CITC ISD P2 - Task force
Download
Report
Transcript CITC ISD P2 - Task force
3rd IPv6 Task Force Meeting
IPv6 lab design and
connectivity procedures
CITC
January 20th, 2008
Agenda
Explain the design of the ipv6 test lab hosted in CITC data
center, focusing on the available equipment and how it is
physically connected
Explain the technical requirements and procedures in order
to connect to the ipv6 lab from both sides
o CITC side
o Client side (ISPs, government institutes, enterprises…)
2
Table of Contents
Section Name
1
Lab Design
2
Connectivity Procedures
3
IPv6 Lab Design
1- Lab equipment:
Device name
Qty
Description
CISCO1841
4
Modular Router w/2xFE, 2 WAN slots, 32 FL/128 DR
WS-C3560-24TS-E
1
Catalyst 3560 24 10/100 + 2 SFP + IPS Image
HP Servers ,DL360G5 5410 2x1GB 1x146GB DP 10k SFF-SAS E200i128M BBWC DVD R-RW65438
470064-623
4
Operating System:
3 servers Linux fedora6
1 Windows 2003 server
4
IPv6 Lab network diagram
S1
HP Server
CITC
Internet Service Provider
S2
HP Server
NIC1
NIC1
F0/4
F0/7
S3
HP Server
S4
HP Server
NIC1
NIC1
CITC External
Network
F0/1
F0/10
F0/13
Catalyst 3560
1
SW1
Cisco S3560
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
SERIES
PoE-24
24
1X
11X
13X
23X
2X
12X
14X
24X
SYST
RPS
STAT
DUPLX
SPEED
POE
1
2
MODE
F0/2
F0
F0/3
F0/5
F1
F0
Cisco 1800 Series
SYS
OK
SYS
PWR
R1
Cisco R1841
F0/6
F0/8
F1
F0
SYS
PWR
SYS
OK
R2
Cisco R1841
CITC- Internet development phase II
DRAWING Name:
F0
Cisco 1800 Series
SYS
OK
R3
Cisco R1841
DRAWN BY:
IPv6 test lab
Low level diagram
MG
5
F0/12
F1
Cisco 1800 Series
SYS
PWR
VLAN 23
IPv4 OSPF
Area 0
SYS
PWR
R4
Cisco R1841
Legend
PROJECT NAME:
F0/11
F1
Cisco 1800 Series
SYS
OK
F0/9
LEGEND:
VLAN#
99
12
23
34
44
VLAN Name
External
IPv6-2
IPv4-1
IPv6-3
IPv6-4
IPv4 address
a.b.c.d/30
192.168.12.0/24
192.168.23.0/24
192.168.34.0/24
192.168.44.0/24
Date:
11/11/2008
Section Name
1
Lab Design
2
Connectivity Procedures
6
Connectivity Procedures
Introduction
Interested clients (ISP, government institute, enterprise…) can connect to the ipv6 test
lab using ipv6 over ipv4 tunnel
NO dedicated link is needed, just internet connectivity with a static IP address
Client can then test CITC ipv6 offered services (Web, DNS,…)
Multiple clients can also utilizing the CITC lab infrastructure in order to have intertesting scenarios for certain applications
7
Connectivity Procedures
IPv6 address space
CITC have a block of ipv6 address space (2001:1490:100::/48), this block will be
subnetted into smaller ipv6 subnets with prefix length of 64; the total available
subnets is (2^16 =65536 subnets)
Each client will be assigned two subnets (one for the tunnel and one for internal
network); So the lab can theoretically host 65536/2=32768 client
The ipv6 subnet details will be stored and maintained in following table:
#
1
Client name
CITC lab
2
ISP1
3
Org1
ISPn
IPv6 subnet (/64)
2001:1490:0:3800::2/126
2001:1490:100:12::1/64
2001:1490:100:5::/64
2001:1490:100:6::/64
2001:1490:100:7::/64
2001:1490:100:8::/64
Description
LAB-tunnel ->KACST 86.111.198.10
LAB-internal network
ISP1- internal network, pho.111111
ISP1- tunnel IP, pho.111111
2001:1490:100:FFFE::/64
8
IPv4 add.
212.138.112.12
a.b.c.d
Connectivity Procedures
Connectivity application form:
CITC-IPv6 Test Lab
Interested client will download
the application form from CITC
web site, fill in required fields
and submit it via email
Date:_____________
Connectivity Request Form
----------------------------------------------------------------------------------------------
Client details:
Client name:_______________________________
Phone:_____________________________________
Client address:____________________________
Client official email:_____________________
Technical details:
The client should fill in the
ipv4 address that will be used
to terminate the ipv6ipv4
tunnel
Connectivity purpose:
________________________________________________________
________________________________________________________
________________________________________________________
Tunnel ipv4 address:_______________________
Technical contact:_________________________
Client Signature:__________________________
[] Read and Agree Terms and Conditions
The client will fill in also the
technical contact details and
email for future communication
and support
-----------------------------------------------------------------------------------------------
For internal use:
Tunnel Number and description:__________________________________________________
Source ipv6 tunnel address:_____________________________________________________
Destination ipv6 tunnel address:________________________________________________
Assigned IPv6 subnet:___________________________________________________________
Administrator Name:________________________
9
Signature:_____________________
Connectivity Procedures
Connectivity procedure (CITC):
The network administrator will
received the form and check the
basic ICMP (ping) connectivity
with the client ipv4 address
interface Tunnel6
description Tunnel to ISP6
no ip address
ipv6 address 2001:1490:100:6::1/64 !----------- See table 5
ipv6 enable
tunnel source ipv6lab.citc.gov.sa !------86.111.198.10
The network administrator will
then reserve and allocate two /64
ipv6 subnet for this client, and
update the table mentioned
early accordingly
tunnel destination a.b.c.d !------ ipv4 address, get from the application form
tunnel mode ipv6ip
end
ipv6 route 2001:1490:100:5::/64 Tunnel6 !----------- See table 5
Dear Sir,
Reference to your application form submitted on date:-----------, find bellow the
ipv6 address subnets
The network administrator will
create a new tunnel interface
and configure a static ipv6 route
for the client on the edge router
(R1)
1-
The ipv6 address on the tunnel interface is 2001:1490:100:6::2/64
2-
The ipv6 subnet for your internal use is: 2001:1490:100:5::/64
Should you have any further clarification, do not hesitate to contact us
Kind regards
Ipv6lab administrator
The client will receive an email
of the technical details
10
Connectivity Procedures
Connectivity procedure (Client):
Prerequisites
The ISP should have an edge router
connected to the internet with a real
IPv4 address
If the router is reside behind a
firewall, two rules should be applied
on the FW on the external interface:
Finally the cline should fill up and
submit the request form
permit inbound | Source IP 86.111.198.10 | Source IP protocol 41 (ipv6ip)
permit inbound | Source IP 86.111.198.10 | Source IP protocol ICMP
Interface Tunnel X
Description IPv6 Tunnel with CITC test lab
no ip address
ipv6 address 2001:1490:100:6::2/64 !----- Assigned by CITC
Tunnel configuration:
The client now received the required
technical details so he can configure
and test the tunnel interface on the
edge router
ipv6 enable
tunnel source A.B.C.D !------ Real IPv4 address on the external interface
tunnel destination 86.111.198.10 !------ CITC edge router IP
tunnel mode ipv6ip
interface FastEthernet0/0 !------ Internal interface
ipv6 address 2001:1490:100:5::1/64 !------ Assigned by CITC
ipv6 enable
end
ipv6 route ::/0 Tunnel X
11
THE END
12