Enviar búsqueda
Cargar
Shmcfarl slb66-slb64-nat64-proxy
•
2 recomendaciones
•
3,115 vistas
S
Shannon McFarland
Seguir
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 23
Descargar ahora
Descargar para leer sin conexión
Recomendados
2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition
Johnson Liu
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grossetete
Febrian
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
IPv6no
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway Meeting
IPv6no
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
Digicomp Academy AG
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
IKT-Norge
IPv6 in 3G Core Networks
IPv6 in 3G Core Networks
John Loughney
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000
Vinod Kumar Balasubramanyam
Recomendados
2011 TWNIC SP IPv6 Transition
2011 TWNIC SP IPv6 Transition
Johnson Liu
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grossetete
Febrian
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
IPv6no
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway Meeting
IPv6no
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
Digicomp Academy AG
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
IKT-Norge
IPv6 in 3G Core Networks
IPv6 in 3G Core Networks
John Loughney
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000
Vinod Kumar Balasubramanyam
1 asr9 k platform architecture
1 asr9 k platform architecture
Thanh Hung Quach
Hacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian Domínguez
Eventos_PrinceCooke
I pv6 autoconfig20c
I pv6 autoconfig20c
Frederic Bovy
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Cisco Canada
To Infiniband and Beyond
To Infiniband and Beyond
Boston Consulting Group
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
IPv6no
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Cisco Russia
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6no
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
IPv6no
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Canada
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Bruno Teixeira
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Erik Ginalick
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Shixiong Shang
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IBM India Smarter Computing
Advances in IPv6 Mobile Access
Advances in IPv6 Mobile Access
John Loughney
Integrate steelhead into iwan
Integrate steelhead into iwan
luis2203
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
Alex Gorbachev
Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011
John Loughney
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Cisco Russia
mpls CNNA.pdf
mpls CNNA.pdf
JamiUllah1
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
IPv6no
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013
Affan Basalamah
Más contenido relacionado
La actualidad más candente
1 asr9 k platform architecture
1 asr9 k platform architecture
Thanh Hung Quach
Hacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian Domínguez
Eventos_PrinceCooke
I pv6 autoconfig20c
I pv6 autoconfig20c
Frederic Bovy
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Cisco Canada
To Infiniband and Beyond
To Infiniband and Beyond
Boston Consulting Group
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
IPv6no
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Cisco Russia
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6no
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
IPv6no
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Canada
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Bruno Teixeira
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Erik Ginalick
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Shixiong Shang
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IBM India Smarter Computing
Advances in IPv6 Mobile Access
Advances in IPv6 Mobile Access
John Loughney
Integrate steelhead into iwan
Integrate steelhead into iwan
luis2203
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
Alex Gorbachev
Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011
John Loughney
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Cisco Russia
La actualidad más candente
(19)
1 asr9 k platform architecture
1 asr9 k platform architecture
Hacia el Data Center virtualizado- Fabian Domínguez
Hacia el Data Center virtualizado- Fabian Domínguez
I pv6 autoconfig20c
I pv6 autoconfig20c
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
Fiber Channel over Ethernet (FCoE) – Design, operations and management best p...
To Infiniband and Beyond
To Infiniband and Beyond
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Google and IPv6: Steinar H. Gunderson, Software engineer, Google
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
Unified MPLS. Построение современных и масштабируемых MPLS-сетей.
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Norway - IPv6 World Leader: Tore Anderson, IPv6 guru, Redpill Linpro
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Connect Montreal 2017 - Segment Routing - Technology Deep-dive and Adva...
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
IPv6 In z/VSE:IBM z/VSE Live Virtual Class 2012
Advances in IPv6 Mobile Access
Advances in IPv6 Mobile Access
Integrate steelhead into iwan
Integrate steelhead into iwan
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
UTHOC2 - Under The Hood of Oracle Clusterware 2.0 - Grid Infrastructure by Al...
Advances in IPv6 in Mobile Networks Globecom 2011
Advances in IPv6 in Mobile Networks Globecom 2011
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Similar a Shmcfarl slb66-slb64-nat64-proxy
mpls CNNA.pdf
mpls CNNA.pdf
JamiUllah1
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
IPv6no
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013
Affan Basalamah
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
gogo6
IPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
Swiss IPv6 Council
SRv6-TOI-rev3i-EXTERNAL.pdf
SRv6-TOI-rev3i-EXTERNAL.pdf
YunLiu75
3hows
3hows
Haris Padinharethil
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH Switzerland
Swiss IPv6 Council
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
Erik Ginalick
Ventajas de IPv6
Ventajas de IPv6
Eduardo Castro
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
PROIDEA
I pv6 tutorial
I pv6 tutorial
Fred Bovy
Testing PPT
Testing PPT
ankur14vicky
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
APNIC
Getting started with IPv6
Getting started with IPv6
Private
Operational Issues inIPv6 --from vendors' point of view--
Operational Issues inIPv6 --from vendors' point of view--
Shinsuke SUZUKI
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
APNIC
IPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a Nutshell
Fred Bovy
Варианты практической реализации стратегии миграции к IPv6.
Варианты практической реализации стратегии миграции к IPv6.
Cisco Russia
Segment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use Cases
Cisco Canada
Similar a Shmcfarl slb66-slb64-nat64-proxy
(20)
mpls CNNA.pdf
mpls CNNA.pdf
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
50 billion connected wireless devices... IPv6, anyone?: Fredrik Garneij, Syst...
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
IPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
SRv6-TOI-rev3i-EXTERNAL.pdf
SRv6-TOI-rev3i-EXTERNAL.pdf
3hows
3hows
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH Switzerland
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
Ventajas de IPv6
Ventajas de IPv6
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
PLNOG 6: Robert Raszuk, Nana Ogawa - FIB table saving technique (with simple ...
I pv6 tutorial
I pv6 tutorial
Testing PPT
Testing PPT
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
Getting started with IPv6
Getting started with IPv6
Operational Issues inIPv6 --from vendors' point of view--
Operational Issues inIPv6 --from vendors' point of view--
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
IPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a Nutshell
Варианты практической реализации стратегии миграции к IPv6.
Варианты практической реализации стратегии миграции к IPv6.
Segment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use Cases
Último
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
FIDO Alliance
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
BrainSell Technologies
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
UK Journal
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
FIDO Alliance
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
Syngulon
Overview of Hyperledger Foundation
Overview of Hyperledger Foundation
Hyperleger Tokyo Meetup
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
中 央社
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
IES VE
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Neo4j
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Leah Henrickson
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
FIDO Alliance
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
FIDO Alliance
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
Mark Billinghurst
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
IES VE
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
Mark Opanasiuk
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
GDSC PJATK
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
Stephanie Beckett
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
panagenda
Último
(20)
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
Overview of Hyperledger Foundation
Overview of Hyperledger Foundation
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Shmcfarl slb66-slb64-nat64-proxy
1.
Cisco Solutions for
Content Access in the DC/ Internet Edge Cisco Public
2.
Dual Stack the
DC and Internet Edge Internet Dual stack the same ISP 1 ISP 2 network you have If not, do just enough Edge Router IPv6-only to get you going Most design elements Outer Switch should be the same as with IPv4 (minus pure Security NAT/PAT) Services Enterprise Core You may have to embrace SLB64/ Proxy/NAT64 for IPv4- Inner switching/ only apps DMZ/Server Farm SLB/Proxy/ Compute Internal Enterprise © 2010 Cisco and/or its affiliates. All rights reserved. Web, Email, Other Cisco Public 2
3.
What if I
Can’t Dual Stack My Edge? Server Load Balancer Stateful NAT64 Proxy IPv6 IPv6 IPv6 Internet Internet Internet IPv6 IPv6 IPv6 -Apache -MSFT PortProxy IPv4 IPv4 IPv4 IPv4-only Host IPv4-only Host IPv4-only Host © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4.
ACE + IPv6
/ ASR + NAT64 ACE SLB66 ACE SLB64 v6 v4 v6 v6 v6 v4 v6 v4 A5(1.0) (ACE30, ACE4710) A5(1.0) (ACE30, ACE4710) Stateful NAT64 + SLB44 v6 v4 v4 server © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
5.
ACE SLB66 –
One Arm Mode 2001:db8:cafe:10::17 v6 VIP: 2001:db8:cafe:12::ace3 SNAT: 2001:db8:cafe:12::beef v6 2001:db8:cafe:12::15 2001:db8:cafe:12::25 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6.
Cisco ACE –
Context Definition Interface Configuration (Admin Context) interface gigabitEthernet 1/1 channel-group 1 no shutdown interface gigabitEthernet 1/2 channel-group 1 no shutdown interface port-channel 1 switchport trunk allowed vlan 11-13 port-channel load-balance dst-ip Define WEB-V6 Context no shutdown context WEB-V6 allocate-interface vlan 12 interface vlan 13 ipv6 enable ip address 2001:db8:cafe:13::ace1/64 ip address 10.121.13.100 255.255.255.0 no shutdown ip route 0.0.0.0 0.0.0.0 10.121.13.1 ip route ::/0 vlan 13 fe80::5:73ff:fea0:2 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7.
WEB_V6 Context -
MGMT class-map type management match-any mgmt-cm 2 match protocol xml-https any 3 match protocol https any 4 match protocol ssh any 5 match protocol snmp any 6 match protocol icmp any 7 match protocol http any 8 match protocol telnet any class-map type management match-any mgmt-cm-v6 2 match protocol icmpv6 anyv6 policy-map type management first-match MGMT class mgmt-cm permit class mgmt-cm-v6 permit interface vlan 12 service-policy input MGMT IP Access through the Cisco ACE access-list EVERYONE line 10 extended permit icmp any any access-list EVERYONE line 20 extended permit ip any any access-list EVERYONE-v6 line 8 extended permit icmpv6 anyv6 anyv6 access-list EVERYONE-v6 line 16 extended permit ip anyv6 anyv6 interface vlan 12 access-group input EVERYONE access-group input EVERYONE-v6 its affiliates. All rights reserved. © 2010 Cisco and/or Cisco Public 7
8.
WEB_V6 Context Specific
Configurations class-map match-all WEB_V6_VIP probe icmp PING_V6_PROBE 2 match virtual-address 2001:db8:cafe:12::ace3 tcp eq www ip address 2001:db8:cafe:12::25 interval 15 policy-map type loadbalance first-match WEB_V6_SLB passdetect interval 60 class class-default! probe http WEB_V6_PROBE serverfarm WEB_V6_SF! interval 15 ! passdetect interval 5 policy-map multi-match WEB_V6_POL request method get url /welcome.png class WEB_V6_VIP expect status 200 200 loadbalance vip inservice open 1 loadbalance policy WEB_V6_SLB rserver host WEB_V6_1 loadbalance vip icmp-reply active ip address 2001:db8:cafe:12::25 nat dynamic 1 vlan 12 inservice rserver host WEB_V6_2 interface vlan 12 ip address 2001:db8:cafe:12::15 ipv6 enable inservice ip address 2001:db8:cafe:12::ace1/64 serverfarm host WEB_V6_SF access-group input EVERYONE predictor leastconns slowstart 300 access-group input EVERYONE-v6 probe PING_V6_PROBE nat-pool 1 2001:db8:cafe:12::beef probe WEB_V6_PROBE 2001:db8:cafe:12::beef/128 pat rserver WEB_V6_1 service-policy input MGMT inservice service-policy input WEB_V6_POL rserver WEB_V6_2 inservice ip route ::/0 vlan 12 Cisco Public fe80::5:73ff:fea0:2 © 2010 Cisco and/or its affiliates. All rights reserved. 8
9.
Health Monitoring (Probes)
- ICMP ace-4710-1/WEB-V6# show probe probe : PING_V6_PROBE type : ICMP state : ACTIVE ---------------------------------------------- port : 0 address : 2001:DB8:CAFE:12::25 addr type : TRANSPARENT interval : 15 pass intvl : 60 pass count: 3 fail count: 3 recv timeout: 10 ------------------ probe results ------------------ associations ip-address port porttype probes failed passed health ------------ ----------------------+----+--------+------+------+------+------ serverfarm : WEB_V6_SF real : WEB_V6_1[0] 2001:DB8:CAFE:12::25 0 PROBE 6 0 6 SUCCESS © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10.
Health Monitoring (Probes)
- HTTP probe : WEB_V6_PROBE type : HTTP state : ACTIVE ---------------------------------------------- port : 80 address : 0.0.0.0 addr type : - interval : 15 pass intvl : 5 pass count: 3 fail count: 3 recv timeout: 10 ------------------ probe results ------------------ associations ip-address port porttype probes failed passed health ------------ ----------------------+----+--------+------+------+------+------ 2001:DB8:CAFE:12::25 80 VIP 26 0 26 SUCCESS real : WEB_V6_2[0] 2001:DB8:CAFE:12::15 80 VIP 51 51 0 FAILED Source Destination Protocol Info 2001:db8:cafe:12::ace1 2001:db8:cafe:12::25 HTTP GET /welcome.png HTTP/1.1 Source Destination Protocol Info 2001:db8:cafe:12::25 2001:db8:cafe:12::ace1 HTTP HTTP/1.1 200 OK (PNG) © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11.
Validation of Connection conn-id
np dir proto source sport state vlan destination dport ----------+--+---+-----+------------------------------------------+-----+------+ 131884 1 in TCP 2001:db8:cafe:10::17 59374 ESTAB Client-2-VIP 12 2001:db8:cafe:12::ace3 80 129952 1 out TCP 2001:db8:cafe:12::25 80 ESTAB Svr-2-SNAT 12 2001:db8:cafe:12::beef 1027 C:>netstat Active Connections Proto Local Address Foreign Address State Server TCP [2001:db8:cafe:12::25]:80 [2001:db8:cafe:12::beef]:1027 ESTABLISHED © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12.
ACE Show Output
(1) ace-4710-1/WEB-V6# show serverfarm serverfarm type rservers predictor current conns +--------------------+---------+--------+------------------+--------------- WEB_V6_SF HOST 2 LEASTCONNS 0 ace-4710-1/WEB-V6# show rserver rserver : WEB_V6_1, type: HOST state : OPERATIONAL (verified by ND response) -------------------------------------------connections----------- real weight state current total ---+---------------------+------+------------+----------+-------------------- serverfarm: WEB_V6_SF 2001:db8:cafe:12::25]:0 8 OPERATIONAL 0 3 rserver : WEB_V6_2, type: HOST state : ND_FAILED -------------------------------------------connections----------- real weight state current total ---+---------------------+------+------------+----------+-------------------- serverfarm: WEB_V6_SF [2001:db8:cafe:12::15]:0 8 ND_FAILED 0 0 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13.
ace-4710-1/WEB-V6# show service-policy Policy-map
: WEB_V6_POL Status : ACTIVE ----------------------------------------- ACE Show Output (2) Interface: vlan 1 12 service-policy: WEB_V6_POL class: WEB_V6_VIP nat: nat dynamic 1 vlan 12 curr conns : 0 , hit count : 2 dropped conns : 0 client pkt count : 35 , client byte count: 4145 server pkt count : 159 , server byte count: 197507 conn-rate-limit : 0 , drop-count : 0 bandwidth-rate-limit : 0 , drop-count : 0 loadbalance: L7 loadbalance policy: WEB_V6_SLB VIP ICMP Reply : ENABLED-WHEN-ACTIVE VIP State: INSERVICE VIP DCI state: VPC_DISABLED VIP DAD state: DAD_PASSED Persistence Rebalance: DISABLED curr conns : 0 , hit count : 23 dropped conns : 20 client pkt count : 121 , client byte count: 10563 server pkt count : 314 , server byte count: 392943 conn-rate-limit : 0 , drop-count : 0 bandwidth-rate-limit and/or 0 affiliates. All rights reserved. © 2010 Cisco : its , drop-count : 0 Cisco Public 13
14.
ACE SLB64 –
One Arm Mode 2001:db8:cafe:10::17 v6 VIP: 2001:db8:cafe:12::ace4 SNAT: 10.121.12.90 v4 10.121.12.25 10.121.12.15 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15.
SLB64 Context Specific
Configurations class-map match-all WEB_V6_V4_VIP 2 match virtual-address 2001:db8:cafe:12::ace4 tcp eq www probe http WEB_V4_PROBE interval 15 policy-map type loadbalance first-match WEB_V6_V4_SLB passdetect interval 5 class class-default request method get url /welcome.png serverfarm WEB_V6_V4_SF expect status 200 200 insert-http x-forward-for header-value "%is" open 1 nat dynamic 2 vlan 12 serverfarm primary rserver host WEB_V4_1 ip address 10.121.12.25 policy-map multi-match WEB_V6_POL inservice class WEB_V6_V4_VIP rserver host WEB_V4_2 loadbalance vip inservice ip address 10.121.12.15 loadbalance policy WEB_V6_V4_SLB inservice loadbalance vip icmp-reply active serverfarm host WEB_V6_V4_SF predictor leastconns slowstart 300 interface vlan 12 probe WEB_V4_PROBE ipv6 enable rserver WEB_V4_1 80 ip address 2001:db8:cafe:12::ace1/64 inservice ip address 10.121.12.45 255.255.255.0 rserver WEB_V4_2 80 access-group input EVERYONE inservice access-group input EVERYONE-v6 nat-pool 2 10.121.12.90 10.121.12.90 netmask 255.255.255.0 pat service-policy input MGMT service-policy inputCisco Public © 2010 Cisco and/or its affiliates. All rights reserved. WEB_V6_POL 15
16.
NAT64 Lots of
RFCs to check out: RFC 6144 – Framework for IPv4/IPv6 Translation RFC 6052 – IPv6 Addressing of IPv4/IPv6 Translators RFC 6145 – IP/ICMP Translation Algorithm RFC 6146 – Stateful NAT64 RFC 6147 – DNS64 Stateless – Not your friend in the enterprise (corner case deployment) 1:1 mapping between IPv6 and IPv4 addresses (i.e. 254 IPv6 hosts-to-254 IPv4 hosts) Requires the IPv6-only hosts to use an “IPv4 translatable” address format Stateful – What we are after for translating IPv6-only hosts to IPv4-only host(s) It is what it sounds like – keeps state between translated hosts Several deployment models (PAT/Overload, Dynamic 1:1, Static, etc…) This is what you will use to translate from IPv6 hosts (internal or Internet) to IPv4-only servers (internal DC or Internet Edge) Papers on Stateless vs. Stateful and use cases for NAT64: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/ white_paper_c11-676277.html http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/ white_paper_c11-676278.html © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17.
Stateful NAT64 –
Example Topology Static Example 10.121.13.52 DMZ/DC Internet IPv6 Host: 2001:db8:c150:10::16 10.121.12.70 G0/0/0: G0/0/1: 2001:DB8:CAFE:5555::1/64 10.121.220.1/24 interface GigabitEthernet0/0/0 ASR access-list EDGE_ACL ipv6 permit ipv6 any host 2001:DB8:CAFE:BEEF::46 description to 6k-dmz-1 Outside permit ipv6 any host 2001:DB8:CAFE:BEEF::34 no ip address ! ipv6 address 2001:DB8:CAFE:5555::1/64 nat64 prefix stateful 2001:DB8:CAFE:BEEF::/96 ipv6 eigrp 10 nat64 v4 pool EDGE 10.121.55.1 10.121.55.1 nat64 enable nat64 v4v6 static 10.121.12.70 2001:DB8:CAFE:BEEF::46 ! nat64 v4v6 static 10.121.13.52 2001:DB8:CAFE:BEEF::34 interface GigabitEthernet0/0/1 nat64 v6v4 list EDGE_ACL pool EDGE overload description to 6k-dmz-1 Inside ip address 10.121.220.1 255.255.255.0 nat64 enable © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 1 7
18.
NAT64 Translations
Reference ASR1k#sh nat64 translations Proto Original IPv4 Translated IPv4 Translated IPv6 Original IPv6 ---------------------------------------------------------------------------- --- 10.121.13.52 2001:db8:cafe:beef::48 Static --- --- --- 10.121.12.70 2001:db8:cafe:beef::46 Entries --- --- tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1030 [2001:db8:cafe:10::16]:53601 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1029 [2001:db8:cafe:10::16]:53600 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 Dynamic 10.121.55.1:1028 [2001:db8:cafe:10::16]:53599 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 Overloaded 10.121.55.1:1024 [2001:db8:cafe:10::16]:53593 Entries tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1025 [2001:db8:cafe:10::16]:53596 tcp 10.121.12.70:443 [2001:db8:cafe:beef::46]:443 10.121.55.1:1026 [2001:db8:cafe:10::16]:53597 tcp 10.121.12.70:80 [2001:db8:cafe:beef::46]:80 10.121.55.1:1027 [2001:db8:cafe:10::16]:53598 Total number of translations: 9 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19.
NAT64 Statistics ASR1k#show nat64
statistics Reference Total active translations: 6 (3 static, 3 dynamic; 3 extended) Sessions found: 171 Sessions created: 3 Global Stats: Packets translated (IPv4 -> IPv6) Stateless: 0 Stateful: 100 Packets translated (IPv6 -> IPv4) Stateless: 0 Stateful: 74 Interface Statistics GigabitEthernet0/0/0 (IPv4 not configured, IPv6 configured): Packets translated (IPv6 -> IPv4) Stateless: 0 Stateful: 74 GigabitEthernet0/0/1 (IPv4 configured, IPv6 not configured): Packets translated (IPv4 -> IPv6) Stateful: 100 Dynamic Mapping Statistics v6v4 access-list EDGE_ACL pool EDGE refcount 3 pool EDGE: start 10.121.55.1 end 10.121.55.1 total addresses 1, allocated 1 (100%) *Output reduced for clarity © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20.
Apache2 Reverse Proxy Netstat
- Client TCP [2001:db8:beef:10::16]:54640 [2001:db8:cafe:12::5]:80 ESTABLISHED TCP [2001:db8:beef:10::16]:54641 [2001:db8:cafe:12::5]:80 ESTABLISHED 2001:db8:beef:10::16 Netstat - Proxy Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 10.121.11.125:40475 10.121.11.60:80 ESTABLISHED 2001:db8:cafe:12::5 tcp 0 0 10.121.11.125:40476 10.121.11.60:80 ESTABLISHED tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54640 ESTABLISHED tcp6 0 0 2001:db8:cafe:12::5:80 2001:db8:beef:10::16:54641 ESTABLISHED 10.121.11.125 Apache One-Arm Apache Dual- Attached Netstat - Server TCP 10.121.11.60:80 10.121.11.125:40475 ESTABLISHED TCP 10.121.11.60:80 10.121.11.125:40476 ESTABLISHED IPv4-only Web Server <VirtualHost *:80> ProxyPass / http://10.121.11.60:80/ ProxyPassReverse / 2010 Cisco and/or its affiliates. All rights reserved. http://10.121.11.60:80/ © Cisco Public 20
21.
Microsoft Windows PortProxy
Can be treated like an appliance One-arm 2001:db8:cafe:12::25 Dual-attached (better perf) 10.121.12.25 Outside traffic comes in PortProxy One-Arm VIP=10.121.5.20 on IPv6—PortProxy to ACE PortProxy v4 (VIP address on Dual-Attached ACE) Traffic is IPv4 to server IPv4-only Web Server © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22.
PortProxy Configuration/Monitoring
adsf netsh interface portproxy>sh all Listen on ipv6: Connect to ipv4: Address Port Address Port --------------- ---------- --------------- ---------- 2001:db8:cafe:12::25 80 10.121.5.20 80 Active Connections Proto Local Address Foreign Address State TCP 10.121.12.25:58141 10.121.5.20:http ESTABLISHED TCP [2001:db8:cafe:12::25]:80 [2001:db8:cafe:10::17]:52047 ESTABLISHED conn-id np dir proto vlan source destination state ----------+--+---+-----+----+---------------------+---------------------+------+ 14 1 in TCP 5 10.121.12.25:58573 10.121.5.20:80 ESTAB 13 1 out TCP 5 10.121.14.15:80 10.121.5.12:1062 ESTAB © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Descargar ahora