Establishment of Wired Network IPv6

Establishment of Wired Network IPv6

by
Contents
1 Wired IPv6 Network Construction Steps
2 Conclusion

Wired IPv6 Network Construction Steps

  1. The wired network starts with the configured IPv6 address of the education network starting with 2001:DA8, and the access is also on the original IPv4 egress device, but the IPv6 interface address and IPv6 route are added on the IPv4 interface. At first, the education network IPv6 was established on the wireless network, but because the export was only 1 Gbps, the export was full immediately after the establishment, and after the speed limit was set, the user reported that the network was too slow. After the mobile IPv6 was opened, the wireless network used mobile IPv6 addresses. IPv6 is only used on wired networks. The IPv6 of the wired network is first tested and set up in two buildings, and the configuration is modified in batches in each building after the completion.
  2. First use the IPv6 address calculator to calculate the interface address, and then find a section of address to use as the interface address. The mask bit of the interface address is 126 bits, and use other section addresses as the user address. The user address uses 64 bits first, and then changes to 112 bits. The mask bits of the user address can be adjusted according to the actual situation. When preparing, make a table, list the IPv4 interface of each building, calculate the IPv6 interface address, and user address.
  3. The wired network IPv6 of each building is built, and the IPv6 address is added to the IPv4 interface of the wired network of each building.
  4. Add IPv6 default route and IPv6 OSPF on the wired network convergence of each building.
  5. IPv6 configuration for the user segment. Because there are too many IPv4 VLANs, the wired campus network in the office area is not flattened. Only the VLANs with the largest number of users in each building are configured with IPv6 addresses. Increase, each building has more IPv6 routing and DHCP.
  6. Access the network switch to allow IPv6. Release IPv6: address-bind ipv6-mode loose Enable the routing function of IPv6: ipv6 unicast-routing, after entering this command, it will not be seen in the configuration.
  7. Build a dedicated DHCP server for IPv6. There are many IPv6 addresses in the education network of the unit. The IPv6 DHCP service on the core Ethernet switch only supports 20 configured DHCP addresses to issue the network segment iana-address prefix. If the wired network of each building is enabled with IPv6 More than 20 network segments, first use Windows Server as the DHCP server address can only be /64 bits, will not modify here, it is too wasteful for users to use /64 bit addresses, add the DNS address in the server option 00023DNS recursive name server IPv6 address, in Add the IPv6 DNS address here. So the author uses CentOS to build a DHCP server. DHCPv6 uses UDP ports 546 and 547. Before configuring DHCPv6, the firewall must be closed first, otherwise DHCP cannot be delivered. After the test is completed, open the firewall. DHCPv6 must be allowed in the firewall to facilitate management , to allow SSH.

Click here – Looking for the right carnival outfit

Conclusion

IPv6 activation based on IPv4 network is to configure IPv6 addresses on IPv4 interfaces, add IPv6 routes on Ethernet switches, and add IPv6 addresses to user IPv4 VLANs. IPv6 interface addresses and user addresses must be planned in advance. To be an IPv6 DHCP server, the IPv6 DHCP server can be implemented on a switch or a dedicated server, depending on the performance of the device and the actual situation, or more than one can be configured to configure different DHCP servers.

The opening of the IPv6 network encountered a problem: because some websites do not support IPv6, and IPv6 is given priority under IPv4+IPv6, some websites cannot be accessed or the access is very slow. Many users don’t know about IPv6 resolution issues. They only feel that the network is slow and have many opinions. After running for a period of time, IPv6 for wireless network mobile phone users is turned off. Through monitoring, it is found that there are tens of thousands of IPv6 addresses online, and the peak value of export IPv6 reaches more than 5 Gbps. The performance degradation of the equipment affects the operation of the IPv4 network. Regardless of whether IPv4 or IPv6, the user only reflects that the network is slow. After 3 months of operation, ordinary users of the mobile IPv6 network The IPv6 network is closed, only the IPv6 on the experimental SSID is reserved, and the IPv6 of the education network remains in operation.

Click here – CRP Test: Procedure and Price

After the opening of the IPv6 network, we are faced with security issues. There are only 3 security devices that support IPv6 networks, which can be monitored and viewed. Other security devices do not support IPv6 networks. Websites only dare to use 6 to 4 conversion, and can only do 6 to 4 for some websites convert. The maximum number of IPv6 flow table sessions configured on the egress router is only 1.04 million, and the core switch cannot view the number of IPv6 sessions. All network and security devices need to be upgraded to fully support IPv6 with tens of thousands of users, which is expensive and cannot be done for a while.