Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Summit 16: IPv6 in DT's TeraStream


Published on

With TeraStream, Deutsche Telekom builds a drastically simplified IP end to end architecture. As part of TeraStream, network I/O optimized datacenters were tightly integrated with the IP infrastructure – the Infrastructure Cloud. As TeraStream is an IPv6-only network where IPv4 is delivered as a service, produced in the Infrastructure Cloud, the Infrastructure Cloud also needs to support IPv6 natively. This presentation covers DT's early experience out of the TeraStream pilots in Croatia and Germany, as well as an overview on the solution we are currently implementing.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Summit 16: IPv6 in DT's TeraStream

  1. 1. IPv6 in Terastream Axel Clauberg, @aclauberg
  2. 2. Building a new network, Do we still need aNY of that? 8-MAR-2016© Deutsche Telekom AG, 2016 2 MPLS ATM SDH OTN PPPoE MPLSFRR MPLS-TE GMPLS IPv4 MPLS-TP
  3. 3. END TO END OPTIMIZATION The Power of IPv6 8-MAR-2016 3© Deutsche Telekom AG, 2016 Customer Access Aggregation R1 R2 Core Service Production Peering IP&Optical Infrastructure Cloud Infrastructure Cloud Mobile Ethernet xDSL FTTH IPv6 IPv4 Lightweight4o6 -Softwire IPv4 Non-IP– MEF OAM Keyed IPv6 tunnel
  4. 4. INFRASTRUCTURE CLOUD NETWORK FUNCTION CLOUDIFICATION 4 Network Services (DNS, DHCP) vBRAS Apps Content IMS Mobile Core & Services Self- Provisioning Softwire IPv4 Business VPN Services Video Network I/O Optimized Full Automation 8-MAR-2016© Deutsche Telekom AG, 2016
  5. 5. TERASTREAM PILOT HRVATSKI TELEKOM – DEC 2012 8-MAR-2016 5© Deutsche Telekom AG, 2016
  6. 6. TERASTREAM PILOT GERMANY – SEP 2014 8-MAR-2016 6© Deutsche Telekom AG, 2016
  7. 7. SERVICE DIFFERENTIATION BASED ON ADDRESSES USING IPv6 ADDRESS SPACE AS LABELS 7 Provider User - Host User Subnet 56 8 64 Network Structure bits ServicebitsRegistry/IANAassigned P Public 0=SP-intern, 1=extern I Infrastructure 0=end user, 1=infrastructure packet E Endpoint/Service 0=endpoint, 1=service SSS Service Type 0=res, 1=internet, 4=video, 5=L2, 6=voice, 7=mgmt M 0=fixed, 1=mobile endpoint Examples: Source Destination PIESSS PIESSS ------------------------------------------------------------------------------- User -> IMS 000110 011110 IMS -> User 011110 000110 User -> User (best effort) X00001 X00001 User -> Internet (best effort)100001 XXXXXX Internet -> User (best effort)XXXXXX 100001 Lan-Lan service 010101 010101 © Deutsche Telekom AG, 2016 8-MAR-2016
  8. 8. IPv4 AS A SERVICE – LIGHTWEIGHT 4o6 SOFTWIRES 8-MAR-2016 8© Deutsche Telekom AG, 2016 R1 R2 Home Network v4 host v4 Internet v6 Infrastructur e Cloud v4 IPv4 in IPv6 Softwire Tunnel lwB4 (Port restricted NAPT44) CPE or other device lwAFTR Performs ingress routing based on DSTv4 ADDR+DSTL4 port
  9. 9. Initial approach • The Croatian pilot started using OpenStack Folsom, later Grizzly. • The German pilot started using IceHouse. • Running IPv6-only meant: Dirty Hacks required Not all OpenStack services could use IPv6 for communication between themselves. IPv6 address assignment to virtual machines was nearly impossible in combination with L2 plugin. Many things didn’t work properly. IPv6 only environment was not possible since VMs cannot be bootstrapped with nova- metadata server since there is only IPv4 defined for nova-metadata server (aka TeraStream specific network layout (each VLAN on each port on each machine would have different IPv6 subnet) cannot be supported. Security features (IPaddress anti-spoofingetc.) were not working properly using TeraStream network design and Neutron L2 plugin. Unable to configure multiple IPv6 addressesfor VMs, including proper routes • Hacks lead straight to difficulties in maintaining the environment… 8-MAR-2016 9© Deutsche Telekom AG, 2016
  10. 10. Which parts would be solved in Mitaka today? • OpenStack services are now able to work in IPv6 only environment,although some hick-ups are expected. • IPv6 address assignment to VMs should generally work, but unfortunatelyonly some ways of IPv6 (auto)configuration are possible. • IPv6 only VMs still cannot use nova-metadata server • Neutron now has IPAM plugin, so TeraStream specific network setup should be feasible (since Kilo/Liberty). • Security features should generally work (IPaddress anti-spoofing etc.) and should support flexible network setup (as TeraStream network design),if used with Neutron IPAM plugin. • Still unable to configure multiple IPv6 addresses for VMs, including properroutes 8-MAR-2016 10© Deutsche Telekom AG, 2016
  11. 11. How did we solve our problem? • The TeraStream services did not require a full blown OpenStack Only build for Router-like functions, running in an exposed host domain • We moved to a Container and KVM-based approach, optimizedaround the Snabb Switch, integrated with our YANG-based Realtime Networkand Service Management. • Our production roll-out in our Pan-European network uses a different approach. 8-MAR-2016 11© Deutsche Telekom AG, 2016
  12. 12. Thank You !