Cisco Expo                                                           2012Варианты практическойреализации стратегиимиграции...
Приз за знанияПринимайте активное участие в Cisco Expo и получите вподарок Linksys E900.Как получить подарок:•  внимательн...
Objective•  Understand Cisco’s IPv6 Transition solution – CGv6•  Understand CGv6 solution components.•  Understand how we ...
Agenda    •  CGv6 Overview    •  CGv6 Solution Component     •  Carrier Grade NAT    •  Transition Technology Overview    ...
CGv6 overview   •  CGv6 is a Cisco’s IPv6 Transition solution for Service provider   •  CGv6 Components                   ...
CGv6 Technologies                        Today Private IP                            6-over-4 Transitional 4-over-6   All ...
Carrier Grade Services Engine (CGSE)                 An engine for Carrier Class SP Services: CGv6, CCN, NPS,             ...
CGSE Overview   •  CGv6 function resides on CGSE PLIM   •  Paired with CRS-MSC-40G-B, CRS-MSC-20G-B, CRS-MSC and          ...
CGSE PLIM and IPv6 Transition Services (CGv6)   •  Hardware       CGv6 function resides on CGSE PLIM       Quad Octeon mul...
Carrier-Grade Services Engine•  CGSE Apps attached to        one or more routing spaces        via Service Virtual        ...
ISM Application and Router Domains                                 Application                                            ...
ISM Hardware Architecture© 2011 Cisco and/or its affiliates. All rights reserved.   12
ISM OverviewPer Blade (ISM) LimitsCGN instance supported                                     1Number of service infra     ...
NAT44 (CGSE) vs NAT44 (ISM)           Parameter                                       CGSE behavior         ISM behavior  ...
CGN - Deployment options                                                 Distributed                                    Ce...
© 2011 Cisco and/or its affiliates. All rights reserved.   16
Bring Up the CGSE board              Control connection to CGSE are via the One ServiceInfra Interface & IPv4 address of ...
CGSE Booting Process                               XR                                            Service/ CGN Pie not inst...
Service interface Configuration                •  Service Instance is the highest level configuration structure           ...
ServiceApp Interfaces  Logical interfaces/paths between CGSE apps and rest of router        •  Treated like regular interf...
© 2011 Cisco and/or its affiliates. All rights reserved.   21
•  “..A NAT or NAPT device used by many subscribers, where many      would be on the order of dozens to hundreds of thousa...
CGN NAT44: One Strategy for Dealing with the IPv4 Address   Run-Out Problem   Customers                                   ...
Public IPv4 exhaustion with NAT444    Residential                                    Access      Aggregation              ...
NAT444 Prons and Cons                                                           Pros                Cons                 •...
© 2011 Cisco and/or its affiliates. All rights reserved.   26
ASR 9000 and CRS-1/3 with CGSE : Separated VRF    Approach                                                           Dest ...
Outside IP address Selection•  Upon receipt of the first Flow per Inside source address, CGN attempts to      choose an Ou...
Port Selection•  ISM chooses a port randomly from the list of available (unused) ports      associated with the chosen Out...
Carrier Grade NAT ( NAT44 ) Implementation Details•  ISM and CGSE NAT44 implementation is compliant to these NAT      Beha...
NAT44 Service-Type-Specific Instances        •  1 NAT44 Instance per CGN (per primary/backup card pair)        •  Scaling ...
NAT44 Deployment Notes           •  Separated VRF model – inside & outside of NAT in different VRFs               Outside ...
© 2011 Cisco and/or its affiliates. All rights reserved.   33
IPv4/IPv6 Translation Scenarios ?                                                            IPv4                         ...
Stateful and Stateless IPv4/IPv6 Translation  •  Stateful (NAT64 usually refers to stateful v6/v4 translation)            ...
Stateless NAT64         •  Enables communication between IPv4 & IPv6 hosts                      Performs packet translatio...
NAT64 Stateless Translation    Example without ubits-reserve        •  No state maintained            Algorithmic address ...
DNS64              •  Required when using NAT64 with IPv6-only end-hosts.              •  Synthesizes AAAA records when no...
From behave framework draft                                                                      stateful   stateless1.   ...
•  Simple configuration                    Set parameters required by draft                    Configure ServiceApps      ...
© 2011 Cisco and/or its affiliates. All rights reserved.   41
Tunnelling          IPv6 in IPv4 – Why?                Deployment of fully native IPv6 affects numerous system           ...
6to4 Tunnelling  Key building block for later tunnel schemes                                                              ...
6to4 Tunneling   Key building block for later tunnel schemes             • Automatic IPv6 over IPv4 tunnels (no static con...
6rd in a Nutshell           •  Like 6PE, delivers Production-Quality IPv6 by only touching edge                   points a...
6rd (IPv6 Rapid Deployment)                                                                               Private IPv4 Add...
6rd: IPv6 via IPv4 using 6rd    Residential                                    Access   Aggregation   Edge      Core      ...
6rd and 6to4 IPv6 Prefix example                   ISP	  IPv6	  Prefix	  +	  (op/onal)	  Domain	  ID	                      ...
Solving exhaustion while introducing IPv6    Residential                                    Access           Aggregation  ...
Linksys IPv6 config© 2011 Cisco and/or its affiliates. All rights reserved.   50
  How can we create more subnets?                 Use a shorter 6rd Prefix                 Use V4 Mask Length to skip co...
Anycast Address for BR                                                                         IPv4             IPv6      ...
6rd vs 6to4                       Attribute                                    6rd                      6to4              ...
CRS 6rd & ServiceApp Config                service cgn demo                 service-type tunnel v6rd 6RD                  ...
Thank you.
IPv4 Internet                                                                                      IPv6 Internet          ...
IPv4 Network                                IPv6 Network                                                            OSPFv2...
IPv4 Network                                   IPv6 Network                                                               ...
IPv4 Network                                  IPv6 Network                                                                ...
IPv4 Network                                         IPv6 Network                                                         ...
Upcoming SlideShare
Loading in …5
×

Варианты практической реализации стратегии миграции к IPv6.

867 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
867
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Варианты практической реализации стратегии миграции к IPv6.

  1. 1. Cisco Expo 2012Варианты практическойреализации стратегиимиграции к IPv6Mustafa BayramovConsulting System Engineer24/10/2012© 2011 Cisco and/or its affiliates. All rights reserved. 1
  2. 2. Приз за знанияПринимайте активное участие в Cisco Expo и получите вподарок Linksys E900.Как получить подарок:•  внимательно слушать лекции по технологиям Cisco•  посещать демонстрации, включенные в основную программу•  пройти тесты на проверку знанийТесты будут открыты:с 15:00 25 октября по 16:30 26 октябряwww.ceq.com.ua© 2011 Cisco and/or its affiliates. All rights reserved. 2
  3. 3. Objective•  Understand Cisco’s IPv6 Transition solution – CGv6•  Understand CGv6 solution components.•  Understand how we can preserve IPv4 address space and in parallel start transition to IPv6. •  Understand what technologies available to transition to IPv6. •  At the end of session you should be able to deploy Carrier Grade NAT. : )© 2011 Cisco and/or its affiliates. All rights reserved. 3
  4. 4. Agenda •  CGv6 Overview •  CGv6 Solution Component •  Carrier Grade NAT •  Transition Technology Overview •  Tunneling Technology Overview© 2011 Cisco and/or its affiliates. All rights reserved. 4
  5. 5. CGv6 overview •  CGv6 is a Cisco’s IPv6 Transition solution for Service provider •  CGv6 Components Hardware CRS CGSE, ASR 9000 ISM, ASR 1000 Features • Translation (NAT44, NAT64 Stateless/Stateful CGSE) • Tunneling (6rd, ds-lite, 6PE/6VPE) http://www.cisco.com/go/cgv6/© 2011 Cisco and/or its affiliates. All rights reserved. 5 5
  6. 6. CGv6 Technologies Today Private IP 6-over-4 Transitional 4-over-6 All IPv6 CGN(NAT44) 6rd, GRE, Dual stack DS-Lite IPv6inIPv4, 6PE/6VPE XLAT(AFT) Prosper Prepare Preserve = IPv4 = Private IP = IPv6© 2011 Cisco and/or its affiliates. All rights reserved. 6 6
  7. 7. Carrier Grade Services Engine (CGSE) An engine for Carrier Class SP Services: CGv6, CCN, NPS, DDoS, etc •  CGv6: Translation (NAT44, NAT64), Tunneling (6rd, DS-Lite, 4rd) •  20+ million active translations •  100s of thousands of subscribers •  1+ million connections per second Cisco CGSE •  20Gb/s of throughput per CGSE •  Builds upon the proven performance of the Cisco CRS platform •  High-capacity, carrier-class SP platform with Cisco IOS-XR Cisco CRS© 2011 Cisco and/or its affiliates. All rights reserved. 7 7
  8. 8. CGSE Overview •  CGv6 function resides on CGSE PLIM •  Paired with CRS-MSC-40G-B, CRS-MSC-20G-B, CRS-MSC and FP-40 ( R4.1.1 Onwards), •  Does not Support Pairing with MSC-140, or FP-140 •  No external interfaces •  Four 16-core Octeon MIPs CPUs, 64 CPU cores •  Standard interface to MSC, 20 Gbps of throughput (per CGSE) •  IOS XR on MSC, Linux on Octeon CPUs© 2011 Cisco and/or its affiliates. All rights reserved. 8 8
  9. 9. CGSE PLIM and IPv6 Transition Services (CGv6) •  Hardware CGv6 function resides on CGSE PLIM Quad Octeon multiprocessor architecture, 64 CPU cores Standard interface to MSC, 2x10 Gbps full-duplex nominal SVI CGN and Future IPv6 Apps run here SVI   Software –  IOS-XR on MSC, Linux on Octeon CPUs –  Leverages XR App SVI to divert packets to/from CGN function –  Leverages Vector Packet Path (VPP) for NAT application –  Integrated configuration & management via IOS XR© 2011 Cisco and/or its affiliates. All rights reserved. 9
  10. 10. Carrier-Grade Services Engine•  CGSE Apps attached to one or more routing spaces via Service Virtual CRS CGSE/Linux Interfaces (SVI) IOS-XR•  SVI packet diversion employs IP routing RP APP1 APP2•  Advantages of this approach •  Per-VRF and interface VRF1 separation •  Standard routing techniques for packet diversion VRF2/ •  Easy service bypass Global SVI’s •  ECMP load sharing Global Routing Space •  Per-SVI and APP OAM Global •  Scale and resiliency© 2011 Cisco and/or its affiliates. All rights reserved. 10
  11. 11. ISM Application and Router Domains Application IOS-XR Router Domain Domain • Linux Based • IOS-XR • Multi-Purpose Compute • Control Plane Resource • Data Forwarding • Used for CDS • L3, L2 (management) Application with On- • IRB board Modular Flash • Hardware Management Storage • Used for Translation Setup and Logging of CGN Applications Decoupling Application and IOS-XR Plane delivers Highly Scalable and Flexible Services© 2011 Cisco and/or its affiliates. All rights reserved. 11
  12. 12. ISM Hardware Architecture© 2011 Cisco and/or its affiliates. All rights reserved. 12
  13. 13. ISM OverviewPer Blade (ISM) LimitsCGN instance supported 1Number of service infra 1Number of service app 244 (per system)Maximum IP pool supported /16Max Static Port forwarding 6KMax number of NAT users 256 KNumber of NAT44 Translations 20 Million connectionsThroughput (In2Out + Out2in) 10 Gbps (I-MIX with 4 ServiceApp)Throughput (In2out / Out2In) 2.5Gbps (per ServiceApp)NAT44 Session setup rate 1 Million connection / second© 2011 Cisco and/or its affiliates. All rights reserved. 13
  14. 14. NAT44 (CGSE) vs NAT44 (ISM) Parameter CGSE behavior ISM behavior NAT44 CLIs Same Same Uses SVI Yes Yes Throughput 20 Gbps (I2O + O2I) 10 Gbps (I2O + O2I) Max. # of sessions 20M 20M Session setup rate 1M/sec ~ 1M/sec (TBD)© 2011 Cisco and/or its affiliates. All rights reserved. 14
  15. 15. CGN - Deployment options Distributed Centralized Home Home CGN CGN Public IP Private IP Private IP Private IP Addressed Home Addressed Home •  Meshes well with Distributed BNG •  Backhaul of NAT customers •  Smaller Throughput Requirement •  Larger Throughput Requirement •  Less Emphasis on Redundancy •  Emphasis on Redundancy •  Less Emphasis on Load-Balancing •  Emphasis on Load-Balancing •  Less CGN Spend per Node •  More CGN Spend per Node© 2011 Cisco and/or its affiliates. All rights reserved. 15
  16. 16. © 2011 Cisco and/or its affiliates. All rights reserved. 16
  17. 17. Bring Up the CGSE board   Control connection to CGSE are via the One ServiceInfra Interface & IPv4 address of local significance.   Configure the Serviceinfra Interface and associate with the CGSE location router(config)# interface ServiceInfra1 ipv4 address 3.1.1.2 255.255.255.252 service-location 0/0/CPU0 commit   Specify the service role ( cgn ) for the given CGSE location router(config)# hw-module service cgn location 0/0/CPU0 commit   You need to reload the card. It may take ~15min router# hw-module location 0/0/CPU0 reload WARNING: This will take the requested node out of service. Do you wish to continue?[confirm(y/n)] y© 2011 Cisco and/or its affiliates. All rights reserved. 17 17
  18. 18. CGSE Booting Process XR Service/ CGN Pie not installed RUN Service/ CGN Pie installed without Role config XR RUN Takes Master Octeon out of Reset Sends Doorbell to indicate bootloader MBI- downloaded (Successful Uboot) BOOT XR<3.8.0 rommon≤1.48 Linux Download will start and boot params CGSE-TILE Linux launch happens on master octeon NO BOOTING which downloads linux on Slave CGSE-TILE Linux UP Doorbell , App image gets OK downloaded via TFTP and launched   Plim Services process monitors various stages and packaged with comp-hfr-mini.vm.   3 Retries after which card will put into Failed State© 2011 Cisco and/or its affiliates. All rights reserved. 18
  19. 19. Service interface Configuration •  Service Instance is the highest level configuration structure Represents the CGSE card or primary/backup CGSE pair Common redundancy model is 1:1 warm standby 1 ServiceInfra interface per Service Instance – control path service cgn demo-1 service-location preferred-active 0/X/CPU0 preferred-standby 0/ Y/CPU0   “Service-Type-Specific Instance” is the child structure Includes specific configuration for apps running within Service Instance Service Types (NAT44, Stateless OR Stateful NAT64, DS-Lite & 6rd BR) service cgn demo-1 service-type nat64 stateless nat64-1 (SL-NAT64 specific config) service-type nat44 nat44-1 (NAT44 specific config) service-type tunnel v6rd 6rd-1 (6rd specific config)© 2011 Cisco and/or its affiliates. All rights reserved. 19 1
  20. 20. ServiceApp Interfaces Logical interfaces/paths between CGSE apps and rest of router •  Treated like regular interfaces from a routing standpoint SvcApps will go down if CGSE goes down Can be used to signal availability of CGSE (advertise SvcApp into IGP) NAT applications will use local static routing to steer traffic into CGSE •  Routing example from NAT44 Default route to CGSE in Inside VRF ServiceApp is configured with 80.1.1.1/24 Traffic routed to other addresses on 80.1.1.0/24 go to CGSE Static routes can use interface name, next hop, or both router static vrf CGSE-Inside interface ServiceApp1 address-family ipv4 unicast vrf CGSE-Inside (option A) 0.0.0.0/0 ServiceApp1 ipv4 address 80.1.1.1/24 (option B) 0.0.0.0/0 80.1.1.2 service cgn demo service-type nat44 (option C) 0.0.0.0/0 ServiceApp1 80.1.1.2© 2011 Cisco and/or its affiliates. All rights reserved. 20 2
  21. 21. © 2011 Cisco and/or its affiliates. All rights reserved. 21
  22. 22. •  “..A NAT or NAPT device used by many subscribers, where many would be on the order of dozens to hundreds of thousands of subscribers. This might NAT between any combination of IPv4 and IPv6..”*•  SP-class Performance and Scale O(tens of millions) of NAT44 translation states (e.g. sessions) O(10Gb/sec) Performance•  Support standard NAT Behaviors RFC4787, RFC5382, RFC5508•  Ability to bypass (route around the NAT)•  Ability to log NAT44 bindings•  Ability to limit the number of sessions per private IPv4 source© 2011 Cisco and/or its affiliates. All rights reserved. 22
  23. 23. CGN NAT44: One Strategy for Dealing with the IPv4 Address Run-Out Problem Customers SP Network Public Internet IPv4 IPv4public Public IPv4 IPv4 Internet IPv4 router Carrier Grade NAT IPv4 (NOT)-IPv4public Public IPv4 IPv4 Internet IPv4 router = public IPv4 = NOT public IPv4© 2011 Cisco and/or its affiliates. All rights reserved. 23
  24. 24. Public IPv4 exhaustion with NAT444 Residential Access Aggregation Edge Core IP/MPLS CGN NAT44 NAT44 Private IPv4 Private IPv4 (SP Assigned (Subs.) domain) Public IPv4  NAT44 very likely to be used on RGW (Private IPv4192.168.0.0)  Private IPv4 used on RGW WAN interface (Unique per RGW, e.g. 10.0.0.0)  RGW NAT44 + CGN NAT44 = NAT444 solution  CGN NAT44 multiplexes several customers onto the same public IPv4 address  CGN NAT44 can be introduced in a centralized or distributed fashion*© 2011 Cisco and/or its affiliates. All rights reserved. 24
  25. 25. NAT444 Prons and Cons Pros Cons •  ISPs can reclaim global IPv4 •  SP NAT results in margin & addresses from customers, competitive implications replacing with non-routable •  Does not solve address private addresses and NAT exhaust problem in the long •  Addresses immediate IPv4 term exhaust problem •  Sharing IPv4 addresses could •  No change to subscriber CPE have user behavioral and liability implications •  No IPv4 re-addressing in home •  User control over NAT •  Dense utilization of Public IP address/port combinations© 2011 Cisco and/or its affiliates. All rights reserved. 25
  26. 26. © 2011 Cisco and/or its affiliates. All rights reserved. 26
  27. 27. ASR 9000 and CRS-1/3 with CGSE : Separated VRF Approach Dest 0.0.0.0/0 -> AppSVI1 Dest NAT Pool-> AppSVI2 Inside Outside VRF VRF Private IPv4 Interface CGSE Interface Public IPv4 Subscribers VLAN App Int App int VLAN VLAN Inside Outside Entry1 10.12.0.29:334 100.0.0.221:18808 Entry2 10.12.0.29:856 100.0.0.221:40582 Entry.. … … •  VRFs to Separate the Private and Public Routing Table. •  Interfaces are associated with a VRF. •  ServiceAPP interfaces are used to send packets to/from CGSE© 2011 Cisco and/or its affiliates. All rights reserved. 27
  28. 28. Outside IP address Selection•  Upon receipt of the first Flow per Inside source address, CGN attempts to choose an Outside address that has at least 1/3 of its ports free – all subsequent Flows from that Inside source will use the same Outside address. This selection is limited to the Outside IP addresses available to the CPU core making the decision, i.e. for a /24 of Outside space assigned to the CGN card, each CPU core will have 64 addresses from which to choose.•  If no Outside address has 1/3 of the ports free, then an Outside address is randomly chosen from those available. If that Outside address is completely exhausted, then a random selection is made from the remaining addresses, repeated until an address is chosen or it is determined that none are available (which results in an ICMP error message).•  Upon selection, CGN creates an Address binding (state) between the Inside and Outside address, which will persist as long as there are any Flows using that binding.© 2011 Cisco and/or its affiliates. All rights reserved. 28
  29. 29. Port Selection•  ISM chooses a port randomly from the list of available (unused) ports associated with the chosen Outside IP address. The first 1024 ports are reserved (not available for allocation). Each port is allocated once, regardless of which L4 protocol (UDP, TCP) is being used in the Flow.•  If the randomly chosen port is already being used, the selection increments (around a ring) until an available port is found; if none are available then an ICMP error message is sent.•  If the Inside source already has a number of Flows equal to the configured per-user limit, then the allocation is rejected and an ICMP message is returned.•  CGN creates a Translation binding (state) between Inside source IP address: port and Outside source IP address: port for the Flow© 2011 Cisco and/or its affiliates. All rights reserved. 29
  30. 30. Carrier Grade NAT ( NAT44 ) Implementation Details•  ISM and CGSE NAT44 implementation is compliant to these NAT Behavior RFCs, RFC4787 for UDP, RFC5382 for TCP and RFC5508 for ICMP and the Behavior described in http://tools.ietf.org/html/draft-nishitani-cgn-04•  Endpoint Independent Mapping (RFC4787 and RFC5382)•  Endpoint Independent Filtering (RFC4787 and RFC5382)•  Paired IP address assignment (RFC4787 and RFC5382)•  Port Parity assignment for UDP (RFC4787)•  Hair-pining•  1:1 Mapping© 2011 Cisco and/or its affiliates. All rights reserved. 30
  31. 31. NAT44 Service-Type-Specific Instances •  1 NAT44 Instance per CGN (per primary/backup card pair) •  Scaling via multiple pools & VRFs within the NAT44 instance •  Outside VRF can be default or “named”, inside must be “named” VRF •  Each Inside VRF maps to one Outside VRF •  Multiple Inside VRFs can map to same Outside VRF Inside VRF Outside VRF service cgn cgn1 service-type nat44 nat44-1 inside-vrf nat44-Inside-1 Inside 1 Outside 1 map outside-vrf Outside address-pool 1.1.0.0/16 Inside 2 inside-vrf nat44-Inside-2 map address-pool 2.0.0.0/16 Inside 3 Default inside-vrf nat44-Inside-3 map address-pool 2.1.0.0/26 Inside 4 inside-vrf nat44-Inside-4 map address-pool 2.2.18.0/24© 2011 Cisco and/or its affiliates. All rights reserved. 31 3
  32. 32. NAT44 Deployment Notes •  Separated VRF model – inside & outside of NAT in different VRFs Outside may be default VRF, Inside must be named VRF Multiple inside VRFs may map to same outside VRF •  LB in same chassis (CRS uses 3 Tuple Algo, doesn’t help for NAT since same flow should go to same CGSE) • Use ABF to split traffic. •  Src based bypassing (Need ABF) •  Retrieving NAT Statistics NAT44 Inside-Red Default •  IOS-XR CLI IPv4 Only • Netflow v9 NAT44 Inside-Red •  XML •  ANA (Check support) NAT44 Inside-Blue •  SNMP NAT44 NAT44 •  ENTITY MIB ,CISCO-ENTITY-FRUCONTROL-MIB, Inside- Outside Orange -Green CISCO-ENTITY-SENSOR-MIB. •  No CGN Mib Support   Max Pool per CGSE /16   Max Subscribers 1 Million Per CGSE© 2011 Cisco and/or its affiliates. All rights reserved. 32 3
  33. 33. © 2011 Cisco and/or its affiliates. All rights reserved. 33
  34. 34. IPv4/IPv6 Translation Scenarios ? IPv4 Network IPv4 Internet Which are possible? Portion:SUFFIX IPv6 IPv6 Network Internet •  Connecting an IPv6 network to IPv4 Internet •  Connecting the IPv6 internet to IPv4 network© 2011 Cisco and/or its affiliates. All rights reserved. 34
  35. 35. Stateful and Stateless IPv4/IPv6 Translation •  Stateful (NAT64 usually refers to stateful v6/v4 translation) Each flow creates state in the translator [2001:DB8:1]:1500 <--> 203.0.113.1:2000 Amount of state based on O(# of translations) N:1 mappings (like NAPT) draft-ietf-behave-v6v4-xlate-stateful •  Stateless Flow DOES NOT create any state in the translator Algorithmic operation performed on packet headers 1:1 mappings (one IPv4 address used for an IPv6 host)* draft-ietf-behave-v6v4-xlate© 2011 Cisco and/or its affiliates. All rights reserved. 35
  36. 36. Stateless NAT64 •  Enables communication between IPv4 & IPv6 hosts Performs packet translation between address families •  Green-field (brand new) network wants to deploy IPv6 only Doesnt’t need to acquire IPv4 addresses Simplicity of managing IPv6 only network •  Needs to access servers on the IPv4 Internet •  Sessions will be initiated by IPv6 clients •  Algorithmic mapping of addresses (no state maintained) •  NAT64 translates IP & L4 header •  A specific range of IPv6 addresses represents the v4 space This range is called the Network Specific Prefix (NSP)© 2011 Cisco and/or its affiliates. All rights reserved. 36 3
  37. 37. NAT64 Stateless Translation Example without ubits-reserve •  No state maintained Algorithmic address translation between IPv4 and IPv6 Network Specific Prefix Mapped Address Suffix 192.168.0.1 C0,A8,00,01 2001:0DB8:00C0:A800:0100:0000:: IPv4 Decimal IPv4 Hex IPv6   Highly Scalable   Supports both IPv4 initiated and IPv6 initiated sessions   IPv6 nodes need translatable addresses, IPv4 cannot reach all IPv6   Difference in address space size   1 to 1 mapping between v4 address and v6 address   Does not conserve IPv4 address space   Translates IP, TCP, UDP, & ICMP - L4 ports are copied© 2011 Cisco and/or its affiliates. All rights reserved. 37
  38. 38. DNS64 •  Required when using NAT64 with IPv6-only end-hosts. •  Synthesizes AAAA records when not present With IPv6 prefix of NAT64 translator DNS64 Internet IPv6-only host AAAA? AAAA? (sent simultaneously) Empty answer A? 192.0.2.1 2001:DB8:ABCD::192.0.2.1© 2011 Cisco and/or its affiliates. All rights reserved. 38
  39. 39. From behave framework draft stateful stateless1. IPv6 IPv4 Network Internet2. IPv4 IPv6 Internet Network3. IPv6 IPv4 Internet Network4. IPv4 IPv6 Network Internet IPv45. IPv6 Network Network IPv4 IPv66. Network Network© 2011 Cisco and/or its affiliates. All rights reserved. 39
  40. 40. •  Simple configuration Set parameters required by draft Configure ServiceApps Optional Parameters Required Configuration service cgn cgn1 service-location preferred-active 0/3/CPU0 service-type nat64 stateless xlat1 Required Configuration ipv6-prefix 2001:db8::/32 address-family ipv4 router static interface ServiceApp4 address-family ipv6 unicast ! 2001:db8::/32 ServiceApp6 address-family ipv6 interface ServiceApp6 ! router static interface ServiceApp4 address-family ipv4 unicast ipv4 address 2.0.0.1 255.255.255.0 100.2.0.0/16 serviceApp4 service cgn cgn1 service-type nat64 stateless ! interface ServiceApp6 ipv6 address 2001:db8:fe00::1/40 service cgn cgn1 service-type nat64 stateless© 2011 Cisco and/or its affiliates. All rights reserved. 40 4
  41. 41. © 2011 Cisco and/or its affiliates. All rights reserved. 41
  42. 42. Tunnelling IPv6 in IPv4 – Why?   Deployment of fully native IPv6 affects numerous system components, aka “touch points” NMS/Addressing AAA/DHCP •  IPv6 Parameters •  DHCPv6 IPv6 IPv4 L2 RG Access Node BNGUser RG Access Node Aggregation Aggregation Core•  OS v6 Stack •  IPv6 LAN •  DHCPv6 snooping •  ICMPv6 snooping •  IPv6 Stack •  IPv6 Routing •  IPv6 WAN •  ICMPv6 snooping •  IPv6 NMS •  IPv6 PE/VPE •  IPv6 NMS •  IPv6 Routing •  IPv6 NMS •  IPv6 NMS •  IPv6 Security   Some are more challenging or deferrable than others Eg IPv6 upgrade of Access Node   Tunneling IPv6 over existing IPv4 infrastructure provides a transition solution with minimal number of “touch points” © 2011 Cisco and/or its affiliates. All rights reserved. 42 4
  43. 43. 6to4 Tunnelling Key building block for later tunnel schemes IPv6 Network • Automatic tunnels via address mapping • 6in4 encapsulation (next protocol = 41) 2002:Hex(A.B.C.D)::/48" • IPv6 addresses from 2002:IPv4::/48 Used to create 6to4 address space for this site A.B.C.D!Public IPv4 address! 6to4 Relay Anycast address " 192.88.99.1 Global IPv6 adress 2001:db8::1/64"© 2011 Cisco and/or its affiliates. All rights reserved. 43
  44. 44. 6to4 Tunneling Key building block for later tunnel schemes • Automatic IPv6 over IPv4 tunnels (no static config for tunnel endpoints) • Provides connections between IPv6 hosts (not between v4 & v6) • Utilizes Relay Routers to terminate tunnels • 2002::/16 address space is assigned to 6to4 • Advertised into local IPv6 network as /16 • IPv4 addresses are mapped into next 32 bits • Requires one globally unique IPv4 address per site 2002! IPv4 address ! SLA! Interface ID /16 ! /48 ! /64 !© 2011 Cisco and/or its affiliates. All rights reserved. 44
  45. 45. 6rd in a Nutshell •  Like 6PE, delivers Production-Quality IPv6 by only touching edge points around your network •  Capitalizes on what access networks do well, provisioning and transport of IPv4, adapted for carrying IPv6 •  Stateless operation, easy to provision, low overhead •  Proven deployment, in production already with N x Gb/s of traffic •  (Thanks to Youtube over IPv6 ) •  Stateless so no need symmetrical packet flow •  draft-ietf-softwire-ipv6-6rd-10.txt accepted as an RFC (RFC5969).© 2011 Cisco and/or its affiliates. All rights reserved. 45
  46. 46. 6rd (IPv6 Rapid Deployment) Private IPv4 Address Uses Provider’s IPv6 Address Space Public IPv4 Address IPv6 Address NAT44 (CGN/LSN) IPv4 Internet Private IPv4 NAT44 Private or existing IPv4 CPE IPv6 6rd CE Encap/ IPv6 Decap 6rd BR   Provide IPv6 through existing IPv4 network (Dual stack core is not necessary)   End to End “Stateless” “Automatic” Tunnel similar to 6to4 (RFC3056)   No DHCPv6, Neighbor Discovery, etc. to deploy in access network IPv6 addressing automatically created from IPv4 addressing, synced with IPv4 lease   6rd Border Relay (6rd BR, used to be called 6rd Gateway) provides access to IPv6 Internet   IPv6-in-IPv4 encap and decap function on 6rd CE (old name RG)   draft-ietf-softwire-ipv6-6rd (with DHCP/NAT extensions)© 2011 Cisco and/or its affiliates. All rights reserved. 46
  47. 47. 6rd: IPv6 via IPv4 using 6rd Residential Access Aggregation Edge Core IP/MPLS IPv4/v6 IPv4 IPv4/v6   Introduction of two Components: 6rd CE (Customer Edge) and 6rd BR (Border Relay)   Automatic Prefix Delegation on 6rd CE   Simple, stateless, automatic IPv6-in-IPv4 encap and decap functions on 6rd (CE & BR)   IPv6 traffic automatically follows IPv4 Routing   6rd BRs addressed with IPv4 anycast for load-balancing and resiliency Native, Dual-Stack IPv4/IPv6 service from subscriber perspective© 2011 Cisco and/or its affiliates. All rights reserved. 47
  48. 48. 6rd and 6to4 IPv6 Prefix example ISP  IPv6  Prefix  +  (op/onal)  Domain  ID   /56  prefix  for  subscriber  6rd 2001:ABC 0 0000:01 Subnet-ID (<= 16) Interface ID 0 28 32 56 64 /28 is an example, can vary based on site private  subscriber’s  IPv4  address  (<=32)   prefix allocation (i.e.,  drop  the  “10”  of  10.x.x.x  and  insert  the  remaining  24  bits)   /48  prefix  for  subscriber   6to4  Prefix  6to4 2002 6400:0001 SLA Interface ID 0 16 48 64 32  bits  of  public  IPv4  address(100.0.0.1)   © 2011 Cisco and/or its affiliates. All rights reserved. 48
  49. 49. Solving exhaustion while introducing IPv6 Residential Access Aggregation Edge Core Logging IP/MPLS NAT44 CGN NAT44 6rd CE Private IPv4 packets NAT44 6rd BR 6rd CE 6rd  Packets     NAT44 on RGW with Private IPv4 on both LAN and WAN side and CGN NAT44 introduced to deal with exhaustion   6rd CE works in combination with private IPv4 (Private IPv4 on WAN used in Delegated prefix construct)   Common, centralized vehicle to jointly handle NAT444 and 6rd BR components© 2011 Cisco and/or its affiliates. All rights reserved. 49
  50. 50. Linksys IPv6 config© 2011 Cisco and/or its affiliates. All rights reserved. 50
  51. 51.   How can we create more subnets?   Use a shorter 6rd Prefix   Use V4 Mask Length to skip common parts of the IPv4 address 6rd Prefix = 2001:ABC0 RG IPv4 Address = 9.1.10.7 4 bits = 6rd Prefix Length = 28 16 subnets V4 Mask Length = 0 2001:ABC0 0901:0A07 S Interface ID 28 bits 32 bits 64 bits 6rd Prefix = 2001:ABC0 RG IPv4 Address =X 9.1.10.7 4 bits + 6rd Prefix Length = 28 8 bits V4 Mask Length = 8 2001:ABC 01:0A07 Subnet Interface ID 28 bits 24 bits 64 bits© 2011 Cisco and/or its affiliates. All rights reserved. 51
  52. 52. Anycast Address for BR IPv4 IPv6 Peers Peers IPv4 IPv6 Peers Peers Peer PE PE Peer IPv4 ONLY MPLS/IPv4 Access PE P PE P Core Dual Stack   Multiple BR addresses can be used   But, 6rd is stateless Access   Packets can go to any BRDual Stack Access   Option to use anycast for redundancyCustomers Network   All BRs can receive packets on same address © 2011 Cisco and/or its affiliates. All rights reserved. 52
  53. 53. 6rd vs 6to4 Attribute 6rd 6to4 IPv6 Address SP’s IPv6 Address 2002::/16 Prefix IPv6 Address Excellent, it is an ISP It is “6to4” and everybody “Reputation” IPv6 Prefix knows that SP-managed service Yes No Always Route thru Yes (SP-managed BR) Maybe (Anycast Relay) SP’s network Private IPv4 support Yes No Border Relay Support (ASR1k, ASR 9000 Supported (IOS) CRS-1/3) CE Support (ASR1k, IOS and Supported (IOS) Linksys) Doc draft-ietf-softwire- RFC3056 ipv6-6rd© 2011 Cisco and/or its affiliates. All rights reserved. 53
  54. 54. CRS 6rd & ServiceApp Config service cgn demo service-type tunnel v6rd 6RD br ipv6-prefix 2001:420:81::/56 source-address 10.12.0.254 router static ipv4 prefix length 24 vrf InsidePrivate ipv4 suffix length 0 address-family ipv4 unicast 10.12.0.254/32 vrf default ServiceApp3 172.16.3.2 unicast address 2001:420:81:fe::1 ! address-family ipv4 interface ServiceApp3 ! address-family ipv6 interface ServiceApp4 ! interface ServiceApp3 ipv4 address 172.16.3.1 255.255.255.0 service cgn demo service-type tunnel v6rd ! interface ServiceApp4 ipv6 address 2001:db8::1/64 service cgn demo service-type tunnel v6rd !© 2011 Cisco and/or its affiliates. All rights reserved. 54 54
  55. 55. Thank you.
  56. 56. IPv4 Internet IPv6 Internet CGSE IPv4 Server IPv6 Server CRS-1/ CRS-3 IPv4 Client IPv6 Client •  An IPv6 network to IPv4 Internet & vice-versa •  IPv6 network to IPv4 network & vice-versa© 2011 Cisco and/or its affiliates. All rights reserved. 56 5
  57. 57. IPv4 Network IPv6 Network OSPFv2 / OSPFv3/IS- CGSE IS-IS/BGP IS/BGP R1 CRS-1/ R2 IPv4 Client/ IPv6 Client/ Server CRS-3 Server •  An IPv6 network to IPv4 Internet & vice-versa •  OSPFv2/IS-IS between CGSE & R1 •  OSPFv3/IS-IS between CGSE & R2© 2011 Cisco and/or its affiliates. All rights reserved. 57 5
  58. 58. IPv4 Network IPv6 Network Active CGSE ebgp CGSE R1 R2 IPv6 IPv4 Client/ Client/ Server Standb Server y •  An IPv6 network to IPv4 Internet & vice-versa •  Subscriber traffic follows best IP path. •  Static routes to IPv4 /IPv6 destination with metric assigned for Serviceapp interfaces •  Same NSP Prefix for both CGSEs© 2011 Cisco and/or its affiliates. All rights reserved. 58 5
  59. 59. IPv4 Network IPv6 Network CGSE Active ebgp R1 R2 CGSE IPv4 Client/ IPv6 Client/ Server Server Standby •  An IPv6 network to IPv4 Internet & vice-versa •  Subscriber traffic follows best IP path. •  Same NSP prefix needs to be configured, since it is stateless synchronization is not required.© 2011 Cisco and/or its affiliates. All rights reserved. 59 5
  60. 60. IPv4 Network IPv6 Network CGSE CGSE Active/Standby ebgp R1 R2 CGSE CGSE IPv4 Client/ IPv6 Client/ Server Server Active/Standby •  An IPv6 network to IPv4 Internet & vice-versa •  Subscriber traffic follows best IP path. •  Same NSP prefix needs to be configured, since it is stateless synchronization is not required.© 2011 Cisco and/or its affiliates. All rights reserved. 60 6

×