More Related Content
Similar to IPv6 Transition Strategies
Similar to IPv6 Transition Strategies (20)
More from Cisco Russia (20)
IPv6 Transition Strategies
- 1. Cisco Expo
2012
Варианты практической
реализации стратегии
миграции к IPv6
Mustafa Bayramov
Consulting System Engineer
24/10/2012
© 2011 Cisco and/or its affiliates. All rights reserved. 1
- 2. Приз за знания
Принимайте активное участие в Cisco Expo и получите в
подарок Linksys E900.
Как получить подарок:
• внимательно слушать лекции по технологиям Cisco
• посещать демонстрации, включенные в основную программу
• пройти тесты на проверку знаний
Тесты будут открыты:
с 15:00 25 октября по 16:30 26 октября
www.ceq.com.ua
© 2011 Cisco and/or its affiliates. All rights reserved. 2
- 3. Objective
• Understand Cisco’s IPv6 Transition solution – CGv6
• Understand CGv6 solution components.
• Understand how we can preserve IPv4 address space and in parallel
start transition to IPv6.
• Understand what technologies available to transition to IPv6.
• At the end of session you should be able to deploy Carrier Grade
NAT. : )
© 2011 Cisco and/or its affiliates. All rights reserved. 3
- 4. Agenda
• CGv6 Overview
• CGv6 Solution Component
• Carrier Grade NAT
• Transition Technology Overview
• Tunneling Technology Overview
© 2011 Cisco and/or its affiliates. All rights reserved. 4
- 5. CGv6 overview
• CGv6 is a Cisco’s IPv6 Transition solution for Service provider
• CGv6 Components
Hardware
CRS CGSE, ASR 9000 ISM, ASR 1000
Features
• Translation (NAT44, NAT64 Stateless/Stateful CGSE)
• Tunneling (6rd, ds-lite, 6PE/6VPE)
http://www.cisco.com/go/cgv6/
© 2011 Cisco and/or its affiliates. All rights reserved. 5
5
- 6. CGv6 Technologies
Today Private IP 6-over-4 Transitional 4-over-6 All IPv6
CGN(NAT44) 6rd, GRE, Dual stack DS-Lite
IPv6inIPv4,
6PE/6VPE
XLAT(AFT)
Prosper
Prepare
Preserve
= IPv4 = Private IP = IPv6
© 2011 Cisco and/or its affiliates. All rights reserved. 6
6
- 7. Carrier Grade Services Engine (CGSE)
An engine for Carrier Class SP Services: CGv6, CCN, NPS,
DDoS, etc
• CGv6: Translation (NAT44, NAT64),
Tunneling (6rd, DS-Lite, 4rd)
• 20+ million active translations
• 100s of thousands of subscribers
• 1+ million connections per second
Cisco CGSE • 20Gb/s of throughput per CGSE
• Builds upon the proven performance of the Cisco
CRS platform
• High-capacity, carrier-class SP platform with
Cisco IOS-XR
Cisco CRS
© 2011 Cisco and/or its affiliates. All rights reserved. 7
7
- 8. CGSE Overview
• CGv6 function resides on CGSE PLIM
• Paired with CRS-MSC-40G-B, CRS-MSC-20G-B, CRS-MSC and
FP-40 ( R4.1.1 Onwards),
• Does not Support Pairing with MSC-140, or FP-140
• No external interfaces
• Four 16-core Octeon MIPs CPUs, 64 CPU cores
• Standard interface to MSC, 20 Gbps of throughput (per CGSE)
• IOS XR on MSC, Linux on Octeon CPUs
© 2011 Cisco and/or its affiliates. All rights reserved. 8
8
- 9. CGSE PLIM and IPv6 Transition Services (CGv6)
• Hardware
CGv6 function resides on CGSE PLIM
Quad Octeon multiprocessor architecture, 64 CPU cores
Standard interface to MSC, 2x10 Gbps full-duplex nominal
SVI
CGN and
Future IPv6
Apps run here
SVI
Software
– IOS-XR on MSC, Linux on Octeon CPUs
– Leverages XR App SVI to divert packets to/from CGN function
– Leverages Vector Packet Path (VPP) for NAT application
– Integrated configuration & management via IOS XR
© 2011 Cisco and/or its affiliates. All rights reserved. 9
- 10. Carrier-Grade Services Engine
• CGSE Apps attached to
one or more routing spaces
via Service Virtual CRS CGSE/Linux
Interfaces (SVI) IOS-XR
• SVI packet diversion
employs IP routing RP APP1 APP2
• Advantages of this
approach
• Per-VRF and interface
VRF1
separation
• Standard routing techniques
for packet diversion
VRF2/
• Easy service bypass Global SVI’s
• ECMP load sharing Global
Routing Space
• Per-SVI and APP OAM
Global
• Scale and resiliency
© 2011 Cisco and/or its affiliates. All rights reserved. 10
- 11. ISM Application and Router Domains
Application IOS-XR Router
Domain Domain
• Linux Based • IOS-XR
• Multi-Purpose Compute • Control Plane
Resource • Data Forwarding
• Used for CDS • L3, L2 (management)
Application with On- • IRB
board Modular Flash • Hardware Management
Storage
• Used for Translation
Setup and Logging of
CGN Applications
Decoupling Application and IOS-XR
Plane delivers
Highly Scalable and Flexible Services
© 2011 Cisco and/or its affiliates. All rights reserved. 11
- 13. ISM Overview
Per Blade (ISM) Limits
CGN instance supported 1
Number of service infra 1
Number of service app 244 (per system)
Maximum IP pool supported /16
Max Static Port forwarding 6K
Max number of NAT users 256 K
Number of NAT44 Translations 20 Million connections
Throughput (In2Out + Out2in) 10 Gbps (I-MIX with 4 ServiceApp)
Throughput (In2out / Out2In) 2.5Gbps (per ServiceApp)
NAT44 Session setup rate 1 Million connection / second
© 2011 Cisco and/or its affiliates. All rights reserved. 13
- 14. NAT44 (CGSE) vs NAT44 (ISM)
Parameter CGSE behavior ISM behavior
NAT44 CLIs Same Same
Uses SVI Yes Yes
Throughput 20 Gbps (I2O + O2I) 10 Gbps (I2O + O2I)
Max. # of sessions 20M 20M
Session setup rate 1M/sec ~ 1M/sec (TBD)
© 2011 Cisco and/or its affiliates. All rights reserved. 14
- 15. CGN - Deployment options
Distributed Centralized
Home Home
CGN CGN
Public IP Private IP
Private IP Private IP
Addressed Home Addressed Home
• Meshes well with Distributed BNG • Backhaul of NAT customers
• Smaller Throughput Requirement • Larger Throughput Requirement
• Less Emphasis on Redundancy • Emphasis on Redundancy
• Less Emphasis on Load-Balancing • Emphasis on Load-Balancing
• Less CGN Spend per Node • More CGN Spend per Node
© 2011 Cisco and/or its affiliates. All rights reserved. 15
- 16. © 2011 Cisco and/or its affiliates. All rights reserved. 16
- 17. Bring Up the CGSE board
Control connection to CGSE are via the One ServiceInfra Interface & IPv4 address of local
significance.
Configure the Serviceinfra Interface and associate with the CGSE location
router(config)#
interface ServiceInfra1
ipv4 address 3.1.1.2 255.255.255.252
service-location 0/0/CPU0
commit
Specify the service role ( cgn ) for the given CGSE location
router(config)#
hw-module service cgn location 0/0/CPU0
commit
You need to reload the card. It may take ~15min
router#
hw-module location 0/0/CPU0 reload
WARNING: This will take the requested node out of service.
Do you wish to continue?[confirm(y/n)] y
© 2011 Cisco and/or its affiliates. All rights reserved. 17 17
- 18. CGSE Booting Process
XR Service/ CGN Pie not installed
RUN
Service/ CGN Pie installed without Role
config
XR
RUN Takes Master Octeon out of Reset
Sends Doorbell to indicate bootloader
MBI- downloaded (Successful Uboot)
BOOT XR<3.8.0
rommon≤1.48 Linux Download will start and boot
params
CGSE-TILE Linux launch happens on master octeon
NO
BOOTING which downloads linux on Slave
CGSE-TILE Linux UP Doorbell , App image gets
OK downloaded via TFTP and launched
Plim Services process monitors various stages and
packaged with comp-hfr-mini.vm.
3 Retries after which card will put into Failed State
© 2011 Cisco and/or its affiliates. All rights reserved. 18
- 19. Service interface Configuration
• Service Instance is the highest level configuration structure
Represents the CGSE card or primary/backup CGSE pair
Common redundancy model is 1:1 warm standby
1 ServiceInfra interface per Service Instance – control path
service cgn demo-1
service-location preferred-active 0/X/CPU0 preferred-standby 0/
Y/CPU0
“Service-Type-Specific Instance” is the child structure
Includes specific configuration for apps running within Service Instance
Service Types (NAT44, Stateless OR Stateful NAT64, DS-Lite & 6rd BR)
service cgn demo-1
service-type nat64 stateless nat64-1
(SL-NAT64 specific config)
service-type nat44 nat44-1
(NAT44 specific config)
service-type tunnel v6rd 6rd-1
(6rd specific config)
© 2011 Cisco and/or its affiliates. All rights reserved. 19
1
- 20. ServiceApp Interfaces
Logical interfaces/paths between CGSE apps and rest of router
• Treated like regular interfaces from a routing standpoint
SvcApps will go down if CGSE goes down
Can be used to signal availability of CGSE (advertise SvcApp into IGP)
NAT applications will use local static routing to steer traffic into
CGSE
• Routing example from NAT44
Default route to CGSE in Inside VRF
ServiceApp is configured with 80.1.1.1/24
Traffic routed to other addresses on 80.1.1.0/24 go to CGSE
Static routes can use interface name, next hop, or both
router static
vrf CGSE-Inside
interface ServiceApp1 address-family ipv4 unicast
vrf CGSE-Inside (option A) 0.0.0.0/0 ServiceApp1
ipv4 address 80.1.1.1/24 (option B) 0.0.0.0/0 80.1.1.2
service cgn demo service-type nat44
(option C) 0.0.0.0/0 ServiceApp1
80.1.1.2
© 2011 Cisco and/or its affiliates. All rights reserved. 20
2
- 21. © 2011 Cisco and/or its affiliates. All rights reserved. 21
- 22. • “..A NAT or NAPT device used by many subscribers, where 'many'
would be on the order of dozens to hundreds of thousands of
subscribers. This might NAT between any combination of IPv4 and
IPv6..”*
• SP-class Performance and Scale
O(tens of millions) of NAT44 translation states (e.g. sessions)
O(10Gb/sec) Performance
• Support standard NAT Behaviors
RFC4787, RFC5382, RFC5508
• Ability to bypass (route around the NAT)
• Ability to log NAT44 bindings
• Ability to limit the number of sessions per private IPv4 source
© 2011 Cisco and/or its affiliates. All rights reserved. 22
- 23. CGN NAT44: One Strategy for Dealing with the IPv4 Address
Run-Out Problem
Customers SP Network Public Internet
IPv4
IPv4public Public IPv4
IPv4 Internet
IPv4 router
Carrier Grade
NAT
IPv4
(NOT)-IPv4public Public IPv4
IPv4 Internet
IPv4 router = public IPv4
= NOT public IPv4
© 2011 Cisco and/or its affiliates. All rights reserved. 23
- 24. Public IPv4 exhaustion with NAT444
Residential Access Aggregation Edge Core
IP/MPLS
CGN NAT44
NAT44
Private IPv4 Private IPv4 (SP Assigned
(Subs.) domain) Public
IPv4
NAT44 very likely to be used on RGW (Private IPv4192.168.0.0)
Private IPv4 used on RGW WAN interface (Unique per RGW, e.g. 10.0.0.0)
RGW NAT44 + CGN NAT44 = NAT444 solution
CGN NAT44 multiplexes several customers onto the same public IPv4 address
CGN NAT44 can be introduced in a centralized or distributed fashion*
© 2011 Cisco and/or its affiliates. All rights reserved. 24
- 25. NAT444 Prons and Cons
Pros Cons
• ISPs can reclaim global IPv4 • SP NAT results in margin &
addresses from customers, competitive implications
replacing with non-routable
• Does not solve address
private addresses and NAT
exhaust problem in the long
• Addresses immediate IPv4 term
exhaust problem
• Sharing IPv4 addresses could
• No change to subscriber CPE
have user behavioral and
liability implications
• No IPv4 re-addressing in home
• User control over NAT
• Dense utilization of Public IP
address/port combinations
© 2011 Cisco and/or its affiliates. All rights reserved. 25
- 26. © 2011 Cisco and/or its affiliates. All rights reserved. 26
- 27. ASR 9000 and CRS-1/3 with CGSE : Separated VRF
Approach
Dest 0.0.0.0/0 -> AppSVI1 Dest NAT Pool-> AppSVI2
Inside Outside
VRF VRF
Private IPv4 Interface
CGSE Interface
Public IPv4
Subscribers VLAN App Int App int VLAN
VLAN
Inside Outside
Entry1 10.12.0.29:334 100.0.0.221:18808
Entry2 10.12.0.29:856 100.0.0.221:40582
Entry.. … …
• VRFs to Separate the Private and Public Routing Table.
• Interfaces are associated with a VRF.
• ServiceAPP interfaces are used to send packets to/from CGSE
© 2011 Cisco and/or its affiliates. All rights reserved. 27
- 28. Outside IP address Selection
• Upon receipt of the first Flow per Inside source address, CGN attempts to
choose an Outside address that has at least 1/3 of its ports free – all
subsequent Flows from that Inside source will use the same Outside address.
This selection is limited to the Outside IP addresses available to the CPU core
making the decision, i.e. for a /24 of Outside space assigned to the CGN card,
each CPU core will have 64 addresses from which to choose.
• If no Outside address has 1/3 of the ports free, then an Outside address is
randomly chosen from those available. If that Outside address is completely
exhausted, then a random selection is made from the remaining addresses,
repeated until an address is chosen or it is determined that none are available
(which results in an ICMP error message).
• Upon selection, CGN creates an Address binding (state) between the Inside and
Outside address, which will persist as long as there are any Flows using that
binding.
© 2011 Cisco and/or its affiliates. All rights reserved. 28
- 29. Port Selection
• ISM chooses a port randomly from the list of available (unused) ports
associated with the chosen Outside IP address. The first 1024 ports are
reserved (not available for allocation). Each port is allocated once,
regardless of which L4 protocol (UDP, TCP) is being used in the Flow.
• If the randomly chosen port is already being used, the selection
increments (around a ring) until an available port is found; if none are
available then an ICMP error message is sent.
• If the Inside source already has a number of Flows equal to the
configured per-user limit, then the allocation is rejected and an ICMP
message is returned.
• CGN creates a Translation binding (state) between Inside source IP
address: port and Outside source IP address: port for the Flow
© 2011 Cisco and/or its affiliates. All rights reserved. 29
- 30. Carrier Grade NAT ( NAT44 ) Implementation Details
• ISM and CGSE NAT44 implementation is compliant to these NAT
Behavior RFCs, RFC4787 for UDP, RFC5382 for TCP and RFC5508 for
ICMP and the Behavior described in
http://tools.ietf.org/html/draft-nishitani-cgn-04
• Endpoint Independent Mapping (RFC4787 and RFC5382)
• Endpoint Independent Filtering (RFC4787 and RFC5382)
• Paired IP address assignment (RFC4787 and RFC5382)
• Port Parity assignment for UDP (RFC4787)
• Hair-pining
• 1:1 Mapping
© 2011 Cisco and/or its affiliates. All rights reserved. 30
- 31. NAT44 Service-Type-Specific Instances
• 1 NAT44 Instance per CGN (per primary/backup card pair)
• Scaling via multiple pools & VRFs within the NAT44 instance
• Outside VRF can be default or “named”, inside must be “named” VRF
• Each Inside VRF maps to one Outside VRF
• Multiple Inside VRFs can map to same Outside VRF
Inside VRF Outside VRF service cgn cgn1
service-type nat44 nat44-1
inside-vrf nat44-Inside-1
Inside 1 Outside 1
map outside-vrf Outside address-pool
1.1.0.0/16
Inside 2
inside-vrf nat44-Inside-2
map address-pool 2.0.0.0/16
Inside 3 Default inside-vrf nat44-Inside-3
map address-pool 2.1.0.0/26
Inside 4 inside-vrf nat44-Inside-4
map address-pool 2.2.18.0/24
© 2011 Cisco and/or its affiliates. All rights reserved. 31
3
- 32. NAT44 Deployment Notes
• Separated VRF model – inside & outside of NAT in different VRFs
Outside may be default VRF, Inside must be named VRF
Multiple inside VRFs may map to same outside VRF
• LB in same chassis (CRS uses 3 Tuple Algo, doesn’t help for NAT since same
flow should go to same CGSE)
• Use ABF to split traffic.
• Src based bypassing (Need ABF)
• Retrieving NAT Statistics NAT44
Inside-Red Default
• IOS-XR CLI IPv4 Only
• Netflow v9 NAT44
Inside-Red
• XML
• ANA (Check support)
NAT44
Inside-Blue
• SNMP
NAT44 NAT44
• ENTITY MIB ,CISCO-ENTITY-FRUCONTROL-MIB, Inside- Outside
Orange -Green
CISCO-ENTITY-SENSOR-MIB.
• No CGN Mib Support
Max Pool per CGSE /16
Max Subscribers 1 Million Per CGSE
© 2011 Cisco and/or its affiliates. All rights reserved. 32
3
- 33. © 2011 Cisco and/or its affiliates. All rights reserved. 33
- 34. IPv4/IPv6 Translation Scenarios ?
IPv4
Network
IPv4
Internet
Which are possible?
Portion:SUFFIX
IPv6
IPv6
Network
Internet
• Connecting an IPv6 network to IPv4 Internet
• Connecting the IPv6 internet to IPv4 network
© 2011 Cisco and/or its affiliates. All rights reserved. 34
- 35. Stateful and Stateless IPv4/IPv6 Translation
• Stateful (NAT64 usually refers to stateful v6/v4 translation)
Each flow creates state in the translator
[2001:DB8:1]:1500 <--> 203.0.113.1:2000
Amount of state based on O(# of translations)
N:1 mappings (like NAPT)
draft-ietf-behave-v6v4-xlate-stateful
• Stateless
Flow DOES NOT create any state in the translator
Algorithmic operation performed on packet headers
1:1 mappings (one IPv4 address used for an IPv6 host)*
draft-ietf-behave-v6v4-xlate
© 2011 Cisco and/or its affiliates. All rights reserved. 35
- 36. Stateless NAT64
• Enables communication between IPv4 & IPv6 hosts
Performs packet translation between address families
• Green-field (brand new) network wants to deploy IPv6 only
Doesn't’t need to acquire IPv4 addresses
Simplicity of managing IPv6 only network
• Needs to access servers on the IPv4 Internet
• Sessions will be initiated by IPv6 clients
• Algorithmic mapping of addresses (no state maintained)
• NAT64 translates IP & L4 header
• A specific range of IPv6 addresses represents the v4 space
This range is called the Network Specific Prefix (NSP)
© 2011 Cisco and/or its affiliates. All rights reserved. 36
3
- 37. NAT64 Stateless Translation
Example without ubits-reserve
• No state maintained
Algorithmic address translation between IPv4 and IPv6
Network Specific Prefix Mapped Address Suffix
192.168.0.1 C0,A8,00,01 2001:0DB8:00C0:A800:0100:0000::
IPv4 Decimal IPv4 Hex IPv6
Highly Scalable
Supports both IPv4 initiated and IPv6 initiated sessions
IPv6 nodes need translatable addresses, IPv4 cannot reach all IPv6
Difference in address space size
1 to 1 mapping between v4 address and v6 address
Does not conserve IPv4 address space
Translates IP, TCP, UDP, & ICMP - L4 ports are copied
© 2011 Cisco and/or its affiliates. All rights reserved. 37
- 38. DNS64
• Required when using NAT64 with IPv6-only end-hosts.
• Synthesizes AAAA records when not present
With IPv6 prefix of NAT64 translator
DNS64 Internet
IPv6-only host
AAAA?
AAAA?
(sent simultaneously) Empty answer
A?
192.0.2.1
2001:DB8:ABCD::192.0.2.1
© 2011 Cisco and/or its affiliates. All rights reserved. 38
- 39. From behave framework draft
stateful stateless
1. IPv6 IPv4
Network
Internet
2. IPv4 IPv6
Internet Network
3. IPv6 IPv4
Internet Network
4. IPv4 IPv6
Network Internet
IPv4
5. IPv6
Network Network
IPv4 IPv6
6. Network Network
© 2011 Cisco and/or its affiliates. All rights reserved. 39
- 40. • Simple configuration
Set parameters required by draft
Configure ServiceApps
Optional Parameters
Required Configuration
service cgn cgn1
service-location preferred-active 0/3/CPU0
service-type nat64 stateless xlat1
Required Configuration ipv6-prefix 2001:db8::/32
address-family ipv4
router static interface ServiceApp4
address-family ipv6 unicast !
2001:db8::/32 ServiceApp6 address-family ipv6
interface ServiceApp6
!
router static interface ServiceApp4
address-family ipv4 unicast ipv4 address 2.0.0.1 255.255.255.0
100.2.0.0/16 serviceApp4 service cgn cgn1 service-type nat64
stateless
!
interface ServiceApp6
ipv6 address 2001:db8:fe00::1/40
service cgn cgn1 service-type nat64
stateless
© 2011 Cisco and/or its affiliates. All rights reserved. 40
4
- 41. © 2011 Cisco and/or its affiliates. All rights reserved. 41
- 42. Tunnelling
IPv6 in IPv4 – Why?
Deployment of fully native IPv6 affects numerous system
components, aka “touch points” NMS/Addressing
AAA/DHCP • IPv6 Parameters
• DHCPv6
IPv6 IPv4
L2
RG Access
Node BNG
User RG Access Node Aggregation Aggregation Core
• OS v6 Stack • IPv6 LAN • DHCPv6 snooping • ICMPv6 snooping • IPv6 Stack • IPv6 Routing
• IPv6 WAN • ICMPv6 snooping • IPv6 NMS • IPv6 PE/VPE
• IPv6 NMS • IPv6 Routing
• IPv6 NMS
• IPv6 NMS
• IPv6 Security
Some are more challenging or deferrable than others Eg IPv6
upgrade of Access Node
Tunneling IPv6 over existing IPv4 infrastructure provides a transition
solution with minimal number of “touch points”
© 2011 Cisco and/or its affiliates. All rights reserved. 42
4
- 43. 6to4 Tunnelling
Key building block for later tunnel schemes
IPv6 Network
• Automatic tunnels via address mapping
• 6in4 encapsulation (next protocol = 41) 2002:Hex(A.B.C.D)::/48"
• IPv6 addresses from 2002:IPv4::/48
Used to create 6to4 address
space for this site
A.B.C.D!Public IPv4 address!
6to4 Relay Anycast address "
192.88.99.1
Global IPv6 adress
2001:db8::1/64"
© 2011 Cisco and/or its affiliates. All rights reserved. 43
- 44. 6to4 Tunneling
Key building block for later tunnel schemes
• Automatic IPv6 over IPv4 tunnels (no static config for tunnel endpoints)
• Provides connections between IPv6 hosts (not between v4 & v6)
• Utilizes Relay Routers to terminate tunnels
• 2002::/16 address space is assigned to 6to4
• Advertised into local IPv6 network as /16
• IPv4 addresses are mapped into next 32 bits
• Requires one globally unique IPv4 address per site
2002! IPv4 address
! SLA! Interface ID
/16
! /48
! /64
!
© 2011 Cisco and/or its affiliates. All rights reserved. 44
- 45. 6rd in a Nutshell
• Like 6PE, delivers Production-Quality IPv6 by only touching edge
points around your network
• Capitalizes on what access networks do well, provisioning and
transport of IPv4, adapted for carrying IPv6
• Stateless operation, easy to provision, low overhead
• Proven deployment, in production already with N x Gb/s of traffic
• (Thanks to Youtube over IPv6 )
• Stateless so no need symmetrical packet flow
• draft-ietf-softwire-ipv6-6rd-10.txt accepted as an RFC
(RFC5969).
© 2011 Cisco and/or its affiliates. All rights reserved. 45
- 46. 6rd (IPv6 Rapid Deployment) Private IPv4 Address
Uses Provider’s IPv6 Address Space Public IPv4 Address
IPv6 Address
NAT44
(CGN/LSN)
IPv4 Internet
Private IPv4 NAT44
Private or existing IPv4
CPE
IPv6
6rd CE
Encap/ IPv6
Decap 6rd BR
Provide IPv6 through existing IPv4 network (Dual stack core is not necessary)
End to End “Stateless” “Automatic” Tunnel similar to 6to4 (RFC3056)
No DHCPv6, Neighbor Discovery, etc. to deploy in access network
IPv6 addressing automatically created from IPv4 addressing, synced with IPv4 lease
6rd Border Relay (6rd BR, used to be called 6rd Gateway) provides access to IPv6 Internet
IPv6-in-IPv4 encap and decap function on 6rd CE (old name RG)
draft-ietf-softwire-ipv6-6rd (with DHCP/NAT extensions)
© 2011 Cisco and/or its affiliates. All rights reserved. 46
- 47. 6rd: IPv6 via IPv4 using 6rd
Residential Access Aggregation Edge Core
IP/MPLS
IPv4/v6 IPv4 IPv4/v6
Introduction of two Components: 6rd CE (Customer Edge) and 6rd BR (Border Relay)
Automatic Prefix Delegation on 6rd CE
Simple, stateless, automatic IPv6-in-IPv4 encap and decap functions on 6rd (CE & BR)
IPv6 traffic automatically follows IPv4 Routing
6rd BRs addressed with IPv4 anycast for load-balancing and resiliency
Native, Dual-Stack IPv4/IPv6 service from subscriber perspective
© 2011 Cisco and/or its affiliates. All rights reserved. 47
- 48. 6rd and 6to4 IPv6 Prefix example
ISP
IPv6
Prefix
+
(op/onal)
Domain
ID
/56
prefix
for
subscriber
6rd 2001:ABC 0 0000:01 Subnet-ID
(<= 16) Interface ID
0 28 32 56 64
/28 is an example, can
vary based on site private
subscriber’s
IPv4
address
(<=32)
prefix allocation
(i.e.,
drop
the
“10”
of
10.x.x.x
and
insert
the
remaining
24
bits)
/48
prefix
for
subscriber
6to4
Prefix
6to4 2002 6400:0001 SLA Interface ID
0 16 48 64
32
bits
of
public
IPv4
address(100.0.0.1)
© 2011 Cisco and/or its affiliates. All rights reserved. 48
- 49. Solving exhaustion while introducing IPv6
Residential Access Aggregation Edge Core
Logging
IP/MPLS
NAT44
CGN NAT44
6rd CE Private IPv4 packets
NAT44
6rd BR
6rd CE
6rd
Packets
NAT44 on RGW with Private IPv4 on both LAN and WAN side and CGN NAT44 introduced
to deal with exhaustion
6rd CE works in combination with private IPv4 (Private IPv4 on WAN used in Delegated
prefix construct)
Common, centralized vehicle to jointly handle NAT444 and 6rd BR components
© 2011 Cisco and/or its affiliates. All rights reserved. 49
- 51. How can we create more subnets?
Use a shorter 6rd Prefix
Use V4 Mask Length to skip common parts of the IPv4 address
6rd Prefix = 2001:ABC0 RG IPv4 Address = 9.1.10.7
4 bits =
6rd Prefix Length = 28 16 subnets V4 Mask Length = 0
2001:ABC0 0901:0A07 S Interface ID
28 bits 32 bits 64 bits
6rd Prefix = 2001:ABC0 RG IPv4 Address =X
9.1.10.7
4 bits +
6rd Prefix Length = 28 8 bits V4 Mask Length = 8
2001:ABC 01:0A07 Subnet Interface ID
28 bits 24 bits 64 bits
© 2011 Cisco and/or its affiliates. All rights reserved. 51
- 52. Anycast Address for BR IPv4 IPv6
Peers Peers
IPv4 IPv6
Peers Peers Peer
PE PE
Peer
IPv4
ONLY MPLS/IPv4
Access PE P
PE P Core
Dual Stack
Multiple BR addresses can be used
But, 6rd is stateless
Access Packets can go to any BR
Dual Stack Access Option to use anycast for redundancy
Customers Network All BRs can receive packets on same address
© 2011 Cisco and/or its affiliates. All rights reserved. 52
- 53. 6rd vs 6to4
Attribute
6rd
6to4
IPv6 Address
SP’s IPv6 Address 2002::/16
Prefix
IPv6 Address Excellent, it is an ISP It is “6to4” and everybody
“Reputation”
IPv6 Prefix
knows that
SP-managed service
Yes
No
Always Route thru Yes (SP-managed BR)
Maybe (Anycast Relay)
SP’s network
Private IPv4 support
Yes
No
Border Relay Support
(ASR1k, ASR 9000 Supported (IOS)
CRS-1/3)
CE Support
(ASR1k, IOS and Supported (IOS)
Linksys)
Doc
draft-ietf-softwire- RFC3056
ipv6-6rd
© 2011 Cisco and/or its affiliates. All rights reserved. 53
- 54. CRS 6rd & ServiceApp Config
service cgn demo
service-type tunnel v6rd 6RD
br
ipv6-prefix 2001:420:81::/56
source-address 10.12.0.254 router static
ipv4 prefix length 24 vrf InsidePrivate
ipv4 suffix length 0 address-family ipv4 unicast
10.12.0.254/32 vrf default ServiceApp3 172.16.3.2
unicast address 2001:420:81:fe::1
!
address-family ipv4
interface ServiceApp3
!
address-family ipv6
interface ServiceApp4
!
interface ServiceApp3
ipv4 address 172.16.3.1 255.255.255.0
service cgn demo service-type tunnel v6rd
!
interface ServiceApp4
ipv6 address 2001:db8::1/64
service cgn demo service-type tunnel v6rd
!
© 2011 Cisco and/or its affiliates. All rights reserved. 54
54
- 56. IPv4 Internet
IPv6 Internet
CGSE
IPv4 Server IPv6 Server
CRS-1/
CRS-3
IPv4 Client IPv6 Client
• An IPv6 network to IPv4 Internet & vice-versa
• IPv6 network to IPv4 network & vice-versa
© 2011 Cisco and/or its affiliates. All rights reserved. 56
5
- 57. IPv4 Network IPv6 Network
OSPFv2 / OSPFv3/IS-
CGSE
IS-IS/BGP IS/BGP
R1 CRS-1/ R2
IPv4 Client/ IPv6 Client/
Server CRS-3 Server
• An IPv6 network to IPv4 Internet & vice-versa
• OSPFv2/IS-IS between CGSE & R1
• OSPFv3/IS-IS between CGSE & R2
© 2011 Cisco and/or its affiliates. All rights reserved. 57
5
- 58. IPv4 Network IPv6 Network
Active
CGSE
ebgp
CGSE
R1 R2 IPv6
IPv4
Client/ Client/
Server Standb Server
y
• An IPv6 network to IPv4 Internet & vice-versa
• Subscriber traffic follows best IP path.
• Static routes to IPv4 /IPv6 destination with metric assigned for Serviceapp
interfaces
• Same NSP Prefix for both CGSEs
© 2011 Cisco and/or its affiliates. All rights reserved. 58
5
- 59. IPv4 Network IPv6 Network
CGSE
Active ebgp
R1 R2
CGSE
IPv4 Client/ IPv6 Client/
Server Server
Standby
• An IPv6 network to IPv4 Internet & vice-versa
• Subscriber traffic follows best IP path.
• Same NSP prefix needs to be configured, since it is stateless synchronization
is not required.
© 2011 Cisco and/or its affiliates. All rights reserved. 59
5
- 60. IPv4 Network IPv6 Network
CGSE
CGSE
Active/Standby
ebgp
R1 R2
CGSE
CGSE
IPv4 Client/ IPv6 Client/
Server Server
Active/Standby
• An IPv6 network to IPv4 Internet & vice-versa
• Subscriber traffic follows best IP path.
• Same NSP prefix needs to be configured, since it is stateless synchronization
is not required.
© 2011 Cisco and/or its affiliates. All rights reserved. 60
6