Already over 10 years!I tried to push IPv6 support of Cisco products

With the exhaustion of IPv4 addresses, the IPv6 transition of the network has really waited. So what is the response of network devices? I asked Cisco Systems (hereafter, Cisco), the largest network company, about IPv6 support to the extent of the knowledge of the person in charge.

A 10-year history of IPv6 support

Cisco has a long history of supporting IPv6, and the prototype in Cisco IOS dates back to 1999. Of course, even in the IETF working group before that, standardization was being promoted as the center of the members. Considering that the KAME project, which is a representative example of IPv6 development in Japan, started in 1998, it will be one of the oldest in IPv6 support. Initially, IPv6 was implemented on a software router such as the "Cisco 7200/3600", and then supported by the core router "Cisco 12000 GSR series". In 2000, it was already announced as a solution that enabled IPv6 end-to-end.

Cisco Systems Service Provider System Engineering SP Architecture Senior Consulting System Engineer Mr. Shigeo Tsuchiya

Mr. Shigeo Tsuchiya of Cisco Service Provider System Engineering said, "Initially, it was as simple as using 128-bit IPv6 addresses for RIP-like routing and IPv4 tunneling. From 2000 to 2003. In the meantime, I asked them to use IPv6 in the form of EFT (Enduser Field Testing) "(Mr. Tsuchiya), looking back on the initial IPv6 support.

As a commercial version, Cisco IOS 12.2T released in 2001 supported IPv6 for the first time, but the performance did not improve easily at the software level, and the speedup by hardware was promoted. "In 2003, like IPv4, IPv6 can be realized by switching processing by CEF (Cisco Express Forwarding)" (Mr. Tsuchiya), so high-end routers such as Cisco 12000/10000 and CRS-1 etc. Implements hardware support. After that, IPv6 hardware processing is possible as standard. In terms of functionality, in addition to routing protocols used in large-scale environments such as OSPF and IS-IS, support for "6PE", which sends IPv6 over MPLS, was promoted around 2003. 2003 was the time when the US Ministry of Defense (DoD) announced the adoption of IPv6, and each company began to fully support IPv6.

Cisco's commitment to IPv6

Following the Catalyst 6500 for large enterprises and routers for service providers, the Catalyst switch for enterprises has also advanced IPv6 support. In the case of L3 switch, transfer processing is ASIC-based, so IPv6 support in hardware is essential. "The first ASIC support was the 2004 Catalyst 3750, and since then we have increased the number of compatible models," said Mr. Tsuchiya. Looking at it in this way, around 2004, it was possible to transfer IPv6 hardware with the underlying routers and switches.

The key to Cisco's IPv6 support is "investment protection," he said. Mr. Takehiko Mizutani of Cisco Technical Development said, "We have promoted hardware support since 2001, but of course many existing models are actually in operation. Even in such cases, if tunneling is used, the existing IPv4 infrastructure can be used as it is. , IPv6 can be handled by software. And when the next infrastructure update, you can replace it with a hardware-compatible model. "(Mr. Mizutani), the coexistence of IPv4 and IPv6 and the ease of migration. Emphasize. Regarding licenses, many products have IPv6 as a standard license.

Cisco Systems Technical Development Product Management Product Manager Takehiko Mizutani

What about management? What about DHCP and ACL?

Protocols such as management, security, and redundancy have also advanced IPv6 support. "In the case of Cisco, we were promoting IPv6 support with the idea of ​​not affecting the customer's environment, so we first responded to tunneling and other things with high needs such as 6PE, and from around 2005, SNMP, Syslog. "We have promoted support for" (Mr. Tsuchiya).

Regarding the distribution of IP addresses to terminals, in the case of IPv6, there are methods such as fixed allocation, DHCP allocation, and automatic address configuration by RA (Router Advertise). In addition, DHCP-PD that can receive the prefix (network part) obtained from the provider etc. is also available. All Cisco is supported and is being deployed in real-world commercial services.

In addition, as a device and route redundancy protocol, protocols such as HSRP, GLBP, and VRRP support IPv6 from an early stage. "Since we only have to check the default route with RA, there was a talk about" redundancy protocol is unnecessary "around 2001, but it was actually necessary" (Mr. Tsuchiya), and we were the first to support it. Recently, it is said that support for "Universal VR RP" that can use both IPv4 / v6 is progressing.

The ACL (Access Control List) that performs filtering can also describe IPv6 addresses from 12.2. With normal filtering, ICMP etc. are filtered because it is Implicit Deny. However, in the case of IPv6, since ICMPv6 is used for address resolution and duplication, filtering may hinder the use of the network. Therefore, Cisco says that it is set to pass ICMPv6 by default. TCAM, which filters at high speed in memory, can also be used, but "in some cases, it may be necessary to make settings such as compressing the intersection of addresses that are too long," Akiyama said. It is said that this is a matter to be confirmed at the time of introduction because it differs depending on the hardware support and so on.

Cisco Systems Service Provider System Engineering SP Architecture Customer Solutions Architect Shigeru Akiyama

Regarding security, not only routers and switches, but also PIX Firewall, etc. are promoting IPv6 support. "In the case of an OS that runs IPv6 as standard, such as Windows 7 and Vista, there are cases where you go to the tunnel without permission. Since the backdoor of IPv6 may be opened without your knowledge. , I have to rethink the policy properly "(Mr. Mizutani). For this, Flex Packet Matching, which extends ACL and can detect tunneling, and NBAR (Network-Based Application Recognition), which realizes application identification independent of protocol number on the premise of filtering and QoS, are also available. ing.

The handling is the same as IPv4, but ...

Currently, it is expanding IPv6 solutions such as data centers, mobile, wireless, and broadband, and is promoting IPv6 support for UC and personal applications. IPv6 support has moved to higher layers. In addition, it is said that the development team and the testing team are conducting verifications on the actual network one by one so that such full IPv6 support does not become a picture. The configuration that has been verified and has become a best practice is published as "Cisco Validated Design".

From hardware IPv6 support to applications

Since it has a long history, it has been introduced in Japan a lot, and "many service providers are already operating in dual stacks and tunnels" (Mr. Mizutani). IPv6 has been realized considerably in the backbone part, and it seems that the issue will be IPv6 support in the customer premises equipment (CPE).

Regarding the certification test, IPv6 related items are included up to CCNA, CCNP, and CCIE. The operation method is basically the same as IPv4, "IPv4 has the highest priority, so IPv6 needs to be specified, but the command system is almost the same including ACL etc. However, since it is 128 bits, the appearance of the routing table is different. There are also parts that are confusing, such as the assignment of multiple addresses to the interface, "says Mr. Tsuchiya. Plug and play that end users do not need to set is also a feature of IPv6, but "engineers will have to get used to the hexadecimal system and handle addresses a little" (Mr. Tsuchiya), 128 Bit addresses still seem inevitable.