1
A+P
6rd
DS-
lite
MAP
Alain Fiocco, Sr Director IPv6 HIP
Andrew Yourtchenko, Technical Leader, NOSTG
May 2013
2
RIPE ARIN AFRINI
C
LACNIC
IANA
Service Providers, Local Registry, Enterprises
http://ipv6.he.net/statistics/
APNIC
Last ...
3
IPv4 Access
Network
IPv4 Core
Subscriber
Network
NAT
IPv4 Carrier Grade NAT
NAT
IPv6 Access
Network
Dual Stack Core
Subs...
4
CGN
Sharing public IPv4 addresses
Makes the Internet Statefull ! … Really ?
IPv4
Performance ? End User Experience ?
Tro...
5
CGN
IPv6 – “Full Spectrum” Internet
Restoring End to End
IPv4
AAAA
A
IPv6 for growth,
IPv4 for legacy (with CGN == a nec...
6
IPv6 only network
Moving IPv4 to service layer
IPv4
AAAA
A
IPv6 for growth,
IPv4 as a service
DNS
IPv6 end to end
(50% o...
7
• IPv6 only access network
• Growing share of IPv6 reachable natively
Continue to promote “end to end” IPv6
• IPv4 legac...
8
0%
10%
20%
30%
40%
50%
60%
Y1 Y2 Y3 Y4 Y5 Y6
Y1 Y2 Y3 Y4 Y5 Y6
Connections (Thousands) 0 500000 2,500,000 5,000,000 8,00...
9
Subscribers Providers Internet
IPv6
IPv6
IPv6
IPv4
Private IPv4
Private IPv4
IPv6
Private IPv4
IPv6
IPv6
IPv6
IPv6-only ...
10
Subscribers Providers Internet
IPv6
IPv6
IPv6
IPv4
Private IPv4
Private IPv4
IPv6
Private IPv4
IPv6
IPv6
IPv6
IPv6-only...
11
Subscribers Providers Internet
IPv6
IPv6
IPv6
IPv4
Private IPv4
Private IPv4
IPv6
Private IPv4
IPv6
IPv6
IPv6
IPv6-only
12
13
10 000s hostroutes per BNG
100s IGP prefixes
10s BGP prefixes
1 000 000s of subscribers
:
1 000 000s of
DS-Lite or LW46...
14
1 000 000s of subscribers
:
10s of MAP Rules
and no CGN
10 000s hostroutes per BNG
100s IGP prefixes
10s BGP prefixes
15
① IPv6 to IPv4+Port Mapping
② Stateless Border Relay
③ Packet Flow and Forwarding
16
IPv6 Delegated Prefix (e.g., /X)
IPv4 Address Port
Interface IDSubnet-ID
64 (fixed)“EA Bits”
Y - X = a
01010101 111000
...
17
IPv6 Delegated Prefix (e.g., /56)
IPv4 Address Port
Interface IDSubnet-ID
64 (fixed)“EA Bits”
56-42 = 14
01010101 11100...
18
http://6lab.cisco.com/map
19
20
21
• Handle traffic to/from a given MAP domain
• Reachable via anycast, “built-in” load-balancing
• Each MAP rule is simil...
22
IPv4 + IPv6
IPv4 + IPv6
IPv4 + IPv6
Native IPv6 InfrastructureCE BR
MAP MAP
Ingress IPv4 Traffic
Egress IPv4 Traffic
• ...
23
Encap in
IPv6
Check
Mapping
NAPT 44
(w/ALGs)
MAP IPv4
Address and
Port to IPv6
Forward IPv4 Decap IPv6
Private IPv4
IPv...
24
Replace IPv4
Header with
IPv6 Header
Recreate
IPv4 Header
Decap IPv6
NAPT 44
(w/ALGs)
MAP IPv4
Address and
Port to IPv6...
25
IPv4
IPv6
Transport
Link
IPv4
Transport
Link
IPv4
Transport
Link
IPv6
Transport
Link
OR
IPv4
Native IPv6 Infrastructure...
26
IPv4
IPv6
Transport
Link
IPv6
Transport
Link
OR
IPv4
Native IPv6 InfrastructureCE BR
MAP MAP
MAP-E MAP-T
• The softwire...
27
• MAP-E will be a Standards Track RFC
http://tools.ietf.org/html/draft-ietf-softwire-map-07
• MAP-T, 4rd, etc. will be ...
Cisco Confidential 28© 2011 Cisco and/or its affiliates. All rights reserved.
29
• “The working applications had no need of a special configuration
to work.”
• Most of the applications work OK
• FTP a...
30
IPv6 MAP Testing
at Multi-Vendor Interoperability Test Event 2013
European Advanced Networking Test Center
31
Stateless counterpart to
DS-Lite
Designed to be used without
Carrier-Grade NAT
Cisco ASR1000, ASR9000 and
Cernet (CP...
32
• MAP does not route traffic through the ISM
Blade, yielding line rate performance.
• Using A9K-24x10G line cards = 240...
33
IPv6
IPv6
IPv4Private IPv4
IPv6
Private IPv4
IPv6
IPv6
IPv6-only
nat64 map-t domain 1
default-mapping-rule 2610:D0:1208...
34
• Linux (FC 11)
• OpenWRT Linksys 54GL
• TP-Link WR1043ND
• Source code
http://mapt.ivi2.org:8039/mapt.html
35
36
A+P
6rd
DS-
lite
MAP
• You must have deployed IPv6 to use
any of this!
• LW46 lighter than DS-Lite, both are
heavier th...
Thank you.
Upcoming SlideShare
Loading in …5
×

MAP - Solving IPv6 Deployment and IPv4 Address Exhaustion without Stateful CGN: CKN TechAdvantage Webinar

3,868 views
3,416 views

Published on

Technical overview of MAP (Mapping Address + Port) technology explaining MAP deployment scenarios, design alternatives, addressing plan, and configuration options.

Download the replay: http://www.cisco.com/go/semreg/urls/120609/1/000158945

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,868
On SlideShare
0
From Embeds
0
Number of Embeds
86
Actions
Shares
0
Downloads
123
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

MAP - Solving IPv6 Deployment and IPv4 Address Exhaustion without Stateful CGN: CKN TechAdvantage Webinar

  1. 1. 1 A+P 6rd DS- lite MAP Alain Fiocco, Sr Director IPv6 HIP Andrew Yourtchenko, Technical Leader, NOSTG May 2013
  2. 2. 2 RIPE ARIN AFRINI C LACNIC IANA Service Providers, Local Registry, Enterprises http://ipv6.he.net/statistics/ APNIC Last /8 policy
  3. 3. 3 IPv4 Access Network IPv4 Core Subscriber Network NAT IPv4 Carrier Grade NAT NAT IPv6 Access Network Dual Stack Core Subscriber Network CE IPv6-Only Subscriber 6↔4 Dual Stack Core + Access (ex: DOCSIS 3.0) Subscriber Network PE Dual Stack For more info see: http://www.cisco.com/go/cgv6 PE CE Subscriber Network v4 over v6 Dual Stack Core MAP,DS-Lite IPv6-Only Access Network NAT MAP xlat AFTR CE Dual Stack Core v6 over v4 Subscriber Network IPv6 Rapid Deployment 6rdorL2TP 6rd BR CE LNS 2-Today’s focus 6rd or Dual-stack access Residential IPv6 service 3-Prosper phase: IPv6 only Infrastructure, IPv4: Legacy Service 1-Enable Core • Dual-Stack core • MPLS/6(v)PE IPv6 Internet IPv4 Internet
  4. 4. 4 CGN Sharing public IPv4 addresses Makes the Internet Statefull ! … Really ? IPv4 Performance ? End User Experience ? Troubleshooting ? Security ? Location ? User Logging/data retention vs too much information ? Private IPv4 Session States {SIP@,DIP@,Sp,Dp}
  5. 5. 5 CGN IPv6 – “Full Spectrum” Internet Restoring End to End IPv4 AAAA A IPv6 for growth, IPv4 for legacy (with CGN == a necessary Evil) DNS IPv6 (50% of content today)
  6. 6. 6 IPv6 only network Moving IPv4 to service layer IPv4 AAAA A IPv6 for growth, IPv4 as a service DNS IPv6 end to end (50% of content today) IPv6 transport (legacy) IPv4 AFTR (DS-Lite) Or BR (MAP)
  7. 7. 7 • IPv6 only access network • Growing share of IPv6 reachable natively Continue to promote “end to end” IPv6 • IPv4 legacy content ? Option 0 => continue to promote IPv6 to WEB site Option 1: NAT64/DNS64 (exclude some apps) Option 2: IPv4 to end-user + share IPv4@ Fixed: MAP (Stateless) or DS-Lite (Statefull) Mobile: XLAT464 • Professional network (ex: Emergency Response) Specialized Users devices and mobile networks IPv6 only environment IPv6 Access Network Dual Stack Core Subscriber Network CE IPv6-Only Subscriber 6↔4
  8. 8. 8 0% 10% 20% 30% 40% 50% 60% Y1 Y2 Y3 Y4 Y5 Y6 Y1 Y2 Y3 Y4 Y5 Y6 Connections (Thousands) 0 500000 2,500,000 5,000,000 8,000,000 9,500,000 Peak BW/Subs (Mbits/sec) 0.15 0.22 0.3 0.4 0.5 0.6 IPv6 Content 30% 50% 70% 80% 90% 95% IPv6 Home Devices 80% 85% 88% 90% 91% 92% Avg Sessions/household 200 220 242 266 293 322 Based on ASR9K+ISM - MAP is switched in LC - DS-Lite require state/ISM
  9. 9. 9 Subscribers Providers Internet IPv6 IPv6 IPv6 IPv4 Private IPv4 Private IPv4 IPv6 Private IPv4 IPv6 IPv6 IPv6 IPv6-only AFTR
  10. 10. 10 Subscribers Providers Internet IPv6 IPv6 IPv6 IPv4 Private IPv4 Private IPv4 IPv6 Private IPv4 IPv6 IPv6 IPv6 IPv6-only AFTR
  11. 11. 11 Subscribers Providers Internet IPv6 IPv6 IPv6 IPv4 Private IPv4 Private IPv4 IPv6 Private IPv4 IPv6 IPv6 IPv6 IPv6-only
  12. 12. 12
  13. 13. 13 10 000s hostroutes per BNG 100s IGP prefixes 10s BGP prefixes 1 000 000s of subscribers : 1 000 000s of DS-Lite or LW46 Tunnel endpoints AFTR
  14. 14. 14 1 000 000s of subscribers : 10s of MAP Rules and no CGN 10 000s hostroutes per BNG 100s IGP prefixes 10s BGP prefixes
  15. 15. 15 ① IPv6 to IPv4+Port Mapping ② Stateless Border Relay ③ Packet Flow and Forwarding
  16. 16. 16 IPv6 Delegated Prefix (e.g., /X) IPv4 Address Port Interface IDSubnet-ID 64 (fixed)“EA Bits” Y - X = a 01010101 111000 /Y 2001:0DB8:00 /X Mapping Domain Prefix Size = X bits (provisioned) 0 /X > 0 XXXX 6+c 6 (fixed) 0 6 16 10-c 130.67.1 /Z IPv4 Prefix Z bits (provisioned) 0 /Z +01010101 111000 IPv4 Suffix 32 – Z = b a - b = c Port Set ID 32 +
  17. 17. 17 IPv6 Delegated Prefix (e.g., /56) IPv4 Address Port Interface IDSubnet-ID 64 (fixed)“EA Bits” 56-42 = 14 01010101 111000 /56 2001:0DB8:00 /42 Mapping Domain Prefix Size = 42 bits (provisioned) 0 42 > 0 XXXX 12 6 0 6 16 10-6 = 4 130.67.1 /24 IPv4 Prefix 24 bits (provisioned) 0 24 +01010101 111000 IPv4 Suffix 32-24 = 8 14-8 = 6 Port Set ID 32 26=64 port sets per IPv4 Address Ports 0-1023 skipped, each CPE gets 216/26 - 24 = 1008 ports For this Example… + One IPv4 /24 serves 2(6+8) ≈ 16,384 (vs.≈256) subscribers
  18. 18. 18 http://6lab.cisco.com/map
  19. 19. 19
  20. 20. 20
  21. 21. 21 • Handle traffic to/from a given MAP domain • Reachable via anycast, “built-in” load-balancing • Each MAP rule is similar to a single LW46 entry • but MAP rules allow for aggregation and LW46 entries do not • Can be processed inline with normal IP traffic
  22. 22. 22 IPv4 + IPv6 IPv4 + IPv6 IPv4 + IPv6 Native IPv6 InfrastructureCE BR MAP MAP Ingress IPv4 Traffic Egress IPv4 Traffic • IPv4 follows IPv6 routing within a domain (traffic destined to another subscriber does not traverse the BR) • All other traffic sent via anycast to any MAP BR • Forwarding is handled either by double translation (MAP-T) or encapsulation (MAP-E)
  23. 23. 23 Encap in IPv6 Check Mapping NAPT 44 (w/ALGs) MAP IPv4 Address and Port to IPv6 Forward IPv4 Decap IPv6 Private IPv4 IPv4 Internet
  24. 24. 24 Replace IPv4 Header with IPv6 Header Recreate IPv4 Header Decap IPv6 NAPT 44 (w/ALGs) MAP IPv4 Address and Port to IPv6 Private IPv4 Forward IPv4 IPv4 Internet
  25. 25. 25 IPv4 IPv6 Transport Link IPv4 Transport Link IPv4 Transport Link IPv6 Transport Link OR IPv4 Native IPv6 InfrastructureCE BR MAP MAP MAP-E MAP-T
  26. 26. 26 IPv4 IPv6 Transport Link IPv6 Transport Link OR IPv4 Native IPv6 InfrastructureCE BR MAP MAP MAP-E MAP-T • The softwires WG was for a very long-time wedged with entrenched parties on all sides of MAP-E vs. T • Encapsulation: Well-understood, simple, transparent, same as stateful dual- stack lite • Translation: Native IPv6 ACLs and DPI functionality not masked by IPv4 header. NAT64 code reuse. Feels like “Real IPv6.” • Arguments gravitate towards speculation about what future IPv6 deployments will require and what feature availability will be • Architecturally, both are still TUNNELING
  27. 27. 27 • MAP-E will be a Standards Track RFC http://tools.ietf.org/html/draft-ietf-softwire-map-07 • MAP-T, 4rd, etc. will be Experimental or Informational http://tools.ietf.org/html/draft-ietf-softwire-map-t-01 • LW46/Pubilc4over6 can be viewed as “special cases” of MAP • Goal: One unified standard for CPE vendors • Stretch Goal: One unified standard for BR/AFTR vendors
  28. 28. Cisco Confidential 28© 2011 Cisco and/or its affiliates. All rights reserved.
  29. 29. 29 • “The working applications had no need of a special configuration to work.” • Most of the applications work OK • FTP active mode does not work. • More info: http://tools.ietf.org/html/draft-cordeiro-experience-mapt-testing-00
  30. 30. 30 IPv6 MAP Testing at Multi-Vendor Interoperability Test Event 2013 European Advanced Networking Test Center
  31. 31. 31 Stateless counterpart to DS-Lite Designed to be used without Carrier-Grade NAT Cisco ASR1000, ASR9000 and Cernet (CPE) participated Successfully tested: Mapping of Address and Port with Encapsulation (MAP-E) Mapping of Address and Port using Translation (MAP-T)
  32. 32. 32 • MAP does not route traffic through the ISM Blade, yielding line rate performance. • Using A9K-24x10G line cards = 240 Gbps per slot! • 7 x 240 = 1.68 Tbps on a 9010 chassis. • DS-Lite routes traffic through the ISM Blade • 14Gbps per slot
  33. 33. 33 IPv6 IPv6 IPv4Private IPv4 IPv6 Private IPv4 IPv6 IPv6 IPv6-only nat64 map-t domain 1 default-mapping-rule 2610:D0:1208:CAFE::/64 basic-mapping-rule ipv6-prefix 2001:6F8:147E:1000::/52 ipv4-prefix 153.16.17.83/32 port-parameters share-ratio 16 2001:6F8:147E:1F00::/56 DHCPv6 MAP option(*) DHCPv6
  34. 34. 34 • Linux (FC 11) • OpenWRT Linksys 54GL • TP-Link WR1043ND • Source code http://mapt.ivi2.org:8039/mapt.html
  35. 35. 35
  36. 36. 36 A+P 6rd DS- lite MAP • You must have deployed IPv6 to use any of this! • LW46 lighter than DS-Lite, both are heavier than MAP • MAP works with no state and high performance
  37. 37. Thank you.

×