Deploying IPv6 Networks: Networking Technology
Autor Ciprian Popoviciu, Eric Levy-Abegnoli, Patrick Grosseteteen Limba Engleză Paperback – 9 feb 2006
Preț: 423.86 lei
Preț vechi: 529.83 lei
-20% Nou
Puncte Express: 636
Preț estimativ în valută:
81.13€ • 85.07$ • 67.03£
81.13€ • 85.07$ • 67.03£
Carte indisponibilă temporar
Doresc să fiu notificat când acest titlu va fi disponibil:
Se trimite...
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781587052101
ISBN-10: 1587052105
Pagini: 627
Ilustrații: Illustrations, charts
Dimensiuni: 188 x 232 x 35 mm
Greutate: 1.11 kg
Ediția:1
Editura: Cisco Press
Seria Networking Technology
Locul publicării:Indianapolis, United States
ISBN-10: 1587052105
Pagini: 627
Ilustrații: Illustrations, charts
Dimensiuni: 188 x 232 x 35 mm
Greutate: 1.11 kg
Ediția:1
Editura: Cisco Press
Seria Networking Technology
Locul publicării:Indianapolis, United States
Descriere
An essential, comprehensive, and practical guide to IPv6 concepts, service implementation, and interoperability in existing IPv4 environments
After completing Deploying IPv6 Networks, you will:
Deploying IPv6 Networks is an essential guide to IPv6 concepts, service implementation, and interoperability in existing IPv4 environments. You’ll learn about IPv6 as a mature technology ready for deployment. Deploying IPv6 Networks goes beyond addressing the basics of IPv6 yet remains accessible to readers unfamiliar with the protocol. With this book in hand, you will learn how to plan, design, deploy, and manage IPv6 services.
Deploying IPv6 Networks opens with an updated “Case for IPv6”: a review of the IPv4 challenges and the IPv6 opportunities. It then covers the IPv6 concepts related to IP services provided in real networks. Relevant features and corresponding configuration examples are presented in a deployment context as they are applied to the various segments of the network. The IPv6 knowledge accumulated in the first part of the book is revisited in Part II, where it is leveraged in concrete and usable examples that cover most common network environments: MPLS service provider, IP service provider, and enterprise.
The structure of Deploying IPv6 Networks enables you to use it as a reference for specific aspects of IPv6, as a technology study guide, or as a design guide for deploying IPv6. You’ll also find that the presentation approach enables you to leverage your IPv4 experience to quickly become knowledgeable and proficient with the concepts of IPv6.
After completing Deploying IPv6 Networks, you will:
- Understand the current state of IPv6 technologies and services
- Understand the IPv6 features as they are applied in service deployments
- Be prepared with guidelines on how to ready your organization for a migration to IPv6
- Know how to design and implement an IPv6 production-level network using the book’s templates and examples
- Have the ability to configure and troubleshoot IPv6 networks
- Know where IPv6 developments are moving in the future
Deploying IPv6 Networks is an essential guide to IPv6 concepts, service implementation, and interoperability in existing IPv4 environments. You’ll learn about IPv6 as a mature technology ready for deployment. Deploying IPv6 Networks goes beyond addressing the basics of IPv6 yet remains accessible to readers unfamiliar with the protocol. With this book in hand, you will learn how to plan, design, deploy, and manage IPv6 services.
Deploying IPv6 Networks opens with an updated “Case for IPv6”: a review of the IPv4 challenges and the IPv6 opportunities. It then covers the IPv6 concepts related to IP services provided in real networks. Relevant features and corresponding configuration examples are presented in a deployment context as they are applied to the various segments of the network. The IPv6 knowledge accumulated in the first part of the book is revisited in Part II, where it is leveraged in concrete and usable examples that cover most common network environments: MPLS service provider, IP service provider, and enterprise.
The structure of Deploying IPv6 Networks enables you to use it as a reference for specific aspects of IPv6, as a technology study guide, or as a design guide for deploying IPv6. You’ll also find that the presentation approach enables you to leverage your IPv4 experience to quickly become knowledgeable and proficient with the concepts of IPv6.
Cuprins
Introduction
Part I Implementing IPv6 Services
Chapter 1 The Case for IPv6—An Updated Perspective
Unicast Connectivity
Addressing
IPv4 Address Architecture
Private Versus Public Addresses
Static Versus Dynamic Addresses
Renumbering
Network Address Translation
Routing
QoS Services
Multicast Services
Virtual Private Networks
Security
IP Mobility
IPv6 Is an Evolutionary Step
Chapter 2 An IPv6 Refresher
IPv6 Addressing
IPv6 Address Representation
IPv6 Address Architecture
IPv6 Unicast Address
IPv6 Anycast Addresses
IPv6 Multicast Addresses
IPv6 and Layer 2 Addressing
IPv6 Addresses Required for an Interface
Configuring IPv6 Addresses in Cisco IOS Routers
IPv6 Addressing Architecture at a Glance
IPv6 Packet Format
IPv6 Versus IPv4 Basic Header Format
IPv6 Extension Headers
Hop-by-Hop Options Header
Destination Options Header
Routing Header
Fragment Header
Authentication Header
Encapsulating Security Payload Header
Mobility Header
Linking Multiple Extension Headers
IPv6 and Data-Link Technologies
Internet Control Message Protocol for IPv6
ICMPv6 Error Messages
Destination Unreachable
Time Exceeded
Packet Too Big
Parameter Problem
ICMPv6 Informational Messages
Source Address Selection Algorithm
Conclusion on ICMPv6
Neighbor Discovery Protocol
Protocol Operations Summary
Comparison with IPv4
Router and Prefix Discovery
Address Resolution
Redirecting a Host to a Better Next Hop
Inverse Neighbor Discovery
Proxy Neighbor Discovery
Neighbor Discovery Algorithms
Next-Hop Determination
Default Router Selection
Duplicate Address Detection
Neighbor Unreachability Detection
The State Machine for Reachability
Autoconfiguration
Neighbor Discovery at a Glance
Chapter 3 Delivering IPv6 Unicast Services
Overview
IPv6 Provisioning
Host IPv6 Address Provisioning
Stateless Autoconfiguration
Stateful DHCP
Router IPv6 Address Provisioning: Prefix Delegation
Protocol Description
Requesting Router
Delegating Router
What DHCP-PD Does Not Do
Other Configuration Information
Stateless DHCP
DNS Services
IPv6 Network Access
Media Types
Native IPv6 Access
Routed Access
Bridged Access
PPP-Encapsulated IPv6 Access
Virtualized Access Layer
Access over Tunnels
Manually Configured Tunnel
Tunnel Broker and Tunnel Server
Teredo
ISATAP
IPv6 over the Backbone
Native IPv6
IPv6 over IPv4 Tunnels
IPv6 over MPLS
Translation Mechanisms (NAT-PT)
Chapter 4 IPv6 Routing Protocols
Distance Vector Routing Protocol
Path Vector Routing Protocol
Link-State Routing Protocol
IPv6 Interior Gateway Protocols
Routing Information Protocol next-generation
Support for IPv6
Configuration Example
EIGRP for IPv6
Support for IPv6
Configuration Example
OSPFv3
Support for IPv6
Configuration Example
IS-IS for IPv6
Support for IPv6
Configuration Example
BGP
Use of MP-BGP Extensions for IPv6 Interdomain Routing
BGP Peering
BGP Next Hop
BGP Configuration Example
Site Multihoming
Deploying IPv6 Routing Protocols
Network Core
Network Distribution/Edge
Network Access
Chapter 5 Implementing QoS
QoS for IPv6
Differences Between IPv6 and IPv4 QoS
Layer 3 QoS
Layer 2 QoS
Link-Efficiency Mechanisms
Differentiated Services
Support for IPv6
Configuration Example
Integrated Services
Support for IPv6
QoS for IPv6 over MPLS
Using DiffServ in a 6PE or 6VPE Environment
Configuration Example
Using RSVP-TE in a 6PE or 6VPE Environment
Using Multiple BGP Next Hops
COS-Based TE Tunnel Selection (CBTS)
Deploying QoS for IPv6
QoS in a Native IPv6 Deployment
QoS in an MPLS-Based IPv6 Deployment
IPv4 and IPv6 Coexistence
Chapter 6 Providing IPv6 Multicast Services
IPv6 Multicast
Group Membership Management
Multicast Listener Discovery
Multicast Layer 2 Protocols
Multicast Routing and Forwarding
Multicast Distribution Trees
Reverse-Path Forwarding Determination
Protocol Independent Multicast
Deployment Considerations
Multicast Domain Control
RP Mapping and Redundancy
Service Models
Multicast over Tunnels
Multicast over MPLS Infrastructures
IPv6 Multicast Deployment Examples
SSM in a Service Provider Network
Enabling IPv6 Multicast Routing
MLD Configuration
Tuning PIM
Subscriber Joining the (S,G)
IPv6 Multicast Traffic Forwarding
ASM in an Enterprise Network
Configuring BSR
Configuring Candidate RP routers
PIM Topology and Traffic Forwarding
Operation with Embedded RP
Chapter 7 VPN IPv6 Architecture and Services
Virtual Private Network Overview
Provider-Provisioned VPNs
CE-Based VPNs
PE-Based VPNs
Addressing Considerations
Security Considerations
Using IPsec to Implement CE-Based VPNs
Remote Access
IPsec Tunnel Alternatives
Routing
IPv6 CE-Based VPN deployment
BGP-MPLS IPv6 VPNs: A PE-Based VPN Solution
Routing Table Segregation
Routing Protocols for BGP-MPLS IPv6 VPN
BGP Next Hop
Building the Label Stack
Forwarding in BGP-MPLS IPv6 VPN
VRF Concepts and IPv6 Implementation
Configuring a VRF
Associating a VRF to an Interface
VRF-Aware Router Commands
Scaling IPv6 VPNs
MP-BGP for VPNv6 at a Glance
Topology Examples
Using IPsec to Secure IPv6 over an IPv4 Tunnel
Basic MPLS VPNv6 Topology
Dual-Stack VPNs
Route Reflectors
Hub and Spoke
Internet Access
Interprovider VPNs
Chapter 8 Advanced Services—IPv6 Mobility
Chapter Overview
IP Host Mobility
Mobile IPv4 in a Nutshell
Mobile IPv6
Mobile IPv6 Operation Overview
IPv6 Mobility Header
Destination Option
Dynamic Home Agent Address Discovery
Route Optimization
Mobile IPv6 Security
Mobile IPv6 Deployment
Configuration Example
Using ACLs to Control MIPv6 Operation on the Home Agent
Network Mobility
Practical Use Cases
Enterprise on the Move
Home Gateway
Personal-Area Network
Internet-Enabled Car
Sensor Network
Fleet in Motion
Object Model and Terminology
Basic Operations
What About NEMO?
Home Network in NEMO
Extended Home Network
Aggregated Home Network
Mobile Home Network
Distributed Home Network
Virtual Home Network
IP Mobility in Nonmobile Scenarios
IPv4 to IPv6 Transitioning
Topology Hiding
Community of Interest
Route Projection
Server Load Balancing
Next Steps in Mobility
Forthcoming Evolutions
Faster Roaming
Movement Detection
Attachment Router Selection
Integration with Mobile Ad-hoc Networking
Endpoint Identification
Multihoming
Route Optimization for NEMO
A Vision
Chapter 9 Securing IPv6 Networks
Security Threats and Best Practices to Protect Against Them
Threats with New Considerations in IPv6
Reconnaissance
Unauthorized Access
Header Manipulation
Fragmentation
Layer 3/Layer 4 Spoofing
Host-Initialization and Address-Resolution Attacks
Broadcast-Amplification Attacks (Smurf)
Routing Attacks
Viruses and Worms
Transition-Mechanism Attacks
A Note on Mobile IPv6 Security
Threats with Similar Behavior in IPv4 and IPv6
Sniffing
Application Layer Attacks
Rogue Devices
Man-in-the-Middle Attacks
Flooding Attacks
6PE Security
A Note on VPN Security
Tools Available for Securing IPv6 Networks
IPsec for IPv6
IPsec Concepts
Using IPv4 IPsec to Secure IPv6 Tunnels
Securing Router–to-Router Communication with IPv6 IPsec
Access Control Lists
Extended IPv6 ACLs and Stateful Filtering
IPv6 ACLs and Fragmentation
IPv6 Access List Example
Firewall Functions
Cisco IOS Firewall
PIX Firewall
Authentication, Authorization, and Accounting
Unicast Reverse Path Forwarding
Protecting the Control Plane with Rate Limiting
Summary of Best Practices for Securing IPv6 Deployments
Chapter 10 Managing IPv6 Networks
IPv6 Network Management: The Challenges
Allocating IPv6 Addresses to Managed Nodes
Integrating IPv6 and IPv4 Network Management
Network-Management Architecture
Retrieving Information from Routers and Switches
SNMP and MIBs
SNMP over IPv6
IPv6 MIBs
BGP and Other MIBs
IPv6 MIB Example
NetFlow
IPfix
Other Protocols (Telnet/SSH/RSH/TFTP/FTP)
Fault Management
Flow Analysis Using NetFlow
Cisco NFC
IPFlow
Cisco Network Analysis Module
Topology Management
Routing Management
Analysis for Troubleshooting
Performance Management
Cisco IOS IP Service-Level Agreements
Other IPv6-Enabled Tools for Performance Analysis
Configuration and Provisioning Management
Management Platforms
CiscoWorks
Other Management Platforms
HP OpenView
Tivoli NetView
InfoVista
IPv6 Network Management Services and Tools at a Glance
Chapter 11 Network Performance Considerations: Coexistence of IPv4 and IPv6
Aspects of Router IPv6 Performance
IPv6 Control Plane
IPv6 and the Data Plane
Measuring Forwarding Performance
The Right Router for the Job
Router Architecture Overview
Software Versus Hardware Forwarding
Centralized Versus Distributed Forwarding
IPv6 Forwarding Performance of Cisco Routers
Low-End Routers
Mid-Range Routers
High-End Routers
6PE Forwarding Performance
IPv6 Router Performance Evaluation Checklist
Part II Deployment Case Studies
Chapter 12 Generic Deployment Planning Guidelines
Cost Analysis
Host-Related Costs
Network Elements–Related Costs
Operations-Related Costs
Address Policies and Registration Process
Education
Chapter 13 Deploying IPv6 in an MPLS Service Provider Network
Network Environment
Network Design Objectives
EuropCom Services
Internet Access
L3VPN
Carrier Supporting Carrier
DNS Services
Content Hosting/Storage
Voice over IP
Peer-to-Peer Applications and Other Services
Network Design
Access Design
POP Design
Core Design
IGP Design Considerations
MPLS Design Considerations
QOS Design Considerations
ICMP Design Considerations
Edge Design
PE Router Design and Implementation Considerations
PE-CE Interface Design
PE-CE Routing Design
PE-PE Routing Design
Route Reflector Design
VRF Design
Inter-AS Design
Basic Services Design and Implementation
Global IPv6 Internet Access Design and Implementation
Layer 3 MPLS VPN Service Design and Implementation
VPN Internet Access Service Design and Implementation
Carrier’s Carrier Service Design
Quality of Service Design
Operating and Troubleshooting the Network
Service and Traffic Monitoring
Addressing
Link-Local Addresses
Addresses for Management
Using Unique-Local Addresses
Inter-Provider Communications
Multihoming
MTU Discovery
Security
Securing the Edge
Securing the 6PE Infrastructure
Troubleshooting
Routing
Forwarding
Design Lessons
Chapter 14 Deploying IPv6 in an IP Service Provider Network
Network Environment and IPv4 Services
IPv6 Deployment Plans
Targeted IPv6 Services
Unicast Connectivity
Internet Access
DNS Services
Mail Services
Content Hosting/Storage
Voice over IP
Content Delivery—Multicast
Mobile IPv6—Communities of Interest
Design Goals
Design Options
PPP/L2TP-Based Deployment Option
Dual-Stack Deployment Option
Basic Services Design and Implementation
Addressing Plan
Unicast Connectivity
Access
Edge and Core
Service Rollout Plan
DNS and Content Hosting/Storage
Internet Access
Advanced Services Design and Implementation
Content Distribution—IPv6 Multicast
IPv6 Multicast Service Design
IPv6 Multicast Implementation
Quality of Service
QoS Service Design
QoS Implementation
Operating and Troubleshooting the Network
Securing the IPv6 Network
Securing the Access
Securing the Edge
Securing the Data Center
Managing the Network
Troubleshooting
Provisioning
Unicast Routing and Forwarding
Multicast Routing and Forwarding
Deployment Lessons
Chapter 15 Deploying IPv6 in an Enterprise Network
Introducing AC Corporation
AC Network Environment
AC Network Infrastructure
Headquarters
Branch Offices
Business Drivers to Integrate IPv6 on the AC Network
Learning the Technology
Expanding the Test Bed
Domain Name Service (DNS)
ISATAP Router
IPv6 Internet-to-Campus Connectivity
Expanding the IPv6 Intranet Testing
Lessons from the Trial
Moving IPv6 to Production
Cost Analysis
Operations
Design and Setup
IPv6 Addressing
Prefix-Assignment Scheme
Address Configuration Rules
Dual-Stack Deployment
Routing Protocols
First-Hop Router Redundancy
Tuning Neighbor Discovery
Configuring Default Router Selection
Enabling Cisco HSRP for IPv6
Securing the IPv6 Deployment
Multicast
Network Management
Mobility
QoS
Troubleshooting
Future Evolutions
Prefix Selection, Assignment Policies and Multihoming
Security
Market Expansion
Index
Part I Implementing IPv6 Services
Chapter 1 The Case for IPv6—An Updated Perspective
Unicast Connectivity
Addressing
IPv4 Address Architecture
Private Versus Public Addresses
Static Versus Dynamic Addresses
Renumbering
Network Address Translation
Routing
QoS Services
Multicast Services
Virtual Private Networks
Security
IP Mobility
IPv6 Is an Evolutionary Step
Chapter 2 An IPv6 Refresher
IPv6 Addressing
IPv6 Address Representation
IPv6 Address Architecture
IPv6 Unicast Address
IPv6 Anycast Addresses
IPv6 Multicast Addresses
IPv6 and Layer 2 Addressing
IPv6 Addresses Required for an Interface
Configuring IPv6 Addresses in Cisco IOS Routers
IPv6 Addressing Architecture at a Glance
IPv6 Packet Format
IPv6 Versus IPv4 Basic Header Format
IPv6 Extension Headers
Hop-by-Hop Options Header
Destination Options Header
Routing Header
Fragment Header
Authentication Header
Encapsulating Security Payload Header
Mobility Header
Linking Multiple Extension Headers
IPv6 and Data-Link Technologies
Internet Control Message Protocol for IPv6
ICMPv6 Error Messages
Destination Unreachable
Time Exceeded
Packet Too Big
Parameter Problem
ICMPv6 Informational Messages
Source Address Selection Algorithm
Conclusion on ICMPv6
Neighbor Discovery Protocol
Protocol Operations Summary
Comparison with IPv4
Router and Prefix Discovery
Address Resolution
Redirecting a Host to a Better Next Hop
Inverse Neighbor Discovery
Proxy Neighbor Discovery
Neighbor Discovery Algorithms
Next-Hop Determination
Default Router Selection
Duplicate Address Detection
Neighbor Unreachability Detection
The State Machine for Reachability
Autoconfiguration
Neighbor Discovery at a Glance
Chapter 3 Delivering IPv6 Unicast Services
Overview
IPv6 Provisioning
Host IPv6 Address Provisioning
Stateless Autoconfiguration
Stateful DHCP
Router IPv6 Address Provisioning: Prefix Delegation
Protocol Description
Requesting Router
Delegating Router
What DHCP-PD Does Not Do
Other Configuration Information
Stateless DHCP
DNS Services
IPv6 Network Access
Media Types
Native IPv6 Access
Routed Access
Bridged Access
PPP-Encapsulated IPv6 Access
Virtualized Access Layer
Access over Tunnels
Manually Configured Tunnel
Tunnel Broker and Tunnel Server
Teredo
ISATAP
IPv6 over the Backbone
Native IPv6
IPv6 over IPv4 Tunnels
IPv6 over MPLS
Translation Mechanisms (NAT-PT)
Chapter 4 IPv6 Routing Protocols
Distance Vector Routing Protocol
Path Vector Routing Protocol
Link-State Routing Protocol
IPv6 Interior Gateway Protocols
Routing Information Protocol next-generation
Support for IPv6
Configuration Example
EIGRP for IPv6
Support for IPv6
Configuration Example
OSPFv3
Support for IPv6
Configuration Example
IS-IS for IPv6
Support for IPv6
Configuration Example
BGP
Use of MP-BGP Extensions for IPv6 Interdomain Routing
BGP Peering
BGP Next Hop
BGP Configuration Example
Site Multihoming
Deploying IPv6 Routing Protocols
Network Core
Network Distribution/Edge
Network Access
Chapter 5 Implementing QoS
QoS for IPv6
Differences Between IPv6 and IPv4 QoS
Layer 3 QoS
Layer 2 QoS
Link-Efficiency Mechanisms
Differentiated Services
Support for IPv6
Configuration Example
Integrated Services
Support for IPv6
QoS for IPv6 over MPLS
Using DiffServ in a 6PE or 6VPE Environment
Configuration Example
Using RSVP-TE in a 6PE or 6VPE Environment
Using Multiple BGP Next Hops
COS-Based TE Tunnel Selection (CBTS)
Deploying QoS for IPv6
QoS in a Native IPv6 Deployment
QoS in an MPLS-Based IPv6 Deployment
IPv4 and IPv6 Coexistence
Chapter 6 Providing IPv6 Multicast Services
IPv6 Multicast
Group Membership Management
Multicast Listener Discovery
Multicast Layer 2 Protocols
Multicast Routing and Forwarding
Multicast Distribution Trees
Reverse-Path Forwarding Determination
Protocol Independent Multicast
Deployment Considerations
Multicast Domain Control
RP Mapping and Redundancy
Service Models
Multicast over Tunnels
Multicast over MPLS Infrastructures
IPv6 Multicast Deployment Examples
SSM in a Service Provider Network
Enabling IPv6 Multicast Routing
MLD Configuration
Tuning PIM
Subscriber Joining the (S,G)
IPv6 Multicast Traffic Forwarding
ASM in an Enterprise Network
Configuring BSR
Configuring Candidate RP routers
PIM Topology and Traffic Forwarding
Operation with Embedded RP
Chapter 7 VPN IPv6 Architecture and Services
Virtual Private Network Overview
Provider-Provisioned VPNs
CE-Based VPNs
PE-Based VPNs
Addressing Considerations
Security Considerations
Using IPsec to Implement CE-Based VPNs
Remote Access
IPsec Tunnel Alternatives
Routing
IPv6 CE-Based VPN deployment
BGP-MPLS IPv6 VPNs: A PE-Based VPN Solution
Routing Table Segregation
Routing Protocols for BGP-MPLS IPv6 VPN
BGP Next Hop
Building the Label Stack
Forwarding in BGP-MPLS IPv6 VPN
VRF Concepts and IPv6 Implementation
Configuring a VRF
Associating a VRF to an Interface
VRF-Aware Router Commands
Scaling IPv6 VPNs
MP-BGP for VPNv6 at a Glance
Topology Examples
Using IPsec to Secure IPv6 over an IPv4 Tunnel
Basic MPLS VPNv6 Topology
Dual-Stack VPNs
Route Reflectors
Hub and Spoke
Internet Access
Interprovider VPNs
Chapter 8 Advanced Services—IPv6 Mobility
Chapter Overview
IP Host Mobility
Mobile IPv4 in a Nutshell
Mobile IPv6
Mobile IPv6 Operation Overview
IPv6 Mobility Header
Destination Option
Dynamic Home Agent Address Discovery
Route Optimization
Mobile IPv6 Security
Mobile IPv6 Deployment
Configuration Example
Using ACLs to Control MIPv6 Operation on the Home Agent
Network Mobility
Practical Use Cases
Enterprise on the Move
Home Gateway
Personal-Area Network
Internet-Enabled Car
Sensor Network
Fleet in Motion
Object Model and Terminology
Basic Operations
What About NEMO?
Home Network in NEMO
Extended Home Network
Aggregated Home Network
Mobile Home Network
Distributed Home Network
Virtual Home Network
IP Mobility in Nonmobile Scenarios
IPv4 to IPv6 Transitioning
Topology Hiding
Community of Interest
Route Projection
Server Load Balancing
Next Steps in Mobility
Forthcoming Evolutions
Faster Roaming
Movement Detection
Attachment Router Selection
Integration with Mobile Ad-hoc Networking
Endpoint Identification
Multihoming
Route Optimization for NEMO
A Vision
Chapter 9 Securing IPv6 Networks
Security Threats and Best Practices to Protect Against Them
Threats with New Considerations in IPv6
Reconnaissance
Unauthorized Access
Header Manipulation
Fragmentation
Layer 3/Layer 4 Spoofing
Host-Initialization and Address-Resolution Attacks
Broadcast-Amplification Attacks (Smurf)
Routing Attacks
Viruses and Worms
Transition-Mechanism Attacks
A Note on Mobile IPv6 Security
Threats with Similar Behavior in IPv4 and IPv6
Sniffing
Application Layer Attacks
Rogue Devices
Man-in-the-Middle Attacks
Flooding Attacks
6PE Security
A Note on VPN Security
Tools Available for Securing IPv6 Networks
IPsec for IPv6
IPsec Concepts
Using IPv4 IPsec to Secure IPv6 Tunnels
Securing Router–to-Router Communication with IPv6 IPsec
Access Control Lists
Extended IPv6 ACLs and Stateful Filtering
IPv6 ACLs and Fragmentation
IPv6 Access List Example
Firewall Functions
Cisco IOS Firewall
PIX Firewall
Authentication, Authorization, and Accounting
Unicast Reverse Path Forwarding
Protecting the Control Plane with Rate Limiting
Summary of Best Practices for Securing IPv6 Deployments
Chapter 10 Managing IPv6 Networks
IPv6 Network Management: The Challenges
Allocating IPv6 Addresses to Managed Nodes
Integrating IPv6 and IPv4 Network Management
Network-Management Architecture
Retrieving Information from Routers and Switches
SNMP and MIBs
SNMP over IPv6
IPv6 MIBs
BGP and Other MIBs
IPv6 MIB Example
NetFlow
IPfix
Other Protocols (Telnet/SSH/RSH/TFTP/FTP)
Fault Management
Flow Analysis Using NetFlow
Cisco NFC
IPFlow
Cisco Network Analysis Module
Topology Management
Routing Management
Analysis for Troubleshooting
Performance Management
Cisco IOS IP Service-Level Agreements
Other IPv6-Enabled Tools for Performance Analysis
Configuration and Provisioning Management
Management Platforms
CiscoWorks
Other Management Platforms
HP OpenView
Tivoli NetView
InfoVista
IPv6 Network Management Services and Tools at a Glance
Chapter 11 Network Performance Considerations: Coexistence of IPv4 and IPv6
Aspects of Router IPv6 Performance
IPv6 Control Plane
IPv6 and the Data Plane
Measuring Forwarding Performance
The Right Router for the Job
Router Architecture Overview
Software Versus Hardware Forwarding
Centralized Versus Distributed Forwarding
IPv6 Forwarding Performance of Cisco Routers
Low-End Routers
Mid-Range Routers
High-End Routers
6PE Forwarding Performance
IPv6 Router Performance Evaluation Checklist
Part II Deployment Case Studies
Chapter 12 Generic Deployment Planning Guidelines
Cost Analysis
Host-Related Costs
Network Elements–Related Costs
Operations-Related Costs
Address Policies and Registration Process
Education
Chapter 13 Deploying IPv6 in an MPLS Service Provider Network
Network Environment
Network Design Objectives
EuropCom Services
Internet Access
L3VPN
Carrier Supporting Carrier
DNS Services
Content Hosting/Storage
Voice over IP
Peer-to-Peer Applications and Other Services
Network Design
Access Design
POP Design
Core Design
IGP Design Considerations
MPLS Design Considerations
QOS Design Considerations
ICMP Design Considerations
Edge Design
PE Router Design and Implementation Considerations
PE-CE Interface Design
PE-CE Routing Design
PE-PE Routing Design
Route Reflector Design
VRF Design
Inter-AS Design
Basic Services Design and Implementation
Global IPv6 Internet Access Design and Implementation
Layer 3 MPLS VPN Service Design and Implementation
VPN Internet Access Service Design and Implementation
Carrier’s Carrier Service Design
Quality of Service Design
Operating and Troubleshooting the Network
Service and Traffic Monitoring
Addressing
Link-Local Addresses
Addresses for Management
Using Unique-Local Addresses
Inter-Provider Communications
Multihoming
MTU Discovery
Security
Securing the Edge
Securing the 6PE Infrastructure
Troubleshooting
Routing
Forwarding
Design Lessons
Chapter 14 Deploying IPv6 in an IP Service Provider Network
Network Environment and IPv4 Services
IPv6 Deployment Plans
Targeted IPv6 Services
Unicast Connectivity
Internet Access
DNS Services
Mail Services
Content Hosting/Storage
Voice over IP
Content Delivery—Multicast
Mobile IPv6—Communities of Interest
Design Goals
Design Options
PPP/L2TP-Based Deployment Option
Dual-Stack Deployment Option
Basic Services Design and Implementation
Addressing Plan
Unicast Connectivity
Access
Edge and Core
Service Rollout Plan
DNS and Content Hosting/Storage
Internet Access
Advanced Services Design and Implementation
Content Distribution—IPv6 Multicast
IPv6 Multicast Service Design
IPv6 Multicast Implementation
Quality of Service
QoS Service Design
QoS Implementation
Operating and Troubleshooting the Network
Securing the IPv6 Network
Securing the Access
Securing the Edge
Securing the Data Center
Managing the Network
Troubleshooting
Provisioning
Unicast Routing and Forwarding
Multicast Routing and Forwarding
Deployment Lessons
Chapter 15 Deploying IPv6 in an Enterprise Network
Introducing AC Corporation
AC Network Environment
AC Network Infrastructure
Headquarters
Branch Offices
Business Drivers to Integrate IPv6 on the AC Network
Learning the Technology
Expanding the Test Bed
Domain Name Service (DNS)
ISATAP Router
IPv6 Internet-to-Campus Connectivity
Expanding the IPv6 Intranet Testing
Lessons from the Trial
Moving IPv6 to Production
Cost Analysis
Operations
Design and Setup
IPv6 Addressing
Prefix-Assignment Scheme
Address Configuration Rules
Dual-Stack Deployment
Routing Protocols
First-Hop Router Redundancy
Tuning Neighbor Discovery
Configuring Default Router Selection
Enabling Cisco HSRP for IPv6
Securing the IPv6 Deployment
Multicast
Network Management
Mobility
QoS
Troubleshooting
Future Evolutions
Prefix Selection, Assignment Policies and Multihoming
Security
Market Expansion
Index
Notă biografică
Ciprian P. Popoviciu, PhD, CCIE No.4499, is a Technical Leader within the Networked Solutions Integration Test Engineering group at Cisco Systems. As part of NSITE, Ciprian was the lead on several projects including IPv6 Deployments and Solutions to which he contributed architecture, implementation, and evaluation guidance.
Eric Levy-Abegnoli is a technical leader in the IP Technologies Engineering group at Cisco Systems, where he is the technical lead for IPv6 development in IOS. Eric has worked with the Cisco IPv6 implementation since 2001, and has been involved in some of the largest IPv6 deployments.
Patrick Grossetete, Manager of Product Management at Cisco Systems, is responsible for a suite of Cisco IOS® software technologies including IPv6 and IP Mobility. He is a member of the IPv6 Forum Technical Directorate and manages Cisco’s participation in the Forum.
Eric Levy-Abegnoli is a technical leader in the IP Technologies Engineering group at Cisco Systems, where he is the technical lead for IPv6 development in IOS. Eric has worked with the Cisco IPv6 implementation since 2001, and has been involved in some of the largest IPv6 deployments.
Patrick Grossetete, Manager of Product Management at Cisco Systems, is responsible for a suite of Cisco IOS® software technologies including IPv6 and IP Mobility. He is a member of the IPv6 Forum Technical Directorate and manages Cisco’s participation in the Forum.
Textul de pe ultima copertă
An essential, comprehensive, and practical guide to IPv6 concepts, service implementation, and interoperability in existing IPv4 environments After completing "Deploying IPv6 Networks," you will:
- Understand the current state of IPv6 technologies and services
- Understand the IPv6 features as they are applied in service deployments
- Be prepared with guidelines on how to ready your organization for a migration to IPv6
- Know how to design and implement an IPv6 production-level network using the book's templates and examples
- Have the ability to configure and troubleshoot IPv6 networks
- Know where IPv6 developments are moving in the future