the narrow black line near the right side ofthe ehar!.
• FE80::/I O is the link-Iocalunicast address range, whieh uses 1/1024 ofthe address spaee.
Th is range is too sma 11 to be seen on the ehart but would be at the rightmosl end.
• PECO::/I O is the sile-Iocalunicast address range, whieh uses 1/1024 ofthe address spaee.
This range is loo small lo be seen on !he ehart bu! would be at !he rightmost end. Although
site-Ioeal addresses have been depreeated. this address space is reserved for the foreseeable
tilture, to preven! compalibility problems.
• FFOO::/8 is lhe multieas! address range, whieh uses 1/256 ofthe address spaee and is shown
as lhe lasl small black line at the rightmost end ofthe ehar!.
o
o Requi red IPv6 Addresses (Cont.)
Privacy Interface Identifier
u • Oefined in RFC 3041

• Supports randomly generated interface identifier
o • Hides hardware information from network layer

• Can be permanent or temporary
• Temporary random interface ID prevents global device tracking.
o
o I
I
I ,
,
,
o I
Randomly Created ~e I o"'~ '"

Identlfier "
......\.. ~ ~
\).) -
,
\~\.,' ~ ~" \ •. \..~< k."
o L\ .... ...,~
~\,),_~u. ca.'-'\."c.. c)v~\~)
.., "
"~. " . , .' _
o A process for generating a randol11 interface identifier is provided in RFC 3041. Windows XP
il11plel11ents this process by defaull and prefers lo use Ihis address for outgoing cOl11l11unicalion,
o The randomly generaled interface idenlifier address has a shorl lifelime and is regeneraled
periodically (once per day in Windows).
o This process is considered a privacy exlension because, without il, ifyou creale an inlerface
idenlitier from a MAC address, olhers could Irack your activily and point of conneclion, To
address privacy concerns thal are associated wilh lhis level oflracking, the privacy extension
o was created.
Tip Consider the situalion lor a business lraveler. As lravelers move around the world ,
o connecting to various Internet hosls lrom different IPv6 subnets, lhey leave a telltale
signature-their 64-bit interface identifier. This idenlifier i5 consistent over time, even as the
o subnet prefix changes, as long as the node 15 using autoconfiguration, which incorporates
the burned-in MAC address 01 the underlying interface. Privacy addresses were invented to
allow the interface identilier, which must simply be unique on the subnet, to also change
o over time and in unpredictable ways.
o
o
o
o
o
© 2010 Cisco Systems, lnc. IPv60perations 2-25
()
IETF Prefix Allocalion lo lANA (
o
0100::/8
.;.~ Re,servad by 'ET~
Reserved by IETF
(: RFC 3513
-
RFC 3513
,~""""
"'l' I1I\S)
. ,.
"~ o
,
o
,
0200::/7 1. Res;~ed by'IE.TF "'< RFC 4048 ~n"
• ,
'-""'~ e(2) "'-"
, • • '$;;., -,* .,.
0400::/6 Reserved by IETF RFC 3513
,
!. 0800;:/5 Reservad by IETF-;' RFC 3513
1000::/4
'- 200Ó"I3
4000::/3
Reserved by IETF
Global unicast
Reserved by IETF
RFC 3513
RFC 3513
RFC 3513
13) o
soaO::"3
F800: :/6
FCOO: :/7
~ R~served by fET~", '!íJ1
Reserved by IETF
Unique local unic;st
,. R~q 3513
RFC 3513
J'FC 41.?3
~
o
FEOO::/9
FE80::l10
Reserved by IETF
, link· local unlcast
RFC 35 13
RFC 3S13
~
.~ o
FECO::{10 Reserved by IETF RFC 3879 14)
, ::/8
. FFOO
,- ,''''' -_''"",.,~ "" ,~ ,,;;: ,,-, ... '
' Multicast
=. ~
. RFC .3S1i '
"">".,,, ...
,' .
~
""c ,..,,;.. ,:
o
The notes that are referenced in the figure are defined here:
• [1] The unspecified address, the loopback address, and the IPv6 addresses with el11bedded
o
IPv4 addresses are assigned out ofthe 0000::18 address block.
• [2] 0200::/7 was previous ly defined as an Open Systel11s Interconnection (OSI) network
service access point (NSA P)-l11apped prefix set (RFC-gray-rfc I 888bis-03Jxt). This
definition was deprecated in Decel11ber 2004 (RFC 4048).
• [3] The IPv6 unicast space encol11passes the entire IPv6 address range except for FFOO::/8
(RFC 3513). lANA unicast add ress assignl11ents are currently lil11ited lo the IPv6 unicast
address range of2000::/3. lANA assignments from this block are re 'istered in the lANA
o
•
registry: iana-ipv6-unicast-address-assignments.
[4] FECO::/IO was previously defined as a site-Iocal scoped address prefix. This definition
o
has been deprecated as ofSeptember 2004 (RFC 3879),
• [5] 0000::/96 was previously defined as the IPv4-compatible IPv6 address prefix. This
definition was deprecated by RFC 4291.
o
The IPv6 assignments, I;-om IETF to lANA , are shown in the figure. lANA then passes prefixes
to the regional regi stries on an as-needed basis for unicast space, For multicast, lANA may
o
make individual assignments as requested,
o
Tip IETF makes assignments to lANA in RFCs. Presumably, much 01 the unaJlocated space wiJl
be assigned to lANA as additional unicast prefixes are required, but by holding most space
in reserve until it is needed, IETF does not preclude innovation lar the protocoL Perhaps a
o
new type 01 prefix or a radicaJly different use 01 the addressing space wiJl be developed.
o
o
o
o
Summary
This topic Slll11l11arizes the key points that were discllssed in this lesson.
ti a &J ¡ ¡ ¿¡¡ Ji! ¡¡¡¡ w
Summary
• IPv6 addresses are 128 bits, represented by a sequence of

eight 16-bit hexadecimal fields separated by colons.
• IPv6 addresses are unicast, anycast, or multicast. Broadcast
addresses are not supported in IPv6.
• Each of the three IPv6 address types has specific rules
regarding its construction and use.
• Every IPv6 host and router has a set of addresses that must
be configured on it to enable proper operation.
© 2010 Cisco Systems, Inc, IPv6 Operations 2-27

Lesson 2\
Describing the IPv6 Header

Format
Overview
The header formal for each IP packel carries crllcial informalion for Ihe rOllling and processing
of each packel payload. Header constrllction also plays an importanl role in the efficiency and
extensibility oflhe nelwork. This les son describes the IP version 6 (IPv6) header format and
identifies Ihe major changes in header constrllction from IP version 4 (IPv4) lO IPv6, which will
yield long-term benefits to the Inlernet.
Objectives
Upon completing this lesson, yOll \ViII be able lo describe changes in the IPv6 header and the
pllrpose of extension headers. This ability incllldes being able to meet Ihese objectives:
• Describe Ihe major changes in an IPv6 header and the benefits oflhese changes
• Describe the new fields thal were added lo an IPv6 header and explain Iheir operation
• Describe Ihe pllrpose of extension headers in IPv6
IPv6 Header Changes and Benefits
This topic describes the major changes in an IPv6 header and the benefits ofthese changes.
IPv6 Header Changas and Benefits

IPv4 Header Formal
Data Portion
- - - - - - - - - - 32 Bits
The IPv4 header contains 12 fields. Following those fields is an Options field ofvariable
length, which Ihe figure shows in yello\V, and a data portion, which is usually the transport
layer segment. The basic IPv4 header has a size of20 octets. The Options field increases the
size ofthe IP header.
Of these 12 header tields, 6 are removed in IPv6; these fields are shown in green and blue in
the figure. The main reasons for removing these fields in IPv6 are as follo\Vs:
• The Internet Header Length (\-Id Len) field was removed because all IPv6 headers are a
fixed, 40-byte length, unlike IPv4, in which the header length is variable.
• Fragmentation is now processed differently and does not need the fields in the basic IP
header. In I Pv6, routers no longer process fragmentation, a change that removes the
processing issues that result when routers process IPv4 fragmentation. The related,
removed fields appear in the Fragmentation Extension Header in IPv6, which is atlached
only to a packet that is actually fragmented.
• The Header Checksum field at the IP layer was removed because mosl data link layer
technologies already perform checksum and error control and because the relative
reliability ofthe data link layer is vely good. However, this removal forces the upper-Iayer
optional checksums, such as User Datagram Prolocol (UDP), to become mandatO/y.
The Options field is changed in IPv6 and is now processed by an extension header chain.
Most other fields were either unchanged 01' changed only slightly.
2·30 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
u IPv6 Header Changes and Benefits (Cont .)
IPv6 Header Formal
u
u Source Address
40
Ocle!s
Destination Address
(J
t:J~~~~~--IE:d.;;Io~H~e;'adj,e;r~inrt.ro;rm~at~io~n----------------I~ Variable
u Data Portion
Length
u - - - - - - - - - - 32 Bils
f\",~",";'",:" .,,(,,\,cro.~-- N~ U<L'\'l< d ., ....'\'I b,.~,
u The IPv6 header has 40 octets, instead of20 octets as in IPv4. The IPv6 header has fewer
fields. anel the header is aligned on 64-bit boundaries to enable fast processing by current and
u next-generation processors. Address fields are four times larger than in IPv4.
The IPv6 header contains eight fi e lds:
u l.
2.
Version: This 4-bit field contain s the number 6, instead ofthe number 4 as in IPv4.
Traffie Class: This S-bit field is like the ty pe of service (ToS) field inlPv4. IPv6nodes
u can mark the packet with a tramc class that can be used in differentiated services.
Differentiated services functionalities are the same in IPv6 and IPv4.
u 3. Flow Label: This new field has a length of20 bits "nd is used to mark individual traffic
flows with unique values, which routers can use to provide per-flow nondefault treatment.
4. Payload Length: This field is like the Total Length field oflPv4, but because the IPv6
u base header is a fixed size, this field describes the length ofthe payload on ly, not ofthe
entire packet.
u \ 1''' '"
(K";J~ ..c{IJ.~~<. .. ':\eo..\.•./ , $ov\ 4(
u
u t-\ '\ $ O,:;..)c '" ..J(,("j (MI\l
u • ~\\.l
<!"'C\V,\, ?\,~,\),
ü
u
© 2010 Cisco Systems, In e. IPv60perations 2-31
11 u I1
IPv6 Header Changes and Benefits (Con!.)

IPv6 Header Format (Cont.)
40
Oclels
Variable
Length
Data Portion
- - - - - - - - - - 32 Bils
5. Next Header: The value ofthis field determines the type of information that follows Ihe
basic IPv6 header. This field can be a transporl layer packet, such as Tep or UDP, or it can
be an extension header, as sho\Vn in Ihe figure. The Next Header field is Iike the Protocol
field oflPv4 but has been renamed to rellect the more generalusage: It may point to a
Layer 3 1Pv6 exlension header rather than a Layer 4 protocol.
6. Hop Limit: This field specifies Ihe maximum number ofhops that anlP packet can
lraverse. Each hop 01' rauter \ViII decrease Ihis field by one. Because there is no checksum
in the IPv6 header, packets can be rauted more quickly through the core ofthe nel\Vork.
7. Source Address: This field of 16 octets 01' 128 bits identifies the source ofthe packet.
8. Destination Address: This field of 16 oclets 01' 128 bits identifies Ihe destination of the
packet.
Tip IPv6 renames Ihe Time lo Uve field lo Hop Umil because the term more closely reflects Ihe
way Ihal Ihe field is used. The original design 01 IP (as described in RFC 791) called lar all
docks on the nelwork lo be synchronized and lar Ihe Time lo Uve (TTL) to be measured in
seconds. This design was laler seen as impractical, and the TTL lield began lo be used as a
simple hop counter. in which packels are discarded il the hop count is decremented to zera
belore linal delivery.
follo\Ving these eight fields are Ihe extension headers, if any. The number of extension headers
is nol fixed, so Ihe totallenglh ofthe extension header chain is variable.
2-32 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
u
IPv6 Header Fields
u This topic describes new fields that have been added lo anlPv6 header and explains their
operalion.
u
u IPv6 Header Fields
IPv4 Header IPv6 Header
u
(J
u
o-
u Field name kept from IPv4 lo IPv6
O -Fields no! kept in IPv6

11- Name and posilion changed in IPv6
Deslir:mfion Address
11- New field in IPv6

" -, ' . ' ' .' •• ~ ,.- . .' . .J' . ...... '"
u As sho\Vn in Ihe figure, the nUlllber of tie lds in Ihe I Pv6 header has decreased significanlly
frolll Ihe nUlllber of fields in Ihe IPv4 header. 1
\0' y\- \, ~. ~ ., -\
u ,. ("~~':""--~--¡----
). 5C'("\)\("'t~ .., ~? l J
(&,) vp<>J
u I
u
u
u
u
u
u
u © 2010 Cisco Systems, In e. IPv6 Operations 2-33
& ; ¿¡¡ al ¡¡ a
IPv6 Header Fields (Cont.)

Ralionale for IP Header Changes
There were a number of reasons lo make
modificalions lo lhe IP header when developing IPv6,
including:
• Fix problems in IPv4 headers
• Remove al! optional information and leave only eore fields
• Add extensibility (extension headers)
• Make the header easier to process
-~
By the time that a need to develop a successor to 1Pv4 arrived, more than 10 years of Internet
usage and growth had occurred_ The designers of IPv6 took lhe opportunity lo correcl many of
the problems tha! had aI'isen during the previous decade.
Problems to be corrected incluc1ed removing fields that were rarely usec1 (such as
fragmentation) from the base header, adding a way to easily extend the protocol (extension
headers), and streamlining Ihe process that routers must go Ihrough to route and forwarc1
packets (eliminating the checksum). In ac1c1ition, the new protocolneeded lo be compatible with
IPv4. Using the same version field minimizes Ihe changes at Layer 2, which is needed lo carry
1Pv6 traffic.
2-34 IPv6 Fundamentats. Design. and Deployment (IP6FD) v3_0 © 2010 Cisco Systems, ¡nc.
IPv6 Extension Headers
This topic describes the plJl'pose of extension headers in IPv6.
JkU 1lii ¡i: ¡ .¡¿dEiS .j : 16; liliJI&J
IPv6 Extension Headers
NunlDer 01 IPv6
Ex!en.,;on Headers
Packel
I
I Dala (Ioi" Example,
I
I Tep or UDP) , ~
I
I
I
.!
The extension headers are optional headers Ihat follow the IPv6 basic header. Each extension
header is 8 octets (64 bits). aligned. Together. all the extension headers form a chained list of
headers. Each extension header is identified by the Next Header field ofthe previous header.
For typical applications, the final extension header will have a Next Header field that points to
a transport layer protocol such as Tep 01' UDP. When multiple extension headers are used in
the same packet, the order of the headers should be as follows:
l. Hop-by-I-Iop Options header \t11511§11Wro 1'\lé~{¡I,Q\o:,)
2. Destination Options header (when the Routing header is used)
3. Routing header X
11 ~\l1 ( 'ffin'\lll
4. Fragment header (1!lI\l\!O (jTl\ .Y\elUTlIIO 1011100 TMn\~ D fcllctOC
5. Authentication header (AI-I)
6. Encapsulating Security Payload (ESP) header
7. Mobility header
8. Destinalion Options header (when the Routing header is not used)
9. Upper-Layer header
Note The source nade should follow this order, bul deslinalion nades musl be prepared lo receive
in any order-excepl lar Hop-by-Hop header, which musl be firsl.

llE
IPv6 Extension Headers (Cant.)

Hop-by-Hop Header Format
• An extension header
• Processed by each intermediate router
Next Header = O
IPv6 Basic Header
-- -- --
Hop-by-I;l!;p Header
Ifthe Next Headerfield equals 0, then the next header is a Hop-by-Hop field. This header
contains infonnation that must be examined by each node on the path.
The Hop-by-Hop and Destination Option extension headers support one or more options. These
options are encoded in the data portion ofthe extension header, in type, length, value (TLV)
formal. These extension headers are actllally containers for options.
One use for the Hop-by-Hop header is to SUppOlt IPv6 jllmbograms, which are defined in RFC
2675, IP,,6 JUlllbograllls. The IPv6 header has a 16-bit Payload Length field, and therefore
supports payloads as long as 65,535 octets. The IPv6 Hop-by-Hop option-with the Jumbo
Payload option--carries a 32-bit long field. This special option is used to allow transmission of
IPv6 packets with payloads that are between 65,536 and 4,294,967,295 octets long.
Tip Partitioning of options into this Hop-by-Hop header and the Destination Options header is a
primary feature of IPv6 and helps to imprave aggregate throughput on an IPv6 network. By
partitioning options in this manner, intermediate routers can make a quick decision about the
need to look more deeply into the packe!. If the IPv6 base header contains a "O" in the Next
Header field, the rauter must examine the options. If the router sees any other value, it can
immediately raute the packet, and no further examination is needed. This pracess helps
rauters to focus on fast forwarding of packets that do not require special handling along the
path.
• 2& i2i ¡¡¡ EL ¡¡
IPv6 Extension Headers (Cont.)

Rouling Header Formal "- o v~.l 'l"
" An extension header
" Processed by the listed intermediate routers
• Deprecated as 01 2008 (RFC 5095)
Nex! Header = 43
IPv6 Basic Header
Routing Header
-- --- ---
Header
Ifthe Next Header field equals 43, then the next header is a Routing header. A Routing header
can appear either as the first extension header after the IPv6 base header, or after another
extension header.
As in any extension header, the first field of the Routing header is the Next Header field, which
identifies the type of header that follows the Routing header. The second field is the Exterior
Header Length field. The Routing Type field identifies the type of Routing header that is used.
The Segments Left field identifies the number of intermediate routers that are in the data
pOl1ion of the Routing header.
A Routing header with routing type O torces the routing through a list of intermediate routers,
like the Loose Source Route option does in IPv4.
A second Routing header, with routing type 2, has been defined for use with IPv6 Mobility.
This header is formatted like the type O Routing header but carries only one intermediate hopo
© 201 o Cisco Systems, Inc. IPv6 Operations 2-37

7 ¡Kili El
+

Deslinalion Oplions Header Formal
• An extension header
• Contains information intended only for the destination nodes
Nex! Header = 60
IPv6 Basic Header
Destination
Options Header Destination Options
--- Header -- ._
---
Ifthe Next Heacler fielcl equals 60, then the next heacler is a Destination Options heacler.
An example of a Destination Options header is the Home Address option in Mobile IPv6. The
1·lome Address option is carried by the Destination Options extension header. This option is
used in a packet that a mobile node sends while away fmm home, to inform the recipient ofthe
home address of the mobi le node.
This is the only type ofRouting header that can appear t\Vice in an IPv6 packe!.
Tip Destination options are end to end, which helps to secure sessions because these options
can be covered by IPsec protections. The options need not be visible (and are never
changed) along the path. Hop-by-hop options are not covered by end-to-end security tools
su eh as IPsec, because they must be visible to intermediate nades along the path.
2-38 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
IliIlillMli &14 11 11 I1 111 Jli& &1

Routing Header Operation
Source: Node A
Deslinalion: 8
Roular lis\: R2, R5
Segments Lell: o
The figl1l'e sho\Vs the changes in Ihe Routing headers and the destination address during the
routing ofthe packet in the path from A to B.
The way in which the Routing header and the destination address in the IPv6 packet interact is
new. At each intermediate router in the lis!. the router changes the destination address ofthe
outgoing packet to target the next-Iisted l'Outer. This Iist of hops is always saved in the Routing
headers.
The number of Routing headers does not change, but the content of the router address inside
each Routing header and the packet destination address changes during the path. When the last
router in the list receives the packet, the l'Outer changes Ihe destination address to the final
destination address, which is the address of host B.
Initially, host A pul s in an R2 address as the destination address ofthe packet. Host A also puts
in the Routing header the address of R5 (the next router on the list) and the address of host B
(the final destination). When the packet leaves R2. R2 changes the destination address to R5
and puts its own address (R2) in the first Routing header. 'fhe Segments Left field is
decremented by one. When Ihe packet leaves R5. R5 changes the destination address to B, the
final destination, and then puts ils own address (R5) in the last Routing header.
When the packet arrives at B, the source (A) and the destination address (B) are as if no
Routing header were present. However. B can look at the Routing headers to see the path (R2,
R5) Ihat Ihe packet took. The exchanging of those addresses in the header does not involve any
checksum recalculation.
Putting the next hop in the destination address enables the routing of the packet between the
t\Vo hops to be pl'Ocessed without any change. For example, between any two hops in the Iist,
the basic routing is based on the longest match routing algorithm and corresponds to the default
method for routing packets in IPv6.

Fragment Header
• A fragment header is used when a node must send a packet
larger than the path MTU .
• The header allows for end-to-end fragmentation.
Next Header 44= IPv6 Basie Header

Fragment Header
-- -- ---
FragmentH!ader
The fragment header is used when a node must send a packet that is larger than the path
maximum transmission unit (MTU). The path MTU is the largest packet that can be conveyed
across a given network path. For example, if each link in the path can carry a 2000-byte
packet-except for one link. which can cany only a 1500-byte packet-then the path MTU is
1500 bytes. l fthe source node has a 1600-byte packet to send, it needs to fragment the packet
into t\Vo packets.
When a packet exceeds the MTU, the source node cuts the packet into fragments and sends
each fi'agment in a separate packet, identifying each fragment by adding the Fragmentation
extension header behind the base IPv6 header of each new, smaller packet.
The fields ofthe Fragmentation header look like the Fragment fields in the IPv4 header, and
include the following:
• A fragment offset that identifies the position ofthe specific fragment in the complete
original packet
• An identification number that identifies fragments that are from the same original packet
The destination node then reassembles the packet by concatenating the received fragments in
the order that the fragment offset provides.
Nole Unlike in IPv4. only Ihe souree nade in IPv6 is allowed lo fragment paekets. Routers in the
transit path are not allowed to fragment paekets. Instead, the router must send an Internet
Control Message Protoeol version 6 (ICMPv6) error message baek lo the souree, notifying
the source that fragmentation is required.
2-40 IPv6 Fundamenlals, Design, and Deployment (IP6FD) v3.0 © 2010 Ciseo Systems, Ine.
u IPv6 Extension Headers (Cont.)
IPsecAH (1-I0\,~1.,. L,:, ~ecI~")) lflNn 1Il€,ll1>t)
u PI/.C -ro CO lO 'ó1
Nex! Header =
(j IPv6 Basic Header
AH
u
u
u
u QSfr
.\b\l.P
eS r
e,S
gq
<50
u The AH. described in RFC 4302, is an IPsec header that provides packet authen!ication and
integrity checking.
u
u
u
u
u
u
u
u
u
ü
IPsec ESP Header o) r" f' :j:?'
\Gfu,~ ~o
Next Header = 50
ESP Header
Header
~-- ~~-
---
The ESP headel', described in RFC 4303, provides confidentiality and data-integl'ity sel'vices
fol' pe el' nodes.
Tip IPsec ESP can be used with null encryption, which means that only the authentication,
integrity, and anti-replay leatures 01 ESP are enabled. There is a discussion in the security
community about whether IPsec ESP with null encryption is su!ficient lor all nonprivacy-
related sessions, and whelher IPsec AH should be eliminated. Nole Ihal transport-mode
IPsec AH provides broader coverage 01 packet inlegrily Ihan ESP does.
2-42 IPv6 Fundamentals. Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Upper-Layer Headers
• Used for !he payload pro!ocols
-ICMP
... UDP
- TCP
- SCTP
• Mus! be !he las! ex!ension header
Upper-Layer headers in IPvG are structurec1 the same way as in IPv4. Upper-Layer heac1ers
must be last in a chain of extension headers.
mi 2 Ud al

UDP
• Computa!ion of UDP checksum is mandatory for UDP
running over IPv6.
IPv6 Basic Header

(400ctets)
Any Number 01 IPv6
Extension Headers Packet
I
I
I
I
I
I
In IPv4, the UDP transport layer uses an optional checksum. Because the IP header checksum
is removed in IPvG, IPvG uses the UD!' checksum to check the integrity ofthe inner packet. The
checksum is mandatory.
The UD!' pseudaheader includes the IPvG source and destinatian addresses. If saurce rauting is
included, the destinatian address is computed fmm the final destination in the saurce-route
path.
© 2010 Cisco Systems, Ine. IPv6 Operations 2·43

¡¡¡¡g j if

Extension Header Order
Extension headers should be constructed in sequence
Jo minimize packelhandling_""hill?en,IQ].Jtl?! Extension
headers should be sequenced in this order:
• Hop-by-hop header (musI be Ihe firsl)
• Deslinalion oplions header (for firsl deslinalion device)
• Routing header J.
• Fragmenl header
• AH \ ¡ílSec
• ESP header
• Mobilily header
• Deslinalion oplions header (for final destinalion device)
• Upper-Iayer header (~~ Te?
A review of some of the main characteristics of extension headers follows:

• The Hop-by-Hop Options header is the only type ofheader that is read and processed by all
hops in the path. The Hop-by-Hop Options header is used currently for the router alert and
jumbogram functions and will be used to carry new options as they are invented in the
future.
• The Destination Options header is processed only by the destination node. Currently, only
Mobile IPv6 uses the Destination Options header.
• The AH and the ESP headers are used within IPsec to provide authentication, integrity, and
confidentiality orlhe IP packet, and are identical in bolh IPv4 and IPv6.
• Upper-Layer (transport) headers are the typical headers that are used inside the IP packet to
transport the application data. The two main transport protocols are Tep and UDP.
Tip IPv6 engineers sometimes cal! Ihese headers upper-Iayer exlension headers, which is
incorrecllerminology. IPv6 extension headers are Layer 3 headers and are par! of the IPv6
prolocol (including ICMPv6). TCP and UDP, for example, are Layer 4 prolocols and are nol
IPv6 extension headers.
2-44 IPv6 Fundamentals, Design, and Deployment (IP6FO) v3.0 © 2010 Cisco Systems, Inc.
Surnrnary
This tapie S1l11l11larizes lhe key points thal were disclIssed in this lesson.
3&G C&&i ilJi2t & &
Summary
• The IPv6 header has removed unnecessary lields, resulting

in a more streamlined, simpler protocol.
• The Flow Label and Next Header lields are new to IPv6 and
enable new lunctionality, in the lorm 01 belter quality 01
service and extension headers.
• Extension headers are used lo extend the lunctionalily 01
IPv6 while introducing minimal exlra processing cosls on
IPv6 nades.
n ,~,

.. ~
2-46 IPv6 Fundamentals, Design, and Deployment (IP6FO) v3.0 © 2010 Cisco Systems, Inc.
Lesson 31
Enabling IPv6 on Hosts

Overview
Support on the end nodes is crucial for implementation oflP version 6 (IPv6). Most. ifnot all.
major operating systems already support IPv6. and there should be no problem implementing
IPv6 support on hosts. Application support is a different matter and can vary fmm application
to application. Commercial applications should offer IPv6 SUppOlt, whereas internally
developed applications depend on the internal development team. This lesson describes how to
configure basic IPv6 parameters on Microsoft Windows, Mac OS, and Linux kernel-based
operating systems.
Objectives
Upon completing this lesson. you will be able to configure IPv6 on Windows and Linux-based
operating systems. This ability includes being able to meet these objectives:
• Describe how IPv6 is enabled on the hosts
• Describe how IPv6 is enabled on Windows
• Describe how IPv6 is enabled on Mac OS X
• Describe how IPv6 is enabled on Linux-based operating systems
Enabling IPv6 on Hosts
This topie describes IPv6 on end nodes.
lIIII
Enabling IPv6
IPv6 support:
• AII major operaling syslems now supporl IPv6
• IPv6 is lhe preferred prolocol (over IPv4)
• This can be problematic if:
- Global IPv6 address is configured
- DNS returns AAAA record
- No IPv6 path exists lo lhe destination
• Priority of addresses (prolocols) can be changed:
- netsh interface ipv6 set prefixpriorities (Windows)
- lelc/gai.conf (Linux)
- ip6addrctl (KAME)
II'v6 must be enabled on end hosls as well as on the entire network. Before enabling II'v6 on
end hosts, you should be aware orthe potential problems that doing so might ereate. II'v6 is
preferred over 11' version 4 (IPv4) onmost platforms: ifyour end host has an II'v6 global
address and an IPv6 default route or speeifie route to the destination, lhe host probably will lry
lo use IPv6 to reach the destination. Ifthe IPv6 palh to the destination is interrupted
somcwhere-for example, ifyou ha ve localll'v6 conneelivity and advertise the default route
inside your nctwork, but your IPv6 Internet connectivity is down-then your hosts will
experience apparent slowdown of Internet traffie towards dual-staeked Internet hosls. This
issue oceurs beeause of IPv6 preferenee. To change this behavior, speeify higher priority for
IPv4 traffie, by increasing precedence value.
On WindolVs, you can increase this value by using the netsh interface ipv6 se!
prefixp"¡orities commancI. On Linux-based operating systems, you can edit the lete/gai.conf
file. On operating systems that have a KAME-based IPv6 staek (Berkeley Software
Distribution [BSD] series and Mac OS X), you ean use lhe ip6addrctl command.
2-48 IPv6 Fundamentals. Design, and Deployment (IP6FO) v3.0 © 2010 Cisco Systems, Inc.
Enabling IPv6 on Windows
This topic describes how to configure IPv6 on Windows operating systems.
2lli S Ji222 _222]&2 11 &
Enabling IPv6 on Windows
IPv6 support in Windows:

• Windows XP and la!er suppor! IPv6.
• Windows XP and Windows Server 2003:
- Do no! have IPv6 enabled by defaul!
- Do no! have GUI options for IPv6 configuration
- Windows XP does no! support DNS over IPv6.
• Windows Vista and later:
_... Have IPv6 enabled by defaul!
-- WiII autoconfigure !hemselves
- Ofler GUI for IPv6 configuration
AII current versions ofthe Windows operating system support IPv6. Windows XP and
Windows Server 2003 have limited configuration options for IPv6. There are no GUI options,
except the ability to install support for IPv6. Configuration is done through the netsh command-
line interface (CLI).
Windows Vista and later editions have complete GUI support for configuring IPv6, as well as
Ihe netsh CLI.
By default, all versions autoconfigure themselves \Vith globallPv6 addresses as soon as a router
on the segment advertises a prefix via neighbor discovely muter advertisement.

lb
Enabling IPv6 on Windows (Cont.)
Windows XP and Windows Server 2003:

• To enable IPv6 support on Windows XP and Windows Server
2003, use:
c:\>
Inetsh interface ipv6 install
• Supporl slalie and auloeonfigured addresses
• Do nol have OHCPv6 elienl
• Support only 64-bit prefix lenglh
• Configure IPv6 lhrough lhe netsh eommand
c:\>
Inetsh interface ipv6
netsh>
Iinterface ipv6
Slarting nelsh and enlering IPv6 eonfiguralion submode
On Winclows XP ancl Winclows Server 2003, IPv6 is available but is not enablecl by clefault. To
activate suppor! for I Pv6, you must enter the netsh interface ipv6 install command once. The
change is permancnt and persistent across reboots.
After enabling IPv6 (no reboot is requirecl), you can leave Ihe PC to auloconfigure ilselforyou
can set a slatic IPv6 adclress. However, Winclows XP ancl Winclows Server 2003 do not have a
DHCP version 6 (DHCPv6) clienl, do not SUppOlt an arbitrary prefix lenglh (only 64-bit
prefixes are supporlecl) and do not support DNS lransporl over IPv6.
When you configure through Ihe nelsh CLI, Ihe easiesl way is lo slarl netsh by using the netsh
command, then enter I Pv6 configuralion submocle by enlering interface ipv6 ancl pressing the
Enter key.
..~
111 i &aSi ¿JI mla &illE:a
Basic netsh commands

• IPv6 is already enabled on Windows Vista, Windows 7, and
later.
• Configuration can be performed through netsh CL! or GUI.
netsh interface ipv6>
I set address <interface> <prefix>
Setting a static address

set route <destination> <interface> <gateway>
Setting a route
set dnsservers <interface> {dhcp I sta tic <DNS IP>}
Setting a route
011 Windows Vista al1d later, IPv6 is enabled by default. A fresh installation will autol11atically
cOl11pute the IPv6 address ifa router is present and sending route advertisel11ent packets.
Configuration can be done either through the CL! 01' GUI. CL! cOl11l11al1ds are the sal11e as in
previous releases of Windows.
AII the cOl11l11ands in this lessol1 are configured ul1der the interface IPv6 subconfiguration
1110de. You can execute the cOl11l11ands by specifying each cOl11l11and individually at the
cl11d.exe prol11pt, as in this exal11ple:
c:\>netsh interface ipv6 set address LAN 2001:db8:100::1
01' you can enter the netsh application, select the conriguration 1110de, and then enter the
c01l1mands:
c: \>netsh
netsh>interface
netsh interface>ipv6
netsh interface ipv6>set address LAN 2001:db8:100:40::1
The set address illte~face prefix cOl11l11and sets a static IPv6 address 011 al1 interface.
To configure a raute, use the sel route destillatioll gllte,l'(}y cOl11l11and. For exal11ple, to
conrigure a default raute, use the set route ::/0 LAN fe80::1 cOl11l11and.
DNS servers can be either acquired through DHCP·lite 01' configured staticall)'. To tell the PC
to acquire DNS server inforl11ation via DHCP·lite, use the set dnss8l'ver LAN dllep cOl11l11and.
To statically configure a DNS server use the set dnsserver LAN statie 2001 :db8:1 00:1: :53
cOl11l11and.
© 2010 Cisco Systems, Inc. IPv60perations 2-51

GUI Configuration
*", <.O!>9r\"'~""""",a'~1 ....,,,,,.,.~ tjCl>l ".,."",¡'~~"«I¡>,H!ll.

oo.""'M<.~","M! •• ",)'O'... _l:a<!oIW>f"JIIWI",V. •• i'Vf~II"-~~
:Ii c,:,,,,,,,,,,~~ o&!n!$O"'''''''o\i=

": ,).. INi"'to>:.1."'.lINIi":'1r~.,
t1>, 'J:<I'"<I",',,,~. ,,~ f>,~;O"1i ,\f'".'.

¡.¡;;¡ ,~. cl,~oi';;;~~~;;:~ú¡;;;;;¡;~- ,.... "
:-'1.-~I.J''!''''<J:*,·W'''","I..''''",,,,,.r
:"" 1"§·1~S r~< •• ts,.h • .;t,j"'
'0, 0:'; "'"." .M<~,. ",~.,r,"'~'ly
l~~&=:¡~1t,;t~~
Q)l •.""
j:;>; ..... """,,,,,ti'~,:<;!V~,,,~.,4fT~~,"'M:

e V"'~'(*_-lm¡5'''''''''~''''''''''1
!:~;.:. w.)c.L"'f" r"",.,. ... (),MM~r/!hN'.'l;')t";.,
j :;¡, .~. ¡""'-l".,h~~c..<~,,,ryR,.• p.,,,"'"
TCP;Y -,..,&.>. (. !"" _~.ft!ti",.<>l~& ;*,,,,,, po

~.~ •• ~"",,,,*,*>.~~,,,~.. <1-,"."" _""'<l~"'.
GUI configuration is vely like IPv4 configuration. The figure shows a sample empty
configuration ofthe IPv6 protoco!. An IPv6 address can be configured statically or acquired
automatically. When configuring static address, youneed to specify the IP address, prefix
length, anel default gateway. There is no more netmask setting; the prefix length is used instead.
DNS servers are stilllisted. For any additional DNS servers or other settings, click the
Advanced button.
Verification of Configuration
el\> ipconfig
Ethernet: adapter LAR:
Connecl:ion-specific DNS Suffh: pe. example. com

IPv6 AddrcsB • • • • • • 2001:db8:1:10:4860:1624:5c13:4512
Temporary IPv6 AddresB. 2001:db8:1:10:dc6c:Ja19:b21018632
Link-local !Py6 AddreS8 feSO: :4860: 1624: Sc1314512U5
IPv4 Address • • 192.0.2.116
Subnet Hask • • 255.255.255.0
DefBult. Gat.eway feSO: : 214 :50ff:feeO: 1627\15
192.0.2.65
e:\> ne!:"b tTlt.m:fuce lp\'6 llhow ¡lddrr,,~!l'r.>3

Interface 15: LAR
Addr Typo DAD Sl:al:e Valid Life Pro!. Lite Address
Public Preferred 29d23h59m37s 6d23h59m37s

2001:db8:1:10:4860:1624:5c13:4512
Temporary Preferred 2dlh56m28s 2dlh56m28s
2001:db8:1:10;dc6C:3aI9:b210:8632
Other Preferred infinite infinite fe80::214:50ff:feeO:1627\15
When verifying configuration, you can use either traditional commands 01' netsh commands.
For checking the configured address, you can use either Ihe ipconfig 01' netsh interface ipv6
show addresses command. The ipconfig coml1land sho\Vs both IPv4 and IPv6 configuralions
but offers less inforl1lation. The netsh command is lil1lited to IPv6 configurations unless you
modify the command, but this command shows additional statuses such as address type,
Duplicate Address Detection (DAD) state, and vulid und preferred Iifetime.
,a &IJ @ ti &J
Verification of Configuration (Cont.)

e: \> rO\l!:I! print -6
Interface List
15 ••• 0050 b2 56 13 ed •••••• LA" Adapter
IPv6 Route Table
Active Routes:
If Hetric Network Destination Gateway
15 276 ::/0 fe80::213:60ff:feeO:fl26
15 28 2001:db8:1:10::/64 en-link
15 276 2001:db8:1:10:4860:1624:5c13:4512/128
en-link
15 276 2001:db8:1:10:dc6c:3a19:b210:8632/128
en-link
15 276 fe80;;/64 en-link
15 276 fe80;;214:50ff;feeO:1627/128
en-link
15 276 ffOO;;/a On-link
Persistent Routes:
None
To check the routing lable 01' the deFault gateway (more coml1lon on end hosts), use the
traditional ronte print -6 command.
© 2010 Cisco Systems, lnc. IPv60perations 2-53

IIIII1 2 hi
Verification of Configuration (Con!.)

el\> netnb int:e~fl1ct! ipv6 sllo\<l route
Publbh 'l'ype Me!: Prefix Idx Gateway/lnterface Name
No Manual 2" : :/0 15 feBO: :213160ff:feeO:fl26

No Manual 2001:db8:1:10::/64 15 UN
No Manual 2" 2001:db8:1:10:4860:1624:5c13:4512/128 15 Ll\lt
Manual
No
No Manual
Manual
'"2" 2001:db8:1110:dc6c:3a19:b21018632/128
feSO,,/64 15 LAN
15 LAN
No
'" feBO: :214.:S0ff:feeO:1627/128 15 LAN
No Manual
'" HOO: 1/8 15 LAN
~
I
• DNS configuration can be checked with:
- netsh interface ipv6 show dnsservers
- ipconfig lall
• Neighbors can be viewed with:
- netsh interface ipv6 show neighbors
An allernalive way lo check Ihe rouling lable is lo use Ihe netsh interface ipv6 show route
command.
DNS configuralion can also be checked by using the ipconfig /all command or the netsh
interface ipv6 show dnsservers command.
To view a neighbor cache, you must use the netsh interface ipv6 show neighbors command.
2-54 IPv6 Fundamentals. Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Advanced Commands
o I set privacy [enabledldisabled]
Modilying privacy settings

Ls_e_t--".q:...lo_b_a:...l....:..ra:...n:...d:...o:...m:...iz:...e:...i",d.:.
en ",t,-i",f",i.:.e:..rs:...-...:e.::n.::
ab .:.l:..e",dC!.l.::d:..
is,-a",b",l.:.ed....:.._ _--, I E \1\ - (., ~
~,
Modilying randomization 01 interfac.eldenlilj=-
\N\N~,, ""' N
L\ N >.) ,," ().) t1 ~'1.";) -
(j) The advanced configuration options include the netsil interface ipv6 set privacy command.
This command adds an additional, lemporary address on every IPv6 interface. Windows uses
this address when choosing the souree address for any outgoing connections. Additionally, no
services listen on this address. Use oflhis address can prevent a malicious user fmm
successfully pOIt-scan ning the PC, because a ll services listen on ly on the primary, not on the
o temporary, address. This feat ure is enabled by defaul!.

The netsil interface ipv6 se! global randomizeidentifie.'s command causes the interface
identifier portion ofthe autoconfigured IPv6 address to be computed by using a pseudo-random
number generating algorithm. This feature is beneficial in t\Vo ways:
• Determining the hardware manufacturer ofthe network interface card (NIC)just by looking
at the IP address becomes impossible.
• Guessing the nade address, by guessing the vendor and assuming the extended uni versal
identifier (EU I)-6.4. conversion ofthe MAC address inlo the interface identifier, becomes
less probable. I f an altacker guesses the vendar it reduces address space to /24, which is
still 16 million possible addresses but is an arder ofmagnitude sma ller than /64.
© 20 10 Cisco Systems, Inc. IPv6 Operations 2-55

Enabling IPv6 on Mac OS X
This topie describes basic commands to configure IPv6 on Mac OS X.
l1li
Enabling IPv6 on Mac OS X
• Based on FreeBSD and Mach kernel

• Supports GUI eonliguration 01 IPv6 parameters
• Supports CLI eonliguration through FreeBSD eore eommands
• Does nol support DHCPv6
,...... -_...
=.:<;.:,-:==~~.
~~;~~ "
~_ ..,."..,.... ",
<",...,._ "w.,,,"i~
~
-':::::;~::C~:'::¡;J ''''''w I
..."''''''' "~Il!~.
Jt...."" ,.. ....)'."'I""Z<'I'II'»H,"'I:I ....<',)~
.~~ O
_lb", :<,,)J'~"_'«. """11'''''''.''''"
....,.........,., « , ~~'.!ff.:.:~~~"Jt:!;>i
Mac OS X is the current Apple operating system for Apple hardware. Mac OS X is based on
Ihe Mach microkernel, FreeBSD core utililies, and a GUI that dra\Vs from NeXTstep
lechnologies, which was developed for NeXT computer systems.
Mac OS X natively supports IPv6. Configuration is possible through the GUI 01' through CL!
commands. CL! commands for Mac OS X are like GNU 01' Linux commands:
• ifconfig: Is used for manual configl\l'ation of IP parameters on interfaces
• rotlte: Is used fol' configuring the routing table
• nets!at: Sho\Ys network status, routing table, and interface statistics
You can also use the ip6 command to globally enable 01' disable IPv6:
• ip6 -a: Enables IPv6 on all interfaces
• ip6 -x: Disables IPv6 on all interfaces
DHCPv6 is not supported natively on Mac OS X. Because the operating system is based on
BSO, you should be able to install third-pal'ty DHCP products that \York on FreeBSD, to
provide DHCPv6 functionality on Mac OS X.
Enabling IPv6 on Linux
This topic describes the basic commands to configure I Pv6 on operating systems that are based
on the Linux kernel.
¡¡ 2; JJ . &
Enabling IPv6 on Linux
IPv6 support on Linux distributions:

• Linux has IPv6 support since 2.2.x kernel series.
• Configuration depends on distribution.
• File Iproc/netliUnet6 contains list 01 interfaces on which IPv6
is enabled.
• Adding IPv6 support to a running kernel:
Hosti
I modprobe ipv6
• Linux hosts will autoconligure themselves.
Linux-based operating systems use Linux as the operating sys!em kernel. The Linux kernel
supports IPv6 since the kernel version 2.2. Where the configuralion is stored depends on Ihe
distribution. bu! basic commands are lhe same regardless oflhe version oflhe kernel. Note that
configuring your host as described in this lesson does nOI preserve settings across reboots.
To verify whether your Linux host supports IPv6. look for the file /proc/net/ifjnet6. This file
should have one line per interface on which IPv6 is enabled. Ifyou do not find this file, !ry
loading the IPv6 kernel module with Ihis command:
• modprobe ipv6

hE
Enabling IPv6 on Linux (Cont.)
Basic Configuration
Host#
ifconfig <interface> ipv6 add <prefix>/<length>
Adding an address
Hosti
ifconfig <interface> ipv6 del <prefix>/<length>
Deleting an address
Host'
route -A inet6 add <destination> gw <gateway>
Adding a route
• DNS servers are added to the /etc/resolv.conf file.
Inameserver 2001:db8:100::53
Ifyou want to acle! an address to an interface, you can use the ifconfig illtel:face il'v6 add
pr~fixllellg/" cOl11mand; for example:
• ifconfig ethO il'v6 add 2001 :dbS:1 00:12::10:17/64
Removing an aclclress is analogous. The add keyword is replaced by the del keyword.
1'0 ae!d a mute, you use Ihe route -A inet6 add des/illa/ioll gw ga/ell'ay command.
The alias default can be lIsed to add a e!efalllt mute; for example:
• route -A inet6 add default gw feSO::1
DNS servers are added to the fetcfresolv.conffile, one server IP address per line and prefixed
with the nameserver keyword.
Enabling IPv6 on Linux (Cont.)
Verification
HoSU ifconfig
ethO Link encapIEt:hernet: HHaddr 00:50:56:8E:24:30
inet:6 addr: 2001:dbS:l0::200:42ff:fe14:24cl/64 Scope:Global
inet:6 addr: fe80::200:42ff:fe14:24cl/64 Scope:Link
UP BROADCAST RUNNINO HULTICAST HTU:1500 Hetric:l
(output omlt:t:edl
Hoat' routc -6
Kernel IPv6 ..""tihg bbIo
lIuUn.UoII
l,lIUI
Nut Kop
" "
,,
"hga "",trie JI"t
,•
U... Jh",,,
".
,..,
2001,db',lO, ,20eh Uf! ,f .. a ,24c1l120
" " ,,. ".
21X11,db3,lO •• /U
hlGI .2oo,42ft, ("U .24cl/12. "
" ""'
,'" ,,.
O "thO
leSO, ,IU
" " ", O ethO
HOO,.,.
,,10 " " '" ,, \} "thO
O othO
"'O
" ,l13,60U ,t.... O.t540
feBO. "
UGOA '"
1024 O "thO
Host' ip -t in<:lt:G ndgh

feBO: :213: 60ff: feeO: f540 dov ethO 11addr OO:13160IeO:fSI40 router STALE
Verification of configured addresses is done by issuing the ifconfig c0111111and, which displays
addresses and S0111e statistics for all the interfaces that are installed on the syste111.
Checking of IPv6 routes is done by issuing the mute -6 c0111111and.
A list of neighbors can be viewed only by lIsing the ip c0Il1111and, which is a part ofthe iproute2
package. This package allows changing and viewing of all other parameters as well. The syntax
for Iisting the neighbors is ip -f inet6 neigh.

Summary
This topie sllmmarizes lhe key points thal were disellssed in this lesson.
a ;;: 1111& ii
Summary
• IPv6 is enabled by default on most modern operating

systems.
• End hosts will most often use autoconfiguration as soon as
RAs are deteeted.
• Windows XP and Windows Server 2003 require IPv6 to be
enabled manually.
• AII versions of Windows after Windows XP support the netsh
eLl for configuring network parameters.
• AII versions of Windows after Windows Vista also have the
option of GUI configuration.
• Linux-based software distributions support IPv6, but
permanent configuration varies from distribution to
distribution.
• Verification commands are the same on all distributions.
2-60 IPv6 Fundamentals, Design, and Deployrnent (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Lesson 41
Enabling IPv6 on Cisco

Routers
Overview
Under development since the mid 1990s, IP version 6 (1Pv6) can be found in most modern
networking hardware and software. Cisco is no exception and has provided support for IPv6 in
Cisco lOS Software since 2002. Network engineers and administrators who support IPv6
inlegration in Cisco Powered Nelworks require knowledge oflhe Cisco lOS Software
commands Ihat are used to configure and support IPv6 on Cisco routers. This lesson describes
I Pv6 enablement on Cisco lOS Software for routers.
Objectives
Upon completing Ihis lesson, you \Viii be able lo describe and use Cisco lOS Software
commands lo enable IPv6 on Cisco roulers. This ability includes being able lo meet these
objectives:
• Use Cisco lOS Software commands to enable IPv6 on Cisco routers
• Configure IPv6 addresses on Cisco rouler inlerfaces
• Explain Ihe two Iypes of IPv6 autoconfiguration
Enabling IPv6 on Cisco Routers
This tapie describes how to enable IPv6 forwarding on Cisco routers.
L
Enabling IPv6 on Cisco Routers
To enable IPv6 on Cisco lOS routers, enable IPv6

unicast packet forwarding:
router (config) fi:
lipV6 unicast-routing
• Enable IPv6 traffie forwarding
Enabling IPv6 on Cisco Catalyst switch es might require

changing the switch database management template.
switch (config)#
ISdm prefer dual-ipv4-and-ipv6 default
• Enable IPv6 TCAM support (advanee IP Serviees feature set is

required)
Follow these two basic steps to activate IPv6 on a router:

Step 1 Activate IPv6 traffic forwarding.
Step 2 Contigure each interface in which IPv6 is required.
By default, IPv6 traffie forwarding is disabled on a Cisco router. To activate IPv6 traffic
forwarding between interfaces, contigure the ipv6 unicast-routing global cOl11l11and. This
cOl11l11and allows the forwarding ofunicast IPv6 traffic.
IPv6 is enabled on a per-interface basis. Contiguring an IPv6 address on an interface
autol11atically configures the interface link-local address and aetivates IPv6 for that interface.
On Cisco Catalyst switehes, a change of database management template l11ight be required. Use
the sdm prefe!' cOl11mand to ehange how tel'l1ary content addressable mel110ry (TCAM) is
divided. To enable IPv6 support, use the sdm prefer dual-ipv4-and-ipv6 defalllt cOl11l11and.
This cOl11mand will slice TCAM in a switch so that IPv6 entries can fit into it. The cOl11l11and
works only on Layer 3 switches with an advanced IP Services feature set.
2-62 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
IPv6 Address Configuration
This topie describes how to configllre IPv6 addresses on Cisco rOllter interfaces.
IPv6 Address Configuration
The ipv6 address command:

• Enables IPv6 on the interface
• Configures the interface IPv6 address
router(config-if)#
() I ipv6 enable
• Enables IPv6 support on an interface when no explicit

address has been configured
r===->==~--:-:---:---,-,---:------:-------:------, /
-\ .
'" /
\-\A(
1"UI ... ,JC' .....~I.o..

[eui-64) \.a ,\-
r
J(' r \ ~ \'\'i')c.
• Configures an IPv6 address on an interface and starts ,,,,\,,L
sending out route advertisements for the configured prefix
\ ¡ff'E
\0,. '" ,\ \ , \,,).,
t: \-.j
"V,\f "W \\J~.~u.4~\. \"\.J .
To configure the IPv6 address on an interface, lIse one ofthese five commands:
• ipv6 enable: YOll can enable I Pv6 on the interface withollt speci(ying any IPv6 address.
The ipv6 enable command enables IPv6 and alltomatically contigllres the link-local
address for this interface. If no other address is contigllred, then the interface will have a
link-local address only. The link-local address can be lIsed to commllnicate only wi!h nodes
on !he same network link (neighbors).
• ipv6 addl'ess <illv6prefix>/<lll'efix-length> lelli-641: This address command can
configllre globallPv6 addresses. The link-local address is configllred alltomatically when
an address is assigned to the interface. The entire 128-bit I Pv6 address mllst be specified, 01'
a 64-bit prefix mlls! be specified and lhe elli-64 option mllst be lIsed .
© 2010 Cisco Systems, lne. IPv60perations 2-63

IPv6 Address Configuration (Cont.)
,e .~\o.\.I:) n
rr~o~u~tEe~r~(~C~O~n~f~i~9~-~if~)*~~~\~~~~====================J______
LiPV6 unnumbered <interface> ...1 ~ ~ (/~ ~
' NT ---,
\I? \\{\",,,,,,'l;:>t'.~
• Assigns address from another interface ... ~ .¿¡ (J

router(config-if) n 5e<'",\ "'- \, 'i-a)o
I ipv6 address <feSO: :suffix> link-local '_______) I_,J.,.0,,:>':)<- O
• Configures link local address to an arbitrary value \ ~
• Configures stateless autoconliguration on the interface 10 "\',,,k-'19 QJ('l'

n
0
• Delault route is added, based on.lQl!le advertisement (V\A\"''''' \?

inlormation, il the ~It keyword is added. {l,,\,\\ , ~. \ • ",\I.\'"y
<:) .... <,).). '" l ,, ~"' ''' \.,) ..... " ).!) ( .....~ \~'\\\.
Se",~ ~ \~ )oo~\"t0
• ipv6 unnllmbered <interface>: You can also configure IPv6 interfaces without explicitly o
configuring a globallPv6 address for each interface. The ipv6 unnumbered il/fe/lace
command instrucls the unnumbered inlerface to use the configured global I Pv6 address of ()
the specified interface as the source address of the packets Ihal originate from the
unnumbered interface,
• ipv6 address <feSO ::ipv6addr> link-local: You can slalically define the link-local address
by using Ihe link-local oplion. You do not need lo specify Ihe prefix lenglh when using a
o
•
slalic link-local address.
ipv6 address alltocollfig Idefaultl: This command allo\Vs the router lo allloconfigure
o
ilself, based on router adverlisemcnls of another rouler. The optional default keyword also
adds a default route Ihal is based on route advel1isements.
Note Allowing Ihe rauler lo choose ils own 64-bil Interface idenlilier makes sense il Ihere is no
need lo reach Ihe rauler Irom Ihe subnet; lor example, lar managemenl purposes. This
o
appraach also makes it more difficult lor scanning-based atlacks lo find raulers, because
mosl manually conligured addresses (such as FEBO::1) are easy lo guess. A good solulion
mighl be lo use locally generated inlerface idenliliers lor rouler inlerfaces bul lo configure
the rouler wilh a loopback interface wilh global scope lor managemenl purposes.
o
o
2-64 IPv6 Fundamenlals , Design, and Oeployment (IP6FO) v3.0 © 2010 Cisco Systems, Ine.
, 1111 ¡¡ iSin! iJJ ¡¡ ¿ [t
IPv6 Address Configuration (Cont.)
LAN: 2001 :DB8:C18: 1::/64
lpv6 unicast-routing
interface EthernetO
L:i:!:P.~,~.~d~d,~,~..~20~O~1:':'d~b8~'::'C1~8~,'::'..:.'I~'~'~'e~'::i'~'~'-==j-~MAC Address: 0060 .3E4 7.1530
routed sbow lpv6 interface Eth

Ethcl:netO 18 up, line protoc
IPv6 is ennbled, link-l
Global unicast address ( ) :
etO
19 up
\\
es:'
Q \\1: 'p'
1 nddres9 is FESOI1260:3' FIPÉ'-7iis3Ó
2001~DB9;CIB:ll260:3EFF:Fg47:1530, subnet la 2001:0a8:C1811::/64

Jolncd group address(cs):
FF02:: 1:PF47:1530
FF02111
FF021:2
"TU la 1500 bytes
The IPv6 address can be completely specified, or the host identifier (the right-most 64 bits) can
be compuled from Ihe extended universal identifier (EUI)-64 ofthe interface. In the example,
Ihe IPv6 address ofthe interface is configured by using the EUI-64 formal.
The configuration ofthe IPv6 address on an interface automatically configures the link-local
address for that interface. Also, the interface automatically joins these required multicast
groups tor that link:
• Soliciled-node multicas! address FF02:: I :FF4 7: 1530
• AII hosls on the link multicas! addresses FF02:: I
• AII routers on the link multicast addresses FF02::2
The solici!ed-node multicas! address is used in the Duplicate Address De!ection (DAD)
algorithm and neighbor discovery.
A solicited-node multicast address isjoined for each IPv6 unicas! and anycast address thal is
configured on the interface.
© 2010 Cisco Systems, Ine. IPv60perations 2·65

()
Mod ified EUI-64 Format c"~\,,,, ~ \.\- " ~

:. . . ~ c
'f os
n
"'"
Ethernet MAC Address
(48 Bits) ,, , , ,, ,,
!:IJ\ -\.:." n
[ 001 90 27 í• •
I FF FE
64-Bit Version :: (' ",_\l v.. C)",

-:¡¿ Universally Unique ,'" 'L ).
UIL Bit where X =
{,-'.J
O = Locally Unique
'-
Modilied EUI-64 Address
A modified EUI-64 address is formed by inserting

"FFFE" and complementing a bit that identifies the
uniqueness of the MAC address.
The interface identifier for stateless autoconfiguration in an Ethernet environment uses the n
modified EUI-64 formal. The EUI-64 format expands the 48-bit Ethernet MAC address format
to a 64-bit version, by inserting "F FFE" in the middle ofthe 48 bits.
The seventh bit (starting with the left-most bit) in an IPv6 interface identifier is referred to as
the Universa l/Loca l (U/L) bit, which identifies whether this interface identifíer is llniversally
llniqlle or is locally llnique on the link. Ifthe interface identifíer \Vas created from an Ethernet
MAC address, il is assllmed thal the MAC address is llniversally llniqlle and tilloS, so is the
interface ident ifier.
The U/L bit is for future use ofthe llpper-Iayer protocols, to lIniqllely identify a connection ,
even when there is a change in the left-most part of the address. However, this feature is not ye!
111 use. n
Tip Notice that bit 7 is complemented, to mark an EUI-64 address as having been built lrom a
globally unique token. Today, Organizationally Unique Identifrers (OUls) are assigned with
n
bit 7 set to O. When bit 7 is complemented, the EUI-64 counterpart always has a 1 in that bit
position. This technique makes it easy tor you to configure manual addresses, because
these bits are left at O to indicate local signifrcance. Consider the address
n
2001 :DB8:8:AB::35. Setting bit 7 01 the interface identilier lo O is easier Ihan setting Ihal
same bil lo 1, which would be 2001:DB8:8:AB:02:: 35. n
n
2-66 IPv6 Fundamentals , Design, and Oeployment (IP6FO) v3.0 © 2010 Cisco Systems, Inc.
Autoconfiguration
This topic describes the t\Vo types of IPv6 autoconfiguration.
Autoconfiguration
Autoconfiguration
• Stateless
- Uses neighbor discovery router advertisements
- Stateful f'~'l.y ..,.\ .... ",oo\-", t:FC,:),-:'.2... (,,"~v\ .. ( St~:1 \( ~ljQ)
.- Uses DHCPv6 service '
- \. ",.~;~y \.\. ':)"\ .,-')
o
u Autoconfiguration is an integral component of l Pv6. The two types of l Pv6 alltoconfigllration
are as follows:
(J
• Stateless autoconfiguration: Uses neighbor discovely mechanisms lo find rOllters and
dynamically creale IPv6 addresses
• Stateful aUloconfiguration : Uses a DHCP version 6 (DHCPv6) server lo assign IPv6
addresses lo nodes

Router Advertisements ()
Q fI (R"ú hr tí'" ~ ,,'" ")
Routers send periodic router advertisements to the f'''' (D fl e ('" )
R-I'\ ( f'''v-'''- ~", ,," ~
n
')
all-nodes multicast address.
()
- n
Router 5~'" Router
Advertisement Advertisemenl
()
Router advertisement packet:
• ICMP Iype 134 y
• Source = Rouler link-local address
()
• Deslination =FF02::1 (all-nodes mlllticast..address) f F G ~_
L-_
' ._0" • •_,.__ • .;,.~_. ~_~_,~_;.>a_.~~__~_~_ti_o_n_s_,p_r_~_f_iX_, ti"m,",~ ~:1,,~.~-;.¡:;~o¡;,~_'f;. j;;. U\_~_.~_~_o_r:ú_la_g ~_.\-_~\.~;.:;.: . ;E.'~:.I ,,,.~ ,,~~~::~~ n
__ _lif_e... ...'. ... ___ ;"
_...;.
_\ .;.
, \ .\
Router advertisements are sent periodically and on request, by routers on all their configured n
interfaces . A router adverti sement is sent to the all-nodes multicast address. This information
tha! might be con!ained in the message:
• One 0 1' more prefixes that can be used on the link. This information enables stateless
autoconfiguration ofthe hosts. These prefixes must be /64 for stateless autoconfiguration.
()
• Lifetime ofthe prefixes. By default, in C isco lOS Software, the lifetime is very long: The
default valid lifetime is 30 days, and the default preferred lifetime is 7 days.
• Flags that indicate the kind of autoconfiguration that the hosts can perform.
• Default router information, such as existence and lifetime.
• Other types of infonnation for hosts, including default maximum transmission unit (MTU)
and hop count.
By sending prefixes, a router advertisement enables the autoconfiguration ofhosts. By

ass igning lifetimes to prefixes, a router advertisement enables the renumbering ofhosts. An
old, deprecated prefix has a lifetime that is decreased to zero, and a new prefix will have a
normal Iifeti me.
Router advertisement timing and other parameters can be configured on the routers.
n
n
n
n
o
u Router Advertisement Parameters
Router advertisements: . \-10,\

• Default router
• IPv6 network prefix
• Options:
• Lifetime of advertisementG"i
• MTU ((' "',. \) t> )
u • Prefix Length
• Router priority
Autoconfiguring IPv6 Hosts
J
() • L-bit '?-~\)\tf (0"\ O~),P
• A-bit e'\. ...... o. .\0.. ........... -'\.,) \-\T'"Il P \, !f'(1.. J fe,
u ,-., ' . c... '
The router plays an impo.tant role in host configuration of an IPv6 network. An IPv6 router
uses the neighbor discovery prolocol to periodically advertise information (router
u adve.tisements) to the a II-nodes mullicast address (FF02:: I).

The router advertisements contain parameters that can be adju sted on the router. These
parameters are specific to Ihe interface on which Ihey are configured, and consist ofthe
o following:
• The time interval betweenneighbor solicitations that the IPv6 nodes and the router use
(J • The lime interval between periodic router advertisements
• The lirelime ofthe router ad verlisement
• The lifetime ofthe neighbor reachabilily cache
• The network prefix adverti sement that the host autoconfiguration uses
The router advertisement lifetime can be used to influence default router selection on a subne!.
Ideally, a subnet that is served by multiple routers uses the best router as Ihe default when that
router is working; the default changes to another, less-optimal router ifthe best router stops
working. Youmust carefully consider all candidate routers on the subnet when choosing the
router liretimes.
Additionally, the router sets these parameters:
CD •
•
MTU
Prefix length
• Router priority, which makes it possible to configure multiple routers with different
priorities
• The L-bit flag that indicates whether the prefix is available OIl-link. On-link addresses can
be accessed directly, not through a gateway. Note that lack ofthis flag does not mean that
all addresses ofthe pretix are off-link.
• The A-bit flag that indicates \Vhether Ihe prefix may be used for autoconfiguration.
© 2010 Cisco Systems, Ine. I Pv6 Operations 2-69

Router Adveríisements
At boot time, nodes send router solicitations to

promptly receive router advertisements.
+-+
Rauter
Salicitatian
-
Rauter
Advertisement
Router solicitation packet:

• ICMP lype 133
• Source =:: (unspecified address)
• Deslination = FF02::2 (all-roulers mullicasl address)
A router advertisement is typically sent immediately following a router solicitation. Router

solicitations are sent by hosts at boot time, to ask routers to send an immediate router
advertisement on the local link so that the host can receive the autoconfiguration information
without waiting for the next scheduled router advertisement.
The router solicitationmessage is defined as follows:
• The ICMP type is 133.
• The source address is the unspecified address (01' the IP address that is assigned to the
sending interface when the IP address is known, which is not usually the case).
• The destination address is the all-routers multicast address with the link-local scope.
When an anslVer lo a l'Outer solicitation is sen!. the destination address ofthe l'Outer
adve.tisement is the unicast address of the requestor.
To avoid flooding, router solicitation should be sent only at boot time and only three times.
This practice avoids flooding of l'Outer solicitation packets in the absence of a l'Outer on the
network.
2·70 IPv6 Fundamentals. Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Surnrnary
This topic slIl11l11arizes the key points that were disclIssed in this lesson.
i ¿¡¡ &iUJiillil 2
Summary
• IPv6 must be enabled globally on a Cisco router and on any

interface lor which you want to route IPv6 packets.
• The ipv6 unicast·routing command is used to enable IPv6
routing on a Cisco router. Assign IPv6 addresses to
interfaces by using the ipv6 address command.
• Autoconliguration provides a type 01 network "plug·and·play"
leature, in which devices can pick their own address, based
on router·provided inlormation.
© 201 o Cisco Systems, Ine. IPv6 Operations 2·71

2-72 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3,Q © 201 O Cisco Systems, Ine.
Lesson si
Using ICMPv6 and Neighbor

Discovery
Overview
Internet Control Message Protocol (ICMP) plays an important role in troubleshooting nelworks,
facilitating simple tools such as ping 01' determining that a packet could not reach its
destination. ICMP messages have also been leveraged for abusive purposes, such as Denial of
Service (DoS) attacks. As a result and as a preventative measure, many organizations block
ICMP traffic al the edge oftheir network. In IP version 6 (IPv6), the use of ICMP messages
continues, with an expanded role. Adopters of IPv6 need lo understand how ICMP version 6
(ICMPv6) messages are used so that they can develop security policies thal prolect their
networks while permitting maximum functionality.
Any device that attaches lO a network goes through numerous processes lo idenlify itself and lo
obtain services from the network. This premise is true in either anlP version 4 (IPv4) 01' IPv6
network. However, people who design and manage IPv6 networks will discover thal although
the processes Ihat are used in IPv6, have some similarities to those that are used in IPv4, they
are different. Understanding these processes is fundamental to properly supporting an I Pv6-
enabled environment.
This lesson describes ICMP types and codes and IPv6 neighbor discovel)', which is the process
in which neighbors discover each other and autoconfigure addresses.
Objectives
Upon completing this lesson, you will be able to describe ICMPv6 message types and how they
are used to troubleshoot IPv6 issues, and you will be able lo describe the neighbor discovery
protocol. This abilily inc1udes being able to meel Ihese objectives:
• Describe the format and use of ICMPv6 packets
• Describe the ICMPv6 error types and their codes
• Describe Ihe ICMPv6 Echo Request and Echo Reply types
• Describe the data link layers for which IPv6 is defined
• Describe ICMPv6 neighbor discovel)' message types
• Describe how IPv6 stateless autoconfiguration IVorks
• Discuss the value ofautoconfiguration in IPv6
• Describe ho\V renlllllbering is accomplished through router advertisements in IPv6
• Describe the syntax of the Cisco lOS commands that are lIsed for neighbor discovery
• Describe a network prefix renumbering scenario in Cisco lOS Software
• Describes the ICMPv6 MLD message types
• Describe ICMPv6 message types that are used for IPv6 Mobility
ICMPv6
This lopic describes Ihe formal oflhe ICMPv6 packet.
u ICMPv6
u Nexl Header = 58
ICMPv6 Packel IPv6 Basic Header
u \C~hl~ ICMPv6 Packel
u
u
u ICMPv6 is similar to ICMPv4:
• Provides diagnostic and error messages
• Is used for path MTU discovery (<".':) ~~.. \-l,~~'
u ~
Q,"'¡\\~ ~~c.:::."",~ . . \.o....c../.~"'\ •
~i. I c¿"'e (""'I~",l-u..... f\'t\l
5~ ~\ ,~;"~ ".;!:\ "'':l<''~~''"'-''-

~Q,\, <~ \'\r'i,.
', ,"" "'", " ,' " \ q<>hh-, '\'>\J "- \~ fe- ~ , _' (c. 'ti
u L-------------------------------------------------,__
ICMPv6 is like ICMP version 4 (ICMPv4). ICMPv6 enables nades lo make diagnoslic lests and
-,-~-~-~-.-~~>-~-u7,-o,~
, ~~\\ª~)~ .
reporl problems. Like ICMPv4, ICMPv6 implemenls t\Vo kinds ofmessages: error Illessages,
() such as Destination Unreachable, Packel Too Big. or Time Exceeded, and inforlllalional
messages, such as Echo Requesl and Echo Reply.
() The ICMPv6 packe! is iden!ified as 58 in Ihe Nexl Header field. An ICMPv6 packel is like a
Iransporl layer packel in lhe sense Ihal it is al Ihe end of Ihe chain of exlension headers. and il is
Ihe lasl chunk ofinformalion inlhe IPv6 packet. However, ICMPv6 is parl oflPv6: ICMPv6 is
nol a Layer 4 prolocol. In side Ihe ICMPv6 packel, Ihe Type fi eld idenlifies Ihe type of ICMP
message. The Code field fUlther delails Ihe specifics of Ihis Iype of l11essage. For Ihe receiver lo
u check the integrily ofthe ICMPv6 packet. Ihe Checksulll field is cOlllpuled over Ihe ICMPv6
packet as well as some fields inlhe IPv6 header. The Dala field conlains informalion that is
senl lo Ihe receiver for diagnoslics or infol'lnalion purposes.
u ICMPv6 is used in Ihe palh maximlllll Iransllli ss ion unil (MTU) l11echanislll, in wh ich an
ICMPv6 l11essage oftype Packel Too Big is senl back lo lhe path MTU discoverer. This
l11essage conlains lhe MTU oflhe nexl link. This process enables Ihe palh MTU mechanisl11 at
the origin to resend the packel wilh Ihe received MTU fmm Ihe ICMPv6 ll1essage.
ICMPv4 is often blocked by securily policies in corporale firewalls because ofknown attacks
u Ihal are based on ICMP. ICMPv6 is no differenl in Ihis conlexl, bul il has lhe abilily lo use IP
Securily (IPsec) aulhenlicalion and encryplion ir a security association exists belween the
parlies. These securily services decrease the possibililies of an attack thal is based on ICM Pv6.
u
u
u
u
ICMP Errors
This tapie describes the ICMPv6 error types and their codeso
ICMP Errors
• Type 1: Destination Unreachable

• Type 2: Packet Too Big ,
• Type 3: lime Exceeded '
-- Code O: Hop Limit Exceeded
- Code 1: Fragment Reassembly lime Exceeded
• Type 4: Parameter Problem
An ICMP type l error message is lIsed to report destination-lInreachable conditions. The code
provides granlllarity to (he sOllrce nade, to determine why the packet cOllld not reach its
destination.
Tip ICMPv6 error messages can be sent back to (he source nade by any inlermediate nade on
the nelwork. Unlike a successlul Echo RequesUEcho Reply exchange, which is end-to-end,
ICMPv6 error messages are senl by the nade thal encounlers Ihe problem. Therelore, il a
packel is undeliverable at any poinl in the path, lhal nade will use ils own IPv6 source
address lo send Ihe error message, which has impacts on lirewalls and olher infrastructure
devices.
An ICMP type 2 error message is an integral piece ofthe Path MTU Discovery (PMTUD)
process and shollld no! be blocked on a network.
Tip IPv4 also uses ICMP messages lo implement PMTUD. The difference is ¡hat in IPv4 Ihe
nade that sends Ihe Packet Too Big message cannol specily Ihe optimal lorward MTU 01 Ihe
nexI hop bul can only report Ihal Ihe currenl packet is too large.
An ICMP Iype 3 error message indicates Time Exceeded, which in one case means that the hop
limit has been reached. There are t\Vo codes: O indicates Hop Limit Exceeded, and 1 indicates
Fragment Reassembly Time Exceeded.
An ICMP type 4 error message indicates Pammeter Problem. As with other ICMP error
messages, a portion of the invoking packet that callsed this error is inclllded in the ICMP
message.
2-76 IPv6 Fundamentals, Design, and Deployment (IP6FO) v3.0 © 2010 Cisco Systems, Ine.
ü
u Maximum Transmission Unit
Link-Layer Frame
(j r --------------------~
Frame Header '"'1 Fr.me Tr.iler
u , " r
"V
---------_/
Minimum MTU = 1280 Octets .1
u
u IPv4
May not "squeeze" more than to minimum MTU
'! ~~'\"' \.
u MTU >= 68 octets (576 octets)
• IPv6
S 1'"",,\ "\" S """
- MTU >= 1280 octets
u -- Path MTU used
u In IPv4, the specified minimum MTU is 68 octets: the recommended best-practice minimum is
576 octets, which is the minimum reassembly buffer size. Therefore, any IPv4 network must
carry a packet that is as long as 68 octets. In IPv6, the minimum MTU is 1280 and the
lJ recommended minimum MTU is 1500, as a minimum reassembly buffer size.
Us ing PMTUD to find the maximum MTU in a path between the source and the destination is
u strongly recommended.
The basic IPv6 header supports a maximum packet size of64,000 octets. However, larger
packets are possible through a hop-by-hop option called the jumbogram.
IPv6 requires every link in the network to have al1 MTU of 1280 octets or greater. 011 a link
u that call11ot convey a 1280-octet packet il1 ol1e piece, lil1k-specific fragmentation al1d
reassembly must be providecl to make the limitatiol1 tral1sparel1t to IPv6.
u
u
u
u
u
o
u
= ,.
Path MTU Discovery
Source Destination
Packel wílh MTU = 1500
ICMP Error: Packet Too Big

Use MTU = 1400
Packel wilh MTU = 1400
ICMP Error: Packet Too Big
Use MTU - 1300
Packet with MTU = 1300
Path MTU =1300
PMTUD is a proeess to find Ihe MTU Ihal can be used from Ihe souree Ihrough Ihe deslinalion.
The proeess is as follows:
l. The souree node sends a paekel of a size equal lo Ihe MTU of ils dala link layer. In Ihis
example. 1500 is used.
2. The packel is forwarded Ihrough Ihe nelwork up lo Ihe deslinalion. unless Ihere is a smaller
MTU in Ihe palh. Iflhere is a smaller MTU in Ihe palh, Ihe rouler sends back lo Ihe souree
node an ICMP Iype 2 error mcssage (Paekel Too Big). The conlcnl oflhe ICMP packel
ineludes Ihe MTU oflhe nexl dala link layer, whieh is smaller Ihan Ihe size oflhe souree
paeket. Inlhis example, Ihe nexl MTU is 1400, so Ihe ICMP error message conlains 1400
as a h inl for Ihe source.
3. The source node resends a paekel Ihal is equal lo Ihe size oflhe received MTU.
4. This proeess repeats unlillhe packel reaches Ihe deslinalion. The size thal is used in Ihis
packel is Ihe palh MTU. In Ihis example, Ihe palh MTU is 1300.
1Pv6 does nol implemenl fragmenlalion in roulers. Fragmentalion is done only by Ihe source
node when the palh MTU is nol large enough. In IPv4. PMTUD is oplional and seldom used.
(IPv4 implemenls PMTUD by using Ihe Don'l Fragmenl, or DF, bit.)
Tip Nodes and applicalions do no! need to make use 01 PMTUD but rather can simply send the
Guaranteed Not To Be Too Big packet 01 1280 bytes. For certain applications, linding the
largest packet size possible between two peers (moving large data stores. lor example)
makes sense. For others, when sending small packets might even be prelerable (line VoIP),
finding the largest packet size possible might not be worth the discovery time and overhead.
Echo
This tapie describes the ICMPv6 Echo Request and Echo Reply types.
Ii
Echo
• Type 128: Echo Reques!

• Type 129: Echo Reply
-"-.,'" -,.".- j, '-"'-'''',.",,'
The ping application uses Echo Reqllest packets to probe for active systems. The Echo Reply
packet is the retllr1l response that is sent by a nocle that receives the Echo Reqllest.

IPv6 over Data Link Layers
This topic describes the data link layers for which IPv6 is defined.
=
IPv6 over Data link Layers
IPv6 is defined for most data link layers:

• Ethernet (
• ppp I
• FDDI'
• Token Ring
• HDLC /
• Nonbroadcast multiaccess.
• ATM I
• Frame Relay ,
• IEEE 1394
,;'¡',-,,,
IPv6 is defined on most ofthe current data link layers. Therefore, an RFC describes the
behavior of IPv6 in each ofthese specific data link layers. Cisco lOS Software does not
necessarily SUppOlt all ofthose options.
The data link layer defines how IPv6 interface identifiers are created.
2-80 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, tnc.
u
Neighbor Discovery
u This topie describes ICMPv6 neighbor di scovery message types.
u
Neighbor Discovery
u
• Type 133: Router Solicitation
u • Type 134: Router Advertise ment

• Type 135: Neighbor Solicita!Loo.
u -
• Type 136: Neighbor Advertisement
• Type 137: Redirect Message
u
u
u
"',-,> .'"
Neighbor discovery is used OII-link fo r router solicitation and advertisement, for neighbor
u solicilation and advertisel11ent (acq uisition of data link laye r addresses ror IPv6 neighbors), and
for lhe redirection ofnodes lo the best gateway.
© 2010 Cisco Systems, Inc. IPv60perations 2-81

)
;a
IP over Ethernet
Destination Source
Ethernet Ethernet I Pv6 Header and Payload
Address Address
• Ethernet 11 has the 16-bit EtherType field to indicate payload

protocol:
- IPv4 uses EtherType value Ox0800.
- ARP has EtherType value Ox0806.
- IPv6 has a different EtherType value: Ox86DD .
• Most other link-Iayer protocols use the same value as
EtherType to identify the carried protoco!.
Ethernet 11 uses the EtherType fíeld to identify the network layer protocolo
IPv6, like any network layer protocol, can be used on Ethernet. IPv6 has its own Ethernet
prolocollD, Ox86DD, which clifferentiates the packet fi'om other protocols. Inside lhe Ethernet
f!'ame are the IPv6 headers and payload.
IPv6 interface idenlifiers for Ethernet use the extended universal identifíer(EUI)-64 IEEE
standard.
2-82 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems. Ine.
ü
Neighbor Discovery
ü ARP is for IPv4 what neighbor discovery is for IPv6 .

• How IP acquires Layer 2 address of a neighbor:
u - Known network layer address, unknown link layer address

- IPV4 uses ARP
o - IPV6 uses neighbor discovery

• Neighbor discovery:
- Queries for duplicate addresses
u - Determines the link layer address of a neighbor

- Finds neighbor routers on link
u - Is achieved by using ICMPv6 with IPv6 mullicast
u "., ...., "
u Neighbor discovery is a process that enables these functions:

• Determine the data link layer address 01' a neighbor on the same link, like the Address
u Resolution Protocol (ARP) does in IPv4.
• Find neighbor routers.
u • Keep track of neigh bors.
Neighbor discove.y achieves Ihese results by using ICMP with multicast addresses.
u
u
u
o
ü
u
(j
o © 2010 Cisco Syslems, Ine. IPv6 Operalions 2·83

So licited-Node Multicast Add ress n
I pretix: -a. - '1 ~ Inlerfá:: e Identmar
24 Bits
Solicited-Node Mullicast Address
128 Bits
Solicited-node address: n
• Mullicasl address wilh a link-local scope
• Formed by a prefix and the righl-most 24 bits of every unicast
and anycast address
The solicited-node address is a multicast address. Any node mustjoin the multicast group that
corresponds to each of its unicast and anycast addresses. The solicited-node address is
composed ofthe FF02:0:0:0:0:1 :FF/ I04 pretix, concatenated with Ihe right-most 24 bits ofthe
corresponding llllicast or anycast address.
As an FF02::/16 address, a solicited-node multicasl address has a link-local scope.
Solicited-node addresses are used for Neighbor Solicitation messages, when anolher node
o
needs Ihe data link layer address of an IPv6 address lo send Ihe right feame on Ihe data link
layer. The source node takes the right-most 24 bils oflhe IPv6 address ofthe deslinalion node
and sends a Neighbor Solicilation message lo the mu1ticasl group on Ihe link-local address. The
corresponding node responds wilh ils dala link layer address.
Thi s funclion avoids Ihe broadcasts that are used in IPv4 ARP, in which al1nodes receive Ihe
requesls.
()
o
2-84 IPv6 Fundamentals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, In e.
o
u Multicast Mapping over Eth ernet
u IPv6 Address
u IPv6 Solicited-Node
Mullicast Address
u Corresponding
"" I'Oth,ernetAddress
H e
Multicast pref;J'x \
u ter Ethernet
Müíticast ,"\0 Ir sco~t
~\ \, )l.. \0<:0.\ '
Multiple IPv6 multicast addresses are mapped inta Ff

single Ethernet multicast address
u
u IfanlPv6 address is knolVn. then the associated IPv6 solicited-node mul!icast address is
known. The example in the figure gives the IPv6 address
u 200 I :DB8: I 00 I :F:2CO: I OFF:FE 17:FCOF. The associated solicited-node address is

FF02:: I :FF 17:FCOF.
Ifan IPv611lulticast address is knowll , !hen the associated Ethernet MAC address is known.
u Multicast Etherne! addresses are fonned by adding the last 32 bits ofthe IPv6 multicast address
!o 33:33.
u As !he figure sholVs, the IPv6 solicited-node multicas! address is FF02:: I :FF 17:FCOF. The
associated Ethernet MAC address is 33:33:FF: 17:FC:OF.
Tip You mus! unders!and that the resulting MAC address is a virtual MAC address: 11 is not
burned into any Ethernet card , Depending on the IPv6 unicast address, which determines
u the IPv6 solicited -node mullicast address, any Ethernet card may be instructed to listen to
any 01 the 2 24 possible virtual MAC addresses that begin with 33-33-FF , In IPv6, Ethernet
cards olten listen to multiple virtua l multicast MAC addresses as well as their own burned-in,
u unicast MAC addresses,
u
u
u
© 2010 Cisco Systems, Ine. IPv6 Operations 2·85
)
:po¿
NQighbor Discovery: Neighbor
Solicitation
n
ICMP Type = 135
Sre = A ---------- ,
Ds!= Soliciled-nodeMulticastofB - 4 ,u. . . . . ,. . . . cx ...\t. ~Q) ~)lO(~ ;)l) ~ 1'\<' "~,,n {Q'P'"~..(
Data = Link Layer Address 01 A
Query = What Is Your Link Address?
ICMP Type = 136
Sre = B
- - - - - - - - - Dst = A
Data = Link Layer
Address 01 B
A and B can now exchange
paekets on this link.
""'" ..~. ..
The example in the figure shows how to determine the data link layer address of a neighbor in a n
process called Neighbor Solicitation. This funclion is like ARP in IPv4. For efficiency, the
requestor also sends lhe dala link layer address oflhe source node.
The ICMP message type 135, which is identified as Neighbor Solicilalion, is senl on the link.
The source address is the I Pv6 address or Ihe source node, if known. The destination address is
Ihe soliciled-node mullicast address lhal corresponds lo Ihe IPv6 address oflhe deslinalion n
node. The message also ineludes lhe dala link layer address oflhe source node, so that Ihe
deslinalion node can use lhat address righl away.
The deslinalion node responds wilh an ICMP message type 136, which is identified as
n
Neighbor Advertisement. on lhe link. The source address oflhe responding message is Ihe IPv6
address oflhe deslinalionnode, and the destinalion address is the IPv6 address orthe source
node, because il is Ihe answer. The dala porlion includes Ihe dala link layer address oflhe
deslinalion node, which is redundanl, and Ihe data link layer address Ihat is included in lhe
f!'ame. After receiving {he answer, the source node and the destination node can cOllllllu nicate n
on lhe link because Ihe dala link layer addresses are known lo bolh.
n
n
n
n
n
n
2-86 IPv6 Fundamenlals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Syslems, Ine.
n
Ne ighbor Discovery: Neighbor
u Solicitation (Cont.)
u Neighbor advertisement message:

• R: Router flag, indicates sender is a router
u • S: Solicited flag, indicates message is sent in response

to a neighbor solicitation
• O: Override flag, indicates advertisement should override \ \
o existingneighborcache~ n,A , ~\(u... (0.. ..... \.\0 o. 'lb.....!) . . \:I (>
u
u
u ' ....,., •. , -~ .' .,-,' I.,,,· ,.~ ,.•"".,'
u The neighbor solicitation process is also used to verily the reachability of a neighbor. In that
case. the destination address is not the multicast address but the unicast address orthe neighbor.
Neighbor advertisements can be sent when there are changes in the data link layer addresses. In
ü that case, Ihe source ofthe advertisement sends a message to Ihe all-node rmrlticast address.
Neighbor advertisernents contain three flags to indicate the purpose oflhe message:
u • R flag: Indicales Ihal the sender is a router
• S flag : Indicates Iha! Ihe rnessage was senl as a response lo a previous neighbor solicitation
u rnessage
• O flag: Indicates that the infonnation in the ad verlisernent should be used to override lhe
o existing entry in the neighbor cache
The last two flags are lIsed to eran a response wilh the sarne pllrpose as gratllitous ARP in IPv4.
u
o
u
o
o
o
u
ti 2ii
Neighbor Discovery: Redirect
Ethernet Deslination ~ R2 (Default Rouler)

IP Souree ~ A
R1 IP Deslination ~ 2001 :DB8:C18:2::1
Slub Network i Rediree!:

"'''i,!(,!Ji,~j'' --S;;:;;ou:;:'r~e;;:e~-;"R=-2""'--------
Destination;::; A
2001 :DB8:C18:2::/64 Dala ~ Good Rouler ~ R1
Roulers use redirecl lo signal lhe rerouting of a

packel lo a betler rouler.
A Redirect Message is sent by a router to signal the rerouting ofa packet to a belter on-link
rouler. The host that receives this message lhen reroutes future packets via the better router.
This process is equivalent to lhe ICMP redirect function in IPv4.
In this example, nade A sends a normallPv6 packet to a destination address,
2001 :DB8:C 18:2:: 1, by its default router, R2. R2 forwards the packet to R 1 as normal but also
knows that R 1 has an interface on the same segment as nade A. R2 lhen also sends a Redirect
Message back to nade A, directing the use of Rito reach the targeted destination for future
packets.
Tip Rouler Redireel Messages can pose a seeurily Ihreal lo hosls Ihal share a link wilh Ihe
atlaeker. An atlaeker can send a manufaelured Redireel Message. as if il ca me from Ihe
rouler, lo Ihe vielim, lelling il lo use a differenl firsl-hop address lo reaeh off-link deslinalions.
The Iraffie of Ihe vielim is often redireeled lo Ihe atlaeker. Al Ihal poi nI, Ihe atlaeker can
eilher blaek-hole Ihe Iraffie (DoS atlaek) or forward Ihe Iraffie, resulling in a man-in-Ihe-
middle atlaek.
lid & ;; II11 1 11 I 111 iIi2 _1 I J¿¡ib
Duplicate Address Detection

15 anyone
else uslng
myaddress?
ICMP Type 135

Source = ::
Destination = Solicited-Node Multicast Address of A
Data = Link Layer Address of A
Query" What Is Your Link Address?
o
• DAD uses neighbor solicilalion lo verify Ihe exislence of an
address lo be configured .
• DAD is nol used for anycasl addresses.
, ,". '" .., \" •...~ ""'.-
Duplicate Address Detection (DAD) uses neighbor solicitation to query whether anolher node
on Ihe link has the same IPv6 address. DAD sends a Neighbor Solicilalion packet to the
solicited-node multicast address ofits own IPv6 address. The source address ofthis packet is
the unspecified address (::). Ira node responds to that request, then the IPv6 address is in use
and the requesting node should not use that address.
DAD is used during the autoconfiguration process to l11ake sure that no one else is using the
autoconfigured address.
Tlp Note that the DAD test Is sent from the unspecified address. Thls Is the case when the node
has yet to Inltlalize a link-local address and has no valid addresses yet-even the link-local
address Is marked as tentative. If the link-local address Is already conflgured for an
Interface, and the Interface needs to run the DAD process on another address, the nelghbor
solicltatlon Is sent from the already valid and tested link-local address (or another valid
address) because DAD Is a strlcUy link-local process.
© 2010 Cisco Systems, Inc, IPv6 Operations 2-89

This topic describes how IPv6 stateless autoconfiguration 1V0rks.
1. Rooter 2. Router 2. Router

So~citation Advertisement Advertisement
1. Router Solicítation: 2. Router Advertisement:
ICMP Type 133 ICMP Type 134
Source =:: Source = Router Link-local
Address
Destinatioo = FF02::2
Deslinaticn = FF02::1
Data = Please Sene! Router
Advert.!§.ement Data = Options, Prefix, Lifetime,
Autoconfiguration Flag
Router solicitations are sent by booting nades to request router
advertisements for configuring the interfaces.
Stateless autoconfiguration is an important feature of I Pv6. This type of autoconfiguration

allows serverless, basic contiguration of the nodes, as well as easy renumbering.
Slaleless autoconfiguralion uses the infonnation in Ihe Router Advertisement messages to
configure the node. The prefix that is incIuded in the router advertisement is used as the /64
prefix for the node address. The other 64 bits are obtained by the dynamically created interface
identifier, which in the case of Ethernet is the modified EUI-64 forma!.
Router advertisements are sent periodically. When a node boots, the node needs its address in
Ihe early stage ofthe boot process. Instead ofwaiting for the next router advertisement to get
the informatiol1 to configure its interfaces, a node sends a Router Solicitation message, asking
the routers on the network to reply immediately \Vith a router adveltisement so that the node
can immedialely autoconfigure. AII the routers respond with a normal Router Adveltisement
message that has the all-nodes multicast address as the destination address.
Stateless autoconfiguration, as it exists today, does not address the issue of finding the Domain
Name System (DNS) server for DNS resolution or of registering the computer in the DNS
space. The Internet Engineering Task Force (IETF) is discussing these issues lo enhance Ihe
autoconfiguration function. A draft that would allo\V DNS informalion to be specified in router
advertisements is under discussion.
2-90 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 o Cisco Systems, Ine.
Value of Autoconfiguration
This topic discusses the value of autoconfiguration in IPv6.
a 2. 2 ,
Benefits of Autoconfiguration /"
• IPv6 address autoconfiguration enables "plug-and-play." /

• Nodes may be deployed without a DHCPv6 server:
_. Mobile de vices (phones, PDAs, autos) /
... Home electronics (TVs, DVRs, appliances)/
- Field telemetry (sensor dust) I
• Autoconfiguration enables massive deployment (millions)
01 IPv6 nodes.
• Autoconfiguration incurs low control plane overhead.
- ',.'.' __ ,"'" '.',c,o, -'
Autoconfiguration in IPv6 simplities the deployment ofnodes that might not have access to a
DHCP version 6 (DHCPv6) SerVel'. Also, devices that use low-memory-capacity integrated
circllit chips, commonly referrecl to as thin clients. might not have adequate space to
accommodate the programming cocle that supports complex connection processes.
Autoconfiguration is a basic function of any IPv6-enabled network stack. Autoconfiguration
facilitates the deployment of new classes of IPv6-enabled clevices. such as low-power field
sensors for the military, new mobile devices. and home appliances.
More-traclitional network environments. specifically enterprise-type networks, \ViII probably
continue to rely on well-known mechanisms-namely DHCP-for IP aclclress allocation.
However, in environments that have a high volume oftransient nodes, such as airport hotspots
01' celllllar net\Vorks, autoconfiguralion reduces lhe overall complexity of servicing millions of
nodes.
© 2010 Cisco Systems, ¡ne. IPv6 Operations 2-91

Renumbering
T his topic describes how renu1l1bering is acc01l1plished through rouler adverlise1l1enls in IPv6.
Renumbering ("",,"\';, \",{:x i,.,. l. Co"""tA-'o'luJ >V)("~

'1- {'c.o..~ \ . n
Router advertisement packet definitions:
• ICMP Iype ~ 134
• Src ~ Rouler link-loca l address
• OsI ~ AII-nodes mullicast address
Data;;: Two prefixes:
- Current prefix (to be deprecated)
with short lifetime
Router
- New prefix (to be used) with norma l Advertisement
lifetime
Renumbering is achieved by modifying

Ihe router adverlisemenl to announce
the old prefix with a short lifelime and
the new prefix.
""'''' . ... _ l.',,~,~ <' . . '"
Renu1l1bering ofnodes is achieved by sending router advertisements. These messages contain

both the o ld prefix and Ihe new prefix. Decreasing Ihe lifeli1l1e ofthe o ld prefix tells the nodes
lo use Ihe new prefix whi le keeping their current con nections open lo Ihe o ld prefix. During Ihat
n
periodo nodes have two unicasl addresses to use. When the old prefix is no longer used, Ihe
rouler adverlise1l1enl \ViII include only Ihe new prefix.
If slaleless auloconfiguralion is nol used, then olher ways ofrenu1l1bering sho uld be applied.
Auloconfiguralion greally helps Ihe renu1l1bering process.
Renulllbering of a whole sile also llleans Ihal Ihe roulers need lo be renulllbered. A rouler
renulllbering protocol is defined for Ihat purpose in RFC 2894, Rallter Rellll/llberillglar IPv6.
o
Note Router renumbering, as described in RFC 2894, has not been widely implemented.
o
o
o
o
(j
Cisco lOS Neighbor Discovery Command Syntax
u This topic describes the syntax ofthe Cisco lOS commands that are used for neighbor
discovery.
u Cisco 105 Neighbor Discove ry

Com ma nd Syntax
o
Used lo modify prefix adverlisemenl paramelers on v>~~<·"
an inlerfa~ from lheir defaull values
o router(config-if),
ipv6 nd prefix <prefix> I default
o T [<valid-lifetime> <preferred-lifetime>]
[at <valid-date> <preferred-date>]
[off-link] [no-autoconfig) J
o
ü
o
o By default, all /64 prefixes that are configmed as addresses on an interface are adve.tised in
router advertisements . The ip,,6 nd prefi, interface command is used to explicitly specify the
advertised prefixes in the router adve.1i sement messages. The syntax ofthe command is as
o follows:
• ipv6 lid prefi, prefi, <prefix> I defanlt I I<valid-Iifetime> <preferred-lifetime>11
o la! <valid-date> <preferred-date>lloff-linkllno-antoconfigll
For example:
o ipv6 nd prefix 2001 ; db8'c18.2 · ·/64 ~ OO ~
The specified prefix is 200 I :DB8: C 18:2::/64. If the default keyword is used instead of the
o prefix keyword, then the specified parameters apply tu all the prefixes.
In this example, the prefix is adverti sed on the link \Vith 43 ,200 seconds as the valid and
preferred liretime. A host on the link that uses address autoconfiguration will autoconfigure ils
ü IPv6 address from the advertised prefix. The valid and preferred lifetime counters are set to the
value that is specified in the router adve.tisement (43 ,200 seconds). Because the router sends
o periodic router advertisements, the valid and preferred lifetime counters on the host are
periodically reset to the advertised values. Instead ofspecifying an explicit lifetime, a date can
indicate the prefix expiration. The valid and preferred lifetimes are then counted dmvn in real
o time, and when the expiration date is reached, the prefix is longer adve.tised.
Usually, an announced prefix is a valid on-link prefix. A node that sends traffic to such
o addresses considers the destination to be on the sam e link. Ifthe off-link parameter is used for a
given prefix, the announcement makes no s!atemen! about the on-link or off-link property of
the prefix.
u
The no-antoconfiguration parameter indicates that Ihe prefix cannot be used for address
autoconfiguration.
By default, both on-link and autoconfiguration parameters are se!.
The ipv6 nd suppress-ra interface command sllppresses router adveltisements from being
sen!. By deralllt, Cisco rollters send rOllter advertisements on mlllti-access link types (sllch as
Ethernet) and do not send rollter advertisements by defalllt on point-Io-point link types (such as
seriallinks).
Cisco 105 Network Prefix Renumbering Scenario
This topic describes a network prefix renumbering scenario in Cisco lOS Software.
Network Prefix Renumbering Scenario
Router configuration before renumbering:
lnloerface EthernetO
lpv6 nel preflx 2001:db8u:18:11 :/64 43200 01.3200
Ne!work Prefix: 2001 :DB8:C18:1::/64

+ - - Router Adverlisements
Has! Canfiguratian:
Au!ocanfiguring
preferred address 2001:db8lc1811:260I9tf:fedeI8fbe
IPv6 Has!s
By default, the router advertises all prefixes (site-Iocal, unique local, and global) that are
configured on each interface. Many parameters-such as the router advertisement lifetime, time
interval between router advertisements, and other neighbor discovely parameters-use a default
value when nothing else is explicitly defined.
You can override the prefix adveltisement default values so that only the specified prefix
adveltisements are sent in router adveltisements. In the example that the figure shows, the
default values ofthe prefix advertisement parameters are overridden by using the ipv6 nd
p"efix interface command. The two values that follow the prefix parameter are the valid
lifetime and preferred lifetime addresses that are announced in the prefix. The valid lifetime is
the length oftime that an address remains in the val id state. After that time, the address
becomes invalid.
The preferred lifetime is the length of time that an address that is generated fmm the announced
prefix via stateless address autoconfiguration remains preferred. The preferred lifetime must
always be less than or equal to the val id lifetime.
Because router advertisements are sent periodically, hosts refresh the prefix information and
lifetimes accordingly. The address that is generated from the advertised prefix becomes
deprecated after the preferred lifetime expires. At that point, the host does not use the
deprecated address for new network connections but might still accept connections to this
deprecated address, as long as the va lid lifetime has not expired. This pmperty is used for site
renumbering of IPv6 addresses.
The example shows a network in which the currently advertised network prefix is
200 I :DB8:C 18: I ::/64. This prefix is advertised \Vith a lifetime of 12 hours.
Suppose you need to renumber the hosts in the network to use a new prefix, such as
200 I :DB8:C 18:2::/64. To do so, you can leverage the benefits of muter prefix advertisements.
@2010CiscoSystems, Ine. IPv6 Operations 2-95

Tip This technique for renumbering is best called host renumbering. Normally, routers do not
autoconfigure based on router advertisements. These and other network infrastructure
components are usually configured through many static settings, inc1uding address f)
assignment, route summarization and aggregation, access control list (ACL) or firewall rules,
a nd other parameters. Slateless au toconfiguralion helps when renumbering hosts, but
enterprise renumbering is still a significant undertaking. n
Network Prefix Renumbering Scenario
n
(Cont.) n
Router co nfiguration aft er ren umbering:
i nte ... ( lIce Et.hernetO (~",,-u'. o <'\.0 \0. ~ .....~"V's (
ipv6 nd pretil: 2001:db8lc18:1n/6" 4320 0 0 1

ipv6 nd prefh: 2001Idb8H::18 : 2:,/64 01 3200 ~O \ • .-poc: ......\..ot.
or
intorfacCl EthernetO
ipv6 nd pretil[ 2001ldbBlc18111l/U !&t."'"JIIl 31 2002 23t5t .rJí 1 200l 23 ,59
(" \
"\0",,1;)...
v \\,,,~
ipv6 nd preth 20011Ilb8IC181211/6t ,j200 43200-.......... . • ~--.o<> "'""
"!-( '" P I~)
New Network Prefix: 2001 :D88:C18:2:J64

\e" ro ,'15
Depreca ted Prefix: 200 1:D88 :C18:1 ::/64
\r,,\..~ kv\\.;c~,"
Router Advertisements
\.lo"" "'"
Hos t Configuration:
depreeated add ... ellll 2001,db8 , c 18,1,260,8ff,fcd c.8fbe
Autoconfiguring prcfcrrcd addre ss 20011db8.c18;2:260,8ff,fcdc;8fbe
IPv6 Hosts
' '' ''',·~·_7· ",
In this renumbering scenario, the network adm inistrator decreases the preferred lifetime of the
previolls network prefix to zero, thus indicat ing to the hosts that they should deprecate the old
network prefix. At the same time, a new network prefix is advertised,
T he hosts in the network then ha ve two configured network prefixes, The deprecated, or
previous, network prefix is no longer be used to initiate new connections. The reason for
deprecating the previous prefix instead ofsimply removing it (making the address inva lid) is to
nllow ex isting connectio ns to survive the renumbering process, If the advertised val id liret ime
is set to zero, then hosts o n the network cannot accept connections that are directed to the
deprecated address.
You can eventually remove the deprecated address announcement.
(;)
2-96 IPv6 Fundamentals, Design, and Oeployment (IP6FO) v3.0 © 2010 Cisco Systems, Inc.
o
ICMP MLD
This topic describes the ICMPv6 Multicast Listener Discovely (MLD) message types.
= ¿tia
Multicast listener Discovery
• Type 130: Multicast Lis!ener Query

• Type 131: MLDv1 Mullicas! Lis!ener Report
• Type 132: MLDv1 Mullicas! Lis!ener Done
• Type 143: MLDv2 Mullicas! Lis!ener Repor!
"t"',-.·"
MLD is used on-link. for routers to learn about Illulticast listeners. When a node joins a
Illulticas! group, it reports this join via an MLD version I (MLDv 1) 01' version 2 (MLDv2)
Report Illessage.

IPv6 Mobility
This topie describes ICMPv6 message types that are lIsed for IPv6 Mobility .
•
IPv6 Mobility
• Type 144: Home Agent Address Discovery Request

• Type 145: Home Agent Address Discovery Reply
• Type 146: Mobile Prefix Solicitation
• Type 147: Mobile Prefix Advertisement
Types 144 lhrough 147 are used between the mobile node and home agent, to exehange
mobilily inrormation.
2·98 IPv6 Fundamentals. Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Surnrnary
This topic s1l111111arizes the key points that were discllssed in this lesson.
E ¡
Summary
• Neighbor discovery is a critical process that allows neighbors

to determine the link layer address associated with a given
IPv6 address. Neighbor discovery also allows hosts to
receive prefix information to configure a global-scope
address and find the default router.
• Befare a nade can use an address, it must test the address
for uniqueness on the link. DAD is a process by which a nade
with a tentative address that it would like to use determines
whether that address is already in use.
• Cisco routers are IPv6-ready and are configured for IPv6
functions on a global and per-interface basis, depending on
the function being enabled.
• Autoconfiguration is highly scalable, supporting mi Ilion s of
transient nades and enabling a network environment with
support for mobile phones, field sensors, and ha me
appliances, as well as the ability to easily renumber.

2-100 IPv6 Fundamentals, Design, and Deployrnent (IP6FD) v3,Q © 2010 Cisco Systems, Inc.
Lesson 61
Troubleshooting IPv6
Overview
Each Cisco rouler Ihal is used lo support the integralion of IP version 6 (IPv6) into a nelwork
needs to be configured by using a specific command se!. When I Pv6 has been enabled on a
Cisco router, issues thal require the troubleshooling ofCisco lOS Software configuralions
mighl m·ise. This lesson describes Ihe IPv6 configuralion process on Cisco lOS Software and
provides some basic melhods for Iroubleshooling issues Ihal relate to IPv6 configuralions.
Objectives
Upon completing Ihis lesson, you \ViII be able lo configure and troubleshool a Cisco lOS rouler
lo supporl IPv6 operalion. This abilily includes being able lo meel Ihese objeclives:
• Configure a Cisco rouler lo SUppOlt IPv6 operalion
• Troubleshool IPv6 configuralion problems
• Describe some useful Cisco lOS Sotlware IPv6 debllg commands
• Describe sample output from the debllg ipv6 icmp Cisco lOS Software command
Cisco 105 IPv6 Configuration Example
This topic describes a Cisco lOS IPv6 configuration example.
Si
Cisco lOS IPv6 Configuration Example
IPv6 R2
FE80::260:3EFF:FE47:1530
LAN1: 2001:DB8:C18:1::/64 - ' - - - , - - - - - - -
R1
LAN2: 2001 :DB8:C18:2::/64
R1 configuration scenario:
• Manually configure an IPv6 address on all interfaces ..
• Configure router advertisement for LAN1 and LAN2 only.
• Configure a default route that points to R2.
The example includes an IPv6 configuration ofrouter RI in a basic network, as follows:

• R I advertisements are activated on the EthernetO (LAN 1) and Ethernet 1 (LAN2) interfaces
for Ihe globallPv6 prefixes.
• R I router announcements for both LANs use a prefix with valid and preferred lifetimes of
12 hours (43,200 seconds).
• An IPv6 defaull route thal poinls to router R2 is installed on R l.
2·102 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Cisco lOS IPv6 Configuration Example
(Cont.)
FE80::260:3EFF:FE47:1530
LAN1: 2001:DB8:C18:1::l64
R1
() LAN2: 20(11'rj!38:G1~:~:~
ipv6 unic8at-routing
u interface EthernetO
ipv6 address 2001:db8:c18:1::a/64
_____+IPv6 Address on Ethernet
ipv6 nd prefix 2001Idb8:c1811s:/64 43200 43200 Interfaces
u
interface Ethernet!
ipv6 addrea8 2001Idb8:c18:2:la/64 Router Adverlisement on LAN2
ipv6 nd prefix 2001Idb8:c18:2::/64 43200 43200
Delault Route to R2
lpv6 coute 'l/O Ethe rnetO feBO:: 260 I JeU: feol 7 <1530
u
u The figure sholVS the configuration of router R l. This configuration defines the IPv6 address of
both Ethernet interfaces by us ing the ipv6 addl'ess command. The configuration also enables
u router advertisement on both interfaces by using the ipv6 nd prefix command.

A default sta tic route to router R2 is added. Note that the route points to the R2 link-local
address. When a router uses a link-local address to the next-hop router, the output interface
u must be specified.
u Tip These are long prelix liletimes. although not as long as the delaults that are specilied in the
neighbor discovery RFC (a valid liletime 01 30 days and a prelerred lilelime 01 7 days). The
selected liletimes and the router advertisement interval (the interval between unsolicited
u router advertisements) are related. II the router sends a router advertisement every 10
minutes (Ior example), there is little reason to have such long prelix liletimes. The value
"inlinity" is supported lor deployments in which the prelixes should be considered va lid
u regardless 01 the health 01 the subnet routers.
·,k .~ '?-cu"" ~,,,~"'--U- ~,,~ skc"-'--

u éQ",-
~".
",>,,-
\'o •.~
" . .. ___ '('"",,,
w ,),'¡,~'-') ( R..\ ~((. ,t¡:.¡" .c~}tl'- ')

'\ ''''''''.$( 1\,,->,1
u \G> "--'1,,\4:.
(;). o . .0 . a
u
u
u
Cisco lOS show Commands
This topic describes t\Vo useful C isco lOS Software commands for troubleshooting IPv6 issues.
n
Cisco lOS show Commands
• Send IPv6 ICMP echo request to the default router:

n
\"f("'b.\~c" ~ \~\\....,~.)
routert ping 2001:DB8:C18:1:260:3EFF':FE47:1530
()
Type escape sequence to aborto
Scnding 5, lOO-byte ICMP Eebos to 2001 : DB8:C18:1:260:3BFP':FE47:1530, timeout
18 2 seconds:
11111
Success rate la 100 percent (5 / 5), round-trip min/avg/max - 1/1/1 ms
• Display the neighbor discovery cache on the router:

router' show ipv6 ncighbors
IPv6 Address Age Link-layer Addr State Interface
FEBO:: 260:3EFF:FE47:1530 260060.3e47.1530 RBACH EtbernetO
2001:DB8:C18:1:260:3EFF:FE47:1530 O 0060.3e47 . 1530 RBACH EtbernetO
These two useful diagnostic cOlllmands are shown in the figure:

• ping: Use the ping command to validate IPv6 connectivity with the default router. n
• show ipv6 ncighbors: Use the show ipv6 ncighbors cOlllllland to examine the neighbor
\
reachability cache on the router. n
n
[)
n
n
n
2-104 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3. 0 © 2010 Cisco Systems, Inc.
n
Cisco lOS debug Commands
This topic describes some useful Cisco lOS Software IPv6 debllg commands.
¡¿
Cisco lOS debug Commands
Sorne debug cornrnands are available:

router'
Idebug ipv6 packet
• IPv6 packet-Ievel debugging
I debug ipv6 icmp
• ICMPv6 debugging
Idebug ipv6 nd
• Neighbor discovery debugging
Idebug ipv6 routing
• IPv6 routing table event debugging
You can activate some debllgging modes to examine IPv6 activity. When activated, these
modes display information 011 the console.
• debng ipv6 packet: Ellables IPv6 packet-Ievel debllggillg
• debng ipv6 icmp: Ellables ICMPv6 debllggillg, except Ileighbor discovery
• debng ipv6 nd: Ellables ICMPv6 neighbor discovery debllggillg
• debng ipv6 I'onting: Ellables I Pv6 rOlltillg table evellt activity
© 2010 Cisco Systems, Ine. IPv60perations 2-105

Cisco lOS debug Command Example
This tapie describes sample output from lhe debug ipv6 icmp Cisco lOS Software command.
:Sid UGii2
Cisco lOS debug Command Example
• debug ipv6 icmp example:
IPv6 ICMP Echo Requesl and Reply lo Rouler

/
routerl dcbug ipv6 icmp ~~

ICMPv6: sending echo request to 2001:DB8:C18:1::85
ICMPv6: Received ICMPv6 packet from 2001:DB8:C18:1::85, type 129
ICMPv6: Received ICMPv6 packet from FE80::260:3EFF:FE47:15JO, type 134
" " Rouler Adverlisemenl Message
• "-0'"
The figure sholVs an example in which IPv6 Internet Control Message Protocol (ICMP)
debugging is activated anel logs are received on the console por!. The router sent an lPv6 ICMP
echo request to a host, and an echo reply (type 129) \Vas received. Similarly, a router
advertisement IVas received on the link (type 134).
2-106 IPv6 Fundamentals, Design, and Deploymenl (IP6FD) v3.0 © 201 OCisco Systems, Ine.
Summary
This topic s1l111111arizes the key points that were disclIssed in this lesson.
mili Ji 222i2iiUJ id
Summary
• Many commands lo configure IPv6 are used within Cisco lOS

Software, including global commands to enable IPv6 routing
and inlerface-specific commands to alter default settings for
prefix advertisement. AII commands will be familiar to anyone
who uses the Cisco CL! for IPv4 configuration .
• Troubleshooting an IPv6 implementation is accomplished by
using the Cisco CL! show and debug commands, which
allow the current stale of the device to be reviewed.
Debugging provides a real-time view of activity.

2-108 IPv6 Fundamenlals, Design, and Deployment (IP6FD)v3.0 © 2010 Cisco Systems, Inc.
Module Summary
...
This topic sllmmarizes the key points that \Vere disclIssed in this modllle .
dd J2JJi
Module Summary
• With a 128-bit address length, the IPv6 address space is significantly

larger and more diverse than Ihe IPv4 address space and thus is more
complicated to manage.
• The header format for each IP packet carries crucial information for the
routing and handling of each packet payload.
• Most major operating systems already suppor! IPv6, but suppor! in
applications can vary from application to application.
• Cisco has provided suppor! for IPv6 in Cisco lOS Software since 2002.
• IPv6 neighbor discovery is a process in which neighbors discover ea eh
other and autoconfigure addresses.
• After IPv6 has been enabled on a Cisco router, issues might arise and
require troubleshooting of Cisco lOS Software configurations.

2-110 IPv6 Fundamenlals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Syslems, Inc.
Module Self-Check
Use the qllestions here to review what you learned in this module. The correct answers and
solutions are found in the Module Self-Check Answer Key.
Q 1) Which address representation is incorrect? (Source: "Understanding the IPv6
Addressing Architecture")
A) FE84:5:6:7::8
B) 200 1: 1:2::34
C) FFG2::1
O) FECO:A:B:C::O
Q2) Anycast addresses exhibit which characteristics? (Source: "Understanding the IPv6
Addressing Architecture")
A) They have only site-Iocal scope. which uses unique local addresses.
B) They have properties such as multicast addresses.
e) They are indistinguishable from unicast addresses.
O) AII addresses are anycast addresses but must be used with Iink-scope multicast
mechanisl11s.
Q3) The IETF has allocated 2000::/3 to lANA for globalunicast assignments. Which
allocation is within that /3 prefix? (Source: "Understanding the IPv6 Addressing
Architecture")
A) 300A::1I6
B) 4ABC:4367::/32
C) 0001::116
O) 2001 :OB8::/32
Q4) Which three IPv4 header fields were dropped when IPv6 was created? (Choose three.)
(Source: "Oescribing the IPv6 Header Format")
A) IHL
B) Type of Service
C) Header Checksum
O) Flags
E) Flow Label
Q5) The extension headers serve which important function in IPv6 networks? (Source:
"Oescribing the IPv6 Header Fonnat")
A) identify optional processes that can be run on each IPv6 packet
B) allow IPv6 nodes to manipulate routers
C) identify processes that manipulate the routers in the path ofa packet
O) replace the traditional role ofTCP and UOP in a network
Q6) Which command enables IPv6 on a Cisco router? (Sollrce: "Enabling IPv6 on Cisco
ROllters")
A) ipv6 routing enable
B) ipv6 unicast routing enable
C) ipv6 IInicast-routing
O) ipv6 enable

07) Match the IPv6 address assignlllent or enabling cOlllllland with the appropriate
classilication. (Source: "Enabling IPv6 on Cisco Routers")
A) ipv6 address fcSO::500 link-local
B) ipv6 addrcss2001:dbS:7:S::!64 eui-64
C) ipv6 enable
D) ipv6 address 2001 :dbS:7:S::!64 link-local
l. assigns a link-local address
2. enables IPv6 on an interface, resulting in an autolllatically generated link-
local address
3. assigns a global-scope address, allowing the low 64-bit interface identifier
to be generated autolllatically
4. illegal cOlllllland that attelllpts to assign a global-scope address as a link-
local address
08) Neighbor discovery is used for which three ofthese functions? (Choose three.) (Source:
"Using ICMPv6 and Neighbor Discovery")
A) discover Layer 2 addresses of on-Iink IPv6 peers
B) discover the Layer 2 address ofthe default router on the subnet
C) discover on-link routers that can act as default routers
D) discover the link-locallPv6 addresses of on-link neighbors
09) Stateless autoconfiguration relies on which Illechanislll to convey prefix infonnation to
hosts within the environlllent? (Source: "Using ICMPv6 and Neighbor Discovery")
A) DHCPv6
B) Illultiprotocol DHCP
C) router adveltiselllents that are sent by the subnet-Iocal router
D) directed broadcasts that are sent by using UDP address updates
OI O) Which statelllent best describes the Redirect Illessage functionality? (Source: "Using
ICMPv6 and Neighbor Discovery")
A) Redirect Illessages are sent by hosts to routers, to indicate that traflic should be
redirected to an alternate destination.
B) Redirect Illessages are sent by routers to hosts, to allow thelll to autoconfigure
addresses that use the included prefix.
C) Redirect Illessages are UDP-based Illessages that Illodify the neighbor table in
link-local hosts.
D) Redirect Illessages are sent by routers to link-Iocalnodes, to update their
routing entry for off-link destinations with a betler first-hop router.
011) Which ICMP Destination Unreachable code is not authentic? (Source: "Using ICMPv6
and Neighbor Discovery")
A) no route to destination
B) pOlt unreachable
C) lllalforl11ed packet r"jected
D) host unreachable
2-112 IPv6 Fundamenlals. Design. and Deployment (IP6FD)v3.0 © 2010 Cisco Systems, Ine.
Q 12) The Cisco lOS Software show ipv6 neighbors command shows which infol'lnation?
(Source: "Troubleshooting IPv6")
A) routers that have formed a routing protocolneighbor relationship, such as
OSPFv3
B) IPv6-capable neighbors, as detennined by the Cisco Discovely Protoeol at
Layer 2
C) off-link nodes with which the localnode has an established session
D) the neighbor cae he contents, which show link-Iocalnode MAC address-to-IPv6
address mapping
Q13) What does the debllg ipv6 icmp command show? (Source: "Troubleshooting IPv6")
A) logging-buffer cOlltcnts that relate to ICMPv6 errors
B) real-time ICMPv6 traffic, except that related to neighbor discovery
C) real-time ICMPv6 traffie for message router solieitation and router
advertisement
D) RIPng messages that ride on the ICMPv6 protoeol

/""',

QI) II
Q2) e
/-'\
Q3) A
Q4) A,e,D
Q5) A
Q6) e
Q7) I-A
2-e
"'--"
3-11
4-1)
QS) A, 13, e
Q9) e
QIO) D
QII) e
,/.-,\
Q12) 1)
Q13) II
2-114 IPv6 Fundamenlals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Syslems, Inc.
Module 31
IPv6 Services
Overview
Diverse requirements and leveraging the network for business purposes continually compel the
development oftechnologies to enhance netll'ork performance or increase network capabilities.
Services such as quality ofservice (QoS) and multicasting, plus network managemenl lools
such as Secure Shell (SSH), FTP. Telnet, and ping are requirements for networks. This module
describes Ihe changes that are made to these tools and services lo support IPv6 operations.
Module Objectives
Upon completing this module, you will be able to implement IPv6 services and applications.
This ability includes being able to meet these objectives:
• Describe Mobile IPv6, and discuss the emerging technologies for network mobility and
networking
• Describe IPv6 DNS in operation and IPv6 DNS client interactions
• Describe how DHCPv6 operales
• Describe how QoS is supported in IPv6
• Describe Cisco lOS tools, such as Telnet, TFTP, SSH. and others
3-2 IPv6 Fundamentals, Design, and Deployment (lP6FD) v3.0 © 201 OCisco Systems, Inc.
Lesson 1 I
IPv6 Mobility
Overview
Traditionally, networks are stable entities that maintain semi pennanent connections to the
Internet and other networks. Increased reliance on IP-based communication solutions and a
highly mobile society have generated a need for mobile networks-entire networks that may
detach themselves from one point on the Internet and reattach themselves at another location.
Network mobility will be far more common as IPv6 adoption increases. This lesson outlines IP
mobility in general and describes the IPv6 Network Mobility model with possible usages.
Objectives
Upon completing this lesson, you \ViII be able to describe the Mobile IP model in an IPv6
environment. This knowledge includes being able to mee! these objectives:
• Describe IP Mobility technology and issues
• Explore the Mobile IPv6 processes
• List the examples able to support or use Mobile IPv6
Introduction to IP Mobility
This toric describes the IP Mobility technologies.
II i iI iJi L iJi!
Mobility Across Multiple Access Networks
IPv6 Mobility Across Multiple Access Networks
PSTNfCellu!ar
WLANat
SOHO Router
IP layer mobility is the only solution for devices that cross different access networks. The
devices change their point of attachment in various access networks, but the goal is that the
device is always reachable at its original IP address.
To push this scenario even further, a device should be able to maintain existing connections
whcn moving from one access network to another. and this change should be transparent both
to the user and to other nodes which this device communicates too
The vast IPv6 address space enables easy deployment in the corporate and home networks.
An example would be that a cal' navigation unit would syncronize maps while being parked in
the garage through the home WLAN, and contil1ue doing so across the mobile network (3G/4G,
etc.) when the car is being driven.
3-4 lPv6 Fundamentals, Design, and Deployrnent (IP6FO) v3.0 © 2010 Cisco Systems, lnc.
_1 .Ud I Imlllll iIi III all I I ¡¿II
IP Mobility
• IP mobility technologies enable a node to move across

different networks and maintain existing connections
• Mobility is available for IPv4 and IPv6 regardless of access
technology
moves
Mobile Nade ~
Mobile Node
moves Mobile Nade
The IP mobility model is based on the concepts ofhome agents and mobile nodes. Nodes that
move from their home nelworks cooperate with a mobility device. on their home networks, that
is designated to assist in the Mobile I P process. These mobile nodes receive packets via this
designated home agen!.
Packets that are sent to the mobile node on home link are always routed across the Internet to
the home link ofthe node. ¡fthis node moves to another link (with another prefix). it would not
receive those packets because packets addressed to lhe node are still routed to the router with
the home link.
When a node changes its attachment point to the net\Vork. only the location ofthat nade
changes: Ihe nade identity does nol. Because the IP address cannot distinguish between a node
location and identity, Mobile IP is required.
Upon moving, the mobile node \ViII register to the home agent with its new location and point
ofatlachmenl. The home agent \ViII then form a tunnel to the mobile node, sending the data
\Vith the mobile node as the destination. The home agent \Viii also represent the mobile node on
the link, tor\Varding the traffie from the home link to the mobile nade.
Note Mobile IPv6 is essentially a tunnel broker, with one end of the tunnel being stable. and the
other one moving.
Reference Mobile IPv4 is defined in RFC 3344, IP Mobility Support for IPv4. Mobile IPv6 is described in
RFC 3775, Mobility Support in IPv6.
© 2010 Cisco Systems, Ine. IPv6 Services 3-5

IP Mobility Terminology
A fÍodewith an 11' áddress thatchanges th"""in!

,ór r
ofattachme~t ,\:"hils, ma,i~taining it~ igll1a I~,:!, "<"1
address' " ,
Home address The address af the mobile nade on the home link
.;~ Tilé rÍetwork ~egment where the m~bÍlé,s,tatiml,' ¡'5' "1
'normálly résidihg , ' , >'.''':;~ ',:.,1
Foreign link The point af attachment af a mobile node upon
,Care-ol address (C~W

,,' ";: roaming ,'/
Home agent The router that forwards incoming traffie to the
mobile node (in IPv6: only traffie from the home
link)
Foreign agent (IPII4 only) The rout~r stÓdng' ¡nfól'r~ation ,ébout mobile '
d,:~i,~~s vi!;mng: the network,";'," " '
The elements ofMobile IP networks are:

• Mobile Node: A nade that can change its point of attachment from one link to another,
while still being reachable via its home address.
• Home Address: A unicast routable address that is assigned to a mobile nade and is used as
the permanent address ofthe mobile nade. The address is within the home link ofthe
mobile node. Standard IP routing mechanisms will deliver packets that are destined for Ihe
home address ofa mobile nade to its home link. Mobile nades can have multiple ha me
addresses, for instance, when there are multiple home prefixes on the home link.
• Home Link: The home subnet prefix of a mobile nade is defined on the home link.
• Foreign Link: Any link olher than the home link ofthe mobile nade.
• Care-of Address: A unicast routable address that is associaled with a mobile nade while
visiling a foreign link. The subnet prefix ofthis IP address is a foreign subnet prefix.
Among the multiple care-of addresses that a mobile nade may have (for example, with
different subnet prefixes), the address that is registered with the home agent ofthe mobile
nade, for a given home address, is called its "primary" care-of address.
• Home Agent: A router on the home link of a mobile nade, with which the mobile node has
registered its current care-ofaddress. While the mobile 110de is away from home, the home
agent intercepts packets 011 the home link thal are destined for the home address ofthe
mobile nade. The home agent then encapsulates the packets and tunnels them to the
registered care-of address ofthe mobile node.
• Foreign Agcnt: A router storing information about mobile devices visiling Ihe network. It
is also used to terminale the tunnels to various home agents.
Note Only Mobile IPv4 networks use the foreign agen!.
3-6 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Mobile IPv6
This topic describes the Mobile IPv6 mocIel.
A 22LU&a&a ¿¡¿ i2 2 h2M 12 i ¿iiLJd&&iZ &i
Mobile IPv6 Model
• IPv6 address space enables Mobile IP deployment in any type

of large environment
• Mobile nodes work transparently, no infrastructure support
needed
• The home agent establishes a tunnel to communicate to the
mobile node through the node's point of at!achment of the
node; the correspondent node is unaware of such tunnel
• The mobile nodes discover the home agent using a ICMPv6
packets - edge firewalls need to permit such traffic
• In many Mobile IPv6 networks the mobile nodes never gets to
the home link
The IPv6 mobility model has the following characleristics:

• I Pv6 address space enables Mobile IP deployment in any kind of large environment. The
available address space is relatively large and is able to accommodate a large number of
devices in any /64 subnet.
• The Mobile IPv6 model takes advantage ofthe benefits ofthe IPv6 protocol itself.
Examples include option headers. Neighbor Discovery. and autoconfiguration. These
additions are all inclucIecI in standard IPv6 stacks to which nelwork devices adhere to, so no
equipmcnl upgrades are nccessaly.
• The home agent communicates with Ihe mobile node by establishing a tunnel. This tunnel
is used to convey Ihe packets fi'om the corresponcIents that communicale 10 Ihe mobile
node. Since the correspondenl nodes use the original prefix as a destination adcIress for the
mobile node. the packets are rouled lo the home agent first, which needs to forward them to
the actual point of at!achmenl of the mobi le node.
Note In sorne cases, routing Ihrough the home agenl is eliminated because Mobile IPv6 roule
optimization allows mobile nodes and corresponding nodes lo communicate directly.
Suppor! for raule oplimizalion is a fundamenlal par! of Ihe prolocol, ralher Ihan a
non standard sel of extensions.
• Mobile nodes use a special prolocol lo discover the home agent while they roam on a
foreign link. The discovely process uses ICMPv6 packets. so it is essential that they are
permitted to pass through firewalls on their way.

Note While away lrom ha me in Mobile IPv6, some packets are sent to a mobile nade using an
IPv6 routing header rather than IP encapsulation. Using an IPv6 routing header reduces the
amount al resulting overhead compared to Mobile IPv4.
• Many solutions that use Mobile IPv6 predict that the mobile node \ViII never appear on its
actual home link in the life ofthe device. For example, a mobite phone using MIPv6 \ViII
never find itself directly atlached to the network segment oflhe mobile operator local
network infrastructure.
3-8 IPv6 Fundamentals, Oesign, and Oeployment (IP6FD) v3.0 © 2010 Cisco Systems. Ine.
,lE lE Si _111 as I & 2
Mobile IPv6 Process
• The 1110bile node acquires a Care-ol Address
Hame
MobileNode
appears lo be on
Home Nelwork
Temporary
Network d"/
,\" ;~:,;;,:\:s,~~~~~~I,,Jj)
Moblle Node
acqulrlng CoA at the
polnt of attachment
The following process describes the operation of Mobile IPv6:

Stage 1: CoA is acquired. The Mobile IPv6node obtains anlPv6 Care-of Address (CoA) in
Ihe visited l1etwork through stateless or stateful autoconfiguration.
A CoA is al1 IP address that is associated with a 1110bile node that has the subnet prefix of a
particular foreign link. The 1110bile node can acquire its CoA through conventionallPv6
l11echanisl11S. such as stateless or stateful autoconfiguration.
© 2010 Cisco Systems, Inc. IPv6 Services 3-9

2
Mobile IPv6 Process (Cont.)
• The mobile nade registers the CoA with the home agent
• Home link extends to the mobile nade
Home
Correspondent
Node
MobileNode
Stagc 2: Primary CoA is registered. The association between the home address of a mobile
nade and CoA is known as a "binding" for the mobile nade. The mobile nade uses a Mobile
IPv6 binding update to register its primary CoA with a rauter on its home link, requesting that
this router function as the home agent ofthe mobile nade. The home agent \ViII acknowledge
the binding and establish an IPv6-in-IPv6 tunnel to the mobile nade.
Mobile IPv6 also pravides support for multiple home agents and limited support for the
reconfiguration ofthe home net\York. In these cases, the mobile nade may not know the IP
address of its own home agent and even the home subnet prefixes may change over time.
Known as "dynamic home agent address discovery," this mechanism allows a mobile nade to
dynamically discover the IP address ofa home agent on its ha me link, even when the mobile
nade is away from home. Mobile nades can also leam new information about home subnet
prefixes through the mobile prefix discovely mechanism.
Note The home link is extended to the mobile nade because Ihe mobile nade needs to appear lo
its neighboring devices on the local link as locally altached. The home link is now "elastic".
Mobile IPv6 Process (Cont.)
• Packets from the correspondent node are routed to the home

agent and then tunneled to the mobile node
Home
Moblle Nada
appears lo be on
Heme Natwork
Correspondenl
Nade
Moblle Node
There are t\Vo possible modes for commllnications between Ihe mobile node and a
correspondent node:
• Bidireclional IlInneling
• ROllle oplimizalion
Stage 3: Packets from tite corresponden! node are routed to tite Itorne agent. When lIsing
hidireclionallllnneling, Mobile I Pv6 sllpport is not reqllired on the correspondent node. Packets
from the cOlTespondent node are rOllted to the home agen! and Ihen IlInneled lo Ihe mobile
node.
In this mode, the home agent lIses proxy neighbor discovery lo inlercepl any IPv6 packets
addressed lO Ihe home address (or home addresses) oflhe mobile node on Ihe home link. Each
intercepted packel is IlInneled lo Ihe primary CoA ofthe mobile node. This tllnneling is
performed LJsing IPv6 encapslllation.
Stage 4: Packets are tunneled to the mobile node. Packels lo the correspondent node are
reverse-llInneled from the mobile node lo Ihe home agen!. There they are rOllled normally fmm
the home network to the correspondent nade.
Note 1I is importanl to note that this kind 01 tunneling has nothing to do with IPv6 transition. No
IPv4 is involved in Mobile IPv6-it is an "all IPv6" service.

2&
Mobile IPv6 Route Optimization
• Packets can be routed directly to and from mobile nodes and

corresponding peers
Mobile Nade
appears to be on
Home Network
Correspondent
device Nade
Momle Nade
When using rol/te optil/lizatioll the mobile nocle needs to register its current binding at the
correspondent nocle. Packets from the correspondent node can be routed directly to the CoA of
the mobile node. When sending a packet to any IPv6 destination, the correspondent node
checks its cached bindings for an enlty for the destination address of the packet. 1f a cached
binding for this destination address is found, the node uses a new type oflPv6 routing header to
route tlle packet to the mobile node by way ofthe CoA indicated in this binding.
Routing packets directly to the CoA of the 1110bile node allows the shOltest communications
path to be used. It also eliminates congestion at the home agent oftlle mobile node and home
link. In addition, the impact of any possible failme of the home agent or networks on the path
to or from it is reduced.
Note Route optimization is part 01 Mobile IPv6. but is not neeessarily supported or used in alllPv6
staek implementations.
3-12 IPv6 Fundamenlals. Design. and Deployment (IP6FD) v3.0 © 201 OCisco Systems. Ine.
I! 11 Ji IZ&IlILiL
IPv6 Packet Headers
• To accommodate mobility requirements, an additional header is

inserted between the initial IPv6 header and the transport layer.
When l"Outing packets directly to the mobile nade, Ihe correspondent nade sets the deslination
address in the IPv6 header lo the CoA ofthe mobile nade. A new type oflPv6 routing header is
also added to the packet to carry Ihe desired home address. Similarly, the mobile nade sets the
source address in the IPv6 header ofthe packet lo its current CoAs. The mobile nade adds a
new I Pv6 home address destination option to carry ils home address. The inclusion of home
addresses in Ihese packets makes using the CoA transparent aboye Ihe network layer (for
example, al the transpOlt layer).
Note One advantage of Mobile IPv6 is masking the current CoA for an away-from-home node.
When you are not using route optimization-regardless 01 Ihe CoA ollhe mobile node--the
mobile nade appears to be at home to correspondent nades. Only the home agent knows
that the mobile nade is away lram home. If, however, the mobile nade attempts to use the
correspondent node binding leature of Mobile IPv6 support, that correspondent nade will be
aware that the mobile nade is no longer on the ha me network. If this awareness is
considered a security issue, raute optimization can and should be disabled.

• 112 fu;
Return Routability Procedure

• Assurance lhal lhe mobile nade is addressable al ils claimed
CoA, and also al ils home address
MN proves lo eN ¡ha! il
Mobile Nade received bolh keygen
tokens
• Once the identily is verilied, an IPsec secured connection

can be established end-lo-end; no need to encrypt signaling
Traffic goes through the home agent until the return routability procedl1\'e is performed.
Signaling is completed via the home agent, and home registrations keep the home agent
informed.
To use the return routability procedl1\'e, the correspondent nade must SUppOlt Mobile IPv6 and
requires a mobile network to register its binding association to the correspondent nade. The
mobile network can also be a correspondent node to communicate with other mobile networks.
The return routabilily procedure enables the correspondent node to obtain some reasonable
assurance that the mobile node is, in fact, addressable at its claimed CoA and also at its home
address. Only with this assmance can the correspondent nade accept binding updates from the
mobile node. The mobile node then inslructs the correspondent nade to direct the data traffic of
lhal mobile nade lo its claimed CoA.
This procedure tests whether packets that are addressed 10 Ihe Iwo c1aimed addresses are routed
lo the mobile node. The mobile node can pass the tesl only if it is able to supply prooflhal il
received certain data (the keygen tokens), which the correspondent node sends lo those
addresses.
Once the identity ofthe mobile node is verified, the correspondent node can use an IPsec
encrypted session to communicate with the mobile node secl1\'ely (and vice-versa). There is no
need to encrypl signaling lraffic (e.g. binding updates, discovery messages, elc.).
Note RFC 4449, Securing Mabile IPv6 Raute Optimizatian Using a Static Shared Key, improves
the return routability procedure to protect mobile node-correspondent nade bindings, at the
expense 01 requiring additional in-advance setup. In this method, the two parties share a
secret key that establishes initial trust.
Dynamic Home Agent Address Discovery
• Mobile nodes may discover home agents on their home link

by using a home agent address discovery request.
• The request is sent to the anycast address 01 the Mobile IPv6
home agent.
• The home agent responds with a home agent address
discovery reply message.
• The mobile node may then complete home registration and
receive services lrom that home agent.
When the mobile node needs to send a binding update to its home agent to register its new
primal)' CoA, the mobile node may not know the address of any router that can serve as a home
agen! on its home link. For example, some nodes on the home link of a mobile nade may have
been reconfigured while the mobile nade was away from home. Therefore, a different router
replaced the router that was operating as the home agent ofthe mobile nade.
In this case, the mobile node may attempt to discover the address of a suitable home agen! on
its home link, To do so, the mobile nade sends an ICMP home agent address discovery request
message fOl' its home subne! prefix to the anycast address ofthe Mobile lPv6 home agent (the
subnet prefix, followed byall I s except for the Universal and Local bit for EUI-64 addresses,
and the last seven bits, which for this anycast address is 7E).
The home agent, on the home link that receives this request message, will retul'l1 an lCMP
home agent address discovery reply message. The message gives the addresses for the home
agents operating on the home link. The mobile nade. upon receiving this home agent address
discovel)' reply message. may then send its home registration binding update to any ofthe
unicas! IP addresses listed in the home agent addresses field in the reply.
Note Dynamie home agent diseovery, while a powerful solulion lor nodes that rarely return to the
home network, can also expose certain security issues because these messages are
unauthentieated. Suppose a vulnerability is diseovered lor a well-known and widely
deployed home agen!. AUaekers could sweep the Internet posing as mobile nodes,
attempting to conneet to Mobile IPv6 home agent anycast addresses. By linding an active
home network, they would be told the location 01 all the home agents. In a high-security
deployment, this leature ean be disabled.

Illlil ::
Mobile IPv6 Node Returning Home
• The mobile node, upon returning home, must instruct the

home agent to stop aCling on its behalf.
• Care mus! be !aken no! !o confuse link-local processes while
!he home agen! is s!iII ac!ing on behalf of !he mobile node.
• Once !he reques! has been made, !he mobile node (a! home)
mus! send a neighbor advertisemen! !o adver!ise i!s own
link-Iayer address for !he home address .
. , "'... " . " .
A mobile node determines that it has returned to its home link through the movement detection
algorithm when the mobile node detects that its home subnet prefix is again on-link. The
mobile node should then send a binding update to its home agent instructing it to no longer
inlercept 01' tunnel packets for it. In this home registration, the mobile node must set the
acknowledge (A) bit and the home registration (H) bit. It must also set the CoA for the binding
to the home address ofthe mobile node. The mobile node must use its home address as Ihe
source address in the binding update. The mobile node sets the A and H bits as follows:
• The sending mobile node sets the A bit to request the return ofa binding acknowledgment
upon receipt oflhe binding updale.
• The sending mobile node sets the H bit to request that the receiving node act as the home
agent ofthis node. The destination ofthe packet carrying this message must be that ofa
rouler sharing the same subnet prefix as the home address ofthe mobile node in the
binding.
In this special case ofthe mobile node returning home, the mobile node must send a multicast
packet and, in addition. set the source address ofthis neighbor solicitation to the unspecified
address (0:0:0:0:0:0:0:0). The target ofthe neighbor solicitation must be set to the home
address ofthe 1110bile node. The destination IP address must be set to the solicited-node
multicast address ofthe home address of a mobile node.
The home agent will send a multicast neighbor advertisement back to the mobile node with the
solicited (S) nag set to zero. The mobile node then sends its binding update to the MAC
address of the home agent. instructing its home agent to no longer serve as a home agent for it.
By processing this binding update. the home agent will cease defending the home address of
the mobile node for Duplicate Address Detection and will no longer respond to neighbor
solicitations for the home address ofthe mobile node. The mobile node is then the only node on
the link receiving packets at the home address ofthe mobile node.
3-16 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 o Cisco Systems, Inc.
After lhe mobile node sends lhe binding update, il mus! be prepared lo reply to neighbor
solicitalions for ils home address. Such replies musl be senl using a unicasl neighbor
advertisement lo (he MAC address ofthe sendero After receiving (he binding acknowledgment
for its binding update lo ils home agent, Ihe mobile nade must send a mullicast packel onlo the
home link (lo Ihe all-nodes multicas! address) lo adverlise Ihe MAC address oflhe mobile nade
for its own home address.

Network Mobility Examples
This topic describes mobile network characleristics, reqllirements, and problems, and how IPv6
addresses them.
Network Mobility Examples
IPv6 mobile networks can be used in many examples:

• Networks changing points 01 attachments - Network Mobility
(NEMO)
• Mobile Ad Hoc Networking (MANET): General purpose, industry, or
military
• Public transportation systems
• Mesh networks, with or without Internet access
• Personal area networks, lor electronic equipment accessing the
Internet through a mobile router or a mobile phone
In the future, most IP devices will be mobile and \Viii always be connected to the Internet by
some means. Networks will also be 1110bile. Mobile networks may be ofany size, ranging from
a few I P devices lo thousands ofl P devices.
Mobile IP specifications do not provide explicit support ofmobile networks. However, because
1110bile networks have specific characteristics, requirements, and problel11s, IP needs explicit
support for mobile networks.
3-18 IPv6 Fundamentats. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco $ystems, lnc.
nUillliL i 1 .1 11 4 IIUI 1 IIIIIIUU' ¡221m:
Network Mobility-NEMO
• A mobile l'Outer attaches a network to Ihe IPv6 Internet while

being able to change points of attachment
• Application for Cisco lOS using Mobile IPv6
Mobile Rouler IPv6 Internel
Nodes
altached lo
mobile rouler
Mobile
Rouler Rouler dlI'!$': .,,,,,,,,'
moves
Nodes altached lo
mobile router
Communication sessions lo mobile l'Outer-attached nodes
continue Uninlerrupted
A mobile network is a network segment 01' subnet that can move and attach to arbitral)' points
on Ihe Internet. A mobile network can be accessed only via specific gateways, called 1110bile
l'Outers, which 111anage its 1110vemenl, as follows:
• Mobile nelworks have al leas! one 1110bile l'Ouler serving them. A mobile router does nol
distribule mobile network l'Outes to Ihe infrastructure al its poinl of attachment, for
example, in Ihe visited network. Instead, it maintains a bidireclional lunnel to a home agent
Ihat advertises an aggregalion of mobile networks lo the infraslructure.
• The mobile router is also the default gateway for the mobile network.
• The mobile rouler advertises one 01' more prefixes in Ihe mobile network that is attached lo
it. Mosl c0111monly, a defaull l'Oute is adverlised lo Ihe nodes connecled lo Ihe 1110bile
router.
Note The Nelwork Mobilily (NEMa) is defined in RFC 3963, Network Mobility (NEMa) Basic
Support Protocol. Il is supported in Cisco 10 Software.
© 2010 Cisco Systems, Ine. lPv6 Services 3-19

112 & ,
Network Mobility (Cont.)
Mobile networks based on Mobile IPv6:

• Use a mobile router instead of a mobile node
• When router changes point of attachment, this is transparent
to attached nodes
• Maintain a bidirectional tunnel between the mobile router and
home agent
• NEMO needs a NEMO-compliant home agent
• Dynamic Home Agent Address Discovery (DHAAD)
mechanism
• Mobile network prefix registration:
- Implicit: static prefix assigned at HA for that mobile router
- Explicit: mobile router presents list of prefixes, which HA
needs to acknowledge
Prefix delegation using a DHCPv6 server
__ o
...... " ..
The NEMO is an application for Cisco lOS which enables a router to move to any point in the
IPv6 Internet and slill be reachable from any poinl al its originallP address. NEMO extends Ihe
concepl ofMobile IPv6 from a mobile node lo a mobile router.
When Ihe mobile router moves away from the home link and attaches lo a new access router, il
acquires a care-ofaddress (CoA) from the visited link. Using the CoA, il immedialely sends a
binding update to its home agent. When Ihe home agent receives this binding update, il creates
a binding cache entry thal bincls Ihe home address ofthe mobile rouler lo its currenl CoA.
Ifthe mobile rouler wishes lo act as a mobile rouler and provide connectivity lo nades in Ihe
mobile network, it indicales this desire to the home agent by selling a router flag (R) in the
binding update. It may also include information about the mobile nelwork prefix in the binding
update. The home agent can Ihen forward packets thal are meanl for nades in the mobile
nelwork to the mobile router. A new mobilily header oplion is specified for mobile networks.
Note Al! traffic between the nades in the mobile network and correspondent nades passes
through the home agen!.
A NEMO-compliant home agent can operate as a Mobile IPv6 home agent.

The dynamic home agent address discovery (DHAAD) mechanism allows a mobile nade lo
discover the address orthe home agenl on its ha me link:
• The mobile router sends Internet Control Message Protocol (ICMP) home agenl address
discovery requests to the Mobile IPv6 home agent's anycast address for the home subnet
prefix.
• A new flag (R) is introduced in the DHAAD request message, indicating the desire to
discover home agenls thal support mobile routers. This flag is added to the DHAAD reply
message as \Vel!.
• On receiving the home agent address discovery reply message, Ihe mobile rouler discovers
the home agents operating on Ihe home link.
3-20 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, lnc.
• The mobile router attempts home registration to each of the home agents until its
registration is accepted. The mobile router waits for the recommended length oftime
between its home registration attempts with each of its home registration attempts.
The mobile router will acquire the prefix for the mobile network and for the devices attached to
it in one of the following ways:
• 11111'licit Pr~f/x Regis/ra/iol/: The mobile router does not register any prefixes as palt ofthe
binding update with its home agen!. This function requires a static configuration at the
home agent, and the home agent must have the infonnation ofthe associated prefixes with
the given mobile router for it to set up route forwarding.
• Explicit Pr~f/x Regis/ra/ion: The mobile router presents a list ofprefixes to the home agent
as part ofthe binding update procedure. Irthe home agent determines that the mobile router
is authorized to use these prefixes, it sends a bind acknowledgment message.
• Pr~f/x assignlllel/t IIsil/g Prf!f/x Delega/ion: The prefix is acquired from the centrally
located DHCPv6 server configured for prefix delegation. The mobile router will then use
the assigned prefix obtained from DI-ICP, and adveritse it using Router Advertisements on
the local link to auto-configure the nodes aHached to Ihe mobile router.
© 2010 Cisco Systems, Inc, IPv6 Services 3-21

Dual Stack Mobile IPv6
• Support for interoperability with IPv4 networks beca use an

all-IPv6 solution might not be possible
• IPv6 or IPv4 payload, IPv6 or IPv4 used for transport
moblle rou!er
Mobile IPv6 and NEMO allow mobile nades lo move within the IPv6 Inlernet while
maintaining reachabilily and ongoing sessions, using an IPv6 home address or prefix.
However, since IPv6 is not widely deployed, it is unlikely that mobile nades will initially use
only IPv6 addresses for their conneclions.lt is reasonable to assume that mobile nades will
need an IPv4 home address that can be used by upper layers.
Mobi le nades wi 11 move to networks that m ight not support IPv6 and \Vould therefore need the
capability to support an IPv4 care-ofaddress. Dual Stack Mobile IPv6 allows dual stack
mobile nodes to reguest that their home agenl (also dual stacked) tunnels IPv4/1Pv6 packels
addressed lo Iheir home addresses, as well as IPv4/1Pv6 care-ofaddress(es).
DSMI Pv6 solves the following issues:
• Mobile nades are able to use IPv4 and I Pv6 ha me or care-of addresses simultaneously and
update Iheir home agenls accordingly.
• Mobile nades need lo be able lO know the IPv4 address oflhe home agenl as well as its
IPv6 address. There is no need for IPv4 prefix discovely.
• Mobile nodes need lO be able lo delecl the presence of a NAT device and traverse it in
arder to communicate wilh Ihe home agent.
Note Dual stack Mobile IPv6 is defined in Ihe RFC 5555, Mobile IPv6 Support for Dual Stack
Hosts and Routers.
. - ;11 1M 1 : 11 11II1II1 lill I 1111111 i ¡ 11II1II i Ud
Mobile Ad Hoc Networking
• A mobile ad hoc network is a collec!ion of mobile nodes !ha!

have organized themselves into a network.
• The characteristics of these nodes are:
... Intermittent connectivily
- Low bandwidlh
- Constantly changing topology
• Rouling protocols and extensions supporting MANET:
- OSPFv3
- EIGRP
- IPv6 Routing Prolocol for Low-Power Lossy Networks
The goal ofmobile ad hoc networking is to provide robust and efficient operation inmobile
wireless networks by ineorporating routing funetionality into the mobile nodes themselves.
These networks have Ihe following characleristies:
• Dynamic, rapidly changing: Nodes frequcntly leave and join.
• Intermittellt cOllnectivity: Nodes may periodically lose their eonnection to the rest of the
network.
• Low bandwidth: The wireless teehnologies that are involved typieally have veoy slow
uplinks.
• Short distallce: The wireless nodes may ha ve limited range.
Initial applications for Mobile Ad Hoc Networking (MANET) involved the l11ilitary and
transportation sectors.
In the l11iI itary arena, one potential application is to enable sl11all wireless sensors with MANET
for deploYl11ent in the battlefield. Once dispersed, the sensors would organize thel11selves into a
network to exehange data and inforl11ation on ho\V to reaeh Ihe nelwork uplink. Beeause oflhe
hostile environment. these sensors are expeeted lo be deslroyed, moved, or otherwise have their
eonneetions lo Ihe rest oflhe sensors disrupted on a regular basis.
In the transportation field, MANET is being eonsidered as a way to dynal11ically update
vehicles regarding traffic conditions. Vehieles near a traflje disruption would alerl olher
vehicles with MANET regarding current traflje eonditions. This inforl11ation would propagate
its way frol11 ear to ear, enabling drivers not yel affeeted by a traffic incident lo select
alternative routes to avoid the disruption.
Routing protoeols supporting MANET operation inelude OSPFv3, EIGRP, and IPv6 Routing
Protoeol for Low-Power Lossy Networks (RPL for LLNs). The key issues are rapidly ehanging
lopology (when devices arrive and leave), end link metric repooting when conditions change.
Routing protocols feature an interface with the radio system ofthe device, and react to link
quality changes.
© 2010 Cisco Systems, Ine. IPv6 Services 3·23

Low-power lossy networks consist of devices lil11ited with processing power and radio range,
bul very sl11all in physical size. Due to Iheir sil11plicity, such devices can be deployed in very
large numbers and organize thel11selves into a network. Examples would include "sensor dust",
etc.
Note OSPFv3 and EIGRP extensions to support MANET are implemented in Cisco lOS; Ihe IPv6
Rouling ProtoGol for Low-power Lossy Networks is currently in the phase of an IETF draft.
1& di Ii I 1I 21
MANET Operation
Inlhe example, a colleclion of MANET-enabled mobile wireless nodes have organized

Ihemselves inlo a dynamic nelwork lo exchange informalion. Node A, allhe bollom of Ihe
picture, has wireless links lo l\Vo olher MANET Nodes, B and C. Through execulion of
MANET rouling prolocols, Node A chooses the link lo Node B lo provide access lo Ihe resl of
the MANET network.
&2
MANET Operation (Cont.)
When Node B loses connectivity with the nelwork. Node A must reapply ils MANET rouling
prolocols lo delermine a new path lo the resl ofthe network. II chooses its connection to Node
e, and cOl1ll1lunication with the rest oflhe nodes is re-established.

#@i • •
• 2 w
IPv6 Personal Area Networks
• A mobile router is a personal communication device that is

acting as a router and serving Internet access to peripherals.
• Digital cameras, PDAs, laptops, headsets, etc., use the
mobile router lor Internet access.
• These devices can use any mobile router to connect to the
Internet.
802.11 or Bluetooth
Accelerated by the success of cellular technologies, 1110bility has changed the way people
cOl11municate. As Internet access becomes more ubiquitous, demands for mobility are not
restricted to single terminals an)'l11ore. Mobility is also needed to support the movement of a
cOl11plete network Ihat changes its point of attachment to the fixed infi'astructure, maintaining
the sessions of every device ofthe netlVork-what is known as network mobilit)' in IP
networks. In Ihis scenario, the mobile network has at leasl a (mobile) router that connects to the
infrastructure. The devices ofthe mobile netlVork connect to the exterior through this l110bile
!'Outer.
In the figure, a Mobile IPv6-enabled cellular phone acts as a mobile router.
3-26 IPv6 Fundamentals. Design. and Deptoyment (tP6FD) v3.0 © 201 OCisco Systems, Inc.
Summary
This topic sllmmarizes the pimary points that were disclIssed in this lesson.
2 a :&:== 1&:
Summary
• Mobile IPv6 is a technology that enables a node to communicate

with other nodes in the IPv6 Internet while it is changing the point
of atlachment from one network to another.
• The mobile node and the home agent establish a tunnel, which is
used to route the traffic from the nodes that need to reach the
mobile node. In the majority of cases, the home agent is in the
data path.
• NEMO expands the capabilities created by Mobile IPv6 with
additional enhancements. It supports a mobile router concept that
maintains a connection for all the nodes connected to it.
• MANET is used by mobile wireless nodes to form ad hoc networks,
which can be autonomous and use the mesh topology to be able
to reach any node in the network.
Resources
To learn more abollt IP Mobility, refer to the following material:
• RFC 3775: Mobility Support in IP,,6
• IP,,6 Extension Headers Re"iew and Considerations
http://www.cisco.com/en/U S/tech no logies/tk648/tk 8 72/tech no logies_ wh ite_paper0900aecd
8054d37d.html
• Cisco lOS 1P,,6 Configllration GlIide. Release 12.4: Implementing Mobile IP,,6
http://www.cisco.com/en/US/partner/docs/ios/ipv6/configllration/gllide/ip6-
mobile.html#wp 1290551
• RFC 3963, Network Mobility (NEMO) Basic Support Protocol
• RFC 5555, Mobile IP,,6 Support for Dllal Stack Hosts and Routers

Lesson 21
Describing DNS in an IPv6

Environment
Overview
SlIccessflllly implementing Domain Name System (DNS) is critical to creating a stable and
robllst IPv6 network. Therefore. it is essential to lInderstand how DNS works, inclllding
sllpported objects, tree strllctllre, and dynamic DNS (DDNS).
DNS is a distribllted Internet directory service that is lIsed to translate between domain names
and IP addresses. betlVeen IP addresses and domainnames. to control Internet email delivelY,
andmore. SlIccessflllly implementing DNS on IP version 6 (IPv6) is critical becallse most
Internet services rely on DNS to \York. and if DNS fails. websites cannot be located and email
delivery stalls.
Objectives
Upon completing this topic, yOll \Viii be able to describe how DNS works in an IPv6
environment. This knowledge incllldes being able to meet these objectives:
• Identify DNS-sllpported objects and records in IPv6 networks
• Describe DNS tree strllctllre in IPv6 networks
• Describe holV DDNS lVorks in IPv6 networks
DNS Objects and Records
This topic describes DNS-supported objects and records in IPv6 networks.
DNS Supported Objects
• Two DNS issues exist lar IPv6:

- IPv6 record support Nade 5
node5.example.com
- IPv6 transport support 2001 :db8:800:3abc:cc5::55b1
~
• Several types 01 DNS objects exist: '~.
- AAAA, A, PTR, MX, etc.
Forward lookups
, }:«~
o'y
• DNS uses AAAA records lor
lorward IPv6 lookups.
Nade 1
• PTR records are used tor reverse node1.example.com
lookups. 193.77.119.33
Examples 01 AAAA and A records:

nodeS.example.com. IN AAAA 2001:db8:800:3abc:cc5::55bl
nodel.examplc.com. IN A 193.77.11!J.33
DNS Basics
The DNS protocol had to be updated to support IPv6 in addition to IPv4. The two main tasks
were:
• To enable name lookup for IPv6 addresses
• To enable the servers to communicate between themselves on IPv6 in addition to IPv4
The DNS servers maintain a database for holding the relations between domain names (such as
http://www.example.com)andIPaddresses.This information is stored in DNS databases in the
f0I'111 ofrecords. Depending on the record type (quad-A [AAAA), A, MX, and so on), different
information is stored. An MX record, for example, stores the IP address ofthemail server for
that doma in (for example, http://mail.example.com).
Two types of lookups are used most in DNS:/i)/'II'ard and reverse
• Forward lookups provide resolution from a domain name to an IP or IPv6 address.
• Reverse lookups provide resolution from an I P address to a doma in name.
Record Types
There are several types of objects in a DNS record about a domain. These include several types
of records, such as:
• A records: for I Pv4 name-to-address lookups
• AAAA records: for IPv6 name-to-address lookups
• MX records: for the I P address of themail server
3-30 IPv6 Fundamentats, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Inc.
To support IPv6 in DNS, make these two updates to the DNS c\ient and server systems:
• Updale Ihe DNS server and clienl lo accepl IPv6 "ecord formals.
• Updale the DNS server ancl clienl lo run over bolh IPv6 and IPv4 transpor!.
These updales do nol have lo happen al Ihe same lime. Early DNS implemenlalions afien
supporl Ihe new AAAA records, bul run only over IPv4 lranspor!. These early syslems will
work only for dual-slack clienls and servers. An IPv6-only implemenlalion would nol work
beca use DNS would nol use IPv6 lranspor!.
Here are Ihe Ihree record s 01' formals for IPv6:
• Forward lookups
• Nibble formal (reverse lookups)
• Bilwise format (reverse lookups)-deprecaled
Bilwise format is no longer recommended and has been moved lo experimental slatus, but some
implementations still deploy i!.
Forward Lookups
Forward lookups (name lo address) are completed via Ihe AAAA record (quad A), which is the
address record for IPv6 DNS. This record links a hostname to a I 28-bit address, which is the
forward lookup record.
Here is an example ofa AAAA record:
$ORIGIN example.com.
node4 3600 IN AAAA 2001:db8:800:3abc:ccS::2Se4
nodeS 3600 IN AAAA 2001:db8:800:3abc:cc5::SSbl
Note There were A6 records to resolve an IPv6 address from a name, however, they are
deprecated. AAAA records are used ¡nstead.

1111111 JAU 11 il 2 &
DNS Supported Objects (Cont.)
Reverse lookups
Node 5
• IPv6 uses pointer (PTR) node5.exampte.com
records for reverse lookups, 2001 :dbB:800:3abc:cc5::55b1
similar tolPv4, but with the
new nibble formal.
Z3
Node 4
node4.example.com
2001 :db8:800:3abc:cc5: :25e4
Examples 01 Nibble-Formatted Records:

$ORIGIN
c.b.a.3.0.0.8.0.8.b.d.O.l.0.0.2.ip6.arpa.
4.e.5.2.0.0.0.0.0.0.0.0.0.0.0.0 14400 IN PTR nodc4.example.com.
1.b.S.5.0.0.0.0.0.0.0.0.0.0.0.0 14400 IN PTR node5.example.com.
Reverse Lookups
Reverse lookups (address lO name) are slill accomplished using Ihe poinler (PTR) record. There
are t\Vo formats for address represenlalion: one recommended and one deprecaled, which is /lol
recommended.
The nibble formal is preferred. It uses Ihe top-Ievel domain "ip6.arpa" (initially the lop-Ievel
domain was called "ip6.inl:' but Ihat convenlion was deprecaled in RFC 4159 and need nol be
maintained any longer). Notice thal in the following example, Ihat address representation is
backward, wilh each 4-bil position (one hexadecimal charncler) separated by a"." (dol). There
is no compressed format for Ihe address, so yOll cannot eliminale leading zeros.
$ORIGIN c,b.a.3.0.0.8.0.8.b.d.0.1.0.0.2.ip6.arpa.
4.e.S.2.0.0.8.0.8.b.d.0.1.0.0.2 14400 IN PTR node4.example.com.
1.b.S.S.0.0.8.0.8.b.d.0.1.0.0.2 14400 IN PTR nodeS.example.com.
The bitwise. or "bitlabel," formal is no longer preferred. The formal was specified in RFC
2673, Bi/la/y Labels i/l /ile Domai/l Name S)'s/em, in August 1999 as a proposed standard. but
was moved to experimenlal slatus by RFC 3363, Represe/lting I/lternet Pr%col versio/l 6
(IP,,6) Addresses i/l Ihe Domai/l Name Sys/em (DNS), in August 2002. Apparenlly, some DNS
implementations were rejecting the bitlabel format queries as "malformed," rather than
retllrning a PTR record (\Vhere one exisled) or "none found" (which wOllld allow the queríer to
swilch lo nibble format and proceed). Notice, in Ihe following example, that this represenlation
is forward-specified.
$ORIGIN \[x20010db808003abc/64].ip6.arpa
\[X0000000000002Se4/64] 14000 IN PTR node4.example.com
\[xOOOOOOOOOOOOSSb1/64] 14000 IN PTR nodeS.example.com
3-32 lPv6 Fundamentals, Design, and Deployment (lP6FD) v3.0 © 2010 Cisco Systems, lnc.
DNS Tree Structure
This topic describes DNS tree strueture in IPv6 netIVorks.
• as LUí!
.'M &idi ¡¡¿ ¡¡ ¿¡
DNS Tree Structure
" IPv6 needs an updated version of a ONS server and cHent resolver.
'" ONS tree structure is identical to IPv4:
- Root ONS server
_o. Top-Ievel domain ONS server
OH' Authoritative DNS server ter each particular dornain
" From the operational perspective, there are:
- Primary ONS servers
- Secondary ONS servers
- Caching ONS servers
11 The majority of DNS root servers are accessible using IPv6, many sinee
2008.
- Enabled end-to-end IPv6 communication without using IPv4 for
communication with the Root ONS server
- Removed the need for dual stack (from ONS perspective)
- -.' .. ~.',
DNS Server Hierarchy

The hierarchy of DNS servers is best described with a tree. On the top ofthe hierarehy, there
are root DNS servers (only 13 clusters ofthese servers in the world).
Below the root server are top-Ievel doma in DNS servers (TLDs), which resolve IP addresses
for top-Ievel domains, sllch as .eom, .net, .org, .1IS, .1Ik, and so on.
Beneath TLD servers, there are AlIthoritative servers for eaeh domain. These resol ve IP
addresses from their domains only (such as, for http://example.com).
DNS Server Tree Structure

The IPv6 DNS tree structure is identieal to the deployed structure for IPv4. Clients qllely local
eaching servers, which loeate the DNS server with the allthoritative reeords for a given zone
through message exchange with a root DNS server. They then return record s to the client (and
cache the information loeally for near-term future use). Typically, a protocol-independent
applieation \ViII query for both an A and an AAAA record, and then generally prefer the I Pv6
path.
These major eomponents of the DNS tree strllctllre are included:
• Root DNS
• Primary allthoritative DNS
• Secondary authoritative DNS
• Caching DNS (typically also deployed in sets, not a single machine)
• Client-based DNS resolver library

For redundancy and operational efficiency reasons, there are primary and seeondary DNS
servers rol' every hierarehy level, and cache DNS servers thal cache results of DNS queries
within enlerprise nelworks.
Root DNS Servers

Root DNS servers eontain record s Ihat link domain names to their authoritative DNS servers.
The records that are maintained by the roo! DNS server for a given domain name should
include at leaSI one IPv4 address for Ihe aulhoritative server (for a given zone). The reeords
may eontain more than one IPv4address and may also contain mul!iple IPv6 addresses. This
inclusion preven!s silualions in which an IPv4-only eaehing server is referred to as an IPv6-
only authorilative server, to which it could c\early not connect.
An example record (in generalized formal) would be:
"example.com - Authoritative Primary DNS at 2001:db8:400::200c,
Secondary at 2001:db8:100: :4e20"
"example.com - Authoritative Primary DNS at 192.0.2.10, Secondary at
192.0.2.20"
"2001:db8:800:3abc:cc5::25e4" - Authoritative Primary
(2001:db8:800/48) at 2001.db8:700:abcd::1000,
Secondary at 2001:db8:600:ef12::2000
"2001:db8:800:3abc:cc5::25e4" - Authoritative Primary
(2001:db8:800/48) at 192.0.2.130,
Secondary at 192.0.2.140
The rael thal the root DNS servers only advertise Iheir IPv4 addresses (even though some do
respond on IPv6) means Iha! il was not possible to deploy an IPv6-only enterprise. Wi!hin the
enterprise, all DNS servers can be implemenled using IPv6 transpor!: "Resolver client to local
caching server,"
The problel11 is Ihat Ihe caching server had to talk lo Ihe roo! DNS over IPv4 lransport, so il had
lO be a dual-stack node, nol an IPv6-only node.
Fur!hermore, many ofthe country code top-Ievel domain (ccTLD) DNS servers (servers
providing a domain name for a speeifie eoun!ly code, such as ".us") were also IPv4-only.
Note lANA added AAAA record s lor its rool DNS servers in 2008. Since Ihen, approximalely hall
01 the servers are reachable using IPv6, making IPv6-only nelworks possible.
, 1 Bihlll! Ji 11111111111 z: ¡ 111111 iiJ 1i
DNS Tree Structure Components
Aulhorilalive primary and secondary DNS servers support bolh IPv6 and lPv4 records:
_. Forward and reverse zonas are no! afien on Ihe same sys!em.
Reverse zones are aften maintained by ISP.
Caching DNS is typical1y provided by ISPs (home or small business) or by larga
enterprises for in-house clients.
PC2
nodfl5.exnmple.oom RooI ONS-1SC CA USA
200 l:db8:800:~"bc:ce5:55bl r-¡,,,,,,,! :-C,'; .•• "l.';' IPv4; 192.228.79.201
l.~j'; .I",~,,<,<o: DN~··1t"'~';'1
(..('r···".'·~·t)!~-¡ C,.,;1 ~;".\ :i,}J1 ;;!}' .v.,) n" IPv6: 2001:db8:o.53
2\~,'¡ <ji;: .l'·!) ';"v: ,.'r,l<.·¡V· I';";<,.-!\) /'.~~.)
RooI ONS-WIOE Tokyo
202.12.27.33
IPv6:2001 :dbS.f:3::35
Roulers
pe1 C.. ch,'

!1'x!t,.t51'v'~"'I~e2_(l')nl ON::; B
DNS Tree Structure Components

Root DNS
Root DNS servers contain record s that link dOlllain names to their authoritative DNS servers.
There are currently 13 root DNS 11' addresses (there are more Ihan 13 servers-many addresses
are IPv4-anycast addresses and "fron!" a nUlllber of servers). The root DNS servers are not
uniformly addressable on their IPv6 addresses; some are reachable over IPv6 transport, but
severa 1 are sti 11 no!.
Top-Level DNS
These servers resolve 11' addresses for TLDs. such as .com, .net, .org, .info, .biz, and for
countly TLDs (ccTLDs), such as .us, .uk, .de, .hk, .au, and so on.
Authoritative Primary DNS

For a given dOlllain, authoritative primary DNS serve"s contain the official record s for hosts
within a given doma in name. For reverse lookups, authoritative prima,y DNS servers contain
the official reverse-Iookup records for the given 11' address. Typically, lhe forward authoritative
DNS server is nol the same host as the secondary aulhoritative DNS serve'"
Examples of records that are maintained on these DNS servers are:
"node4.example.com" - 2001:db8:800:3abc:cc5::25e4
"2001:db8:800:3abc:cc5::25e4" - node4.example.com
Secondary DNS
For a given doma in, secondmy DNS servers provide a backup in case the primary DNS server
fails. Secondary DNS servers periodically transfer records from the primmy DNS server.
© 2010 Cisco Systems, Ine. IPv6 SelVices 3-35

Caching DNS
Caching DNS servers answer queries from client devices and help reduce the load on the
primary, secondary, and rool DNS servers. No records are pennanenlly maintained on caching
DNS servers. When a caching DNS server helps resolve a record on behalf of a client, it stores
the record locally in a cache for a time-to use when answering other clients asking for the
same record-befare discarding it.
Client Devices
Clienl devices are IP nades that use a DNS resolver lo Iranslale names to addresses and
addresses lO names. Clienl devices are configured lO point to multiple caching servers.
3·36 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Syslems. Inc.
Dynamic DNS
This topic describes how DDNS works in IPv6 networks.
I Ji¡¿¡ a di
Dynamic DNS
• Dynamic DNS allows IPv6 clients

to update resource records in their
authoritative DNS server.
• Updates should be authenticated
to prevent domain hijackings,
man-in-the-middle attacks, etc.
• There are two types of DDNS
implementations:
- Client-based implementations
for endpoints, routers, etc.
- DHCPv6-based
implementations
< Stage.k Secondary DNS '
updated. '
Historically, IP-based servers had their addresses manually configured into the primaty DNS
sel'Ver. These addresses were also statically assigned on the node; therefore. the addresses and
name-to-address translation was long-lived. For example, hostname "media.example.com"
would be at IP adelress 192.168.0.200, and that enlly would be in the primary (and secondary)
authoritative DNS sel'Ver. Client machines usually elid not have an enlly in DNS, beca use the
ability to be reliably contacted by a peer node was not elesireel 01' practica!.
When most devices are both clients and servers (in other words, peers-an important driver for
IPv6 adoption) and those devices configure their addresses via, for example, DHCPv6 01'
autoconfiguration, those nodes need to dynamically create 01' update their DNS records on their
authoritative primaty DNS server. That gives them stable host-to-address and address-to-host
mappings even when their dynamically assigned addresses change. Using DDNS, DHCPv6
clients can dynamically update their record s in DNS. DDNS is stillunder active discussion in
the Internet Engineering Task Force (lETF) working groups. Many published RFCs and drafts
that are related to DDNS are in circulation.
The DDNS process goes through these stages:
• Stage 1: Keys are configured on the DNS server and client. DDNS exchanges must be
secured, otherwise man-in-the-middle attacks, in which a malicious party captures traffic
intended for another node, are possible.
• Stage 2: IPv6 node uses DHCPv6 to configure an IP aeldress 01' other information. The
address can also be configured via stateless autoconfiguration, and the DDNS update can
be performed in the same manner.
• Stage 3: The primary DNS is upelated. The DI-ICPv6 client on the node upelates the primary
DNS server for both forward and reverse records.

• Stage 4: The Secondary DNS is lIpdated. The primal)' DNS server lIpdates the secondary
DNS server via zone transfer.
Tip DDNS is an important building block for IPv6, even though it is not stricUy related to IPv6. In
IPv4, most network applications are client-server, such as web servers and browsers. In
IPv4 application architecture, clients are normally anonymous-they have no entry in the
global DNS system-and servers are only reachable at well-known DNS names.
One compelling IPv6 feature is the ability to support peer computing, in which the terms
"client" and "server" are no longer meaningful. AII nodes are complete peers on the network
and reachable via their well-known DNS name. This scenario implies that all nodes have
current entries in the DNS. From a scalability perspective, and considering that many nodes
will be mobile and will use autoconfiguration or DHCPv6 for address assignment, DDNS is
the only reasonable solution to ensure that these nodes always have a current DNS
mapping.
1I dill 11 1II 1221 i1L&
•
Dynamic DNS Process
Example: Moving a Primary

ONS-Forward
Secondary
DNS-For.vard
pe from one network SOA=example.com
2001 :db8:400::200c
SOA=example.com
2001:dbS:100::4e20
into another. 192.0.2.10 192.0.2.20
• The pe must maintain

a relationship with a
DDNS server.
• It needs to be
reachable using a DNS Primary
ONS-Reverse
name. SOA=2001 :db8:800::f48
2001:db8:700:abcd::1000
192.0.2.130
PC1 PC1 DHCPv6

node45.example2.com node45.exampre2.com Server
(inllial) (moved)
2001:db8:a::40S 200'l'db8:b':430
The figures show an example in whieh a PC is physieally moved from one network to another.
Whcn the PC is turned baek on, it exehanges trame wilh lhe DHCPv6 server and reeeives a
new IP address.
Onee the PC has been given the new IP address, it can exehange paekets with the t\Vo DNS
servers in lhe network.

ii ¿
Dynamic DNS Process (Cont.)
Example: Moving a Primary ON5-Forward Secondary DN8-Forward

SOA=example.com SOA"'example.com
pe from one network 2001:db8:400::200c 2001:db8:100::4e20
192.0.2.10 192.0.2.20
into another.
• The pe updates the
primary DDNS server
with its new IPv6
address .
• The DNS servers
handling forward and
reverse lookups must
be updated.
PC1 DHCPv6
Forward lookup: Name to address oode45.example2.com Server
Reverse lookup: Address lo name (moyed)
2001:db8:b::430
The Primal)' DNS-Forward server holds the authoritative name-to-address records for the zone.
The Primary DNS-Reverse server holds the authoritative address-to-name records for the
address range. As a result, the two primary DNS servers are updated, and the secondary servers
learn the modified records from the primal)' servers.
Forward Resolution and Reverse Registration

DDNS works well for forward resolution, beca use the node will always register with the same
authoritative forward DNS server (the server for the given domain name). For example,
bob.example.net will always register with the example.net authoritative forward DNS server.
Here, the same organization is likely to own and operate both nodes, the node changing
addresses and the forward DNS server, and a trust relationship can normally be established.
DDNS works less well for reverse registration, because the node may have moved to a
completely foreign network (for example, coffeeshop.com). In this case, the node would not
have exchanged keys with the authoritative reverse DNS server and would not be able to update
the reverse zone. Here, the same organization does not manage the node and the DNS server.
No prearranged trust relationship is likely to exist, so DDNS updates would fail.
Dynamic DNS Process (Cont.)
Example: Moving a Primar)' DNS-Forward Secondary DNS-Forward

SOA"'example.com SQA=example.com
pe from one network 2001:db8:400::200c 2001 :db8:100::4e20
192.0.2.20
192.0.2.10
into another.
• The secondary DNS
server is updated.
• The pe is reachable
from the Internet to its
new, updated IPv6 (or Primary DNS-Reverse
SOA"'2001:db8:800::/48
IPv4) address. 2001:db8:700:abcd::1000
192.0.2.130
PC1 DHepv6
node45.example2.com Server
(moved)
2001:dbB:b::430
Finally, Ihe seeondary DNS server is lIpdated lIsing zone transfer funetionality. DNS zone
lransfer is one ofthe ways thal DNS servers replicate their databases.
, Ud:
Dynamic DNS and DHCPv6
• The DHCPv6 client

address may be
¡>"nn,y DWi:- ,Ffj)\'¡rilxi :~l'('\\i\d;)fi ON~,-h)'w<wj
updated in DNS by :50t'''t!~<l,p¡:..1€.(:c;l'l 'j(jAO:(,"<¡)'llp1t. cr.:m
the DHCPv6 selVer. %G01 ,mg .HJ(J: :.?tH;<,: ¿(¡fJ1-dbR '100: <,!p;m
1(;2lJ.21() 19:~.0220
11 It is more often
used when DHCP
and DNS are tightly
integrated.
• No integrated
DHCPv6 or DNS is
available.
pel P<.>¡ DHCPv!J

node45.example2.com ,¡C"dCc¡o;;l'X;1r¡;p!t'2.c<:lm Server
(Inmal) (!~")"'l'!¡
2001:db8:a::405 2f)f) j-(Jba b :<1}O
In some implementations, DHCP and DNS are ti111etions, and the DHCP server dynamieally
updates DNS on behalfofthe client nade. This funetionality effectively moves Ihe trust
requirement from between the node and the DNS server to being, instead, between the
DHCPv6 server and the DNS server.

Surnrnary
This topic sllmmarizes the primary points that were disclIssed in this lesson.
&¡;g aa
Summary
• IPv6 allows forward and reverse lookups, using AMA records for
forward lookups. It uses PTR records in nibble format, rooted in
"ip6.arpa," for reverse lookups.
• IPv6 DNS tree structure is identical to IPv4 and contains root
DNS servers, authoritative DNS servers, caching DNS servers,
and client devices using the DNS resolver library.
• IPv6-only networks are now possible beca use many root DNS
servers support IPv6 transporto Until then, the DNS server
contacting the root DNS server had to be dual-stacked.
• Dynamic DNS allows IPv6 clients to update resource records in
the authoritative DNS, either using a client-based, router-based,
or DHCPv6 solution.
Resources
To lea,." more abollt DNS, refer to the following reSOllrces:
• lANA: /P,'6 Addressesfor Ihe Roo! Servers at http://www.iana.orglreports/2008/root-aaaa-
annollncement.htm I
• Lisl ofDNS Record 1Jpes at http://en.wikipedia.org/wiki/List_oCDNS_record_types
• Rool Ilameserver at http://en.wikipedia.org/wiki/Root_nameserver
Lesson 31
Understanding DHCPv6
Operations
Overview
One highly touted benefit of IP version 6 (lPv6) is its autoconfiguration capability. At first
glance, it might appear that autoconfiguration would lessen or even alleviate the requirements
for a process like DHCP. However, in some managed environments, network administrators
will want to control who accesses network resources and manage address allocation.
Consequenlly, DHCP will continue lo be a valuable service in modern networks. This lesson
describes DHCP version 6 (DHCPv6) for IPv6 operalions, ineluding how DHCP operation in
IPv6 differs from ils operation inlP version 4 (lPv4) and how you can implement DHCPv6
prefix delegation to improve the IPv6 numbering process.
Objectives
Upon completing this lesson, you will be able to describe how DHCPv6 operates. This ability
ineludes being able to meet these objectives:
• Describe how DHCP operation in IPv6 differs from its operation in IPv4
• Describe the operation ofDHCP in IPv6
• Identify the multicast addresses that DHCP uses in IPv6
• Describe how DHCPv6 prefix delegation IVorks
• Troubleshoot DHCPv6
DHCPv6
This topie describes th features of DHCPv6.
,. d &22
About DHCPv6
• DHCPv6 is an updated version 01 DHCP lor IPv6:

- Supports new addressing
- Allows more control than stateless autoconliguration
- Can be used lor renumbering
- Can be used lor automatic domain name registration 01
hosts using DDNS
• There are several DHCPv6 implementations available,
including:
- Cisco lOS Software
- Microsoft Windows Vista, Microsoft Windows 7, and
Microsoft Windows Server 2008
- Dibbler and ISC (Linux, BSD, Solaris)
DHCPv6 is an updated version of DHCP for use with I Pv6. It supports the addressing model of
IPv6 and benefits from new IPv6 features. Some ofthese features include:
• DHCPv6 enables more control than serverless or stateless autoconfiguration.
• It can function in a routerless environment, using only servers.
• It can be used concurrently with stateless autoconfiguration.
• DHCPv6 can be used for renumbering.
• It can be used for automatic domain name registration ofhosts using the Dynamic Domain
Name System (DDNS).
• DHCPv6 was ratified in RFC 3315 (July 2003).
DHCPv6 Operation
This topic describes how DI-ICPv6 operates.
ii 4 2 Ji 22 2 2 :::a
DHCPv6 Operation
DHCPv6 operates the same as in IPv4, with these

exceptions:
• Client first detects the presence 01 routers on the link.
o II lound, the client examines router advertisements to
determine il DHCP can be used.
o II no router is lound or il DHCP can be used, the clien!:
- Sends DHCP solicit message to the alJ-DHCP-agents
multicast address
- Uses the link-local address as the source address
Acquiring configuration data for a client in DHCPv6 is like the process in IPv4 but with a few
exceptions. The client can sometimes detect the presence of routers on the link using neighbor
discovely messages. If at least one rauter is found. the client examines the rauter
advertisements to determine ifDHCP should be used. Ifthe router advertisements allow use of
DHCP on that link or ifno router is found, the client starts a DHCP solicit phase to find a
DHCP server.
DHCPv6 uses multicast for many messages. When the client sends a solicit message, it sends
the message to the all-DHCP-agents multicast address with link-local scope. Agents include
both servers and relays.
When a DHCP relay forwards a message, it can forward it to the all-DI-ICP-servers multicast
address with site-Iocal scope. This means that a relay does not need to be configured with all
the static addresses ofthe DHCP servers. as in IPv4. If needed by policy, a relay can contain a
static list of DHCP servers.
Some servers can be configured to give global addresses using policies, for example, "do not
give to printer." Other servers (01' the same servers within a different context) can be configured
to give site-Iocal addresses using a different policy, for example, "give to anyone."
Tip DHCPv6 solicit messages are sent lrom the link-local address 01 the requesting node-the
address that the nade constructs lar itsell at initialization. The request is sent to a reserved
DHCPv6-specific multicast address. This process differs markedly from the IPv4 practice, in
which the message is sent Irom the unspecified address to the broadcast address. This
scenario is an excellent example 01 IPv6 using more elegant mechanisms than IPv4 to
improve network scalability.

&
DHCPv6 Server
• A router can act as a DHCP server.

• Operation is similar to IPv4 DHCP.
- Clients get an address assigned.
- Servers keep track 01 all bindings.
- Bindings database can be uploaded to a remote server.
• Conliguration options inelude:
- DHCP pool name
- Prelix inlormation
- Addresses lar particular elients
- List 01 DNS servers
The DHCPv6 server function can be enabled on individuallPv6-enabled interfaces.

The DHCPv6 server can provide those configuration parameters that do not require the server
to maintain any dynamic state for individual clienls, such as DNS server addresses and domain
search list options. The DHCPv6 server may be configured to perfonn prefix delegation.
AII the configuration parameters for clients are independently configured into DHCPv6
configuralion pools, which are sto red in NVRAM. A configuration pool can be associated with
a particular DHCPv6 server on an interface when it is started. Prefixes to be delegated to clients
may be specified either as a list ofpreassigned prefixes for a particular client or aS IPv610cal
pretix pool s, which are also stored in NVRAM. D1-ICPv6 configuration pools can reference and
use the list ofmanually configured prefixes or IPv6 local prefix pools.
The DHCPv6 server maintains an automatic binding table in memory to track the assignment of
some configuration parameters, such as prefixes between the server and its clients. The
automatic bindings can be sto red permanently in the database agent, which can be, for example,
a remate TFTP server or local NVRAM file system.
A DI-ICPv6 configuration information pool is a named entity that includes infonnation about
available configuration parameters and policies that control assignment ofthe parameters to
clienls from the pool. A pool is configured independently ofthe DHCPv6 service and is
associated with the DHCPv6 service Ihrough Ihe command-line interface (CLI).
Each configuration pool can contain the following configuration parameters and operational
infol'lnation:
• Prefix delegation infonnation, which can include:
A prefix pool name and associaled preferred and valid lifetimes
A list of available prefixes for a pmiicular client and associated preferred and valid
lirelimes
• A list of IPv6 addresses of DNS servers.
• A doma in search list, which is a strillg cOlltaining doma in names fol' DNS resolutioll.
2 il2 :: ¡¿¡mlllll II I 3m ¡¡¡ ¡¡¡,
DHCPv6 Server Configuration
ipv6 dhcp pool Pool!

address prefix 2001:dbB:al::/64
dns-server 2001:db8:cl::53
dns-server 2001:db8:c2::53
,domain-name example.org
interface GigabitEthernet 0/1

ipv6 dhcp server Pool!
ipv6 address 2001:db8:al::l/64
DHCP
Clienls
The figure provides an example of DI-ICP server configuration on Cisco lOS Software.
ipv6 dhcp pool Pool1
address prefix 2001:db8:a1::/64
domain-name example.org

ipv6 dhcp server Pool1
ipv6 address 2001:db8:a1::1/64
There is a DI-ICP pool named "Pool 1," which has the following configuration:
• Address prefix: 2001 :db8:a 11 ::/64
• DNS server: 2001 :db8:c 1::53
• DNS server: 2001 :db8:c2::53
• Domain llame: eX3lllple.org
On the interface G igabitEthernet 011, use the ipv6 dhcp server command to activate this pool.

"2 ]
DI-ICPv6 Servar Canfiguratian (Cant.)
• Store bindings on a remote device

Router(config).
Iipv6 dhcp database URL
• Rapid commit (two-way exchange)

Router(config-if).
I ipv6 dhcp server Pool! rapid-commit
Other configuration options are:

• Remate Dl-ICP binding database
• Rapid commit
A binding table en!ry is automalically created whenever a prefix is delegated to a client from
the configuration pool. The binding table ently is updated when the client renews, rebinds, 01'
confirms the prelix delegation. lt is deleted when the client releases all the prefixes in the
bincling voluntarily, the valicl lifetimes of all prefixes have expired, 01' aclministrators enable
the clea .. ipv6 dlleJl billdillg commancl.
These binclings are maintainecl in RAM and can be saved to permanent storage using
the agell! argul11ent. In this way, the information aboul configuration-such as prefixes
assignecl to clients-is not lost after a system reloacl 01' power-down. The bindings are storecl as
text records for easy maintenance.
Each permanent storage facility, to which the bincling database is saved, is callecl the clatabase
agent. A clatabase agent can be a remote host such as an FTP server 01' a local file system sllch
asNVRAM.
The DI-ICPv6 client can obtain contiguration paramelers from a server either thl'Ough a rapicl
two-message exchange (solicit, reply) 01' through a normal four-message exchange (solicit,
aclvertise, reques!. reply). By clefault, the four-message exchange is usecl. When both the client
ancl selver enable the rapicl-commit option, the two-message exchange is usecl.
DHCPv6 Lite Operation
(or Stateless DHCPv6)
• Described in RFC 3736.

• Used for providing additional information:
DN servers
.00
- SIP servers
- domain search list
• Does not perform address assignment.
• Nodes need to acquire addresses through other means.
....-.., ".',
DHCPv6 Lite (01' stateless DHCPv6) is lIsed in an envil'Onment where end nodes acqllire IPv6
addresses throllgh different means (most often lIsing stateless alltoconfiglll'ation). However,
they also need to obtain additional infonnation (usllally, a list ofDNS servers).
A stateless DHCPv6 server will send additional information if contacted by a stateless cIient.
The cIient \ViII be updated with additional information through DHCP Lite by using a router
advertisement (RA) message. The router needs the command ipv6 nd ... to be configured on the
interface that advertises router presence
A Cisco l'Outer running Cisco lOS Solhvare can also act as a stateless DHCPv6 c1ient if so
instructed by another router with RA messages.

a al il la Ea la 2
DHCPv6 Stateless Server
• Configure a DHCP pool with:

- DNS server
_. Domain name
• Enable DHCP server on LAN interface.
• Actívate "other configuratíon" flag in ND.
ipv6 dhcp pool ).ité''i

dns-server 20Ól:db8:cl::53
domain-name example.org
I
ipv6 dhcp server Lite}
ipv6 address 2ooi:db8:al::1/64
ipv6 nd; ót~,er-b6hfig":'fl~~j;
The figure describes how to use the DHCPv6 function to configure clients with information
about Ihe name lookup systcm. The server does not maintain a state that is related to c1ients; for
example. prefix pools and records of allocation are not maintained. Therefore, this function is
"stateless" DHCPv6.
Configuration Options
. Cornrnand Description
'.' .... '.' .......
.'. .
ipv6 dhcp pool poolname Configures a DHCPv6 configuration information

pool and enters DHCPv6 pool configuration mode
dns-server ;pv6~address Specifies the DNS IPv6 servers available to a

DHCPv6 client
domain-name domain Configures a domain name for a DHCPv6 client
ipv6 dhcp server poo/name Enables DHCPv6 on an interface
ipv6 nd other-config-flag Sets the "other configuration" flag in IPv6 RA

messages
Note Cisco lOS Software can act as a DHCP client on any router interface. To achieve this, the
command ipv6 address dhcp needs to be configured on that interface. If rapid commit is
needed. the oplional setting rapid-cornmit needs to be configured on both the client and the
server.
A DHCP relay agen!, which may reside on the client's link, is used to relay messages between
the client and Ihe server. DHCP relay agent operations are transparent to the c1ient. A client
loca tes a DHCP server using a reserved, link-scoped multicast address. Therefore, direct
communication between the c1ient and the server requires that the client and the server are
attached lo Ihe same link. However, sometimes-when ease ofmanagement, economy, or
scalability is a concel'l1-allowing a DHCP c1ient to send a message to a DHCP server that is
not connected to the same link is desirable.
3-50 IPv6 Fundamentals. Design. and Deployment (lP6FD) v3.0 © 2010 Cisco Systems, Ine.
DHCPv6 Relay Agent Notification for Prefix Delegation
DI-ICPv6 relay agent notification for prefix delegation allows the router working as a DI-ICPv6
relay agent to find prefix delegation options. These options are found by reviewing the contents
of a DI-ICPv6 RELA y -REPL Y packet that the relay agent relays to the client. When the relay
agent finds a prefix delegation option, the relay agent extracts the information about the
delegated prefix. The relay agent then inserts an IPv6 static route matching the prefix
delegation information onto the relay agent. Future packets that are destined to that prefix via
relay will be forwarded based on the information contained in the prefix delegation. The IPv6
static route is then left in the routing table until the prefix delegation lease time expires or the
relay agent receives a release packet from the client releasing the prefix delegation.
User configuration is no! required for this feature. The relay agent completes static route
management automatically.
The IPv6 routes are added when the relay agent relays a RELA Y-REPLY packet. The IPv6
routes are deleted when the prefix delegation lease time expires, or the relay agent receives a
release message. An IPv6 static route in the routing table ofthe relay agent can be updated
when Ihe pretix delegation lease time is extended.
This feature leaves a static IPv6 route on the routing table ofthe relay agent. This registered
IPv6 address allows unicas! reverse path forwarding (uRPF) to work by allowing the router
doing the reverse-Iookup to confirm that the IPv6 address on the relay agent is not malformed
or spoofed. The sta tic route tha! is left in lhe routing table of the relay agent can be redistributed
to other routing protocols to advertise the subnets to other nodes. The static routes \ViII be
removed when the cIient sends a DHCP_DECLINE message.
© 2010 Cisco Syslems, Ine. lPv6 Services 3-51

&1 ¿
'\
DHCPv6 Relay Agent Configuration
Router(config-if)'
ipv6 dhcp relay destination IPv6 DHCP server addr
• LAN interface configuration
Router(config-if)#
ipv6 dhcp relay destination fe80::db8:68 Ethernet 0/0
• Using link-local server address
Router(config-if)#
I ipv6 dhcp relay source Loopback 1
• Setting source interface for relayed packets
""0.",'"
The tigure shows Ihe necessaly commands lo enable Ihe DHCPv6 relay agent function and
speciry relay deslinalion addresses on an interface. If a link-local address is used for a DHCP
server, then the exit interface must also be configured.
The DI-ICPv6 server sends its replies to the source address ofrelayed messages. Normally, a
DHCPv6 relay uses Ihe address of Ihe server-facing inlerface Ihal is used lo send messages as
Ihe source. I-Iowever, in some networks, il may be desirable lo configure a more slable address
(such as a loopback interface) and have Ihe relay use Ihat interface as the source address of
relayed messages. The DHCPv6 relay source configuration feature provides this capability.
3-52 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Inc.
DHCPv6 Multicast Addresses
This tapie describes the IPv6 multicast addresses that DHCPv6 uses.
¿¡ & ,
DHCPv6 Multicast Addresses
DHCPv6 operates using the following mullicast

adresses:
FF05::1:3 AII DHCP servers, site-Iocal scope
'FFb5::1:4 . ~nDHcP relays:site-Iocal s6ope.
DHCPv6 uses these multicast addresses:

a FF02:: 1:2 is the all-DHCP-agents (servers 01' relays) address that clients use to
communicate with unknown agents on their local link. This address is of link-local scope.
a FF05:: 1:3 is the all-DHCP-servers address that relays (01' clients) use to communicate with
unknown site-wide servers. This address is of site-Iocal scope. A nade sending a message
to this destination address should use a source address that will be reachable by the server
for the answer. For example, a link-local adelress cannot be used as a source address for this
kind ofmessage.
a rr05:: 1:4 is the all-DHCP-relays address. Because it is an all-DHCP-servers address, it can
be used to reach all DHCP relays within one site.
Nole that DHCPv6 servers and relay agents listen on UDP port 547, while DHCPv6 clients
listen on UDP port 546.
Tip An enterprise would need lo have a wide-area (site-wide, at leasl) mullica sI implemenlalion
lo lake advanlage 01 Ihe sile-scoped DHCPv6 servers address. II Ihe enlerprise did nol have
Ihal enabling mechanism in place. Ihe relays could also be conligured wilh Ihe unicasl IPv6
addresses 01 Ihe servers. Cisco lOS Software requires relays lo specifically enumerale Ihe
localion 01 DHCPv6 servers.

DHCPv6 Prefix Delegation Process
This topic describes some configuration specifics for DI-ICPv6.
gg¡ ca a
DHCPv6 Prefix Delegation
• Service provider allocates block of addresses for delegation

to customers.
• Customer receives a prefix (e.g., /56).
• Customer assigns /64 prefixes to LAN interfaces.
DHCP RA
- HastA
Hes! B
Extensions to DI-ICPv6 enable prefix delegation, through which an ISP can automate the
process of assigning prefixes lo a cuslomer for use wilhin Ihe cuslomer nelwork. Prefix
delegalion occurs belween a provider eclge (PE) device and customer premises equipmelll
(CPE), using Ihe DHCPv6 prefix delegalioll oplion. Afier Ihe ISP has delegated prefixes lo a
customer, the customer may furlher subnel alld assign prefixes lo Ihe lillks in Ihe cuslomer
llelwork.
3-54 IPv6 Fundamentals, Design, and Deployrnent (IP6FD) v3.0 © 2010 Cisco Systems, Inc,
11•• 1 al I II!! IIIIIU 11 2
DHCPv6 Prefix Delegation (Cont.)
• Interface configuration:
_. PE as delegating DHCP server
... CPE as DHCP client and IPv6 router
Stateless
Router Autoconfiguration
Host B
""0"' "
In Ihe figure, Ihe ISP delegaling rouler will acl as a DHCP server and will allocale a prefix lo
lhe CPE. The CPE will, on one sicle, acl as a DHCP client, acquire Ihe prefix, ancl Ihen assign
slllaller prefixes lo its own local interfaces. On these interfaces, it will act as an IPv6 rouler,
sending oul muler advertiselllenls lo inforlll local clienls ofprefix availabilily. In Ihis
configuralion, Ihe ISP indirectly assigns addresses lo end nades.

ooa
Configure the delegating router.

• Configure pool of prefixes for allocation .
• Enable DHCPv6 server on CPE-facing interface.
I ,;¿"',>
ipv6 dhcp pool Customers
prefix-delegation pool C_PREFIX
!
ISP Netwc interface FastEthernetO/O
Intern ipv6 address 2001:db8:a::l/64
;, ipv6 dhcp server Customers
1
ipv6 local pool C_PREFIX 2001:db8:c::/40 48
, ' ... -'"'", ' ..
The figure shows configuration oflhe DHCP server router.

A DHCP pool, named "Customers" has a prefix-delegation command with a reference to a local
pool named C_PREFIX. The local pool C_PREFIX contains specifications mandating that
addresses will be allocated to clients, together with prefix length. Addresses that are specified
with 200 I :db8:c::/40 are reserved for further allocation in blocks of /48. Therefore, eaeh c1ient
will receive one /48 fl'Om the /40.
3-56 IPv6 Fundamentals, oesign, and oeployment (IP6Fo) v3.0 © 2010 Cisco Systems, Inc.
lE i li IIU 2
Configure the CPE .

• ISP-facing interface is the DHCP client.
• LAN-facing interface is the IPv6 rauter sending RA message.
interface FastEthernetO/O
ipv6 address 2001:dbB:a::2/64
ipv6 dhcp client pd PREFIX
I
interface FastEthernetl/O
ipv6 address PREFIX :: üifi,'oTi):'Al/64
I
interface FastEthernetl/l
ipv6 address PREFIX : :2'i'óHraEÚ64
The figure sho\Vs a sample configuralion of a ePE rouler. The interface facing lhe sen'ice
provider acls as a clienl and has a prefix delegation reference called PREFJX. This prefix
delegation willmake it possible to refer to the allocated prefix \Vith the variable PREFJX later
011.
Interfaces facing the LAN devices are configured \Vilh 8n IPv6 address with 8 reference to the
prefix name PREFIX. The ISP defines the first 48 bits, so only the last 80 bits must be listed.
For autoconfiguralion to 1V0rk. the network mas k is set to /64.

DHCPv6 Troubleshooting
This topic describes how to troubleshoot DHCPv6.
. . ¡¡¡B. :a
Troubleshooting
DHCPv6 show commands:

• show ipv6 interface brief
• show ipv6 dhcp pool
• show ipv6 local pool
Router' ShOH lpv6 dhcp pool
DBCPv6 pool: Delegate
Prefix pool; . SRV
preferred lifetime 604800, valid lifetime 2592000
Active clients: 1
D8CPv6 pool: Lite
DNS servar: 2001:db8:dOdO::l
DNS server: 2001:db8:dOdO::2
Active clienta: O
Router' show ipv6 local pool

Prefix Free In use
2001:db8:afOl:1::/48 255 1
Verification or troubleshooting implies the use ofshow and debug commands. Use these show
commands when checking DHCPv6 operation:
show ipv6 interface brief
This command willlist all interfaces and their IPv6 addresses. If one or more interfaces are
configured to acquire an IPv6 address through DHCP. you can quickly check ifit worked with
this command. It will be the first command that you use when troubleshooting client
fUllctionality 011 a router.
show ipv6 dhcp pool
This command will show all DHCPv6 pools on a router. In the figure, the output shows t\Vo
pools:
• A pool that is named "Delegate" is used for prefix delegation with one c1ient.
• A pool that is named "Lite," which is used only for sending DNS server information
(DHCP Lite).
show ipv6 local pool

Use this command if, when lIsing prefix delegation. you specify the address range with a local
pool. The DHCPv6 pool will show only a reference to a local pool. and you willneed an
additional command to verify the addresses. The figure provides an example.
3-58 IPv6 Fundamentals, Design, and Deptoyment (tP6FD) v3.0 © 201 OCisco Systems, Ine.
_ li 1 HIU 1IIi I I J 1= =
Troubleshooting (Cont.)
show ipv6 dhcp binding
Routerl show ipv6 dhcp binding

sinister'sh ipv6 dhep binding
P:
~dl:ie~t:T~,1'E,8'ÓT: i Cá,~ 4b'~F'fF~3 Spl
::3;, f?,t11fi ~< ooo,~ O,~oJC~Q 14:03 60~,O~I>;;~
username i unasslgned
Interface : :F.il5t!H:;h~rn'citó?(r
lA PO: lA ID Ox00040001, TI 302400, T2 483840
t:j"r,~f~~J;"~',20Ól; Ciba: a~Oi Ui"§.7s6 '1
preferred lifetime 60.480.0, valid lifetime 2592000
expires at Hay JO 2010. 01:03 PM (2331577 seconds)
lA NAI lA ID Ox00040001, TI O, T2 O
The sltow ipv6 dltep bindillg command shows the state ofall current c1ients ofthe DHCP
server. In this figure, you can see the client ID, the interface on which the client is connected,
and Ihe assigned prefix.
¡¡¡¡¡ 2JiI a
show ipv6 dhcp interface

Routar' sbotl ipv6 dhcp:- 1I:lto,rEa,(;e
FsstEehernetO/O la in ,qi~~nt. '~~
Profix Sta.te 16 OPEU
Renew will be sent: in 11139:43
Address State 1s IOLE
" , ''', ,," ,':,:;,\}':'1',,>, : ,,'' ;¿
i:t;I'Sf.:':óf":jtnBWñ"/sfirver'sF"{' ::, ,>:
t>t; ité'á~b.'bJé:'vfá ',áddi6s'i: F'fi~ó '{ icá,óo'I'4o'FF/fE36'; 8
0010: 00030001CA004036000a
preferencel O
Conflguratlon parameters:
lA PO: lA ID Ox00040001, TI 302400, T2 483840
Prefixl 2001:db8IafOI:11:{56
preferred 1ifetime 604800, valid Iifetime 2592000
expires ot Hay 30 2010 01:03 PH (2331583 seconds)
Infonllotion refresh time: O
Prefix name: OelegatedPrefixes
Prefix Rapid-Commit: disabled
Address Rapid-Commit-: ",dis,~,ble,d
Fast-Et-hernet.l/O 15 int:ii,~r!'5=i,'-'tn?d-;:¡;l
Using pool: clients
Preference value: O
Hint. from client.: ignored
Rapld_Commit: dlsabled
The sltow ipv6 dltep interface command will tell you whether an interface is in client or in
server mode. For client mode interfaces. you will see a list ofknown servers, the client ID, and
acquired information.
© 2010 Cisco Systems, Ine. IPv6 Serviees 3-59

fiili Ji
DHCPv6 debug commands:

• debug ipv6 dhcp [detail]
• debug ipv6 dhcp relay
IPv6 DHCP: DHCPv6 changes state from IDLE to SOLICIT (START) on

FastEtbernetO/O
IPv6 DHCP: Sending SOLICIT to FF02::1:2 on FastEtbernetO/O
IPv6 DHCP: Received ADVERTISE from FE80::C800:4DFF~FE36:8 on
FastEthernctO/O
IPv6 DHCP: Adding server FESO::C800:4DFF:FE36:8
IPv6 DHCP: Sending REQUEST to FF02::1:2 on FastEtbernetO/O
IPv6 DHCP: DHCPv6 changes state from SOLICIT to REQUEST
(ADVERTISE_RECElVED) on FastEthernetO/O
IPv6 DHCP: Received REPLY from FE80::C800:4DFF:FE36:8 on
FastEtbernetO/O
IPv6 DHCP: proccssing options
IPv6 DHCP: Adding prefix 2001:DB8:AF01:l::/56 to Prefixes
The Iwo debug C0111111ands for DHCPv6 are debug ipv6 dhcp \Vith the optional detail keyword
and dcbllg ip,,6 dhcp rclay. The former will be useful when debugging either DHCP server 01'
DHCP client functionality on a Cisco lOS Software router, while the lalter will be used when
troubleshooting DHCP relay functionality.
The figure lisIs sa111ple output oflhe debllg ip,,6 dhcp c0I11111and on a working DHCP client.
3·60 IPv6 Fundamentals. Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
Summary
This topic Stlllll11arizes the pril11ary points that are disclIssed in this lesson.
[&mil Ci2 Mil
Summary
• DHCP has been updated to support IPv6, including the ability

to work with stateless autoconfiguration.
• IPv6 hosts use DHCPv6 when there is no router present on
a link, or a router advertisement instructs them to do so.
• The DHCPv6 specification allows the use of multicast
addresses to support forwarding of messages frol11 DHCPv6
relays to DHCPv6 servers.
• DHCPv6 prefix delegation allows an upstream router
to delegate an entire prefix, rather than a single address,
to a downstream router.
o Configuring DHCPv6 prefix delegation requires configuring
the provider edge and CPE routers, then troubleshooting.

Lesson 41
Understanding QoS Support in

an IPv6 Environment
Overview
No! part of the original IP frame\VOI"k, quality of service support is important to many modern
Internet technologies, such as unified communications and multimedia services over IP.
Underslanding the support mechanisms in IPv6 for enabling Quality ofService will help you
efTectively develop QoS schemes fOl" IP version 6 (IPv6)-enabled networks. This lesson
describes quality ofservice (QoS) SUppOlt in IPv6 and provides a more detailed explanation of
Ihe I Pv6 Flow Label.
Objectives
Upon completing Ihis lesson, you will be able lo describe the fields in the IPv6 header that are
used to support QoS and explain how these fields differ from the IP version 4 (IPv4) QoS
model. This ability inc1udes being able to meet these objectives:
• Discuss the lields that are used in the IPv6 header to support QoS functions
• Discuss the flo\V label field in the IPv6 header and ho\V it is structured to potentially
support QoS
• Explain how QoS in IPv6 is configured in the Cisco lOS Software
IPv6 Header Fields Used for QoS
This topic describes the IPv6 header fields that are used to support QoS functions.
,
IPv6 Haader Fields Usad for QoS
• IPv6 was designed to suppor! OoS natively.

• Two lields in an IPv6 header enable awareness 01 OoS:
- Traffie Class
- Flow Label
• Additionally, IPv6 can be extended via extension headers to
possibly suppor! entirely new OoS mechanisms.
• OoS processing must be delined on network devices, using
In!Serv or DiffServ modes olopera!ion.
IPv6 was designed to natively support QoS from the beginning. The IPv6 header contains two
different fields that are designed to support QoS:
• Traffic Class (8 bits)
• Flow Label (20 bits)
In addition, because ofthe expanded reach of IPv6 via extension headers, you can add new
fea tu res to IPv6 by defining new options to put into either the Hop-by-Hop Options header 01'
the Destination Options header. You can also create entirely new extension headers.
However, entirely new QoS paradigms and mechanisms are not really needed, so current QoS
mechanisms are used. Current QoS implementations are based either on the Integrated Services
QoS model (IntServ) 01' on the Differentiated Services QoS model. IntServ is used when
absolute QoS guarantees are needed. DiffServ defines "soft" QoS guarantees by just
prescribing the behavior of a device that is based on the priority ofthe packet (the per-hop
behavior, or PHB). For example, absolute priority forwarding for importan! packets and normal
forwarding operation for all other packets.
Note You can lind more inlorma!ion about 008 mechanisms and principies in the Implementing
Cisco Ouality 01 8ervice (008) course. Though the course is locused on IPv4 008, the
operation 01 rauter lar IPv6 packets is the same.
3-64 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
&TI i2 u Ii 1;; 2i12ii dI!
IPv6 Traffic Class Field
• The Traffie Class field is the same as the IPv4 ToS field.
I I
Source Address 40
Oclels
Deslinalion Address
Exlension Header Infonnalion Variable

lenglh
Dala Portion
,1
32 Bits
The I Pv6 Traffic Class field is an eight-bit field identical to the type of service (ToS) field in
IPv4.
QoS field position has been moved towards the beginning to allow for easier hardware
processing ofpackets. When receiving a packet, the network device can determine the priority
of the packet very earry in the process.

IPv6 Traffie Class Field (Cont.)
o Eight-bit field that is identical to IPv4 ToS field. n

o Six bits are used for DSCP.
~ - , · \.C
o Remaining two bits are used for ECN. ( LO?'.'
o The Traffic Class field is mutable between source and
destination nodes (may be changed).
o Used to preserve packet QoS information end to end and
also when the packet crosses Layer 2 domains.
o T raffic Class or Flow Label field change does not affect IPsec
integrity and security, since these are mutable fields.
n
,," . , \
Both the IPv6 Traffic Class and IPv4 ToS nelds are used in the differentiated serviees
(OiffServ) arehitecture that is defined in RFC 2474, D~fillitioll oItile Difrerelltiated Serl/ices
Fie'" (DS Field);1I til e IPI/4 alld IPI/6 !-Ieoders. Six bits ofthe Traffic Cluss field are speeified
for use as the differentiated serv iees eode point (OSCP) field, in whieh eaeh OSCP specifies a
particular per-hop behavior (PHB) that is applied to a packet at a net\Vork device.
The remaining two bits of the Traflie Cluss field are defined in RFC 3 168, rile Additi(!/1 oI
Explicit COllgestioll Notificatioll (ECN) to IP. ECN is a nonlossy \Vay to indieate congesti on on
o
a link and to infonn other systems to throttle traffie being sent, to avoid packet drops due to
congestiono
The Traffie Class field resides in the IPv6 paeket header and lI/arks the paekets aeeording lo
their priori ty. This means that the Traffic Class can be ealled a Lay er 3 lI/arker. Beeuuse Ihe
IPv6 header does not ehange in tran sit, thi s header is eonsidered an end-to-end marker as \Vell.
Layer 2 markers, sueh as C lass ofServ iee (CoS) for Ethernet networks, are valid only for a
single Layer 2 domain.
I f un I Pv6 packet needs to eross mulliple Layer 2 domains from its origin to its destination , the
Traffie Class marker \Vould be kepl unehanged from end lo end. New Layer 2 QoS markers
would be imposed eaeh tim e sueh a paeket would be forwarded from one router l o unother over
o
a Layer 2 network.
o
Note Traffie Class is defined as a mutable fi eld, meaning that it is permi ssible for intermediate
nades on the path (routers) lo ehange the value 01 a lield during transil. As a result, the
Traffie Class field is unproleeted by the Authentieation Header (AH) when IPsee is in use.
This silualion is aeeeptable beeause Ihe destinalion nade does nol diseard paekets as
invalid when, in laet, only a mutable field has ehanged. o
n
3-66 IPv6 Fundamentats, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
n
IPv6 and the Flow Label Field
Thi s topic descri bes the Flow Label field in Ihe IPv6 header and how it is strllctll red to
potentially sllp port QoS.
IPv6 Flow Label Field r .5 L "

A) rj,,,, \,",\
"'\
r<1vn;L,
• Flow Label is a new IPv6 header lield.
Version ITraffie Class L . . i ~Ibw Lobal · 20 BII9 f J

, .' Payload Lenglh I Next Header I HopUmit
..,-
Source Address -
, ,
" ,
- 40
Octets
. '. "
-
" . Oestinaiion Address '-
-
u Next Header I Exlension Header Informalion

~ -~
Variable
l englh
Data Portian
u 32 Bits
u T he FlolV Labe l fie ld is a nelV 20-bit fie ld that appea rs in Ihe IPv6 basic header.
u
u
u
(j
(j)
u
© 2010 Cisco Systems, Ine. tPv6 Services 3·67
tE i
IPv6 Flow Label Field (Cont.)
• A new field, used to label packet flows.

• A flow can be used to request nondefault 008.
• The Flow Label field is immutable between source and
destination nodes (may not be changed, unlike Traffic Class
field).
• There are no existing implementations 01' standards defining
Flow Label field for 008; they could be used to mark media
streams.
• The flow label has security implications; it is necessary to take
care of flow label generation (sequential and pseudo-random),
and to prevent flow label theft.
. " .... , ," 'e,.. '. ,
The Flow Label r.eld is used to label packets belonging to specific flows:
• Source address, destination address, and flow labelmay uniquely identity a flow.
• The flolV label can be used for special sender requests, such as nondefault QoS and real-
time sen'ices.
• There can be multiple flows between a source and destination, as distinguished by separate
nonzero flow labels.
• No implementation of the flow label currently exists. nor is its exact usage yet defined.
There is a current IETF RFC that describes, at a high level, the basic requirements for (he
flow label (RFC 3697, IPv6 FlolV Label Specification).
• The FlolV Label field is immutable; its value must arrive at (he destination unchanged.
The Flow Label field enables per-flow processing by routers in the path. This function provides
differen(iation ofthe traffic at (he IP layer without having to open the transport layer header to
identify the flow.
Tip Consider a fragmented or enerypted paeket. When a paekel is fragmenled. Layer 4 header
information, sueh as TCP por! number. is nol carried in each fragment. In Ihis case. for IPv4.
QoS cannol be applied lo each fragmenl when QoS classification is based on TCP por!
numbers. For IPv6 and Ihe flow label. flows are classified only wilh informalion in Ihe base
header, which appears in each fragment.
For IPsec-enerypled packels. Layer 4 informalion is enerypled and nol available for QoS
processing. The flow label and source or deslinalion IP addresses are always visible in an
encrypled packet. allowing QoS processing,
3-68 IPv6 Fundamentals. Design. and Deploymen( (IP6FD) v3.0 © 2010 Cisco Systems. Inc.
.hU2 I III1 11111 _UilJlliU I IIIm21 11 1I
IPv6 Flow Label Field (Cont.)
• A Flow Label field can be used if the encryption protocol

"hides" the Layer 4 port number, which would be the base for
traffie classifieation.
• The transport layer information can be located at a variable
offset due to the presenee of option headers.
• A flow label ean be used to classify sueh traffie and to ensure
OoS, based on the information in the first header.
The flo\V labels can be used to classify traffic it: for some reason, classification cannot be
performed otherwise. As an example. packet encryption might obscure the transpOlt layer
headers that would otherwise be used for classification. Classifieation using flow labels eould
be usefu\.
Seconclly, to enable Iruly hardware-based QoS proeessing, Ihe presenee-or nonpresenee----of
option headers changes the position (offset) of a transporl layer header. Using flow labels, su eh
packets eould be classified based on the information in the IPv6 (Layer 3) header.
© 2010 Cisco Systems, Ine. IPv6 Services

IPv6 QoS Configuration
This topic describes Cisco lOS Software and IPv6 QoS confrguration and feature suppor!. ()
()
QoS Features Supported in IPv6
()
• OoS features supported for IPv6:
\ I G,,¡;:""
_. Paeket classifieation (P Q sen'\. ", \,0,\"" ,) """~ "
- Oueuing .~<o \ .
, ~ K'<. ",\<, C'~. ,X
_ Traffie shaping ""J ')t.' ~
O\. ('a.~' Q-6. \
- Traffie policing 2,\ o~" " \,~\ ~

-- WRED
-- Class-based paeket marking
- Network-Based Applieation Reeognition (NBAR) ~<!tO","'<:" ~ ~;¡c».. .I"~'
Q.1 5-'>
• Available in both process and Cisco Express Forwarding
switching paths.
• By omitting the ip eonfiguration keyword, the rules apply to both
IPv4 and IPv6 traffie. .\
,
\=-\'\).\'.i', :) ~ OJ-\."
'S'''\'rlU>~
~
5«<,-",1- 7
,...,....,,,.' ,,. ",,,... ,..,, ~"'\"t\, " .. C\~\('" 1("'. ,
Cisco lOS Software supports many IPv4 QoS features for IPv6, with both process and Cisco
Express Forwarding switching paths. Classifrcation can be accomplished based on protocol ()
(IPv4 01' Il'v6) 01' on protocol-independent values such as DSCP, c1ass of service, 01' Layer 4
por!.
Traffie policing and multiple shaping method s are suppolted (both Frame-Relay traffre shaping
[FRTS] and Generi c Traffic Shaping), in addition to weighted random early detection (WRED)
congestion avoidance. Most queuing methods are supported, including low latency queuing
(LLQ).
With new software platforms, support for Network-Based Applieation Reeognition (NBAR) is
beeoming available. An example of such a platfonn is the Cisco ASR 1000 Series Routers; the
operating system is Cisco lOS XE Software.
QoS for IPv6 is supported in all newer releases since the Cisco lOS Software Release 12.2T
and Cisco lOS Software Release 12.0S.
Using IPv6 in Cisco Express Forwarding hardware switching paths has a few hardware-based
restrictions. These restrictions are usually due to ASIC processor cycles for IPv6 addresses
(Cisco Catal yst 6500 Series Switehes or Cisco 7600 Series Routers). They can also be due to
minimum subnet l11ask size beca use of hardware TCAM strllcture (mainly Cisco Catalyst 3560
switch es, and so on).
Tip When configuring 005, lhe ip keyword in the Cisco 105 CLI relales lo IPv4. By omilling lhis
o
keyword, actions are applied to both IPv4 and IPv6 lralfic. When using lhe ipv6 keyword,
005 aclions are applied lo IPv6 lralfic only. ()
n
3·70 IPv6 Fundamentals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
o
, &. I 1I bU.
QoS Features Not Supported in IPv6
• Compressed Real-Time ProtoGol (cRTP)

• Committed access rate (CAR)
• Priority queuing (PO)-not LLOI
• Custom queuing (CO)
"'1'.,"' ,:,
These QoS features are cllrrently not sllpported in IPv6:

• Compressed Real-Time Protocol (cRTP)
• Committed access /"ate (CAR)
• Priority qllelling (PQ), not LLQ
• ClIstom qllelling (CQ)
Many ofthese features lIse older 01' discontinlled software 01' hardware QoS engines (for
example, PQ, CQ, and so on). These engines have been replaced with new QoS engines, and
these do slIpport IPv6, in addition to IPv4 (that is, LLQ, class-based weighted fa ir qllelling
[CBWFQ], and others).
Featllres sllch as NBAR are becoming available for IPv6 as well, especially on software-based
rOllting platforms, sllch as the Cisco ASR 1000 Series ROllters.
Technologies sllch as cRTP have been lIsed in IPv4 networks in the past when bandwidth was
less available. There was no demand to implement sllch featllres for IPv6.

IPv6 QoS Configuration
IPv6 QoS configuralion in Cisco lOS Software is

nearly idenlical lo Ihe IPv4 model:
• Modular QoS CLI (MQC) supported
• Class maps , policy maE.s, and service policy constructs ,c\.J~ 1" "6 ' « \\..:., ~\ .
• Support for most QoS features for managing IPv6 traffic
• Different commands for configuration on Cisco Catalyst
switches, but IPv6 supported
n
,',.-,- •• ',0« , •.,~""" ~~ ."~.:,, •••• >,
Configuring IPv6 QoS in C isco lOS Software is nearly identieal to eonfiguring QoS for IPv4.
These basie eonfiguration elernents are the same:
n
• Modular QoS CL! (MQC) is supported.
• Class maps, poliey maps, and serviee poliey eommands are used.
()
The MQC is a eonsistent, flexible way to configure QoS polieies on Cisco routers. The three
elements in the MQC ea se eonfiguration tasks by enabling entire QoS policies to be applied to
interfaces using a single eommand, as follows:
• Class maps: Class maps define whieh traffie to apply QoS polieies tooPowerful
e lassifieation eommands are available to sort traffie that is based on Layer 2, 3, 4, or 7
eriteria. New for IPv6 is the ability to match traffie that is based on protoeol, so, for
example, you can match just IPv6 DSCP Expedited Forwarding (EF) traffie.
• Policy maps: Poliey maps are used when QoS polieies are applied to the "'affie plaeed in
()
the elass maps previou sly defined. Paeket 111arking (Layer 2 or 3), polieing and shaping,
eongestion avoidanee, WRED, and various queuing methods are applied using poliey maps.
In addition, CBWFQ bandwidth guarantees can be applied, and priority queues can be
established for real-time traffie.
• Sel'vice policies: Service polieies apply poliey maps to interfaces in a specifie direetion
(inbound or outbound).
Configuration ofQoS on C isco Catalyst switehes uses different eom111ands or sube0111rnands, n

sueh as set-dscp-tl'ansmit or policed-dscp-tl'ansmit when using traffie polieing. The polieing
meehanism on Catalyst switehes is eonfigured in the same way as for IPv4 beeause it works for ()
both I Pv4 anel I Pv6 traffie.
Note On Cisco Catalyst switehes, more stress is on Layer 2 OoS, whieh depends on the CoS ()
marker to determine hardware queues for the traffie.
3-72 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 20 10 Cisco Systems, Ine.
o
u
u Cisco lOS MQC-Class Maps
router(config)'
C_l_a-::S:-S_-_m:-a..:p----'{_C.,-l_a_SS,-----n_a_m.,-e--'I_C_l_a_S_S_-d-:e:-f_a_U_l.,..t.:.}_ _.,--_ _ _ _-'~
LI ~ ~ ~\ ...... ;, 4- ~ ~.,. .te q:. ~
$, r Q
• Creates and enters class-map configuration mode

u router(config-cmap)#
Imatch [ip I ipv6] dscp dscp-value
• Matches packets based on DSCP value
u router(config-cmap),
Imatch access-group access-group-name
• Matches packets using a named IPv6 ACL
• Access list allows matching on flow labels also
f O\\I:>') ~~ - - e....\O"H,~. <::i;~~J ~.J.\\.,(, '7 (\~\'JrQ. J o. 'V'""\.. .... r ~}fJ Q .s:/'Oj<J
S< ,"," ~~,\..,c'7
u Defining class l1laps is Ihe first step in creating a QoS policy us ing the MQC. For each e1ass of
traffic that you wish to apply policies to (including a default class), decide which traffic to
place in that class. Classification can be done using any ofthese l1lethods:
• Layer 3 I Pv6 source or destination address
• Any other Layer 3 or Layer 4 criteria, when using an access list
• Layer 2 e1ass of service (CoS)
u •
•
IPv6 DSCP, stored in the Traffie Class field
Protocol type
u • Flow label. Flow labels can be l1latehed lIsing an aceess list (lIsing the permit ipv6 any
any now-Iabel statemen!).
u
© 2010 Cisco Systems, lne. IPv6 Services 3-73
(j)
.
Cisco lOS MQC-Policy Maps
router(config)'
Ipolicy-map policy-name
• Creates and enters poliey-map eonfiguration mode
router(config-pmap).
LIc::l::a::s::s:.....:c..:l..:a..:s.::s_-=n=am=e_________________-ll"'~ ~ e I.lJ},.. 0.0)
• Ineludes the defined class in the poliey map
router(config-pmap-c)'
Iset [ip I ipv6] dscp dscp-value
• Marks paekets with the speeified DSCP value
router(config-pmap-c)#
bandwidth {bandwidth-kbps I percent percent}
• Specifies a minimum bandwidth guarantee to a traffie class
The poliey map is where Ihe aelual QoS poliey is applied to traffie on Cisco routers. Multiple
poliey maps may be ereated, eaeh refereneing a different set of elass maps. [n the policy map,
the class eommand is used to identify eaeh c\ass map that you wish to apply QoS meehanisms
too The aetions under the pmap-c eonfiguration mode fall into these general eategories:
• Ma .. king: These attributes can be set and modified:
Cell loss priority (CLP) bit when a paeket is due lo be transferred over an ATM
network
CoS value of an outgoing paeket on Ethernet networks
.----
DSCP value in the Traffie Class field
,,-,~--_.
Diseard eligible (DE) bit setting in the address field of a Frame Relay frame
Multiprotoeol Label Switehing (MPLS) experimental (EXP) field on all imposed
label en tries
MPLS EXP field value in the topmost label on either an input 01' an OUlput interface
• Policing and shaping: These traffie regulation meehanisms are supported:
Generie traffie shaping
Class-based lraffie shaping
Frame Relay traffie shaping (FRTS)
• Congestion avoidance: These Iypes of WRED are sllpported:
Flow-based WRED
DSCP-based WRED
• Congestion management: This category comprises lhe various queuing melhods and
supporls Ihe following:
Weighted fair queuing (WFQ)
CBWFQ
LLQ, which is really CBWFQ plus a strict priority queue
© 2010 Cisco Systems, lne. IPv6 Services 3-75

Cisco 105 MQC-Service Policies
router(config-if) '
service-policy {input I output} pOlicy-name
• Applies named policy map lo an inlerface
,,/0
c l ass-ma p test ! _
IIIatch dscp e!
policy-map priorlty50
t"t,.c~I \Q) ~ o.. ....,ot}. t <'" "" ,,\) .
~ ~\\-~(.,.
class t.est.l l\!)"J _ \,\\- ~iY l (. O
prioray 50 ~, \ ~~ \
int.erface fast.elhcrnet.O / l
scrvlce-pol icy input. priorit-ySO
"'.~.,,; .... ~-
The servicc-policy command applies a given policy map lo a specific interface, in either Ihe
inbound or outbound direction. O nly one policy map per direction can be configured at a time
o
0 11 an interface.
The figure shows a complete, although simple, example of a QoS configuration using the
o
MQC, as follows:
• The c1ass-map testl com mand matches packets with the DSC P va lue of EF (usually real-
time traffic).
• The policy-map priority 50 command includes a s ingle elass, test l. and assigns the
packets in Ihe elass to a priority queue with a minimum bandwidth guarantee of 50 kb/s.
• The priority5 0 policy map is app lied to FastEthernet 011 in the inbound direction \Vith the
service-policy command.
Note The DSCP va lue Ihal is described as EF is aClually recommended lo be "101110." The "EF"
is nol inlended lo be a hexadecimal value, but slands lor "Expediled Forwarding." It is
designed lo provide low-de lay, low-jitter, and low-Ioss serviee. A classic use of EF is to
support Vo lP, which requires these two characterislics to perform well: low latency and low
o
jiUer. VolP is nol very sensitive lo loss 01 an occasional packe!.
n
()
3-76 IPv6 Fund amenlals, De sign , and Deployment (IP6FD) v3.0 © 2010 Cisco Systems. tne.
n
Surnrnary
This topic S1l11l11larizes the pri11lary points that are disclIssed in this lessol1.
al bUba: ¡¡ aMi ¡¡; i &
Summary
• IPv6 eonlains Iwo QoS header fields: Ihe Traffic Class field and
a new Flow Label field.
o The Traffie Class field specificalions are Ihe same as Ihe IPv4
ToS field. The Traffic Class is an end-Io-end marker, bul il can
be changed in Ihe nelwork depending on nelwork policy.
• The flow label remains unchanged in transil and idenlifies a
particular flow. II can be used for classification when Layer 4
dala is encrypled.
• QoS improves nelwork service by adjusting traffic priorily using
regular QoS mechanisms, such as queuing, Iraffic shaping, and
policing.
• IPv6 QoS configuration is similar lo IPv4 QoS configuration,
bolh on Ciseo routers and on Cisco Calalyst swilches.
'~".--" <.
Resources
To leal'l1 more about IPv6 QoS cOl1figuratiol1, please refer to the following material:
• Cisco ¡OS ¡Pv6 COI¡flguratiol1 Gllide, Re/el/se 12.4: IlIIp/elllel1fing QoSfor ¡P,,6 at
http://col1l1.com/el1/US/docs/ioslipv6/configuration/guide/ip6-qos. html#wp I055789

Lesson si
Using Cisco lOS Software

Features
Overview
Cisco supports many tools and applications that manage and troubleshoot networks. To
maintain this capability for IP version 6 (IPv6)-enabled networks, these tools and applications
have been modified. This lesson describes Cisco lOS tools such as Telnet, TFTP, Secure Shell
Protocol (SSH), and others.
Objectives
Upon completing this lesson, you \ViII be able to describe and configure advanced Cisco lOS
features to support IPv6. This ability includes being able to meet these objectives:
• Describe and configure SSH and Telnet on Cisco l'Outers
• Describe and configure TFTP, HTTP, traceroute, ping, and NTP on Cisco l'Outers
• Describe Cisco Discovery Protocol support for IPv6
• Describe Cisco Express Forwarding support for IPv6
• Describe IP SLA functionality for IPv6
Cisco 105 Software Features
This tapie describes IPv6 service SUppOlt in Cisco lOS Software .
•
Cisco lOS Software Features
• A router running Cisco lOS Software can act as a client or a

server for many services.
Routing protocols
Network services
Management access
• To fully support IPv6, all of these services must be IPv6-
capable.
• Configuration may differ slightly compared to IPv4.
A router running Cisco lOS Software is notjust forwarding packets. It also runs routing
protocols, which may need to communicate over IPv6. (The "IPv6-Enabled Routing Protocols"
module specifically addresses IPv6 routing protocols.) In addition, a router can al so offer
various network services, can act as a troubleshooting platform, and must support vario LIS
protocols for administrative access.
In an IPv6-only Iletwork, all these features must fully support IPv6 as a transport mechanism.
\ ,
In most cases, IPv6 configuration commands do not differ significantly fi'om their IPv4
cOllnterpmts. Sometimes ¡he commands are ¡he same, In some cases, however, configllring
IPv6 and configuring IPv4 are substantially different.
_i1iI. JaIILI.b J. 1111 ¡ Lid I 1& la•••
Cisco lOS IPv6 Telnet Support
line vty o 4
transport input telnet
• IPv6 Telnet server is enabled when Telnet support is enabled.
Irouter# telnet 2001:db8:1:1001::f

• Cisco lOS Software Telnet client fuUy supports IPv6.
line vty o 4
ipv6 access-class TELNET CLIENTS
• Access control can be enforced.
Telnet is a primary method of doing remote management. Unfortunately, Telnet is insecure

becallse Telnet data goes over the net\Vork in cleartext.
The Telnet client ami server sllpport IPv6 connections. YOll can connect directly to a l"Outer
lIsing an IPv6 Telnet client. You can also initiate an IPv6 Telnet connection from a router.
These commands enable Telnet access on a Cisco l"Outer:
• l"Outer( configl#line "Iy O 4
• l"Outer( config-Iine)#passwo ..d passlI'ord
• router( config-line)#Iogin local
Telnet protocol can be explicitly enabled 01' disabled with a (noJ t ..anspo .. t inpnl telnet line
configuration command.
You can restrict access via Telnet by applying an access controllist (ACL) on the virtual
terminal interface, an ACL on the ingress router interface, 01' both.

2 2
Cisco lOS IPv6 SSH Support
• Cisco lOS Software supports IPv6 SSH:

- Can replace Telnet for interactive session on router
for added security
• Authentication is protected .
• Session is protected .
• SSH is available in Cisco lOS Software with 3DES
cryptographic software.
SSH is a popular replaeement for Telnet beeause it provides seeurity features not available on
Telnet. In a plain Telnet user session, the authentication and the session are transported in
clemiext over the network. Anyone in the path between the user and the router can intercept the
session information.
SSH proteets the interactive session through encryption and can also be used to provide
stronger authentication mechanisms and other features. SSH is available for both IPv4 and IPv6
when running all IPsee-capable version ofCisco lOS Software.
You can restriet access via SSH by applying an ACL on the virtual terminal interface, an ACL
on the ingress router interface, or both.
IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
3&& 2 III BILE 1I1 I LEd I JI IIUi
Cisco lOS IPv6 SSH Client
Cisco lOS Software supports an IPv6 SSH client.
router#
ssh [-v {l I 2}1 [-c {3des I aes128-cbc I aes192-cbc I
aes256-cbc}] [-1 Login_name] [-m {hmac-rnd5-128 I hmac-rndS-
96 I hmac-shal-160 I hmac-shal-96}]
[-o numberofpasswordprompts n] [-p port-num] [-vrf VRF]
{ip-addr I hostname} [comrnand]
• Connects to SSH server specified as an IPv6 address or a hostname
i;'····
In Cisco lOS Software, lhe SSH IPv6 client is supported. An IPv6 address 01' a hostname can be
used as a destination in an SSH command. The commancl syntax is the same as the IPv4
command syntax, and many oflhe command switches Iisted in the figure are optional.
@2010 Cisco Systems, Ine. IPv6 Services 3-83

U2s lb a
Cisco lOS IPv6 SSH Servar
Cisco lOS Software supports the IPv6 SSH server.

• Supported on platforms using Cisco lOS 3D ES software
router(config)'
lip ssh parameters
• Configures SSH control variables on your router

• Changes IPv6 settings even though command begins with ip
router#
IShOW ip 5sh
• Displays the version and configuration data for SSH
routeri
Ishow 5sh
• Displays the status of SSH server connections
The commands for the SSH selver support IPv6 on all supported platforms running IPsec Cisco
lOS Software codeo
The router must have already generated a key pair. The command to generate a key pair is
J'Outer(config)# crypto key generate rsa. This command, in turn, requires that you have a
hostname and a domain name that are defined by using these commands:
• router( config)#hostname somerouter
• router( config)#ip domain uame example.com
Cisco lOS IPv6 Tools
This topie describes three common network diagnostic tools available in Cisco lOS Software.
J & a ia iJ& iZi
Cisco lOS IPv6 Tools
These IPv6 applications are available in Cisco lOS

Software for network diagnostics:
• Traceroute
• Ping
The following protocols are available for data transfer
and remote management
• TFTP
• HTTP
• Syslog
• SNMP
TCL scripting can be used for automating complex tasks.
These IPv6-enabled applications are available in Cisco lOS Software:

• tl'acel'Ollte destillatioll: This command accepts a destination IPv6 address or hostname as
an argulllent and generates IPv6 traftic to report each IPv6 hop that is IIsed to reach a
destination address.
• ping destillatioll: This command is used to send an Internet Control Message Protocol,
version 6. (ICMPv6) echo request to a destinalion. The ICMPv6 echo reply is reported on
the console. Extended ping is also supporled.
These applications can take as argument an IPv6 address or a hostname that \Viii resolve to an
IPv6 address. (Currently, Domain Name System [DNS] AAAA records are supported. but the
A6 record is no!.)
Microsoft Internet Explorer does not currently support the use of literal IPv6 addresses
("literals") as URLs, although IPv6 hostnames do function. Internet Explorer 7 and the current
release ofMozilla Firefox do support literals.
The following prolocols are used in Cisco lOS Software for network management:
• TFTP: Used for sending or receiving files. 1110st often configul'ation settings or software
binaries. Transparently supports I Pv6 addresses. A router can aet as a elient or as a server.
• HTTP: You can use a web browser to connect to a router over IPv6. The configuration
page that is shown in lhe browser windolV \ViII be lhe same as that for web-based
connections made over IPv4. Traftic filtering via ACLs with the http access-c1ass
eOl11l11and is IlOt eurrently supported for IPv6-based I-ITTP and HTTPS connections. An
ACL on the ingress router interface would need to restdct this traftie. The HTTP service
can be disabled for both IPv4 and IPv6 by issuing the 110 ip http sel'vel' command.

• Network Time Protocol (NTP): Used for time synchronization. Correct time can be very
important when comparing logs from different devices and when certificates are used for
authentication. NTPv4 adds SUppOlt for 1Pv6.
• Simple Netwol'k Managemellt Pl'otocol (SNMP): Used for remole managemen! and
repor!ing. Often used rol' status monitoring. SNMP fully suppor!s IPv6 as !ransport
protocol.
• Syslog: Used for sending log messages to a remote host over User Da!agram Protocol
(UDP). Syslog in Cisco lOS Software suppo.ts IPv6 as transport pro!ocol.
Tool Command Langllage (Tcl) is a scripting langllage tha! is implemented in Cisco lOS
Software and can be lIsed for alltomating !asks. It can integra!e with Em bedded Syslog
Manager (ESM), Cisco lOS Embedded Event Manager (EEM), and interactive voice response
(IVR).
3-86 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, tnc.
filM ¡ iZa ¿'dEdil! ¿ . i&U2LUIL 32i ¡ilU~1 i ¿; JiU! ,¡¡¿ IUI UUUJ
Cisco lOS IPv6 Ping and Traceroute
Ping and traceroute support both IPv4 and IPv6.
Irouter# ping [ipv6] 2001:db8:1:1001::f
/
Switch No L~qUired
router' traceroute [ipv6] 2001:db8:1:1001::f
The Cisco ping c01l11l1and is 1l1ultiprotocol-enabled and \Viii send either IPv4 ICMP or IPv6
ICMPv6 1l1essages Ihal are based on Ihe address Ihal is being pinged. The IPv6 behavior oflhe
ping c01l11l1and is 1l1uch Ihe sa1l1e as il is for IPv4.
Tip Ping is an exa1l1ple 01 a dual-stack applicalion. Inslead 01 having a ping c01l11l1and lar IPv4,
and a ping6 c01l1mand lar IPv6. a single ping examines the user input. parses the command
line. and sends packets out over either IPv4 or IPv6.
The tracHoute c01l11l1and is also dual-slacked. In bolh cases, Ihe ipv6 para1l1eler is oplional
and no longer required. The applicalion \Viii delecl Ihe IPv6 address and use Ihe appropriale
prolocol.
© 2010 Cisco Systems, Inc, IPv6 Services 3·87

Cisco lOS IPv6 TFTP Support
TFTP supparts transfers ayer IPv6.
router# copy running-config

tftp://2001:db8:cOl::7/running-config
• TFTP client takes IPv6 address as an argument.
(
Itftp-server nvram:startup-config I
• TFTP server accepts both IPv6 and IPv4 connections.
• No access control is possible lor IPv6 clients .
."'.'
TFTP file download and upload can be done via IPv6. For example, lo save Ihe running
configuration oflhe router lo an IPv6 TFTP server, use this command:
copy I"l1nning-config tftp://2001:db8:cOl::7/running-config
The address ofthe TFTP server, where the configuralion will be saved in a running
configuration file, is 2001 :db8:cO 1::7.
The TFTP server is started with tftp-serverdel'ice;¡i/el/ame. It stmis both IPv4 and IPv6
service. While IPv4 access can be restricted with an ACL. IPv6 access cannol. You need to
configure an ACL, which restricts TFTP UDP packets on an interface.
3·88 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, lne.
.111111111 11 ::: 1111 I 11& E I Ji
Cisco lOS IPv6 HTTP Support
ip http server I
I~p http secure-server
• Enabled IP HTTP Cisco routers will, by default, listen to IPv6

interface addresses on port 80, just as they would for IPv4.
Router(config)#ip http access-class ?

,-_1_-_9_9_A_c_c_e_s_s_l_1_'s_t_n_um_b_e_r_ _ _ _ _ _ _ _ _ _ _ _ _....J
• IPv4 HTTP access-class mechanisms do not work with IPv6 ACLs.
e
~~)
Enabling the HTTP serve,' on a Cisco router \Viii cause that router to listen to port 80 on all
IPv4 and IPv6 addresses. Security can be applied to an IPv4 server via the access-c1ass ACL
cOl11l11and. The access-class ACL cOl11l11and is not currently supported for IPv6 HTTP 01'
HTTPS service, so this cOl11l11and l11ust be secured by applying the appropriate ACLs on the
ingress router interfaces.

• ¡¿¡Ji
Cisco lOS IPv6,NTP Support

S',n(\v'1,\¡..-,..H:_';'" -\:'<,<:..,..,...g" <
NTP supports IPv6 starting with version 4.

• Time synchronization possible over IPv6
• Access restrictions based on IPv6 ACL
• Mullicast capability
• Sto res hostnames in configuration
_. IPv4 resolves hostnames and stores IPv4 address.
- Configuration is still readable by NTPv3.
NTP is designed to time-synchronize a network ofmachines. NTP rllns ayer UDP, which in
tllm rllns ayer IPv4. NTP version 4 (NTPv4) is an extension ofNTP version 3. NTPv4 sllpports
both IPv4 and IPv6 and is backward-compatible with NTPv3.
NTPv4 provides the following capabilities:
• NTPv4 sllpports I Pv6, making NTP time synchronization possible ayer I Pv6.
• Secllrity is better than that ofNTPv3. The NTPv4 protocol provides a whole secllrity
framework that is based on Pllblic key cryptography and standard X509 certificates.
• Using specific multicast groups, NTPv4 can automatically calculate its time-distribution
hierarchy through an entire network. NTPv4 automatically configllres the hierarchy ofthe
servers to achieve the best time accuracy for the lowest bandwidth cosl. This feature
leverages site-locallPv6 multicast addresses.
NTPv4 works in much the same way as does NTP. An NTP network usually gets its time from
un authoritative time sOllrce~ slIch as a radio c10ck 01' an atomic clock that is attached to a time
serve,". NTP then d istributes th is time across the network. NTP is extremely efficient. No more
than one packet per minute is necessary to synchronize two machines to the accuracy ofwithin
a millisecond of each other.
NTP uses the concept of a "stratum" to describe how many NTP "hops" away a machine is
from an authoritative time source. A stratum I time server typically has an authoritative time
source (such as a radio 01' atomic c\ock, 01' a Global Positioning System [GPS] time source)
directly attached. A stratum 2 time server receives its time via NTP from a stratum I time
serve,", and so on.
NTP avoids synchronizing to a machine whose time may not be accurate in two ways. First,
NTP never synchronizes to a machine that is not in tum synchronized itself. Second, NTP
compares the time that is reported by severalmachines and will not synchronize to a machine
whose time is significantly different from the others, even if its stratum is lower. This strategy
effectively builds a self-organizing tree ofNTP servers.
The Cisco illlplelllentation ofNTP does not support stratulll 1 service, In other words, it is 110t
possible lo connecl lo a radio 01' an alomic clock (for some specific plalforms, however, yOll
can connecl to a GPS time-sollrce device),
Iflhe nellVork is isolated fmm the Internet, the Cisco implementation ofNTP allows a machine
to be configllred so that it acls as thollgh it is synchronized via NTP, when it really has
determined Ihe time lIsing other means. Other machines can Ihen synchronize to Ihat machine
via NTP.
A nllmber ofmanllfaclllrers include NTP software for their host systems, and a Pllblicly
available version for systems running UNIX and its variolls derivatives is also available. This
software also allows UNIX-derivative servers lo acqllire the time directly from an atomic clock,
which 1V01lld then propagate time information along to Cisco rOllters.
The commllnications betlVeenmachines rllnning NTP (known as "associations") are lIsllally
statically configllred. Each machine is given the IPv4 01' IPv6 address ofallmachines with
which it shollld form associations. Accurate limekeeping is made possible by exchanging NTP
messages between each pair of machines \Vith an association.
NTPv3 sllpports sending and receiving clock lIpdates using IPv4 broadcast messages. Many
netlVork administrators use this feature to distribute time on LANs with minimum client
configllration. For example, Cisco corporate LANs lIse Ihis feature over IPv4 on local
gateways. End-lIser 1V0rkstations are configllred to listen to NTP broadcast messages and
synchronize their clocks accordingly.
In NTPv4 for IPv6, IPv6 mlllticast messages instead oflPv4 broadcast messages are lIsed to
send and receive clock lIpdates.

Cisco lOS IPv6 NTP Configuration
router(config)#
Intp master [stratum]
• Configures Cisco router as NTP server
router(config)#
Intp server IPv6 host
• Configures Cisco router as NTP client

router(config-if)#
Intp disable [ ip I ipv6 1
• Option to disable IPv4 (or IPv6) NTP per interface
The ntp master command slarls lhe NTP sel"Ver on the Cisco lOS Software router. It allows
NTP to operate over bolh IPv4 and IPv6. To completely disable IPv4 NTP, lhe administrator
needs to disable NTP on every interface wilh the command ntp disable ip. Similarly, il is
possible lO completely disable NTP wilh ntp disable or disable IPv6 NTP support with ntp
disable ipv6.
To synchronize Cisco lOS Software lo an external clock source, you must use the ntp server
commancl. NTPv4 adds DNS support for IPv6. NTPv3 resolves hostnames into IPv4 addresses
at configuration (when the command is parsecl). Then, only the resolved IPv4 address is kept in
memory and stored in NVRAM during NVGEN. The hostname that is given by the user is los!.
UIII =&1111111 1 il && 11il&& I Ilmllll 11 liiillll 111 11&&11 id dllllllllllllllill
Cisco lOS IPv6 SNMP Support
• Cisco lOS Software supports SNMP over IPv6.

- SNMP queries
..... SNMP traps
• Access control is possible with IPv6 ACLs. I
, Two MIBs now include IPv6 information:
-·IP-MIB
_. IP-FORWARD-MIB
• In older Cisco lOS Software releases, loo k for:
- CISCO-IETF-IP-MIB
.... CISCO-IETF-IP-FORWARDING-MIB
;"" ..
Cisco has long supported IP-MIB and IP-FORWARD-MIB inlPv4. CISCO-IETF-IP-MIB and
CISCO-IETF-IP-FORWARDING-MIB are IPv6 MlBs tllat are defined as being protocol-
independent, but are implemented only for IPv6 objects and tables. In Cisco lOS Release
12.2(33)SRC, IP-MIB and IP-FORWARD-MIB were updated to RFC 4293 and RFC 4292
standards, as follows:
• The upgrade is backward-compatible; aIlIP-MIB and IP-FORWARD-MIB objects and
tables still appear.
• IP-MIB and IP-FORWARD-MIB include new IPv6-only, IPv4-only, and protocol-version
independent (PYI) objects and lables. However, IPv6 only SUppOltS IPv6 and the new IPv6
part ofllle PYI objects and tables in these MlBs.
CISCO-IETF-IP-MIB and CISCO-IETF-IP-FORWARDING-MIB llave been removed from

Cisco lOS Release 12.2(33)SRC. Information in tllese MlBs is now inc\uded in these new
MlBs: IP-MIB and IP-FORWARD-MIB.

Cisco 105 IPv6 Syslog Support
router(config) '
r logging host ipv6 <host~ame or ipv6 address>
• Cisco lOS Software supports syslog over IPv6.
t
When configuring a logging server, lhe ipv6 keyword is
required .
5 \ ~ \ tI~ s,Q'-.)i..,,,,,
1\ •
u,,""'\- \''y')'
\>
"' .
The Cisco lOS syslem message logging (syslog) process in IPv6 allolYs users lo log syslog
messages to external syslog servers and hosts with IPv6 addresses. This implementation allolYs
lhe user lo specify an IPv4-based logging host (syslog server) by providing Ihe 11' address of
Ihe host in II'v4 format (for example, 192.168.0.0). The user can al so specify IPv6-based
logging by specifying an iJlv6 para meter Ihat is followed by Ihe hosl 11' address in IPv6 formal
(For example, ipv6 2001 :ODB8 :AOO: 1:: 1/64).
Cisco lOS IPv6 TCL Support
• TCL is a scripling language supported in Cisco lOS Software.

• Allows nelwork adminislralor lo perform complex lasks.
• Supporls clienl and server IPv6 sockels.
u
\ \ ( \ \ ~ ) .. ~ "U' ( .~:..,C!>~~.,
SCI''f1- Q",,~" Q'j<t \."" c.~.~· So ( " 0'1 Co·_"~ ~ --:>
C6.\, \ 1"""'- -?c \~., c'ó."f \~--.l\
u
u
u
u The Cisco lOS Seripling with TC L feature provides Ihe abilily to run Tel version 8.3.4
eommands from lhe Cisco lOS command-line interface (CLI).
u Severalmelhods have been developed for creating and nJnning Tc1 scripls wilhin Cisco lOS
Software. A Tel shell can be enabled, and Tel cOlllmands can be enlered line by line. After Ihe
Tcl eommands are enlered, Ihey are senl lo a Tcl inlerpreler. Iflhe eommands are reeognized as
u val id Tc1 eommands, Ihe eommands are execuled and Ihe resulls are senl lo lhe tty device. Ifa
eommand is nol a recognized Tcl cOlllmand, it is senl lo lhe Cisco lOS CLI parser. Iflhe
eommand is nol a TcI or Cisco lOS command , Iwo error messages are displayed. A predetined
Tcl scripl can be crealed oulside ofCiseo lOS Sothvare. lransferred lO flash or di sk memory,
and run wilhin Cisco lOS Software. II is also possible lo ereale a TcI seripl and precompile Ihe
code before running it under Cisco lOS Software.
u Soekels lhal are crealed using lhe socket command SUppOlt bolh IPv4 and IPv6. UDP soekels,
if supporled, can be opened using udp_open wilh an -ipv6 parameter.
u

IPv6 Support for Cisco Discovery Protocol
This topic describes IPv6 sllpport for Cisco Discovery Protocol on Cisco devices.
a
li&i i
IPv6 Support for Cisco Discovery
Protocol
Cisco Discovery Prolocol:

• Used lo discover prolocol addresses and plallorm inlormalion
01 neighboring devices
• Runs on all Cisco devices (roulers, swilches, and so on)
Cisco Discovery Prolocol IPv6 support:
• Adds IPv6 address and address-lype inlormation
Cisco Discovery Protocol is cOl11l11only lIsed to discover lhe protocol addresses of neighboring
devices and Ihe platforl11 oflhose devices. Cisco Discovery Protocol is protocol-independent
and sllpports IPv6 address and address-Iype infonnation.
i LIt .11 111
&iJi ¿¡¡¡¡¡JlIIJliZ.li L&i1iiL m
Cisco lOS Cisco Discovery Protocol
show Commands
These commands display the IPv6 address of the

neighbor:
router#
show cdp entry {* I device-name[*]} [version] [protocol)
show cdp neighbors [type number] [detail] /
~.
~{)~ ><,~, CC\pc\ 1.
The show cdp cntry and show cdp neighbors commands display the IPv6 address configured
on the neighbor device.
l1li1 ;alll I ¿¡:a Ilml2u:a 11 111111112 1M
Cisco lOS Cisco Discovery Protocol show
Command Example
routerB' sho'd cdp neighbors detall
Device ID: routerC

Entryaddress(es):
IPv6 address: FE80::208:A3FF:FBAE:3B81 (link-local)
IPv6 address: FECO::2 (site-Iocal)
Platform: cisco 2621, capabilities: Router switch
Interface: FastEthernetO/l, Port ID (outgoing port.):
FastEthernetO/l
Holdtime : 169 sea
This example demonstrates the output ofthe show cdp neighbors detail command. Note that
the neighbor device, routere, has two IPv6 addresses configured on its interface.

Cisco Express Forwarding IPv6
This topic describes Cisco Express Forwarding in IPv6.
,&a
Cisco Express Forwarding IPv6
Similarities between Cisco Express Forwarding, v6,

and Cisco Express Forwarding, v4:
• Rapid packet lorwarding on interfaces
• Behavior 01 commands
Cisco Express Forwarding is a Layer 3 switching technology tha! is designed for routers. It uses
a Illethod that optilllizes route lookups to achieve vely fas! traffic forwarding. Cisco Express
Forwarding uses two tables to store the inforlllation that is needed for l"Outing: the Forwarding
Inforlllation Base (FIB) and the adjacency table.
The behavior ofCisco Express Forwarding version 6 is the sallle as that ofCisco Express
Forwarding version 4. There are new configuration cOl11lllands for Cisco Express Forwarding
version 6 and COlll1110n cOl11l11ands for both Cisco Express Forwarding, version 6, and Cisco
Express Forwarding, version 4.
3-98 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems. Inc.
J
Enabli ng Cisco Express Forwarding, v6, and
distri buted Cisco Express Forwarding, v6
Cisco Express Forwarding is adapted to support IPv6:

• Cisco Express Forwarding, v6, uses a subse! 01 !he Cisco Express
FOlWarding,v4,commands.
router(config> ,
I [no] ipv6 cef
• Enables central Cisco Express Forwarding 1110de. The ip cef command
mus! be enabled lirsl.
router(config>I
I (no] ipv6 cef distributed
• Enables dis!ributed Cisco Express Forwarding mode (7500, GSR). The ip
cef distributed command must be enabled first.
rout.er(config)#
(no] ipv6 cef accounting [per-prefix] [prefix-length]
• Configures per-prefix or prefix-Iength accounting.
u There are !IVO Cisco Express ForlVarding 1110des:

• Central Cisco Express Forwarding.lllD1le.:_The route processor 111anages Cisco Express
u ForlVarding and adjacency tables. Cisco Express ForlVarding 1110de is supported on Cisco
Router Series 1700 to 7500.
• Distributed Cisco Express Fonvarding rood e' Distributed Cisco Express Forwarding is
u used on Versatile Interface Processor (VIP) and gigabit switch router (GSR) line cards. It
perfor111s the express forlVarding of packets between port adapters and uses interprocess
c0111111unication (IPC) to synchronize the Cisco Express ForlVarding FIB and adjacency
tables between router processor and line cards. This 1110de is sllppOlted on Cisco ROllter
Series 7500 and 12000(GSR).
The ip\'6 cef c0111111and enables the central Cisco Express ForlVarding. version 6, Illode.
HOlVever, IPv4 Cisco Express Forwarding must first be enabled lIsing the ip cef c0I11111and.
Similarly, IPv4 distribllted Cisco Express Forwarding llluSt be enabled before distributed Cisco
Express Forwarding, version 6.
.r:- \. sw'\.'''"' . - <f0'\V'\.-. o ~ ,~\-- ( ~
~o.,
u
u
u
u
© 2010 Cisco Systems, [ne. IPv6 Services 3-99

ili 22 Ui
Cisco lOS show Cornrnands tor Cisco Express
Forwarding, v6, and disíributed Cisco Express
Forwarding, v4
Some of the show commands available for both
Cisco Express Forwarding, v6, and Cisco Express
Forwarding, v4:
router#
Ishow cef drop
show cef interface [detail] [statistics] interface
show cef linecard [detail] [internal] slot
IShOw cef not-cef-switched
The table shows cOl11l11on show cOl11l11ands for distributed Cisco Express Forwarding, version
4. and Cisco Express Forwarding. version 6.
..
Command .'
Description .' .
show cef drop Shows counters 01 IPv6 and IPv4 packets dropped
show cef interface [detail] Shows CEF interface status and conliguration
[statistics] interface
show cef linecard [detail] Shows Cisco Express Forwarding inlormation that is
[internal] slot related to line cards
show cef not-cef-switched Shows counters 01 IPv6 and IPv4 packets that are
passed on to the next switching layer
II1II :¡¡ 1 I 11_ I 11 t 11 l a " 2ii IJ 111 ii21i ¿ jJ 11
Cisco lOS IPv6 debug Commands for Cisco
Express Forwarding, v6
Some of the debug commands for Cisco Express

Forwarding, v6 :
routerit
Idebug ipv6 cef drops
Idebug ipv6 cef events
Idebug ipv6 cef hash
Idebug ipv6 cef receive
Idebug ipv6 cef table
",. "., '<"". _.

,,-.-~~ "~
'''''''.'
SOl11e ofthe debllg c0l111113nds that are used for Cisco Express Forwarding, version 6, are
shown in the table.
.
Command .•.•..... ; ' .
. ...
Description
. .
..
.';;
. '. .' .....•...; ....•...
.;
". ....... .'
...•..
.c
debug ipv6 cef drops Debugs packets that are dropped by IPv6 Cisco Express Forwarding
switching
debug ipv6 cef Debugs control plane events lar IPv6 Cisco Express Forwarding
events
debug ipv6 cef hash Debugs load-balancing hash setup events lar Cisco Express
Forwarding. version 6
debug ipv6 cef Debugs packets that are passed to IPv6 process-Ievel switching
receive
debug ipv6 cef table Debugs IPv6 Cisco Express Forwarding table 1110difrcation events

IP Service Level Agreements
This topic describes the Cisco lOS 11' SLA functionality whenusing Il'v6.
• di
IP Service Level Agreements
• The IP SLA software can be used as a performance tracking

tool.
• Active monitoring 01 network inlrastructure:
- Monitors connectivity and throughput
- Monitors availability 01 network services (that is, web, etc.)
• Monitoring capabilities include:
_. Monitoring network delay and packet loss
- Monitoring network latency and jitter
- Checking conlormity with service provider Service Level
Agreements
• Available lor both IPv4 and IPv6 (currently not all probes are
available lor IPv6).
Cisco lOS 11' SLAs is a part ofthe Cisco lOS Software, which allows customers to analyze 11'
service levels for 11' applications and services, to increase productivity aud to reduce the
frequency of network outages.
Cisco lOS 11' SLA uses active traffic monitoring - the generation oftraffic in a continuous,
reliable, and predictable manner- to meaSllre network performance. Using Cisco lOS 11' SLA,
customers can verify service levels, and verify internal and olltsourced service level
agreements, and lInderstand network performance.
Cisco lOS 11' SLAs can perform network assessments, verify qllality of service (QoS), ease the
deployment of new services, and assist administrators with network trollbleshooting.
Cisco lOS 11' SLAs can be accessed lIsiug the Cisco lOS command-line interface 01' SNMI'
through the Cisco Round-Trip Time Monitor (RTTMON) and Syslog management information
bases (MIBs).
Note Cisco lOS IP SLAs originated ¡rom the technology previously known as Service Assurance
Agent (SAA), or Response Time Reporter (RTR).
lItaii 1 III ffi iilllllil2iii 111111 2i Ii lIli 1I!12l 111111I 11
IP SLA Key Components
• The IP SLA architeclure consisls of an IP SLA Source and an

IP SLA Target.
• A pro be is configured on the source, checking conneclivity
from the source lo Ihe larget.
• Target device can be a rouler with an IP SLA responder, or
...
an IPv6 endpoint.
ICMP Echo operation
.. ••.•--.-. ----o_o, tIIilD IPSLA
IPSLA ,
,/:::::::.,.".,.........
........
Responder
Probes "
TCP Connee! operation
Cisco lOS IP SLA sends data across the network to measure performance between multiple
network locations or across multiple network paths. It simulates network data and IP services,
and collects network performance information in real time. The information collected includes
data about response time, one-way latency,jitter (inter-packet delay variance), packet loss,
voice quality scoring, network resource availability, application performance, and server
response time.
Cisco lOS IP SLA perfonns active monitoring by generating and analyzing traffic to measure
performance either belween Cisco lOS devices or from a Cisco lOS device to a remote Ir
device such as a network application server. Measuremenl slatistics provided by Ihe variolls
Cisco lOS IP SLA operations can be lIsed for trollbleshooting, for problem analysis, and for
designing network lopologies.
Cisco lOS IP SLA starls when the Cisco lOS IP SLA device semis a generaled packet lO the
destination device. Afler Ihe destination device receives Ihe packet. and depending on Ihe type
ofCisco lOS Ir SLA operalion, lhe device \Viii respond wilh time-slamp information for Ihe
source to make Ihe calculation on performance metrics. A Cisco lOS Ir SLA operalion
performs a network measlIrement from lhe source device lo a destinalion in the network lIsing a
specific prolocol sllch as UDr.

L 2 ¡Mm
Configuring IP SLA
Router(config)i
I ip sla number
• Creates an IP SLA probe with a number and enters IP SLA

configuration mode.
router(config-ip-sla).
udp-jitter
udp-echo
icmp-echo
tcp-connect
• Available probes for IPv6.

router(config)'
show ip sla schedule number [life {forever I seconds}]
[start-time {hh,mm[,ss] [month day I day month] I pending
I now I after hl¡,mm,ss}] [ageout seconds] [recurringll
• Schedules an IP SLA probe on the router.
IP SLA is configured by creating an IP SLA probe on the source device, and by scheduling that
probe to run at desired time.
The currently available probes of IP SLA that can be used for IPv6 are udp-jitter, udp-echo,
icmp-echo. and tcp-conncct. See the table for a description of functionality of these probes:
IP SLA Operation Measurements Key Moni!oring Application
UDP JiUer Measures round-trip delay, one-way

delay, one-way jitter, one-way packet
• Voice and data network
performance
loss, and connectivity testing 01
networks that carry UDP traffic, su eh • General IP performance
as voice. No!e: This is the mas! commonly
used Cisco lOS IP SLAs
No!e: One-way delay requires time operation.
synchronization between source and
target routers.
UDP Echo Measures round-trip delay of UDP

traffic.
• Server and IP application
performance
• Connectivity testing
ICMP Echo Measures round-trip delay for the full

path.
• IP performance
• Connectivity measurement
TCP Conneel Measures the time taken to conneel to

a target device with TCP.
• Server and application
performance
To schedule an IP SLA probe, use Ihe ip sla schedule command.
No!e The probe will slart lunctioning after the IP SLA responder process has been started on the
destination router.
m 11111 t I 1lU1. 1111 J _Ub!Ji 111III 22d a
Configuring IP SLA (Cont.)

router(config-ip-sla-echo)'
flow-label Flow Label Identifier
traffic-class Traffic Class
• Available IPv6-relaled options.
router(config)#
lip sla responder
• Configures IP SLA responder process on Ihe responder router.
When conJlgul"Íng probe options, you can set an IPv6 flo\V label 01' an IPv6 traffic c1ass for the
packets ofthe pro be. Flow labels allow for easy identiJlcation of IPv6 packets, and traffic c1ass
allows the probe packets to be high priorily, not lo be dropped during congestiono
On Ihe responder router, only one commalld is Ilecessary to enable IP SLA responder.

E E
•
Monitoring IP SLA
router#
IShOW ip sla configuration
• Displays configured IP SLA probes.

router#
IShOW ip sla statistics
• Displays statistics about configured IP SLA probes.

router#
IShOW ip sla responder
• Displays IP SLA information and statistics on the responder router.
The command sho,," ip sla configllration displays configuration values for alllP SLA
operations or for a specific operation. The oulput includes all defaults.
To display lhe currenl operational status and statistics of all IP SLA operations or for a specific
operation, use the cOl11mand sho,," ip sla statistics.
On the IP SLA responder router, use lhe command show ip sla responder lo display
informalion about lhe IP SLA responder.
Note On Ciseo lOS versions before 12.4(4)T and 12.2(33)S, eommands show ip sla monitor
statistics and show ip sla monitor configuration are used ¡nstead of show ip sla
statisties and show ip sla configuration. Newer versions ami! !he keyword monitor.
Note Previously, IP SLA was known as IP SM (Serviee Assuranee Agent) and RTR (Response
Time Reporter).
1111112 22 L111 h i2111ii2 di i i &111&11 I 11==
IP SLA Sample Configuration
• An IP SLA probe is configured on the SLA source device .

• Enable the responder on the IP SLA responding device.
IP SLA Responder
ip sla 99
!cmp-echo 20011100::2 source-interfnce Loopbackl
flow-label 100
frequcncy 30
ip sla schedule 99 life forever start-time now
ip sla 101
tcp-connect 2001:100:12 10001
traffle-class 46
flow-label 101
This is a sample configuration oflP SLA ifconfigured using the command line. On the IP SLA
source device, the probe must be configured, while on the SLA responder device, only the
responder must be enabled.
When IP SLA sends the packets, it uses a timestamp to determine when the packet has been
sent and how much time the packet needed to travel across the networks. Based on this
infol'lllation, SLA statistics can be calculated.
The example shows icmp-echo and tcp-connect probes configured on the IP SLA source
clevice. The target device in this case can be either an SLA responder, or a target end device
responding to ICMP echo packets, 01' TCr initiated connections.
Note IP SLA is most often used as in-band monitoring. IP SLA packets are intermixed with actual
data tralfic, sharing bandwidth with the production tralfic. Thus, if production traffic sulfers
from packet loss, long delay or jitter, IP SLA packets will be affected, too. Such packet loss
will be visible when examining the IP SLA probe results.

1M2
Sample IP SLA Output

• Use Ihe show ip sla statistics command lo display statistics
aboul currently active IP SLA probes.
R1'show ip sla statistics
IPSLAs Latest Operation statistics
IPSLA operatlon id: 99

Type of operation: icmp-echo
Latest RTT: 4 mil1iseconds
Latest operation start time: *12:53:01.218 UTC Fri Hay 14 2010
Latest operation return code: OK
Number of successes: 40
Number of failures: O
Operation time to 1ive: Forever
IPSLA operation id: 101

Type of operation: tcp-connect
Latest RTT: 4 mi1liseconds
Latest operation start time: *12:53:11.750 UTC Fri Hay 14 2010
Latest operation return cede: OK
Number of successes: 12
Number of fai1ures: O
operatien time te 1ive: Forever
The show ip sta statistics displays you the statistics values about all (or a specific) IP SLA
probes running on the muter. Here you can read the delay, packet loss values, etc. AII this data
is also obtainable from Ihe MIB, using management software that correctly interprets the data
received by the Cisco RTT-MON MIB.
The example shows a printout with t\Vo probes running on the muter, the IP SLA ¡crup-echo
and tcp-connect probes. The oulput corresponds lo Ihe following configuration:
ip sla 99
icmp-echo 2001:100::2 source-interface Loopback1
flow-label 100
frequency 30
ip sla 101
tcp-connect 2001:100::2 10001
traffic-class 46
flow-label 101
3-108 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 O Cisco Systems, Inc.
Sample IP SLA Output (Cont.)
• Use the debug ip sla trace command on the responder.
• Relevant debug ip sla commands: error, trace.
RUdobug ip sla. trace

*May 14 13:12:13.490: Ver: 1 ID: 31 Len: 68
*May 14 13:12:13.490: crnd: command: RTT_CMD_TCPV6_CONN_ENABLE, ip:
2001:100::2, port: 10001, duration: 5000
*May 14 13:12:13.490: cmd: command: RTT_CMD_AUTH
*May 14 13:12:13.494: IP SLAs hash insert : 2001:100::2 10001
index=40
*May 14 13:12:13.494: IP SLAs RESP: starting expTimer 8nd basbTimer,
duration ". 5000
*May 14 13:12:13.494: rtt-process_v6_ctrl_msg: Remote client
address: 2001:1::C800:3AFF:FEB6IB, Local Address: 2001:100::2,
length 68
*May 14 13:12:13.506: cleaning up port (2001:100::2,10001)
*May 14 13:12:13.506: IP SLAs hash rernovel 2001:100::2 10001
These are SOllle debug cOllllllands used for IP SLA:
• error Output IP SLA Error Messages

• ethernet-monitor Output of IP SLAs Auto Ethernet Illessages
• mpls-Isp-monitor Output oflP SLAs MPLSLM Illessages
• trace Output IP SLAs Trace Messages

Surnrnary
This topie sllmmarizes the primary points tha! are disellssed in this lesson .
• ¡¡S2
Summary
• Cisco routers are able to use SSH, Telnet, and HTTP over
IPv6 transport, making control connections without an IPv4
management network.
• TFTP, traceroute, ping, and Cisco Discovery Protocol also
support IPv6, aliowing those standard network management
and debugging tools to be used.
• Cisco Discovery Protocol supports IPv6 information.
• Cisco Express Forwarding and distributed Cisco Express
Forwarding perform the same functions for IPv6 traffic
handling as for IPv4. Cisco Express Forwarding and
distributed Cisco Express Forwarding are available on
selected Cisco devices.
• IP SLA is used to monitor link parameters and router
reachability. The configuration consists of an IP SLA probe
and an IP SLA responder on the peer device.
References
For additional information, refer to these resollrees:
• llllplelllellting lPv6jiJr Ne/work Managemellt at

h tlp :llwww.eiseo.com/en/U SIdoes/ios/i pv6/eonfigllrationlgll ide/i p6-
mng_apps.html#wp 1055475
• Cisco lOS lP SLAs Fea/l/res Roadlllap at
Ilttp :llwww.eiseo.eoln/en/US/docs/ios/ipsla/eonfigllrationlgll ide/sla_\'Oad m ap. h!ml
Module Summary
This topie summarizes the key points that were discussed in this module.
al bii&i Si JESi;;
Module Summary
• Network mobility will be lar more common as IPv6 adoption

increases.
• Successlul implementation 01 DNS on IPv6 is critical beca use
most Internet services rely on DNS to work. 1I DNS lails.
websites cannot be located and email delivery stalls.
• Autoconfiguration capability is one 01 the benelits 01 IPv6.
• Understanding the support mechanisms lor enabling QoS in
IPv6 aids in developing effective QoS schemes lor IPv6-
enabled networks.
• Cisco supports many tools and applications to manage and
troubleshoot a network. These tools and applications have
been modified to maintain this capability lor IPv6-enabled
networks.

Module Self-Check
Use the questions here to review what you learned in this module. The eorreet answers and
solutions are found in the Module Self-eheek Answer Key.
Q 1) MIPv4 normally requires the serviees of a deviee on the network that the mobile node
is visiting (when away from home). This device has been eliminated in MIPv6. What is
that device ealled in MIPv4? (Source: Describing IPv6 Mobility)
A) foreign router
B) visiting agent
C) foreign actor
D) foreign agent
Q2) MIPv4 mobile nodes. when exchanging traffic with a correspondent node, sometimes
send packets that are sourced t¡'om the home network out through the foreign
agent. What is one potential problem with this process? (Source: Describing IPv6
Mobility)
A) Based on IPv4 ingress-tiltering rules, an upstream router from the foreign
agent wi 11 drop the packet.
B) The correspondent node willnot trust that the packet is truly from the mobile
nade if the packet does not appear to originate from the topologically correct
location on the Internet.
e) Using IPv4 ingress filtering, the home agent will drop the mobile node packet
as being topologically incorrect.
D) The correspondent nade willnot accept a MIPv4 packet that is not addressed to
its care-of address.
Q3) What does MIPv6 "triangle routing" refer to? (Source: Describing DNS in an IPv6
Environment)
A) the optimized routing path that traffie takes after the mobile node-
correspondent node path has been optim ized
B) the inefficient path that traffic takes between the mobile node-home agent-
foreign agent-correspondent node components
e) the ineflkicnt path that traffie takes from the mobile node to the correspondent
nade over a home agent, before the path is being optimized, 01' for the whole
duration ofthe session ifthe correspondent node does not suppOli MIPv6
D) the inefficient path that traffic takes between the mobile node to the
correspondent node over both the home agent and the foreign agent

Q4) MIPv6 supports the ability ofthe mobile node and the correspondent mode to optimize
the path that traffic takes, which eliminates routing the packet through the home
agen!. Why does ingress filtering not drop these packets? (Source: Describing DNS in
an IPv6 Environment)
A) Packets are tunneled from the mobile node to the correspondent node, IPv6-in-
IPv6, where the outer IPv6 tunnel packet has a topologicalIy correct address.
B) Packets are sent from the CoA, which is topologically correc!. The
correspondent node accepts the packets as being from the mobile node because
ofinforlnation that is passed to the correspondent mode in the 1110bile node-
correspondent node bootstrapping phase l process.
C) A requirement ofMIPv6 deployments is that all routers in the path between the
1110bile node and correspondent node disable ingress filtering, so that packets
marked as MIPv6 are never dropped for having a topologicalIy incorrect source
address.
D) Packets are sent from the mobile node to the correspondent node using the
Home Address Option (HAO), which is placed in the Destination Options
extension header, so that the SOlll'ce address of the packet is topologicalIy
correc!. It is the mobile node CoA.
Q5) What does using Network Mobility (NEMO) allow? (Solll'ce: Understanding DHCPv6
Operations)
A) a single /64 subnet to use the service of a mobile router, even though the nodes
on the /64 remain stationary
B) a collection ofnetworks, or a single subnet, to be mobile as a group behind a
mobile router, in which the nodes and the mobile router move together and
altach to the larger network at arbitrary locations
C) a mobile network to use IPv4 as a transpolt provider while the IPv6 network
moves around the public Internet. or other IPv4-only network, attaching at
different points and receiving a topologicalIy correct local IPv4 address
D) mobile networks to self-organize into supernets and enable route
summarization, improving the scalability for mobile networks
Q6) What are two ofthe characteristics ofMANET networks? (Choose two.) (Source:
Understanding DHCPv6 Operations)
A) lo\V power, wireless connectivity
B) constantly changing topology
C) fixecI infrastructure components
D) wired connectivity between the fixed APs and switched infrastructure
Q7) What are the header fields used for QoS that are functionalIy similar in IPv4 and IPv6
calIed? (Solll'ce: Understanding QoS Support in an IPv6 Environment)
A) Type of Service, Flow Label
B) Type ofSetting, Traffic Setting
C) Type of Setting, Traffic Class
O) Type of Service, Traffic Class
3-114 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc,
Q8) The Flow Label field in IPv6 is immlltable. What does "immlltable" mean? (Sollrce:
Understanding QoS SlIpport in an IPv6 Environment)
A) The nolV label is selected by the SOllrce nade and mllst be delivered intact to
the destination nade.
B) The flolV label is selected by Ihe sOlll'ce nade and is eligible for rewriting by
intermediate devices.
C) The now label has no intrinsic meaning. so low vallles 01' high vallles ofthe
20-bit field convey no priority information.
D) The nolV labelmeaning is absolllte. and always lakes priority over other QoS
mechanisms.
Q9) How does Cisco lOS Software sllpport Telnet for IPv6? (Sollrce: Using Cisco lOS
Software Featllres)
A) incIlIdes a mllltiprotocol implementation ofTelnet. so it listens for IPv4 and
IPv6 connections
B) sllpports IPv4 and IPv6 separately via t\Vo enabling commands (tclnct cnablc
and ipv6 tclnct enable)
C) sllpports IPv4 a11(IIPv6 via a single applicalion. bllt does allow yOll to
selectively disallow IPv6 Telnet connections via the no ipv6 tclnet command
D) listens for IPv4 and IPv6 Telnet connections via the enable telnet all
cOllll1land
Q I O) How does Cisco Discovery Protocol sllpport IPv6? (Sollrce: Using Cisco lOS Software
Featllres)
A) Cisco Discovery Protocol rllns over IPv6. in addition to IPv4. as a
configllration-Ievel setting.
B) Cisco Discovery Protocol has been ported to IPv6 only. a11(1 regardless ofthe
protocols that are lIsed on the data plane. Cisco rOllters willllse IPv6 on the
control plane for management fllnctions sllch as Cisco Discovery Protoco!.
C) Cisco Discovery Protocol provides IPv6 information. in addition to IPv4
information, when reporting on Cisco device neighbors that are discovered via
Cisco Discovery Protoco!.
D) Cisco Discovery Protocolmaintains the IPv6 neighbor cache data strllctlll'es
and lIses them to find Cisco Discovery Protocol neighbors.
QII) What does Cisco Express ForlVarding provide as a Cisco featlll'e? (Solll'ce: Using Cisco
lOS Software Featlll'es)
A) rapid packet forwarding for IPv4 and IPv6
B) rapid packet forwarding on Cisco 12000 Series ROllters only
C) rapid /Jacket forlVarding sollltion for IPv6 and IPv4 FastPacket forwarding that
is handled by distribllted Cisco Express Forwarding
D) rapid packet forwarding in Cisco low-end rollters via cllstomer ASICS

QI) D
Q2) A
/~~
Q3) e
Q4) D
Q5) B
Q6) A,1l
Q7) D
Q8) A
Q9) A
QIO) e
QII) A
3-116 IPv6 Fundamenlals, Oesign, and Oeployment (IP6FO) v3,0 © 2010 Cisco Systems, Inc,
Module 41
IPv6-Enabled Routing
Protocols
Overview
Routing protocols must support IP version 6 (IPv6) to facilitate the successful transpolt and
operations oflPv6-generated traftic. This module describes the changes thatyou mus! make to
routing protocols to accommodate I Pv6 and how you must change your network environment
to support IPv6 operations.
Module Objectives
Upon completing this module, you will be able to understand the updates to IP version 4 (IPv4)
routing protocols needed to support IPv6 topologies. This ability includes being able to meet
these objectives:
• Describe RIPng, including operations, configllrations, and commands
• Describe OSPFv3 and the IPv6-capable version ofthe OSPF rOllting protocol, including its
operatiol1s, configuratioll, alld cOl11l11ands
• Describe IS-IS protocol, inclllding concepts. operations, configurations, and commands
• Describe Cisco EIGRP. inchlding operations, configllration, and commands
• Describe MP-BGP, including operations, configurations, and commands
Lesson 1\
Routing with RIPng

Overview
Routing Information Protocol (RIP) is an industry stal\Vart, serving the routing protocolneeds
of smaller networks. Although the use of RIP has dim inished over the years, the protocol has
been updated to SUppOlt IPv6 networks. This lesson describes Routing Information Protocol
next generation (RIPng}-the IP version 6 (lPv6)-capable version ofRIP-including its
operatiolls, configuration, and c01l1mands.
Objectives
Upon completing this lesson, you \ViII be able to describe RIPng and configure it on Cisco
routers. This ability ineludes being able to mee! these objectives:
• Describe how RI Png is supported in IPv6
• Describe the enhancements made to RIPng to support IPv6
• Configure RIPng on Cisco routers
Introducing RIPng for IPv6
This topic describes holV RIPng is supported in IPv6.
Introducing RIPng for IPv6
RIPng has the same main features as RIP for IPv4:

• Distance vector routing protocol
• Maximum radius 01 15 hops ,/
• Routing loop prevention using split horizon and poison ._~
reverse
• Uses UDP port 521 for communication
• Periodic routing updates and same timer values \'Ie\ '~''"' ) " '<) -:!s '). ",\ ...\,,,- " ,\-a.) . r
• Derived from RIPv2, but not compatible due to IPv6-specific
messages
The core features of RIPng are the same as the features in Routing Information Protocol version
2 (RIPv2). RIPng remains a distance vector routing protocol with a maximum radius of 15
hops, and it uses split horizon and poison reverse to prevent routing loops in the RIPng
env irolll11ent.
RIPng uses native IP version 6 (IPv6) packets for transpOlting rouling updales, using a lVell-
knolVn mullicast address and a User Datagram Protocol (UDP) session. It is nol direclly
compatible lVith RIPv2, because it uses a different update message format lO be able to
exchange I Pv6 routes.
Note RIPng lar IPv6 is delined in RFC 2080.
e
u
u Introducing RIPng for IPv6 (Cont.)
u Updated RIPng Features for IPv6

• Able to carry IPv6 prefixes, next-hop IPv6 link-local address,
next-hop interface. ~
• Uses the all-RIP-routers multicast grollp FF02::9 ,
as the destination address for RIP updates.
u • Uses IPv6 for transpor!.

• Enabled per-interface, not per-network:
..... Enabled and used on the interface.
u _. The network command deprecated.
• Several instances allowed on the router (up to four).
u
u
u RlPng llpdates RIP to Sllpport IPv6 in these ways:
• IPv6 is used to transport RIPng updates.
u • The IPv6 l11ulticast address, FF02::9, is used by routers to exchange ~IP update~ .
u
•
•
global address. --
RIPng uses the link-local address ofthe next-hop interface in its routing table, instead ofa
RIPng is enabled on a per-interface basis, rather than per-network as in RIPv2.
Tip RIPng is used mostly far labs and small businesses. The restrictions on the maximum
nelwork diameler, the simple melrics (hop counl), and Ihe lenglh of time for convergence in
any larger nelwork make il less suitable for large produclion uses. Slill, RIPng is a simple
rouling protocol for small environmenls and is excellenl for learning aboul rouling operalions
beca use il is simple and slraightfarward lo configure. RIPng has been standardized for IPv6
since January 1997.
© 2010 Cisco Systems, Ine. IPv6~Enabled Routing Protocols 4-5

Examining RIPng Enhancements
This topic describes the enhancements made to RIPng to support IPv6, such as the ability to
announce a default route, mute redistribution capabilities, and multipathing.
lID fiEL
RIPng Default Route

• RIP is able to originate a default mute out of a given
interface.
• As a routing loop prevention mechanism, RIP ignores all
default routes received on any interface.
• Options for default route origination:
- Originate only the default route and suppress all other
routes.
- Originate "::10" in addition to other routes.
Q."\., \),\=~~\\-~
RIPng Default Route Announcement

RIPng can announce a default mute out ofa given interface on the router.
RIPng includes a few enhancements to accommodate IPv6 networks. However, the main
principies offunctioning rema in identical to RIPv2 for 11' version 4 (IPv4) networks. These
include mute filtering, redistribution, default mute origination, and so on.
RIP is most ofien used to originate a default mute on the network edge device. For small
(branch) networks, such a setup is adequate. In addition to the default route, nothing el se is
needed, and the muter can be configured to suppress all other mutes and to announce only the
default mute.
For larger branch networks, 01' when the brancJ! is multihomed to two distinct network hubs, a
default mute can be announced from both branch routers, with more specific mutes that allow
brancJ! neighbor muters to select an optimal exit point towards the correct hubo
Routing is performed on the longest match (the same as IPv4 muting), so a more specil1c mute
to a given subnet always takes preceden ce over the "::/0."
As a muting loop prevention mechanism, RIPng does not originate a default mute on those
interfaces where it receives a default mute ti'om other muters.
RIPng Route Redistribution Capabilities
RIPng is able to redistribute routing inforlllation with other IPv6 routing protocols.

(Cont.)
RIPng Route Redistribution

• When redistributing RIP rautes:
Ir l,
J - 16 is the Illaximum metric, which rauters treat as
unreachable. 12~~ ,,1:,
- Even il a raute has a local metric~, the neighbor CGP 16'U , OJPP,
u rauter will add 1 as the interface cost upon receiving the
raute and treat the raute as unreachable (16).
- Unreachable rautes are not installed in the rauting t~le, \
"~'Co\ ~ \:-DG
u (RIB).
• Route tags can be applied to rautes at redistribution:
- Allows lar raute liltering on other rauters in the network.
- Allows raute "marking" (e.g. , redistributed rautes) on the
local rauter, since RIP has only hop-count as a metric. \>G ~ ",,1
.- Tag is stored in the rauting table and sent by RIP by ~(Jf~'<"\~o'\..)
delaul!. Vl
c<.f
':')
"" . ,,~~., .. Be..;'
Route redistribution cad e has been modified to accomlllodate IPv6 routes. Route redistribution
is used lo inject l"Outers from one l"Outing protocol into another routing protocol.
u Since RIP is mainly used on branch l"Outers, the usual redi stribution will be from Border
Gateway Protocol (BGP) into RIP, for the routes from other sites, and from static into RIP for
u loca I routes.
Manual metric setting is required for redi stribution into RIP. By default, RIP will assign the
u maximum metric to the redi stributed route (16), making the route unreachable. Setting the
metric to 15 would install the route in the local routin g table. However, neighbor routers (after
adding I for the interface cos! for the received route) would not, having a metric of 15+ I = 16.
This mean s that usefulmetrics star! from 14 and downwards.
When announcing routes, RIP does not differentiate from internal and redistributed (external)
routes. To mark the routes and distingui sh them one from another, we can use the route tag. A
u route tag can be applied to a route during redistribution, and it will be stored in the routing
table. When a tag is appended to a route in the routing table, RIP will pass it along with the
raute. This is the default behavior.
Note There is a lesson dedicated to route redistribution later in this module.
LJ
© 2010 Cisco Systems, Ine. IPv6-Enabled Routing Protocols 4-7
RIP Equal-Cost Multipathing
RIPng SllpportS load balancing across Illllltiple palhs.
Examining RIPng Enhancements (Cont.)
RIPng Equal-Cost Multipathing (\! ",lo . cu.~·"v ' \':I.(~ ""' ,\, ;'" ')
• RIP can simultaneously use four palhs lo load-balance Iraffic.
• II relies on CEF lo perform load balancing.
• RIPng supporls up lo 64 configurable palhs (defaull is 4); on _-., ~
hardware-based plalforms, limilalions come from !he
hardware used .
• RIP is very rarely used for Ihis purpose.
\J~ \,~\(A .... cA., 4> \J O)
\J~).
l e E'
H " ··'{) ,
RIPng SllppOltS IIp lo 64 palhs thal can be lIsed for the load balancing oflraffic. In RIP IIp lo 4
palhs are lIsed to perforlll load balaneing by defalll!. The principal condition is that Ihe cost of
Ihe rollle lowards a given network is the sallle aeross all ofthese paths. This is ealled eqllal-eost
Illllltipalhing, and RIPng treats sllch paths wilh eqllal priority.
The aclllalload balancing is perforllled 011 Ihe dala plal1e oflhe rOlller; Ihe lI11derlying
Illcehal1islll is Cisco Express Forwardil1g. Depending 011 the hardware plalfo..,n, Cisco Express
Forwarding Illight be able to load-ba lance as 111any as 16 palhs of eqllal cost.
However, cOl11binations of eqllal-cosl 111111tipathing and RIP are very rarely fOllnd il1 networks.
4·8 IPv6 Fundamentals, Design, and Deployment (IP6FO) v3.0 © 2010 Cisco Systems, Ine.
n
Configuring RIPng
This topic describes how to configure RIPng on Cisco roulers.
2 ¡¡di ;¡¡ j 3i1JiJ ¿¡¡¡ 22
Cisco lOS RIPng Commands

router(config)'
I !pv6 router rip tag
• Creates and enters RIP rauter submode

router(config-rtr)t
I redistribul:c statlc I bgp I rip I:ag I 'O 'f"
• Redistributes rautes fram other routing pracesses ('" \", • .\".\; <"' {tI"')
router(config-if)'
I ipv6 rip tag enable
• Configures RIP on an intenace
router(config-if)'
ipv6 rip tag defnull:-info!;1llntion originnte (
• Originates the default raute (::/0) fram an intenace
The syntax ofthe following commonly used commands is different, compared to RIP for IPv4
counterparts:
• ipv6 rOllter rip
• redistribllte
• ipv6 rip enable
• ipv6 rip defalllt-information originate
In RIP for IPv4, you configured a l"Outing process in the global configuration mode and added
the interfaces using the network command. RIPng is configured similarly as Open Shortest
Path First (OSPF) in interface configurationmode.
Enabling RIPng on an interface without starting the rouling process in the global configuration
mode first will result in a dynamically created "router rip" process in the configuration.
The tag for the RIPng routing process is an alphanumeric string andmust be unique to the
l"Outing process. Per Cisco lOS Release 12.4T, you can configure as m3ny as four RIPng
routing processes 011 a router.
Note Do not confuse the rauting pracess tag for the raute tag, which is used for raute
redistribution.
© 2010 Cisco Systems, Ine. IPv6~Enabled Routing Protocols 4·9

Configuring RIPng
Cisco lOS RIPng Commands
routerR
Ishow ipv6 rip
• Displays status 01 the various RIP processes
routerif-
IShOW ipv6 rip database

• Displays the RIP database
routerlf:
IShOW ipv6 route rip
• Shows RIP routes in the IPv6 route table

routeri
Idebug ipv6 rip
• Displays RIP packets sent and received
The syntax ofthe following show and debng cOllllllands, which are used to verify the status of
RIPng, is silllilat~ifnot identical-to the IPv4 counterpart:
• show ipv6 .. ip
• show ipv6 I'Íp database
• show ipv6 ..onte ..ip
• debng ipv6 I'Íp
¿LA IUZI 1 11 1 ¿Mili! ¡¿22j &A A:AiL&L2Jj¡¡
Configuring RIPng (Cont.)

Cisco lOS RIPng Configuration Example
Router2
2001:db8:1:1::/64
Router2~
interface EthernetO
lpv6 address 2001:dba:l:1::/64 eui-64
t~:~ ;,~f~~' :'±X ,,~.~.'i~~i\':"lhfOXiáHori"':"otr9ii1¡t~
. . , . ."
LAN2: 2001:dbB:1:2::/64
Rouécr2ft;'I",,!)ug lpv6 rlp

RIPng: Sending mult.ic8st updat.e on Ethernet.O for RTO
src"'FESO: :260:3eff: fe47: 1"5'::JO~::===::;:-ILink-LOCal Source Address
dst.-FF02::9 (Eehernet.O) ...
sport-52!, dport."S21, lengeh"32 "
command .. 2, veJ;sio.n.:l,_,.,,,~llb,z,':",O.,, Irte"! I'MulticastAII-RIP-Routers
L-__~,~",~.~o,~m"~'~,i~c~·'~,~,P~,~~!~i~,'~'~':/~,~~,;__________-"
The figure shows a network ofllVo routers. The upper l'Outer, Router2, is connected to the
default netlVork. The screen text is from Router2. "RTO'" is a tag to identify the RIP process.
RIP is enabled on the first Ethernet interface (ipv6 rip RTO enable).
There are many ways to configure default l'Outes. In the first Ethernet interface context,
ipv6 rip default-infol'nlatioll ol'igillate enables the advertisement ofthe default J'Oute wilh the
origin of Router2.
The debug ipv6 rip command helps \Vith debugging. This screen output shows an RIP update
being sent on the first Ethernet interface. The source address ofthe routing update packet is the
link-local address on that network. The hosl ID ofthe link-local address is based on tite
extended universal idenlifier 64-bit format (EUI-64) representation oftlte data link layer MAC
address. Manual address configuration for Itosl part is also possible, but not required. Tite
destinationlPv6 address oftlte RIP adveltisement packet is the multicast group ofall-RIP-
J'Outers. The debug output shows that the router is sending a default l'Oute (prefix=::/O) with a
metric of one.
© 2010 Cisco Systems, lne. IPv6-Enabled Routing Protocols 4-11

mi
Configuring RIPng (Cont.)
Cisco lOS RIPng Configuration Example

Router2
lAN1: 2001:db8:1:1::/64
lAN2: 2001:db8:1 :2::/64

interface EthernetO
ipv6 address 2001:db8:1:1::/64 eui-64
ipv6 rip RTO enable
Interface Ethernetl
ipv6 address 2001:db8:1:2::/64 eui-64
ipv6 rip RTO enable
The figure sholVS an example of a tlVo-router portion of a larger network. The lower router is
connected to two internal LANs. The screen text is from the lower router. callee! Routerl. It
sholVs that RIP is enabled on both Ethernet interfaces (ipv6"¡p RTO enable).
4-12 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 o Cisco Systems, Inc.
Summary
This topic sllmmarizes the key points disclIssed in this lesson.
ita a u
Summary
• RIPng lor IPv6 retains the key leatures 01 RIPv2 lor IPv4,
inciuding support lor split horizon and poi son reverse to
prevent routing loops.
o RIPng has been enhanced lor IPv6 by using the mullicast
address 01 an RIP router lor routing updates and link-local
addresses lor the next-hop interface .
• RIPng is configured per-interface on Cisco routers and
requires a unique route tag to identily the routing process.
References
For additional infonnation abollt RIPng, refer to these resollrces:
• RFC 2080-RIPngfol' IPv6
http://wwlV.faqs.org/rfcslrfc2080.htm I
• Cisco lOS IP,,6 Configuration Guide, Re/case /2.4T: Imp/ementing RIP.f"r IP,,6
http://IVlVw .c isco.com/en/U SIdocs/ios/ipv6/con figllration/gll ide/i p6-
rip_ps6441_TSD_Prodllcts _Configllratioll_GlIidc_Cllapter.html

lesson 2\
Examining OSPFv3
Overview
Open Shortest Path First (OSPF) is a \Videly used interior gateway protocol (IOP). Upgrading
the protocol to support IP version 6 (IPv6) generated a number ofsignificant changes to how
the protocol behaves. Understanding (he differences between OSPF version 2 (OSPFv2) and
OSPF version 3 (OSPFv3) are required for Ihe successful deploymenl and operation ofan IPv6
nelwork using OSPF for rouling. This lesson describes OSPFv3, Ihe IPv6-capable version of
the OSPF routing prolocol, including ils operalions, configuration, and commands.
Objectives
Upon compleling Ihis lesson, you will be able lo describe OSPFv3 and configure it on Cisco
routers. This ability ineludes being able lo meel these objectives:
• Describe how Ihe OSPFv3 routing protocol is supporled in IPv6
• Describe the changes and enhancements made lo OSPFv3 lo supporl IPv6
• Configure (he OSPFv3 prolocol on Cisco roulers
• Describe OSPFv3 IPsec ESP authenlicalion and enclyplion
• Describe OSPFv3 advanced funclionalities
OSPFv3 Key Characteristics
This topic describes how the OSPFv3 routing protocol is supported in IPv6.
OSPF and OSPFv3 Key Characteristics
• OSPFv3 is an implementation 01 the OSPF routing protocol

lor IPv6
• OSPFv2 (Ior IPv4) and OSPFv3 run independently on the
router
• OSPFv3 has the same key capabilities as OSPFv2 lar IPv4
networks:
- Multi-area network design with Area Border Routers
(ABRs) that segment the network
- Shortest Path First algorithm lor optimum path calculation
- Special area types and sophisticated handling 01 external
routes (E1, E2, and NSSA)
- Summarization on area borders simplilies network
designs (stub areas)
The Open Shortest Path First is a well known link-state routing protocol, suitable for large
enterprise networks.
OSPF segments the network into multiple areas which communicate through area border
rauters. This approach allows greater scalability and relieves the routers from running route
calculations for events that are not in their area. Only ABRs need to know the exact topology of
a 11 attached areas. These rauters send appropriate routes as inter-area rautes.
OSPF handles external rautes differently than internal rautes. These rautes are prapagated
across all areas in a special update packet, and distinguished in the rauting table. Special area
types, such as stub areas and NSSA allow for handling external rautes and summarization.
The core algorithm for best path calculation is the ShOltest Path First, or Dijkstra algorithm.
This algorithm is run every time when there is a topology change in the area.
Open Shortest Path First version 3 (OSPFv3) is a complete rewrite of the OSPF protocol to
support IPv6. The foundation remains, for the most pmt, the same as in IP version4 (IPv4) and
OSPF version 2 (OSPFv2).
Note OSPFv3 and OSPFv2 run independently on a router. This is a key difference to IS-IS, which
can have a single process and a single topology database for both routed protocols, i.e.
IPv6 and IPv4.
The OSPFv3 metric is still based on interface costing. OSPF for IP version 6 (IPv6 is currently
supported in Cisco lOS Software.
The packet types and neighbor discovely mechanisms are the same in OSPFv3 as they are for
OSPFv2. OSPFv3 also supparts the same interface types, including broadcast, point-to-point,
paint-to-multipaint, nonbroadcast multiaccess, and virtual links.
Link-state advertise1l1ents (LSAs) are still flooded throllghollt an OSPF d01l1ain, and 1l1any of
the LSA types are the same, though a few have been renamed or newly created.
Note OSPFv3 is defined in RFC 5340.

a ¿liLE
OSPF Refresher
• Link slale protocol-every router has full insight into network

topology of the area
• Roules are sent to other roulers using link slate
advertisemenls (LSAs)
• Role of Area Border Routers:
- Limil Ihe flooding of LSAs lo isolate lopology changes
wilhin Ihe area
- Adverlise Ihe roules to other areas in a conlrolled manner
• Scalabilily is comparable to olher link-stale routing protocols
(IS-IS) and generally better than distance vector or hybrid
routing protocols
"'>.
OSPF follows Ihe same rules ofoperalion whelher il is mn for lPv4 (OSPF version2) or IPv6
(OSPF version 3).
OSPF is a link slale prolocol. This means Ihal evely rouler has a full lopology oflhe nelwork in
memOly. anel calculales besl palhs independelllly from olher roulers, based 011 ils nelwork
knowledge.
AII OSPF roulers send and collecl lhe link slale adveltisemenls (LSAs). These are used to send
information aboul the changes in the network. Roulers build the nelwork lopology based on the
collected LSAs.
ABRs have special handling of LSAs. They limit the change flooding lO within the arca, and let
only Ihe LSAs describing inter-area and external roules 10 flow belween the areas. 1'0 do Ihis,
ABRs need lo have topology dalabases for all parlicipaling areas. Within Ihe area, all routers
have Ihe same lopology table.
Division ofnelworks inlo areas is a key fealure ofOSPF 10 provide scalabilily. Rouling
prolocols such aS EIGRP consider evely nelwork lo be "flal", wilh a change in the lopology
sooner or later inlluencing the decisions in Ihe nelwork, ullless Ihe nelwork is manually
summarized alld thus segmented.
The IS-lS routing prolocollakes Ihe mulli-area approach even furlher, making Ihe area
divisions even more flexible: in OSPF evely area Ileeds to connecl lo a backbone area (area O).
In conlrasl, IS-IS does nol use backbone area, bul uses differenl levels ofrouling. Level I is
used inside one area, lo build Ihe lopology ofall prefixes reachable wilhill a single area. Level2
is used among difTerenl areas, lo facilitate inter-area rouling. The slrelch ofLevel2 roulers in
lhe IS-IS rouling domain musl be conliguous. They fOl'll1 a virlual backbone area.
4-18 IPv6 Fundamentals. Design. and Deployment (IP6FD) v3.0 © 201 o Cisco Systems, Ine.
111 11iL22i lB 111111111 _ 1 di U
OSPF Refresher (Cont.)
External LSA
flooding across all areas
The figure outlines the functioning ofOSPF as a link state routing protocol, with the network
divided into areas.
AH areas connect to area O. The interconnecting routers are ABRs. These routers control the
flooding of LSAs; some LSAs are allowed lo flow within the areas, while other types describe
inter-area and external routes.
By using different area types, such as slub and NSSA, you can limit the number ofroutes in
such areas, e.g. allowing only summary, or external, or default routes.
Note For more information about OSPF routing, refer to the Implementing Cisco IP Routing
(ROUTE) course.

OSPFv3 Enhancements
This topic describes Ihe changes and enhancements made to OSPFv3 lo SUppOlt IPv6.
iiJ 2 ¡¡iU
OSPF for IPv6
• Router ID is no longer based on an IPv4 address 01 the

router:
-- lt is configured in the routing process
- lt is still a 32-bit number, written in lour octets
- lt is used to sign routing updates
• Adjacencies and next-hop attributes use link-local addresses
(exception: virtuallinks).
• IPv6 is used lar transport 01 the LSA.
• Enabled per-Iink, not per-network.
• OSPFv3 requires Cisco Express Forwarding .
. ' •. - - . " --o
These OSPF features have been updated for IPv6:

a In OSPFv2, Ihe router ID is derived from the "highest" IPv4 address ofan existing router.
It is a general praclice to set a loopback interface on Ihe router for the purpose of
mainlaining Ihe router ID, or setting it administratively in the routing process configuration.
a In OSPFv3, the OSPF process no longer requires an IPv4 address for the rauter ID, but it
does require a 32-bil number to be sel.
Note This 32-bit number is entered as four octets separated by dots [.] and looks like an IP
address.
a OSPFv3 no longer calTies 11' addresses in the OSPF header. The addresses are only cafried
in the payload.
a OSPFv3 adjacencies use link-local addresses to communicate. Rouler next-hop a!tributes
are neighboring router link-local addresses (except in the case ofa virtual link). Since link-
local addresses have the same prefix, OSPF needs to store the information about the
olltgoing interface.
a OSPFv3 uses IPv6 for transport of LSAs. I Pv6 prolocolnumber 89 is used.

a OSPFv3 is enabled per-link and identifies which networks (prefixes) are allached to that
link for determining prefix reachability propagation and OSPF area.
a OSPFv3 requires the router to run Cisco Express Fonvardingo
11111 ¿¡ Iml I JIUII III 1I 221111 III
OSPF for IPv6 (Cont.)
• Router ID, area ID, and link-state ID remain 32 bits:

_. Not derived lrom an IPv4 address
, Router LSA and network LSA do not contain IPv4 addresses,
these are only 32-bit identiliers.
• LSAs now have a flooding scope delining a radius:
- Link-local
- Area
- Autonomous system
• Handling and lorwarding 01 unknown LSAs is supported-to
han die future OSPF extensions.
• Uses IPv6 link-local multicast addresses:
_. FF02::5 OSPF routers
_. FF02::6 OSPF-designated routers
,,,.....
In OSPFv3, the router ID, area ID, and link-state ID are still 32 bits, but these values are not
based on IPv4 addresses, though they may look like them. This feature, combined with the
removal of addressing fl'Om OSPF headers, has made OSPFv3 Layer 3-agnostie. Router LSAs
and network LSAs contain only 32-bit identifiers. They do not eontain addresses.
LSAs have flooding scopes that define a diameter, as follows:
• Link-local: Flood all routers on link
• Area: Flood all routers within an OSPF area
• Autollomous system: Flood all routers within the entire OSPF autonomous system
OSPFv3 supports the forwarding ofunknown LSAs based on the flooding seo pe. This can be
useful in a not-so-stubby area (NSSA). It is also useful when a designated router does 110t
support as many features as other OSPF neighbors, but yOll still want those OSPF l'Outers to be
able to use the new features.
OSPFv3 now takes advantage of I Pv6 multicasting, using FF02::5 for all OSPF routers and
FF02::6 for the OSPF-designated router (DR) and the OSPF backup designated router (BDR).
© 201 o Cisco Systems, Ine. lPv6~Enabled Routing Protocols 4-21

Si
OSPF for IPv6 (Cont.)
• Two LSAs have been renamed:

- Inlerarea Prefix LSAs (Type 3)
- Inlerarea Rouler LSAs (Type 4)
• Two new LSAs have been added lo OSPFv3:
- Link LSAs (Type 8)
- Inlra-Area Prefix LSAs (Type 9)
. '.','.,.,
There are two renal11ed LSAs:

• Interarea prefix LSAs for Area Border ROllters (ABRs) (Type 3): Type 3 LSAs
advertise internalnetworks to rOllters in other areas (interarea routes). Type 3 LSAs Illay
represent a single network or a set of networks sUl11l11arized into one advertisel11ent. Only
ABRs gencrate SIlI11I11a1y LSAs. In OSPF for IPv6, addresses for these LSAs are exprcssed
as prefix, prefix length instead of address, and mask. The deralllt route is expressed as a
prcfix with length O.
• 1"terarea rOllter LSAs for Alltonomolls System BOllndary ROllters (ASBRs) (Type 4):
Type 4 LSAs advertise the location of an ASBR. Routers that are trying to rcach an
externalnetwork use these adve.tisel11ents to determine the best path to the next hopo
ASBRs gencrate Type 4 LSAs.
There are t\Vo new LSAs in I Pv6:

• Link LSAs (Type 8): Type 8 LSAs have local-link fiooding seope and are never fiooded
beyond the link with which they are associated. Link LSAs provide the link-local address
ofthe rOllter to all other routers altaehed to the link. They inforlll other routers atlached to
the link of a list oflPv6 prefixes to assoeiatc \Vith the link. In addition, they allow the
routc!" to assert a eollection of option bits to associate with the network LSA that will be
originated for the link.
• IlItra-area prefix LSAs (Type 9): A rOllter can originate Illllltiple intra-area prefix LSAs
for eaeh router or transit network, each with a unique link-state ID. The link-state ID for
each intra-area prefix LSA describes its association to either the router LSA or the network
LSA. The link-state ID also contains prefixes for stub and transit networks.
4-22 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Inc.
OSPFv3 Configuration
This topic describes how to conllgure lhe OSPFv3 protocol on Cisco l'Outers.
¡¡ah 1222 2ii.
Cisco 105 OSPFv3 Configuration
Commands
router(config)#
lipV6 router ospf process-id
• Creates an OSPFv3 routing process
router(config-rtr).
are a {ipv6-prefixl prefix-length} [advertise I not-
advertise] [cost cost]
• Consolidates and summarizes routes at an area boundary

I
router(config-if).
ipv6 ospf procesa-id are a area-id [instance instanas-id] I

• Enables OSPF for IPv6 on an interface
The figure shows commonly used Cisco lOS OSPFv3 configuration commands. The syntax is
similar, ifnot identical. to IPv4 counterparts.
1m:::: a
UllJ 21 lliUUJ
Cisco 105 OSPFv3 Troubleshooting
Commands
router#
¡shaN ipv6 ospf [process-tdllarea-id] interface [int] I

• Displays OSPF-related interface information
router#
Ishow ipv6 ospf [process-id] rarea-id]

• Displays general information about OSPF processes
router(config-if)'
Clear ipv6 ospf [process-id1 {process Iforce-8pf I
I redistribution I counters [neighbor {neighbor-interface]]}
• Triggers SPF recalculations
oo. ". • • • .......... ".'
The figure shows commonly used Cisco lOS OSPFv3 troubleshootil1g commands. The syntax
is similar, ifnot identical, to IPv4 counterparts.
© 2010 Cisco Systems, Inc. IPv6-Enabled Routing Protocols 4-23

.. illSLbiMi : ¡iS
Cisco lOS OSPFv3 Configuration
22&2Ci ..
Example
Rouler2
EthernetO' fe80:::~60:3eff:fE,47:15:l0
LAN2: 2001:db8:1:2::/64
Routerll Routera,
interface EthernetO interface EthernetO
ipv6 address 2001:db8:1:2::/64 cut-54/
ipv6 ospf 99 area 0.0.0.0 ipv6 address ,2001:db8:1:1:,:J.~,4,_ eui-64
'lp'4'6-'OBpf ,99,. nrI)Í1. 0"';0 ...0.::;;;:2::::';;;.:
interface Ethernet! ipv6 routar ospf 99
ipv6 address 2001:db8:1:1::/64 cul-64
_á:t~1i 0.0.0._0 tang'e?l' 200~)db8i:J;f':/48
ipv6 ospf 99 area 0.0.0.0
ipv6 routar ospf 99

router-id 11.11.11.1
aren 0.0.0.0 rangc 1 2001:db8:1: :/48
The example shows a single-area OSPF network of t\Vo routers. The upper router is connected
to the default network. AII routers are in Area O(area 0.0.0.0). The entire network can be
summarized as 200 I :db8: I ::/48. /
The screen text is frol11 the upper router, called Router2. The ipv6 ospf 99 area 0,0.0.0
interface-specific cOl11mand creates the IPv6-router OSPF process dynal11ically.
Tip The router process description (for example, "ipv6 router ospf 255") will be created
automatically when the interface-specific command is entered. Moreover, additional router-
wide parameters are entered under the configuration-Ievel process. These parameters are
those related to route redistribution, forwarding on multiple paths (load balancing), route
filtering statements, and other (mostly optional) parameters.
u
OSPFv3 IPsec ESP Authentication and
Encryption
This topic describes OSPFv3 IPsec ESP authentication anel encryption.
u OSPF Authentication and Encryption
u • Aulhenticalion and encryplion are used lo secure routing

updates and prevent the altacks to the routing protocol:
- Injection 01 rogue routes
u .._" Undesired neighbor relationships
• OSPFv3 uses native lunctionality offered by IPv6:
u - IPsec AH lor authentication and integrity check
-- IPsec ESP lor encryplion 01 payload
u • Security policy delinition on the router is mandatory:

- Key
- Security parameter index (SPI) value
.---
u
Enhancing routing protocol security is one ofthe procedures for network and device harelening.
OSPFv3 SUppOltS authentication and encryption ofrouting updates.
u Us ing routing update authentication and encryption. you can prevent attacks to the routing
protocol. Usually, an attacker l11ight "poi son" the routing table ofthe router by sending a route
u towards one ofthe networks using very gooel cost, and traffic to that network would be diverted
to the attacker's router. Similar applies to attackers injecting the default l"Oute.
OSPFv3 uses IPv6 native security capabilities and native security stack. Two possible protocols
are available:
• AH for authentication and integrity check
u • ESP for encrypting the payload- the l"Outing updates thel11selves.
u Using an IPsec conneclion requires you to define a security policy for every neighbor router.
The security policy defines which protocol is used for c0111111unication (AH or ESP), encryption
algorithl11, Ihe key, and the security para111eter index (Srl) value.

Cisco lOS OSPFv3 Advanced
Configuration Commands
router(config-if)'
ipv6 ospf authentication ipsec spi spi rndS (key- \)S~ \ • \.,. (
,
d. rn~")
encryption-type] key I ~
null "IUJ. ' ~ _ ) ' toA
- .,
'-----------------='
;.:.~:.;--'y
;...----"""''1_''''----' ~ \-. "......... l I ) ~
• Configures authentication between OSPF routers ,,~\ \
·\I"\\v:)" .:~.(9\ WG \
• ""(".~."J
router(config-rtr) H ( Q. o-C\'\;. \ "V , .....
area area-id authentication ipsec spi ( sp~ rnd5[key-

encryption- type1 key ~\o.
• Configures authentication between OSPF routers
router(config-if),
ipv6 ospf neighbor ipv6-address [prioritynumber] (poll-

interval seconds] [cost number] [database-filter a11 out]
• Manually configures an OSPF neighbor
OSPFv3 sllpports allthentieated lIpdales lIs ing Ihe lInderlying IPsee seeurily Illeehanislll of Ihe
node. The cOlllllland specifies Ihal alllhenlicalion shollld be enabled and also gives the Secllrity
Parallleters Index (SPI), allthentication algorilhlll , and shared secret key.
Note The SPI is used to determine Ihe securily parameter indexo This is used to ide nlify several
IPsec sessions between the same pair of hosts and does not directly apply to OSPFv3; this
is required for Ihe securily policy lo be funclional.
To make all routers in a given area authenticate routing updates, you can configure area-wide
alllhenlicalion. This is lIseflll ifyoll have severa l rOlllers on a broadcasl-type link (sllch as
Ethernel), and yOll do nol \Vanl lO deline alllhenlication parameters for every rOllle ...
Inlerface alllhenlication definilions are more lIseful \Vhen yOll wanl lo alllhenlicate an OSPF
sess io n, going eilher lo a service provider (for example, in an MPLS VPN scenario), or going
across Ihe WAN (for example, from a hllb rOlller lo a brancl! rOlller).
When lIsing nonbroadcasl mlllliaccess (NBMA) in OSPF for IPv6, yOll cannot alltomatically
delecl neighbors. On an NBMA interface, yOllmll st conligllre yOllr neighbors manllally lIsing
inlerface conligllralion mode. The ipv6 ospf ncighbor command gives Ihe OSPFv3 device Ihe
lInicasl IPv6 address orlhe peer with which lo eslablish a neighbor relationship.
4-26 IPv6 Fundamentals, Design , and Deployment (IP6FO) v3.0 © 2010 Cisco Systems, lnc.
n
·::::=&&1111 ¡iI; I ¿¿ .ZJi l&i
OSPFv3 IPv6 Authentication Example

\y~ ?Q
• OSPFv3 authentication on an interface example scenario

Rouler2
EthernetO = fe8;O:::26C):3E,ff:fe4~':1 !;30
LAN2: 2001:db8:1:2::164
Routerll
interfaCe EthernctO
ipv6 addt"l['¡Js, 2_001l,d,bal"l!1~ '/6,4, (!,lIl-64
11lv~ Ospf áú't'iió'ntli::atfQn: ipsílcJapi- 500 ííídS-:'¡¿S'yi'
ipv6 ospf 99 area 0.0.0.0
This example shows the usage and implementation of IPv6 authentication between OSPF
routers. The highlighted statements specify the authentication parameters lo use for OSPF.
These statemen!s can be applied to OSPF areas. in which case the authen!ication is applied to
all interfaces in the area. Oro they can be applied to specific interfaces. as shown here. The
Cisco lOS image must suppart Ir Security (IPsec) encryption. OSPF authentication supports
both Authentication Header (AH) and Encapsulating Security Payload (ESP).
Tip OSPFv3 has had the OSPF-specifie seeurity meehanism used in OSPFv2 (for IPv4)
removed and can only be seeured using IPsee. This is an important example of how making
IPsee support mandatory for IPv6-eapable nades simplifies implementation lar other
protoeols.

Configuring OSPFv3 IPsec ESP
Encryption
rout.er(config-if). ,/
ipv6 ospf encryption {ipsec spi spi~encryption
algorithrn [[key-encryption-type] key] authentícation-
algorithrn [key-encryption-type] key I nuIl}
• Configures encryption on an interface between two OSPF routers
router(config-rtr)# /
area area-id encryption ipsec spi 8pi esp encryption-
algorithm [[key-encryption-type] key]authentication-
algorithm [key-encryptíon-type]key
• Configures encryption between all OSPF routers in an area
(configured in the routing process configuration mode!)
You can conJigure IPsec encl)'ption for OSPFv3 in a similar way as you configure
a uthentication.
To conJigure OSPFv3 encl)'ption over one single link, you can use the ipv6 ospf cncryptioll
interface conJiguration mode command, The command will enable encl)'ption only for the
neighbor router(s) on that interface.
The area encryption command enables encryption of routing updates between all routers
within an area. This command is useful when there are many neighbors and provides a more
elegant way to enforce encryption for routing updates.
Packets that do not pass validation (decryption using the correct key, proper authentication.
etc.) are discarded by the router. For a legitimate router neighbor relationship to be established,
LSA packets must be validated to be accepted by the router.
4-28 IPv6 Fundamentals. Design. and Deployment (IP6FD) v3.0 © 201 OCisco Systems. Inc.
: • JiU I lb ]J ulla 1I 1I 11I1 111 1I
OSPFv3 IPsec ESP Encryption Example
• OSPFv3 encryption example scenario:

Rouler2
Rout.crl'
int.erface EthernctO
ipv6 addrcss 2001:db8:1:1::/64 eui-64
'F'ipv6 Asp:f.1 eil.érypt:!Ci"rl'>lpli,Cá';. ¡¡¡pi, ,$00 ee'p: ilull":""
'j¡hi1l;: 1?345/i?:a9~~12.~4~Íi789B!23·~56?8.9C.123.5_6789~- :- -
ipv6 ospf 99 arca 0.0.0.0 .~--
In this example, OSPFv3 encryption is configlll'ed on the interfaces between the two rOllters.
IPsec ESP is lIsed as the encrypting algorithm, and SHA-I is lIsed as a hash algorithm to
provide integrity and allthentication services.
Note This is inherited from the IPsec protocol suite - packet encryption encapsulations, such as
ESP (encapsulated security payload) are used together with packet integrity checking and
packet authentication. Suitable algorithms for ESP encryption are AES and variants of DES;
suitable algorithms for integrity checking are SHA-1 and MD5.
© 2010 Cisco Systems, Ine. lPv6 Enabled Routing Protocols

w 4-29
OSPFv3 Advanced Functionalities
This topic describes OSPFv3 advanced functionalities, such as dynamic interface cost SUppOlt,
fast convergence, and graceful restmt.
2
OSPFv3 Dynamic Interface Cost
Support
• Suitable for dynamically calculaling inlerface cosl.
• The cosl changes based on the qualily of link in:
-- Mobile IPv6 networks
-- Radio networks
• Changes in the link parameters are reflected in the OSPF
metric (e.g., scarce bandwidth or excessive delays).
• OSPF metric dynamically worsens, allowing OSPF lo choose
a more optimal path.
• Main area of usage: service provider backbones.
Changes OSPF melric for radio link
The OSPFv3 dynamic interface cost support is an advanced feature, suitable for cost
calculations in 1110bile IP,,6 networks and radio net\Vorks. It is ofmuch use for serviee
providers, \Vho utilize OSPF in their backbone net\Vork, and who have a large number oflPv6
devices as elients and as gateways. Very large mobile operators and wireless ISPs are the target
users for this fea tu re.
The qua lity of a radio link has a direet impaet on the throughput that can be achieved by router-
router traffíe. These radio links between routers appear as Ethernet links and use PPP over
Ethernet (PPPoE) as the underlying protocol. The PPPoE protoeol has been extended to provide
a process by which a router can request, 01' a radio can report, link quality metric information.
Cisco's OSFPv3 implementation has been enhanced so that the route cost to a neighbor is
dynamically upclatecl based on metrics reported by the radio, thus allowing the best route to be
chosen within a given set of radio links.
The routing protocols receive radio link data, and compute a composite quality metric for each
link. In computing these l11etrics, the following factors may be considered:
• Maximum data ..ate: The theoreticalmaximum data rate ofthe radio link
• Cu ....ent data rate: The current data rate achieved on the link
• Latency: Tlle transmission delay that the packets encounter
• Resou ..ces: A percentage that can represent the remaining amount of a resouree (such as
battery power oftlle radio device)
• Relative Link Quality: A numeric value representing relative qualityOSPFv3 then chooses
the link which has the bes! metric to the desired destination, that is, tllat has the least
deductions for link quality issues.
Note For more informalion, refer lo Ihe "OSPFv3 Dynamie Interface Cost Support" listed in the
Resourees seclion, and lo Mobile Ad Hoe Networks for Router-to-Radio
Cornmunications
(h ttp:1Iwww.cisco.com/en/US/docs/ios/i pmobil ity Icon figllrationlgll ide/i mo_ adhoc _
rtr2rd ps644 1 TSD Products Con figllration GlIide Chaptcr.hlm I#wp 1318087).
© 2010 Cisco Systems, Ine. IPv6-Enabled Rouling Protocols 4-31

OSPFv3 Fast Convergence
• OSPF Fast Helio Packets reduces OSPF timers to lower

values to achieve faster "neighbor down" detection
• Suitable for multi-access networks, where Layer 2 does not
necessarily detect a neighbor loss (such as Ethernet)
• Configurable on a per-intertace basis:
router(config-if)#
lipv6 ospf hello-interval seconds
• Changes the OSPFv3 helio timer value
router(config-if) '
lipv6 ospf dead-interval seconds n
• Changes the OSPFv3 dead timer value
The OSPF fast convergence feature is suitable for environments that require very fast reaction
upon network failures. Link state protocols are particularly good at this because they maintain a
full topology table in the router memory. When a path is lost, the SPF algorithm is rerun to
determine another path.
In OSPF, neighbor adjacency is maintained by the periodic translllission of " hello" packets. A
neighbor should be declared unavailable if it does not transmit a "helio" packet within a certain
time interval. In OSPF. it is usually referred to as the "dead-interval", which usually lasts for
th ree " helio" periods. Therefore, a router neighbor is declared "dead" upon three lost "helio"
packets.
OSPF rast convergence is achieved by red ucing the OSPF timers for " helio" and "dead" timers.
When these are reduced to sub-second values, OSPF can converge in belolV than one second .
This feature is par1icularly useful on Ethernet and si milar links, \Vhen the neighbor down
situation does not resu lt in a link down on the interface (t\Vo routers connected through a
switch- the Ethernet interface w ill remain " up", instead ofthe neighbor router being offline).
Suitable environments for this feature are the data centers, where maxilllulll high availability is
required.
The following commands reduce the OSPF timer values (configured under interface
con figuration mode):
Router(config-if)#ipv6 ospf ~ -interval seconds )-"
Router( config-if )#ipv6 ospf ~-interval seco nds '>
The Cisco lOS 12.2S specia l purposes version train allows setting even sub-second timer
va lues.
\'.O_\"O ,\J
u..:;., ......... , ... ~
u Note Bear in mind that reducing the timers adds extra load to the CPU 01 the router, since it must
generate and process OSPF helio packels more oflen.
The nelwork designer should choose whal Ihe direclion lo achieve fasl convergence is:
eilher Ihrough Non-Slop Forwarding when normal timer values are used and convergence
happens on hardware, or using reduced limers and relying on the rouling prolocol lo achieve
convergence.
\.,,,\d. \.\ .... I!.

c~p h.\\ \, ...... "
u \1c\L ... TI ¿ ,\ '.?, ~ >c\',. l1JL >'0

\~
-,l> \3.,1- \. '1.~ \).J", \ ~ <"'\\" '· ...,.,.0 \ G b'(')

J
--:t> 't'"""t te"). \\) G$.r.
u
u
u
u
v
CD
CD
© 2010 Cisco Systems, Ine. IPv6·Enabled Routing Protocols 4-33

OSPFv3 Graceful Restart
• Feature for environments with routers using dual supervisor engines ~ $(;) ~ (q ('4
a nd dual route processors funclioning in a stateful switchover mode

(e.g .• Cisco 7600 Series Routers. Cisco Catalyst 6500 Series
Switches, C isco NeX" s 7000 etc.).
• Graceful restart supported in:
- Graceful restart mode: Graceful restart capable devices
- Helper mode: Graceful restart aware devices
• Core technology to support OSPFv3 in Non-Stop Forwarding
devices.
rou~er(confi9-r~r)'
graceful-restart [restart-interval interval]

• Enables GR on a GR-capable device
rou~er(confi9-r~r)'
graceful-restart helper {disable strict-lsa-checking}

• Enables GR on a GR-helper device
The OSPFv3 graceful restart feature is intended lo work on deviees with dual supervisor
modules 01' dual route processors. These incl ude hi ghly available modular routers and modular
switches. such as the Cisco 7600 Series Routers, Cisco Catalyst 6500 Series Switches, Cisco
Nexus 7000 Series Switches, Cisco ASR 1000 Series Routers, etc. On such devices, one ofthe
supervisors opera tes as active, and the other su perv isor operates as " hot-standby". Routing
o perations are performed by the active supervi sor and this ine ludes maintaining the routing
tabl e, and the neighbor relationships with other routers.
In case of any primary superv isor failure , the system switches lo the secondary supervisor. The
seeondary supervi sor takes over and relies lo the data plane to sw itch the packets in hardware,
unlil it rec reates the routing information base (RI B, that is, the routing table).
Normally, a switehover lo another supervisor mod ule would cause an OSPF neighbor
relation ship drop, and, consequently, a route Ilap further in the nelwork.
To prevent the neighbor relationship drop, the OSPF graeeful restar! keeps the neighbor
relationship still establi shed, and requests a "roule refresh" from the adjacent routeO'. The
reeovering router is in graccflll restart mode and is graeeful restarl eapable, Ihe adjaeent
ne ighbor router is in hclllCI' mode and is a graeeful restart aware deviee.
The OSPF graeeful restart fealure supports the Non-Stop Forwarding (NSF) capability of
highly available routers a nd switehes.
The graceflll-restart eoml11and enables graceful restmt on the graeeful restart capable router.
The graceflll-restart he1ller strict-Isa-checking command enables graceful restart on Ihe
graceful re start aware router.
Note These two co mm and s run on Cisco lOS Software Version 15.0.
n
f H'
~ \L - .~ ~ . ~.\.." \? ,,\.\...,.
4-34 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 201 OCisco Systems. Ine.
n
OSPFv3 Graceful Restart (Cont.) • S\."~\ \''J <o,
. s,,\. ' " l,1,. ¡:: \ f>
u • Gracelul restart 01 an OSPFv3 neighbor relationship between
a GR-capable and a GR-aware router.
() OSPFv3
adjacency
u
Graceful Restar! Graceful Restar!
capable device hetper device
ISwi!choverl I
< Route refresh I
,;,
u The graphie sho\Vs a graeeful restart of an OSPF sess ion oeeurring on a highly available switch.
The redundan! supervisor, \Vhen becoming the new active, has to build a ll the software and
u hardware tables upon taking over the operat ion. These inc1ude the RIB and the routing table,
and then al1 the hardware struetures, such as the forwarding information base (FIB).
u During the OSPF proeess reeovery and re-Iearning ofthe routes rrom adjaeenl routers, the
router relies on the hardware forwarding lables (FIB) generated by the previous active
supervIsor.
u Whe n the router learns new info rmation using the gracefu l restatt, the new routing information
is updated in the RIB and in the FIB.
The adjaeent router (GR helper). thanks to the graeeful restart a\Vareness, does not dro p the
acUaeeney, instead injust sends a route re fresh.
Note The prerequisite for the graceful restar! and NSF is that the rauter has dual supervisors and
hardware-based switching of packets, such as Cisco Express Forwarding (CEF). This is
available on the policy feature card (PFC) and the distributed feature cards (DFCs) on the
Cisco 7600 Series Routers and the Cisco Catalyst 6500 Series Switches, and on the M1
forwarding engine on the Nexus 7000 Series Switch es.
u
u

Summary
This topic sllll1ll1arizes (he key points disclIssed in this lesson.
mm : ¡ mI! ;¡ ;¡¡ 2i2
Summary
• OSPFv3 lor IPv6 supports the sall1e basic ll1echanisll1s that

OSPFv2 lor IPv4 does, including the use 01 areas to provide
network segmentalion and LSAs to exchange routing
updates.
• OSPFv3 lor IPv6 supports a new mullicast address lor
routing updates, leatures two new LSA types, and uses link-
local addresses to source LSAs.
• OSPFv3 is conligured per-interface on Cisco routers.
• Advanced leatures 01 OSPFv3 include last convergen ce,
gracelul restar!, and dynamic interface cos!.
4-36 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 201 o Cisco Systems, Ine.
Lesson 31
Examining Integrated 18-18

Overview
The Intermediate System-to-Intermcdiate System (IS-IS) is a routing protocol which is being
used mainly in service provider environments. Enhancements to IS-IS for IP version 6 (lPv6)
enable use ofthe protocol in transitional networks-a critical rcquirement for IPv4 and IPv6
interoperability. This lesson describes the IS-IS protocol, including concepts, operations,
configuration, and c0111mands.
Objectives
Upon completing this lesson, you will be able to describe and configure Integrated IS-IS for
IPv6. This ability includes being able to meet these objectives:
• Describe how the IS-IS routing protocol is supported in IPv6
• List the changes made to IS-IS to support IPv6
• Explain the implications ofrunning IS-IS in a single SPF architecture
• Describe multitopology IS-IS for IPv6
• Configure and troubleshoot the IS-IS protocol on Cisco routers
Integrated 15-15 Characteristics
This topic describes how the IS-IS routing protocol is supported for IPv6.
z:::
Integrated 15-15 Characteristics
• IGP
• Link-state routing protocol
• Supports multiple routed network protocols at the same time
Intermediate System-to-Intermediate System (IS-IS) is part ofthe interior gateway protocol

(IGP) family, which ineludes Routing Information Protocol (RIP), Open Shortest Path First
(OSPF), and Enhanced Interior Gateway Routing Protocol (EIGRP). ¡S-IS is a link-state
routing protocol and shares many similarities wilh OSPF. IS-IS can support link slates for
mulliple routed protocols at the same time, for example, Connectionless Network Service
(CLNS), IP, and IP version 6 (IPv6). As discussed later in this lesson, IS-IS can use the same
Shortest Path First (SPF) for all network protocols, which raises considerations for network
designo
Note IPv6 support in IS-IS is defined in RFC 5308.
Integrated 18-18 Characteristics (Cont.)
Integrated 18-18 Refresher

• Hierarchical routing:
..- No backbone area
- Level 1 routing within one area
-. Level 2 routing among areas
• Area border on links
• One router belongs to single area
• CLNS used internally
AreaA Area 8 Area e
IS-IS, as a link-slale prolocol similar lO OSPF, lIses a hierarchical approach lo ftlliher divide
rOllling domains inlo areas. In contrasl to OSPF, IS-IS does nol lIse a backbone area. Il lIses
differenl levels ofrollling. Level I is lIsed inside one area lo bllild Ihe lopology ofall prefixes
reachable \Vilhin a single area. Level2 is lIsed among difTerenl areas lO facilitate interarea
rOllting. The Level2 strelch ofrolllers in an IS-IS rOllling domain mllsl be conligllolls; they
form a virtllal backbone area. ROllters can be Level I and Level 2 al the same lime lo perform
bolh tasks.
IS-IS rOllters can be part of only one area at a time, area borders lie on links. OSPF has area
borders on rollters.
IS-IS lIses CLNS inlernally to independently carry rollting informalion from rOllled prolocols.
© 2010 Cisco Systems. Ine. IPv6-Enabled Routing Protocols 4-39

Changes Made to 15-15 to 5upport IPv6
This topic describes the changes made to IS-IS to SUppOlt IPv6.
I1 m &
Changas Made to IS-IS to Support IPv6
Integrated IS-IS for IPv6

• Two TLVs added to introduce IPv6 routing:
- IPv6 reachability TLV (OxEC or 236)
- IPv6 interface address TLV (OxE8 or 232)
• New protocol identifier:
- IPv6 NLPID (Ox8E or 142) advertised by IPv6-enabled
routers
• Mullilopology exlension:
- Single SPF inslance for IPv4 and IPv6, or
- Separale SPF inslances, one for IPv4 and one for IPv6
Two type, length, values (TLVs) are aclded in IS-IS for IPv6 support. These Iwo TLVs are used
to describe IPv6 reachability and IPv6 interface addresses:
• IPv6 reachability TLV (OxEC 01' 236):
Describes nelwork reachability (routing prefix, melric, options)
Equivalent lo 11' internal and external reachability TLVs
• IPv6 interface adclress TLV (OxE8 01' 232):
Equivalent to 11' interface acldress TLV
For helio protocol data units (PDUs), must contain the link-local address
For link-state packets (LSPs), must only contain the nonlink-Iocal address
AIIIPv6-enabled IS-IS routers advertise a Network Layer ProtocollD (NLPID) value of Ox8E
(142).
Cisco has aclcled multitopology support to IS-IS to increase flexibility in IS-IS deployment
witIlin a dual-stack environment. IS-IS can be deployed using two SPF instances, one for IPv4
and one for IPv6. Multitopology IS-IS provides for some flexibility when transitioning to IPv6.
A separate topology is kept for both IPv4 and IPv6 networks, since not alllinks may be able to
carry II'v6 and IS-IS specifically keeps track ofthose. This way there is a smaller possibility for
the traffic to be "black-holecl".
Single topology IS-IS, where there is one SPF instance for both II'v4 and IPv6, also remains a
possibility which is even easier to administer, but the network must be homogenous. Same
links need to cal'ly IPv4 and II'v6 simultaneously.
Single SPF Architecture
This topic describes the implications ofrunning IS-IS in a single SPF architecture.
i& E ¿¡ ¿Ji
Single SPF Architecture
Single SPF restrictions:

• Single SPF for all routed protocols
• Routed protocol consistency check can be disabled during
migration
• Support for both old-style and new-style TLVs with single
topology
• Wide metric must be used to support IPv6
The original design for Integrated IS-IS defines a single SPF for all routed protocols, which
adds the assumption that all interfaces included in the routing decisions run all routed protocols.
When migrating from a purely IP version 4 (IPv4) environll1ent to a dual-stack environll1ent,
discrepancy in supported protocols would cause adjacencies to fai!. To facilitate a seall1less
upgrade, the engineer may disable adjacency checks dllring the lIpgrade to ll1aintain adjacencies
active even in a heterogeneous environment.
When single-topology support for IPv6 is ell1ployed, either old- or new-style TLVs can be
lIsed. However, the TLVs lItilized to advertise reachability to IPv6 prefixes use wide ll1etrics, so
wide ll1etrics should be used within the whole IS-IS domain.
In single-topology IPv6 1l10de, the configllred ll1etric is always the sall1e for both IPv4 and
IPv6. The reason for this is that IS-IS establishes routing adjacencies and bllilds the network
topology using CLNS. IPv4 and IPv6 are just rollted protocols; for routing inforll1ation
exchange CLNS is lIsed.
© 2010 Cisco Systems, [ne. IPv6-Enabled Routing Protocols 4·41

§ 2
Single SPF Architecture (Cont.)
Single SPF Restrictions

A single SPF runs per-Ievel for OSI, IPv4, and IPv6 .
• AII routers in an area must run the same set of protoGols
(IPv4-only, IPv6-only, IPv4 and IPv6).
OK OK No
. P V 4 and IPv6 Rouler IPv4-0nly Rouler
The single SPF architecture has the restriction that, \Vithin an IS-IS area, all routers must run
the same set of protocols.
In some situations, this behavior may be inconvenient. for example, when transitioning an IS-IS
IPv4 network lo IPv4 ane! IPv6. Configuring a router fromlPv4 IS-IS to IPv4 antl IPv6 IS-IS
\ViII cause it to drop adjacencies \Vith all its IS-IS IPv4-only neighbors. As discussed later in
this lesson. Cisco SUppOllS a command that allows a reuter I"unning IS-IS IPv6 to fOl"m an
adjacency with a neighbol" I"unning IS-IS IPv4 and IPv6.
Tip Suppressing adjacency checking on intra-area links (Layer 1 links) is primarily done during
transition fram single-topology (IPv4) to multitopology (IPv4 and IPv6) 15-15 networks.
Imagine that a large enterprise is integrating IPv6 into their network and it is not practical to
shut down the entire enterprise rauter set lor a coordinated upgrade. Without disabling
adjacency checking-because routers were enabled for IPv6 and 15-15 for IPv6-
adjacencies would drop with IPv4-only routers, and IPv4 routing would be severely
impacted. With suppression, IPv6 can be turned up within the enterprise without impacting
IPv4 reachability.
Single SPF Architecture (Cont.)
Single SPF Restrictions

A single SPF runs per-Ievel for OSI, IPv4, and IPv6 .
• Level 2 routers may be configured differently, but no routing
hale can exis!.
No OK
.IPV4-IPV6 Rouler IPv4-0nly Rouler
As in any IS-IS ne!work design, Level2 (backbone) rou!ers mus! be con!iguous. IPv6
adjacency checks are no! done on Level 2 links. In the left diagram, the Level2 routers are not
con!iguous for IPv6; therefore, this is an incorrect network designo The right diagram shows an
example in which the Level2 l"Outers are contiguous for both IPv4 and IPv6.
Tip This is called a "rauting hole." In the example on the lelt, adjacencies will be formed acrass
the Layer 2 links between !he !hree areas. However, !he IPv6 ne!work is parti!ioned by!he
inabili!y of Area B !o carry IPv6 !raffie. Beeause IS-18 is managing a single !opology, !he
rauters will believe !ha! a path for IPv6 exis!s aeross Area B, bu! alllPv6 !raffie sen! via tha!
path will fail.
© 2010 Cisco Systems, Ine, IPv6-Enabled Routing Protocols 4·43

Multitopology 15-15 for IPv6
This topic describes the advantage ofnlllning l11ultitopology IS-IS for IPv6.
jI & ij
Multitopology 18-18 for IPv6
Removes some limitations to network design when

running 15-15 for both IPv4 and IPv6:
• Runs two SPF instances
• Allows the use of differenl metrics for IPv4 and IPv6
• Transilion mode allows easier migration from single-topology
lo mullitopology environmenl
.. ·n·.,,· . '.'
Multitopology IS-IS for IPv6 is available today and is based on the IETF docul11ent M-ISIS:
Mu/ti Top%g)' (MT) Routil1g iI1IS-IS (RFC 5120).
IS-IS multitopology support for 1Pv6 allows IS-IS to maintain a set of independent topologies
within a single area 01' doma in. This mode removes the restriction that all interfaces on which
IS-IS is configured must SUppOlt the identical set ofnetwork address families. It also removes
the restriction that all routers in the IS-IS area (for Level I routing) 01' domain (for Leve12
routing) must support the identical set of network layer address families. Multiple SPFs are
performed, one for each configured topology. Therefore, it is sufficient that connectivity exists
among a subset of the routers in the area 01' domain for a given network address family to be
routable.
You can use the isis ipv6 mctric command to configure different metrics on an interface for
IPv4 and I Pv6.
Whenmultitopology support for IPv6 is used, use the IIIctric-style ",ide command to configure
IS-IS to use new-style TLVs. TLVs used to advertise IPv6 information in link-state packets
(LSPs) are defined to use only wide metrics.
AII routers in the area or domainmust use the same type oflPv6 SUppOlt, either single-topology
01'multitopology. A router operating inmultitopology mode willnot recognize the abilily ofthe
single-topology mode router to SUppOlt IPv6 traffic, which willlead to routing holes in the IPv6
topology. To transition from single-topology SUppOlt to the more flexible multitopology
support, a multitopology lransition mode is provided.
The 111ultitopology transition111ode allows a network operating in single-topology IS-IS lPv6
supporl mode lo conlinue lo work while upgrading l'Outers lo include multitopology IS-IS IPv6
supporL While in transition mode, both types ofTLVs (single-topology and multitopology) are
sent in LSPs for all configured IPv6 addresses, but the router continues to operate in single-
topology 1110de. (Thal is, the topological restrictions ofthe single-topology mode are slill in
efTeeL) After all l'Outers in the area or dOl11ain have been upgraded to support l11ultitopology
1Pv6 and are operating in transition 1110de, transition 1110de can be removed frol11 the
configuralion. Once all l'Outers in the area or dOl11ain are operating in l11ultitopology IPv6 1110de,
the topological restrictions of single-topofogy 1110de are no fonger in effecL
© 2010 Cisco Systems, Inc. IPv6~Enabled Routing Protocols 4-45

15-15 IPv6 Configuration on Cisco Routers
This topic describes how to configure and troubleshoot the IS-IS protocol on Cisco routers .
•
Configuring IS-IS IPv6 on Cisco Routers
Use these steps to configure 18-18 with IPv6 support:

1. Configure IS-IS and NET.
2. Configure generic IS-IS interface attributes.
3. Configure IS-IS on IPv6 interfaces.
4. Configure IS-IS router mode attributes.
5. Configure IS-IS IPv6-specific attributes.
Follow these steps to configure IS-IS IPv6 support:

Step 1 Configure the IS-IS routing process and specify the network entity title.
Slep 2 Configure generic IS-IS interface attributes using existing IS-IS c01l11l1ands (circuit-
type, priority. and so on).
Slep 3 Configure IS-IS on interfaces. The interfaces l11ust have the IPv6 protocol stack
enabled, for example, having an IPv6 address assigned, 01' autoconfigured.
Slep 4 Configure IS-IS router mode attributes. The majority of IS-IS l"Outer mode
commands are generic and apply to both 1Pv4 and 1Pv6.
Slep 5 Configure IS-IS IPv6-specific attributes. IPv6 attributes are configured via the IPv6
address family submode ofthe l"Outer 1l10de.
mi 1I ¡mi!! 1 ."g ¡ l. m, 212 &1 ami
(Cont)
Cisco 108 18-18
router(config)'
Irouter isis [tag)

• Enables IS-IS for the specified IS-IS routing process.
router(config-router)'
Inet network-entity-title
• Configures an IS-IS network entity tille (NET) for the routing process.
router(config-if)#
I [no) ipv6 router isis [tag)
• Enables IS-IS IPv6 on an interface.
• The interface also needs an IPv6 address.
Use the I"outel" isis commanc\ to enable IS-IS for the specified IS-IS routing process, and enter
Ihe router configuration mode.
The net command configures an IS-IS network entity title (NET) for the l"Outing process.
Use the ipv6 I"outel" isis command lo enable IS-IS IPv6 on an interface. Note that the interface
must be IPv6-enabled; that is, it must either have an IPv6 address configured or have been
explicitly enabled via the ipv6 enable command.

b ja i2Jbil a
(Cont.)
Cisco 108 18-18 IPv6 Address Family Commands
router(config-router)#
I [no] address-family ipv6

• Enters IPv6 address lamily configuration mode
router(config-router-af)t
I [no] distance 1-254

• SeIs IS-IS IPv6 administrative distance
router(config-router-af)#
I [no] maximum-paths 1-4
• Sets maximum number 01 paths

router(config-router-af)i
[no] default-information originate [route-map name]
• Conligures origination 01 IPv6 delault raute
Use the address-family ipv6 command to enter the IPv6 address-family submode from the
router mode. IPv6-specific IS-IS attributes are configured under this submode. The no form of
the command \ViII reset alllPv6-specific configurations to default values.
These IS-IS IPv6 commands and atlributes are used under the address-family IPv6 submode
and are applied to lhe IPv6 routing table only:
• distance 1-254: Sets the administrative distance oflS-IS IPv6. The default administrative
distance for IS-IS is 115.
• maximum-paths 1-4: Sets the maximum number ofpaths aIlowed for a route learned via
IS-IS IPv6. The default number is foul'.
• defalllt-illformatioll origillate [route-map llame]: Configures origination ofthe IPv6
default route (::/0) by IS-IS. It is used in the same manner as the existing IPv4 defallIt-
illformation command.
4-48 IPv6 Fundamentals, Design, and Deployrnent (IP6FD) v3.0 © 2010 Cisco Systems, Ine,
11M un HLLLE i1lllli j tJ1 ! ¡ai i2&&22 ¡ i b&i
Configuring 18-18 IPv6 on Cisco Routers
(Cont.)
Cisco 108 18-18 IPv6 Adjacency Check
router(config-router-af)#
I [no1 adjacency-check
• Enables or disables IPv6 adjacency checks
Adjacency Check (default) No Adjacency Check
•
IPv4 and IPv6
G
IPv4
• ' ><'.
IPv4 and IPv6 IPv6
• ><' •
IPv4 and IPv6 IPv6
IPv6 IPv4 IPv6 IPv4
-. - '--.v , " ' ,- ,." .; ".~ • ,
The adjacency-check command enables 01' disables adjacency IPv6 protocol-support checks. If
enabled (default), the router willnot form an adjacency with a neighbor not supporting IS-IS
IPv6.
When enabled, the adjacency-check will allolV an adjacency to be formed between an IPv4-
IPv6 router and an IPv4 router. This cOllfigurationmay be cOllvellient when transitioning an IS-
IS IPv4 network to IPv4 and IPv6. Note that the adjacency-check suppresses IPv6 checks
only. IS-IS IPv4 also checks the protocol support of neighbors and willnot allow an adjacency
between a router running IS-IS IPv4 anel a neighbor not supporting IPv4. Also, iflhe IS-IS
router determines thal the shortest path lO an IPv6 destination lies via a non-IPv6 neighbor, the
route to the destillation willnot be installed in the IPv6 Routing Information Base (RIB).

11 mm I &J El
(Cont.)
Cisco lOS IS-IS IPv6 show and debug Commands
router#
IShOW ipv6 protocols [surnmary]
IShOW isis database
Ishow isis topology

• Displays the IS-IS IPv6 configuration
router#
Idebug isis adj-packets
• Debugs adjacency-related packets

router#
Idebug isis update-packets
• Debugs update-related packets
The following partial list of show and debug C0111111ands are not specific lo IPv6, bul are useful
in Ihe context ofexa111ining and debugging an IS-IS IPv6 configuration:
• The show ipv6 protocols [summary] c0111111and shows the currenl IPv6 routing prolocol
configuration.
• The show isis database c0111111and displays the IS-IS Iink-state database.
• The show isis topology c0I11111and sho\Vs a list of all connected routers in all areas.
• The debug isis adj-packets c0111111and displays the adjacency packet events.
• The debug isis update-packets c0111111and displays the IS-IS update packet events.
Configuring IS~IS IPv6 on Cisco Routers
(Cont.)
Cisco 108 18-18 for IPv6-0nly Configuration Example
...
ipv6 address 2001:db8:fffft:d/64
ipv6 router isis
isls circuit-type level-2-only
router isis
IPv6-0nly Configuration address-family ipv6
redistribute static
Redistributing IPv6 Static Routes default-information originate
exit-address-family
net 49.0002.1921.6803.0001.00
The example is a two-area network in which the routers are configured as IPv6-only IS-IS
routers. Note that only IS-IS configuration is sho\Vn (in other words, this is not a complete IPv6
router configuration).
The configuration shows that RouterD has an IPv6 address configured on interface Fast
EthernetO/O, with IS-IS IPv6 enabled using the interface comm3nd ipv6 ronter isis. The
command isis circnit-type level-2-only on Fast EthernetO/O configures that interface as a Level
2-only IS-IS interface-a backbone connection.
Under IS-IS router mode (ronter isis), a default route (::/0) is adveltised in IS-IS IPv6 using the
command defanlt-information originate under the address-family ipv6 submode. The
network service access point (NSAP) address on RouterD is specified as net
49.0002.1921.6803.0001.00 (Area 49.()()02).

,Ji Si' JIU 2 ¡
(Cont.)
Cisco 108 18-18 for IPv6-0nly Configuration Example
...
interface FastEtbernetO/O
ipv6 address 2001:db8:ffff::c/64
ipv6 router i5is
i5is circuit-type level-2-only
interface FastEthernetO/l
".------l ipv6 address 2001:db8:ffff:l: :a/64
ipv6 router isis
router isis
addre5s-family ipv6
redistrlbute static
IPv6-0nly Configuration exit-address-family
net 49.0001.1921.6803.0002.00
Redistributing IPv6 Sta tic Routes
The configuration shows that RouterC has an IPv6 address configured on both Fast Ethernet
interfaces with IS-IS IPv6 enabled using the interface cOJ1lllland ipv6 "ollter isis. The
cOlllllland isis ci"cllit-type level-2-ollly on Fas! EthernetO/O configures that interface as a Level
2-only IS-IS interface.
Uncler IS-IS router Illode ( .. onte .. isis), lhe static IPv6 routes on RouterC are redistributed into
IS-IS IPv6 using the cOlllllland redistribllte static under the address-family ipv6 sublllode.
The NSAP address on RouterC is specified as net 49.0001.1921.6803.0002.00 (Area 49.0001).
4-52 IPv6 Fundamenlals, Design, and Deploymenl (lP6FD) v3.0 © 2010 Cisco Syslems, Ine.
i'\
.1 Mili L JiJi mi 1I lit i I hi
(Cont.)
Cisco 108 18-18 show Command Example
Rout.cl:'ctshou isis no.ighbQl:s

System Id Type Interface IP Address State Holdtime Circuit. Id
,JiTta9
~ROU~~,r{i: \:;:{,;~;~1~:t5,;:~L2, !:H,:,:,;;)h~;Y;;'" ?",,-, " ',<':,'-;'J-:;%::: ':?:l'/up:", ~ y< 2{"}0\'~JFj;y}rR~{¡~e~D~, qf
If IS-IS adjacencies are successfully established during verification, issue the sltow isis
neigltbors cOlllllland firsl. The figure shows Ihe oulput ofthis cOlllllland. In this scenario,
beca use both routers (RouterD and RouterC) are configured as described in previolls figures-
with Level 2 [inter-area] routing only-only a Level 2 adjacency is forllled.

!lE i ¡ ¡¡ & W
Configuring 18-18 IPv6 on Cisco Rouíers
(Cont.)
Cisco 108 18-18 show Command Example
Area 49.0002 RouterD
out.erClshQw ipt;fi [out.e illin

IPv6 Rout.ing 'l'abIe _ 9 ent.ries
odes: C - Conncct.cd, L - Local, S - St.at.!c, R _ RIP, B - BGP
U - Pcr-uscr St.at.!e route
11 - I5IS Ll, 12 - ISIS L2, lA - 1515 intcrarea
12::-,,:,j,~i~' ~~!~~t~~a:~FFl#ÉAE'6'~io':' '~~~:~Eth~'kn'~~,Ó'j¿',: "':,:¡
In this example, both RouterC and ROlllerD are configllred as IS-IS IPv6 routers, and RoulerD
originales the default IPv6 raute. This example displays the IPv6 routing table on RouterC.
using the show ipv6 route is-is command. The default IPv6 raute \Vas learned through a Level
2 IS-IS IPv6 update. The link-locallPv6 address ofRouterD on the interface facing RouterC is
FE80::208:A3FF:FEAE:64AO.
Note In IPv6, rouling protocols use both the next-hop link-local IPv6 address and the outgoing
interface (as a pair) lo define the next router towards a destination network.
Configuring 18"18 IPv6 on Cisco Routers
(Cont.)
Cisco 108 18-18 for IPv6 over IPv4 Tunnel

Configuration Example
IPv6 over GRE IPv4 tunnel configuration:
• GRE tunnel type is required for IS-IS
IPv6
RouterD'
interface TannelO
ipv6 address 2001:DB8:ffff::d/64
tunnel souree EthernetO
tunnel destination 192.168.99.1
ipv6 router isls
tunnel mode gre ipv6
router isla
net 49.0002.1921.6803.0001.00
nddress-family ipv6
This exa11lple shows t\Vo distant IPv6 networks in which the rOllters are configllred with a
Generic ROllting Encapslllation (GRE) tllnnel to carry IPv6 inside a GRE IPv4 tllnnel. IS-IS
canno! be lIsed over an IP-in-IP tllnnel becallse IS-IS is itselfa Layer 3 protocol, Iike CLNS,
1Pv4, and 1Pv6.
The configllration shows that ROllterD has an IPv6 address configllred on the TlInnelO
interface, with IS-IS IPv6 enabled lIsing the ipv6 router isis interface c011l11land.
Note IS-IS is not supported on manuaIIPv6-in-IPv4 tunnels, 18ATAP tunnels, etc. since these
tunnel interfaces are not capable to carry the CLN8 protocol, which 18-18 uses for adjacency
establishment and rouling information exchange. GRE tunnels are able lo Iransport CLN8
over IPv4 or IPv6.
© 2010 Cisco Systems, Ine. IPv6-Enabled Routing Protocols 4·55

Summary
This topic sllmmarizes the key points discussed in this lesson.
II L- 2 i
Summary
• IS-IS for IPv6 remains a link-state routing protocol and

supports multiple network protocols at the same time.
• IS-IS for IPv6 introduces two new TLVs to support IPv6
prefixes and a new protocol identifier.
• When running IS-IS for IPv6 in a single SPF, all routers must
support the same sel of network prolocols.
• Multitopology IS-IS allows multiple network protocols to be
enabled in a single SPF.
• IPv6-specific IS-IS commands are enlered under Ihe
address-family configuration mode on Cisco roulers.
'~l o", .'
References
More infoJ'lllation about IS-IS can be fOllnd in lhe following documents:
• RFC 5308: RO/lti/lg 1Pl'6 wit/¡ IS-IS
http://too Is. ielf. org/h tm1/rfc53 08
• RFC 5120: M-ISIS: Mu/ti Top%g)' (MT) Routi/lg i/l1ntermediate S)'stem lo I/ltermediale
Systems (IS-IS,I)
http://lools,ietf.orglhtm1/rfc5120
• Cisco lOS IPv6 COI!f1guralion Guide, Re/ease 12.4: Imp/eme/lli/lg IS-ISfiJr IP1'6
hUp://ww\\' .cisco.comlen/U SI docs/ios/i pv6/configu rationlgll ide/i p6- is- iS.ll Iml
Lesson 41
Examining EIGRP for IPv6

Overview
Although proprietary to Cisco, Enhanced Interior Gateway Routing Protocol (EIGRP) is widely
used. Supporting IP version 6 (IPv6) is important for the continued success of EIGRP. This
lesson describes Cisco EIGRP, inclucling its operation, configuration, and commands.
Objectives
Upon completing this lesson, you will be able to describe EIGRP SUppOlt for IPv6. This ability
inclucles being able to meet these ol~jectives:
• Describe Cisco support for IPv6 routing \Vith EIGRP
• Configure EIGRP fol' IPv6 on Cisco routers
EIGRP for IPv6
This topic describes Cisco suprort for IPv6 routing with EIGRP.
EIGRP for IPv6
• Advanced distan ce vector mechanism with some features

common to link-state protocols
• Uses protocol-dependent modules to support multiple
protocols:
- IPv4
-IPX
- AppleTalk
• Easy to configure
• Fast convergence
• Supports IPv6 as a separate routing context
Although the configuration and management of EIGRP for IP version 4 (IPv4) and EIGRP for
IPv6 are similar, they are configured and managed separately.
EIGRP is inherently a multiprotocol routing protocol, beca use it has supported non-IP
Internetwork Packet Exchange (IPX) and AppleTalk for some time. IPv6 SUppOlt is added as a
separate module. IPv6 EIGRP is configured and managed separately from IPv4 EIGRP. but the
mcchanisms anel configuration teehniques will be very familiar to engineers skilled with
EIGRP for IPv4.
For example. both the IPv4 and IPv6 EIGRP implementations inelude a "shutdown" feature,
which allows the routing protocol to be configured but easily disabled. 80th use Ihe Diffusing
Update Algorithm (DUAL) to optimize the routing path. 80th are scalable to large networks.
There are also a few differences in the IPv4 and IPv6 features. For example, by contrast wilh
IPv4 EIGRP, IPv6 EIGRP is configured ayer a link-there is no "network" statement as there
is for IPv4.
AIII di li1 Ullllli IU2&J ,
EIGRP Components
• Neighbor discovery
• Reliable transport protocol
• Incremental updates
• DUAL finite-state machine
• Protocol-dependent modules
• Updates sent to reserved link-local mullicast address FF02::A
• Composite metric:
- Metric = bandwidth (slowest link) + del ay (sum of delays)
• Three tables:
.... Neighbor table
- Topology table
- Routing table
"'" '~" ,
The basic components ofEIGRP for IPv6 remain the same as the IPv4 version.
EIGRP uses a small helio pack to discover other EIGRP-capable routers on directly attached
links and forms durable neighbor relationships. Updates may be acknowledged using a reliable
transport protocol. 01' they may be unacknowledged-depending on the specific function being
commllnicated. The protocol provides the flexibility needed to unicast 01' multicast lIpdates,
acknowledged 01' unacknowledged.
Helio packets and updates are set to the well-known. link-Iocalmulticast address FF02::A,
which Cisco has obtained from Internet Assigned NlImbers Authority (lANA). This multicast
distribution technique is more efficient than the broadcast mechanism used by earlier, more
primitive routing protocols such as RIP version I (RIPvl). EIGRP for IPv4 also uses multicast
for update distriblltion.
Tip EIGRP incorporates some features that resemble features found in link-state routing
protocols. For example, EIGRP sends helio messages and forms neighbor relationships with
other EIGRP·capable routers. It also sends incremental routing updates to neighbors, like a
link-state protocol, rather than a periodic complete update.
EIGRP sends incrementalupdates when the state of a destination changes. instead of sending
the entire contents ofthe routing table. This feature minilllizes the bandwidth required for
EIGRP packets.
The DUAL finite state machine elllbodies the decision process for all route computations. It
tracks all routes advertised by all neighbors. DUAL uses severalllletrics including distance and
cost information to select efficient. loop-free paths. When multiple routes to a neighbor exist,
DUAL determines which route has the lowest metric (named the feasible distance), and enters
this route into the routing table. Other possible routes to this neighbor with larger metrics are
received. and DUAL determines the reported distance to this network. The reported distance is
defined as the totalmetric advertised by an upstream neighbor for a path to a destination.
DUAL compares the reported distance with the feasible distance. and ifthe reported distance is
less than the feasible distance, DUAL considers the route to be a feasible successor and enters
© 2010 Cisco Systems, Inc, IPv6~Enabled Routing Protocols 4-59

the route into the topology table. The feasible successor route that is reported with the lowest
metric becomes the successor route to the current route ifthe current route fails. To avoid
routing loops. DUAL ensures that lhe reported distance is always less than the feasible distance
for a neighbor router to reach the destination network; otherwise, the route to the neighbor may
loop back through the local roule!".
When there are no feasible successors to a route that has failed. but there are neighbors
adveltising the route. a recomputation must occur. This is the process where DUAL determines
a new successor. The amount oftime required to recompute the route affects the convergence
time. Recomputation is processor-intensive; it is advantageous to avoid unneeded
recomputation. Whcn a topology change occurs, DUAL will test for feasible successors. If
there are feasible successors, DUAL willuse them in order to avoid unnecessary
recompulation.
The protocol-dependent modules are responsible for network layer protocol-specific tasks. An
example is the EIGRP module, which is responsible for sending and receiving EIGRP packets
that are encapsulated in IPv4 or IPv6. lt is also responsible for parsing EIGRP packets and
informing DUAL ofthe new information received. EIGRP asks DUAL to make routing
decisions, but the results are stored in the IPv4 or IPv6 routing table. AIso, EIGRP is
responsible for redistributing routes learned by other IPv4 or IPv6 routing protocols.
EIGRP updates contain five metrics: minimum bandwidth, delay, load, reliability, and
maximum transmission unit (MTU). Ofthese five metrics, by default, only minimum
bandwidth and delay are used to compute best path. Unlike most metrics, minimum bandwidth
is set to the minimum bandwidth ofthe entire path, and it does not reflect how many hops or
low bandwidth links are in the path. Delay is a cumulative value which increases by the delay
valuc of each segment in the path.
When a router discovers a new neighbor, it records the neighbOl's address and interface as an
entry in the neighbor table. One neighbor table exists for each protocol-dependent module.
When a neighbor sends a helio packet, it advertises a hold time, which is the amount oftime
that a router treats a neighbor as reachable and operationa!. If a helio packet is not received
within the hold time, the hold time expires and DUAL is infol'lned ofthe topology change.
The neighbor-table entry also includes information required by RTP. Sequence numbers are
employed to match acknowledgments with data packets, and the last sequence number received
from the neighbor is recorded so that out-of-order packets can be detected. A transmission list
is used to queue packets for possible retransmission on a per-neighbor basis. Round-trip timers
are kept in the neighbor-table enlly to estimate an optimal retransmission interva!.
The topology table contains all destinations advertised by neighboring routers. The protocol-
dependent modules populate the table, and the table is acted on by the DUAL finite-state
machi ne. Each entry in the topology table includes the destination address and a list of
neighbors that have advertised the destination. For each neighbor, the ently records the
advertised metric, which the neighbor sto res in its routing table. An important rule that distance
vector protocols must follow is that ifthe neighbor adveltises this destination, it must use the
route to forward packets.
4-60 IPv6 Fundamentals, Design. and Oeployment (IP6FO) v3.0 © 201 o Cisco Systems, Ine.
Cisco lOS EIGRP for IPv6 Commands
This topic describes ha", to configure EIGRP for IPv6 on Cisco rou!ers.
= ¡ Ud &

router(config).
lipV6 router eigrp as-number
JI Creates and enters EIGRP router submode
router(config-rtr).
Ino shutdown
• Star!s EIGRP for IPv6 without changing interface

router(config-rtr)#
default-information originate [route-map route-map]
• Adver!ises default raute, wilh an oplional raule map
router(config-rtr)'
Imaximum-paths number
• Configures maximum number of palhs to lhe same deslinalion lhal will be
inslalled in lhe rouling table
The lable lists some common configuration commands for EIGRP for IPv6. The syntax for
these cOl11mands is similar, ifno! identical, to their IPv4 counterparts.
Command Descripticn
ipv6 router eigrp as-number Enters rauter ccnfiguraticn mode and creates an
EIGRP IPv6 routing pracess.
no shutdown EIGRP for IPv6 has a shutdown feature. The

routing pracess should be in "no shut" mode in
order to star! running.
ipv6 eigrp as-number Enables EIGRP for IPv6 on a spedfied interface.
ipv6 bandwidth-percent eigrp as- Configures the percentage of bandwidth that may
number percent be used by EIGRP for IPv6 on a specified
interface.
© 2010 Cisco Systems, ¡ne. lPv6-Enabled Routing Protocols 4·61

• n ¿ a_EZ SL
(Cont.)
router(config-if)#
lipV6 eigrp as-number
• Configures EIGRP for IPv6 on an interface
router(config-if)#
ipv6 summary-address eigrp as-number prefix/mask [AV]
'" Configures summarization on an interface
router(config-if)#
Ino ipv6 split-horizon eigrp as-number
• Disables split horizon on an interface
router(config-if)#
ipv6 bandwidth-percent eigrp as-number percent
• Configures the percentage of bandwidth EIGRP uses
The table lists some more common configllration comJ11ands for EIGRP for IPv6. The syntax
for these commands is similar, ifnot identical, to their IPv4 cOllnterparts.
Command Description •• .
ipv6 eigrp as-number Enables EIGRP for IPv6 on a specified interface.
ipv6 summary-address eigrp as- Configures a summary aggregate address for a

number ipv6-address [admin- specified interface.
distance]
no ipv6 split-horizon eigrp as- Disables split horizon rule on a specified
number interface.
ipv6 bandwidth-percent eigrp as- Configures the percentage of bandwidth that may
number percent be used by EIGRP for IPv6 on a specified
interface.
4·62 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Inc.
JiJ 1 I I 11.'2 ¡ 1 i Ji 12111121111121,1111111 1I1
Cisco lOS EIGRP tor IPv6 Commands
(Cont.)
routerft:
Ishow ipv6 eigrp topology

• Displays entries in the EIGRP IPv6 topology table
routerft:
IShOW ipv6 eigrp neighbors
• Displays the neighbors discovered by EIGRP for IPv6
routerlf
Ishow ipv6 route eigrp

• Shows EIGRP routes in the IPv6 routing table
routerlf:
Idebug ipv6 eigrp
• Displays information about EIGRP for IPv6 protocol
The table lisIs some EIGRP for IPv6 show and debllg commands. The syntax for Ihese
commands is similar, ifnot identical, to Iheir IPv4 cotJnterparts.
Cisco lOS EIGRP for IPv6 show and debug Commands

.
..•.. ..
: Command Descrlption .... .
show ipv6 eigrp topology Displays entries in the EIGRP IPv6 topology
table.
show ipv6 eigrp neighbors Displays the neighbors discovered by EIGRP for
IPv6.
show ipv6 route eigrp Shows EIGRP routes in the IPv6 routing table.
debug ipv6 eigrp Starts debugging for EIGRP far IPv6.

&
Cisco EIGRP for IPv6-0nly Configuration
Example
RouferD
RouterC'
ipv6 address 2001:db8:ffff:l::d/64
ipv6 eigrp 64515
LAN1:
Interface FastEtbernetO/l
ipv6 address 2001:db8:ffff:2::d/64
ipv6 eigrp 64515
ipv6 router eigrp 64515

router-id 11.12.30.1
no shut
The example is a two-router network in which the routers are configured as lPv6-only EIGRP
routers. Notice tha! you have to specify a 32-bit router ID.
Also note that the protocol is created in a "shuC' state and must be in a "no shut" state to start
the protocol. Many implementations of EIGRP use distribllte lisIs. Conseqllently, il is nol
recom11lended lo stal1 EIGRP for IPv6 lIntil Ihe dislribllte list has been parsed, which occllrs in
router mode. Therefore, EIGRP for IPv6 slal1s in Ihe default state of"shllt."
EIGRP multiprotocol creates mllltiple rollling tables for each protocol (IPv4, lPv6, IPX, and so
on).
EIGRP for IPv6 is slIpporled in Cisco lOS Release 12.4(6)T.
• ,LUJa: II :: id! IltI 11111: 211
Cisco EIGRP for IPv6~Only show
&J
•
Command Example
RouterclshQw lpv6 <li.grp IH'¡.ghh(l.r.~

IPv6-EIGRP neighbors for process 64515
H Address Interface
Routerc'nho¡.¡' ipv6 rout(l elgl:I'

IPv6 Routing Table - Default _ 4 eneries
Codeso e - Connected, L - Loeal, S - Static, U - per-user 5catic rout0
X2 - I5IS L2 lA - ISIS interarea, 15 - 1515 summary, D - EIGRP
"-,,'-
The figure displays three exa11lples of show c011l11lands.

In Ihe first Olltpllt ofthe show ipv6 eigrp interfaces we can see one neighbor on the
FastEthernet O/O interface, which is the only interface inclllded in the EIGRP process.
RouterC#show ipv6 eigrp interfaces
IPv6-EIGRP interfaces for process 64515
xmit Queue Mean pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliab1e Flow Tirner Routes
FaO/O 1 O/O 7 0/1 50 O
The second example sho\Vs the Olltpllt of show il)\'6 eigrp neighbos command. Details for the
neighbor are displayed, sllch as link-local address, interface, hold time and llptime.
RouterC#show ipv6 eigrp neighbors
IPv6-EIGRP neighbors for process 64515
H Address Interface Ho1d Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
o Link-local address: FaO/O 10 00:00:37 7 200 O 3
FE80::C800:5AFF:FEFE:8
The third exalllple shows Ihe output ofshow ipv6 I'oute eigrp cOlllllland. I-Iere we are
presented with a default route, learned by the EIGRP routing protocol.
ReuterC#show ipv6 route eigrp
IPv6 Routing Table - Default - 4 entries
Cedes: C - Cennected, L - Local, 8 - 8tatic, U - Per-user 8tatic route
12 - 1818 L2, lA - 18IS interarea, IS - 1818 summary, D - EIGRP
EX - EIGRP external
D ::/0 [90/30720J
via FE80::C800:5AFF:FEFE:8, FastEthernetO/O
© 2010 Cisco Systems, Inc. IPv6~Enabled Rouling Protocols 4-65

Surnrnary
This topic slIll1ll1arizes the key points disclIssed in this lesson.
ii¡
Summary
• EIGRP has extended its multiprotocol support to IPv6.

• EIGRP for IPv6 is configured per-interface on Cisco routers.
• EIGRP needs to be explicitly enabled with the no shutdown
command.
• Other options are configured analogous to IPv4 EIGRP.
4-66 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, lne.
Lesson 51
Understanding MP-BGP
Overview
The global Internet routing infrastructure is largely built using Border Gateway Protocol
(BGP). Organizations wishing to announce presence and reachability on the Internet need
listings in the Detault Free Zone BGP routing tables. The IP version 6 (lPv6) Internet continues
to use BGP, which needed modifications to support it. This lesson covers Multiprotocol Border
Gateway Protocol (MP-BGP), including operation, IPv6-related configmation, and c0111mands.
Objectives
Upon c0111pleting this lesson, you \Viii be able to describe how MP-BGP supports IPv6 and how
to configure MP-BGP on Cisco routers. This ability includes being able to meet these
objectives:
• Describe how the MP-BGP routing protocol is supported in IPv6
• Describe the changes made to MP-BGP to support IPv6
• Examine BGP peering over link-local addresses
• Examine BGP prefix filtering
• COllngure and troubleshoot the MP-BGP protocol on Cisco routers
MP-BGP Support tor IPv6
This topic describes Ihe exlensions made lo MP-BOP lo SUppOlt IPv6.
,
MP-BGP
• BGP was originally designed for IPv4:

- Carries IPv4 prefix reachability information
- Uses IPv4 for transport
• Multiprotocol extensions for BGP4:
_. Enables other protocols in addition to IPv4
- New identifier for the address family
- Most often used in MPLS networks for MPLS VPN
Original BOP-4 (RFC 1771) carries IPv4 specific infonnation. Multiprolocol BOP (RFC 2283)
adds capability to transpOli routing information for other protocols by using extensions.
Multiprolocol extensions for Border Oateway Protocol (BOP) are defined as new attributes.
These new attributes define Network Layer Reachabilily Information (NLRI) and a next hop
(the next router in the path to the destination) \Vhere IP version 6 (IPv6) addresses can be used.
Note The next-hop must be of the same address type (address family) as the NLRI exchanged.
An IPv6 raute cannot have an IPv4 next hop address.
BOP4 with mulliprotocol extensions enables the use ofmany address families. Address
families define the type of addresses being carried. The most common address families are
IPv4, lPv6, and VPNv4 and VPNv6 for MPLS VPN routes.
An address family is activated within BOP using the address-family command in BOP routing
protocol configuration (router configuration mode). Afterwards, an IPv6 neighbor needs to be
activated within that address family using the neighbol" activate command.
Two new attributes SUppOlt multiprotocol BOP (MP-BOP):
• Multiprotocol reachable NLRl (MP_REACH_NLRI)
• Multiprotocolunreachable NLRI (MP_UNREACH_NLRI)
The MP _REACH_NLRI attribllte describes reachable destinalions and includes attriblltes that
contain information about network-Iayer protocol prefixes (specifically IPv6), and the next
destination hop-to-reach prefixes.
Note MP-BGP is defined in RFC 2858. Muftiprotocol Extensions for BGP4.
4·68 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, lnc,
111 111111111111 &2 U21JII 1111111111 J1 2111 t Iti ,,¿_M.
MP-BGP (Cont.)
• IPv6-specilic extensions:
- Scoped addresses: NEXT_HOP contains a global IPv6
address and potentially a link-local address (only when
there is link-local reachability with the peer) .
._. NEXT_HOP and NLRI are expressed as IPv6 addresses
and prelixes in the multiprotocol atlributes .
• Still uses TCP lor transport:
- TCP can run over IPv4, transporting IPv6 inlormation.
- TCP can run natively over IPv6.
IPv6-specific extensions for MP-BGPv4 are as follows:

• Scoped addresses: NEXT_ HOP contains a global I Pv6 address, 01' potentially a link-local
address, when there is link-local reachability with the peer.
Note When link-local addresses are used lor peering with a neighbor BGP rauter, these link-local
IPv6 addresses are used as next hop IP addresses lor the rautes carried by BGP. In Ihe
majorily 01 cases, the next hop IPv6 addresses need lo be changed lo globallPv6 by
attaching a route map to the neighbor configuralion slalemen!.
• IP,,6 address forma!: NEXT_I-IOP and NLRI are expressed as IPv6 addresses and
pretixes in the l11ultiprotocol attributes.
Note You can run MP-BGP over IPv4 or IPv6 Iranspor! and can exchange rautes lor IPv4, IPv6,
or bolh. BGP uses Ihe TCP prolocol lor peering and Ihis has no relevance lo Ihe raules
carried inside Ihe BGP exchanges. Bolh IPv4 or IPv6 can be used to Iranspor! a TCP
conneclion on the network layer.
© 2010 Cisco Systems, lne. lPv6~Enabled Routing Protocols 4-69

IPv6 as Payload and Transport Mechanism in MP-
BGP
This topic describes the changes made to MP-BGP to supporl IPv6.
2 &
IPv6 Payload over IPv4 Transport
• MP-BGP payload is independent 01 transport protocol

• Existing sessions can be used to transpor! additional
inlormalion
Router2
eBGP
ayer
192.168.1/24 192.168.2/24
IPv4
; 2Ó01:dbs:1 ::/48! ¡2~61:~~~:2;~i~¿1
~outer bgp 65001
neighbor 192.0.2.2 remote-as 65002
address-family ipv6 unicast
neighbor 192.0.2.2 activate
exit-address-family
exit-address-family
MP-BGP rouling information is not related lo transport session. This means that exisling IPv4
Tep sessions can be upgraded lo also carry IPv6 rauling informalion when adding IPv6 support
lo nelworks.
An exisling neighbor can be activated for the IPv6 address family and IPv6 rouling information
will be sent over lhe same neighbor session.
Note However, when configuring an additional address family (IPv6) for that particular neighbor,
the routers will start again the capability exchange negotiation lor that session by resetting il.
In the network, this will be noticed as a route flap which is undesirable.
Addilionally, modificalion oflhe nexl hop attribute is necessary, as by defaull BGP uses
neighbor IP address for Ihe nexl hopo Since Ihere is an IPv4 session established lo carry IPv6
rautes, anlPv4 address will appear as the next hop IP adclress for IPv6 prefixes. This needs to
be correclecl manually by configuring and attaching a raule map lO Ihe neighbol' configuralion
stalement. The raule map should set an IPv6 nexl hop IP address lo IPv6 prefixes, and this nexl
hop 1Pv6 acldress musl be reachable eilher globally al1(l configured on Ihe link, 01' reachable by
the unclerlying IGP.
11 U!&! 11m 11 1IIId i2 !& L IEW
Independent Transport
• Two independent Tep connections can be used, one for

each type of payload
eBGP
ayer
IPv6
eBGP
ayer
192.168.2/24
IPv4
router
nelghbor 192.0.2.2 remete_as 6$002
,
neighbor 2001:db8:ff::2 remote-as 65002
address-family !pv4 unicnst

no nelghbor 2001,dbS,ff,,2 actlvate
neighbol:" 192.0.2.2 activate
,
ex! t-address-famUy
addrcss-family ipv6 unicnst

neighbor 2001:db8:ff::2 sctivate
cxlt-address-fam!ly
When complete sepal'ation of IPv4 and IPv6 is I'equil'ed, native connection can be used. Also. if
an IPv6 only router is deployed, typically it will not carry any IPv4 infol'mation. nor will it have
IPv4 addl'esses on its interfaces.
rauter bgp 65001
neighbar 192.0.2.2 remate-as 65002
neighbar 2001:db8:ff::2 remate-as 65002

no neighbar 2001:db8:ff::2 activate
neighbar 192.0.2.2 activate
exit-address-family

neighbar 2001:db8:ff::2 activate
exit-address-family
In the example in the figure, two BGP sessions are established between two routel's. One
session is configul'ed to I'un on IPv4 and it cardes only IPv4 I'outing infol'mation.
The second session is established using Tep ovel' IPv6 and is used only fol' IPv6 routing.
The IPv6 neighbor must be explicitly activated in IPv6 addl'ess family, because IPv6 addl'ess
family is not enabled by default. IPv4 addl'ess family is enabled fol' all neighbol's by default, so
you must explicitly disable it by using the no neighbor activate command.
The scenal'io when using separate sessions fol' IPv4 and IPv6 pl'efix exchange does not cl'eate a
route flap when IPv6 SUppOl't is being added to a BGP routel' which was I'unning pl'eviously
only IPv4. This method is pl'efel'l'ed, as it does not I'equil'e to change the next hop attl'ibute fol'
the pl'efixes because the I'outel' uses the neighbol' IPv6 addl'ess. The link between the I'outers
must be dual-stacked.

Pros and Cons
• Using a single TCP session:
- Reduces number 01 neighbors
- IPv6 over IPv4 session requires modilication 01 next hop
attribute
- Only one session must be reset every time filters are
updated
- Same route reflector setup can be used
- IPv6 influences IPv4 BGP environment (potential risk)
• Using separate TCP sessions:
- Complete independence 01 IPv4 and IPv6
- Additional neighbor conliguration required
- Next hop can be taken lrom neighbor address
- Non-IPv4 neighbors are not seen in the show ip bgp
summary output
Decision whelher lo combine bolh address families on one neighbor or separale sessions lies
with the network adminislralor. There are advantages lo bolh approaches.
Using a single neighbor can reduce Ilumber of neighbor sessions. In an envirOlll11ent where a lot
of neighbors are configured Ih is can significantly reduce size and complexity of configuration.
BGP Peering Over Link-Local Addresses
This topic describes ho\V to examine BOP peering over link-local addresses.
¿Ji ¡ i2 ¿ & 2 b&Jite
Cisco lOS Link-Local BGP Peering
• Link-locallPv6 address can be used inslead 01 global

address.
• Peers in differenl Aulonomous Syslems do nol need lo agree
on Ihe addressing 01 Ihe Iransil link segment.
• Nexl hop musl be changed lo a global address il prelixes are
lorwarded lo iBGP peers-Ior example, a loopback.
',\&~;,::;;Ji)'.]--t~io
Rouler1 No global
.it__a_dd_r_es_s_es_ _ 1Ji'
Rouler2
AS 65002 <
~~:~~t¡~)
le80;:4 le80,:1
Eitherlnternal Border Oateway Protocol (IBOP) or External Border Oateway Protocol (EBOP)
peering can occllr lIsing the link-local address of the neighbor rather than the global address of
the neighbor. Using Iink-locallPv6 addresses for Border Oateway Protocol (BOP) peering is
useful beca use no IPv6 address allocation is necessary for the link between the BOP peers.
When specifying a link-local address for peering, yOl1must identify the interface associated
with that link-local address by using the lIeighbor IIpdale-sollrce command. The router has no
mechanism to know which link-local address lo use ifmore than one IPv6 interface is
configured. Without the lIeighbor UI)date-solll'ce command, the Tep session between the BOP
routers Call110t be established.
When using link-local addresses for peering, you must use a route map to set the next-hop
a!tribute on outbound BOP update messages to the neighbor. This route map will set the next-
hop a!tribute to both the link-local and the globallPv6 addresses ofthe identified interface. Ir
the route map is not set, the BOP next-hop attribute will be set to ::, and the update messages
\ViII be ignored by the neighbor.
Tip Using link-local addresses for BGP peering is most commonly seen at interexchange points.
These points are where ISPs and other large organizations meet at a collocation facility, and
each puts a router on a common Layer 2 subne!. In this case, using link-local addresses is
advantageous because no global-scope addresses need to be used on the peering subne!.
Given the large address space in IPv6, prefix conservation is not the main motivator here,
rather it is an eflort by two parties to have a "neutral meet," with a clean demarcation
between their routable address spaces.

& u ¡aL
Cisco lOS Link-Local BGP Peering
Commands
i
-
• The following must be configured:
router(config-router).
neighbor ipv6-address update-source interface
• Identifies the interface using the update-source command
router(config-route-map)'
Iset ipv6 next-hop ipv6-address
• Specifies Ihe new NEXT_HOP atlribule in a roule map
router(config-router-af).
neighbor ipv6-address route-map route-map out
• Applies Ihe roule map lo Ihe neighbor inside address family

configuration
The table lisIs required additional commands and Iheir synlax.
Cisco lOS Link-Local BGP Peering Commands
Cornrnand . Description
neighbor ipv6-1ink-local-address For the link local neighbor you must specify
update-source interface outgoing physical interface.
set ipv6 next-hop ipv6-g1obal- This command must be entered in a route map. to
address set the next hop to a global and reachable IPv6
address. This will usually be an address on a
loopback interface.
neighbor ipv6-1ink-local-address Finally. the route map which alters the next hop
route-map route-map out a!tribute must be applied to the neighbor in the
outbound direction.
4-74 IPv6 Fundamentals. Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, !ne.
11m I I ¡¡all a I I1EIII ; .11111111111. ii Iliga:: ¡¡ a ¿ i2i2 1I
Cisco lOS Link~Local BGP Peering
interface LoopbackO
ipv6 address 2001:DB8:FFFF:IP/64
I
interface EthernetO
ipv6 address FE801:4 link-local
I
router bgp 65001
no bgp default ipv4-unic8st
bgp routcr-id 11.12.30.1
,i:6~t~:~¿r{~~g~~,H;:~K~~~i~i¡bn~~'~~~'t'liérnetO:
address-family ipv6
'"-':C- ~,,-~~gh~,~}:>:, E~8º,,7 ._~ __
-! a~H~5~!'~_"_.">,,,.~, :,,,<,_" __,.,,\
¿'~;'_lieighl:!0r;_FE80: =,1 "rb_u~c:!-:m-"l.p-:_nh6 -.out;
o exlt-add~ess-famiiy -- - -, --- ,
I
:rotfEe,::"íiiap:"rih6":-- ,"<'-«':'<"_"Y ",/j_::,_><_ ,',:> _',<:,;':
S_ Gt --~_.iP_v~_ nex~"7h6p -_;20-~J 1D8,S: F,l?FF, I =F <~
Rou!er2
In the example, t\Vo routers fmm different autonomous systems are peering using the Unk-Iocal./
IPv6 address. The neighbor fe80::1 remote-as 65Ql12_command identifies the peer with its
link-local address and AS numbel'. The command neighbol' fe80::l update-source EthernetO
specifies the outgoing interface that is used for the peel'ing.
The neighbol' fe80::1I'oute-map nh6 out command applies the mute map nh6 on outbollnd
updates. The I'oute-map nh6 command sets the next-hop attribute to the globallPv6 address.
The example sho\Vs that a link-local address is manually configured on the Ethel'l1etO interface.
It is also possible to let the router automatically configure this link-local address by I'eplacing
the ipv6 addl'ess fe80::4 link-local command with ipv6 enable. The latter instructs the router
to assign a dynamic link-local address using the extended universal identifier 64-bit fOl'mat
(EUI-64) fol' the interface identifier.
Note \,EUI-64 derived IPv6 addresses are practical to configure but impose the risk that il the
interface or router (or MAC address) is changed. the configuration on the peer router
becomes invalid since the EUI-64 derived link-local IPv6 address will change. II link-local
addresses are used. it is beller that they are manually configured Iink-locallPv6 addresses.
© 2010 Cisco Systems, Ine. IPv6 Enabled Routing Protocols

M
4-75
BGP Prefix Filtering
This tapie describes how to examine BGP prefix filtering.
BGP Network Example
Tasks:
• Configure BGP lo accept legal IPv6 prefixes only (prefix list) 0~o\ ~ (l
• Preferroules fromAS 65002 (local preference) 2%0'> 11 .. -> SJe "<.."<1"\' \ •• 1.0<>"
' ..
2001 :088:10:: 1
2001 :000::124 AS 65002 •

e8GP lf/fEi!t
2001 :088: 10::FF -:;::==:::;:-1< _
2001 :088:10:: 2
~'~ ,.}_ .1 · ,.,!, •
One ofthe strengths of BGP is vast array of facilities for route filtering and modificalion. Most
BGI' deployments will implement al least some simple route filtering, either based on AS path
or network prefix.
When filtering based on network prefix, you will most often use II'v6 prefix li sIs to define
range ofaddresses. AII concepts ofwriting ofll'v6 prefix lists are the same as with IPv4 prefix
li sts, except for the change in address formato
Following examples will show how to implement simple prefix-based filtering ofrouting
updates and how to perform simple modification ofroutes using mute maps.
'./ ~
1<0<> X. .,.) 3
4-76 IPv6 Fundamenlals, Oesign. and Oeploymenl (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Cisco lOS MP-BGP Prefix Filtering
Filtering BGP Routing Updates

rout e r bqp 6 5001
no bgp defnult ipv4-unlc 8 st
bgp router-id 192.168.30.1
ncighbor 2001:08 8 :10::1 remote- aa 65002
addre as -family ipv6
ne lghbor 2001:D88:101 11 ac tiva te ~
Piifghborió~:tnrB8TI1¡T , pré~~-" !iitle9a"1JiYI Xlñr
ne ~9¡¡.b.Or )OOl':"DB~_I .H! I} 1... pr~JJ~",,: li l!.~ ', i e9al..:p t .i;.~.> ~ ~ .
nctwork 2001:DOO::/2 4
exlt- a ddrc s s-faml1y t~~ '
TpV6 pre lI~ - ¡J8t:.. ¡ e9i13P'l1X7'éq5 ¡;e ~fí iOoom ~ e' .1:"""11
./ \c\.\...\. ~-".'\'<\~
R,",,,' Router2
2001 :DB8::/24 Ci1i' 2001: .

AF01..
2:1::/64
00::/48
'fí'
2001 :DB8:C18:2:1 ::F 2001 :000: :/32 G' 2001 :DB8:C18:2: 1::1
.. "...... ...""... • .">:", ,, ......

~ ~, ,,,",t,} · -' , <)
u You can tilter BO P routing updates on the basis ofprefix information from BOP update
messages. The example illustrates a BOr filter list legal-,,{ix which will allow only addresses
within 2000::/3 which is part orthe IPv6 address space currently allocated fo r global addresses.
The filter is applied to the inbound announcements received from the two BOP peers. The same
pretix list could be applied to the outgoing announcements sent by AS 65001.
J.\ • \-.

2
Cisco lOS MP-BGP Prefix Filtering
Configuration Example (Cont.)
Preferred Routes from AS 65002

(Local Preference)
2001:088:10::1
2001 :D88:10::F
::m~m¡!:,ma;g:; ~1
neighbor 10::1 aetivate
::2 remote-as 65002
65003
2001 :088: 10;:2
neighbor 2001:D88.10.:2 aetiyate

nelghbor, 2001:DB8110.!1 ';',out;~·._m.ap.u·i.P2oo>1¡'¡,. ;j
',', neighbor:- 2001 :D88:)(}: J 2.•..;:óu~E!.-m.nP."L~1:!.O." . i~_:j:L{
network 2001:DOO.: /24
,
exit-address-family
'f~~:~i:~~l~;;!f~~:!!- _
~'~_:;-_:i:¡
,
'rolÍf.é::iiilip' LP20Ó':-"¡liú:mft::" id
set_ ~ocal.:-prefe.renee
You can tune the BOP path selection by modifying the local preference on mutes received from
a peer. In this example, mutes received fmm AS 65002 will have a local preference of200
instead ofthe default, which is lOO, while mutes from autonomous system 65003 will have
local preference lowered to 50. Ifthe same mute is received from both AS 65002 and AS
65003, the path to AS 65002 will be preferred.
4-78 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, ¡ne.
MP-BGP Configuration and Troubleshooting
This topic describes how to configure and troubleshoot MP-BOP on Cisco routers.
• J GJ2 & ii2ULIZ! 12 28
Cisco lOS BGP show Cornrnands
• IPv6 related commands begin with show bgp ipv6 unicas!:

Ishow bgp ipv6 unicast surnmary
• Shows BGP parameters and list 01 all IPv6 neighbors
IShOW bgp ipv6 unicast

• Shows contents 01 BGP table
show bgp ipv6 unicast <prefix>/<length>

• Shows detailed inlormation about prelix entry in the BGP table
show bgp ipv6 unicast neighbors <address>

• Shows detailed inlormation about a neighbor
• Can be either IPv4 or IPv6 neighbor address
show bgp ipv6 summary

The sllow bgp ipv6 unieast sumntary and silo\\' bgp ipv6 multicast sunllnary commands
provide output similar to the sllow ip bgp summary command, except they are IPv6-specific.
sllow (¡gp ipv6 (unicast I ntulticast) suntmary
show bgp ipv6

To display entries in the IPv6 Boreler Oateway Protocol (BOP) routing table, use the silo\\' (¡gp
ipv6 commanel in user EXEC or privileged EXEC mode. This command provides output
similar lo the sllow ip bgp commanel. except thal it is IPv6-specific. Detailed oUlput can be
obtained by specifying a prefix at Ihe end.
To display the top oflhe stack label wilh label swilching infonnation, enter the sllow (¡gp
ipv6 EXEC command with the la beis keyword.
Note II a prelix has nol been adverlised lo any peer, Ihe display shows "Nol advertised lo any
peer."
sllow bgp ipv6 (ullicast I ntulticast) [ipv6-"re.fixl"r~f¡x-lellgt/¡[ [Ionger-prefixes) [Iabels)
show bgp ipv6 Parameters
. Parameter Description .. . .
unicast Specilies IPv6 unicas! address prefixes.
rnulticast Specifies IPv6 mullicas! address prelixes.
© 2010 Cisco Systems, Ine. IPv6~Enabled Routing Protocols 4·79

Parameter Description
ipv6-prefix (Optional) IPv6 network number. entered to

display a particular network in the IPv6 8GP
routing table.
This argument must be in the lorm documented in
RFC 2373 where the address is specilied in
hexadecimal using 16-bit values between colons.
/prefix-length (Optional) The length 01 the IPv6 prefix. A decimal

value that indicates how many 01 the high-order
contiguous bits 01 the address comprise the prelix
(the network portion 01 the address). A slash mark
must precede the decimal value.
longer-prefixes (Optional) Displays the route and more specific

routes.
labels (Optiona!) Displays MPLS label inlormation.
show bgp ipv6 neighbors

To display information abou! IPv6 Border Gateway Protocol (BGP) connections to Ileighbors,
use the show bgp ipv6 ncighbors command in user EXEC or privileged EXEC mode.
The show bgp iJlv6 nnicast neighbors and show bgp ipv6 multicast neighbors commands
provide output similar to the show ip bgp neighbors cOl11malld, except they are IPv6-specific.
show bgp ipv6 {unieast I multicast} ncighbors [ipv6-addressJ [rcceivcd-
routes I routes Illap-statistics I advcrtiscd-routes I paths regll!ar-expressioll I dampencd-
routcsJ
show bgp ipv6 neighbors Parameters
Parameter Description
unicast Specilies IPv6 unicast address prelixes.
multicast Specifies IPv6 mullicast address prelixes.
ipv6-address (Optional) Address 01 the IPv6 8GP-speaking

neighbor. II you omit this argumento alllPv6
neighbors are displayed.
This argument must be in the lorm documented in
RFC 2373 where the address is specilied in
hexadecimal using 16-bit values between colons.
received-routes (Optional) Displays all received routes (both

accepted and rejected) lrom the specilied
neighbor.
routes (Optional) Displays all routes received and

accepted. This is a subset 01 the output lrom the
received~routes keyword.
flap-statistics (Optional) Displays Ilap statistics lor the routes

learned Irom the neighbor.
advertised-routes (Optional) Displays all the routes the networking

device advertised to the neighbor.
paths regular-expression (Optional) Regular expression used to match the

paths received.
dampened-routes (Optional) Displays the dampened routes to the

neighbor at the IP address specified.
4-80 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems. Inc.
• 111 2111 11
Cisco lOS BGP show Command

11111111111111111 Jli 11. 2 ;;; JiUIIIiU
Example
router(config)lJ
IShOW bgp ipv6 unicast summary
• Displays summary inlormation regarding the state 01 the BGP

neighbors
Raut.erl'sJ:u;,." 1191) ipv6 Ullicll!¡t: :!-ullHlmry
BGP ron ter identifier 10.0.0.1, local AS number 65001 }
BGP table version lB 69046, maln routing tabla verslon 69046
92 network entries and 92 paths using 17756 bytes of memory
826 BGP pat.h attribute entries uslng 43108 bytes of 1'I\0mory Resource Utilization
703 BGP AS-PATH entries using 19328 bytes of memory by the BGP Process
O BGP route_map cache entrles using O bytes of memory
745 BGP flIter-list cache entrles using 8940 bytes of memory
BGP activity 22978/18661 prefixes, 21166/22626 paths, sean lnterva 15 secs
Nelghbor V AS HsgRcvd Hsg5ent Tb1Ver InQ OutQ up/pown Statc/PfxRcd

2001:DD8:C18:2: 1:: 1 4 65002 84194 14725 69044 O O 3d08h 92
' - - - - Neighbor Information
Use the show bgp ipv6 summa,.y command to display information about the configured BGP
neighbors. The information contains BGP neighbor activity. Examples include the number of
BGP messages sent and received, the elapsed time since the BGP peering is established, and
statistics on resource utilization by the local BGP process.
The figure shows an example of one BGP peer that was configured.
Many other show and debug commands are available, which are mostly the same as for IPv4.
Note that the equivalent IPv4 command is show ip bgp summa,.y; the keywords are reversed.

Summary
This topic sllllllllarizes the key points discussed in this lesson.
liI'
Surnrnary
• BGP supports multiple network protocols, including IPv6, by

using BGP multiprotocol extensions.
• Best route selection based on the atlributes is performed in
the same way as in IPv4.
• MP-BGP supports IPv6 through the NEXT_HOP and NLRI
atlributes, which have been updated to support 128-bit
values.
• BGP establishes a peering session using the TCP proloGal.
Both IPv4 or IPv6 can be used to transport the TCP session.
• NLRI can have an IPv4 or IPv6 address depending on the
prelix type; the NLRI is independent 01 the BGP session
transport type.
• MP-BGP supports IPv6 conliguration through the address-
lamily IPv6 conliguration mode, which needs to be enabled
explicitly.
Resources
To learn more about MP-BGPv4 and suppor! for IPv6, refer to the following doeuments:
• Implemelllillg Multil'rolocol BGP for IPv6

http://www .ei seo .eom/en/U SI does/ios/i pv6/contigll ratio nigll ide/i p6-m pIe 1_bgp. hlml
• RFC 2545: Use <'¡BGP-4 Mulliprolocol EXlellsiollsfor IPv6 Jlller-Domuin Routillg
http://\Vww .rfe-arch i ve.orglgetrfe. php?rfe=254 5
4·82 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, ¡ne.
Lesson 61
Configuring IPv6 Policy-Based

Routing
Overview
This lesson describes policy-based routing (PBR) for Internet Protocol version 6 (IPv6), its
main lIsages, and how to configure ¡t.
Objectives
Upon completing this lesson, you will be able to explain the issues when using PBR and when
disabling the processing of extension headers. This ability includes being able to meet these
objectives:
• Explain the issues when using PBR and when disabling the processing of extension headers
• Explain the configuration steps in configuring PBR
Policy-Based Routing
This tapie describes how to use PBR inlPv6 and how to enable or disable processing of
extension headers.
, ;;;;;
Policy-Based Routing
Why policy-based routing?

• To provide special Irealment for packels thal arrive lo Ihe
rouler and Ihal would olherwise be rouled using normal
routing rules
Normal vs. policy-based routing:

• Normal routing is done based on Ihe deslination address.
• PBR allows you lo malch packels using special conditions.
• PBR can selecl a different oulgoing inlerface for Ihese
packets, or specify anolher action, such as packel marking,
ele .
• o" •
The reason to implement PBR is to provide special treatment for packets that come to the router
and that \Vould normally be routed according to the routing table bul inslead should be routed
differently.
Normal 11' (and IPv6) rouling is a process that is based on Ihe routing table ofthe router. When
a packet comes to the router, the router performs a routing lookup and forwards the packet to
the outgoing interface. The outgoing interface goes to the best path, selected by the routing
protocol, or, in the case of multiple paths with equal cost, the router load-balances the packets
between these paths.
There are few options to send the packets to a path that you know is available but is not the best
path and therefore is not in the routing table. PBR allows you to administratively assign an
outgoing interface (or 11' or IPv6 next hop) for this traffic, using the standard PBR mechanisms.
Packets that should be policy-routed can be matched using several criteria that are supported in
route maps, and several actions can be specified for this traffic, as follows:
• Defining the outgoing interface
• Defining the 11' or IPv6 next hop, for example, for Border Gateway Protocol-routed (BGP-
routed) trame
• Marking the packet with 1l' precedence to impose quality of service (QoS) and traffic
engineering
Note QoS and traffie engineering require other meehanisms to be enabled on the router, sueh as
low lateney queuing (LLQ). Traffie engineering should not be eonfused with Cisco
Multiprotoeol Label Switehing Traffie Engineering (MPLS TE), whieh is an advaneed and
dynamie traffie engineering solution.
To SlIllllllarize, I"OlIting operations can be any ofthe following three types:
• Destination-based: The majority of routing operations in networks
• Policy-based: To l"Oute on anything else in addition lo the destination (or destination with
aclditional erileria), that is, PBR
• Sonl"ce-based: To route traffie that is based on source address, which is used in multicast
nctworks
PBR gives you more control over rOllting by extencling and complementing the existing
mechanisms that are provided by routing protocols. Limited packet marking features are also
available, in which PBR allolVs you to set the IPv6 precedence and allows yOll to speeify a path
for eertain traffie, such as priority traffie over a high-eost link.

•
Defining the Criteria
• PBR requires you to define the criteria for traffic matching by

using a route map
• The following criteria can be used to classify packets for
PBR:
- IPv6 source (or destination) addresses for anything that
an extended access list can match
- Routing protocol data, such as next hop, metric, route tag,
MPLS label, and so on
1'0 be able lo route based on policy, yOll should define the criteria on which packets such a
policy should be applied. The Cisco lOS Software allows yOll to define a route mal', which is a
universal tool to match packets on certain conditions and set actions accordingly.
Note In addition to PBR, route maps are used extensively when performing route redislribulion
from one rouling prolocol to another. These route maps allow complete conlrol of conditions
and actions.
Route maps consist of match and set clauses that are execllted in the order that is defined in the
rOllte mal'. Matcll cOl1ll1land sentences look for specific conditions, sllch as SOllrce IPv6
address, and otller elements Ihat can be l1lalclled by an extended access list (for exal1lple,
address ranges, Layer 4 port nlll1lbers, header options, and so on).
Specifying the Actions
• The lollowing actions can be delined:

- Specilying an outgoing interface or IPv6 next hop
- Set IPv6 precedence to apply QoS and traffic engineering
• Routing based on dedicated links
Set clauses in the route map define the actions that a router should perfonn on the packets. The
following examples are in use \Vith PBR:
• Set the outgoing interface that the packet should use to exit the router (most common).
• Set the IP precedence marker to en force QoS at a later point on the router or in the network.
Using a combination ofmatching on the source or destination IPv6 address and setting the
outgoing interface, you can raute certain traftic over dedicated links, even ifthe outgoing
interface fOl' the destination network in the routing table is a different interface.
At the same time, you can use the raute map to set IP precedence on a packet, which facilitates
QoS operations further in the network. The packets that go to "interesting" destinations are
marked wi!h IP preceden ce (a 3-bit designator in the header ofan IPv6 packet), based on which
you can perfonn queuing on the outgoing interface and on other routers in the data path.
Youmight need to raute packets thraugh the network using PBR to allow a specific QoS
through the network.
Note IPv6 OoS is not essentially different from IPv4 OoS. You can find more information about
OoS mechanisms, queuing, marking, markers, and so on, in the Implementing Cisco Quality
of SelViee (OOS) course.

Routing Using IPv6 Extension Headers
IPv6 ofTers a capability to route using the routing header, which is an extension header that is
appended directly after the initiallPv6 packet header.
Al ¿¡¡liS:: di ¡¡¡ 2 &S&
Routing Using IPv6 Extension Headers
• Routing that follows a policy but is unrelated to PBR feature

• IPv6 packets can carry a routing extension header, which
includes a list of next-hop IPv6 addresses.
- The router examines these routing extension headers and
checks if any of its interface addresses are listed as next-
hop addresses in the routing header.
- Allowing the routing extension header presents a security
risk and is usually administratively forbidden
- Routing with extension headers is useful in special cases,
such as when using IP Mobility
'" "
Routing IPv6 using routing extension headers does not follow the usual routing rules where the
router, upon receiving the packet, chooses the outgoing interface that is based on the
destination IP address. A routing header is an extension header that is identified by the value 43
in the IPv6 Next Header field. There are two types ofthe routing header:
• Type O, which has similar functionality as that in IPv4 source routing (multiple
intermediate routers)
• Type 2, which is used for Mobile IPv6 and includes the home address of a mobile node and
should be allowed by the firewalls to support commullication with mobile nodes
,~
\
I Pv6 routing extension headers allow you to set an explicit path USillg llext-hop IPv6 addresses.
Whell the router receives such a packet, it checks the address list in the option header and
determines if one ofthe router interfaces has the same IP address as listed in the header. It then
routes the packet through that interface.
While this can be helpful, such as when implementing IPv6 Mobility, in usual environments it
is considered a security issue because you cannot implement a consistent routing policy and
rules. Therefore, when routers receive these packets, they are configured to forward them using
usual forwarding rules. This applies to the "Type O" routillg option header. Type O is
deprecated as per RFC 5095 and can be completely disabled 011 the routers by configuring the
no ipv6 sonl'ce-I'onte command.
When implementing IPv6 Mobility, when a station with an IPv6 address roams into another
nelwork, the mobile station can use the optional routing header for the retul'll traffic lo go into
that subnet where the mobile station currently resides. The routing option header that is used
here is Type 2, and these headers are usually permitted on routers.
4·88 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, Ine.
Nete In service previder networks, explicit paths through the network can be defined using MPLS
traffie engineering.
IPv6 Mobility and IPv6 option headers have dedicated sections in this course and are not
discussed here. This lesson is about the PBR feature.

Configure PBR
This topic describes configuration sleps in configuring PBR.
Configure PBR
• Configuring policy-based routing is a three-step process:
Configuring policy-based routing is a three-step process.

The first step is to specify Ihe criteria for the traffic you would like to route using a special
policy, that is, any other parameter than the destination IPv6 address.
The second step is to create a route map, where you combine the conditions that are specified in
the first step to an action, such as how and where to route the packet.
The third slep is to apply a policy where you expect lo receive the traffic and route it using a
PBR policy.
Specification of Criteria for PBR
This subtopic outlines how to specify the criteria for traffic that will be policy-routed using an
access list.
¿ J 1111 ¿ 1IIIIIIIIIW¡¿¡WlIl1L ILIIII. a
Specification of Criteria
• The lollowing example matehes the traffie using an IPv6

extended aeeess lisl:
router (config)"
liPV6 access-list name

• Crea tes an IPv6 aeeess list
router(config-ipv6-acl)#
Ipermit ipv6 2001:db8:1:100::/48 any
• Crea tes an aeeess list entry, matehing all souree addresses

Irom subnets that have a 2001:db8:1:100:: prelix
.,'. _. ',.'~.
The easiest way to specify the traffic to be matched in a route map is by using an access lis!.
Extended access lists have the ability to match on source and destination IPv6 addresses,
source, and destination ports (on the transpolt layer), and so on. This way, you can route
selectively based on the application type as well, that is, you use some links for file transfers
only 01' for VoIP.
In this example, all packets that are sourced from the 2001 :db8: 1: I 00::/48 networks will be
matched by the access lis!.
PBR can classify traffic that is based on extended access list criteria. Access lists, then,
establish the match criteria.
This example sho\Vs matching on source addresses: you can use PBR ifyou match on
destination address 01' protocol as well, al' even match on packet length using the match length
statement in the route map.
In addition to matching Ihe packets using source addresses, the packets can be matched using
access lists to match on the following:
• Input interface
• SOlll'ce IPv6 address (using a prefix list al' a standard al' extended access control list [ACL])
• Destination IPv6 address (standard 01' extended ACL)
• Protocol (extended ACL)
• Source port and destination port (extended ACL)
• Differentiated services code point (DSCP) (extended ACL)
• Flow-Iabel (extended ACL)
• Fragment (extended ACL)

Route Maps in PBR
Route maps combine the conditions for the traffic with the actions that are perfonned on that
traffic for PBR.
2 ,
Defining a Routa Map
• Route maps link the conditions with the actions:

- match condition defines a condition on what to match
- set c1ause defines the action
Router(config).
route-map ipv6policy permit 10
match ipv6 address na me
• Matches a condition specified in the access list
Router(config-route-map).
I set ipv6 precedence preceden ce

• Sets the parameters to a matched IPv6 packet (optional)
Router(config-route-map).
set interface int-name
• Sets an outgoing interface for the packet
As already mentioned, route maps are universallools for 1iItering routes. Rou!e maps are used
to define PBR rules as well, but not all features ofroute maps are applicable in this case.
You can match the traffie using the following conditions regarding IPv6 addresses (using the
address keyword).
The example shows matching on an IPv6 address, Ihe llame being the name of an IPv6 aceess
lis!.
The route map can set IP precedence for IPv6 packets using the precedence keyword, so that
the packets can be classified based on the IP precedence marker in the IPv6 header later on the
router 01' further in the network.
The most commonly used oplion is to set a different outgoing router interface for packets that
are matched by the access lis!. This is accomplished by the set interface command.
You may set multiple forwarding statemen!s in the PBR for IPv6 route map. The following set
statements may be specified:
• IPv6 next hop: The next hop to which the packet should be sen!. The next hop must be
present in Ihe Routing Information Base (RIB), it must be directly connected, and it must
be a globallPv6 address. Ifthe next hop is invalid, the set statement is ignored.
• Output interface: A packet is forwarded out of a specified interface. An entry for the
packet destination address must exist in the IPv6 RIB, and the specified output interface
must be in the palh se!. Ifthe interface is invalid, Ihe statement is ignored.
• Defalllt IPv6 next hop: The next hop rouler lo which Ihe packel should be sent. It mus! be
a globallPv6 address. This set slalemenl is used only when there is no explicít enlly for the
packet destination in the IPv6 RIB.
• Defalllt Olltpllt interface: The packet is forwarded out of a specified interface. This set
statement is used only when there is no explicil ently for lhe packet destination in lhe IPv6
RIB.
© 2010 Cisco Systems, Inc, IPv6~Enabled Routing Protocols 4-93

Applying the Policy
Applying the poi icy to the interface is the final stage of configuring PBR.
¡¡¡¡¡;¡ ha 2 1I
Applying the Policy
Router(config-if)'
ipv6 policy route-map rtmap-name

• Applies the configured route map to an interface
~~
------
Route ACL
.
tnbound
Map
Outbound 1
Outbound 2
To apply a route mal' lo an interface, yOll use the ipv6 policy command. This com111and is
applied on the illb01l11d interface \Vhere yOll expect the traffic. This way, you can define the
outbolllld interface for the traffic.
4-94 IPv6 Fundamentals. Design, and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, ¡ne.
This subtopic illustrates a configuration example for a simple PBR scenario.
J ¡ MIIiJ &h
PBR Configuration Example
• Scenario that uses PBR lo ipv6 aeceas-lisé voice6ael

permit ipv6 2001:db8~1:100: :/32 any
differently roule packels
from two differenl subnels route-map ipv6poliey pe~it 10
match lpv6 address volce6acl
across differenl links sel: ipv6 precedence 5
seto interface serial 0/0/1
rout.e-lllap ipv6policy pcrmit 20
lpv6 route fIlo serial 0/0/0
interface fastethcrnet 010

ipv6 addreS5 2001:db8: 11111/64 cui-64
ipv6 policy route-map ipv6policy
80/0/1
---·-------\/oi(:e WAN (Low-Latency Link)
---Data WAN (Regular Link)
80/0/0
The example scenarío matches Ihe traffic on Ihe router LAN interface. The traffic is mixed,
coming from two source subnets: voice traffic comes from the subnet 2001 :db8: 1: 100::, and
data traffic comes from the subnet 2001 :db8: 1::. The l"Outer receives all packets on lhe
FastEthernet 010 inlelface and has a default raule to Serial 01010 interface. However, \Vhen
using PBR, you can configure rDuling of packets that are sourced in the 200 I :db8: 1: 100::
subnet to be sent out on the Serial 010/1 interface.
Note The IPv6 addressing is simplilied lor iIIustration purposes only.
When you are using the set interface command in the route map lor outgoin9 traffic, the
interface mus! be !he !ype "poin!!o poin!."
PBR and Cisco Express Forwarding

Beginning in Cisco lOS Release 12.3(7)T, PBR for IPv6 is supported in the Cisco Express
Forwarding switching path. Cisco Express Forwarding-switched PBR is the optimal way to
perfol'ln PBR on a rauter.
No special configuration is requirecl to enable Cisco Express Forwarcling-switched PBR for
IPv6. It is on by clefault as soon as you enable Cisco Express Forwarding and PBR on the
router.

Summary
This topie sllllllllarizes the key points that were disellssed in this lesson.
Summary
• PBR is a Illeehanism that can be used to introduce

exceptions to normal routing rules.
• Packets are usually matched using an access list to take
advantage of access lis! matching.
• Route maps are used to define ac!ions tha! should be
performed on matched !raffic.
• The route map needs to be applied !o !he interface.
• PBR is done using Cisco Express Forwarding as an
underlying forwarding mechanism and does not impose
performance limitations.
...... .
"
References
rOl' additional inforlllation, refer to this resollree:
• "llllplelllenting Poliey-Based ROllting for IPv6" at
h [lp:1Iwww.eisco.colll/en/US/docs/ios/ipv6/configllration/gil ide/i 1'6-1'0 1-
bscI_rtng_ps6441_TSD_Produets_Configllralion_Gllide_Chapler.htllll#wp I 055346
4·96 IPv6 Fundamentals, Design, and Dep[oyment ([P6FD) v3.0 © 2010 Cisco Sys[ems, [nc.
Lesson 71
Configuring FHRP for IPv6

Overview
This lesson describes the characteristics of First Hop Redundancy Protocol (FI-IRP) for Internet
Protocol version 6 (IPv6). FHRPs are used to offer redundant connections on the network layer
for upstream connectivity. There are t\Vo FI-IRPs that are lIsed in IPv6, Hot Standby Router
Prolocol (HSRP) and Gateway Load Balancing Protocol (GLBP).
Objectives
Upon completing this lesson. you \ViII be able to outline the concepts of FHRPs and describe
I-ISRP and GLBP for IPv6. This ability includes being able to meet these objectives:
• Describe the concepts of FHRPs
• Describe HSRP and explain the configllration steps in configuring HSRP for IPv6
• Describe GLBP and explain the configllration steps in configuring GLBP for IPv6
First Hop Redundancy Protocols and Concepts
This topic describes the concepts of FHRPs .
• te
First Hop Redundancy Protocols
• FHRPs are used to provide default gateway redundancy.

• IPv4 availability: HSRP, GLBP (Cisco), VRRP (IETF)
• IPv6 availability:
- HSRP for IPv6
- GLBP for IPv6
• HSRP is used in networks to provide default gateway
resiliency.
• GLBP is used to provide default gateway resiliency and load
balancing.
FHRPs are used to provide uninterrupted cOl11l11unication to networks by il11plel11enting

gateway redundancy. FHRPs are mainly used in access networks for c1ients and servers and at
the edge ofnetworks for edge router redundancy.
FHRPs include the HSRP, GLBP, and Virtual Router Redundancy Protocol (VRPP). The first
two are proprielary to Cisco, while the latler is slandardized on the Internel Engineering Task
Force (IETF). AII ofthese protocols are available for IPv4. Currently, only HSRP and GLBP
are available for IPv6.
HSRP requires at leasllwo roulers lo \York in an HSRP group, where one rouler acls as an
active gateway and Ihe other router is in stand by, laking over iflhe primary router fails. The
primaJy rouler only forwards dala.
GLBP offers gateway load balancing, where more than one rouler forwards the packels
upslream on Ihe network. This way, roulers accomplish load balancing of available uplinks;
return traffic nonnally flows only Ihrough a single rouler.
Note In some cases, HSRP can be configured so that the standby router forwards the traffic
upstream as well. This is in the example of the Nexus 7000 data center switch running NX-
OS software.
FHRP for Redundancy
FHRPs can be lIsed to provide redllndancy for access networks.
2U iJ Jii¡
FHRP for Redundancy
Upstream Router B
LocallP 2
Physical MAC 2
aient
Access Nef\.vork with
Ctients LocallP 1
Physical MAC 1
Upstream Router A
Default Gateway
The figme illustrales the normal operalion of FHRP. In HSRP, one router is active al1(l "holds"
Ihe virlllallP address. This applies to both IPv4 and IPv6. HSRP funclions use a vil1ual IP and
a virtual MAC address, \Vhich Ihe clienls refer lo when sending data to the network. Both
rolllers exchange HSRP helio packets lo mainlain lhe HSRP group in Ihe "up" slale.

ai liIi
FHRP for Redundancy (Cont.)
Upstream Router 8
Default Gateway
LocallP 2
Physical MAC 2
Client
Access Network with
Clients LocallP 1
Physicat MAC 1
Upstream Router A
Failed
This figure illustrates the failure ofthe HSRP pri111aly router. The secondmy router will take
over the packet fonvarding, Illoving the virtuallP and virtual MAC addresses to itself.
4-100 IPv6 Fundamentals, Design, and Deployment (IP6FD)v3.0 © 2010 Cisco Systems, Inc,
FHRP for Load Balancing
Another use ofFHRP is to provide redundancy and load balancing for large access networks.
¡¡
FHRP for Load Balancing
Upstream Router 8
AVF
LocallP 2
Physical MAC 2
Access Network with

Clients LocallP 1
Physical MAC 1
Upstream Router A
AVGandAVF
Default gateway load balancing becomes applicable in large access networks. IPv6 is able to
accommodate a larger number of devices in ne(works. with the lower 64 bits ofthe I Pv6
address that is reserved for the host portion. This means that the aCcess subnets can potentially
be larger and contain more devices. which eventually generate much more traffic. Using GLBP,
you can configure several routers to act as default gateways for these networks and share the
load when forwarding the traffic upstream.
AII routers forward traffic, and they are called active virtual forwarders (AYFs) in GLBP
terminology. Only one l'Outer is responsible for load distribution, and it is called the active
virtual gateway (AYG). AII clients are configured with lhe IP address ofthe AYG as the default
gateway address.

&
FHRP for Load Balancing (Cont.)
Upstream Router B
New AVG and AVF
LoeallP 2
~,
Ph)Sieal MAC 2 . I
Access Net'NOrk with

CWents
Upstream Router A
FaiJed
If there is al1 A VO fai lure, ul10ther router becomes the AVO. If al1 AV F fai 15, the load 011 that
AVF router is distributed to other AVF routers. Every AVO l'Outer is al1 AVF router as well.
Interface Tracking
This subtopic explains the concept of interface tracking.
¡¡ IEl
FHRP Interface Tracking
Tracking 01 the interface line protocol state:

If the primary router Is still available, but its upstream link fails, the router
priority is reduced.
The standby router wlth a higher priority then can take over,
HSRP Rouler
Group 1
Clients Servers
The interface tracking feature of FHRPs is widely used, as it is often more probable that the
router uplink would fail mther the router itself. However, without using interface tracking,
FHRP would be unable to detect the loss ofa link.
The "helio l11essages" that the rauters send to each other to maintain the FHRP graup serve
only to detect a failed router but not a failed link. When using interface tracking to manipulate
rauter priority, the router with highest priority can natumlly take control of the group and be in
the forwarding path. Thus, FHRP role pre-emption must be enabled on all routers in the group.
© 2010 Cisco Systems, !ne. IPv6~Enabled Routing Protocols 4-103

HSRP for IPv6
This topic describes HSRP and the configuration steps in configuring HSRP for IPv6.
=
HSRP for IPv6
• Cisco offers an HSRP version for IPv6.

- This version uses Iink-locaIIPv6 addresses.
- Multicast router announcement messages are transmit!ed
to hosts in a subnet; HSRP transmits a router
announcement with a virtual link-local address.
• Virtual MAC address is derived from the HSRP group
number.
• Virtual link-local IPv6 address is derived from the virtual
HSRP MAC address.
• Periodic router announcement messages are sent with the
HSRP virtual link-local IPv6 address of the default gateway.
• HSRP virtual MAC address range:
- 0005.73aO.0000 to 0005.73aO.Offf
• Load sharing is implemented using multiple groups.
Cisco offers t\Vo FHRPs for the IPv6 protocol, HSRP and GLBP. HSRP anel GLBP function
similarly to their IPv4 counterpal1s, \Vith a few specifics based on IPv6.
HSRP for IPv6 uses link-locallPv6 addresses instead of global addresses.
~\
IPv6 hosts learn of available IPv6 routers through IPv6 neighbor discovery Router
Advertisement (RA) messages. These Illessages are Illulticast periodically, or they may be
solicited by hosts. HSRP is designed to provide only a virtual first hop for IPv6 hosts. The hosts
autoconfigure themselves to use a default gateway by learning the IPv6 address from the RA
messages. This is in contrast to IPv4, where an IPv4 default gateway must be configured
manually.
An HSRP IPv6 group has a virtual MAC address that is derived from the HSRP group number
and a virtual IPv6 link-local address that is. by default, derived from the HSRI' virtual MAC
address. Periodic RAs are sent for the HSRP virtualll'v6 link-local address when the HSRP
group is active. These RAs stop after a final RA is sent when the group leaves the active state.
RAs are sent only by the active HSRP router.
HSRP IPv6 Virtual MAC Address Range

HSRP IPv6 uses a different virtual MAC address block than does HSRP for 11':
0005.73AO.0000 through 0005.73AO.OFFF (4096 addresses)
HSRP IPv6 UDP Port Number

POli number 2029 has been assigned to HSRP IPv6.
4-104 IPv6 Fundamentals, Oesign, and Deployment (IP6FD) v3.0 © 201 o Cisco Systems, Ine.
HSRP Groups
I-ISRP for IPv6 is configured on a group ofroulers Ihal for111 an HSRP group. The same
interface can have multiple HSRP groups that are enabled to provide HSRP load sharing (for
example, for different VLANs, and so on). Based on the group number, an HSRP virtual MAC
address is derived, and from that address, an HSRP virtuallink-locallPv6 address is derived.
Load sharing on a LAN segment can be implemented using multiple HSRP groups, where each
group holds a virtual default gateway address. Assuming there are two routers on that LAN
segment, one router operates as active for the first HSRP group and standby for the second
group, while the other router operates as standby for the first group and active for the second
HSRP group.
Upon failure of one of the routers, the remaining router takes the load for both groups. As a
downside, approximately halfofthe c1ients need to have the virtual 11' address ofthe first
HSRP group tha! is set as the default gateway, and the other half ofthe clients need to have the
second virtual 11' address ofthe HSRP group that is set as the default gateway. Load
distribution is manual in this case.

HSRP Priority and Object Tracking
This subtopic describes enhancements to HSRP, such as priority configuration and object
trackillg configuratiol1.
1II 12
HSRP Priority Options
• Priority is a mechanism to control the election of the active

router in the HSRP group.
- The default priority is 100; a higher value represents a
belter priority.
- If both priorities are equal, then the first configured router
or the router with the highest IP address becomes active.
• Pre-emption settings define if the router should release the
active role, when another router with a higher priority
becomes available within the group.
• The standby router monitors the operational state of the
group.
I-ISRP uses a priority mechanism to determine which I-ISRP-configured router is to be the

default active router. To configure a rOllter as the active router, you assign it a priority that is
higher than the priority of all the other I-ISRP-configllred rOllters. The defalllt priority is 100, so
if yOll configure just one router to have a higher priority, that router will be the default active
router.
HSRP Election Process

When an HSRP group is configured, routers firsllisten fol' helio messages. Afier a period of
time, the routers stml to compete for the role of an active router, and the election process
begins. Routers agree on who will become the active router. This role is assumed by the router
with lhe highest priorily value, 01', ifthere are equal priorities, the one with the highest IP
address for Ihe respective group.
Note The router that is configured first becomes the active router for that group. Configuring
another router with a higher IP address afterward without the preempt option does not make
that router an active router. The router that is already active remains active despite the lower
IP address.
At the same time, another router is elected as the standby router (the router with the second-
highest IP address becomes the standby router).
Once the election process is finished, there is one active router and one standby router in the
I-ISRP group and other routers (ifthere are more than two routers in the group) that listen.
To 111inimize network traffic, only lhe active and standby routers send periodic I-ISRP
messages.
The standby router also monitors the operational status oflhe HSRP group.
4-106 IPv6 Fundamentals, Design. and Deployment (IP6FD) v3.0 © 2010 Cisco Systems, [ne.
11 121 liD!!!! !! !!IU:iUiLi!llllb 1;11111 lidl 1I 1II I! ,
HSRP Object Tracking Options
• An HSRP group can use object tracking to control priority

(and the active state).
• Objects that can be tracked:
- Router interfaces
_. Routes
.... IP SLA objects, and so on
• The lailure 01 an object decreases the priority 01 the router
within an HSRP group.
• When the priority decreases below the priority 01 a peer, the
peer router assumes the active role.
• Object tracking is used in combination with pre-emption
..
The standby tracking feature of HSRP enables cllstolllers to proactively cut over to a stand by
HSRP device ifthe upstream connection goes down (but the HSRP device is still active).
Apart from interface tracking, HSRP also supports the tracking of different objects that can
influence the active role selection:
• Interface line-protocol state: The interface line-protocol state is the same as the HSRP
tracking operation in prior releases. The tracking process is configured to track the line-
protocol state of the interface.
• Interface routing state: A tracked Ir routing object is considered operational when the
platfol"ln is routing IP, the interface line-protocol is operating, and Ir routing is enabled and
active 011 the interface.
• State of an Ir ronte (reachability): A tracked Ir route object is consiclered operational

and reachable when a routing table entry exists for the route and the route is not
inaccessible.
• Ir mute metric threshold: The Ir route metric threshold tracks the scaled metric value of
an Ir route to determine if it is above 01' below a threshold.
• Ir sel"\'ice level agl'eement (SLA) operations: HSRr tracks IP SLA operations for
reachability and thresholds.
© 2010 Cisco Systems, Ine. lPv6~Enabled Routing Protocols 4-107

Configuring and Monitoring HSRP for IPv6
This subtopic describes how to configure and monilor HSRP for IPv6 .
•
Configuring HSRP for IPv6
HSRP group 1 is configured with the following:

• Automatic virtual IPv6 address
• Priority
• Pre-emption
• Version 2 is needed for IPv6 HSRP
interfne/! faOIO interface faOIO

ipv6 Bddres6 2001:db81111::/64 oui-54 lpv6 address 2001IdbB:l:1:1/64 oui_64
standby vcrslon 2 stnndby verslon 2
standby 1 ipv6 nutocontig stnndby 1 ipv6 nutoconfig
standby 1 priority 110 standby 1 priority 100
standby 1 preempt stnndby 1 preempt
This figure shows a sample configuration of an HSRP gmup with two routers that share the
same LAN segment.
For IPv6 functionality, HSRP musl be set to operate the HSRP version 2.
The easiest way is to use Ihe autoconfig keyword. The muter will generale a virtual MAC
address from the HSRP group number (the number after the standby keyword), and Ihe muter
\ViII derive a link-locallPv6 address fmm it.
Priority and pre-emption settings are set so that the left muter has a higher priority than the
right one, and the left router will assume the active role whenever it is present (the priority and
preempt keywords).
Note HSRP for IPv6 can be configured using global addresses as well. This is useful lar injec!ing
the HSRP default gateway address in a routing prolocol where it is being carried lar several
hops. II the address is link-local, this raute is useless outside the local Layer 2 scope.
For access subnets (or LAN segments), HSRP is used with link-local addresses.
Monitoring HSRP
This sllbtopic describes how to monitor HSRP for IPv6.
1M ¡ S2f: ¡Ji Ud
Monitoring HSRP for IPv6
• Sample output on the primary router
RU $hQW standhy
f'a:¡;I;EtIHH:nf!>tO/O - (lcoup 1 (version 2)
State is Act! ve
2 state changas, last state change 2d23h
Vil::t.ual IP address 15 f~'~J~Jit~fU¡j~~
Active virtual RAe address ls 0005.73aO.0001
Local virtual HAC address 18 0005.7300.0001 (v2 IPv6 default)
HelIo time 3 see, hold time 10 see
Next. helIo sent in 1.360 sees
_l1li11_ _ _
preemption enabled
priority 100 (expires in 10.464 see)

priority 110 (configurad 110)
Group name 18 "hsrp-FaO/O-l" (default)
RlI
The show standby command is lIsed to monitor the state of an HSRP grollp. The example is
taken from an active HSRP router.
The active I-ISRP router also sends IPv6 mute advertisement messages, showing the virtual
IPv6 address as lhe default gateway:
*Apr 15 14:05:00.149: ICMPv6-ND: Sending RA from FE80::5:73FF:FEAO:l to
FF02::1 on FastEthernetO/O
*Apr 15 14:05:00.153: ICMPv6-ND: MTU = 1500
*Apr 15 14:05:00.157: ICMPv6-ND: prefix = 2002:1::/64 onlink autoconfig
*Apr 15 14:05:00.157: ICMPv6-ND: 2592000/604800 (valid/preferred)

Configuring Object Tracking
This subtopic explains how to configure HSRP ol~iect tracking.
a¡¡Ii mi
Configuring Object Tracking
• Configure tracking 01 various interfaces or SLA objects

Rl(config-if)#
standby group tracking option decrement num

• Configure priority decrement
Rl(config-if)lstandby 1 track ?
<1-500> Tracked object number
[ ... omitted ... 1
Dialer Dialer interface
f'astE:thernet FastEthernet IEEE 802.3
Loopback Loopback interface
Hult.ilink Hultilink-group interface
port-channel Ethernet. Channel of interfaces
Tunnel Tunnel interface
[ •.. om.:ltted ... 1
I-ISRP object tracking is configured using the standby track command along with a configured
dccr-cment value. Tracking is used to invoke a switchover even if the primal)' router is still
available on the LAN, bul the primal)' rauter had lost its uplinks and therefore it does not make
sense lo use it to carry traffic upstream.
Vou can (rack interfaces (configured directly) or track objects that are configured by a tracking
object firsl. Ifyou wish to track an IP SLA prabe, such as a probe that constantly pings an IP
address, you have to bind the probe to a tracking object firsl. The probe and tracking objects are
configured indirectly.
The decrement value specifies how much the priority of the primary rauter should be reduced
to switch over to the secondary rauter. The decrement value is subtracted from the HSRP
priority value, and when this value is belolV the priority of the neighbor, the Ileighbor assumes
the active role.
Most commonly, member interfaces of an EtherChannel 01' physical interfaces are tracked.
Note T o lea m more about HSRP object tracking, reler to the IPv4 HSRP conliguration guides.
4-110 IPv6 Fundamenlals, Design, and Deploymenl (IP6FD) v3.0 © 2010 Cisco Systems, lnc.
GLBP for IPv6
This topic describes GLBP and the configuration steps in configuring GLBP for IPv6.
¿¿¡¡¡ fui S&
GLBP Concepts
• Complete use of all rouler resources 'Nithout Ihe administrativo burden of

crealing rnultiple gloup.c;:
- Load sharing across several routers and upstream links
- Useful in areas with many cfients (mobile nelworks, and so en)
..• One delaul! gateway IP address
- Automaticrerouting in the event of any failure
GlBP Group
Active Router
,'C:;;':';" Virtual
Rouler
GLBP is a protocol that is developed by Cisco that is used to overcome the limitatious of HSRP
and Virtual Router Redundancy Protocol (VRRP) by adding load-sharing functionality.
GLBP performs a similar function for the user as HSRP. HSRP allows multiple routers to
participate in a virtual router group that is configured with a virtuallPv6 address.
HSRP stand by routers have bandwidth that is not used. Multiple virtual router groups can be
configured for the same set ofrouters: the hosts must be configured for different default
gateways (pointing to one router or another), which results in an extra administrative burden.
The advantage ofGLBP is that it provides load balancing over multiple routers (gateways)
using a single virtuallPv6 address and multiple virtual MAC addresses. The forwarding load is
shared among all routers in a GLBP group rather than being managed by a single router, while
the other routers stand id le.
© 2010 Cisco Systems, Inc. lPv6-Enabled Routing Protocols 4-111

GLBP Terminology
The following terms are used with OLBP.
GLBP Terminology
Term
GLBPgroup
GLBP gateway
VirtuallP address
Virtual MAC address
A OLBP group allows up to four virtual MAC addresses per group.

The AYO is responsible for assigning the viliual MAC addresses to eaeh member ofthe group.
Other group members request a virtual MAC address after they diseover the AYO through
helio messages.
Oateways are assigned the next MAC address in sequenee. A viliual forwarder that is assigned
a virtual MAC address by the A VO is known as a primary virtual forwarder. Other members of
the OLBP group leam the viliual MAC addresses from helio messages.
A virtual forwarder that has leamed the virtual MAC address is referred to as a seeonclary
virtual forwarder (SYF).
Active Virtual Gateway

Members of a OLBP group eleet one gateway to be the A YO for that group. Other group
members provide baekup for the AVO when the AYO beco mes unavailable. The AVO assigns
a virtual MAC address to eaeh member ofthe OLBP group. Eaeh gateway assumes
responsibility for forwarding paekets that are sent to the virtual MAC address, which is
assignecl to the gateway by the AVO. These gateways are known as AYFs for their virtual
MAC address.
The A YO is responsible for ans\Vering Address Resolution Protocol (ARP) requests for the
virtuallP address. The AVO achieves load sharing by replying to the ARP requests with
different virtual MAC addresses.
Active Virtual Forwarder

An individual A VF is assigned for eaeh virtual MAC address to forward the traffie for that
virtual MAC address.
GLBP for IPv6
This subtopic describes GLBP specifics for IPv6.
- ¿ ; ; i¡¡ Hit ,
GLBP for IPv6
• Same model maintained as in IPv4: one virtuallPv6 address,

multiple MAC addresses
• AVG redundaney:
.-. Primary and seeondary AVG are eleeted, others in
standby
- Eleetion-eontrolled using GLBP priority
• AVF redundaney: il an AVF lails, one 01 the seeondary routers
assumes its MAC address and traffie load
• Load balaneing using GLBP weighting: load balaneing using
one single virtual IPv6 and multiple MAC addresses
The GLBP feature provides automatic router backup for IPv6 hosts configured with a single
clefault gateway on an IEEE 802.3 LAN. Multiple first-hop routers on the LAN combine to
offer a single virtual first-hop IPv6 router while sharing the IPv6 packet forwarding load.
Each host is configurecl with the same virluallPv6 address, and all routers in the virtual router
group participale in forwarding packets.
AVG and AVF

GLBP assigns the primary router as the AVG and the secondmy router as the AVF. There can
be multiple AVFs that are active at the same time but only one AVO.
The benefits of using GLBP are as follows:
• Fast failove ..: GLBP cletects failures fast ancl reacts quickly so that end devices ancl
applications can continue to run as ifno failure occurred.
• Simple configuration: OLBP was designed to be easy to configl1l'e and to be ve,y similar
to HSRP.
GLBP fully utilizes resources (available bandwidth) without administrative burden by load
balancing across several routers while configuring only one clefault gateway on the servers.
In acldition to being able to set priorities on differenl gateway routers, GLBP also allows a
weighting parameter lO be se!. Load balancing is not based on traffic load, but mther on the
number ofhosts Ihal willuse each galeway router.
Multiple Virtual Routers

GLBP sllpports up lo 1024 virtual routers (OLBP groups) on each physical interface of a router
and up to four virtual forwarders per group.
© 2010 Cisco Systems, Ine. IPv6-Enabled Rouling Proloeols 4-113

GLBP Priority and Object Tracking
This subtopic explains the relationship among GLBP priority, weight. and tracking.
¿mi
GLBP Priority, Weighting, and Object
Tracking Options
• GLBP gateway priority

- Controls the election 01 AVG and SVG
-- Pre-emption needs to be enabled explicitly, disabled by
delault
• GLBP gateway weight
- Weight determines il the AVF lorwards packets
- Belowa cerlain threshold, AVF stops lorwarding packets
- Pre-emption enabled by delault
• GLBP tracking
- Inlluences the weight parameter
- By decreasing weight, it can stop an AVF Irom lorwarding
GLBP Gateway Priority

GLBP operates virtual gateway redundancy in the same way as HSRP. One gateway is elected
as the A VG, another gateway is elected as the standby virtual gateway (SVG), and the
remaining gateways are placed in a listen state.
The A VG is responsible for assigning vittual MAC addresses to the default gateway IPv6
address.
By default, the GLBP virtual gateway pre-emptive scheme is disabled. A backup virtual
gateway can beco me the A VG only if the current A VG fails, regardless of the priori ti es that are
assigned to the virtual gateways. You can enable the GLBP virtual gateway pre-emptive
schcme using the glbp pl'eempt command. Pre-emption allows a backup viltual gateway to
beco me Ihe AYG, ifthe backup vittual gateway is assigned a higher priority Ihan the current
AVG.
GLBP Gateway Weight

GLBP vittual forwarder redundancy is similar to virtual gateway redundancy with an AVF. If
the AVF fails, one ofthe SYFs in Ihe listen state assumes responsibility for the virtual MAC
address. GLBP migrates hosts away from the old forwarder.
GLBP uses a weighting scheme to determine the forwarding capacity of each router in Ihe
GLBP group. The weighting thal is assigned lo a router in the GLBP group can be used to
determine whether it \ViII forward packets and, ifso, the proportion ofhosts in the LAN for
which il will forward packets.
GLBP Tracking
The GLBP group weighting can be automatically adjusted by tracking the state ofan interface
within the router. If a tracked interface goes down, the GLBP group weighting is reduced by a
specified value.
Configuring GLBP for IPv6
This sublopic explains ho\V lo configure GLBP.
w
" 2 Ud
Configuring GLBP-Minimum
Essential GLBP configuration:

• Configured automatic virtual IPv6 address
• Priority and pre-emption for AVG
• Weighting and pre-emption for AVF is automatic
interface ho/O int.erface faO/O

ipv6 address 2001,db8:1:!:;/64 eul-64 ipv6 address 2001;db8:1:1::/64 eul-64
qlbp 1 ipv6 8utoconfiq glbp 1 lpv6 autoconfig
glbp 1 priorlty 110 glbp 1 priority 100
glbp 1 preempt glbp 1 preempt.
The GLBP is configured using glblJ commands in Ihe router interface configuration mode.
Each GLBP group is identified by the group number [" I "l.
The GLBP gateway priority determines the role that each GLBP gateway plays and the results
if the A VG fails.
Priority also determines if a GLBP router funclions as a backup virtual galeway and Ihe order
of ascendancy lo becoming an AVG ifthe current AVG fails. You can configure the priority of
each backup virtual gateway with a value of I through 255 using the glbp priority command.
The glbp preempt command regulales A VG (nol A VF) pre-emption.

111
Configuring GLBP-Advanced
GLBP weighting with

tracking:
• Conligured automatic
virtuallPv6 address
int.erface faO/O
• AVF weighting conligured lpv6 address 2001:db8:1:1:;/64 cul-54
qlbp 1 ipv6 aut.oconfig
- Weight below 95- glbp 1 priorit-y 110
ceaseAVF glbp 1 preempt.
glbp 1 wcighting 110 lower 95 upper 105
glbp 1 welght.lng track 2 decrement. 5
- Weight aboye 105- glbp 1 forwarder preempt
resume AVF role
crack 2 interface serial 1/0 line-protocol
• Object tracking configured
to influence weight
- Failure 01 tracking
object will decrease
weight by 5
By default, (he GLBP viltual forwarder pre-emptive schellle is enabled wilh a delay of30
seconds, A backup virlual forwarder can becol11e the AVF iflhe currenl AVF weighting falls
below Ihe low weighting threshold for 30 seconds.
Note You can disable Ihe GLBP forwarder pre-emptive scheme using the no glbp forwarder
preempt command or change the delay using the glbp forwarder preempt delay
mínimum command.
The cOl11l11and track (at the lasl line) configures a Iracking object; in this case, il is an interface
lo be tracked \Vhere changes in the state ofthe line prolocol \ViII affect the weighting ofa
GLBP gateway. This command configures Ihe interface and corresponding object number (2) lo
be used with the glbp weighting track command. The decrement value argument specifies a
reduclion in Ihe weighting ofa GLBP gateway when a lracked object fails.
The glbp weighting cOlllllland specifies Ihe inilial weighting value, as \Vell as Ihe upper and
lower Ihresholds, for a GLBP galeway. This command configures Ihe router to lake over as Ihe
AVF for a GLBP group ifthe currenl AVF for a GLBP group falls below ils low weighting
Ihreshold. This cOlllmand is enabled by defaull and has a delay of30 seconds. Iflhe weighling
value is belo\V 95, the rouler will cease to be the A VF. If the weighting value rises above 115,
the router will resume Ihe AVF role and will forward traffic.
Note For more informalion, refer lo Configuring Firsl Hop Redundancy Prolocols in IPv6 in Cisco
lOS configuration guides (listed under Resources).
4·116 IPv6 Fundamentals, Design, and Deployment (IP6FD)v3.0 © 2010 Cisco Systems, Ine.
Monitoring GLBP
-
This sllblopic describes lhe moniloring commands for GLBP.
&l
Monitoring GLBP for IPv6

'iU: JiJJ2 Lit iJ Mi
• Sample output on the

primary AVG ......••.•.~~,,~
Rl' show glbp

FII.S\:;EI:/terne\:;O!O - G:t"oup 1
State is Active
1 atate change, last ,tate chango 18:05:30
Virtual IP address isi~.91:'I,MJ(if¡mtW,ªE4,gm (auto-configurad)
HelIo time 3 sec, hold time 10 sec
r. .. omitted ... }
Active 18 local
Standby 18 FESO::CBOl:40FF:FEOB:8, prlority 100 (expires in 8.256 sec)
Priority 110 (conflgul."ed)
Heighting 100 (dofault 100), thresholdsl lower 1. upper 100
Load balancin9: round-robin
local
Porwnrder 1
State 15 Active
1 state chango, last state chango 18:05:20
HAC address 18 0001.b400.0101 (default)
OWner ID 18 caOO.40db.oOOa
[ ... omitted ... J
-u
The mosl lIseflll commands lo monilor GLBP operalion are show glbp and, in Ihe case of
inlerface lracking, show t ..ack.
For in-deplh moniloring ofGLBP, yOll can lIse Ihe following debllg commands:
• debllg condition glbp
• debllg glbp e....o ..s
• debllg glbp events
• debllg glbp packets

Summary
This topic sllmmarizes the key points that were disclIssed in this lesson.
1M
Summary
• FHRPs are used to provide default gateway redundancy.

• HSRP for IPv6 and GLBP for IPv6 are available and function
similarly to their IPv4 counterparts. Currently, there is no
VRRP for IPv6.
• GLBP provides for load balancing as well; all routers with
upstream connections can forward traffic. Only one router is
responsible for distributing the load.
• There are advanced options available, such as setting
priority, pre-emption, and interface tracking. Remember that
interface tracking inftuences priority in HSRP and weighting
in GLBP.
...... .. "-'
References
For additional information. refer to these reSOllrces:
• Cisco JOS IP,,6 COl/figura/iol/ Guide, Re/ease 12.4T. "Configllring First Hop Redllndancy
Protocols in IPv6"
http://www.cisco.com/cn/US/docs/ios/ipv6/configuration/gllide/ip6-1111.p.html#wp 1055254
• Cisco JOS IP App/ica/iol/ Services COI¡{rguratiol/ Guide, Re/ease 12.4, "FHRP Featllres
Roadmap"
http://www.cisco.com/cn/US/docs/ios/ipapp/configllration/gllide/ipapp_ fhrp _rm _1'56350_T
SD_Prodllcts_Configllratioll_GlIide_ Chapter.html#wp 1063089
Lesson 81
Configuring Route
Redistribution
Overview
This lesson discusses redistribution oflP version 6 (IPv6) routing information, differences
among various routing protocols, and changes in the behavior of redistribution compared to IP
version 4 (lPv4).
Objectives
Upon completing this lesson, you will be able to describe route redistribution. This ability
includes being able to meet these objectives:
• Describe route redistribution
• Describe PE-CE redistribution for service providers
Route Redistribution
This topic describes route redistribution.
• Used in diverse IGP and EGP environments

• Inserts routing information learned by one IGP into another
IGP or from an IGP into an EGP or vice versa
• IPv6 specifics:
• No network command used when configuring routing
protocols
• EIGRP will not include static routes covered with network
command
• Redistribution will not include directly connected
segments by default
IEGP: Exterior Gateway Protoco!
Roule redistribution is needed in an environment where more than one routing protocol is used
to convey reachability of a set of prefixes. The reasons for using heterogeneous routing
environment may vmy from device support to specific requirements by customers. Routing
information is not automalically shared between t\Vo routing protocols. It must be configured
explicitly with redistribution. When configuring redistribution, you may want to sel the metric,
beca use metrics in different routing protocols are incompatible.
IPv6 redistribulion is conceptually the samc as redistribution of IPv4 routes. However, due to
some differences in configuration, redistribution of IPv6 information works slightly differently.
In IPv6 routing, there are no network commands in routing protocol configurations for
inclusion of IPv6 interfaces. The exception to this rule is Border Gateway Prolocol (BGP), but
network command works differently in BGP.
As a consequence, the feature of Enhancecl Interior Gateway Routing Protocol CEIGRP), where
a static route pointecl to an interface coverecl by a network command was included in the
routing process, does not work for IPv6 routes.
Redistribution also cloes not include directly connected segments, even ifthey are covered by
an interior gate\Vay protocol (lGP) and are seen in IGP on other routers. This behavior differs
from the behavior off Pv4.
I1 iJ ¿ a 11 1!! Jti Jld I I .I11!11.l1I11111 1I !II 1111111 L ji Id JlLi
Connected
• Redistributes directly connected networks

• Redistribution without restriction is functionally equivalent to:
• Including all interfaces
• Setting all interfaces to passive
• Route map can be used for fine-grained control
router(config-rtr)ft
redistribute connected [rout.e-map route-map]
Conneeted segments ean be ineluded in a routing protocol in two ways. The first is by
aetivating a routing protoeol on the interface. The second is by redistributing connected
segments. The first method is necessary ifyou also want to establish neighborships on that
interf.1ce. If you do no~ the recommended practice is to set the interface into passive mode. The
combination of inclusion in the routing process and setting of passive mode on the interface is
elTectively the same as redistribution of connected routes. The difference lies in the way of
controlling the selection of segments. With the first approach, you control inclusion by enabling
01' disabling the routing protocol on an interface. With the second approach, you must use a
route map to select redistributed segments.
© 2010 Cisco Systems, Ine. lPv6-Enabled Routing Protocols 4-121

.¡LdiEE i21 ¡¡¡
Static
• Redistributes sta tic routes

• Selection 01 distributed routes can be either via:
• Route rnaps
• Route tags (with sorne protocols)
router(config-rtr)i
redistribute static [route-map route-map] [tag tag1
Static routing is the preferred method where networks are connected with single links. The lack
ofredundant links removes the requirement for path recalculation. Static routing is far less
complex (han dynamic routing and is available on all platforms. Where the part ofthe network
that uses static routing touches the dynamically routed network, it is necessary to redistribute
static routes into a routing protocol.
Redistribu(ion of static routes can be controlled with route maps, like connected routes. In
addition, some protocols (Open Shortest Path First [OSPF] and Intermediate System-to-
Intermediate System [IS-IS]) allow selection ofredistributed routes by tag value, directly.
Other protocols can also achieve this result, but you need to use route maps.
lULa: UJ_ 111111 la 3 3D
RIP and EIGRP
• Redistributes RIP or EIGRP routes

• Routes learned by RIP or EIGRP
• Routes that are in the routing table
• To also include connected segments, over which routing
protocol runs add the include-connected keyword
• Route map allows fine-grained control at route selection
router(config-rtr)#
redistribute rip [include-connected] [route-map route-map]
redistribut.e eigrp [include-connected] [route-map route-map}
Routing Information Protocol (RIP) and EIGRP are both distance vector protocols and have
similar redistribution commands. When RIP 01' EIGRP routes are redistributed, the router looks
in a routing table for al! entries that are learned by the protocol being redistributed. You can see
these routes by using the show ipv6 l'Oule rip 01' show ipv6 l'Oule eigrp commands. The
redislribution process does not inelude connected segments that are covered by RIP 01' EIGRP.
To include these segments, add the il1c1ude-col1necled parameter. As with the previous
redistribution, you can achieve fine-grained control with the use ofroute maps.
When redistributing into RIP 01' EIGRP, you can specify the metric ofredistributed routes.
With RIP, youneed to specify the number ofhops with the melric J¡01's parameter when
configuring redistribution. By default, redistributed routes \Viii have Ihe hop count set to 16,
making them unreachable.
Note Setting the melric to 15 at Ihe point 01 redistribution will make the metric on the neighboring
rouler 16, which will make it unreachable. The highest value that is uselul is thus 14. Setting
the redistribution metric to 14 will allow the routes to be propagated one hop Irom the
redistributing router.
With EIGRP, you have two options. You can specify the metric as yOll can with RIP when you
configure redistriblllion. With this approach, you can set different metrics for different routing
protocols. The second option is to specify a default metric ofredistributed routes with the
defaull-metric command. This option is, however, not necessary 1'01' redistribution 01'
connected !'Outes, which have the metric set to zero by default.

li JiiJ la
OSPFv3
• Redistributes OSFPv3 routes

• You can match on OSPF route type
• internat, externat, nssa-externat
• type 1, type 2
• More specific matching can be implemented via route maps
• When redistributing into OSPF, metric type can be specified
router(config-rtr)#
redistribute ospf [match {internal 1 external [112] 1
nssa-externa1 [112]}]
router(config-rtr)#
Iredistribute rip [metric-type {112}]
OSPF version 3 (OSPFv3), being a link state protocol, adds a few additional options to all the
options ofRIP and EIGRP. When redistributing OSPFv3, you can match directly on route type.
Options are Ihe following:
• Internal routes
• External !"Outes:
AII external !"Outes
Type I external !"Outes
Type 2 externa I !"Outes
• Not-so-stubby area (NSSA) external !"Outes:
AII NSSA external !"Outes
Type I NSSA external !"Outes
Type 2 NSSA external !"Outes
When redistributing into OSPFv3, you can specify metric type as well as cos!. The type can be
either I or 2. Type I external !"Outes are managed in the same way as any internal !"Oute. On
every hop, the cost of exit interface is added to the existing hop ofthe !"Oute. The cost of type 2
external !"Outes is not modified inside OSPF doma in. It remains the same. Type 2 is the default
type,
.81111 1I I 11111222 I! 112 1; 11 :: 2d &¿1I1iIiJ tilJ
Inclusion of Connected Segments
• Raute redistribution can be configured to redistribute learned rautes

only, or to redistribute both learned and locally attached rautes
Wilh Include·connected on RoulerB
Rout.ez:-A' ahO"d ipv6 ~·out.:c
OEl 2001:DB8:2:1/64 1110/20]

via FESO::CSOl:26FF:FEE3:a, WiHlout Include-connected on RoulerB
Fast:.Et:.hernet:.O/O Rout.erA' IIhen, .í.pv6 x-onb~
DE2 2001:I>B8:3:1/64 ¡110/20J
via FE80:IC801:26FF:FEE3:8, OE2 2001:D»8:3: :/64 1110/20]
FastEthcrnetO/O ",la FEBO::C801:26Ff':F'm::3:8,
L..;_ _ _ _ _ _ _ _ _ _ _ ~ f'ast.EthernetO/O
~--------------~
RoulerB
2001 :db8:1 ::/64 2001:db8:2::/64

2001:db8:3::/64
router(config-rtr)#
Iredistribute ••• include-connected
This figure gives an example ofCisco lOS Software behavior whenredistributing regarding
connected segll1ents,
Redistribution into OSPF is configured on RouterB, The figure shows the output of the show
ipv6 mute cOll1ll1and on RouterA, Ifthe inelude-connected keyword is used on RouterB, you
can see the presence of segll1ent 2001 :db8:2::/64 in the l'Outing table, This behavior is the
default in IPv4, but not in IPv6, The default IPv6 redistributionresult can be seen on the right
side ofthe figure, where you see only the LAN segment behind RouterC.
The default behavior is prefened in service provider environll1ents, where transit segll1ents are
usually ofno importance to the end custOll1er, Ifyour network requires these segll1ents to be
present in the routing table, you can get IPv4-like behavior by adding the inelude-connected
keyword to the redistribution cOll1ll1and when redistributing any dynall1ic routing protocol.
Note The IPv6 routing infrastructure can be set with only link-local addressing on the links
between the routers, This configuration increases security since il is nol possible lo attack a
rouler al its inlerface address unless Ihe at!acker is presenl on the local link. However, il
inhibils lroubleshooling because lools such as Iraceroule rnighl nol work correctly.
Requirements for l'Outes lo be redistribuled are as follows:

• The subnel is directly connecled on the rauter.
• The interface is included in the routing pracess Ihal is being redistributed.

IS-IS
• Redistributes IS-IS routes

• You can select which level of routing you wish to redistribute
or redistribute into:
• Level 1
• Level 2
• 80th Level 1 and 2
• When redistributing into IS-IS you can specify metric type
(intemal, external)
• Redistribution into IS-IS must be done within IPv6 address
family
router(config-router-af)'
redistribute i5is [{level-l I level-2 I level-1-2}]
[metric-type {internal I external}]
",¡"." , 'n,
IS-IS is a hierarchicallink-state routing protocol, like OSPF. You have all the options ofother
routing protoeols; you can select redistributed routes via tags, enforee fine-grained control with
route maps, and inelude connected segments, if desired.
Speeifieally, it is possible to control redistribution from and to different levels of IS-IS routing.
IS-IS uses Level2 routing instead ofOSPF backbone area O. Level2 routing takes care of
interarea routing. Level 1 routing routes trame inside one area.
When redistributing IS-IS, you can specify whether to redistribute Level 1 routes, Level 2
routes, or both. You can also specify into which level you are redistributing. Additionally, you
can set the metric type to either internal 01' externa!.
PE-CE Redistribution for Service Providers
This topic describes provider edge lo customer edge (PE-CE) redistribution for service
providers.
• Z II L
PE-CE Redistribution for Service
1M : ¡ ¡U; ¡ L ¡
Providers
• In a 6PE or 6VPE environment, there must be redistribution

configured on PE devices
IGP or Slatic
LAN
2001 :db8:2::/64
Redistribution
2001:db8:3::/64
• Routes to eustomer networks are introdueed into BGP from:

• EBGP
• Interior routing protoeol
• Sta tic routes
E8GP: ExtemalBorder Galeway Proloool
In a service provider environment. BGP is the routing protocol of choice because of its extreme
scalability, compared to other routing protocols, and the level of control available.
For IPv6 connectivity over Multiprotocol Label Switching (MPLS), currently the available
choices include Cisco IPv6 Provicler Edge Router (6PE) and IPv6 VPN Provider Edge Router
(6VPE) over MPLS.
In such scenarios. the routing inside the service provider network for customer prefixes will be
provided by BGP. The rouling between Ihe PE and CE can be anything that the service provider
and customer agree on. Most commonly. static routes are used for a simple single-homed
deployment, with dynamic routing used when more links are used for redundancy.

_la lB ¿¡¿
PE-CE Redistribution
6PE Configuration Example
interface FastEt:hernel: %
Redistributian af static route ipv6 address 2001:db8:2::2/64
interface FastEthernet: 0/1
ipv6 address 2001:db8:J::l/64
ipv6 route 2000::/3 2001,dbS:2::1
P PE
IGPor Static
LAN
2001:db8:2::164
2001 :db8:3: :164
intCl:face FastEthernet 010
ipv6 address 2001:db8:2;.1/64
router bgp 65001
neighbor 192.0.2.1 remate-as 65001
address-family ipv6
neighbor 192.0.2.1 send-label
redistribute static route-map ipv6-to-bgp
,ex it-addres s-fanl111'

ipv6 route 2001:dbSI3: 1/64 2001:db8:2::2
ipv6 prefix-list lpv6-customers permlt 2001:db8: :/32 gc 48 le 64
route-map lpv6-to-bgp perml!: la
match ipv6 address prefix-lisl: lpv6-customers
The figure shows an example af static PE-CE routing. Static routes are redistributed on the PE
router inlo BOP using a route map, which allows only prefixes assigned to customers. The
customer has a default route that is configured fOI" outbound traffie.
11m 111 lilI j lid Jii1112221211 UiJU.iIU][ i JI
PE-CE Redistribution
6PE Configuration Example 2
lnt.erfa.:::c FastBthe!;1\et. 010
lpv6 addreS8 2001:db8:2::2/64
ipv6 rlp VPU enable
Redistribution 01 RIP routes interface FastEchernet. 0/1
lpv6 address 2001:db8:3::1/64
ipv6 rlp VPN énable
lpv6 address lOOl:db8:2::1I64

ipv6 dp el erlable
lpv6 rip el default.-informat:.ion
rauter bgp 65001
nelghbor 192.0.2.1 remot.e-as 65001
address-fi'lll\ily ipv6
neighbor 192.0.2.1 actlvate
neighbor 192.0.2.1 send-label
redlstribute rlp el rout.e-map lpv6-to-bgp
ex lt-addres s-family
I
lpv6 prefix-llst lpv6-customers permit 2001:db8: :/32 ge 48 le 64
route-mnp lpv6-to-bgp permit 10
match lpv6 address preflx-llst lpv6_customers
This figure shows an example of dynamic routing setup. The service provider and the customer
are running RIP for IPv6 routing infonnation exchange. The customer advertises the LAN
segment, while the service provider advertises Ihe default route.
RIP is redistributed into BOP so that other PE rOllters knolV the location of cllstOl11er prefixes.
Redistribution is done with a route map to safegllard against introclllction of unwanted routes
into BOP.
© 2010 Cisco Systems, Ine. IPv6-Enabled Routing Protocols 4·129

Summary
This topie sllmmarizes (he key points that were disellssed in this lesson.
Summary
• Redistribution is used to convey routing information from one

routing protocol to another.
• Redistribution of connec!ed segments included in a routing
protocol differs from IPv4.
• Control over route redistribution is achieved with route maps.
• In a service provider environment, redistribution is commonly
performed on PE routers from the IGP to BGP.
Resources
For additional information, refer to these resollrees:
• Redisfribllfing ROl/fes in/o an IPv6 RIP ROl/fing Process
http://www.eiseo.com/en/US/does/ios/ipv6/configuration/guide/ip6-rip.html#wp I 04 J 72 7
Module Summary
This topic sU111111arizes tlle key points that were discussed in this 1110dule.
= iZ2 kiU ki
Module Summary
• RIPng is the IPv6-capable version 01 RIP.

• Upgrading to 08PFv3-the IPv6-capable version 01 the
08PF protocol-generated a nUl11ber 01 significant changes
to how the 08PF protocol behaves.
• Enhancements to the 18-18 protocol lor IPv6 enable using the
protocol in transitional networks. which is a critical
requirement lor IPv4 and IPv6 interoperability.
• 8upporting IPv6 is important lor the continued success 01
EIGRP. which is a widely used protocol proprietary to Cisco.
• IPv6 continues to use BGP. with a number of important
1110difications.
© 201 o Cisco Systems, Inc. IPv6-Enabled Routing Protocols 4-131

í
Module Self-Check
Use the questions here to review what you leal'l1ed in this module. The correet answers are
found in the Module Self-Cheek Answer Key.
QI) Which t\Vo meehanisms are the same in RIPv2 and RIPng? eChoose two.) (Souree:
Routing with RI Png)
A) d istanee vector algorithm
B) DUAL algorithm
C) maximum radius of 15 router hops end-to-end in the network
D) support for areas
Q2) Whieh eommands enable RIP for IPv6 in a network? eSource: Routing with RIPng)
A) interface FastEthentet O/O
ipv6 rip RIP5 enable
B) ipv6 router rip IUP5
network 192.0.2.0 netmask 0.0.0.255
C) ipv6 router ripng
network t 92.0.2.0/24
D) interface FastEthernet O/O
network 192.0.2.0 netmask 0.0.0.255
Q3) Whieh item represents similarities between OSPFv3 and OSPFv2? (Souree: Examining
OSPFv3)
A) support for IPv4 and I Pv6
B) support for IPv4 in the case ofOSPI'v2 and multiprotoeol support for OSPFv3
C) enabled per-link. ruther !han per-network, using network statements
D) link-sta!e routing protocols
Q4) Which ofthese features was removed from OSPFv2 for OSPFv3? eSource: Examining
OSPFv3)
A) area summarization
B) distance vector optimization process
C) authentication
D) periodic update proeessing
Q5) What does the term "single SPF" mean? (Souree: Examining Integrated IS-IS)
A) There is a single routing database for IPv4 and IPv6.
B) There are separate routing databases for IS-IS, but a single routing table.
C) The IPv4 and IPv6 topology must be identieal through the entire routing
domain.
D) The IPv4 and lPv6 topology must be eongruent throughout an IS-lS area
(Layer I links).
Q6) Under whieh submode are IPv6-speeifie IS-lS a!tributes eonfigured? (Souree:
Examining Integrated IS-IS)
A) address-family ipv6
B) interface FastEthel'l1etO/O
C) ipv6 router isis TAG I
D) is-is router TAG I

Q7) Which term describes generic EIGRP SUppOlt for multiple protocols? (Source:
Examining EIGRP for IPv6)
A) PIM6
B) EIGRP multiprotocol
C) EIGRP multitopology
D) protocol-dependent modules
Q8) Which command does EIGRP have that no other routing protocol has? (Source:
Examining EIGRP for IPv6)
A) ellahle IIlllltilevel
B) routillg eigrp ellahle
C) shutdowlI
D) hegill route redistrihlltioll
Q9) Which t\Vo new attributes support IPv6 in MP-BGP (BGP4+)? (Choose two.) (Source:
Understanding MP-BGP)
A) muItiprotocol destination
B) multiprotocol feasible
C) multiprotocolnetwork
D) muItiprotocolnext hop
E) multiprotocol reachable
F) multiprotocol subnet
G) multiprotocol successor
/-1) multiprotocol unreachable
Q I O) BGP peering over I Pv6 can be done using link-local addresses under \Vhich condition?
(Source: Understanding MP-BGP)
A) The peers are IBGP only; EBGP peering cannot be done over link-local
addresses.
B) The peers are within the same AS.
C) The peers have interfaces on the same subnet.
D) The peers have interfaces \Vithin the same site boundary.
Q 11) Which t\Vo tasks is BGP-prefix filtering used for? (Choose t\Vo.) (Source:
Understanding MP-BGP)
A) filtering prefixes before announcing them to BGP peers
B) filtering prefixes before accepting announcements from BGP peers
C) filtering prefixes afier accepting them locally but before passing them to IBGP
peers
D) filtering prefixes before redistributing them into an IGP
4-134 IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 © 201 OCisco Systems, Ine.
01) A.e
02) A
03) D
04) e
Q5) D
.~ 06) A
07) [)
08) e
09) 10,11
QIO) e
•- A,B
011)
© 2010 Cisco Systems, Ine. IPv6-Enabled Routing Prolocols 4-135


Cisco Ipv6 SG01

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Cisco Ipv6 SG01

Încărcat de

Drepturi de autor:

Formate disponibile

J

U Text Part Number: 97-2945-01

Amerlcas Headquarters Asia Pacific Headquarlers Europa Headquarters

Studen/s. /his /etfer describes important

Cisco S)'stems Learning

IPv6 Services 3-1

Changes Made to IS-IS to Support IPv6 4-40

Learner Skills and Knowledge

Learner Skills and Knowledge

• Cisco CCNA® certification:

IPv6 Fundamenlals. Design, and Oep!oyment

,:t"(_'.',,, ~ " ,H,,'., V"

© 2010 Cisco Systems, Inc. Course Introduction 3

Cisco Icons and Symbols

Cisco lOS Router Multilayer Workgroup

Cisco Glossary of Terms

Explaining the Rationale for

IP Address Allocation and History

• Address pool usage introduced conservation and optimization efforls,

1981: lPv4 published 100.00%

Note A 18 is equivalent to a Class A block 01 IPv4 addresses, or 16 million IP addresses. A 116 is

Temporary or semipermanent connections, such as dialup or cable-modem xDSL, whieh are

© 2010 Cisco Systems, Inc. Introduction to IPv6 1-5

IPv4 Improvement Opportunities

Three decades of IPv4 use have identified several

© 2010 Cisco Systems, Inc. lntroduction to IPv6 1-7

Short History of IPv4

1969 - r- OARPA is commissioned by Ihe DaD for research networking.

1972 - f- Firsl public test of ARPANET held al Icce in Washington, D.C.

1974 - f- Kahn and Cerf pUblish the delails tor Te?

1981 -:- IPv4 specification 1s published in RFC 791.

1991 -¡- World Wide Web is developed.

1993 -~ Masaje i5 released.

1993 -f- CIDR published, RFC 1519.

1994 -r- NAT developed, RFC 1631.

1996 -r- Privale IP address space, RFC 1918.

2001 -r 50% of IPv4 32~b¡t address space alloeated.

2005 - t- 75% of IPv4 32-bit address space aHceatad.

2009 -1- First "serious" IP address shortage. also in "developed" countries.

Short History of IPv6

1990 - - Exhaustion of IPv4 Class B by 1994 predicted.

1994 - - NAT RFC approved (RFC 1631-now out of dale).

1995 - - Firsl specificalion: RFC 1883.

1996 - - 6bone slarted.

1998 - - Firsl IPv6 exchange: 6tap.

2006 - - 6bone closed.

2009 - Firsl FeS of IPv6 UCS.

© 2010 Cisco Systems, Ine. Introduction to IPv6 1-9

What About IPv5? ~""Iov,

• IPv5 is the IP number 01 the Internet Strearn Protocol,

ST2 is designecl to coexist with IP on each node. A typical distribuleclmultimedia application

IPv4 Exhaustion Workarounds

• To extend the lifetime and usefulness of IPv4 and circumvent

© 2010 Cisco Systems, Ine. Introduction to IPv6 1-11

Network Address Translation

• NAT provides a way to use a public external address to

10.10.10.20 10.10.10.21 10.10.10.1

© 2010 Cisco Systems, Ine. Introduclion to IPv6 1-13

Network Address Translation (Cont.)

NAT has additional implications:

These are other negative implications ofNA T:

NAT Inhibits Access to Internal Servers

• When many internal servers need to be reachable from