© 2010 Cisco and/or its affiliates. All rights reserved. 1 Tibor Nagy – Cisco Systems [email protected] IPv4/IPv6 Transition Technologies
© 2010 Cisco and/or its affiliates. All rights reserved. 1
Tibor Nagy – Cisco Systems
IPv4/IPv6 Transition Technologies
© 2010 Cisco and/or its affiliates. All rights reserved. 2
• It is really about Business Continuity (for SPs)
Not about IPv6 ‘cool’ factor
Not about SP Network, per say
• It is really about customers’ Internet access* and experience
Internet is mostly IPv4 reachable
Customers still use IPv4 only devices
Source – Univ. Of Penn. IPv6 Monitor
Only ~4-8% of Top 1000 websites are
IPv6 reachable
Top-10
websites
Top-100
websites
Top-1000
websites
* There are reasons other than Internet Acess, but not focused here
© 2010 Cisco and/or its affiliates. All rights reserved. 3
• There is more to Internet Access than just IPv4/v6 packet forwarding: 1. DNS (Domain Name System)
2. ALG (Application Layer Gateway)
3. Lawful Intercept (Logging/Capturing/Storing)
4. DPI (Deep Packet Inspection)
5. Stateful NAT44 or 46 performance, resiliency
6. CPE Cost
• The top 3 can make or break the Internet Access/experience
• The bottom 4 can impact SP’s CAPEX & OPEX
© 2010 Cisco and/or its affiliates. All rights reserved. 4
• SP assigns IP address(es) its customers via one of the following:
1. Single-Stack IPv4 (Private)
2. Single-Stack IPv6 (Public)
3. Dual-Stack IPv4 (Private) + IPv6 (Public)
• Solution may involve Tunneling
Tunneling could be 4o6 or 6o4 or none
• Solution would involve Address Translation
Translation could be stateless or stateful CGN
Translation could be 44 or 64 or 46
Translation could happen on CPE and/or Network
© 2010 Cisco and/or its affiliates. All rights reserved. 5
• Stateful NAT44 happens in the Network (Internet Gateway, say)
With or without an additional NAT44 in Home
• TCP/UDP Ports are typically shared among customers
Per-customer port limit on CGN device
Boundary
Router
IPv4 Network
Public IPv4
IPv4 backend
Modem (L2)
Gateway (L3) Residential Edge
Public IPv4
Private IPv4
IPv6
Router (L3) CGN44
© 2010 Cisco and/or its affiliates. All rights reserved. 6
Advantages:
• Available and deployed now (TTM)
• No IPv6 dependency
• No CPE dependency
Disadvantages:
• Massive Port Sharing -> Major issue
• LI infrastructure changes -> CAPEX/OPEX+
• ALG enforcement
• Routing enforcement
© 2010 Cisco and/or its affiliates. All rights reserved. 7
• A customer device supporting IPv6 could use native IPv6 forwarding
Assuming the destination is available on IPv6 Internet
• Otherwise, the customer device uses IPv4 forwarding
Same consideration as that of just CGN applies, assuming private IPv4 addressing
Boundary
Router
IPv4 + IPv6
Network
Public IPv4
IPv4/v6-Backend
Modem (L2)
Gateway (L3) Residential Edge
Public IPv4
Private IPv4
IPv6
Router (L3)
CGN44
Public IPv6
© 2010 Cisco and/or its affiliates. All rights reserved. 8
Advantages:
• Simplest and Available now (TTM)
• No need for DNS64 support
• No need for ALG64 in network
• No changes to Routing design
• IPv6 can be enabled incrementally
• IPv4 can be removed selectively
Disadvantages:
• Massive Port Sharing -> Major issue
• LI infrastructure changes -> CAPEX/OPEX+
© 2010 Cisco and/or its affiliates. All rights reserved. 9
• IPv6 traffic tunneled over IPv4 network
No DHCPv6, no IPv6 ND on CPE -> Customer IPv6 delegated prefix derived from CPE’s IPv4 address and 6rd Prefix
• IPv4 traffic forwarded natively
Same consideration as that of just CGN applies, assuming private IPv4 addressing
• Simple, stateless, automatic IPv6-in-IPv4 encapsulation and decapsulation
Boundary
Router
IPv4 Network
Public IPv4
IPv4-only backend
Gateway (L3) Residential Edge
Public IPv4
Private IPv4
IPv6
Router (L3)
CGN44
Public IPv6
6RD BR
6RD
2011:100 ?.?.?.? Interface ID Subnet-ID
0 28 56 64
6rd IPv6 Prefix (variable length) Customer IPv6 Prefix
Customer’s IPv4 prefix (32 bits)
6RD
© 2010 Cisco and/or its affiliates. All rights reserved. 10
Advantages:
• Doesn’t require SP to enable IPv6 in network
• No need for DNS64 support
• No need for ALG64 in network
• No changes to Routing design
• IPv6 can be offered incrementally
• IPv4 may be removed selectively
Disadvantages:
• Massive Port Sharing -> Major issue
• LI infrastructure changes -> CAPEX/OPEX+
• Requires tunneling -> Fragmentation on Access
© 2010 Cisco and/or its affiliates. All rights reserved. 11
• IPv4 traffic tunneled over IPv6 network
V4 and AFTR do v4ov6 tunneling
NAT44 done by AFTR; NAT entries also include IPv6 address
NAT44 on CPE must be disabled
• IPv6 traffic forwarded natively
Boundary
Router
IPv6 Network
Public IPv4
IPv4/v6-backend
Modem (L2)
Gateway (L3) Residential Edge
Public IPv4
Private IPv4
IPv6
Router (L3)
Public IPv6
AFTR
B4
B4
© 2010 Cisco and/or its affiliates. All rights reserved. 12
Advantages:
• No need for DNS64 support
• No need for ALG64 in network
• No changes to Routing design
• IPv4 may be removed selectively
Disadvantages:
• IPv6 end-to-end
• Massive Port Sharing -> Major issue
• LI infrastructure changes -> CAPEX/OPEX+
• Requires tunneling -> Fragmentation on Access
• Requires ALG44 in network
• Breaks DPI
• Breaks VoIP prioritization on (DOCSIS) access
• NAT44 on CPE is enabled
© 2010 Cisco and/or its affiliates. All rights reserved. 13
• Stateless = No dynamic state created/induced by traffic + configuration per user/IP
• Stateless does NOT mean NO configuration
• Example of Stateless/Stateful
• Stateless allows better scaling, performance & flexibility in network design and equipment.
Stateless Stateful
IP Router & IP Forwarding Firewall, NAPT44, SBC
MAP Border Relay DS-Lite AFTR
© 2010 Cisco and/or its affiliates. All rights reserved. 14
• http://tools.ietf.org/html/draft-ietf-softwire-stateless-4v6-motivation
• Allow IPv6 only SP operations
• Minimize need/impact of NAT44 OSS, logging
• Scale in terms of IP forwarding capacity, rather than dynamic per subscriber state
• Support asymmetric routing to/from the IPv4 Internet + route optimization
• Maximize the ease of deployment and redundancy of nodes
• Support a redundant multi vendor environment
• Allow direct user-user traffic flows (eg allows for direct CPE-CPE)
• Retain today’s user experience (NAT on CPE) and supports today’s operational model.
© 2010 Cisco and/or its affiliates. All rights reserved. 15
MAP Draft-ietf-softwire-map
MAP
Defines Port indexing and IPv4<->IPv6 address
mapping algorithm.
Allows Translated (-T) or Encapsulated (-E)
transport modes
Integrates both in CPE and Border Relay.
MAP-Translation
- Stateless NAT64 based transport using MAP
algorithm
- Compatible with core stateful or stateless
NAT64 core MAP DHCPv6
draft-mdt-softwire-map-dhcp-
option-00
MAP DHCP
Defines DHCPv6 Option for configuring MAP CE.
MAP-Encapsulation
- Stateless IPv4 in IPv6 Encapsulation based
transport using MAP algorithm
- Backwards compatible with DS-Lite AFTR core
© 2010 Cisco and/or its affiliates. All rights reserved. 16
Uses NAT64 and IPv6-only transport – regular IPv6 data plane. Allows IPv4-IPv6 communication
Stateless NAT64 Core MAP Border Relay (can also be stateful)
1. CPE uses combination of IPv6 prefix + DHCPv6 MAP Option to derive CPE’s IPv4 address + port set id
2. CPE derives its TCP/UDP port range by decoding the port-set id using MAP algorithm
End user IPv6 hosts use the same IPv6 prefix. MAP-T has no impact on IPv6 hosts/traffic.
NAT
CMTS/BNG (IPv6)
IPv6 IPv6 + IPv4 IPv4-Public
Stateless MAP Relay
IPv4Private Subscriber 1
MAP CE
CPE
IPv4-Private Subscriber 2
NAT
IPv6-only server
© 2010 Cisco and/or its affiliates. All rights reserved. 17
IPinIP based transport - (same dataplane as DS-Lite)
Stateless IPinIP core MAP Border Relay (can also be stateful, eg AFTR)
1. CPE uses combination of IPv6 prefix + DHCPv6 MAP Option to derive CPE’s IPv4 address + port set id
2. CPE derives its TCP/UDP port range by decoding the port-set id using MAP algorithm
End user IPv6 hosts use the same IPv6 prefix. MAP-E has no impact on IPv6 hosts/traffic.
CPE
MAP CE
NAT
Gateway (IPv6)
Stateless MAP Relay
IPv6
IPv6 + IPv4 IPv4-Private Customer
IPv4-Public
NAT IPv4-Private
Customer
© 2010 Cisco and/or its affiliates. All rights reserved. 18
MAP CE
NAT
MAP BR IPv6
IPv4-Private Customer + IPv6
IPv4-Public MAP Address= 2001:beef:(1.1.1.1.
f)
2001:beef:<1.1.1.1.f> 2001:beef::a
TCP IPv6 IPv4
Router/CMTS/GGSN/BNG/etc Gw address=
2001:beef::a
1.1.1.1 8.8.8.8 5000 80
192.168.0.1 8.8.8.8 1444 80
IPv4 TCP NAT44 Source IP
Address + Port
1.1.1.1 8.8.8.8 5000 80
IPv4 TCP
Stateless Encap
5000 80
IPv4 TCP
1.1.1.1 8.8.8.8
Stateless Decap
MAP Index f = Port
range 5000-5999
© 2010 Cisco and/or its affiliates. All rights reserved. 19
MAP CE
NAT
MAP BR IPv6
IPv4-Private Customer + IPv6
IPv4-Public MAP Address = 2001:beef:(1.1.1.1.
f)
2001:beef::a 2001:beef:<1.1.1.1.f>
TCP IPv6 IPv4
Router/CMTS/GGSN/BNG/etc Gw address=
2001:beef::a
8.8.8.8 1.1.1.1 80 5000
80 5000
IPv4 TCP
8.8.8.8 1.1.1.1
8.8.8.8 192.168.0.1 80 1444
IPv4 TCP
8.8.8.8 1.1.1.1 80 5000
IPv4 TCP
IPv4 to IPv6 mapping +
ce-index + stateless
encapsulation
Port range 5000-
5999=Index f
© 2010 Cisco and/or its affiliates. All rights reserved. 20
MAP CE
Route
DS-Lite AFTR
BR
IPv6
IPv4-Private Customer + IPv6
IPv4-Public MAP Address= 2001:beef:(IID)
2001:beef:<1.1.1.1.f> 2001:beef::a
TCP IPv6 IPv4
Router/CMTS/GGSN/BNG/etc Gw address=
2001:beef::a
192.168.0.1 8.8.8.8 1444 80
192.168.0.1 8.8.8.8 1444 80
IPv4 TCP IPinIP Tunneling
5000 80
IPv4 TCP
1.1.1.1 8.8.8.8
Stateful NAT44
NAT44 is turned off
via DHCPv6 MAP
DMR Option
MAP-E Mode: Compatible with AFTR
MAP-T Mode: Compatible with NAT64
© 2010 Cisco and/or its affiliates. All rights reserved. 21
• Example of info at the CPE used to derive IPv4 address:
IPv6 Delegated Prefix (e.g., /Y)
MAP IPv4 Address Port
MAP Interface ID Subnet-ID
64 (fixed) “EA Bits”
Y - X = a
01010101 111000
/Y
2001:0DB8:00 /X
Mapping Domain Prefix
Size = X bits (provisioned)
0 /X
> 0 XXXX
6+c
6 (fixed)
0 6 16
10-c
130.67.1 /Z
IPv4 Prefix
Z bits (provisioned)
0 /Z
+ 01010101 111000
IPv4 Suffix
32 – Z = b a - b = c
Port Set ID 32
+
Via DHCPv6 PD
Z, a and b are derived from
DHCPv6 MAP Option.
© 2010 Cisco and/or its affiliates. All rights reserved. 22
http://map46.cisco.com/
© 2010 Cisco and/or its affiliates. All rights reserved. 23
Advantages:
• No IP-in-IP Tunneling
No DOCSIS forwarding performance degradation
• No need for CGN44 & per-session NAT logging in network
• No need for Lawful Intercept infrastructure changes
• No need for DNS64 support
• No need for ALG44 or 46 in network
• No changes to BGP Routing design
• Better deep packet inspection (DPI) support
• Customer is always traceable (thanks to A+P) tuple
• Better Geo-location and Geo-proximity
• Future Flexibility to disable NAT64 on network
• CPE logic deemed less expensive (than DS-lite)
Disadvantages:
• Under IETF standardization
• CPE support will come after standardization
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Technical Superiority Includes:
– IPv4 address Saving
– Scale & Performance
– Complexity & Cost
– LI, DPI, QoS
– Multicasting
1 CGNAT44/4
DS 2
6RD 4
Technical Superiority
Ease
of
Dep
loym
en
t /
Op
era
tio
ns
High
High Low
4 2
1 DS-Lite 3
3 Ease of Operations Includes:
– Network changes
– CMTS software changes
– CM or CPE changes
– Backend system changes
4RD 5
5
4464 (MAP-T) 6
6
7 IVI (NAT64)
7
8 IPv6 native
8
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
• MAP Fulfills the requirements for a stateless transition technology
Scales according to traffic and number of rules only, not number of users or number of users per rule
High Performance
Flexibility of deployment (incl combination with stateful technologies)
Open standard
• MAP Standard is based on the combination of both MAP-T and MAP-E
MAP-T : allows for use native IPv6 traffic classification & handling features on IPv6-only devices. Compatible with stateful NAT64 core
MAP-E : Based on IPinIP – allows IPv4 transport over IPv6. Backwards compatible with DS-Lite AFTR core
• Open source MAP CPE available
• Cisco MAP Border Relay shipping in Q4 2012.
Thank you.