Your SlideShare is downloading. ×
Network Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Network Utility Force IPv6 NAT64 Presentation for North American IPv6 Summit

631
views

Published on

Service Provider and Enterprise #IPv6 Demo and Deployment Scenarios

Service Provider and Enterprise #IPv6 Demo and Deployment Scenarios

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
631
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Started with a mission to provide superior customer service and to be the industry true innovatorLeader in Application Networking Optimize the networks of web giants, enterprises and service providersGoing forward, we will focus primarily on AX, functionalities of EX and ID will be moved to the AX platformDue to all of you here today, A10 grew significantly, we have over 400 talented employees, 15 international branch offices, customers in 35 countries
  • Making ipv6 practical
  • IPv6 is increasing, networks must be ready.Each solution has its own pros & cons
  • During the live presentation I didn’t explain this well. If you note line 38, an “EPRT” request was made to an IPv6 address, but without the FTP ALG enabled, the connection fails (packets 39-48)
  • Here, the ALG is enabled, you can see the EPRT requests a connection with an IPv6 address (see next slide)
  • And here you can see that the connection was successful on IPv4 side of the NAT64 using an IPv4 address.
  • Transcript

    • 1. NAT64Demonstration DeploymentRMv6TF 2013Demo network was available during the livepresentationNotes have been added to slides 30-32 to clarify FTPissues.1Network Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only
    • 2. Agenda• Introduction• Problem Statement• NAT64 Concepts• Demo Setup• NAT64 Experience• ConclusionNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 2
    • 3. Core Values and BeliefsNetwork Utility Force believes that, above and beyond ourexperience, it’s our values that drive our success in bothbusiness and life. As such, NUF has adopted a system of CoreValues & Beliefs that we live by:• We respect the individual, and believe that individuals who are treated with respect and given responsibilityrespond by giving their best.• We require complete honesty and integrity in everything we do.• We make commitments with care, and then live up to them. In all things, we do what we say we are going to do.• Work is an important part of life, and it should be fun. Being a good business person does not mean being stuffyand boring.• We are frugal. We guard and conserve the companys resources with at least the same vigilance that we would useto guard and conserve our own personal resources.• We insist on giving our best effort in everything we undertake.• Furthermore, we see a huge difference between "good mistakes" (best effort, bad result) and "bad mistakes"(sloppiness or lack of effort).• Clarity in understanding our mission, our goals, and what we expect from each other is critical to our success.• We are believers in the Golden Rule. In all our dealings we will strive to be friendly and courteous, as well as fairand compassionate.• We feel a sense of urgency on any matters related to our customers. We own problems and we are alwaysresponsive. We are customer driven.Permission to use these values granted by their creator, Charles Brewer of MindSpring.Network Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 3
    • 4. INTRODUCTIONNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 4
    • 5. NUF Tenets• Our reputation is EVERYTHING, without it, we areworthless– We will ALWAYS advise our clients on what we believeis the right answer for them without exception• Vendor neutral – The right tool for the right job– Cisco, Juniper, Brocade, HP, Huawei, A10, Dell(Force10), Extreme, Vyatta, ADVA, Arista, Alcatel, etc.,etc• No hardware sales, 100% professional services• No geographical boundaries, we go where we areneededNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 5
    • 6. Who is NUF?• Founded in December of 2011• 6 principal consultants/owners• Numerous specialist contractors• Example experience– Recently highlighted by local news for deployment ofcommunity wifi network sponsored by Google– Consulting for Ethiopia TLD– Netrail, MindSpring, Comcast, Internap, numerous smallservice providers– ARIN, NANOG, IETF participation• IPv6 training, architecture, deployment and addressmanagementNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 6
    • 7. OverviewLeader in ApplicationNetworking Profitable withconsistent growthFounded Q4/2004Lee Chen, Founder ofFoundry & CentillionNetworksFlagship ProductAX Series Platform500+ employeesCustomers in over 35 countries
    • 8. PROBLEM STATEMENTNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net ©2012, Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 8
    • 9. Problem StatementI have run out of IPv4 addresses and need tofind a way to provide Internet access to myclients. My core network supports IPv6, butthere are many IPv4-only resources my clientsneed to reach. I want to go with IPv6 because Iwant to future-proof my internal network,however I understand I need connectivity toIPv4 resources for quite some time.Network Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 9
    • 10. IPv4 Exhaustion and IPv6Migration Solutions• No standardcompatibility• Differentrequirements– Home– Enterprise– ServiceProvider• “IPv4 LegacyNetworks”
    • 11. Transition Mechanisms• Dual Stack – All network links and hosts haveboth IPv4 and IPv6 addressing, all traffic isnative to its protocol• Dual Stack – Lite (DS-Lite) – Allow distributionnetwork (including CPE) to have ONLY IPv6addressing.• NAT64 – Translate IPv6 into IPv4 and viceversa.• 6rd – Carry IPv6 across an IPv4-only network.Network Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 11
    • 12. Protocol Translations• May prefer to use IPv6-IPv4 protocol translation for:– new kinds of Internet devices (e.g., cell phones, cars, appliances)– benefits of shedding IPv4 stack (e.g., serverless autoconfig)• Simple extension to NAT techniques, to translate headerformat as well as addresses– IPv6 nodes behind a translator get full IPv6 functionality when talking toother IPv6 nodes located anywhere– Get the normal (i.e., degraded) NAT functionality when talking to IPv4devices– Drawback : minimal gain over IPv4/IPv4 NAT approach– Drawback : no support for legacy IPv4-only devicesNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 12
    • 13. NAT64 CONCEPTSNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 13
    • 14. NAT64 and DNS64• Provides stateful translation between IPv6 and IPv4traffic when that traffic is initiated by an IPv6-onlynode– NAT64 translates IPv6 and IPv4 traffic– DNS64 maps IPv6-only address record (AAAA) DNS queriesto IPv4 address record (A) queries• Makes it possible for IPv6-only nodes to initiatecommunications with IPv4-only nodes with nochanges to the IPv6-only node and the IPv4-onlynodeNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 14
    • 15. NAT64• No host or CPE support necessary• No IPv4 address at all required on the CPE orhost to access IPv4 resources (compare withDS-Lite which requires RFC1918 addresses)• Host gets only an IPv6 address• NAT44 issues for IPv4 traffic still applyincluding session start from behind the NAT toestablish state and ALGs are necessary formany protocolsNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 15
    • 16. NAT64 cont’d• Workstation (which has only IPv6) requests communicationwith a IPv4-only site (www.example.com)– It asks for a AAAA record since it is IPv6 only• DNS server (DNS64) first tries a AAAA query. If one exists, itis passed to the client and the client communicates withthe site via IPv6. If no AAAA record exists, the DNS64functionality will translate an A record into a AAAA.– To translate, the DNS64 server must know the prefix in use inthe network for NAT64• Can be assigned by administrator• Can use well-known prefix 64:ff9b::/96– When using a /96, simply concatenate the IPv4 address on theend (more complex rules available for shorter prefixes, seeRFC6052)Network Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 16
    • 17. NAT64 cont’d• The workstation, having received a AAAA forwww.example.com initiates a TCP session with thatIPv6 address• The NAT64 device has the IPv6 prefix just discussedrouted to it (could be OSPF, BGP, etc.)• The NAT64 device recognizes that this address is anencapsulated IPv4 address– Adds NAT state if necessary– Strips the prefix to find the IPv4 destination address– Translates other parts of the header– Sends packet to IPv4 host using a source IPv4 address froma local poolNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 17
    • 18. DEMO SETUPNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 18
    • 19. Demo TopologyNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net ©2013, Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 19WifiNetworkSSID:Nat64NUFA10 AX3530NAT64DNS64RMv6TFNetworkUnix serverDHCPv62001:428:3804:64::/64No IPv42001:428:3804::/6410.2.0.70 (upstreamNAT 63.156.186.246)
    • 20. A10 Config BitsInside configNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net ©2013, Network Utility Force LLC Company confidential information, transmittal to third parties by prior permission only 20Configure NAT poolsConfigure NAT using the well-known prefix
    • 21. A10 Config BitsNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Company confidential information, transmittal to third parties by prior permission only 21
    • 22. Demo SetupJoin the network using SSID: Nat64NUFNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 22
    • 23. NAT64 EXPERIENCENetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 23
    • 24. What works?• Nearly everything– A10’s implementation was solid, no signs of bugsor performance problems– Operating systems: Windows, MacOS, Linux– Nearly all classic IP protocols:POP, IMAP, SSH, Telnet, Standard web stuff, SMTP– Many chat protocols: Google talk, FaceBook chat– Entertainment: Pandora webclient, Netflix, YouTube, HuluNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 24
    • 25. IOS is WeirdNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Company confidential information, transmittal to third parties by prior permission only 25We appear to be connected
    • 26. IOS is WeirdNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Company confidential information, transmittal to third parties by prior permission only 26Seems to be stuck in the process of connecting…
    • 27. IOS is WeirdNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net ©2013, Network Utility Force LLC Company confidential information, transmittal to third parties by prior permission only 27But look, it worked!
    • 28. Whois broken??Network Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net ©2013, Network Utility Force LLC Company confidential information, transmittal to third parties by prior permission only 28
    • 29. Whois• A few whois attempts later, everything wasworking• Does it depend on if the AAAA or A recordcomes back first?Network Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Company confidential information, transmittal to third parties by prior permission only 29
    • 30. FTP before ALGNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 30
    • 31. FTP with ALG, OutsideNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 31
    • 32. FTP with ALG, InsideNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net ©2013, Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 32
    • 33. What doesn’t work?• All Android based devices we tried did notfunction– We suspect that Android performs an IPv4connectivity specific test and reject networks thatdoesn’t have IPv4– We also suspect that Android will not considerDNS over IPv6 transportNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 33
    • 34. AOL Instant MessengerWon’t connect to the server, why?Network Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 34
    • 35. SkypeAlso won’t connect to the Skype networkNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net ©2013, Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 35
    • 36. CONCLUSIONNetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net ©2013, Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 36
    • 37. NAT64 is good• Works for most apps• Most of the non-working apps seemreasonably fixable• Very good vendor support from A10Network Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 37
    • 38. Thanks!!Network Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Company confidential information, transmittal to third parties by prior permission only 38
    • 39. Q and ANetwork Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2012,Network Utility Force LLC Companyconfidential information, transmittal to third parties by prior permission only 39
    • 40. Network Utility Force LLC, 15 Wieuca Trace Northeast, Atlanta, Georgia, 30342 -- +1-404-635-6667 -- sales@netuf.net © 2013,Network Utility Force LLC Company confidential information, transmittal to third parties by prior permission only 40Download the presentation here:Brandon Ross – Chief Network Architect – Network Utility Force – bross@netuf.netErik Muller – Network Architect – Network Utility Force – em@netuf.netRené Paap - Technical Marketing Engineer – A10 network – rpaap@a10networks.com