IPV6 TRANSITION STRATEGIES Alessandro Salesi Alessandro Salesi Athens, Apr 13rd 2011
IPv6 Juniper Presentation
Oct 27, 2014
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
IPV6 TRANSITION STRATEGIES
Alessandro SalesiAlessandro Salesi
Athens, Apr 13rd 2011
2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
JUNIPER PERSPECTIVE ON IPV4 EXHAUSTION AND IPV6 DEPLOYMENT
IPV6 NEWS
2008Q4 - Google IPv6 launch (ipv6.google.com)
2008Q4 - Free 6rd deployment
2009-06 - Comcast announce Ipv6 Transit Wholesale service
2009-06 - Netflix available through Ipv6
2009-06 - VZ Wireless announce that any LTE phone will have to have an IPv6@ to connect their network
2010-1 - Comcast announce Ipv6 trial for end customer in april
3 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
2010-2 - Youtube is now available on IPv6
2010-7 – T-Mobile USA is launching an Ipv6-only trial
2010-9 – USA Federal agencies CIO announced Ipv6 services schedule
2010-11 – Akamai announced their IPv6 project (rollou t in 2011)
2010-12 – Level3 is offering Ipv6 transit
2010-12 – VZW launched their LTE network. Dual stack and full IPv6 IMS.
IPV4 REALITY CHECK:IANA FREE POOL HAS EXHAUSTED
Post 2008 recession
Pre 2008 recession
2008 recession effect
IANA exhaust: 2/1/2011RIR exhaust: soon after
4 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Post 2008 recession
After completion:Existing IPv4 addresses will not stop working.Current networks will still operate.
0%
INDUSTRY IPV6 SCORE CARD
Function Element Status
Network Core Router: T
Edge Routers: MX, 6PE
Servers Linux 2.6+
Datacenter equipments, CDN
End-user clients Windows 7(Many XP boxes out there)
5 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
(Many XP boxes out there)
MacOS 10.x
Game consoles Wii, PS3, Xbox
Software Web Browser: Firefox, IE, Safari
Skype
On-line PC games
SSL VPN
Content Web content available over IPv6
CE CPEs
Number 1 & 2issues
Number 1 & 2issues
WEB REACHABILITY ON IPV6?COMCAST IPV6 MONITOR /1
0.17%
Google had white-listed Comcast for
a short period of time
Source: http://ipv6monitor.comcast.net
6 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
0.14%
Average0.15%
Dec 2009 Oct 2010
Current measurement:0.15% of Alexa top 1-million web sites are available via IPv6(This number has not changed in the last 12 months) Source: http://ipv6monitor.comcast.net
WEB CONTENT ON IPV6?COMCAST IPV6 MONITOR /2
Google had white-listed Comcast for
a short period of time
10%
20%
Source: http://ipv6monitor.comcast.net
7 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
10%
0%
There is a direct correlation between content popul arity and IPv6 presence.Source: http://ipv6monitor.comcast.net
# DNS QUERY
8 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Source : Yoshinobu Matsuzaki @ IIJ IPv6/IPv4 = 0.41%
IPV6 ALONE IS NOT THE ANSWER TO IPV4 ADDRESS DEPLETION
Short Term: IPv6 to simplify IPv4 service delivery.IPv6 networks with IPv4 overlays enable the management of a large number of customers while maintaining an IPv4 service.
Today: CGN solves IPv4 exhaust.
Feb 1st 2011: IPv4 exhaustion occurred.
9 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Medium Term: Emergence of IPv6 content.The decoupling of deploying IPv6 networks from the deployment ofIPv6 applications & content solves the chicken and egg problem.IPv6 traffic is a cap& grow strategy around NAT scaling issues.
number of customers while maintaining an IPv4 service.
Long Term: IPv4 dies (very slowly) .IPv4 & IPv6 co-exist until IPv6 become pervasive.
IPV6 UNDER-LAYER (“L2.5”): DS-LITE
ISP IPv6
Network
IPv4 & IPv6
The IPv4 NAT function is moved from the CPE to a box in the service provider network:Only one level of
NAT
Requires:
- IPv6 access network
- DS-Lite aware IPv6 CPE
Dual-stack wireless device
provisioned only with IPv6
10 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPv6/IPv4 tunnel
IPv4 & IPv6 IPv4
CPE are provisioned
only with IPv6 IPv6IPv6 traffic
flows directly
AFTR
PROBLEM STATEMENT:GETTING CONTENT AVAILABLE OVER IPV6 QUICKLY
How to get example.com web site available over IPv6 quickly and at the lowest possible cost?
☐ Get everything dual-stack (Network, Load-balancer, Servers…)
☐ Get the network dual-stack and leave the servers IPv4(Easier, as the engineering teams dealing with servers are often not the
11 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
(Easier, as the engineering teams dealing with servers are often not the same as the ones dealing with the network)
� Don’t touch anything and let some else handle the problem…
An IPv6->IPv4 translator in the cloudcan do this translation for you.
PRODUCT TO BUILD: “TRANSLATOR IN THE CLOUD” TO QUICKLY DELIVER IPV6 SERVICE
IPv4IPv6
IPv4 address ofwww.example.com
IPv6 clients
12 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Cloud
Translator
NAT 64
www.example.comDNS AAAA 2001:…
IPV4/IPV6 TRANSITION MECHANISM CHOICE
12
14
16
18
20
No.
of C
usto
mer
s
IPv4/IPv6 Mechanism
A+P
6rd
6to4
13 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
0
2
4
6
8
10
12
A+P 6rd 6to4 DS-Lite NAT444 NAT64 NAT66 4rd
No.
of C
usto
mer
s
6to4
DS-Lite
NAT444
NAT64
NAT66
4rd
OBSERVATIONS ABOUT TRANSITION TECHNIQUES
All transition techniques (NAT444+6RD, NAT64, DS-Li te) revolve around the notion of sharing IPv4 addresses via some form of NAT.
14 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
They all require the exact same amount of IPv4 addresses to be shared in a NAT pool.
� The difference is how packets are transported to the NAT
Sharing addresses among customers introduces issues:� LEA/Abuse/Logging/Geo-location/Access control
CONCLUSION
Now is the time to get serious about IPv6.In doing so, it is critical to preserve IPv4 service .
Key hot topics are:� Replacing every CPE to enable IPv6
Making the operation of IPv4 NAT technologies scale
15 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
� Making the operation of IPv4 NAT technologies scale� Getting content on IPv6
16 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
UPCOMING KEY TECHONOLOGIES
UPCOMING TECHNOLOGY: PCP (NEW DEVELOPMENT)
PCP: Port Control Protocol
PCP objectives are to enable applications to receive incoming connections in the presence of an ISP NAT/Firewall.
Instead of ‘working around’ NATs like other NAT traversal techniques like STUN/TURN/ICE, PCP enables an explicit dialog between applications and the NAT.
17 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
between applications and the NAT.
PCP can be seen as a ‘carrier-grade’ evolution of UPnP-IGD and NAT-PMP.
The work on PCP is done at IETF in a new working group co-chaired by Alain Durand (Juniper) & Dave Thaler (Microsoft).
PCP IN A NUTSHELL
ISP network
Applications negotiate ports with the ISP NAT to establish external presence.Application asks: “I’d like to get port 5000 for 48 hours”, NAT PCP server responds:“I give you port 6003 for 12 hours”.
No more keep-alive!Better radio efficiencyBetter battery life
18 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPv4NAT
ISP network
19 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
JUNIPER SOLUTIONS
IP FAMILY TRANSITION SERVICES ON MS-PIC/MS-DPC
IPv6 Features� IPv6 NAT and IPv6 Stateful Firewall� NAT-PT Supported (ICMP ALG)� NAT-PT DNS ALG (10.4)� Stateful NAT66 supported� NAT64 (10.4)
8 MS-DPC supported by Single MX Chassis (1H2011)
20 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
NAT44� Support CGN requirement � (draft-ietf-behave-lsn-requirements-00)
IPv6 Softwire� DS-Lite (10.4)� 6rd/6to4 (11.1-Now)
Related Documents
