2011 TWNIC SP IPv6 Transition

IPV6 TRANSITION STRATEGIES
FOR SERVICE PROVIDERS

Johnson Liu
2011/09/30

JUNIPER PERSPECTIVE ON IPV4
EXHAUSTION AND IPV6 DEPLOYMENT
2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

IPV4 REALITY CHECK:
IANA FREE POOL HAS EXHAUSTED

IANA exhaust: 2/1/2011
RIR exhaust: soon after

2008 recession effect
Pre 2008 recession
Post 2008 recession

0%

After completion:
Existing IPv4 addresses will not stop working.
Current networks will still operate.

IPV6 REALITY CHECK: THE IPV4 LONG TAIL
Post IPv4 allocation completion:

 Many hosts & applications in customer residential networks (eg
Win 95/98/2000/XP, game consoles, consumer electronics,
industrial devices) are IPv4-only.
 Most software & servers in enterprise network are IPv4-only
 They will not function in an IPv6-only environment.
 Few of those can or will upgrade to IPv6.
 Content servers (web, email,…) are hosted on the Internet by
many different parties. It will take time to upgrade those to IPv6.

Current measurement:
0.15% of Alexa top 1-million web sites are available via IPv6
(This number has not changed in the last 12 months)
Source: http://ipv6monitor.comcast.net


IS IPV6 TAKING OFF?
A number of very large ISPs and very large content providers are
deploying IPv6 and various transition technologies now.
 Still early in the adoption curve.
 However, momentum is building.
 Can’t be ignored.

IPv6 does not solve the immediate problem of IPv4 address exhaust.
 Most sites are still accessible only through IPv4
 Maintaining IPv4 service after IPv4 exhaustion is #1 priority for most
players.
 This implies some form or another of IPv4 address sharing: NAT
 Many transition technologies to choose from Impact on routing and
network architecture


IS IPV6 TAKING OFF?
On June 8, 2011, the “World IPv6 Day,” participants will
enable IPv6 on their main services for 24 hours
 Facebook, Google and Yahoo, websites with more than one
billion combined visits each day, are joining major content
delivery networks Akamai and Limelight Networks, and the
Internet Society, for the first global-scale trial of the new Internet
Protocol, IPv6.

 Juniper Networks will participate in "World IPv6 Day“, furthering
its long-standing commitment to ensure its customers continue
to be fully prepared for a transparent transition to the new IPv6
protocol to meet their respective market needs.
 http://ipv6.juniper.net reachable over IPv6 since Jan. 8th
 Commitment to participate to the IPv6 world day on June 8th
with http://www.juniper.net


INDUSTRY IPV6 SCORE CARD
Function Element Status
Network Core Router: T

Edge Routers: MX, 6PE
Servers Linux 2.6+

Datacenter equipments, CDN
End-user clients Windows 7
(Many XP boxes out there)
MacOS 10.x
Game consoles Wii, PS3, Xbox
Software Web Browser: Firefox, IE, Safari
Number
Skype 1&2
On-line PC games issues
SSL VPN
Content Web content available over IPv6
CE CPEs

SURVIVING TECHNIQUE

WHAT ARE MY OPTIONS?
Dual-Stack Translators Tunnels

TCP/UDPv4 TCP/UDPv6 IPv6 IPv4 IPv6
IPv4 IPv6 IPv6 IPv4
IPv4 IPv6 IPv4
PHY/Data Link

IPv6/IPv4 co-existence on one IPv6 <-> IPv4 translation Initially tunnel IPv6 over IPv4.
device Later tunnel IPv4 over IPv6

 Best-suited for the Core  Solves the problem at the edge  Ideal when Core is not v6 ready

 Can be the ideal inflection  Expected to co-exist with Dual-  Requires v6-capable CPEs
point in the network stack for some time
 Technologies:
 DS-ready Core gives you Technologies  6to4
flexibility of options in the edge  NAT444  6rd
 DS Lite
 Technologies:  DS Lite + A+ P
 Dual-stack routing  NAT64
protocols (Core)
 6PE (Core)
 6VPE (Core)
9  Dual-stack capable Copyright © 2011 Juniper Networks, Inc. www.juniper.net
CPEs (Access)

SERVICE PROVIDER INFRASTRUCTURE
Residential Edge

ISPs

BNG CORE
IPv6 IX

Business Edge
PE
Mobile Edge

GGSN


CORE: DUAL-STACK IT
Prepare the core as a dual-stack infrastructure

Interfaces
 Implement IPv6 on the Core interfaces

Routing protocols
 ISIS
– draft-ietf-isis-ipv6-02.txt, Routing IPv6 with IS-IS
– 2 new TLVs are defined:
- IPv6 Reachability (TLV type 236)
- IPv6 Interface Address (TLV type 232)
– IPv6 NLPID = 142
 OSPFv3
– Unlike IS-IS, entirely new version required
– RFC 2740
– Fundamental OSPF mechanisms and algorithms unchanged
– Packet and LSA formats are different

CORE: DUAL-STACK IT
Routing protocols
 BGP
– MBGP defined in RFC 2283
– Two BGP attributes defined:
- Multiprotocol Reachable NLRI advertises arbitrary Network Layer Routing
Information
- Multiprotocol Unreachable NLRI withdraws arbitrary Network Layer
Routing Information
- Address Family Identfier (AFI) specifies what NLRI is being carried (IPv6,
IP Multicast, L2VPN, L3VPN, IPX...)
- Use of MBGP extensions for IPv6 defined in RFC 2545
• IPv6 AFI = 2
- BGP TCP session can be over IPv4 or IPv6
- Advertised Next-Hop address must be global or site-local IPv6 address


CORE: 6PE
6PE: IPv6 islands over MPLS IPv4 core

v4
v6 6PE 6PE

P CORE P
v4

Dual-stack PEs

v6

P P

v4
6PE 6PE
MPLS/IPv4 v6


CORE: 6VPE
6VPE: IPv6 VPNs over MPLS IPv4 core
VPN-1 v6 VPN-2
v6/v4
6VPE 6VPE

VPN-2 P CORE P
v6

Dual-stack PEs

VPN-1 v6/v4

P P

VPN-2 v6
6VPE 6VPE
v6/v4
MPLS/IPv4
VPN-1


IPV6 CORE TRANSPORT

DUAL
STACK
Internet Internet Internet Internet Internet Internet
IPv4 IPv6 IPv4 IPv6 IPv4 IPv6

Internet Internet Internet Internet
IPv4 IPv6 IPv4 IPv6

BGP BGP

6PE
IP/MPLS IP/MPLS IP/MPLS

VPN VPN VPN VPN
IPv4 IPv6 IPv4 IPv6

BGP BGP

6VPE
IP/MPLS IP/MPLS IP/MPLS


IPV6 TRANSITION

TRANSITION QUADRANT IN 2009-2010

Deployed 6PE,6VPE, Dual stack
Juniper Participation
(co-author or Head of WG) 6to4

NAT444

6rd
DS-Lite
Momentum
Ipv4 Anti-Depletion

NAT-PT
A+P

IPv6 to IPv4 NAT NAT64
PCP


Dual Stack

Customer Access/Aggregation Core Global Public Network

IPV4/ IPV4/ IPv6
IPv6
IPv6 IPv4/
IPv6 IPv6

IPv4 IPv4

IPv4 IPv4 IPv4


NAT44

IPv4 IPv4
IPv4 IPv4 IPv4

IPv6 IPv6 IPv6

IPv6 IPv6

IPv4 IPv4
CPE
NAT44
IPv4 IPv4 IPv4

Private IPv4 Addressing Public IPv4 Addresing

NAT444

IPv4 IPv4
IPv4 IPv4 IPv4

IPv6 IPv6 IPv6

IPv6 IPv6

CGN
NAT444

IPv4 IPv4
CPE
NAT44
IPv4 IPv4 IPv4

Private IPv4 Addressing1 Private IPv4 Addressing2 Public IPv4 Addresing

Address Sharing Technologies
NAT444
(*1)
draft-shirasaki-nat444-isp-shared-addr-00.txt In draft-nishitani-cgn-01, CGN (Carrier-Grade
NAT) was renamed to LSN (Large Scale NAT)
RFC1918
private address ISP shared address Global IPv4 address

CPE CGN/LSN(*1)

NAPT NAPT

v4 v4 v4

Src 192.168.0.1 port 10000 Src ii.ii.ii.ii (*2) port 11000 Src 210.3.100.1 port 12000
Dst 128.0.0.1 port 80 Dst 128.0.0.1 port 80 Dst 128.0.0.1 port 80

(*2)
ISP shared address
(draft-shirasaki-isp-shared-addr)

DS-LITE

IPv4 IPv6
IPv6 IPv6/IPv4 IPv4

IPv6 IPv6 IPv6

IPv6 IPv6
CPE IPv6
DS-LITE Tunnel DS-LITE
+ CGN

IPv4 IPv4

IPv4 IPv4 IPv4


Address Sharing Technologies S-lite
DS-LITE (*1)
In draft-nishitani-cgn-01, CGN (Carrier-Grade
NAT) was renamed to LSN (Large Scale NAT)
rfc1918
IPv4 in IPv6 Tunnel Global IPv4 address
private address
CPE CGN/LSN(*1)

DS-lite router Tunnel Termination
NAPT
v4 v4 v6 v4

Src 192.168.0.1 port 10000 Src 2001:0:0:2::1 Src 129.0.0.1 port 12000
Dst 128.0.0.1 port 80 Dst 2001:0:0:1::1 Dst 128.0.0.1 port 80

Src 192.168.0.1 port 10000
Dst 128.0.0.1 port 80


TOPOLOGY – NAT64

IPv6 IPv6
IPv6 IPv6/IPv4 IPv4

DNS64
IPv6 IPv6 IPv6

IPv6 IPv6

NAT64
CGN

IPv4 IPv4

IPv4 IPv4 IPv4


Protocol Translation
NAT64

1. Look up Server
IPv6 Address
www.yahoo.net
DNS64 DNS

2. Return IPv6 server address
Prefix64::209.131.36.158 H1v4

3. Send traffic to to the server 5. Destination Address www.yahoo.net
NAT64
(SA:H1v6, DA:Prefix64::209.131.36.158) translated to IPv6 by removing 209.131.36.158
H1v6 the well-known prefix64
(SA:H1v4, DA:209.131.36.158)
4. IPv4 NAT pool and
Prefix64::/96
configured


6RD

IPv6 IPv4
IPv4 IPv4/IPv6 IPv6

IPv6 IPv6 IPv6

IPv6 IPv6

6rd
CPE
6rd IPv4 IPv4

IPv4 IPv4 IPv4


Tunneling
6rd
draft-despres-6rd-03.txt
draft-townsley-ipv6-6rd-01.txt

IPv6 IPv6 in IPv4 Tunnel IPv6
6rd CE 6rd Gateway

v6 v6 v4 v6

Src 2001:db8:6464:0100::1 Src 10.100.100.1 Src 2001:db8:6464:0100::1

Dst 2001:db8::yyyy.yyyy Dst 192.88.99.1 Dst 2001:db8::yyyy.yyyy

Src 2001:db8:6464:0100::1
Dst 2001:db8::yyyy.yyyy


IPv6 TRANSITION MECHANISMS – SUMMARY


IPv4
CGN
IPv4 IPv4 NAT444 IPv4 IPv4

IPv6 IPv4 6rd IPv4/IPv6 IPv6
IPv6 in IPv4 Tunnel

IPv6
IPv6
IPv6 IPv6 Routing IPv6 IPv6

NAT64
IPv6 IPv6 CGN IPv6/IPv4 IPv4

DS-LITE
IPv4 IPv6 CGN IPv6/IPv4 IPv4
IPv4 in IPv6 Tunnel


EXAMPLES OF DIFFERENT REALITIES
WITHIN SERVICE PROVIDERS

CASE STUDY 1: INCUMBENT
Incumbent ISP in a mature market
 Business has been growing a lot in the last couple years, but
growth has slowed down
 Saturated market

ISP can reclaim address internally
Redesigning networks to get more address efficiency
More aggressively NATing wireless subscribers

As a consequence:
 ISP does not see the urge to move to IPv6 right now.
 Wait until technology mature
 Synchronize IPv6 deployment with roll-out of next gen service


CASE STUDY 2: OLD/NEW ACCESS TECHNOLOGY
ISP offer two access technologies, a legacy one and a new one
 Growth & ARPU is happening in the new technology, not the older
 Deploying IPv6 in legacy environment might be costly

Strategy:
- Legacy World: Carrier Grade NAT (CGN) & 6rd
- New World: Public IPv4 & native IPv6(Dual Stack)

Issue: cost of replacing CPEs to support IPv6
 With 6rd offered as an optional service, a service provider can
offload the cost of replacing CPEs in the old technology to the
end-users who want to be early adopters of IPv6

CASE STUDY 3: NEW CUSTOMERS, NEW NETWORKS
An ISP with an exhausted IPv4 address pool
ISP makes a clear distinction between current, existing
customers and post-exhaustion customers.

Build new IPv6-based networks for new customers.
IPv4 is a service overlayed on top of IPv6 with
DS-Lite (with or without a Carrier-Grade NAT)

Enabling customers to run their applications expecting incoming
connections (Eg: Set-Top box control, P2P):
 PCP (Port Control Protocol) to open-up pin-holes on CGN

ISP offers new IPv6 CPEs to new customers.

CASE STUDY 4: MOBILE
The key issue is license cost :
Dual-Stack IPv6-only
(NAT44) (NAT64)
License cost 2G & 3G/3GPPr8 Two licenses:
(using separate PDP contexts for IPv4 & IPv6) 1 for IPv4 PDP 1 for IPv6
+ 1 for IPv6 PDP PDP

License cost LTE and 3G/3GPPr9 1 for IPv4/IPv6 1 for IPv6
(using a combined PDP context for IPv4&IPv6) PDP/bearer PDP/bearer

Preferred

Going IPv6-only + NAT64 works ONLY if all applications are converted
to IPv6 and there is no connectivity to external devices such as PCs.

Dual-Stack remains the preferred/simplest general solution.


CASE STUDY 5: BUSINESS ISP

ISP has a corporate mandate to prepare for IPv6
Issue: ISP will have to support legacy IPv4 devices/apps
operated by their customers as well.

Reduce drastically (to just a few?) the number of
IPv4 addresses allocated to business customers.
NAT is performed by the business CPEs.


CASE STUDY 6: INTERNATIONAL ISP

ISP is incumbent is a region/country and want to expand
internationally. Need to offer IPv6 quickly.

6PE is a good way to jumpstart IPv6 global presence

ISP will have to migrate to native IPv6 at some point in the
future.


OBSERVATIONS ABOUT TRANSITION TECHNIQUES

All transition techniques (NAT444, 6RD, NAT64, DS-Lite)
revolve around the notion of sharing IPv4 addresses via
some form of NAT.

They all require the exact same amount of IPv4 addresses to be
shared in a NAT pool.
 The difference is how packets are transported to the NAT

Sharing addresses among customers introduces issues:
 Abuse/Logging/Geo-location/Access control


TRANSITION FOR MOBILE SERVICE

WIRELESS ARCHITECTURE 1: IPV6-ONLY
IPv6-only handset with IPv6 certified apps.
Traffic to IPv4 Internet goes through NAT64.

ISP network

GGSN NAT64 IPv4
IPv6-only PDP
context

DNS64 IPv6


WIRELESS ARCHITECTURE 2: DUAL-STACK
Dual-Stack handset with IPv4 or dual-stack apps.
IPv4 traffic to IPv4 Internet goes through NAT44.
IPv6 traffic goes straight to IPv6 Internet (or walled-garden service)

ISP network

GGSN NAT44 IPv4
Dual-Stack
PDP context

IPv6

3GPPr8 and 3GPPr9 introduce dual-stack PDP contexts.


IPV6 ONLY (NAT64) VS DUAL-STACK (NAT44 + IPV6)
ON WIRELESS NETWORKS
Dual-Stack IPv6-only
(NAT44) (NAT64)
IPv4 app on UE Yes No
IPv4 app on laptop Yes No
(tethering or wireless dongle)
Off-load to Wi-Fi Yes No
Handset-local Wi-Fi hot-spot Yes No
Roaming in IPv4-only 3G network Yes Variable
License cost 2G & 3G/3GPPr8 Two licenses: 1 for IPv6
(using separate PDP contexts 1 for IPv4 PDP PDP
for IPv4 & IPv6) + 1 for IPv6 PDP
License cost LTE and 3G/3GPPr9 1 for IPv4/IPv6 1 for IPv6
(using a combined PDP context PDP PDP
for IPv4&IPv6)


JUNIPER’S OFFERING

FAMILY MIGRATION SOLUTION PORTFOLIO

T1600 T640
STRM500 C2000, C Series
SRX3400
C4000
STRM5000 NEBS
MS-PIC
Steel-Belted Radius
STRM2500, Appliance
STRM5000 SRX3600,
MX960 Policy SRX3000 Line
log Server Management
MX480
MX240
NAT44 NAT64 DS-Lite 6rd …
MS-DPC
SRX5600,
SRX5000 Line
M320
M120
M10i MS-PIC
M7i
Junos SDK
SRX Series,
SRX5800
Packet based Router Security Appliance

IP FAMILY TRANSITION SERVICES ON MS-PIC/MS-DPC
IPv6 Features
 IPv6 NAT and IPv6 Stateful Firewall
 NAT-PT Supported (ICMP ALG)
 NAT-PT DNS ALG (10.4) 6 MS-DPC supported by Single
 NAT66 supported MX Chassis
 NAT64 (10.4) 8 MS-DPC per Chassis(12.3 or
12.4)

NAT44
 Support CGN requirement
(draft-ietf-behave-lsn-requirements-00)

IPv6 Softwire
 DS-Lite (10.4)
 4over6 (10.4)
 6rd/6to4 (11.1)

Summary


2011 TWNIC SP IPv6 Transition

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 2011 TWNIC SP IPv6 Transition

Similar to 2011 TWNIC SP IPv6 Transition (20)

More from Johnson Liu

More from Johnson Liu (16)

Recently uploaded

Recently uploaded (20)

2011 TWNIC SP IPv6 Transition