Being part of the future - 123seminarsonly.com ÆVPN access, IPTV, VoIP ... Broadband-Forum work on IPv6 ... Many open issues:

Budapest, 01.12.2009, page 1

IPv6 trial service of Magyar Telekom

Being part of the future …

Dr. Varga Balázs Magyar Telekom PKIIP Development Branch v6

Sisko-Expo: Tech-line: IPv6 at Magyar Telekom …Dr. Balázs VARGABudapest, 01.12.2009, page 2

Starting pointSome history

IETF in 1992 to develop a new version with a larger address space and a feature set that benefited from the many years of experience with IPv4. Ultimately, IPv6 basics were standardized in 1998.There are many wrong perceptions on IPv6

It will not solve all of our networking problemsIt will not displace IPv4, they will coexist for many-many years...

BUT: It will help us to being in business when IPv4 addresses are exhausted

The European Commission has previously announced, as a part of their i2010 initiative, an action plan to see IPv6 widely deployed in Europe by 2010. (news)

IPv4 is running out of address space by 2010-2011 with a symbolic date between 10/10/10 and 11/11/11


Preparing a business case for IPv6Not an easy issue …

Challenges:Customers are interested in service not technology

IPv6 is just a technologyIPv6 is an enabler for further ”BB home related/specific”services/applications

Missing IPv6-only applications, limited IPv6 support for existing applications

We have to find out how to sell water …


Selling waterNot a brand new task …

Similar technical examples in history:Wireline

Modem (33.6k) xDSL (384k)Internet-only VPN access, IPTV, VoIP

WirelessTechnology change: 2G (GPRS 40k) 3G (384k)Real success: after HSxPA

IPv4 IPv6Differs from aboves

No new networkNo IPv6 license fee

Just a new „network” protocolExisting services

Email WWW phone …SMTP HTTP RTP …

TCP UDP …

IP

Ethernet, PPP, …CSMA async sonet …Copper fiber radio …

Email WWW phone …SMTP HTTP RTP …

TCP UDP …

IPv4/IPv6

Ethernet, PPP, …CSMA async sonet …Copper fiber radio …


Ground for IPv6 take-offMany activities on expert level

Broadband-Forum work on IPv6MT Repr.: Dr. Varga, Balázs, co-editor of WT-177Architecture & Transport

WT-177 (IPv6 for TR-101), WT-187 (IPv6 for PPP), WT-146 (IP sessions (IPv4/IPv6))

Broadband HomeWT-192 (Son of TR-124 (RG))

Clearly understand use cases that SPs want to solve for mainstream IPv6 networksMany open issues:

1:1, N:1 VLAN scenarioEncapsulation: PPPoE, IPoE, SoftWireIPv6 addressing (SLAAC, DHCPv6, DHCPv6-PD)RG working mode: routed, bridged, mixedUsing Global addresses vs. ULA inside homeAddresses for embedded services (VoIP, Remote management)DNS inside home network…


Home Networking (IPv4 vs. IPv6)NAT/NAPT makes a big difference

IPv4 WAN interface: Public IPv4 address (dynamic)LAN interface(s): Private IPv4 address (dynamic)RG transport: Routing + Network Address Translation (NAT/NAPT)

IPv6WAN interface: Public IPv6 address (quasi-fix/dynamic, /64 prefix)LAN interface(s): Public IPv6 address (quasi-fix, delegated /56 prefix)RG transport: Routing only (No NAT/NAPT!!!)

PC

PC

IPv4IPv6

Public IPv4Private IPv4

Public IPv6N

AT/

NA

PT

84.2.34.56192.168.1.254

192.168.1.64

2001:4c48:100:162::22001:4c48:110:1::66192.168.1.65 2001:4c48:110:1::1

2001:4c48:110::/56 2001:4c48:100:162::/64

192.168.1.0/24 84.2.34.56/32

RG


Introduction of IPv6 extension for HSI service2 Phase Approach

Phase A – IPv6 Connected Devices Trial phaseIPv6 reachability behind an IPv4 RGBasic IPv6 connectivity to very limited endpoints / home

Separated PPPoE session initiatedfrom the PC for the IPv6 connectionIPoE based connection to the PC for the IPv4 connection

All the IPv6 traffic is tunneled to a centralized IPv6 BNG

Phase B – IPv6 Connected Homes Commercial phaseIPv6 through an IPv4 / IPv6 capable dual-stack RGIPv6 connectivity

Single PPPoE session initiated from the RGIPoE based connection to the PC(s) for both protocols

All the ISP aggregation and network devices are dual-stack

Smooth transition / Phase A and Phase B solutions can coexist.


Phase A – IPv6 connected devices Trial targets, prerequisites

Targeted networking solutionAs close as possible to Phase B (IPv6 connected homes) solution Scalable architecture

It should allow IPv6 connectivity for current customer baseExpected traffic volume is limited

Providing ‘quasi-fixed IPv6 addressing’Customers will receive same IPv6 prefix when connecting, but the ISP is allowed to change that assignment if needed for any reason (e.g. network reconstruction)

Fulfilling LI requirementsEasy to try IPv6 connectivity for customers

Network elements affected by IPv6BNGs (LNS)

IPv6 LNS supportedLimited feature set

Peering pointsNetwork control

Radius, DHCP, DNS, NTPContent servers

PPPoE: IPv6

IPv4

PC

RG

DSLAMAggr-Switch IPv6 LNS

BNG

DHCPv6

AAA1

AAA2

PPPoE: IPv4

IPv4/v6

O&M

DNS

HostingInternational BIX

WEB/ServerPeering

Content

Control ex-T-Online

Control ex-T-Com

Home network


Phase A – IPv6 connected devices PPPoE building blocks’ characteristics

Way-of-workingPPPoE from PC with new suffix (same USR/PWD e.g. [email protected])RG – PPPoE pass-through

IPv4 connectivity via PPPoE started from RG ([email protected])IPv6 connectivity via PPPoE started behind RG ([email protected])

AN – PPPoE Intermediate Agent (Line ID info insertion)BNG LAC – L2TP tunneling based on suffixBNG LNS – Dual-stack BNG provides IPv6 connectivityPrefix allocation

/64 for individual devices (PCs) – from AAA IPv6 pool/56 for devices asking for PD (L3-boxes) – from DHCPv6 server based on DUID

ChallengesIncreased number of PPPoE sessions (even if most L2TP forwarded)/64 prefix allocation

IPv6 pool handling required in AAA/56 prefix allocation

DUID registration requiredPPPv6 client on Windows XP


Phase A – IPv6 connected devices High Level view of trial scenario

IPv4

IPv6

PC

RG DSLAM Agr-Switch

IPv6 LNS

BNG

PPPoE: IPv6

PPPoE: IPv4IPoE: IPv4

Radius

DHCPv6

Database

IPv6 LAC

Main building blocksSeparate PPPoE sessions (IPv4-only, IPv6-only)RG – PPPoE pass-throughBNG LNS – Dual-stack BNG provides IPv6 connectivityPrefix allocation

/64 – from AAA IPv6 pool/56 – from DHCPv6 server (DUID)


RG + OS related conclusionsBased on testing results

Tested RGs:PPPoE pass-through configurable

Pirelli DRG A225GThomson SpeedTouch 780Other (e.g. Netgear DG834, Linksys WRT54G, etc. )

Tested Operating Systems:Windows XP Failed (no PPPv6 support)Windows 7 Passed with comments (DNS request problem)Windows Vista Passed with comments (DNS request problem)Ubuntu Linux Passed (tuning of PPP options required)FreeBSD Passed (tuning of PPP options required)

More info:http://www.telekom.hu/ipv6

Problematic topics

http://www.internecine.eu/systems/index.html


IPv6 Home Network during Phase AUsage of „IPv6 Gateway”

Providing IPv6 connectivity for all Home Network device via IPv4-only RGIPv6 PPPoE session initiator PC

Acting as IPv6 Gateway for home networkProvides IPv6 addresses using SLAACSingle Ethernet interface required Different Ethertype, PPPoE (0x8863, 0x8864), IPv6oE (0x86DD)

Challenge IPv6 based DNS communication from Home Network

PC

IPv6 GW

IPv4IPv6

Delegated Prefix

84.2.34.56

192.168.1.65

2001:4c48:100:162::22001:4c48:110:1::feed192.168.1.64

2001:4c48:110::/56

2001:4c48:100:162::/64

RG

PC192.168.1.66

2001:4c48:110:1::/64

2001:4c48:110:1::c0fe 2001:4c48:110:1::b0c1

PPPoE: IPv6

PPPoE: IPv4

IPoE: IPv6


BNG LNS – IPv6 address assignment (PPPoE)Prefix control options (/64)

AAA server (Radius)Prefixes are defined in RADIUS database (pool)Advantage:

Centralized prefix management and logging/trackingMost IDs available for prefix selection (usr/pwd, Session ID, BNG (sub)interface)

Challenge:Network changes have to be in line (Network and AAA system info)Not an issue for the trial as dedicated LNSsSupporting address allocation from IPv6 pool in AAA

Creating Routing Table entries in BNG for the assigned prefixes:/64: connected route when prefix allocated for PPPoE session

Solution characteristic:/64 prefix is allocated from pool in AAA (quasi-fix address)


BNG LNS – IPv6 address assignment (PPPoE)Prefix control options (/56)

External DHCPv6 serverPrefixes are defined in DHCPv6 server databaseUsing external DHCPv6 server: BNG = DHCPv6 relay agentAdvantage:

Centralized prefix management in DHCPv6 server (based on DUID)Challenge:

Non-flexibility of DUID usage (DUID = device and not customer specific)DUID registration used during the trial

Creating Routing Table entries in BNG for assigned prefixes:/56: Route can be added by relay agent based on ‘RELAY-REPLY’ message information

Solution characteristic:/56 prefix is quasi-fix


IPv6 address assignment (PPPoE)Trial solution e2e

PPPoE: IPv6

Relay-Reply: /56 prefix

Relay-forward (Solicit): incl. Clien-ID=DUID

IPv4

IPv6

PC

RG DSLAM Aggr-Switch

IPv6 LNS

BNG

AAA1

DHCPv6

AAA1 pool

1 2

5

6

9

7SLAAC8 DHCPv6-PD (Solicit)

PPPoE+Line-ID

10

14

11 DHCPv6-PD advertise

Usr_n: /64 prefix1/64 prefix2

Usr_m /64 prefix3…

Database2DUID1: /56 prefixDUID2: /56 prefix…

/64 connected route

/56 static route

AAA24

3

12 DHCPv6-PD request

13 DHCPv6-PD reply

3+

3++StandardsRFC5072: IPv6 over PPPRFC4862: SLAACRFC3315: DHCPv6RFC3633: DHCPv6-PD


IPv6 address assignment (PPPoE)Trial solution e2e

Basics:BNG/LNS is receiving the /64 prefix from AAA via Radius and sending it via IPCPv6 ND/RA.BNG/LNS is acting as a DHCPv6 Relay in case of DHCPv6 messages and when allocating /56 prefixes.

1. PPPoE link establishment, AN inserts Circuit-ID/Line-ID2. LAC establishes the L2TP tunnel to the LNS / BNG based on the received parameters from the Radius

Server 3. LNS / BNG sends Radius Request (Information: UN/PWD)4. Radius Accept (Information: /64 Framed-IPv6-Prefix)5. BNG sends Radius Accounting (Information: UN)6. /64 prefix info is provided to CPE via ICMPv6 ND/RA7. Routing table entry is generated for /64 prefix as a connected route8. CPE / DHCPv6 Client issues a DHCPv6 SOLICIT (IA_PD) for /56 prefix delegation9. BNG DHCPv6 Relay Agent uses DUID as CLIENTID in RELAY-FORWARD to external DHCPv6 Server10. External DHCPv6 Server sends RELAY-REPLY (IA_PD /56 prefix) based on DUID11. BNG / DHCPv6 Relay Agent sends ADVERTISE (IA_PD /56 prefix)12. CPE / DHCPv6 Client sends REQUEST (IA_PD /56 prefix)13. BNG / DHCPv6 Relay Agent sends REPLAY (IA_PD /56 prefix)14. Routing table entry is generated for /56 prefix as a static route via the connected /64 link

Note:IPv4 related and LAC initiated AAA/RADIUS communications are not included.IPv6 DNS Server information can be sent using DHCPv6 in stateless mode.The prefix assignment process terminates in Step 6 & 7 if no DHCPv6 Prefix Delegation occursDHCPv6 ADVERTISE / REQUEST messages can be excluded by using DHCPv6 Rapid Commit option.

/64 prefix/56 prefix


IPv6 connectivity for business customersPermanent connectivity

Customers have permanent connection(s) (e.g. LL, Ethernet, etc.)IPv6 over IPv4 Tunneling used to provide connectivityCE device provides dual-stackNo magic …


DNS solutions for trialServers and configuration infos for customers

DNS servers (A, AAAA, PTR records)Dual-stack (available via IPv4 & IPv6)

Authoritative serversCaching/Recursive servers

Providing DNS server information for customersCustomers with dynamic connections (BB customers):

Stateless DHCPv6 (rfc3736)IPv4 fall-back (DNS over IPv4, e.g. XP users)

Customers with permanent connections: Stateless DHCPv6 (rfc3736)Manual configuration

$ host cns0.telekom.hucns0.telekom.hu has address 84.2.44.1cns0.telekom.hu has IPv6 address 2001:4c48:1::1$ host cns1.telekom.hucns1.telekom.hu has address 84.2.46.1cns1.telekom.hu has IPv6 address 2001:4c48:2::1

$ host cns0.telekom.hucns0.telekom.hu has address 84.2.44.1cns0.telekom.hu has IPv6 address 2001:4c48:1::1$ host cns1.telekom.hucns1.telekom.hu has address 84.2.46.1cns1.telekom.hu has IPv6 address 2001:4c48:2::1

$ host -t any ans2.telekom.huans2.telekom.hu has address 193.225.4.82ans2.telekom.hu has IPv6 address 2001:738:0:100::$ host -t any ans0.telekom.huans0.telekom.hu has address 195.228.240.85ans0.telekom.hu has IPv6 address 2001:4c48:1:1::10

$ host -t any ans2.telekom.huans2.telekom.hu has address 193.225.4.82ans2.telekom.hu has IPv6 address 2001:738:0:100::$ host -t any ans0.telekom.huans0.telekom.hu has address 195.228.240.85ans0.telekom.hu has IPv6 address 2001:4c48:1:1::10

$ host ipv6.freemail.huipv6.freemail.hu has IPv6 address 2001:4c48:2:f::100$ host ipv6.iwiw.huipv6.iwiw.hu has IPv6 address 2001:4c48:2:a::1


$ host web.t-online.huweb.t-online.hu has address 195.228.240.46web.t-online.hu has IPv6 address 2001:4c48:1:1::13



IPv6 trial end-to-end architectureOverview at-a-glance

Development points in the network:Home network:

PC + RGNetwork:

IPv6 LNS + PEsControl systems

RadiusO&MDHCPv6DNS

ContentDataCenterContent Hosting/MT content

Peering InternationalGoogleBIX

PPPoE: IPv6

IPv4

PC

RG

DSLAMAggr-Switch IPv6 LNS

BNG

DHCPv6

AAA1

AAA2

PPPoE: IPv4

IPv4/v6

O&M

DNS

HostingInternational BIX

WEB/Server

XY Dual-stack

ZW IPv4-onlywith add-on

Peering

Content

Control ex-T-Online

Control ex-T-Com

Home network


Let’s try it …http://www.telekom.hu/ipv6


IPv6 Support and ServicesCustomer Activities and Benefits

Magyar Telekom related activitiesRegistration for IPv6 access and servicesRegistration for DHCPv6 prefix and services (DUID)*

Required home activitiesRead the users guide(http://www.telekom.hu/ipv6/probaidoszak/hasznalati_tudnivalok_es_feltetelek)Enabling PPPoE pass-through on RGEnabling IPv6 protocol stack on home network endpointsConfiguring a second PPPoE dialer using the proper credentials (Windoze7, Windoze Vista, Linux / FreeBSD)Enabling IPv6 protocol stack on home network endpoints if IPv6 gateway configured(e.g. Windoze XP, MAC, Linux, etc.) *

Customer benefitsAvailability of using global unicast addresses (GUA) in the LAN ensuring global IPv6 reachability for all connected, practically unlimited number of home devices.IPv6 option can be advantageous for the users in addressing the home or the corporate LAN, or for business customers when operating numerous devices (e.g. meters or probes) what must be directly reachable via the internet.* This step is optional.


IPv6 Support and ServicesAll-you-can-eat …

All around IPv6Home networking: including IPv6 gatewayAccess: ADSL, GPONNetwork services: DNS, NTP Peering connectivity: international, nationalContent: Freemail, iWiW, Web-storage, … , Google





$ host ntp.telekom.huntp.telekom.hu has address 84.2.40.31ntp.telekom.hu has address 84.2.42.31ntp.telekom.hu has IPv6 address 2001:4c48:1::123 ntp.telekom.hu has IPv6 address 2001:4c48:2::123

$ host ntp.telekom.huntp.telekom.hu has address 84.2.40.31ntp.telekom.hu has address 84.2.42.31ntp.telekom.hu has IPv6 address 2001:4c48:1::123 ntp.telekom.hu has IPv6 address 2001:4c48:2::123


IPv6 Support and ServicesGoogle over IPv6

Google services available currentlyGoogle search (image, blog and code search)AlertsDocsFinanceGmailHealthiGoogleNewsReaderPicasaMaps

IPv6 peering with Google is prerequisite.

How it began:March 2008: Google search over IPv6 on IPv6-only websites like ipv6.google.com(IPv6 connection required). No other service avialable.

Google over IPv6: seamless access to most Google services over IPv6 simply by usingsame websites

Sources: go6 and Google

IPv6 Google Search Add-on forFirefox is another examplewhere IPv6 connectivity is prerequisite.


Phase B – IPv6 connected homes High Level view

Main building blocksSingle PPPoE sessions (IPv4+IPv6)RG – IPv6 capableBNG – Dual-stack BNG provides IPv6 connectivityPrefix allocation

/64 – from AAA/56 – from AAA

IPv4/IPv6PC

RG DSLAM Agr-Switch BNG

IPoE: IPv6

PPPoE: IPv4/IPv6IPoE: IPv4

Radius

DHCPv6

Database


Identified missing IPv6 functionsFurther development is needed

Limitations according to RGIPv6 capable device

List of available devices:

Limitations according to BNG LNS features:Prefix assignment based on Line-ID not available

Missing: Line-ID propagation via L2TPMissing: Propagated Line-ID insertion in Radius communicationMissing: Propagated Line-ID insertion in DHCPv6 Relay-forwardMissing: Support for rfc4818 RADIUS Delegated-IPv6-Prefix Attribute

IPv6 AccountingMissing: PIO from Accounting (both /64 and /56)


Being IPv6 ready: A long-long way to go …NAT, Carrier-grade NAT, IPv6

An upgrade of IPv4, not only known as IPv6There are migration steps: NAT, Carrier-grade NATMain drivers for IPv6: IPv4 exhaustion, EU directivesOne of the main challenges for operators is how to migrate to IPv6 without impacting existing IPv4-based services and applications.

Possible servicesBusiness customers

Internet connectionVPNv6 service

Residential customersIPv6 based applicationsVideo-PhoneVideo (TV and VoD)Security


Instead of summaryTowards IPv6

IPv6 is coming …

IPv4 Run-Out happen soonLong-term solution and end-game is IPv6Customer Transition Strategies may differ

some may wish to prolong IPv4 usage for as long as possibleothers may take more aggressive approach and deploy IPv6 sooner (IPv4/IPv6 Coexistence)

3G Americas Recommends IPv6 Transition Considerations ‘The time is now’ for planning and implementation throughout the wireless ecosystem February 25 2009, Bellevue, WA –

„The white paper recognizes that the transition to IPv6 is a significant effort and will carry expense for operators, but at this point in time, can no longer be delayed. Failure to transition to IPv6 in a timely manner will also cost operators money due to reasons such as the inability to scale services. IPv6 has several additional benefits and will likely enable new services that would otherwise be impossible in an IPv4-only world. ”


Hungarian IPv6 activitiesTechnical visibility

2007.02.2007.02.

2009.12.2009.12.

Being part of the future - 123seminarsonly.com ÆVPN access, IPTV, VoIP ... Broadband-Forum work on IPv6 ... Many open issues:

Documents