2011 TWNIC SP IPv6 Transition

2,920 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,920
On SlideShare
0
From Embeds
0
Number of Embeds
267
Actions
Shares
0
Downloads
176
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

2011 TWNIC SP IPv6 Transition

  1. 1. IPV6 TRANSITION STRATEGIESFOR SERVICE PROVIDERSJohnson Liu2011/09/30
  2. 2. JUNIPER PERSPECTIVE ON IPV4 EXHAUSTION AND IPV6 DEPLOYMENT2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  3. 3. IPV4 REALITY CHECK: IANA FREE POOL HAS EXHAUSTED IANA exhaust: 2/1/2011 RIR exhaust: soon after 2008 recession effect Pre 2008 recession Post 2008 recession 0% After completion: Existing IPv4 addresses will not stop working. Current networks will still operate.3 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  4. 4. IPV6 REALITY CHECK: THE IPV4 LONG TAILPost IPv4 allocation completion:  Many hosts & applications in customer residential networks (eg Win 95/98/2000/XP, game consoles, consumer electronics, industrial devices) are IPv4-only.  Most software & servers in enterprise network are IPv4-only  They will not function in an IPv6-only environment.  Few of those can or will upgrade to IPv6.  Content servers (web, email,…) are hosted on the Internet by many different parties. It will take time to upgrade those to IPv6. Current measurement: 0.15% of Alexa top 1-million web sites are available via IPv6 (This number has not changed in the last 12 months) Source: http://ipv6monitor.comcast.net4 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  5. 5. IS IPV6 TAKING OFF?A number of very large ISPs and very large content providers aredeploying IPv6 and various transition technologies now.  Still early in the adoption curve.  However, momentum is building.  Can’t be ignored.IPv6 does not solve the immediate problem of IPv4 address exhaust.  Most sites are still accessible only through IPv4  Maintaining IPv4 service after IPv4 exhaustion is #1 priority for most players.  This implies some form or another of IPv4 address sharing: NAT  Many transition technologies to choose from Impact on routing and network architecture5 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  6. 6. IS IPV6 TAKING OFF?On June 8, 2011, the “World IPv6 Day,” participants willenable IPv6 on their main services for 24 hours  Facebook, Google and Yahoo, websites with more than one billion combined visits each day, are joining major content delivery networks Akamai and Limelight Networks, and the Internet Society, for the first global-scale trial of the new Internet Protocol, IPv6.  Juniper Networks will participate in "World IPv6 Day“, furthering its long-standing commitment to ensure its customers continue to be fully prepared for a transparent transition to the new IPv6 protocol to meet their respective market needs.  http://ipv6.juniper.net reachable over IPv6 since Jan. 8th  Commitment to participate to the IPv6 world day on June 8th with http://www.juniper.net6 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  7. 7. INDUSTRY IPV6 SCORE CARD Function Element Status Network Core Router: T Edge Routers: MX, 6PE Servers Linux 2.6+ Datacenter equipments, CDN End-user clients Windows 7 (Many XP boxes out there) MacOS 10.x Game consoles Wii, PS3, Xbox Software Web Browser: Firefox, IE, Safari Number Skype 1&2 On-line PC games issues SSL VPN Content Web content available over IPv6 CE CPEs7 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  8. 8. SURVIVING TECHNIQUE8 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  9. 9. WHAT ARE MY OPTIONS? Dual-Stack Translators Tunnels TCP/UDPv4 TCP/UDPv6 IPv6 IPv4 IPv6 IPv4 IPv6 IPv6 IPv4 IPv4 IPv6 IPv4 PHY/Data Link IPv6/IPv4 co-existence on one IPv6 <-> IPv4 translation Initially tunnel IPv6 over IPv4. device Later tunnel IPv4 over IPv6  Best-suited for the Core  Solves the problem at the edge  Ideal when Core is not v6 ready  Can be the ideal inflection  Expected to co-exist with Dual-  Requires v6-capable CPEs point in the network stack for some time  Technologies:  DS-ready Core gives you Technologies  6to4 flexibility of options in the edge  NAT444  6rd  DS Lite  Technologies:  DS Lite + A+ P  Dual-stack routing  NAT64 protocols (Core)  6PE (Core)  6VPE (Core)9  Dual-stack capable Copyright © 2011 Juniper Networks, Inc. www.juniper.net CPEs (Access)
  10. 10. SERVICE PROVIDER INFRASTRUCTUREResidential Edge ISPs BNG CORE IPv6 IX Business Edge PEMobile Edge GGSN 10 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  11. 11. CORE: DUAL-STACK ITPrepare the core as a dual-stack infrastructureInterfaces  Implement IPv6 on the Core interfacesRouting protocols  ISIS – draft-ietf-isis-ipv6-02.txt, Routing IPv6 with IS-IS – 2 new TLVs are defined: - IPv6 Reachability (TLV type 236) - IPv6 Interface Address (TLV type 232) – IPv6 NLPID = 142  OSPFv3 – Unlike IS-IS, entirely new version required – RFC 2740 – Fundamental OSPF mechanisms and algorithms unchanged – Packet and LSA formats are different11 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  12. 12. CORE: DUAL-STACK ITRouting protocols  BGP – MBGP defined in RFC 2283 – Two BGP attributes defined: - Multiprotocol Reachable NLRI advertises arbitrary Network Layer Routing Information - Multiprotocol Unreachable NLRI withdraws arbitrary Network Layer Routing Information - Address Family Identfier (AFI) specifies what NLRI is being carried (IPv6, IP Multicast, L2VPN, L3VPN, IPX...) - Use of MBGP extensions for IPv6 defined in RFC 2545 • IPv6 AFI = 2 - BGP TCP session can be over IPv4 or IPv6 - Advertised Next-Hop address must be global or site-local IPv6 address12 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  13. 13. CORE: 6PE6PE: IPv6 islands over MPLS IPv4 core v4 v6 6PE 6PE P CORE P v4 Dual-stack PEs v6 P P v4 6PE 6PE MPLS/IPv4 v613 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  14. 14. CORE: 6VPE 6VPE: IPv6 VPNs over MPLS IPv4 coreVPN-1 v6 VPN-2 v6/v4 6VPE 6VPEVPN-2 P CORE P v6 Dual-stack PEs VPN-1 v6/v4 P P VPN-2 v6 6VPE 6VPE v6/v4 MPLS/IPv4 VPN-1 14 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  15. 15. IPV6 CORE TRANSPORTDUALSTACK Internet Internet Internet Internet Internet Internet IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 Internet Internet Internet Internet IPv4 IPv6 IPv4 IPv6 BGP BGP 6PE IP/MPLS IP/MPLS IP/MPLS VPN VPN VPN VPN IPv4 IPv6 IPv4 IPv6 BGP BGP 6VPE IP/MPLS IP/MPLS IP/MPLS15 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  16. 16. IPV6 TRANSITION16 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  17. 17. TRANSITION QUADRANT IN 2009-2010 Deployed 6PE,6VPE, Dual stackJuniper Participation(co-author or Head of WG) 6to4 NAT444 6rd DS-Lite Momentum Ipv4 Anti-Depletion NAT-PT A+P IPv6 to IPv4 NAT NAT64 PCP17 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  18. 18. Dual Stack Customer Access/Aggregation Core Global Public Network IPV4/ IPV4/ IPv6 IPv6 IPv6 IPv4/ IPv6 IPv6 IPv4 IPv4 IPv4 IPv4 IPv418 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  19. 19. NAT44 Customer Access/Aggregation Core Global Public Network IPv4 IPv4 IPv4 IPv4 IPv4 IPv6 IPv6 IPv6 IPv6 IPv6 IPv4 IPv4 CPE NAT44 IPv4 IPv4 IPv4Private IPv4 Addressing Public IPv4 Addresing19 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  20. 20. NAT444 Customer Access/Aggregation Core Global Public Network IPv4 IPv4 IPv4 IPv4 IPv4 IPv6 IPv6 IPv6 IPv6 IPv6 CGN NAT444 IPv4 IPv4 CPE NAT44 IPv4 IPv4 IPv4Private IPv4 Addressing1 Private IPv4 Addressing2 Public IPv4 Addresing20 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  21. 21. Address Sharing TechnologiesNAT444 (*1)draft-shirasaki-nat444-isp-shared-addr-00.txt In draft-nishitani-cgn-01, CGN (Carrier-Grade NAT) was renamed to LSN (Large Scale NAT) RFC1918 private address ISP shared address Global IPv4 address CPE CGN/LSN(*1) NAPT NAPT v4 v4 v4 Src 192.168.0.1 port 10000 Src ii.ii.ii.ii (*2) port 11000 Src 210.3.100.1 port 12000 Dst 128.0.0.1 port 80 Dst 128.0.0.1 port 80 Dst 128.0.0.1 port 80 (*2) ISP shared address (draft-shirasaki-isp-shared-addr)21 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  22. 22. DS-LITE Customer Access/Aggregation Core Global Public Network IPv4 IPv6 IPv6 IPv6/IPv4 IPv4 IPv6 IPv6 IPv6 IPv6 IPv6 CPE IPv6 DS-LITE Tunnel DS-LITE + CGN IPv4 IPv4 IPv4 IPv4 IPv422 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  23. 23. Address Sharing Technologies S-liteDS-LITE (*1) In draft-nishitani-cgn-01, CGN (Carrier-Grade NAT) was renamed to LSN (Large Scale NAT) rfc1918 IPv4 in IPv6 Tunnel Global IPv4 address private address CPE CGN/LSN(*1) DS-lite router Tunnel Termination NAPT v4 v4 v6 v4 Src 192.168.0.1 port 10000 Src 2001:0:0:2::1 Src 129.0.0.1 port 12000 Dst 128.0.0.1 port 80 Dst 2001:0:0:1::1 Dst 128.0.0.1 port 80 Src 192.168.0.1 port 10000 Dst 128.0.0.1 port 8023 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  24. 24. TOPOLOGY – NAT64 Customer Access/Aggregation Core Global Public Network IPv6 IPv6 IPv6 IPv6/IPv4 IPv4 DNS64 IPv6 IPv6 IPv6 IPv6 IPv6 NAT64 CGN IPv4 IPv4 IPv4 IPv4 IPv424 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  25. 25. Protocol TranslationNAT64 1. Look up Server IPv6 Address www.yahoo.net DNS64 DNS 2. Return IPv6 server address Prefix64::209.131.36.158 H1v4 3. Send traffic to to the server 5. Destination Address www.yahoo.net NAT64 (SA:H1v6, DA:Prefix64::209.131.36.158) translated to IPv6 by removing 209.131.36.158 H1v6 the well-known prefix64 (SA:H1v4, DA:209.131.36.158) 4. IPv4 NAT pool and Prefix64::/96 configured25 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  26. 26. 6RD Customer Access/Aggregation Core Global Public Network IPv6 IPv4 IPv4 IPv4/IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 6rd CPE 6rd IPv4 IPv4 IPv4 IPv4 IPv426 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  27. 27. Tunneling6rddraft-despres-6rd-03.txtdraft-townsley-ipv6-6rd-01.txt IPv6 IPv6 in IPv4 Tunnel IPv6 6rd CE 6rd Gateway v6 v6 v4 v6Src 2001:db8:6464:0100::1 Src 10.100.100.1 Src 2001:db8:6464:0100::1Dst 2001:db8::yyyy.yyyy Dst 192.88.99.1 Dst 2001:db8::yyyy.yyyy Src 2001:db8:6464:0100::1 Dst 2001:db8::yyyy.yyyy27 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  28. 28. IPv6 TRANSITION MECHANISMS – SUMMARY Customer Access/Aggregation Core Global Public Network IPv4 CGN IPv4 IPv4 NAT444 IPv4 IPv4 IPv6 IPv4 6rd IPv4/IPv6 IPv6 IPv6 in IPv4 Tunnel IPv6 IPv6 IPv6 IPv6 Routing IPv6 IPv6 NAT64 IPv6 IPv6 CGN IPv6/IPv4 IPv4 DS-LITE IPv4 IPv6 CGN IPv6/IPv4 IPv4 IPv4 in IPv6 Tunnel28 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  29. 29. EXAMPLES OF DIFFERENT REALITIES WITHIN SERVICE PROVIDERS29 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  30. 30. CASE STUDY 1: INCUMBENT Incumbent ISP in a mature market  Business has been growing a lot in the last couple years, but growth has slowed down  Saturated market ISP can reclaim address internally Redesigning networks to get more address efficiency More aggressively NATing wireless subscribers As a consequence:  ISP does not see the urge to move to IPv6 right now.  Wait until technology mature  Synchronize IPv6 deployment with roll-out of next gen service30 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  31. 31. CASE STUDY 2: OLD/NEW ACCESS TECHNOLOGY ISP offer two access technologies, a legacy one and a new one  Growth & ARPU is happening in the new technology, not the older  Deploying IPv6 in legacy environment might be costly Strategy: - Legacy World: Carrier Grade NAT (CGN) & 6rd - New World: Public IPv4 & native IPv6(Dual Stack) Issue: cost of replacing CPEs to support IPv6  With 6rd offered as an optional service, a service provider can offload the cost of replacing CPEs in the old technology to the end-users who want to be early adopters of IPv631 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  32. 32. CASE STUDY 3: NEW CUSTOMERS, NEW NETWORKS An ISP with an exhausted IPv4 address pool ISP makes a clear distinction between current, existing customers and post-exhaustion customers. Build new IPv6-based networks for new customers. IPv4 is a service overlayed on top of IPv6 with DS-Lite (with or without a Carrier-Grade NAT) Enabling customers to run their applications expecting incoming connections (Eg: Set-Top box control, P2P):  PCP (Port Control Protocol) to open-up pin-holes on CGN ISP offers new IPv6 CPEs to new customers.32 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  33. 33. CASE STUDY 4: MOBILE The key issue is license cost : Dual-Stack IPv6-only (NAT44) (NAT64) License cost 2G & 3G/3GPPr8 Two licenses: (using separate PDP contexts for IPv4 & IPv6) 1 for IPv4 PDP 1 for IPv6 + 1 for IPv6 PDP PDP License cost LTE and 3G/3GPPr9 1 for IPv4/IPv6 1 for IPv6 (using a combined PDP context for IPv4&IPv6) PDP/bearer PDP/bearer Preferred Going IPv6-only + NAT64 works ONLY if all applications are converted to IPv6 and there is no connectivity to external devices such as PCs. Dual-Stack remains the preferred/simplest general solution.33 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  34. 34. CASE STUDY 5: BUSINESS ISP ISP has a corporate mandate to prepare for IPv6 Issue: ISP will have to support legacy IPv4 devices/apps operated by their customers as well. Reduce drastically (to just a few?) the number of IPv4 addresses allocated to business customers. NAT is performed by the business CPEs.34 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  35. 35. CASE STUDY 6: INTERNATIONAL ISP ISP is incumbent is a region/country and want to expand internationally. Need to offer IPv6 quickly. 6PE is a good way to jumpstart IPv6 global presence ISP will have to migrate to native IPv6 at some point in the future.35 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  36. 36. OBSERVATIONS ABOUT TRANSITION TECHNIQUESAll transition techniques (NAT444, 6RD, NAT64, DS-Lite)revolve around the notion of sharing IPv4 addresses viasome form of NAT.They all require the exact same amount of IPv4 addresses to beshared in a NAT pool.  The difference is how packets are transported to the NATSharing addresses among customers introduces issues:  Abuse/Logging/Geo-location/Access control36 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  37. 37. TRANSITION FOR MOBILE SERVICE37 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  38. 38. WIRELESS ARCHITECTURE 1: IPV6-ONLYIPv6-only handset with IPv6 certified apps.Traffic to IPv4 Internet goes through NAT64. ISP network GGSN NAT64 IPv4 IPv6-only PDP context DNS64 IPv638 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  39. 39. WIRELESS ARCHITECTURE 2: DUAL-STACKDual-Stack handset with IPv4 or dual-stack apps.IPv4 traffic to IPv4 Internet goes through NAT44.IPv6 traffic goes straight to IPv6 Internet (or walled-garden service) ISP network GGSN NAT44 IPv4 Dual-Stack PDP context IPv6 3GPPr8 and 3GPPr9 introduce dual-stack PDP contexts.39 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  40. 40. IPV6 ONLY (NAT64) VS DUAL-STACK (NAT44 + IPV6)ON WIRELESS NETWORKS Dual-Stack IPv6-only (NAT44) (NAT64) IPv4 app on UE Yes No IPv4 app on laptop Yes No (tethering or wireless dongle) Off-load to Wi-Fi Yes No Handset-local Wi-Fi hot-spot Yes No Roaming in IPv4-only 3G network Yes Variable License cost 2G & 3G/3GPPr8 Two licenses: 1 for IPv6 (using separate PDP contexts 1 for IPv4 PDP PDP for IPv4 & IPv6) + 1 for IPv6 PDP License cost LTE and 3G/3GPPr9 1 for IPv4/IPv6 1 for IPv6 (using a combined PDP context PDP PDP for IPv4&IPv6)40 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  41. 41. JUNIPER’S OFFERING41 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  42. 42. FAMILY MIGRATION SOLUTION PORTFOLIO T1600 T640 STRM500 C2000, C Series SRX3400 C4000 STRM5000 NEBS MS-PIC Steel-Belted Radius STRM2500, Appliance STRM5000 SRX3600, MX960 Policy SRX3000 Line log Server Management MX480 MX240 NAT44 NAT64 DS-Lite 6rd … MS-DPC SRX5600, SRX5000 Line M320 M120 M10i MS-PIC M7i Junos SDK SRX Series, SRX5800 Packet based Router Security Appliance42 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  43. 43. IP FAMILY TRANSITION SERVICES ON MS-PIC/MS-DPCIPv6 Features  IPv6 NAT and IPv6 Stateful Firewall  NAT-PT Supported (ICMP ALG)  NAT-PT DNS ALG (10.4) 6 MS-DPC supported by Single  NAT66 supported MX Chassis  NAT64 (10.4) 8 MS-DPC per Chassis(12.3 or 12.4)NAT44  Support CGN requirement (draft-ietf-behave-lsn-requirements-00)IPv6 Softwire  DS-Lite (10.4)  4over6 (10.4)  6rd/6to4 (11.1)43 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
  44. 44. Summary44 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

×