>IPv6 Deployment Scenarios Part 2: Dual-stack RFC1918 IPv4 and IPv6

Posted by

>

In the last post we discussed using NAT64 for IPv6-only clients to reach both the IPv6 and IPv4 Internet. Supporting both IPv6 and IPv4 is a struggle and will continue to be a struggle. In this article I’ll be demonstrating a scenario where the client is running dual-stack with a public v6 address and an RFC1918 v4 address using NAT. This will give a good base for verifying v6 and v4 connectivity without a lot of hassle.

Here is the basic network that I built in the lab:

I made use of Google’s public DNS servers at 8.8.8.8 and 8.8.4.4. These servers return both A and AAAA records if they are available. For sites that return AAAA records the client would connect via IPv6 and for sites with just A records the client would connect via IPv4. 
Here are various DNS lookups. I had to set type=AAAA to see the IPv6 DNS records, but after that things started to make a little more sense.
C:Documents and Settingsmpreath.CCIDOMAIN>nslookup
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

>
> google.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    google.com
Addresses:  74.125.225.18, 74.125.225.19, 74.125.225.16, 74.125.225.17
          74.125.225.20

> ipv6.google.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    ipv6.google.com

> set type=AAAA
> ipv6.google.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
ipv6.google.com canonical name = ipv6.l.google.com
ipv6.l.google.com       AAAA IPv6 address = 2001:4860:800b::93
> ipv6.netflix.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
ipv6.netflix.com        AAAA IPv6 address = 2620:0:ef0:13::20

The router facing the client computer was configured with both IPv6 address, IPv4 addresses, and IPv4 NAT.  The configuration was relatively short, but here are the import points:
IPv6 + IPv4 public on upstream interface:
interface FastEthernet0/0
 ip address XX.YY.56.251 255.255.255.248
 ip nat outside
 duplex auto
 speed auto
 ipv6 address XXXX:YYYY::6/126

IPv6 + IPv4 private on customer facing interface:
interface FastEthernet0/1
 ip address 192.168.253.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
 ipv6 address XXXX:YYYY:0:1E0::1/64

IPv4 NAT/PAT:
ip nat inside source list 101 interface FastEthernet0/0 overload
access-list 101 permit ip 192.168.253.0 0.0.0.255 any
For the border router there was already IPv4 peering configured so IPv6 BGP peering had to be added. This was a pretty simple process once we had it worked out with our upstream IPv6 provider.
IPv6 on upstream interface:
interface GigabitEthernet2/6
 ipv6 address XXXX:YYYY:0:42::2/126

IPv6 + IPv4 on downstream interface:
interface GigabitEthernet2/27
 ip address XX.YY.56.249 255.255.255.248
 duplex auto
 speed auto
 ipv6 address XXXX:YYYY::5/126

BGP peering:
router bgp XXXXX
 neighbor XXXX:YYYY:0:42::1 remote-as YYYY
 neighbor XXXX:YYYY:0:42::1 prefix-list in
 neighbor XXXX:YYYY:0:42::1 prefix-list out
 address-family ipv6
  no synchronization
  network XXXX:ZZZZ::/32
  network XXXX:ZZZZ:8::/48
  neighbor XXXX:YYYY:0:42::1 activate
  neighbor XXXX:YYYY:0:42::1 route-map in
  neighbor XXXX:YYYY:0:42::1 route-map out
 exit-address-family
I did IPv6 verification to http://whatismyv6.com/
This showed my proper global v6 address and then did an IPv4 only test.
which showed my correct v4 public address. 
The dual-stack testing went well with minimal troubles.  I had to troubleshoot an v6 route issue in our border router and enable IPv6 in Windows XP.  Once those items were resolved I had no trouble accessing sites via v6 and v4. 
The next lab project I will be doing is a NAT64 demo with an IPv6 only client. 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s