Huawei Confidential IPv6 IPv4 IPv4 IPv6 HG (B4) OLT DSLAM Terminal Access Metro Core Servers CR BRAS BRAS CR IPv6-only CGN (AFTR) CGN (AFTR) Dual-stack Routed HG DS-Lite+NAT NAT44 Private IPv4 Public IPv4 IPv6 4in6 Tunnel Metro network: The BRAS supports IPv6-only. An IPv6-only network is deployed between the BRAS and CGN. A dual-stack network is deployed between the CGNs and CRs. Access network: Network reconstruction is not required. Home area network: HGs that work in routed mode must be upgraded to support the DS-Lite. The DS-Lite solution has special requirements on HGs. Therefore, it is usually used for new users. The combined use of the dual-stack+NAT and DS-Lite solutions is recommended. The two solutions can be switched to each other as needed. At present, PPPoE access is used for the DS-Lite solution. An IPv6 network is deployed between the HG and CGN. DS+NAT+PPPoE: Metro network: BRASs and CRs must support dual-stack. The CGN can be inserted into a BRAS or be deployed in standalone mode. Access network: Network reconstruction is not required. Home area network: Bridged HGs do not require reconstruction or upgrade. Routed HGs must be upgraded to support IPv6. DS+NAT+IPoE: Metro network: BRASs and CRs must support dual-stack. The CGN can be deployed in distributed or centralized mode. Access network: The network must be reconstructed to support IPv6. Home area network: Routed or hybrid HGs must be upgraded to support IPv6. In this scenario, NAT, dual-stack, and dual- stack+NAT can be separately deployed. IPv6 IPv4 IPv4/IPv6 IPv4 IPv6 HG OLT LSW Terminal Access Metro Servers CR CGN BRAS IPv4/IPv6 DS+NAT+IPoE HG Routed Mode DS+NAT+IPoE HG Bridged Mode NAT44 NAT44 Private IPv4 IPv6 Private IPv4 NAT44 Public IPv4 Public IPv4 IPv6 Private IPv4 DS+NAT+PPPoE HG Routed Mode DS+NAT+PPPoE HG Bridged Mode NAT44 NAT44 Private IPv4 IPv6 NAT44 Public IPv4 Public IPv4 IPv6 PPPoE Private IPv4 PPPoE Private IPv4 BRAS CR CGN Core IP Core AFTR Address Family Transition Router B4 Base Bridging BroadBand element CGN Carrier Grade NAT DNS64 Domain Name System IPv6&IPv4 DS-Lite Dual-Stack Lite NAT Network Address Translation SPOP UPE AGG BRAS/SR Corporation OLT CGN CPE ACC-LSW MxU Core AAA Server DHCP Server U2000 BTV VoD IPTV HE U2520 Customer OAM/Service Access Aggregation Core NGN/IMS SoftX IGW Access device: Supports DHCPv6 option 18/37 Enables DHCPv6/ND snooping Trust Domain Untrust Domain Trust or Untrust Domain UPE/AGG/BRAS/SR: Enables DHCPv6/ND snooping Enables authentication for IPv6 IGP/BGP. Enables IPv6 URPF to defend against IP spoofing attacks. IGW: Filters invalid IPv6 routes advertised by EBGP neighbors. Discards invalid IPv6 traffic. CGN: Checks user validity. Restricts the tunnel and session quantities. STB/TV PC HG Phone OLT 1 BRAS 1 CR1 BRAS 2 HA VRRP CR2 OLT 2 NAT Address Pool 1 User Address Pool 1 Secondary Primary NAT Address Pool 1 NAT Address Pool 2 PE1 CGN 1 CGN 2 NAT Address Pool 1 User Address Pool 1 NAT Address Pool 2 User Address Pool 2 NAT Address Pool 2 User Address Pool 2 Primary Secondary NAT Address Pool 1 NAT Address Pool 2 Primary Secondary Secondary Primary HA VRRP PE2 Slot 1 Slot 2 NAT Address Pool CGN inter-board hot backup: Two CGN boards form a backup group to which a NAT instance is bound. Two CGN boards share the same NAT address pool. Two instances can be configured to dynamically balance traffic load. Distributed CGN inter-chassis hot backup: Two CGN boards on different BRASs form a backup group. A NAT instance is configured for every chassis, and the CGN boards back up each other. The user and NAT address pools back up each other. Centralized CGN inter-chassis hot backup: Two CGN boards in different CGN chassis form a backup group. A NAT instance is configured for every chassis, and the CGN boards back up each other. The NAT address pools of the two instances back up each other. SOHO/Small-sized Enterprise Government/Medium-sized Enterprise Large-sized Enterprise Dial-up Leased Line (PPPoE) Layer 3 Leased Line (IPoE) The BRAS allocates an IPv6 address with the IA_NA/IA_PD option. The static IPv6 address must be configured. Layer 2 Leased Line (IPoE) The IPv6 address with the IA_NA/IA_PD option must be manually configured or allocated by the BRAS. BRAS (Dual-stack) SR (Dual-stack) L2VPN IPv4 MPLS UPE (Dual- stack) UPE (Dual- stack) UPE (Dual- stack) UPE (Dual- stack) VLL/VPLS IPv6 L3VPN L3VPN BRAS (Dual-stack) E-Line/E-LAN E-Line/E-LAN CPE (Dual- stack) CPE CPE CPE CPE CPE (Dual- stack) CPE (Dual- stack) Internet Leased Line Solution VPN Leased Line Solution Network Deployment Service Provisioning Fault Locating Network Monitoring In-home service provisioning Service provisioning by the U2000 Service provisioning by the AAA server CPE status management and information query (ITMS and U2000) Optical path diagnosis and alarm monitoring on access networks (by the N2510 and U2000) Alarm monitoring and fault information collection on metro and IP core networks (by the U2000 and SmartKit) U2000/U2520 performance monitoring HG OLT BRAS CGN AAA Server DNS Server Portal Server Log Server Supports AAAA and A records. Supports AAAA and A record query over IPv4/IPv6. Provides a syslog interface for communicating with the CGN. Provides an interface for querying information from the background system. Supports IPv6-related attributes. Supports CGN-related attributes. Reconstructs the interfaces interconnecting the AAA server and the BRAS/log server/billing system/portal server/OSS. CR OSS BSS Supports IPv6 HG management. Supports IPv6 HG information exchange with the OSS. ITMS Supports IPv6 NE management. Supports the management of IPv6 resources and services. Supports the management of CGN resources and services. Reconstructs the interfaces interconnecting the OSS and the AAA server/BSS/ITMS. Enables the CRM and billing systems to support IPv6 addresses, private IPv4 addresses, and port ranges. Reconstructs the interfaces interconnecting the BSS and the AAA server/OSS/ITMS. Supports the extraction of IPv6 and private IPv4 addresses of users. Reconstructs the interfaces interconnecting the portal server and the AAA server. Dual-stack Key points for IPv6 evolution: What are the main IPv6 evolution techniques? Dual-stack: Dual-stack is enabled for all devices on the network. DS-Lite: IPv6 is deployed and DS-Lite tunnels are established between B4 and AFTR to carry IPv4 traffic. NAT : CGN gateways are deployed to allocate private IPv4 addresses, which helps to reduce public IPv4 address consumption. This technique usually works with the dual-stack technique. NAT64: This technique is used to deploy a gateway for translating the IPv6 addresses of an IPv6-only terminal to an IPv4 address. It is a supplement to the dual-stack technique. IPv6 Evolution Resolve the IPv4 address insufficiency issue Remain good user experience Ensure network security IGW (Dual-stack) CE (Dual-stack) MAN MAN IPv6 Internet CE (Dual-stack) P(IPv4) IPv4 MPLS Dual-stack must be enabled for all Layer 3 devices. Dual-stack routes between all Layer 3 devices must be reachable. Dual-stack must be enabled for the PE/CE/IGW. Intermediate nodes support IPv4-only. MPLS must be deployed at the core of the network. 6PE/6vPE tunnels must be established between PEs to deliver dual-stack routing information. CR (Dual-stack) MAN MAN IPv6 Internet PE(Dual-stack) CR (Dual-stack) PE(Dual-stack) PE(Dual-stack) IP Core Dual-stack IGW (Dual-stack) IPv4 Internet IPv4 Internet IPv6 User PE PE IPv4 Server IPv6 Server HG P OLT DSLAM Terminal Access Metro Core Servers CR DNS64 BRAS Dual-stack P IPv4 Server IPv6 Server IPv4 IPv6 IPv6 NAT64 IPv6 User Objectives: To allow IPv6 users to access IPv4 server over an IPv6 network. Usage scenario: At later stages of network evolution, IPv6-only users access the IPv4 servers in the Internet. NAT64 gateways and DNS64 servers must support dual-stack. NAT64 Access an IPv4 Server Access an IPv6 Server HG ONT ONT Access CX600-X1 CX600-X2 MA5600T Metro CX600-X3 CX600-X8 CX600-X16 Edge ME60-X3 ME60-X8 ME60-X16 VSUFs and SPs can be combined in different ways to provide a maximum of 40G, 80G, 120G, or 160G forwarding performance. CGN SP-160 (40G daughter board) SP-80 (40G daughter board) VSUF-160 (80G mother board) VSUF-80 (40G mother board) Backbone NE80E NE5000E Cluster Eudemon 1000E-X3&X5 Eudemon 8000E-X8 Eudemon 8000E-X16 Eudemon 8000E-X3 Firewall NE40E-X16 NE40E-X8 NE40E-X3 S9303 S9306 S9312 Win the competition 6PE/6vPE PE(Dual-stack) PE(Dual-stack) PE(Dual-stack) NAT Instance 2 NAT Instance 1 Primary Primary Secondary Secondary Note: The IPv6 security solution be deployed under original IPv4 security solution conditions. Dual-stack solution for the IDC : It is the mainstream solution for the IPv6 evolution of the IDC. The dual-stack reconstruction involves a large scope and a long period. NAT64 solution for the IDC: As a supplement to the IDC dual-stack reconstruction solution, this solution applies to a scenario where IPv6-only terminals access controllable services or simple applications. IDC reconstruction is not required and the deployment period is short. However, NAT64 gateways may not support some ALGs. Therefore, NAT64 gateways may become network bottlenecks. Users are unwilling to switch from IPv4 to IPv6 because IPv6 resources are insufficient. Therefore, dual-stack reconstruction of the IDC is very important in IPv6 evolution. NAT64 Solution (IPv6 Users Access the IPv4 Server) Dual-stack Solution (Dual-stack Users Access the Dual-stack Server) Service Area 1 Service Area N Security Service PoD ...... iStack iStack iStack ...... Service Area N Security Service PoD Access Layer Core Layer Egress Router Server Aggregation Layer Storage TOR EOR/MOR TOR CSS DNS64 Dual-stack IPv6 Dual-stack Solution NAT64 Dual-stack+Service Reconstruction Reconstruction is not required. Dual-stack+OSPFv3 Dual-stack+EBGP4+ DNS Dual-stack+AAAA Add DNS64. Enable dual-stack for the egress router. Add a NAT64 gateway and a log server. IDC reconstruction is not required. IPv4 NAT64 LogServer Dual-stack User IPv6 User IPv4 User IPv6-only Terminal Gi/SGi LTE SGSN GGSN/PDSN GERAN UTRAN Dual-stack Terminal Tunnels between the terminals and GGSN/SAE GW carry IPv4/IPv6 packets. NAT44 NAT64 Solution 1: Dual-stack+NAT44 Solution 2: IPv6-only+NAT64 IPv6 Traffic IPv4 Traffic IPv4 Traffic IPv6 Traffic Terminal IP RAN PS Core IP Core Service Solution 1: Dual-stack+NAT44 Terminals support dual-stack, IPv6 and/or private IPv4 address. The IP RAN is an IPv4 network. The PS core network must support dual-stack. The PS core system must support IPv6 management. IPv4 tunnels must be established to transparently transmit IPv4/IPv6 packets. The IP core network must support dual-stack. Peripheral systems must be upgraded to support IPv6 management. Gi/SGi interfaces must support dual-stack and route IPv4 packets to the NAT44 gateway for NATing. Solution 2: IPv6-only+NAT64 Terminals support IPv6 and be allocated with IPv6-only addresses. The IP RAN is an IPv4 network. The PS core network must support dual-stack. The PS core system must support IPv6 management. IPv4 tunnels must be established to transparently transmit IPv4/IPv6 packets. The IP core network must support dual-stack. NAT64 gateways and DNS64 servers must be deployed. Peripheral systems must be upgraded to support IPv6 management. Gi/SGi interfaces must support dual-stack and route IPv6 packets to the NAT64 gateway for translating IPv6 addresses into IPv4 addresses. SAE GW eNodeB BTS/NodeB BSC/RNC MME HSS/HLR PCRF BRAS Embedded with CGN and BRAS Traffic Forwarding CR AC AP AP AAA Server Aggregation Switch Portal Server Access Switch WLAN Authentication Flow WLAN IPv4 Flow CAPWAP Tunnel IPv6 WLAN IPv6 Flow AP Bridged Mode NAT44+IPoE NAT44 Private IPv4 Public IPv4 Access authentication: Use portal authentication as an example. The WLAN terminal uses the IPoE access mode and the IPv4 web+portal authentication mode. The portal server must be upgraded to obtain the public and private IPv4 and IPv6 addresses of users. NAT: Divert the service traffic in the WLAN private user domain to the CGN for NAT. As the portal protocol is carried over IPv4, this solution supports only dual-stack terminal access, not IPv6-only terminal access. Private Network Dual- stack Solution AP Bridged Mode Dual-stack+IPoE Public IPv4 Public Network Dual- stack Solution IPv6 Solution 1: Private Network Dual-stack Solution Access authentication: The WLAN terminal uses the IPoE access mode and the IPv4 web+portal authentication mode. The portal server must be upgraded to obtain the IPv4 and IPv6 addresses of users. Solution 2: Public Network Dual-stack Solution IPv6 Dual-stack Terminal IPv4 The BRAS allocates user addresses and authenticates users. The AC manages and controls APs in a unified manner. IPv6 Evolution Solution IPv6 Evolution Overview Broadband Access Solution 4: WLAN Access Service System Reconstruction Solution IP Core Network Solution Broadband Access Solution 1: Dual-stack+NAT Broadband Access Solution 2: DS-Lite Broadband Access Solution 3: NAT64 Broadband Access Solution 5: Wireless Access Government/Enterprise Leased Line Access Solution Data Center Solution CGN Reliability Solution IPv6 Security Solution E2E O&M Solution IPv6 Evolution Professional Service Solution Network Design Service Migration Network Optimization Consultation Service Integration Test Service Verification Protect network investments, and achieve smooth network evolution and hitless service migration Project Management and Process Control Capabilities Throughout the Network Construction Period Huawei Network Product Series Providing the E2E IPv6 Solution Terms IPv6 Evolution Network Reconstruction Costs and Difficulties Network IPv6 Progress Mainstream Evolution Solution Auxiliary Solution at Later Stages of IPv6 Evolution DS+N AT DS- Lite NAT 64 IPv6 Only NAT 444 IPv4 Only Dual-stack Solution 6PE/6vPE Solution Independent U2000 IP LCT deployment IPv4 GTP/PPP over IPv4 IPv4/IPv6 Dual-stack IP Core Aggregation Network Dual-stack