Implementing IPv6 for Network Management
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Contents
Implementing IPv6 for Network ManagementLast Updated: June 21, 2012
This document describes the concepts and commands used to manage Cisco applications over IPv6 and to implement IPv6 for network management. Finding Feature InformationYour software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Information About Implementing IPv6 for Network Management
Telnet Access over IPv6The Telnet client and server in the Cisco IOS software support IPv6 connections. A user can establish a Telnet session directly to the router using an IPv6 Telnet client, or an IPv6 Telnet connection can be initiated from the router. A vty interface and password must be created in order to enable Telnet access to an IPv6 router. TFTP IPv6 SupportThe Trivial File Transfer Protocol (TFTP) is designed to transfer files over the network from one host to another using the most minimal set of functionality possible. TFTP uses a client-server model in which clients can request to copy files to or from a server. TFTP uses UDP over IPv4 or IPv6 as its transport, and can work over IPv4 and IPv6 network layers. TFTP File Downloading for IPv6IPv6 supports TFTP file downloading and uploading using the copycommand. The copycommand accepts a destination IPv6 address or IPv6 hostname as an argument and saves the running configuration of the router to an IPv6 TFTP server, as follows:
Router# copy running-config tftp://[3ffe:xxxx:c18:1:290:27ff:fe3a:9e9a]/running-config
ping and traceroute Commands in IPv6The ping command accepts a destination IPv6 address or IPv6 hostname as an argument and sends Internet Control Message Protocol version 6 (ICMPv6) echo request messages to the specified destination. The ICMPv6 echo reply messages are reported on the console. Extended ping functionality is also supported in IPv6. The traceroute command accepts a destination IPv6 address or IPv6 hostname as an argument and will generate IPv6 traffic to report each IPv6 hop used to reach the destination address. SSH over an IPv6 TransportSSH in IPv6 functions the same and offers the same benefits as SSH in IPv4. The SSH Server feature enables an SSH client to make a secure, encrypted connection to a Cisco router, and the SSH Client feature enables a Cisco router to make a secure, encrypted connection to another Cisco router or to any other device running an SSH server. IPv6 enhancements to SSH consist of support for IPv6 addresses that enable a Cisco router to accept and establish secure, encrypted connections with remote IPv6 nodes over an IPv6 transport. SNMP over an IPv6 TransportSimple Network Management Protocol (SNMP) can be configured over IPv6 transport so that an IPv6 host can perform SNMP queries and receive SNMP notifications from a device running Cisco IOS software for IPv6. The SNMP agent and related MIBs have been enhanced to support IPv6 addressing. SNMP for IPv6 provides 3DES and AES are provided for message encryption. Cisco IOS IPv6 MIBsCisco has long supported IP-MIB and IP-FORWARD-MIB in IPv4. CISCO-IETF-IP-MIB and CISCO-IETF-IP-FORWARDING-MIB are IPv6 MIBs that are defined as being protocol-independent, but are implemented only for IPv6 objects and tables. In Cisco IOS Release 12.2(33)SRC, IP-MIB and IP-FORWARD-MIB were updated to RFC 4293 and RFC 4292 standards, as follows:
CISCO-IETF-IP-MIB and CISCO-IETF-IP-FORWARDING-MIB have been removed from the Cisco IOS releases in which the new standards have been applied. Information in these MIBs is now included in these new MIBs: IP-MIB and IP-FORWARD-MIB. See the Feature Information for Implementing IPv6 for Network Management for the releases. MIBs Supported for IPv6The following MIBs are supported for IPv6:
CISCO-CONFIG-COPY-MIB and CISCO-FLASH-MIB support IPv6 addressing when TFTP, remote copy protocol (rcp), or FTP is used. The following MIB was added to support IPv6 over SNMP: The following MIBs were modified to support IPv6 over SNMP: Cisco IOS IPv6 Embedded Management ComponentsThis section describes Cisco IOS embedded management components that have IPv6-compliant operability in IPv6 and dual-stack IPv6 and IPv4 networks. SyslogThe Cisco IOS system message logging (syslog) process in IPv6 allows users to log syslog messages to external syslog servers and hosts with IPv6 addresses. This implementation allows user to specify an IPv4-based logging host (syslog server) by providing the host's IP address in IPv4 format (for example, 192.168.0.0) or IPv6 format (for example, 2001:DB8:A00:1::1/64). CNS AgentsIPv6 addressing is supported in the Cisco Networking Services (CNS) subsystem. CNS is a foundation technology for linking users to networking services and provides the infrastructure for the automated configuration of large numbers of network devices. Many IPv6 networks are complex, with many devices, and each device must be configured individually. When standard configurations do not exist or have been modified, the time involved in initial installation and subsequent upgrading is considerable. Internet service providers (ISPs) need a method for sending out partial configurations to introduce new services. To address all these issues, CNS was designed to provide "plug-and-play" network services using a central directory service and distributed agents. CNS features include CNS agents and a flow-through provisioning structure. CNS flow-through provisioning uses the CNS configuration and event agents to provide an automated workflow, eliminating the need for an onsite technician. IPv6 addressing supports the CNS agents described in the following sections: CNS Configuration AgentThe CNS configuration agent is involved in the initial configuration and subsequent partial configurations on a Cisco IOS device. The configuration agent uses a CNS configuration engine to provide methods for automating initial Cisco IOS device configurations, incremental configurations, and synchronized configuration updates, and the configuration engine reports the status of the configuration load as an event to which a network monitoring or workflow application can subscribe. CNS Event AgentThe CNS event agent provides a transport connection to the CNS event bus for all other CNS agents. No event can be sent to the router by the configuration engine until the CNS event agent is operational and has successfully built a connection between the configuration engine and the router. The event agent uses a CNS configuration engine to provide methods for automating initial Cisco IOS device configurations, incremental configurations, and synchronized configuration updates. CNS EXEC AgentThe CNS EXEC agent allows a remote application to execute a CLI command in EXEC mode on a Cisco IOS device by sending an event message that contains the command. CNS Image AgentAdministrators maintaining large networks of Cisco IOS devices need an automated mechanism to load image files onto large numbers of remote devices. Network management applications are useful to determine which images to run and how to manage images received from the Cisco online software center. Other image distribution solutions do not scale to cover thousands of devices and cannot distribute images to devices behind a firewall or using Network Address Translation (NAT). The CNS image agent enables the managed device to initiate a network connection and request an image download allowing devices using NAT, or behind firewalls, to access the image server. The CNS image agent can be configured to use the CNS event bus. To use the CNS event bus, the CNS event agent must be enabled and connected to the CNS event gateway in the CNS Configuration Engine. The CNS image agent can also use an HTTP server that understands the CNS image agent protocol. Deployment of CNS image agent operations can use both the CNS event bus and an HTTP server. Config LoggerConfig logger tracks and reports configuration changes. Config logger supports two content types:
XML--The config logger uses Extensible Markup Language (XML) to report the configuration change details (for example, what changed, who changed it, when changes were made, parser return code (PRC) values, and incremental NVGEN results). HTTP(S) IPv6 SupportThis feature enhances the HTTP(S) client and server to support IPv6 addresses. The HTTP server in Cisco IOS software can service requests from both IPv6 and IPv4 HTTP clients. The HTTP client in Cisco IOS software supports sending requests to both IPv4 and IPv6 HTTP servers. When you use the HTTP client, URLs with literal IPv6 addresses must be formatted using the rules listed in RFC 2732. TCLTool command language (TCL) is used in Cisco IOS software for IPv6 to support features such as embedded syslog manager (ESM), embedded event manager (EEM), interactive voice response (IVR), and tclsh parser mode. TCL supports both initiating (client) and listening (server) sockets. NETCONFThe Network Configuration Protocol (NETCONF) defines a mechanism through which a network device can be managed, configuration data information can be retrieved, and new configuration data can be uploaded and manipulated. NETCONF uses XML-based data encoding for the configuration data and protocol messages. SOAP Message FormatUsing the Service-Oriented Access Protocol (SOAP) protocol provides a way to format the layout of CNS messages in a consistent manner. SOAP is a protocol intended for exchanging structured information in a decentralized, distributed environment. SOAP uses XML technologies to define an extensible messaging framework that provides a message format that can be exchanged over a variety of underlying protocols. Within the SOAP message structure, there is a security header that enables CNS notification messages to authenticate user credentials. IP SLAs for IPv6Cisco IOS IP Service Level Agreements (SLAs) are a portfolio of technology embedded in most devices that run Cisco IOS software that allows Cisco customers to analyze IPv6 service levels for IPv6 applications and services, to increase productivity, to lower operational costs, and to reduce the frequency of network outages. IP SLAs uses active traffic monitoring--the generation of traffic in a continuous, reliable, and predictable manner--for measuring network performance. The following Cisco IOS IP SLAs are supported for IPv6:
How to Implement IPv6 for Network Management
Enabling Telnet Access to an IPv6 Router and Establishing a Telnet SessionUsing either IPv4 or IPv6 transport, you can use Telnet to connect from a host to a router, from a router to a router, and from a router to a host. DETAILED STEPS Enabling SSH on an IPv6 RouterBefore You Begin
SUMMARY STEPS
Before configuring SSH over an IPv6 transport, ensure that the following conditions exist:
DETAILED STEPS
Configuring an SNMP Notification Server over IPv6Use an SNMP community string to define the relationship between the SNMP manager and the agent. The community string acts like a password to regulate access to the agent on the router. Optionally, you can specify one or more of the following characteristics associated with the string:
You can configure one or more community strings. To remove a specific community string, use the no snmp-server community command. The snmp-server host command specifies which hosts will receive SNMP notifications, and whether you want the notifications sent as traps or inform requests. The snmp-server enable traps command globally enables the production mechanism for the specified notification types (such as Border Gateway Protocol [BGP] traps, config traps, entity traps, and Hot Standby Router Protocol [HSRP] traps). DETAILED STEPS
Configuring Cisco IOS IPv6 Embedded Management ComponentsMost IPv6 embedded management components are enabled automatically when IPv6 is enabled and do not need further configuration. To configure syslog over IPv6 or disable HTTP access to a router, refer to the tasks in the following sections: Configuring Syslog over IPv6SUMMARY STEPS
DETAILED STEPS
Disabling HTTP Access to an IPv6 RouterHTTP access over IPv6 is automatically enabled if an HTTP server is enabled and the router has an IPv6 address. If the HTTP server is not required, it should be disabled. DETAILED STEPS
Configuration Examples for Implementing IPv6 for Network Management
Examples Enabling Telnet Access to an IPv6 Router ConfigurationThe following examples provide information on how to enable Telnet and start a session to or from an IPv6 router. In the following example, the IPv6 address is specified as 2001:DB8:20:1::12, and the hostname is specified as cisco-sj. The show host command is used to verify this information. Router# configure terminal Router(config)# ipv6 host cisco-sj 2001:DB8:20:1::12 Router(config)# end Router# show host Default domain is not set Name/address lookup uses static mappings Codes:UN - unknown, EX - expired, OK - OK, ?? - revalidate temp - temporary, perm - permanent NA - Not Applicable None - Not defined Host Port Flags Age Type Address(es) cisco-sj None (perm, OK) 0 IPv6 2001:DB8:20:1::12 To enable Telnet access to a router, create a vty interface and password: Router(config)# line vty 0 4 password lab login To use Telnet to access the router, you must enter the password:
Router# telnet cisco-sj
Trying cisco-sj (2001:DB8:20:1::12)... Open
User Access Verification
Password:
cisco-sj
.
.
.
verification
It is not necessary to use the telnet command. Specifying either the hostname or the address is sufficient, as shown in the following examples:
Router# cisco-sj
or
Router# 2001:DB8:20:1::12
To display the IPv6 connected user (line 130) on the router to which you are connected, use the show users command:
Router# show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
130 vty 0 idle 00:00:22 8800::3
Note that the address displayed is the IPv6 address of the source of the connection. If the hostname of the source is known (either through a domain name server [DNS] or locally in the host cache), then it is displayed instead:
Router# show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
130 vty 0 idle 00:02:47 cisco-sj
If the user at the connecting router suspends the session with ^6x and then enters the show sessions command, the IPv6 connection is displayed:
Router# show sessions
Conn Host Address Byte Idle Conn Name
* 1 cisco-sj 2001:DB8:20:1::12 0 0 cisco-sj
The Conn Name field shows the hostname of the destination only if it is known. If it is not known, the output might look similar to the following:
Router# show sessions
Conn Host Address Byte Idle Conn Name
* 1 2001:DB8:20:1::12 2001:DB8:20:1::12 0 0 2001:DB8:20:1::12
Examples Configuring an SNMP Notification Server over IPv6The following example permits any SNMP to access all objects with read-only permission using the community string named public. The router also will send BGP traps to the IPv4 host 172.16.1.111 and IPv6 host 3ffe:b00:c18:1::3/127 using SNMPv1 and to the host 172.16.1.27 using SNMPv2c. The community string named public is sent with the traps. Router(config)# snmp-server community public Router(config)# snmp-server enable traps bgp Router(config)# snmp-server host 172.16.1.27 version 2c public Router(config)# snmp-server host 172.16.1.111 version 1 public Router(config)# snmp-server host 3ffe:b00:c18:1::3/127 public Associate an SNMP Server Group with Specified Views ExampleIn the following example, the SNMP context A is associated with the views in SNMPv2c group GROUP1 and the IPv6 named access list public2: Router(config)# snmp-server context A Router(config)# snmp mib community-map commA context A target-list commAVpn Router(config)# snmp mib target list commAVpn vrf CustomerA Router(config)# snmp-server view viewA ciscoPingMIB included Router(config)# snmp-server view viewA ipForward included Router(config)# snmp-server group GROUP1 v2c context A read viewA write viewA notify access ipv6 public2 Create an SNMP Notification Server ExampleThe following example configures the IPv6 host as the notification server: Router> enable Router# configure terminal Router(config)# snmp-server community mgr view restricted rw ipv6 mgr2 Router(config)# snmp-server engineID remote 3ffe:b00:c18:1::3/127 remotev6 Router(config)# snmp-server group public v2c access ipv6 public2 Router(cofig)# snmp-server host host1.com 2c vrf trap-vrf Router(cofig)# snmp-server user user1 bldg1 remote 3ffe:b00:c18:1::3/127 v2c access ipv6 public2 Router(config)# snmp-server enable traps bgp Router(config)# exit Additional ReferencesRelated Documents
MIBsRFCs
Technical Assistance
Feature Information for Implementing IPv6 for Network ManagementThe following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. © 2012 Cisco Systems, Inc. All rights reserved.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||