After the network devices have been connected and configured with IPv6 functionality and end-to-end connectivity has been verified, it is time to set up the endpoints, operating systems, applications, and any management tools or systems needed in the lab. In the lab diagram shown in Figure 12-1, the only operating system installations that need to be made are Microsoft Windows 7, Microsoft Windows Server 2008 R2, and VMware vSphere 4.1 with Hypervisor ESXi. In most enterprise labs, a much wider range of operating systems, such as Linux and hypervisor solutions such as Microsoft Hyper-V, would be installed. For the sake of clarity and brevity, only Microsoft Windows operating systems are installed.
The installation of the operating systems will begin with VMware vSphere 4.1 and installing the Hypervisor ESXi 4.1 on the server hardware. The installation of VMware vSphere and ESXi is straightforward, and instructions for planning and deployment of the VMware environment can be found at the VMware vSphere support center: http://www.vmware.com/support/product-support/vsphere.
The area of focus for this topic is the IPv6 configuration for ESXi so that the host can be connected to and managed by VMware vCenter and the VMware Infrastructure Client (VI Client) over IPv6.
Figure 12-3 shows the ESXi console that is used for the installation of ESXi in the lab.
Figure 12-3 VMware ESXi Console – Management Network Screen
From the main console screen (shown in Figure 12-3) and under Configure Management Network, select IPv6 Configuration.
By default, IPv6 is not enabled on VMware ESXi, so it needs to be enabled before any other IPv6 functions are configured. Figure 12-4 shows the screen where IPv6 is enabled.
When IPv6 has been enabled in the console, you must reboot the host. After the host has been rebooted, the other IPv6 configuration parameters are available for use. Figure 12-5 shows the static definition of the IPv6 address for the ESXi host. In the lab, the first-hop routers (the VLAN interfaces on the two Catalyst 6504s) will send router advertisements (RA) that this host will use as the default gateway (the RA will be the Hot Standby Router Protocol [HSRP] or Gateway Load Balancing Protocol [GLBP] IPv6 virtual IP address). Optionally, the HSRP or GLBP IPv6 virtual IP address can be statically defined here.
In addition to the static addressing, the Domain Name System (DNS) IPv6 address can be defined so that this host can leverage an IPv4- and/or IPv6-enabled DNS server for name resolution. This step can also be configured in the host properties in vCenter. Figure 12-6 shows the DNS definition for the host.
Figure 12-4 VMware ESXi Console – Enable IPv6
Figure 12-5 VMware ESXi Console – IPv6 Static Address
Figure 12-6 VMware ESXi Console – DNS Definition
Now that the ESXi host is online and has IPv6 configured, a VMware vCenter VM can be built (or another vCenter installation can manage this host). Figure 12-7 shows the Add Host Wizard from the VMware vCenter VM (running on Microsoft Windows Server 2008 R2 Enterprise Edition) that was built to manage the ESXi host.
In Figure 12-7, the vCenter Add Host Wizard has the host field populated with the IPv6 address that was previously defined for the ESXi host. If DNS or a local host file has been configured for name resolution, the name of the ESXi host can be used here instead of the IPv6 address. After the credentials have been provided, vCenter will begin connecting to and adding the ESXi host to its database.
Figure 12-8 shows that the new host (2001:db8:cafe:11::14) has been added to the data center list along with two other IPv6-enabled hosts (not referenced in this topic).
At this point, there is a fully functional lab network built and a usable VMware vCenter and Hypervisor ESXi host built from which all other VMs can be deployed.
A Microsoft Windows Server 2008 R2 VM is built and will be used for a new Active Directory (AD), DNS, and Dynamic Host Configuration Protocol (DHCP) deployment. To keep things simple, this same VM will have the web server role enabled so that the Windows 7 clients can access the default web page and the FTP server over IPv6.
By default, IPv6 is enabled and functional on Microsoft Windows Vista, Windows 7, and Windows Server 2008 and 2008 R2. For the Windows Server in the lab, a static address is defined and the DNS server entry is pointing to itself using the loopback address of ::1, as seen in Figure 12-9.
Figure 12-7 VMware vCenter Console – Add Host Wizard
Figure 12-8 VMware vCenter Console – IPv6-Enabled Hosts
Figure 12-9 Microsoft Windows Server 2008 R2 – Static IPv6 Address
After the Windows Server 2008 R2 VM has been built, AD and DNS have been configured, and the various roles such as DHCP and web server have been installed, it is time to configure DHCP for IPv6 address allocation so that the Windows 7 clients can receive centralized IPv6 addressing.
The Microsoft Windows Server 2008 DHCP role offers two modes: stateless and stateful. Stateless allows the client to receive IPv6 addressing through some other means of assignment such as IPv6 autoconfiguration from the local router, but the DHCP options come from the Microsoft Windows Server running DHCP. Stateful-only mode is similar to what is used already in IPv4-based DHCP deployments, where the client receives both addressing and options through the DHCP server. The choice can be changed later if the stateless mode needs to be disabled or reenabled. In the lab environment, stateless mode is left enabled in case it needs to be tested later on.
Figure 12-10 shows the screen where a choice can be made about stateless or stateful mode.
The next steps in defining a DHCP IPv6 scope are nearly identical to the steps used to create an IPv4 scope. Scope name, address range, and exclusions are the required steps.
Figure 12-11 shows the first screen in the DHCP New Scope Wizard.
The initial test of DHCP in this lab is to ensure that the Microsoft Windows 7 client can receive an IPv6 address through DHCP on the same VLAN. The first scope is for the VLAN 102 using prefix 2001:db8:cafe:102::/64, which is on the same network as the DHCP server itself. The Windows 7 client will initially be configured to connect to VLAN 102 to ensure that it gets an address, can join the domain, and test basic access.
Figure 12-12 shows the scope prefix of 2001:db8:cafe:102::/64.
Figure 12-10 DHCP Server – Stateless or Stateful-Only Mode
Figure 12-11 DHCP for IPv6 New Scope Wizard – Scope Name
Figure 12-12 DHCP for IPv6 – Scope Prefix
The next step is to enter an address exclusion range so that DHCP does not assign addresses in this range. For the sake of this lab, no exclusions were added.
The scope is now completed, and additional DHCP server options such as domain search list and other options can be configured for the clients.
AD, DNS, and DHCP have all been configured with basic parameters, and now the Microsoft Windows 7 VM can be built and connected to the VLAN 102 network inside of vCenter.
When the Windows 7 VM is powered on, it will obtain an IPv6 address from the DHCP server. Figure 12-13 shows the DHCP Management Console on the Microsoft Windows Server 2008 R2 VM. The Windows 7 client successfully received an IPv6 address from the DHCP server, as shown in this figure.
A few basic tests can be executed to ensure that the Windows 7 client can communicate with the Windows 2008 R2 server. An FTP session is established between the Windows 7 client and the Windows server, as seen in Figure 12-14.
Figure 12-13 DHCP for IPv6 – Successful Address Assignment
Figure 12-14 FTP over IPv6 Test
A drive is mapped from the Windows 7 client to a network share on the Windows 2008 R2 server over IPv6 (the server name is used instead of the literal IPv6 address). Also, a new DNS AAAA record is created to test that new DNS entries can be resolved by the client. In Figure 12-15, a new entry of test is entered into DNS, and it resolves to the address of the server.
Figure 12-15 New DNS AAAA Record
The client can then open a web browser, enter http://test.example.com, and reach the Internet Information Service (IIS) default website at 2001:db8:cafe:102::a. The Windows 7 client now has an open FTP session, a mapped network drive, and an HTTP session all over IPv6. Figure 12-16 shows the active TCP sessions on the Windows 7 client.
Figure 12-16 Active TCP Sessions over IPv6
The Windows 7 client can now have its network port association moved to the WAN/branch section of the lab. DHCPv6 Relay can be enabled on the branch router interface so that the client can obtain a new DHCP lease from the DHCP server over the WAN link.
Also, located in the branch section of the lab is the IPv6-enabled printer that can be used for other testing. The Brother MFC 7840W (a small-office multifunction printer/copier/scanner) is used for the testing. The MFC 7840W supports IPv6, as seen in Figure 12-17, and is using 2001:db8:cafe:1000::5, which is the prefix assigned to this branch link.
Figure 12-17 IPv6-Enabled Printer Setup
At this point, the network is configured, there are hosts such as the Windows 7 and Windows Server 2008 R2 VMs, and other endpoints such as the IPv6-enabled printer are connected. Another VM can be created so that there is a server and/or client located out in the Internet edge portion of the lab network. This VM can be used to simulate an Internet server for external access, a VPN client for Cisco AnyConnect SSL VPN client testing, and inbound port filter testing for the Cisco ASA.
Basic testing has been completed, and now the lab is ready for more comprehensive testing and application deployment.
