2011 TWNIC SP IPv6 Transition
Post on 12-Jan-2015
2130 Views
Preview:
DESCRIPTION
Transcript
IPV6 TRANSITION STRATEGIES FOR SERVICE PROVIDERS
Johnson Liu
2011/09/30
2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
JUNIPER PERSPECTIVE ON IPV4 EXHAUSTION AND IPV6 DEPLOYMENT
3 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPV4 REALITY CHECK: IANA FREE POOL HAS EXHAUSTED
Post 2008 recession
Pre 2008 recession
2008 recession effect
After completion:
Existing IPv4 addresses will not stop working.
Current networks will still operate.
IANA exhaust: 2/1/2011
RIR exhaust: soon after
0%
4 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPV6 REALITY CHECK: THE IPV4 LONG TAIL
Post IPv4 allocation completion:
Many hosts & applications in customer residential networks (eg
Win 95/98/2000/XP, game consoles, consumer electronics,
industrial devices) are IPv4-only.
Most software & servers in enterprise network are IPv4-only
They will not function in an IPv6-only environment.
Few of those can or will upgrade to IPv6.
Content servers (web, email,…) are hosted on the Internet by
many different parties. It will take time to upgrade those to IPv6.
Current measurement: 0.15% of Alexa top 1-million web sites are available via IPv6 (This number has not changed in the last 12 months)
Source: http://ipv6monitor.comcast.net
5 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IS IPV6 TAKING OFF?
A number of very large ISPs and very large content providers are
deploying IPv6 and various transition technologies now.
Still early in the adoption curve.
However, momentum is building.
Can’t be ignored.
IPv6 does not solve the immediate problem of IPv4 address exhaust.
Most sites are still accessible only through IPv4
Maintaining IPv4 service after IPv4 exhaustion is #1 priority for most
players.
This implies some form or another of IPv4 address sharing: NAT
Many transition technologies to choose from Impact on routing and
network architecture
6 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IS IPV6 TAKING OFF?
On June 8, 2011, the “World IPv6 Day,” participants will
enable IPv6 on their main services for 24 hours
Facebook, Google and Yahoo, websites with more than one
billion combined visits each day, are joining major content
delivery networks Akamai and Limelight Networks, and the
Internet Society, for the first global-scale trial of the new Internet
Protocol, IPv6.
Juniper Networks will participate in "World IPv6 Day“, furthering
its long-standing commitment to ensure its customers continue
to be fully prepared for a transparent transition to the new IPv6
protocol to meet their respective market needs.
http://ipv6.juniper.net reachable over IPv6 since Jan. 8th
Commitment to participate to the IPv6 world day on June 8th
with http://www.juniper.net
7 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
INDUSTRY IPV6 SCORE CARD
Function Element Status
Network
Core Router: T
Edge Routers: MX, 6PE
Servers
Linux 2.6+
Datacenter equipments, CDN
End-user clients
Windows 7
(Many XP boxes out there)
MacOS 10.x
Game consoles Wii, PS3, Xbox
Software
Web Browser: Firefox, IE, Safari
Skype
On-line PC games
SSL VPN
Content Web content available over IPv6
CE CPEs
Number
1 & 2
issues
8 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
SURVIVING TECHNIQUE
9 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
WHAT ARE MY OPTIONS?
Tunnels
IPv4
Initially tunnel IPv6 over IPv4.
Later tunnel IPv4 over IPv6
Ideal when Core is not v6 ready
Requires v6-capable CPEs
Technologies:
6to4
6rd
IPv6 IPv6
IPv4 IPv6 IPv4
Dual-Stack
IPv6/IPv4 co-existence on one
device
Best-suited for the Core
Can be the ideal inflection
point in the network
DS-ready Core gives you
flexibility of options in the edge
Technologies:
Dual-stack routing
protocols (Core)
6PE (Core)
6VPE (Core)
Dual-stack capable
CPEs (Access)
PHY/Data Link
IPv4 IPv6
TCP/UDPv4 TCP/UDPv6
Translators
IPv4 IPv6
IPv6 <-> IPv4 translation
Solves the problem at the edge
Expected to co-exist with Dual-
stack for some time
Technologies
NAT444
DS Lite
DS Lite + A+ P
NAT64
10 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
SERVICE PROVIDER INFRASTRUCTURE
Residential Edge
BNG
ISPs
IPv6 IX
Mobile Edge
GGSN
CORE
Business Edge PE
11 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CORE: DUAL-STACK IT
Prepare the core as a dual-stack infrastructure
Interfaces Implement IPv6 on the Core interfaces
Routing protocols ISIS
– draft-ietf-isis-ipv6-02.txt, Routing IPv6 with IS-IS
– 2 new TLVs are defined:
- IPv6 Reachability (TLV type 236)
- IPv6 Interface Address (TLV type 232)
– IPv6 NLPID = 142
OSPFv3 – Unlike IS-IS, entirely new version required
– RFC 2740
– Fundamental OSPF mechanisms and algorithms unchanged
– Packet and LSA formats are different
12 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CORE: DUAL-STACK IT
Routing protocols
BGP
– MBGP defined in RFC 2283
– Two BGP attributes defined:
- Multiprotocol Reachable NLRI advertises arbitrary Network Layer Routing
Information
- Multiprotocol Unreachable NLRI withdraws arbitrary Network Layer
Routing Information
- Address Family Identfier (AFI) specifies what NLRI is being carried (IPv6,
IP Multicast, L2VPN, L3VPN, IPX...)
- Use of MBGP extensions for IPv6 defined in RFC 2545 • IPv6 AFI = 2
- BGP TCP session can be over IPv4 or IPv6
- Advertised Next-Hop address must be global or site-local IPv6 address
13 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CORE: 6PE
6PE: IPv6 islands over MPLS IPv4 core
CORE
6PE
6PE 6PE
6PE
v6
v4
v6
v4
v6
v4
P
P P
P
MPLS/IPv4
Dual-stack PEs
14 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CORE: 6VPE
6VPE: IPv6 VPNs over MPLS IPv4 core
CORE
6VPE
6VPE 6VPE
6VPE
v6/v4
v6
v6/v4
v6
v6/v4
v6
P
P P
P
MPLS/IPv4
Dual-stack PEs
VPN-1
VPN-2
VPN-1
VPN-2
VPN-1
VPN-2
15 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPV6 CORE TRANSPORT
Internet
IPv4
Internet
IPv6
IP/MPLS
BGP
Internet
IPv4
Internet
IPv6
Internet
IPv4
Internet
IPv6
IP/MPLS
BGP
Internet
IPv4
Internet
IPv6
Internet
IPv4
Internet
IPv6
IP/MPLS
DUAL
STACK
6PE
IP/MPLS
BGP
VPN
IPv4
VPN
IPv6
IP/MPLS
BGP
VPN
IPv4
VPN
IPv6
IP/MPLS
6VPE
16 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPV6 TRANSITION
17 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
TRANSITION QUADRANT IN 2009-2010
Deployed
Momentum
6rd
A+P
NAT444
NAT64
DS-Lite
Ipv4 A
nti-D
eple
tion
IPv6 to IPv4 NAT
6to4
6PE,6VPE, Dual stack
NAT-PT
PCP
Juniper Participation
(co-author or Head of WG)
18 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Dual Stack
IPv4 IPv4
IPV4/
IPv6 IPV4/
IPv6
IPv4
IPv6
Customer Access/Aggregation
IPv4/
IPv6 IPv6
IPv4 IPv4
Core Global Public Network
19 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPv4
NAT44
IPv4 IPv4
IPv6 IPv6
IPv4
IPv6
IPv6 IPv6
IPv4 IPv4
CPE
NAT44
Private IPv4 Addressing Public IPv4 Addresing
IPv4 IPv4 IPv4 IPv4
Customer Access/Aggregation Core Global Public Network
20 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPv4
NAT444
IPv4 IPv4
IPv6 IPv6
IPv4
IPv6
IPv6 IPv6
IPv4 IPv4
CPE
NAT44
Private IPv4 Addressing2 Public IPv4 Addresing
CGN
NAT444
IPv4 IPv4 IPv4 IPv4
Customer Access/Aggregation Core Global Public Network
Private IPv4 Addressing1
21 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
NAT444
RFC1918 private address ISP shared address Global IPv4 address
draft-shirasaki-nat444-isp-shared-addr-00.txt
CPE CGN/LSN(*1)
(*1) In draft-nishitani-cgn-01, CGN (Carrier-Grade NAT) was renamed to LSN (Large Scale NAT)
Src 192.168.0.1 port 10000
Dst 128.0.0.1 port 80
v4
Src ii.ii.ii.ii (*2) port 11000
Dst 128.0.0.1 port 80
(*2) ISP shared address (draft-shirasaki-isp-shared-addr)
Src 210.3.100.1 port 12000
Dst 128.0.0.1 port 80
v4 v4
NAPT NAPT
Address Sharing Technologies
22 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPv6
DS-LITE
IPv4 IPv4
IPv6 IPv6
IPv4
IPv6
IPv6 IPv6
IPv4 IPv4
CPE
DS-LITE DS-LITE
+ CGN
IPv6 IPv4 IPv6/IPv4 IPv4
Customer Access/Aggregation Core Global Public Network
IPv6
Tunnel
23 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Address Sharing Technologies S-lite DS-LITE
rfc1918 private address
IPv4 in IPv6 Tunnel Global IPv4 address
CPE CGN/LSN(*1)
Src 192.168.0.1 port 10000
Dst 128.0.0.1 port 80
v4
Src 129.0.0.1 port 12000
Dst 128.0.0.1 port 80
v4 v4
DS-lite router Tunnel Termination
NAPT
Src 192.168.0.1 port 10000
Dst 128.0.0.1 port 80
(*1) In draft-nishitani-cgn-01, CGN (Carrier-Grade NAT) was renamed to LSN (Large Scale NAT)
Src 2001:0:0:2::1
Dst 2001:0:0:1::1
v6
24 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPv6
TOPOLOGY – NAT64
IPv4 IPv4
IPv6 IPv6
IPv4
IPv6
IPv6 IPv6
IPv4 IPv4
DNS64
NAT64
CGN
IPv6 IPv6 IPv6/IPv4 IPv4
Customer Access/Aggregation Core Global Public Network
25 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
NAT64
DNS64
NAT64 www.yahoo.net
1. Look up Server
IPv6 Address
www.yahoo.net
209.131.36.158
2. Return IPv6 server address
Prefix64::209.131.36.158
3. Send traffic to to the server
(SA:H1v6, DA:Prefix64::209.131.36.158) H1v6
5. Destination Address
translated to IPv6 by removing
the well-known prefix64
(SA:H1v4, DA:209.131.36.158)
4. IPv4 NAT pool and Prefix64::/96 configured
Protocol Translation
DNS
H1v4
26 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPv4
6RD
IPv4 IPv4
IPv6 IPv6
IPv4
IPv6
IPv6 IPv6
IPv4 IPv4
CPE
6rd
IPv4 IPv6 IPv4/IPv6 IPv6
Customer Access/Aggregation Core Global Public Network
6rd
27 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPv6 IPv6 in IPv4 Tunnel IPv6
6rd CE 6rd Gateway
Src 2001:db8:6464:0100::1
Dst 2001:db8::yyyy.yyyy
6rd
v6 v4
Src 10.100.100.1
Dst 192.88.99.1
draft-despres-6rd-03.txt draft-townsley-ipv6-6rd-01.txt
v6 v6
Src 2001:db8:6464:0100::1
Dst 2001:db8::yyyy.yyyy
Src 2001:db8:6464:0100::1
Dst 2001:db8::yyyy.yyyy
Tunneling
28 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPv6 TRANSITION MECHANISMS – SUMMARY
IPv6 IPv4 IPv6/IPv4 IPv4
IPv6 IPv6 IPv6/IPv4 IPv4
IPv6 IPv6 IPv6 IPv6
IPv4 IPv6 IPv4/IPv6 IPv6
IPv4 IPv4 IPv4 IPv4
IPv4
IPv6
Customer Access/Aggregation Core Global Public Network
CGN
NAT444
6rd
NAT64
CGN
DS-LITE
CGN
IPv6
Routing
IPv6 in IPv4 Tunnel
IPv4 in IPv6 Tunnel
29 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
EXAMPLES OF DIFFERENT REALITIES WITHIN SERVICE PROVIDERS
30 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CASE STUDY 1: INCUMBENT
Incumbent ISP in a mature market
Business has been growing a lot in the last couple years, but
growth has slowed down
Saturated market
As a consequence:
ISP does not see the urge to move to IPv6 right now.
Wait until technology mature
Synchronize IPv6 deployment with roll-out of next gen service
ISP can reclaim address internally
Redesigning networks to get more address efficiency
More aggressively NATing wireless subscribers
31 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CASE STUDY 2: OLD/NEW ACCESS TECHNOLOGY
ISP offer two access technologies, a legacy one and a new one
Growth & ARPU is happening in the new technology, not the older
Deploying IPv6 in legacy environment might be costly
Issue: cost of replacing CPEs to support IPv6
With 6rd offered as an optional service, a service provider can
offload the cost of replacing CPEs in the old technology to the
end-users who want to be early adopters of IPv6
Strategy: - Legacy World: Carrier Grade NAT (CGN) & 6rd
- New World: Public IPv4 & native IPv6(Dual Stack)
32 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CASE STUDY 3: NEW CUSTOMERS, NEW NETWORKS
An ISP with an exhausted IPv4 address pool
ISP makes a clear distinction between current, existing customers and post-exhaustion customers.
Enabling customers to run their applications expecting incoming connections (Eg: Set-Top box control, P2P):
PCP (Port Control Protocol) to open-up pin-holes on CGN
ISP offers new IPv6 CPEs to new customers.
Build new IPv6-based networks for new customers.
IPv4 is a service overlayed on top of IPv6 with
DS-Lite (with or without a Carrier-Grade NAT)
33 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CASE STUDY 4: MOBILE
The key issue is license cost :
Going IPv6-only + NAT64 works ONLY if all applications are converted
to IPv6 and there is no connectivity to external devices such as PCs.
Dual-Stack
(NAT44)
IPv6-only
(NAT64)
License cost 2G & 3G/3GPPr8 (using separate PDP contexts for IPv4 & IPv6)
Two licenses:
1 for IPv4 PDP
+ 1 for IPv6 PDP
1 for IPv6
PDP
License cost LTE and 3G/3GPPr9 (using a combined PDP context for IPv4&IPv6)
1 for IPv4/IPv6
PDP/bearer
1 for IPv6
PDP/bearer
Preferred
Dual-Stack remains the preferred/simplest general solution.
34 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CASE STUDY 5: BUSINESS ISP
ISP has a corporate mandate to prepare for IPv6
Issue: ISP will have to support legacy IPv4 devices/apps
operated by their customers as well.
Reduce drastically (to just a few?) the number of
IPv4 addresses allocated to business customers.
NAT is performed by the business CPEs.
35 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CASE STUDY 6: INTERNATIONAL ISP
ISP is incumbent is a region/country and want to expand
internationally. Need to offer IPv6 quickly.
ISP will have to migrate to native IPv6 at some point in the
future.
6PE is a good way to jumpstart IPv6 global presence
36 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
OBSERVATIONS ABOUT TRANSITION TECHNIQUES
They all require the exact same amount of IPv4 addresses to be shared in a NAT pool.
The difference is how packets are transported to the NAT
Sharing addresses among customers introduces issues:
Abuse/Logging/Geo-location/Access control
All transition techniques (NAT444, 6RD, NAT64, DS-Lite)
revolve around the notion of sharing IPv4 addresses via
some form of NAT.
37 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
TRANSITION FOR MOBILE SERVICE
38 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
WIRELESS ARCHITECTURE 1: IPV6-ONLY
IPv4
ISP network
IPv6-only PDP
context
IPv6-only handset with IPv6 certified apps.
Traffic to IPv4 Internet goes through NAT64.
NAT64 GGSN
IPv6 DNS64
39 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
WIRELESS ARCHITECTURE 2: DUAL-STACK
IPv4
ISP network
Dual-Stack
PDP context
Dual-Stack handset with IPv4 or dual-stack apps.
IPv4 traffic to IPv4 Internet goes through NAT44.
IPv6 traffic goes straight to IPv6 Internet (or walled-garden service)
GGSN
IPv6
3GPPr8 and 3GPPr9 introduce dual-stack PDP contexts.
NAT44
40 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPV6 ONLY (NAT64) VS DUAL-STACK (NAT44 + IPV6) ON WIRELESS NETWORKS
Dual-Stack
(NAT44)
IPv6-only
(NAT64)
IPv4 app on UE Yes No
IPv4 app on laptop
(tethering or wireless dongle)
Yes No
Off-load to Wi-Fi Yes No
Handset-local Wi-Fi hot-spot Yes No
Roaming in IPv4-only 3G network Yes Variable
License cost 2G & 3G/3GPPr8
(using separate PDP contexts
for IPv4 & IPv6)
Two licenses:
1 for IPv4 PDP
+ 1 for IPv6 PDP
1 for IPv6
PDP
License cost LTE and 3G/3GPPr9
(using a combined PDP context
for IPv4&IPv6)
1 for IPv4/IPv6
PDP
1 for IPv6
PDP
41 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
JUNIPER’S OFFERING
42 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
FAMILY MIGRATION SOLUTION PORTFOLIO
M7i
M10i
M320
M120
MX480 MX240
MX960
T1600 T640
MS-PIC
MS-PIC
MS-DPC SRX5600,
SRX5000 Line
SRX Series,
SRX5800
SRX3600,
SRX3000 Line
SRX3400
Junos SDK
NAT44 DS-Lite 6rd … NAT64
STRM2500,
STRM5000
STRM5000 NEBS
STRM500 C2000, C Series
C4000
Steel-Belted Radius
Appliance
Packet based Router Security Appliance
log Server Policy
Management
43 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IP FAMILY TRANSITION SERVICES ON MS-PIC/MS-DPC
IPv6 Features
IPv6 NAT and IPv6 Stateful Firewall
NAT-PT Supported (ICMP ALG)
NAT-PT DNS ALG (10.4)
NAT66 supported
NAT64 (10.4)
NAT44
Support CGN requirement
(draft-ietf-behave-lsn-requirements-00)
IPv6 Softwire
DS-Lite (10.4)
4over6 (10.4)
6rd/6to4 (11.1)
6 MS-DPC supported by Single
MX Chassis
8 MS-DPC per Chassis(12.3 or
12.4)
44 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Summary
top related