More Related Content
Similar to 2011 TWNIC SP IPv6 Transition
Similar to 2011 TWNIC SP IPv6 Transition (20)
More from Johnson Liu (16)
2011 TWNIC SP IPv6 Transition
- 2. JUNIPER PERSPECTIVE ON IPV4
EXHAUSTION AND IPV6 DEPLOYMENT
2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 3. IPV4 REALITY CHECK:
IANA FREE POOL HAS EXHAUSTED
IANA exhaust: 2/1/2011
RIR exhaust: soon after
2008 recession effect
Pre 2008 recession
Post 2008 recession
0%
After completion:
Existing IPv4 addresses will not stop working.
Current networks will still operate.
3 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 4. IPV6 REALITY CHECK: THE IPV4 LONG TAIL
Post IPv4 allocation completion:
Many hosts & applications in customer residential networks (eg
Win 95/98/2000/XP, game consoles, consumer electronics,
industrial devices) are IPv4-only.
Most software & servers in enterprise network are IPv4-only
They will not function in an IPv6-only environment.
Few of those can or will upgrade to IPv6.
Content servers (web, email,…) are hosted on the Internet by
many different parties. It will take time to upgrade those to IPv6.
Current measurement:
0.15% of Alexa top 1-million web sites are available via IPv6
(This number has not changed in the last 12 months)
Source: http://ipv6monitor.comcast.net
4 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 5. IS IPV6 TAKING OFF?
A number of very large ISPs and very large content providers are
deploying IPv6 and various transition technologies now.
Still early in the adoption curve.
However, momentum is building.
Can’t be ignored.
IPv6 does not solve the immediate problem of IPv4 address exhaust.
Most sites are still accessible only through IPv4
Maintaining IPv4 service after IPv4 exhaustion is #1 priority for most
players.
This implies some form or another of IPv4 address sharing: NAT
Many transition technologies to choose from Impact on routing and
network architecture
5 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 6. IS IPV6 TAKING OFF?
On June 8, 2011, the “World IPv6 Day,” participants will
enable IPv6 on their main services for 24 hours
Facebook, Google and Yahoo, websites with more than one
billion combined visits each day, are joining major content
delivery networks Akamai and Limelight Networks, and the
Internet Society, for the first global-scale trial of the new Internet
Protocol, IPv6.
Juniper Networks will participate in "World IPv6 Day“, furthering
its long-standing commitment to ensure its customers continue
to be fully prepared for a transparent transition to the new IPv6
protocol to meet their respective market needs.
http://ipv6.juniper.net reachable over IPv6 since Jan. 8th
Commitment to participate to the IPv6 world day on June 8th
with http://www.juniper.net
6 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 7. INDUSTRY IPV6 SCORE CARD
Function Element Status
Network Core Router: T
Edge Routers: MX, 6PE
Servers Linux 2.6+
Datacenter equipments, CDN
End-user clients Windows 7
(Many XP boxes out there)
MacOS 10.x
Game consoles Wii, PS3, Xbox
Software Web Browser: Firefox, IE, Safari
Number
Skype 1&2
On-line PC games issues
SSL VPN
Content Web content available over IPv6
CE CPEs
7 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 9. WHAT ARE MY OPTIONS?
Dual-Stack Translators Tunnels
TCP/UDPv4 TCP/UDPv6 IPv6 IPv4 IPv6
IPv4 IPv6 IPv6 IPv4
IPv4 IPv6 IPv4
PHY/Data Link
IPv6/IPv4 co-existence on one IPv6 <-> IPv4 translation Initially tunnel IPv6 over IPv4.
device Later tunnel IPv4 over IPv6
Best-suited for the Core Solves the problem at the edge Ideal when Core is not v6 ready
Can be the ideal inflection Expected to co-exist with Dual- Requires v6-capable CPEs
point in the network stack for some time
Technologies:
DS-ready Core gives you Technologies 6to4
flexibility of options in the edge NAT444 6rd
DS Lite
Technologies: DS Lite + A+ P
Dual-stack routing NAT64
protocols (Core)
6PE (Core)
6VPE (Core)
9 Dual-stack capable Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CPEs (Access)
- 11. CORE: DUAL-STACK IT
Prepare the core as a dual-stack infrastructure
Interfaces
Implement IPv6 on the Core interfaces
Routing protocols
ISIS
– draft-ietf-isis-ipv6-02.txt, Routing IPv6 with IS-IS
– 2 new TLVs are defined:
- IPv6 Reachability (TLV type 236)
- IPv6 Interface Address (TLV type 232)
– IPv6 NLPID = 142
OSPFv3
– Unlike IS-IS, entirely new version required
– RFC 2740
– Fundamental OSPF mechanisms and algorithms unchanged
– Packet and LSA formats are different
11 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 12. CORE: DUAL-STACK IT
Routing protocols
BGP
– MBGP defined in RFC 2283
– Two BGP attributes defined:
- Multiprotocol Reachable NLRI advertises arbitrary Network Layer Routing
Information
- Multiprotocol Unreachable NLRI withdraws arbitrary Network Layer
Routing Information
- Address Family Identfier (AFI) specifies what NLRI is being carried (IPv6,
IP Multicast, L2VPN, L3VPN, IPX...)
- Use of MBGP extensions for IPv6 defined in RFC 2545
• IPv6 AFI = 2
- BGP TCP session can be over IPv4 or IPv6
- Advertised Next-Hop address must be global or site-local IPv6 address
12 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 13. CORE: 6PE
6PE: IPv6 islands over MPLS IPv4 core
v4
v6 6PE 6PE
P CORE P
v4
Dual-stack PEs
v6
P P
v4
6PE 6PE
MPLS/IPv4 v6
13 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 14. CORE: 6VPE
6VPE: IPv6 VPNs over MPLS IPv4 core
VPN-1 v6 VPN-2
v6/v4
6VPE 6VPE
VPN-2 P CORE P
v6
Dual-stack PEs
VPN-1 v6/v4
P P
VPN-2 v6
6VPE 6VPE
v6/v4
MPLS/IPv4
VPN-1
14 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 15. IPV6 CORE TRANSPORT
DUAL
STACK
Internet Internet Internet Internet Internet Internet
IPv4 IPv6 IPv4 IPv6 IPv4 IPv6
Internet Internet Internet Internet
IPv4 IPv6 IPv4 IPv6
BGP BGP
6PE
IP/MPLS IP/MPLS IP/MPLS
VPN VPN VPN VPN
IPv4 IPv6 IPv4 IPv6
BGP BGP
6VPE
IP/MPLS IP/MPLS IP/MPLS
15 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 17. TRANSITION QUADRANT IN 2009-2010
Deployed 6PE,6VPE, Dual stack
Juniper Participation
(co-author or Head of WG) 6to4
NAT444
6rd
DS-Lite
Momentum
Ipv4 Anti-Depletion
NAT-PT
A+P
IPv6 to IPv4 NAT NAT64
PCP
17 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 18. Dual Stack
Customer Access/Aggregation Core Global Public Network
IPV4/ IPV4/ IPv6
IPv6
IPv6 IPv4/
IPv6 IPv6
IPv4 IPv4
IPv4 IPv4 IPv4
18 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 19. NAT44
Customer Access/Aggregation Core Global Public Network
IPv4 IPv4
IPv4 IPv4 IPv4
IPv6 IPv6 IPv6
IPv6 IPv6
IPv4 IPv4
CPE
NAT44
IPv4 IPv4 IPv4
Private IPv4 Addressing Public IPv4 Addresing
19 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 20. NAT444
Customer Access/Aggregation Core Global Public Network
IPv4 IPv4
IPv4 IPv4 IPv4
IPv6 IPv6 IPv6
IPv6 IPv6
CGN
NAT444
IPv4 IPv4
CPE
NAT44
IPv4 IPv4 IPv4
Private IPv4 Addressing1 Private IPv4 Addressing2 Public IPv4 Addresing
20 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 21. Address Sharing Technologies
NAT444
(*1)
draft-shirasaki-nat444-isp-shared-addr-00.txt In draft-nishitani-cgn-01, CGN (Carrier-Grade
NAT) was renamed to LSN (Large Scale NAT)
RFC1918
private address ISP shared address Global IPv4 address
CPE CGN/LSN(*1)
NAPT NAPT
v4 v4 v4
Src 192.168.0.1 port 10000 Src ii.ii.ii.ii (*2) port 11000 Src 210.3.100.1 port 12000
Dst 128.0.0.1 port 80 Dst 128.0.0.1 port 80 Dst 128.0.0.1 port 80
(*2)
ISP shared address
(draft-shirasaki-isp-shared-addr)
21 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 22. DS-LITE
Customer Access/Aggregation Core Global Public Network
IPv4 IPv6
IPv6 IPv6/IPv4 IPv4
IPv6 IPv6 IPv6
IPv6 IPv6
CPE IPv6
DS-LITE Tunnel DS-LITE
+ CGN
IPv4 IPv4
IPv4 IPv4 IPv4
22 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 23. Address Sharing Technologies S-lite
DS-LITE (*1)
In draft-nishitani-cgn-01, CGN (Carrier-Grade
NAT) was renamed to LSN (Large Scale NAT)
rfc1918
IPv4 in IPv6 Tunnel Global IPv4 address
private address
CPE CGN/LSN(*1)
DS-lite router Tunnel Termination
NAPT
v4 v4 v6 v4
Src 192.168.0.1 port 10000 Src 2001:0:0:2::1 Src 129.0.0.1 port 12000
Dst 128.0.0.1 port 80 Dst 2001:0:0:1::1 Dst 128.0.0.1 port 80
Src 192.168.0.1 port 10000
Dst 128.0.0.1 port 80
23 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 24. TOPOLOGY – NAT64
Customer Access/Aggregation Core Global Public Network
IPv6 IPv6
IPv6 IPv6/IPv4 IPv4
DNS64
IPv6 IPv6 IPv6
IPv6 IPv6
NAT64
CGN
IPv4 IPv4
IPv4 IPv4 IPv4
24 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 25. Protocol Translation
NAT64
1. Look up Server
IPv6 Address
www.yahoo.net
DNS64 DNS
2. Return IPv6 server address
Prefix64::209.131.36.158 H1v4
3. Send traffic to to the server 5. Destination Address www.yahoo.net
NAT64
(SA:H1v6, DA:Prefix64::209.131.36.158) translated to IPv6 by removing 209.131.36.158
H1v6 the well-known prefix64
(SA:H1v4, DA:209.131.36.158)
4. IPv4 NAT pool and
Prefix64::/96
configured
25 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 26. 6RD
Customer Access/Aggregation Core Global Public Network
IPv6 IPv4
IPv4 IPv4/IPv6 IPv6
IPv6 IPv6 IPv6
IPv6 IPv6
6rd
CPE
6rd IPv4 IPv4
IPv4 IPv4 IPv4
26 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 27. Tunneling
6rd
draft-despres-6rd-03.txt
draft-townsley-ipv6-6rd-01.txt
IPv6 IPv6 in IPv4 Tunnel IPv6
6rd CE 6rd Gateway
v6 v6 v4 v6
Src 2001:db8:6464:0100::1 Src 10.100.100.1 Src 2001:db8:6464:0100::1
Dst 2001:db8::yyyy.yyyy Dst 192.88.99.1 Dst 2001:db8::yyyy.yyyy
Src 2001:db8:6464:0100::1
Dst 2001:db8::yyyy.yyyy
27 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 28. IPv6 TRANSITION MECHANISMS – SUMMARY
Customer Access/Aggregation Core Global Public Network
IPv4
CGN
IPv4 IPv4 NAT444 IPv4 IPv4
IPv6 IPv4 6rd IPv4/IPv6 IPv6
IPv6 in IPv4 Tunnel
IPv6
IPv6
IPv6 IPv6 Routing IPv6 IPv6
NAT64
IPv6 IPv6 CGN IPv6/IPv4 IPv4
DS-LITE
IPv4 IPv6 CGN IPv6/IPv4 IPv4
IPv4 in IPv6 Tunnel
28 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 29. EXAMPLES OF DIFFERENT REALITIES
WITHIN SERVICE PROVIDERS
29 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 30. CASE STUDY 1: INCUMBENT
Incumbent ISP in a mature market
Business has been growing a lot in the last couple years, but
growth has slowed down
Saturated market
ISP can reclaim address internally
Redesigning networks to get more address efficiency
More aggressively NATing wireless subscribers
As a consequence:
ISP does not see the urge to move to IPv6 right now.
Wait until technology mature
Synchronize IPv6 deployment with roll-out of next gen service
30 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 31. CASE STUDY 2: OLD/NEW ACCESS TECHNOLOGY
ISP offer two access technologies, a legacy one and a new one
Growth & ARPU is happening in the new technology, not the older
Deploying IPv6 in legacy environment might be costly
Strategy:
- Legacy World: Carrier Grade NAT (CGN) & 6rd
- New World: Public IPv4 & native IPv6(Dual Stack)
Issue: cost of replacing CPEs to support IPv6
With 6rd offered as an optional service, a service provider can
offload the cost of replacing CPEs in the old technology to the
end-users who want to be early adopters of IPv6
31 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 32. CASE STUDY 3: NEW CUSTOMERS, NEW NETWORKS
An ISP with an exhausted IPv4 address pool
ISP makes a clear distinction between current, existing
customers and post-exhaustion customers.
Build new IPv6-based networks for new customers.
IPv4 is a service overlayed on top of IPv6 with
DS-Lite (with or without a Carrier-Grade NAT)
Enabling customers to run their applications expecting incoming
connections (Eg: Set-Top box control, P2P):
PCP (Port Control Protocol) to open-up pin-holes on CGN
ISP offers new IPv6 CPEs to new customers.
32 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 33. CASE STUDY 4: MOBILE
The key issue is license cost :
Dual-Stack IPv6-only
(NAT44) (NAT64)
License cost 2G & 3G/3GPPr8 Two licenses:
(using separate PDP contexts for IPv4 & IPv6) 1 for IPv4 PDP 1 for IPv6
+ 1 for IPv6 PDP PDP
License cost LTE and 3G/3GPPr9 1 for IPv4/IPv6 1 for IPv6
(using a combined PDP context for IPv4&IPv6) PDP/bearer PDP/bearer
Preferred
Going IPv6-only + NAT64 works ONLY if all applications are converted
to IPv6 and there is no connectivity to external devices such as PCs.
Dual-Stack remains the preferred/simplest general solution.
33 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 34. CASE STUDY 5: BUSINESS ISP
ISP has a corporate mandate to prepare for IPv6
Issue: ISP will have to support legacy IPv4 devices/apps
operated by their customers as well.
Reduce drastically (to just a few?) the number of
IPv4 addresses allocated to business customers.
NAT is performed by the business CPEs.
34 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 35. CASE STUDY 6: INTERNATIONAL ISP
ISP is incumbent is a region/country and want to expand
internationally. Need to offer IPv6 quickly.
6PE is a good way to jumpstart IPv6 global presence
ISP will have to migrate to native IPv6 at some point in the
future.
35 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 36. OBSERVATIONS ABOUT TRANSITION TECHNIQUES
All transition techniques (NAT444, 6RD, NAT64, DS-Lite)
revolve around the notion of sharing IPv4 addresses via
some form of NAT.
They all require the exact same amount of IPv4 addresses to be
shared in a NAT pool.
The difference is how packets are transported to the NAT
Sharing addresses among customers introduces issues:
Abuse/Logging/Geo-location/Access control
36 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 38. WIRELESS ARCHITECTURE 1: IPV6-ONLY
IPv6-only handset with IPv6 certified apps.
Traffic to IPv4 Internet goes through NAT64.
ISP network
GGSN NAT64 IPv4
IPv6-only PDP
context
DNS64 IPv6
38 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 39. WIRELESS ARCHITECTURE 2: DUAL-STACK
Dual-Stack handset with IPv4 or dual-stack apps.
IPv4 traffic to IPv4 Internet goes through NAT44.
IPv6 traffic goes straight to IPv6 Internet (or walled-garden service)
ISP network
GGSN NAT44 IPv4
Dual-Stack
PDP context
IPv6
3GPPr8 and 3GPPr9 introduce dual-stack PDP contexts.
39 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 40. IPV6 ONLY (NAT64) VS DUAL-STACK (NAT44 + IPV6)
ON WIRELESS NETWORKS
Dual-Stack IPv6-only
(NAT44) (NAT64)
IPv4 app on UE Yes No
IPv4 app on laptop Yes No
(tethering or wireless dongle)
Off-load to Wi-Fi Yes No
Handset-local Wi-Fi hot-spot Yes No
Roaming in IPv4-only 3G network Yes Variable
License cost 2G & 3G/3GPPr8 Two licenses: 1 for IPv6
(using separate PDP contexts 1 for IPv4 PDP PDP
for IPv4 & IPv6) + 1 for IPv6 PDP
License cost LTE and 3G/3GPPr9 1 for IPv4/IPv6 1 for IPv6
(using a combined PDP context PDP PDP
for IPv4&IPv6)
40 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 42. FAMILY MIGRATION SOLUTION PORTFOLIO
T1600 T640
STRM500 C2000, C Series
SRX3400
C4000
STRM5000 NEBS
MS-PIC
Steel-Belted Radius
STRM2500, Appliance
STRM5000 SRX3600,
MX960 Policy SRX3000 Line
log Server Management
MX480
MX240
NAT44 NAT64 DS-Lite 6rd …
MS-DPC
SRX5600,
SRX5000 Line
M320
M120
M10i MS-PIC
M7i
Junos SDK
SRX Series,
SRX5800
Packet based Router Security Appliance
42 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 43. IP FAMILY TRANSITION SERVICES ON MS-PIC/MS-DPC
IPv6 Features
IPv6 NAT and IPv6 Stateful Firewall
NAT-PT Supported (ICMP ALG)
NAT-PT DNS ALG (10.4) 6 MS-DPC supported by Single
NAT66 supported MX Chassis
NAT64 (10.4) 8 MS-DPC per Chassis(12.3 or
12.4)
NAT44
Support CGN requirement
(draft-ietf-behave-lsn-requirements-00)
IPv6 Softwire
DS-Lite (10.4)
4over6 (10.4)
6rd/6to4 (11.1)
43 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
- 44. Summary
44 Copyright © 2011 Juniper Networks, Inc. www.juniper.net