Ipv6 Transition Strategies For Service Providers: Johnson Liu 2011/09/30

IPV6 TRANSITION STRATEGIES FOR SERVICE PROVIDERS
Johnson Liu 2011/09/30
JUNIPER PERSPECTIVE ON IPV4 EXHAUSTION AND IPV6 DEPLOYMENT

2
Copyright 2011 Juniper Networks, Inc. www.juniper.net
IPV4 REALITY CHECK: IANA FREE POOL HAS EXHAUSTED

IANA exhaust: 2/1/2011 RIR exhaust: soon after
2008 recession effect Pre 2008 recession
Post 2008 recession
0%
After completion: Existing IPv4 addresses will not stop working. Current networks will still operate.
3
IPV6 REALITY CHECK: THE IPV4 LONG TAIL

Post IPv4 allocation completion:
Many hosts & applications in customer residential networks (eg
Win 95/98/2000/XP, game consoles, consumer electronics, industrial devices) are IPv4-only. Most software & servers in enterprise network are IPv4-only
They will not function in an IPv6-only environment. Few of those can or will upgrade to IPv6.
Content servers (web, email,) are hosted on the Internet by
many different parties. It will take time to upgrade those to IPv6.
Current measurement:
0.15% of Alexa top 1-million web sites are available via IPv6
(This number has not changed in the last 12 months) Source: http://ipv6monitor.comcast.net
4
IS IPV6 TAKING OFF?

A number of very large ISPs and very large content providers are deploying IPv6 and various transition technologies now.
Still early in the adoption curve.
However, momentum is building.

Cant be ignored.
IPv6 does not solve the immediate problem of IPv4 address exhaust.
Most sites are still accessible only through IPv4
Maintaining IPv4 service after IPv4 exhaustion is #1 priority for most
players. This implies some form or another of IPv4 address sharing: NAT Many transition technologies to choose from Impact on routing and network architecture
Copyright 2011 Juniper Networks, Inc.
www.juniper.net
IS IPV6 TAKING OFF?

On June 8, 2011, the World IPv6 Day, participants will enable IPv6 on their main services for 24 hours
Facebook, Google and Yahoo, websites with more than one
billion combined visits each day, are joining major content delivery networks Akamai and Limelight Networks, and the Internet Society, for the first global-scale trial of the new Internet Protocol, IPv6.
Juniper Networks will participate in "World IPv6 Day, furthering
its long-standing commitment to ensure its customers continue to be fully prepared for a transparent transition to the new IPv6 protocol to meet their respective market needs. http://ipv6.juniper.net reachable over IPv6 since Jan. 8th Commitment to participate to the IPv6 world day on June 8th with http://www.juniper.net
www.juniper.net
INDUSTRY IPV6 SCORE CARD

Function Network Element Core Router: T Status
Edge Routers: MX, 6PE Servers Linux 2.6+

Datacenter equipments, CDN End-user clients Windows 7 (Many XP boxes out there) MacOS 10.x Game consoles Wii, PS3, Xbox Software Web Browser: Firefox, IE, Safari Skype On-line PC games SSL VPN Content CE
7
Number 1&2 issues
Web content available over IPv6 CPEs

SURVIVING TECHNIQUE
8
WHAT ARE MY OPTIONS?

Dual-Stack
TCP/UDPv4 TCP/UDPv6
Translators
IPv6 IPv6 IPv4 IPv4
Tunnels
IPv4 IPv6 IPv6 IPv4
IPv4
IPv6
PHY/Data Link
IPv6/IPv4 co-existence on one device

Best-suited for the Core Can be the ideal inflection point in the network DS-ready Core gives you flexibility of options in the edge Technologies: Dual-stack routing protocols (Core) 6PE (Core) 6VPE (Core) Dual-stack capable 9 CPEs (Access)
IPv6 <-> IPv4 translation

Solves the problem at the edge Expected to co-exist with Dualstack for some time Technologies NAT444 DS Lite DS Lite + A+ P NAT64
Initially tunnel IPv6 over IPv4. Later tunnel IPv4 over IPv6 Ideal when Core is not v6 ready Requires v6-capable CPEs Technologies: 6to4 6rd
www.juniper.net
SERVICE PROVIDER INFRASTRUCTURE

Residential Edge
ISPs BNG CORE IPv6 IX
Mobile Edge
PE
Business Edge
GGSN
10
www.juniper.net
CORE: DUAL-STACK IT
Prepare the core as a dual-stack infrastructure Interfaces
Implement IPv6 on the Core interfaces
Routing protocols
ISIS
draft-ietf-isis-ipv6-02.txt, Routing IPv6 with IS-IS 2 new TLVs are defined:
- IPv6 Reachability (TLV type 236) - IPv6 Interface Address (TLV type 232)
IPv6 NLPID = 142
OSPFv3

11
Unlike IS-IS, entirely new version required RFC 2740 Fundamental OSPF mechanisms and algorithms unchanged Packet and LSA formats are different
CORE: DUAL-STACK IT
Routing protocols
BGP
MBGP defined in RFC 2283
Two BGP attributes defined:

- Multiprotocol Reachable NLRI advertises arbitrary Network Layer Routing Information - Multiprotocol Unreachable NLRI withdraws arbitrary Network Layer Routing Information - Address Family Identfier (AFI) specifies what NLRI is being carried (IPv6, IP Multicast, L2VPN, L3VPN, IPX...) - Use of MBGP extensions for IPv6 defined in RFC 2545
IPv6 AFI = 2
- BGP TCP session can be over IPv4 or IPv6 - Advertised Next-Hop address must be global or site-local IPv6 address
12
www.juniper.net
CORE: 6PE
6PE: IPv6 islands over MPLS IPv4 core
v6
6PE
P CORE P
6PE
v4
v4
Dual-stack PEs
v6
P
v4
6PE
MPLS/IPv4
6PE
v6
13
www.juniper.net
CORE: 6VPE
6VPE: IPv6 VPNs over MPLS IPv4 core
VPN-1
v6/v4
6VPE
P CORE P
6VPE
v6
VPN-2
VPN-2
v6
Dual-stack PEs
VPN-1
v6/v4
P VPN-2
v6
6VPE
MPLS/IPv4
6VPE
v6/v4
VPN-1
14
www.juniper.net
IPV6 CORE TRANSPORT

DUAL STACK
Internet IPv4 Internet IPv4 BGP
Internet IPv6 Internet IPv6
Internet IPv4
Internet IPv6
BGP
6PE
IP/MPLS VPN IPv4 BGP VPN IPv6 IP/MPLS
IP/MPLS
VPN IPv4 BGP VPN IPv6
6VPE
IP/MPLS
15
IP/MPLS
IP/MPLS
IPV6 TRANSITION
16
TRANSITION QUADRANT IN 2009-2010

Juniper Participation (co-author or Head of WG) Deployed 6to4 NAT444 6rd DS-Lite
Ipv4 Anti-Depletion
6PE,6VPE, Dual stack
Momentum
NAT-PT
A+P
IPv6 to IPv4 NAT
NAT64 PCP
17
www.juniper.net
Dual Stack
Customer Access/Aggregation Core Global Public Network
IPV4/ IPv6
IPV4/ IPv6
IPv6
IPv4/ IPv6 IPv6
IPv4
IPv4
IPv4
IPv4
IPv4
18
www.juniper.net
NAT44
Customer IPv4 Access/Aggregation Core IPv4 Global Public Network IPv4
IPv4 IPv4
IPv6
IPv6
IPv6 IPv6
IPv6
IPv4
IPv4
IPv4
CPE NAT44
IPv4
IPv4
Private IPv4 Addressing

19
Public IPv4 Addresing

NAT444
Customer IPv4 Access/Aggregation Core IPv4 Global Public Network IPv4
IPv4 IPv4
IPv6
IPv6
IPv6 IPv6
IPv6
CGN NAT444 IPv4

IPv4
IPv4
CPE NAT44
IPv4
IPv4
Private IPv4 Addressing1

20
Private IPv4 Addressing2

Public IPv4 Addresing

www.juniper.net
Address Sharing Technologies
NAT444
draft-shirasaki-nat444-isp-shared-addr-00.txt RFC1918 private address CPE NAPT v4 v4 (*1) In draft-nishitani-cgn-01, CGN (Carrier-Grade NAT) was renamed to LSN (Large Scale NAT) Global IPv4 address CGN/LSN(*1) NAPT v4
ISP shared address
Src
192.168.0.1 port 10000
Src Dst
ii.ii.ii.ii (*2) port 11000 128.0.0.1 port 80
Src
210.3.100.1 port 12000
Dst
128.0.0.1 port 80
Dst
128.0.0.1 port 80
(*2) ISP shared address (draft-shirasaki-isp-shared-addr)

21
DS-LITE
Customer IPv4 Access/Aggregation Core
IPv6/IPv4
Global Public Network IPv4
IPv6 IPv6
IPv6
IPv6
CPE DS-LITE IPv6 Tunnel IPv6 IPv6
IPv6
DS-LITE + CGN IPv4 IPv4
IPv4
IPv4
IPv4
22
www.juniper.net
Address Sharing Technologies S-lite
DS-LITE
rfc1918 private address CPE DS-lite router v4 v4 v6 IPv4 in IPv6 Tunnel
(*1) In draft-nishitani-cgn-01, CGN (Carrier-Grade NAT) was renamed to LSN (Large Scale NAT) Global IPv4 address CGN/LSN(*1) Tunnel Termination NAPT v4
Src Dst
192.168.0.1 port 10000 128.0.0.1 port 80 Src Dst
Src Dst
2001:0:0:2::1 2001:0:0:1::1
Src Dst
129.0.0.1 port 12000 128.0.0.1 port 80
192.168.0.1 port 10000 128.0.0.1 port 80
23
www.juniper.net
TOPOLOGY NAT64
Customer IPv6 Access/Aggregation Core
IPv6/IPv4
Global Public Network IPv4
IPv6 IPv6
DNS64
IPv6
IPv6
IPv6 IPv6 NAT64 CGN IPv4 IPv4
IPv6
IPv4
IPv4
IPv4
24
www.juniper.net
Protocol Translation
NAT64
1. Look up Server IPv6 Address www.yahoo.net

DNS64
DNS
2. Return IPv6 server address Prefix64::209.131.36.158
H1v4
www.yahoo.net 209.131.36.158
3. Send traffic to to the server 5. Destination Address NAT64 (SA:H1v6, DA:Prefix64::209.131.36.158) translated to IPv6 by removing H1v6 the well-known prefix64 (SA:H1v4, DA:209.131.36.158) 4. IPv4 NAT pool and Prefix64::/96 configured
25
www.juniper.net
6RD
Customer IPv6 Access/Aggregation Core IPv4/IPv6 Global Public Network IPv6
IPv4 IPv4
IPv6
IPv6
IPv6 IPv6 6rd CPE 6rd IPv4 IPv4
IPv6
IPv4
IPv4
IPv4
26
www.juniper.net
Tunneling
6rd
draft-despres-6rd-03.txt draft-townsley-ipv6-6rd-01.txt
IPv6
6rd CE
IPv6 in IPv4 Tunnel

6rd Gateway
IPv6
v6
v6 v4
v6
Src Dst
2001:db8:6464:0100::1 2001:db8::yyyy.yyyy
Src Dst
10.100.100.1
Src Dst
2001:db8:6464:0100::1 2001:db8::yyyy.yyyy
192.88.99.1
Src Dst
2001:db8:6464:0100::1 2001:db8::yyyy.yyyy
27
www.juniper.net
IPv6 TRANSITION MECHANISMS SUMMARY

Customer Access/Aggregation Core Global Public Network
IPv4
IPv4 IPv6
IPv4 IPv4 IPv6
CGN NAT444 6rd
IPv4
IPv4
IPv4/IPv6
IPv6 in IPv4 Tunnel
IPv6
IPv6 IPv6 IPv4
IPv6
IPv6 Routing
IPv6
IPv6/IPv4
IPv6 IPv4 IPv4
IPv6
IPv6
NAT64 CGN
DS-LITE CGN
IPv6/IPv4 IPv4 in IPv6 Tunnel
28
www.juniper.net
EXAMPLES OF DIFFERENT REALITIES WITHIN SERVICE PROVIDERS

29
CASE STUDY 1: INCUMBENT

Incumbent ISP in a mature market
Business has been growing a lot in the last couple years, but
growth has slowed down Saturated market
ISP can reclaim address internally

Redesigning networks to get more address efficiency More aggressively NATing wireless subscribers
As a consequence:
ISP does not see the urge to move to IPv6 right now. Wait until technology mature Synchronize IPv6 deployment with roll-out of next gen service
30
CASE STUDY 2: OLD/NEW ACCESS TECHNOLOGY

ISP offer two access technologies, a legacy one and a new one
Growth & ARPU is happening in the new technology, not the older Deploying IPv6 in legacy environment might be costly
Strategy:
- Legacy World: Carrier Grade NAT (CGN) & 6rd - New World: Public IPv4 & native IPv6(Dual Stack)
Issue: cost of replacing CPEs to support IPv6

With 6rd offered as an optional service, a service provider can
offload the cost of replacing CPEs in the old technology to the end-users who want to be early adopters of IPv6
31
CASE STUDY 3: NEW CUSTOMERS, NEW NETWORKS

An ISP with an exhausted IPv4 address pool ISP makes a clear distinction between current, existing customers and post-exhaustion customers.
Build new IPv6-based networks for new customers.
IPv4 is a service overlayed on top of IPv6 with DS-Lite (with or without a Carrier-Grade NAT)
Enabling customers to run their applications expecting incoming connections (Eg: Set-Top box control, P2P):
PCP (Port Control Protocol) to open-up pin-holes on CGN
ISP offers new IPv6 CPEs to new customers.

32
CASE STUDY 4: MOBILE

The key issue is license cost :
Dual-Stack (NAT44) IPv6-only (NAT64) 1 for IPv6 PDP
License cost 2G & 3G/3GPPr8

(using separate PDP contexts for IPv4 & IPv6)
Two licenses: 1 for IPv4 PDP + 1 for IPv6 PDP 1 for IPv4/IPv6 PDP/bearer
License cost LTE and 3G/3GPPr9

(using a combined PDP context for IPv4&IPv6)
1 for IPv6 PDP/bearer
Preferred
Going IPv6-only + NAT64 works ONLY if all applications are converted to IPv6 and there is no connectivity to external devices such as PCs.
Dual-Stack remains the preferred/simplest general solution.
33
CASE STUDY 5: BUSINESS ISP

ISP has a corporate mandate to prepare for IPv6 Issue: ISP will have to support legacy IPv4 devices/apps operated by their customers as well.
Reduce drastically (to just a few?) the number of IPv4 addresses allocated to business customers. NAT is performed by the business CPEs.
34
www.juniper.net
CASE STUDY 6: INTERNATIONAL ISP
ISP is incumbent is a region/country and want to expand internationally. Need to offer IPv6 quickly.
6PE is a good way to jumpstart IPv6 global presence
ISP will have to migrate to native IPv6 at some point in the future.
35
www.juniper.net
OBSERVATIONS ABOUT TRANSITION TECHNIQUES
All transition techniques (NAT444, 6RD, NAT64, DS-Lite) revolve around the notion of sharing IPv4 addresses via some form of NAT.
They all require the exact same amount of IPv4 addresses to be shared in a NAT pool.
The difference is how packets are transported to the NAT
Sharing addresses among customers introduces issues:

Abuse/Logging/Geo-location/Access control
36
www.juniper.net
TRANSITION FOR MOBILE SERVICE

37
WIRELESS ARCHITECTURE 1: IPV6-ONLY

IPv6-only handset with IPv6 certified apps. Traffic to IPv4 Internet goes through NAT64.
ISP network
GGSN NAT64 IPv4
IPv6-only PDP context
DNS64
IPv6
38
www.juniper.net
WIRELESS ARCHITECTURE 2: DUAL-STACK

Dual-Stack handset with IPv4 or dual-stack apps. IPv4 traffic to IPv4 Internet goes through NAT44. IPv6 traffic goes straight to IPv6 Internet (or walled-garden service)
ISP network
GGSN Dual-Stack PDP context IPv6 NAT44 IPv4
3GPPr8 and 3GPPr9 introduce dual-stack PDP contexts.

39
IPV6 ONLY (NAT64) VS DUAL-STACK (NAT44 + IPV6) ON WIRELESS NETWORKS

Dual-Stack (NAT44)
IPv4 app on UE IPv4 app on laptop (tethering or wireless dongle) Yes Yes
IPv6-only (NAT64)
No No
Off-load to Wi-Fi Handset-local Wi-Fi hot-spot

Roaming in IPv4-only 3G network License cost 2G & 3G/3GPPr8 (using separate PDP contexts for IPv4 & IPv6) License cost LTE and 3G/3GPPr9 (using a combined PDP context for IPv4&IPv6)
Yes Yes
Yes Two licenses: 1 for IPv4 PDP + 1 for IPv6 PDP 1 for IPv4/IPv6 PDP
No No
Variable 1 for IPv6 PDP 1 for IPv6 PDP
40
www.juniper.net
JUNIPERS OFFERING
41
FAMILY MIGRATION SOLUTION PORTFOLIO

T1600 T640
STRM500 C2000, C Series
C4000
STRM5000 NEBS
SRX3400
MS-PIC
STRM2500, STRM5000 Steel-Belted Radius Appliance SRX3600, SRX3000 Line
MX960 MX480 MX240

MS-DPC
log Server
Policy Management
6rd
NAT44
NAT64
DS-Lite
M320 M120 M10i

MS-PIC
SRX5600, SRX5000 Line
M7i
Junos SDK
SRX Series, SRX5800
Packet based Router

42
Security Appliance
IP FAMILY TRANSITION SERVICES ON MS-PIC/MS-DPC

IPv6 Features

IPv6 NAT and IPv6 Stateful Firewall NAT-PT Supported (ICMP ALG) NAT-PT DNS ALG (10.4) NAT66 supported NAT64 (10.4)
6 MS-DPC supported by Single MX Chassis

8 MS-DPC per Chassis(12.3 or 12.4)
NAT44
Support CGN requirement
(draft-ietf-behave-lsn-requirements-00)
IPv6 Softwire
DS-Lite (10.4) 4over6 (10.4) 6rd/6to4 (11.1)
43
Summary
44
www.juniper.net

Ipv6 Transition Strategies For Service Providers: Johnson Liu 2011/09/30

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ipv6 Transition Strategies For Service Providers: Johnson Liu 2011/09/30

Uploaded by

Copyright:

Available Formats

IPV6 TRANSITION STRATEGIES FOR SERVICE PROVIDERS

Johnson Liu 2011/09/30

JUNIPER PERSPECTIVE ON IPV4 EXHAUSTION AND IPV6 DEPLOYMENT

IPV4 REALITY CHECK: IANA FREE POOL HAS EXHAUSTED

2008 recession effect Pre 2008 recession

Post 2008 recession

IPV6 REALITY CHECK: THE IPV4 LONG TAIL

Content servers (web, email,) are hosted on the Internet by

many different parties. It will take time to upgrade those to IPv6.

IS IPV6 TAKING OFF?

However, momentum is building.

Copyright 2011 Juniper Networks, Inc.

IS IPV6 TAKING OFF?

Copyright 2011 Juniper Networks, Inc.

INDUSTRY IPV6 SCORE CARD

Edge Routers: MX, 6PE Servers Linux 2.6+

Number 1&2 issues

Web content available over IPv6 CPEs

WHAT ARE MY OPTIONS?

IPv6/IPv4 co-existence on one device

IPv6 <-> IPv4 translation

Copyright 2011 Juniper Networks, Inc.

SERVICE PROVIDER INFRASTRUCTURE

ISPs BNG CORE IPv6 IX

Copyright 2011 Juniper Networks, Inc.

IPv6 NLPID = 142

Two BGP attributes defined:

Copyright 2011 Juniper Networks, Inc.

Copyright 2011 Juniper Networks, Inc.

Copyright 2011 Juniper Networks, Inc.

IPV6 CORE TRANSPORT

Internet IPv4 Internet IPv4 BGP

Internet IPv6 Internet IPv6

Internet IPv4 Internet IPv4

Internet IPv6 Internet IPv6

TRANSITION QUADRANT IN 2009-2010

6PE,6VPE, Dual stack

Copyright 2011 Juniper Networks, Inc.

Copyright 2011 Juniper Networks, Inc.

Private IPv4 Addressing

Public IPv4 Addresing

CGN NAT444 IPv4

Private IPv4 Addressing1

Private IPv4 Addressing2

Public IPv4 Addresing

Address Sharing Technologies

ISP shared address

192.168.0.1 port 10000

ii.ii.ii.ii (*2) port 11000 128.0.0.1 port 80

210.3.100.1 port 12000

(*2) ISP shared address (draft-shirasaki-isp-shared-addr)

Global Public Network IPv4

DS-LITE + CGN IPv4 IPv4

Copyright 2011 Juniper Networks, Inc.

Address Sharing Technologies S-lite

192.168.0.1 port 10000 128.0.0.1 port 80 Src Dst

129.0.0.1 port 12000 128.0.0.1 port 80

192.168.0.1 port 10000 128.0.0.1 port 80

Copyright 2011 Juniper Networks, Inc.

Global Public Network IPv4

Copyright 2011 Juniper Networks, Inc.

1. Look up Server IPv6 Address www.yahoo.net

2. Return IPv6 server address Prefix64::209.131.36.158