2011 twnic sp ipv6 transition

IPV6 TRANSITION STRATEGIES FOR SERVICE PROVIDERS

Johnson Liu

2011/09/30

2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

JUNIPER PERSPECTIVE ON IPV4 EXHAUSTION AND IPV6 DEPLOYMENT


IPV4 REALITY CHECK: IANA FREE POOL HAS EXHAUSTED

Post 2008 recession

Pre 2008 recession

2008 recession effect

After completion:

Existing IPv4 addresses will not stop working.

Current networks will still operate.

IANA exhaust: 2/1/2011

RIR exhaust: soon after

0%


IPV6 REALITY CHECK: THE IPV4 LONG TAIL

Post IPv4 allocation completion:

Many hosts & applications in customer residential networks (eg

Win 95/98/2000/XP, game consoles, consumer electronics,

industrial devices) are IPv4-only.

Most software & servers in enterprise network are IPv4-only

They will not function in an IPv6-only environment.

Few of those can or will upgrade to IPv6.

Content servers (web, email,…) are hosted on the Internet by

many different parties. It will take time to upgrade those to IPv6.

Current measurement: 0.15% of Alexa top 1-million web sites are available via IPv6 (This number has not changed in the last 12 months)

Source: http://ipv6monitor.comcast.net


IS IPV6 TAKING OFF?

A number of very large ISPs and very large content providers are

deploying IPv6 and various transition technologies now.

Still early in the adoption curve.

However, momentum is building.

Can’t be ignored.

IPv6 does not solve the immediate problem of IPv4 address exhaust.

Most sites are still accessible only through IPv4

Maintaining IPv4 service after IPv4 exhaustion is #1 priority for most

players.

This implies some form or another of IPv4 address sharing: NAT

Many transition technologies to choose from Impact on routing and

network architecture


IS IPV6 TAKING OFF?

On June 8, 2011, the “World IPv6 Day,” participants will

enable IPv6 on their main services for 24 hours

Facebook, Google and Yahoo, websites with more than one

billion combined visits each day, are joining major content

delivery networks Akamai and Limelight Networks, and the

Internet Society, for the first global-scale trial of the new Internet

Protocol, IPv6.

Juniper Networks will participate in "World IPv6 Day“, furthering

its long-standing commitment to ensure its customers continue

to be fully prepared for a transparent transition to the new IPv6

protocol to meet their respective market needs.

http://ipv6.juniper.net reachable over IPv6 since Jan. 8th

Commitment to participate to the IPv6 world day on June 8th

with http://www.juniper.net

http://ipv6.juniper.net

http://ipv6.juniper.net

http://www.juniper.net


INDUSTRY IPV6 SCORE CARD

Function Element Status

Network

Core Router: T

Edge Routers: MX, 6PE

Servers

Linux 2.6+

Datacenter equipments, CDN

End-user clients

Windows 7

(Many XP boxes out there)

MacOS 10.x

Game consoles Wii, PS3, Xbox

Software

Web Browser: Firefox, IE, Safari

Skype

On-line PC games

SSL VPN

Content Web content available over IPv6

CE CPEs

Number

1 & 2

issues


SURVIVING TECHNIQUE


WHAT ARE MY OPTIONS?

Tunnels

IPv4

Initially tunnel IPv6 over IPv4.

Later tunnel IPv4 over IPv6

Ideal when Core is not v6 ready

Requires v6-capable CPEs

Technologies:

6to4

6rd

IPv6 IPv6

IPv4 IPv6 IPv4

Dual-Stack

IPv6/IPv4 co-existence on one

device

Best-suited for the Core

Can be the ideal inflection

point in the network

DS-ready Core gives you

flexibility of options in the edge

Technologies:

Dual-stack routing

protocols (Core)

6PE (Core)

6VPE (Core)

Dual-stack capable

CPEs (Access)

PHY/Data Link

IPv4 IPv6

TCP/UDPv4 TCP/UDPv6

Translators

IPv4 IPv6

IPv6 <-> IPv4 translation

Solves the problem at the edge

Expected to co-exist with Dual-

stack for some time

Technologies

NAT444

DS Lite

DS Lite + A+ P

NAT64


SERVICE PROVIDER INFRASTRUCTURE

Residential Edge

BNG

ISPs

IPv6 IX

Mobile Edge

GGSN

CORE

Business Edge PE


CORE: DUAL-STACK IT

Prepare the core as a dual-stack infrastructure

Interfaces Implement IPv6 on the Core interfaces

Routing protocols ISIS

– draft-ietf-isis-ipv6-02.txt, Routing IPv6 with IS-IS

– 2 new TLVs are defined:

- IPv6 Reachability (TLV type 236)

- IPv6 Interface Address (TLV type 232)

– IPv6 NLPID = 142

OSPFv3 – Unlike IS-IS, entirely new version required

– RFC 2740

– Fundamental OSPF mechanisms and algorithms unchanged

– Packet and LSA formats are different


CORE: DUAL-STACK IT

Routing protocols

BGP

– MBGP defined in RFC 2283

– Two BGP attributes defined:

- Multiprotocol Reachable NLRI advertises arbitrary Network Layer Routing

Information

- Multiprotocol Unreachable NLRI withdraws arbitrary Network Layer

Routing Information

- Address Family Identfier (AFI) specifies what NLRI is being carried (IPv6,

IP Multicast, L2VPN, L3VPN, IPX...)

- Use of MBGP extensions for IPv6 defined in RFC 2545 • IPv6 AFI = 2

- BGP TCP session can be over IPv4 or IPv6

- Advertised Next-Hop address must be global or site-local IPv6 address


CORE: 6PE

6PE: IPv6 islands over MPLS IPv4 core

CORE

6PE

6PE 6PE

6PE

v6

v4

v6

v4

v6

v4

P

P P

P

MPLS/IPv4

Dual-stack PEs


CORE: 6VPE

6VPE: IPv6 VPNs over MPLS IPv4 core

CORE

6VPE

6VPE 6VPE

6VPE

v6/v4

v6

v6/v4

v6

v6/v4

v6

P

P P

P

MPLS/IPv4

Dual-stack PEs

VPN-1

VPN-2

VPN-1

VPN-2

VPN-1

VPN-2


IPV6 CORE TRANSPORT

Internet

IPv4

Internet

IPv6

IP/MPLS

BGP

Internet

IPv4

Internet

IPv6

Internet

IPv4

Internet

IPv6

IP/MPLS

BGP

Internet

IPv4

Internet

IPv6

Internet

IPv4

Internet

IPv6

IP/MPLS

DUAL

STACK

6PE

IP/MPLS

BGP

VPN

IPv4

VPN

IPv6

IP/MPLS

BGP

VPN

IPv4

VPN

IPv6

IP/MPLS

6VPE


IPV6 TRANSITION


TRANSITION QUADRANT IN 2009-2010

Deployed

Momentum

6rd

A+P

NAT444

NAT64

DS-Lite

Ipv4 A

nti-D

eple

tion

IPv6 to IPv4 NAT

6to4

6PE,6VPE, Dual stack

NAT-PT

PCP

Juniper Participation

(co-author or Head of WG)


Dual Stack

IPv4 IPv4

IPV4/

IPv6 IPV4/

IPv6

IPv4

IPv6

Customer Access/Aggregation

IPv4/

IPv6 IPv6

IPv4 IPv4

Core Global Public Network


IPv4

NAT44

IPv4 IPv4

IPv6 IPv6

IPv4

IPv6

IPv6 IPv6

IPv4 IPv4

CPE

NAT44

Private IPv4 Addressing Public IPv4 Addresing

IPv4 IPv4 IPv4 IPv4

Customer Access/Aggregation Core Global Public Network


IPv4

NAT444

IPv4 IPv4

IPv6 IPv6

IPv4

IPv6

IPv6 IPv6

IPv4 IPv4

CPE

NAT44

Private IPv4 Addressing2 Public IPv4 Addresing

CGN

NAT444

IPv4 IPv4 IPv4 IPv4


Private IPv4 Addressing1


NAT444

RFC1918 private address ISP shared address Global IPv4 address

draft-shirasaki-nat444-isp-shared-addr-00.txt

CPE CGN/LSN(*1)

(*1) In draft-nishitani-cgn-01, CGN (Carrier-Grade NAT) was renamed to LSN (Large Scale NAT)

Src 192.168.0.1 port 10000

Dst 128.0.0.1 port 80

v4

Src ii.ii.ii.ii (*2) port 11000

Dst 128.0.0.1 port 80

(*2) ISP shared address (draft-shirasaki-isp-shared-addr)

Src 210.3.100.1 port 12000

Dst 128.0.0.1 port 80

v4 v4

NAPT NAPT

Address Sharing Technologies


IPv6

DS-LITE

IPv4 IPv4

IPv6 IPv6

IPv4

IPv6

IPv6 IPv6

IPv4 IPv4

CPE

DS-LITE DS-LITE

+ CGN

IPv6 IPv4 IPv6/IPv4 IPv4


IPv6

Tunnel


Address Sharing Technologies S-lite DS-LITE

rfc1918 private address

IPv4 in IPv6 Tunnel Global IPv4 address

CPE CGN/LSN(*1)

Src 192.168.0.1 port 10000

Dst 128.0.0.1 port 80

v4

Src 129.0.0.1 port 12000

Dst 128.0.0.1 port 80

v4 v4

DS-lite router Tunnel Termination

NAPT

Src 192.168.0.1 port 10000

Dst 128.0.0.1 port 80

(*1) In draft-nishitani-cgn-01, CGN (Carrier-Grade NAT) was renamed to LSN (Large Scale NAT)

Src 2001:0:0:2::1

Dst 2001:0:0:1::1

v6


IPv6

TOPOLOGY – NAT64

IPv4 IPv4

IPv6 IPv6

IPv4

IPv6

IPv6 IPv6

IPv4 IPv4

DNS64

NAT64

CGN




NAT64

DNS64

NAT64 www.yahoo.net

1. Look up Server

IPv6 Address

www.yahoo.net

209.131.36.158

2. Return IPv6 server address

Prefix64::209.131.36.158

3. Send traffic to to the server

(SA:H1v6, DA:Prefix64::209.131.36.158) H1v6

5. Destination Address

translated to IPv6 by removing

the well-known prefix64

(SA:H1v4, DA:209.131.36.158)

4. IPv4 NAT pool and Prefix64::/96 configured

Protocol Translation

DNS

H1v4


IPv4

6RD

IPv4 IPv4

IPv6 IPv6

IPv4

IPv6

IPv6 IPv6

IPv4 IPv4

CPE

6rd



6rd


IPv6 IPv6 in IPv4 Tunnel IPv6

6rd CE 6rd Gateway

Src 2001:db8:6464:0100::1

Dst 2001:db8::yyyy.yyyy

6rd

v6 v4

Src 10.100.100.1

Dst 192.88.99.1

draft-despres-6rd-03.txt draft-townsley-ipv6-6rd-01.txt

v6 v6

Src 2001:db8:6464:0100::1


Src 2001:db8:6464:0100::1


Tunneling


IPv6 TRANSITION MECHANISMS – SUMMARY



IPv6 IPv6 IPv6 IPv6


IPv4 IPv4 IPv4 IPv4

IPv4

IPv6


CGN

NAT444

6rd

NAT64

CGN

DS-LITE

CGN

IPv6

Routing

IPv6 in IPv4 Tunnel

IPv4 in IPv6 Tunnel


EXAMPLES OF DIFFERENT REALITIES WITHIN SERVICE PROVIDERS


CASE STUDY 1: INCUMBENT

Incumbent ISP in a mature market

Business has been growing a lot in the last couple years, but

growth has slowed down

Saturated market

As a consequence:

ISP does not see the urge to move to IPv6 right now.

Wait until technology mature

Synchronize IPv6 deployment with roll-out of next gen service

ISP can reclaim address internally

Redesigning networks to get more address efficiency

More aggressively NATing wireless subscribers


CASE STUDY 2: OLD/NEW ACCESS TECHNOLOGY

ISP offer two access technologies, a legacy one and a new one

Growth & ARPU is happening in the new technology, not the older

Deploying IPv6 in legacy environment might be costly

Issue: cost of replacing CPEs to support IPv6

With 6rd offered as an optional service, a service provider can

offload the cost of replacing CPEs in the old technology to the

end-users who want to be early adopters of IPv6

Strategy: - Legacy World: Carrier Grade NAT (CGN) & 6rd

- New World: Public IPv4 & native IPv6(Dual Stack)


CASE STUDY 3: NEW CUSTOMERS, NEW NETWORKS

An ISP with an exhausted IPv4 address pool

ISP makes a clear distinction between current, existing customers and post-exhaustion customers.

Enabling customers to run their applications expecting incoming connections (Eg: Set-Top box control, P2P):

PCP (Port Control Protocol) to open-up pin-holes on CGN

ISP offers new IPv6 CPEs to new customers.

Build new IPv6-based networks for new customers.

IPv4 is a service overlayed on top of IPv6 with

DS-Lite (with or without a Carrier-Grade NAT)


CASE STUDY 4: MOBILE

The key issue is license cost :

Going IPv6-only + NAT64 works ONLY if all applications are converted

to IPv6 and there is no connectivity to external devices such as PCs.

Dual-Stack

(NAT44)

IPv6-only

(NAT64)

License cost 2G & 3G/3GPPr8 (using separate PDP contexts for IPv4 & IPv6)

Two licenses:

1 for IPv4 PDP

+ 1 for IPv6 PDP

1 for IPv6

PDP

License cost LTE and 3G/3GPPr9 (using a combined PDP context for IPv4&IPv6)

1 for IPv4/IPv6

PDP/bearer

1 for IPv6

PDP/bearer

Preferred

Dual-Stack remains the preferred/simplest general solution.


CASE STUDY 5: BUSINESS ISP

ISP has a corporate mandate to prepare for IPv6

Issue: ISP will have to support legacy IPv4 devices/apps

operated by their customers as well.

Reduce drastically (to just a few?) the number of

IPv4 addresses allocated to business customers.

NAT is performed by the business CPEs.


CASE STUDY 6: INTERNATIONAL ISP

ISP is incumbent is a region/country and want to expand

internationally. Need to offer IPv6 quickly.

ISP will have to migrate to native IPv6 at some point in the

future.

6PE is a good way to jumpstart IPv6 global presence


OBSERVATIONS ABOUT TRANSITION TECHNIQUES

They all require the exact same amount of IPv4 addresses to be shared in a NAT pool.

The difference is how packets are transported to the NAT

Sharing addresses among customers introduces issues:

Abuse/Logging/Geo-location/Access control

All transition techniques (NAT444, 6RD, NAT64, DS-Lite)

revolve around the notion of sharing IPv4 addresses via

some form of NAT.


TRANSITION FOR MOBILE SERVICE


WIRELESS ARCHITECTURE 1: IPV6-ONLY

IPv4

ISP network

IPv6-only PDP

context

IPv6-only handset with IPv6 certified apps.

Traffic to IPv4 Internet goes through NAT64.

NAT64 GGSN

IPv6 DNS64


WIRELESS ARCHITECTURE 2: DUAL-STACK

IPv4

ISP network

Dual-Stack

PDP context

Dual-Stack handset with IPv4 or dual-stack apps.

IPv4 traffic to IPv4 Internet goes through NAT44.

IPv6 traffic goes straight to IPv6 Internet (or walled-garden service)

GGSN

IPv6

3GPPr8 and 3GPPr9 introduce dual-stack PDP contexts.

NAT44


IPV6 ONLY (NAT64) VS DUAL-STACK (NAT44 + IPV6) ON WIRELESS NETWORKS

Dual-Stack

(NAT44)

IPv6-only

(NAT64)

IPv4 app on UE Yes No

IPv4 app on laptop

(tethering or wireless dongle)

Yes No

Off-load to Wi-Fi Yes No

Handset-local Wi-Fi hot-spot Yes No

Roaming in IPv4-only 3G network Yes Variable

License cost 2G & 3G/3GPPr8

(using separate PDP contexts

for IPv4 & IPv6)

Two licenses:

1 for IPv4 PDP

+ 1 for IPv6 PDP

1 for IPv6

PDP

License cost LTE and 3G/3GPPr9

(using a combined PDP context

for IPv4&IPv6)

1 for IPv4/IPv6

PDP

1 for IPv6

PDP


JUNIPER’S OFFERING


FAMILY MIGRATION SOLUTION PORTFOLIO

M7i

M10i

M320

M120

MX480 MX240

MX960

T1600 T640

MS-PIC

MS-PIC

MS-DPC SRX5600,

SRX5000 Line

SRX Series,

SRX5800

SRX3600,

SRX3000 Line

SRX3400

Junos SDK

NAT44 DS-Lite 6rd … NAT64

STRM2500,

STRM5000

STRM5000 NEBS

STRM500 C2000, C Series

C4000

Steel-Belted Radius

Appliance

Packet based Router Security Appliance

log Server Policy

Management


IP FAMILY TRANSITION SERVICES ON MS-PIC/MS-DPC

IPv6 Features

IPv6 NAT and IPv6 Stateful Firewall

NAT-PT Supported (ICMP ALG)

NAT-PT DNS ALG (10.4)

NAT66 supported

NAT64 (10.4)

NAT44

Support CGN requirement

(draft-ietf-behave-lsn-requirements-00)

IPv6 Softwire

DS-Lite (10.4)

4over6 (10.4)

6rd/6to4 (11.1)

6 MS-DPC supported by Single

MX Chassis

8 MS-DPC per Chassis(12.3 or

12.4)


Summary

2011 twnic sp ipv6 transition

Technology

routing ipv6

ipv6 afi

ipv6 nlpid

ipv6 deployment2copyright

ipv6 best

juniper networks

world ipv6 day

ipv6 world day