IPv6 Deployment Scenarios Part 2: Dual-stack RFC1918 IPv4 and IPv6

Posted by

In the last post we discussed using NAT64 for IPv6-only clients to reach both the IPv6 and IPv4 Internet. Supporting both IPv6 and IPv4 is a struggle and will continue to be a struggle. In this article I’ll be demonstrating a scenario where the client is running dual-stack with a public v6 address and an RFC1918 v4 address using NAT. This will give a good base for verifying v6 and v4 connectivity without a lot of hassle.

Here is the basic network that I built in the lab:

I made use of Google’s public DNS servers at 8.8.8.8 and 8.8.4.4. These servers return both A and AAAA records if they are available. For sites that return AAAA records the client would connect via IPv6 and for sites with just A records the client would connect via IPv4.
Here are various DNS lookups. I had to set type=AAAA to see the IPv6 DNS records, but after that things started to make a little more sense.
C:Documents and Settingsmpreath.CCIDOMAIN>nslookup
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8
>
> google.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
Non-authoritative answer:
Name:    google.com
Addresses:  74.125.225.18, 74.125.225.19, 74.125.225.16, 74.125.225.17
74.125.225.20
> ipv6.google.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
Non-authoritative answer:
Name:    ipv6.google.com
> set type=AAAA
> ipv6.google.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
Non-authoritative answer:
ipv6.google.com canonical name = ipv6.l.google.com
ipv6.l.google.com       AAAA IPv6 address = 2001:4860:800b::93
> ipv6.netflix.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
Non-authoritative answer:
ipv6.netflix.com        AAAA IPv6 address = 2620:0:ef0:13::20
The router facing the client computer was configured with both IPv6 address, IPv4 addresses, and IPv4 NAT.  The configuration was relatively short, but here are the import points:
IPv6 + IPv4 public on upstream interface:
interface FastEthernet0/0
ip address XX.YY.56.251 255.255.255.248
ip nat outside
duplex auto
speed auto
ipv6 address XXXX:YYYY::6/126
IPv6 + IPv4 private on customer facing interface:
interface FastEthernet0/1
ip address 192.168.253.1 255.255.255.0
ip nat inside
duplex auto
speed auto
ipv6 address XXXX:YYYY:0:1E0::1/64
IPv4 NAT/PAT:
ip nat inside source list 101 interface FastEthernet0/0 overload
access-list 101 permit ip 192.168.253.0 0.0.0.255 any
For the border router there was already IPv4 peering configured so IPv6 BGP peering had to be added. This was a pretty simple process once we had it worked out with our upstream IPv6 provider.
IPv6 on upstream interface:
interface GigabitEthernet2/6
ipv6 address XXXX:YYYY:0:42::2/126
IPv6 + IPv4 on downstream interface:
interface GigabitEthernet2/27
ip address XX.YY.56.249 255.255.255.248
duplex auto
speed auto
ipv6 address XXXX:YYYY::5/126
BGP peering:
router bgp XXXXX
neighbor XXXX:YYYY:0:42::1 remote-as YYYY
neighbor XXXX:YYYY:0:42::1 prefix-list in
neighbor XXXX:YYYY:0:42::1 prefix-list out
address-family ipv6
no synchronization
network XXXX:ZZZZ::/32
network XXXX:ZZZZ:8::/48
neighbor XXXX:YYYY:0:42::1 activate
neighbor XXXX:YYYY:0:42::1 route-map in
neighbor XXXX:YYYY:0:42::1 route-map out
exit-address-family
I did IPv6 verification to http://whatismyv6.com/
This showed my proper global v6 address and then did an IPv4 only test.
which showed my correct v4 public address.
The dual-stack testing went well with minimal troubles.  I had to troubleshoot an v6 route issue in our border router and enable IPv6 in Windows XP.  Once those items were resolved I had no trouble accessing sites via v6 and v4.
The next lab project I will be doing is a NAT64 demo with an IPv6 only client.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s