You are on page 1of 34

Cisco IPv4 – IPv6 Transition Architecture

(CGNv6)

Istvan Kakonyi, VSA

ikakonyi@cisco.com

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Agenda

• Introduction
Why do we need IPv6?
The Promise of IPv6
• The Cisco 346 Transition Framework
NAT444
6rd – Border Relay + NAT444
DS-Lite + NAT 444
• CGv6 Implementation
CGSE
IPv6TS Software
• Summary

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Agenda

• Introduction
Why do we need IPv6?
The Promise of IPv6
• The Cisco 346 Transition Framework
NAT444
6rd – Border Relay + NAT444
DS-Lite + NAT 444
• CGv6 Implementation
CGSE
IPv6TS Software
• Summary

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
The Growing Internet
Internet growth – in terms the number of
connected devices - is accelerating at an
exponential rate
IP Video / Collaboration
§India added 15 million new subscribers in
August – more than the population of Greece1
§China Mobile has surpassed 500 million
subscribers – more than the population of
North America2
Mobility / Device Proliferation
§The ‘Embedded Internet’ will consist of over
15 billion devices by 20153

1 – Indian Regulator TRAI


2 – China Mobile
Embedded Internet 3 – Intel Embedded Internet Projections

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
The Growing Internet Challenge
The gap between supply and demand for IP addresses
– the key Internet resource – is widening

IPv4 Address Blocks Remaning1 Internet-Enabled Devices2

25 < 700 Days 15B


Remaining

0 5B
Today Sep 2011 Today 2015+

The pool of IPv4 address While the number of new


blocks is dwindling rapidly Internet devices is exploding
1 – Geoff Huston, APNIC, www.potaroo.net, tracking /8 address-blocks managed by the Internet Assigned Numbers Authority
2 – Cisco Visual Networking Index / Intel Embedded Internet Projections

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Why Begin at Core / Edge?
Key requirements for scale, performance and impact
are maximized in the core and edge
Cost / §Cost and operational impact are reduced
Devices / §Platforms are inherently reliable, scalable
Home


Difficulty
§Coverage, flexibility, and ROI are maximized

Access
Data
Center

Edge

Core
Coverage /
Speed
Translations x 1000 x 100,000 x 10 Million x 1 Billion
Home Scale Enterprise Scale Carrier Scale
Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
Agenda

• Introduction
Why do we need IPv6?
The Promise of IPv6
• The Cisco 346 Transition Framework
NAT444
6rd – Border Relay + NAT444
DS-Lite + NAT 444
• CGv6 Implementation
CGSE
IPv6TS Software
• Summary

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
“346”: A 3 Tier Transition Framework for Moving
from IPv4 to IPv6

IPv6 Services & Applications running over IPv6

IPv4/IPv6 Coexistence Infrastructure

IPv6
Internet
IPv4 Preserve IPv4

IPv4
Today
Run-Out

2009 2011 2020+


Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
6TS plays here
346 Technology Buckets

Cloud Telepresence
Services Mobility Connected
Sensor
Data Center P2P Home
over IPv6 Smart Grid

IPv4/IPv6 Dual-Stack/ IPv4/IPv6 Translators


Tunnels &
Coexistence IPv6 Routing/Ops Encaps (Stateful/Stateless)
Infrastructure

IPv6
Internet
Preserve Network Address and IPv4 Address
Port Translators Trading Market
IPv4

IPv4
Today
Run-Out

2009 2011 2020+


Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
Where to Start?

• In the backbone where a reasonable dual-stack


capability exists
Many have turned on dual-stack or some variant of dual-
stack edge + tunnels (e.g. 6PE, 6VPE)
Establish v4/v6 coexistence infrastructure

• From backbone it becomes possible to “launch”


IPv6 connectivity and/or IPv6 transition “initiatives”
into the adjacent customer address realms
• It is much more difficult to build the IPv6-capable
access infrastructure (home networks, RGs, AAA
systems, BNGs, provisioning, etc)

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
IPv6 “Backbone-First” Solutions – 2010-2011

Wireline Peering/ Enterprise Edge

Consumer Dual-Stack Enterprise v6


BRAS
Home CMTS PE
OLT VRF
VRF
DS-Lite

CGN Enterprise v4 & v6


6rd NAT44

DS-Lite SP Core
CGN
6rd
Dual-stack/
Softwires
Mobility / Wireless Mesh Data Center
CGN
NAT64 IPv4
Internet Dual-Stack
AFBR
IPv6
Service/Content
Provider

v6

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
IPv6 “Backbone-First” Solutions – 2010-2011

Wireline Peering/ Enterprise Edge


Consumer
Consumer Internet Dual-Stack Enterprise v6
BRAS
Home CMTS PE IPv6 VPN
OLT VRF
IPv6 in the Enterprise
VRF
& Govt
DS-Lite
Home
CGN Enterprise v4 & v6
6rd NAT44

DS-Lite SP Core
CGN
6rd
Dual-stack/
Softwires
Mobility / Wireless Mesh Data Center
CGN
4G/LTE NAT64 IPv4
IPv6 Mobile Internet Dual-Stack
AFBR
IPv6
IPv6 Peering
Service/Content
IPv6 Data Center
Provider

v6

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
One Strategy for Dealing with the IPv4 Address
Run-Out Problem

Customers SP Network Public Internet


IPv4
Public IPv4
IPv4 IPv4public Internet

IPv4 Core

Post IPv4
Carrier Grade
Address Completion
NAT

IPv4 CGN
Public IPv4
IPv4 (NOT)-IPv4public Internet

IPv4 Core
= public IPv4

= NOT public IPv4


Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
What is a Carrier Grade NAT?
• “..A NAT or NAPT device used by many subscribers, where 'many' would
be on the order of dozens to hundreds of thousands of subscribers. This
might NAT between any combination of IPv4 and IPv6..”*
• O(20M) translations (sessions)
• O(Thousands) private IP addresses (depending on sessions per
user. A “user” could be a home napt box)
• O(10Gb/sec) Performance – Full Duplex
• Scenarios
Double NAT444
Dual-Stack Lite (softwire 4over6 tunnel for access)
6rd Border Relay (softwire 6over4 tunnel for access)
Stateful/Stateless IPv4/IPv6 Translator (like NAT64)
• CGN Bypass (route around NAT)
• Must be Carrier-Grade in Scale and Performance

* source: draft-wing-nat-pt-replacement-comparison
Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
= public IPv4

CGN – Double NAT444 = private IPv4

CPE with private


IPv4 address on WAN

CGN
NAT44
Private Public IPv4
IPv4 IPv4private
Internet
NAT44 Core
Edge

• CGN does NAT44 or O(large number) of private IPv4


end-points
• No need for IPv6 anywhere
• Compliant with standard NAT behaviors (RFC4787,
RFC5382, RFC5508)
• Challenge: CGN never deployed with this scale in
SP networks
Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
= public IPv4
CGN – 6rd Border Relay = private IPv4

Consumer
Home
IPv4-only AAA
and/or DHCP Public IPv4
NAT44 CGN Internet
Private 6rd BR
IPv4
IPv4private
CPE/RG Core Public
IPv4/IPv6 4/6
IPv6

6rd tunnel

• No change to IPv4-based access infrastructure


• IPv6 address in derived from ISP IPv6 prefix and CPE IPv4 address; RG and
6rd BR perform automatic IPv6/IPv4 encap/decap
• CGN becomes 6rd Border Relay- NO NAT or XLAT performed
• Simple, stateless, automatic IPv6-in-IPv4 encap and decap function on
CPE/RG
• Based on 6to4 (RFC 3056) and draft-despres-6rd-03.txt + CGN/NAT444
extensions
• draft-ietf-softwire-ipv6-6rd
Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
Gory Details:
Three parts of the “6rd” Mechanism

• IPv6 Prefix Delegation derived from IPv4


Global IPv4 or Natted IPv4 in same deployment

• Stateless mapping and Encapsulation of IPv6 over


IPv4 (RFC 4213)
IPv4 encapsulation automatically determined from each
packet’s IPv6 destination
No per-subscriber tunnel state or provisioning

• IPv4 Anycast to reach Border Routers

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Packet Flow and Encapsulation

6rd 6rd

IPv4 + IPv6 6rd

IPv4 + IPv6
IPv4 + IPv6
IPv4 + IPv6 6rd Border
Core / Internet
CE Relays

6rd

IPv4
IF 6rd IPv6 THEN Encap in
Prefix Positive IPv4 with
Match embedded address

Dest = Inside 6rd Domain 2001:100 8101:0101 Interface ID

ELSE (6rd IPv6 ENCAP with BR


Prefix Negative IPv4 Anycast
Match) Address

IPv6 Dest = Outside 6rd Domain “Not 2001:100…” Interface ID

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
6rd vs 6to4
Attribute 6rd 6to4
IPv6 Address SP’s IPv6 Address 2002::/16
Prefix
SP-managed service Yes No
Always Route thru Yes Maybe
SP’s network
IPv6 Address Excellent, it is an ISP It is “6to4” and everybody
“Reputation” IPv6 Prefix knows that
RG Support Under development Supported
Cisco Products IOS and Linksys IOS
Prototypes; planned
for 6TS (ASR1K, CRS-
1)
Doc draft-ietf-softwire- RFC3056
ipv6-6rd

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
= public IPv4
= private IPv4

CGN - Dual-Stack Lite = public IPv6

NAT44 done
here for IPv4

CGN - Dual-Stack Lite


Consumer
packets
Public IPv4
Home V4-over-V6 Internet
IP Tunnel

CGN
Private
IPv4
IPv6
IPv4/v6 Core
Public Edge Public
IPv6
* AKA Softwires + NAT = SNAT
IPv6
• Employs softwire 4over6 tunnels plus CGN-NAT44 to support private
IPv4 connectivity to public IPv4 Internet
• IPv6 hosts use native IPv6 routing to public IPv6 Internet
• Challenge is laying out IPv6 access network
• draft-ietf-softwire-dual-stack-lite

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
Agenda

• Introduction
Why do we need IPv6?
The Promise of IPv6
• The Cisco 346 Transition Framework
NAT444
6rd – Border Relay + NAT444
DS-Lite + NAT 444
• CGv6 Implementation
CGSE
IPv6TS Software
• Summary

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
CRS-1 IPv6 Transition Services
Solution Components

Carrier Grade Service Engine


CRS-1 with IOS XR (Roddick)
• High-capacity, carrier-class SP • Leverages existing 40G MSC
platform with Cisco IOS/XR hardware & software
• Rapid and flexible Linux-based
• Leverages previously developed development & test environment
XR infrastructure to divert
packets to Multi-Service PLIM • Supports required CGN – NAT44
performance & scale
• Provides single, integrated • Cornerstone of 346 Backbone
configuration & management First IPv6 Transition Strategy
infrastructure for Service PLIM

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
CGSE (Roddick) PLIM and IPv6 Transition Services
(6TS)
• Hardware
6TS function resides on Multi-Service PLIM
Quad Octeon multiprocessor architecture, 64 CPU cores
Standard interface to MSC, 10 Gbps full-duplex nominal

§Software
– IOS-XR on MSC, Linux on Octeon CPUs
– Leverages XR App SVI to divert packets to/from CGN function
– Leverages Vector Packet Path (VPP) for NAT application
– Integrated configuration & management via IOS XR
Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
CGN Packet Walk-Thru

Other Packets routed


iMetro ingress packets may to CGN pass
lookup maps bypass NAT XR App SVI,
VLAN or tunnel entirely forwarded to CGN eMetro filters
to VRF
Packets enter CGN eMetro based on protocol
Applies ingress
from private features Load balance
network Routes to CGN selects Octeon &
core
From Subscribers

VLAN VRF App


SVI Octeon CPU

GLIK
iMetro eMetro
performs NAT,

Bambi
4 x Octeon PT, and/or
Tunnel VRF 64 CPUs tunnel encaps
Forwards packet

GLIK
eMetro iMetro
to CGN iMetro
VRF

CGN iMetro
I/O PLIM MSC Roddick Services PLIM performs ingress
lookup, selects

GLIK
VRF iMetro eMetro output LC,
forwards through

Bambi
To Core

4 x Octeon fabric
VLAN VRF 64 CPUs

GLIK
eMetro iMetro
Tunnel VRF
Fabric

Packets egress to eMetro on egress Multiple Roddick


public network MSC performs normal CGN blades
egress features support good
scaling and/or
1:1 redundancy

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
CRS-1 6TS Project Update
(September 2009)

• Demo Topology active and operational in SJ – currently


testing applications
• Preliminary Performance Measurements:
6.7Mpps (IMIX)  10Gbps full-duplex tput
1 + 1 Warm Standby Switchover measured to be < 1 sec
• Logging to external server based on Netflow9 records
• Analysis of deployment scenarios with customers
• Customer Demo/EFT engaged & planned – End of Nov/Early
Dec. 2009
• IPv6 Features in development - will align with IETF BEHAVE
docs
• External Launch planned for this Fall
• FCS in IOS-XR Release 3.9.1 (April 2010)
Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
CGN Connectivity Models

Subscriber to/from CGN; remote attachment

Private vlan
Subs CGN
Tunneling

Public Global
CGN-remote

Subs
BRAS/CMTS Penultimate Hop
Router

Private vlan
Subs CGN
vlan vlan

Public vlan vlan


Global
Subs vlan
BRAS/CMTS

Subscriber to/from CGN; local attachment


Private
CGN-local

Subs vlan
CGN
vlan
Public Global
Subs BRAS/CMTS

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
6TS Roadmap

IPv4/IPv6 Coexistence

4Q2009 1H2010 2H2010 1H2011

6TSv1 NAT44
EFT FCS Instrumentation &
NAT44 Management Enhancements

XR IPv6 SVI Testing IPv6 SVI 1 + 1 Hot Standby


Infra XML Interface TE into VRF (CGN-remote)

6TSv2 • 6rd Border Relay • Stateful IPv4/IPv6


6rd Demo/EFT • Stateless IPv4/IPv6 XLAT/DNS64
IPv6 v4/v6 xlat Coding/Demo XLAT • DS-Lite TC
Features/ DS-Lite TC Coding • DS-Lite TC Demo • ServiceWire
Services

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
ASR1000 IPv6 Broadband Solution
Layer 2 Access Networks ASR1000 IPv6
BB Aggregation
Internet

ISP A
DSL
DSLAM

Access IPv6 PTA/LAC


Ethernet ASR1000
802.11

IPv6 LNS

Si
ASR1000 Multimedia
Content Server

Mobile RAN

PPPoEoA, PPPoE Dual-Stack/L2TPv2/MPLS Core IPv4/IPv6

IPv6 Broadband
• IPv6 Prefix Pools •IPv6 PTA (RLS5 November 2009)
• IPv6 RADIUS •IPv6 LAC (RLS5 November 2009)
• (Cisco VSA and RFC 3162) •IPv6 LNS (RLS6 February 2010)
• DHCPv6 Prefix Delegation •IPv6 ISG (Roadmap)
• Stateless DHCPv6 •CGN (in Planning)

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
Agenda

• Introduction
Why do we need IPv6?
The Promise of IPv6
• The Cisco 346 Transition Framework
NAT444
6rd – Border Relay + NAT444
DS-Lite + NAT 444
• CGv6 Implementation
CGSE
IPv6TS Software
• Summary

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
Preserve
IPv4 infrastructure, assets, and service offerings

Continue and accelerate


Large-Scale
Translation (LSN) Cisco CGv6 subscriber and device growth
using Private-IP
Internet

IPv4 Private-IP
IPv4

Existing New
Customers Customers

Today With Cisco CG6


Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
Prepare, with 6rd (6-over-4)
Subscriber IPv6 traffic is tunneled over IPv4 to
gateways within the IP-NGN while IPv6 grows
Subscribers Provider IP-NGN Internet
Source = IPv6
Destination = IPv4, Tunnel Termination + AFT
Private Destination = IPv6, Tunnel Termination
IPv4

Private IP IPv4
IPv6

IPv6
Private IPv6
IPv4 IPv4 Cisco
CGv6
IPv6

IPv6 moves out to subscribers

IPv6 Rapid Deployment (6rd) defines such a 6-over-4 model


Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
Prepare, with DS-Lite (4-over-6)
Remaining subscriber IPv4 traffic is tunneled over IPv6
to gateways within the IP-NGN
Subscribers Provider IP-NGN Internet
Source = IPv4
Destination = IPv4, Tunnel Termination
Destination = IPv6, Tunnel Termination + AFT
IPv6
IPv4
Private
IP
IPv6
Dual-Stack
CPE IPv6

IPv6
Cisco
CGv6
IPv4

Dual-Stack Lite (DS-Lite) defines such a 4-over-6 model


Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
Q and A

Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34