With the exhaustion of IPv4 addresses, the transition of networks to IPv6 has become a real emergency. Then, what is the correspondence of the network equipment? We asked about the IPv6 support of Cisco Systems (hereafter referred to as Cisco), the largest network company, to the extent of the knowledge of the person in charge.
10 Years of IPv6 Support
Cisco has a long history of supporting IPv6, and the Cisco IOS prototype was completed in 1999. Of course, before that, the IETF working group was also promoting standardization as a core member. Considering that the KAME project, which is a representative example of IPv6 development in Japan, started in 1998, it will be one of the oldest in terms of IPv6 support. Initially, IPv6 was implemented on software routers such as the "Cisco 7200/3600," and then supported by the core router "Cisco 12000 GSR series." In 2000, it was already announced as an end-to-end IPv6-enabled solution.
Cisco Systems Service Provider System Engineering SP Architecture Senior Consulting System Engineer Mr. Moroko Tsuchiya
Mr. Moroko Tsuchiya of Cisco Service Provider Systems Engineering said, ``At first, it was a simple thing, such as using a 128-bit IPv6 address for routing like RIP or IPv4 tunneling. Until about 2020, we had them use IPv6 in the form of EFT (Enduser Field Testing)," said Mr. Tsuchiya, looking back on the initial IPv6 support.
Cisco IOS 12.2T, released in 2001, was the first commercial version to support IPv6. "In 2003, like IPv4, IPv6 could also be realized by switching processing using CEF (Cisco Express Forwarding)," said Mr. Tsuchiya. implements hardware support. Since then, IPv6 hardware processing has been enabled as standard. In addition, in terms of functionality, in addition to routing protocols used in large-scale environments such as OSPF and IS-IS, it was around 2003 that support for "6PE", which runs IPv6 over MPLS, was promoted. Speaking of 2003, the US Department of Defense (DoD) announced the adoption of IPv6, and it was the time when companies began to make full-fledged efforts to support IPv6.
Cisco's commitment to IPv6
Following the Catalyst 6500 for large enterprises and routers for service providers, Catalyst switches for enterprises are also IPv6 compatible. In the case of L3 switches, forwarding processing is based on ASIC, so IPv6 support in hardware is essential. "The Catalyst 3750 in 2004 was the first ASIC to support it, and since then we have increased the number of compatible models as needed," says Tsuchiya. Looking at it this way, around 2004, the underlying routers and switches were capable of even hardware forwarding of IPv6.
The point of Cisco's support for IPv6 is "investment protection." Mr. Takehiko Mizutani of Cisco Technical Development says, "Since 2001, we have been working on hardware support, but of course many existing models are in actual use. , IPv6 can be handled by software.Then, at the next infrastructure update, you can buy a model that supports hardware.”(Mr. Mizutani) Emphasize. As for licenses, many products have licenses that allow IPv6 to be used as standard.
Mr. Takehiko Mizutani, Product Manager, Product Management, Technical Development, Cisco Systems
What about management? What about DHCP and ACLs?
Protocols for management, security, redundancy, etc. have also been made compatible with IPv6. “In the case of Cisco, we were promoting IPv6 support with the idea of not affecting the customer environment, so we first responded to things with high needs such as tunneling and 6PE, and from around 2005 SNMP, Syslog, etc. We proceeded with the support for "(Mr. Tsuchiya)."
Regarding the distribution of IP addresses to terminals, in the case of IPv6, in addition to the fixed assignment method, DHCP assignment method, and RA (Router Advertise), there is also a method of automatically configuring the address. Also, DHCP-PD that can receive the prefix (network part) obtained from the provider etc. is prepared. All of them are already supported by Cisco, and are said to have been introduced in actual commercial services.
Also, protocols such as HSRP, GLBP, and VRRP support IPv6 from an early stage as protocols for device and path redundancy. Mr. Tsuchiya said, "There was talk in 2001 that 'redundancy protocols were not necessary' because all you need to do is look up the default route with RA," said Mr. Tsuchiya. Recently, support for "Universal VRRP", which can use both IPv4 and v6, is progressing.
From 12.2, IPv6 addresses can also be written in ACLs (Access Control Lists) that perform filtering. In normal filtering, ICMP is subject to filtering because of Implicit Deny. However, with IPv6, ICMPv6 is used for address resolution and duplication, so filtering may hinder the use of the network. Therefore, Cisco says that the default setting is to pass ICMPv6. TCAM can also be used for high-speed filtering on memory, but "in some cases, settings such as compression of common parts of too long addresses may be necessary," says Akiyama. This is something that should be confirmed at the time of installation, as it varies depending on hardware support and other factors.
Cisco Systems Service Provider System Engineering SP Architecture Customer Solution Architect Mr. Shigeru Akiyama
In terms of security, IPv6 support is being promoted not only for routers and switches, but also for PIX Firewall. "In the case of operating systems such as Windows 7 and Vista, which run IPv6 by default, there are cases where a tunnel is set up without permission. There is a possibility that a backdoor of IPv6 may be opened without your knowledge. , we have to reconsider our policy properly,” said Mizutani. In response to this, ACL has been expanded, and recently Flex Packet Matching, which can detect tunneling, and NBAR (Network-Based Application Recognition), which realizes application identification independent of protocol numbers based on filtering and QoS, are also available. ing.
It is handled in the same way as IPv4, but...
At present, IPv6 solutions such as data centers, mobile, wireless, and broadband are being expanded, and IPv6 support for UC and personal applications is being promoted. ing. Support for IPv6 has moved to upper layers. In addition, the development team and testing team are conducting one-by-one verifications on the actual network so that such full IPv6 support is not just a piece of cake. Configurations that have been validated and become best practices are published as "Cisco Validated Designs."
From IPv6 support in hardware to applications
Because of its long history, it has many installation records in Japan. IPv6 has already been implemented in the backbone part, and the issue is likely to be IPv6 compatibility in customer equipment (CPE).
Certification exams also include IPv6 related items from CCNA, CCNP, and CCIE. The operation method is basically the same as IPv4, "IPv4 has the highest priority, so it is necessary to specify IPv6, but the command system is almost the same including ACL etc. However, since it is 128 bits, the appearance of the routing table is different. For example, many addresses are assigned to the interface, and there are parts that are confusing," said Mr. Tsuchiya. One of the features of IPv6 is plug-and-play, which does not require any configuration by the end user. Bit addresses still seem inevitable.