ipv6 transition for service providers

3. IPv4 Run-Out has happened. We are done. Post run-out surge of interest in IPv4 address sharing solutions Running code and TTM is back in Its new and we need to try it out in networks Stateful vs Stateless Non-Debate Everybody suddenly (finally) cares about IPv6 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

4. Before Run-Out lots of serious/thoughtful examination and action on problem space and potential solutions. Examples: 6rd vs DS-Lite vs Dual-Stack LI and security implications of IPv4 address sharing accelerated testing/certification of IPv4/IPv6 interworking solutions for 2012 deployment readiness Considering CGN deployment to buy time Post Run-Out Jack Bauer: Youre running out of time. You dont have a better option 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

5. Must keep IPv4 Going and Growing Pays the bills, keeps customers happy and funds IPv6 transition IPv6 uptake still small ONOS (One Network One Stack) Model Emerging? Maybe IPv4 Address Sharing Logging Challenges Routing to/from IPv4 address sharing vehicle MPLS and IPv6 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

9. Performance/Scale are paramount for Stateful IPv4 Address Sharing, period. Need to give IPv4 clients a straight shot to the public IPv4 Internet Native IPv4, CGN and Dual-Stack do this. Others not quite ready, yet. Too hung up on end-game. Think evolution from Current IPv6 BEHAVE Solutions bring native IPv6 out of the closet they can talk to the public IPv4 Internet 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

10. DS-Lite Mux N number of subscriber sessions AFTR Stateful thru fewer public IPv4 addresses (N:1 CGN CGN NAT64 address sharing) Create/delete session state composed of binding entries in table stored in memory IPv4 IPv6 IPv6 Common (and necessary) technology deployed over different timelines in the NAT44 B4 IPv6 transition epoch 2010 Cisco and/or its affiliates. All rights reserved. v4 v4 v4 V4/6 v6 v6 Cisco Confidential 10

11. Attribute CGN (NAT44) DS-Lite AFTR (NAT44) Stateful NAT64 Subscribers IPv4 IPv4 via 4over6 tunnel IPv6 Deployment Status Yes, BB wireline & Early adoptor BB wireline Early adoptor - Mobile mobile IPv6 N/A Yes natively routed Yes translate to v4 or natively routed Logging Yes Yes Yes Inside routing to IPv4 routing or MPLS v6 tunnels to AFTR from B4 V6 routing based on XLAT switching prefix Dynamic Yes PCP Yes PCP Yes PCP subscriber control Standard RFC4787, 5382, 5508 draft-ietf-softwire-dual- RFC6146, 6147 draft-ietf-behave-lsn- stack-lite requirements 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

12. Big NAT is better than smaller NAT. Key metrics CGN are: Smaller NAT entities O(10s of millions of session states) NAT44 NAT44 NAT44 NAT44 O(10Gs of tput) O(1M conn setups/sec) NAT session logging Factor in growth & b/w per subscriber Significant costs to deploying under-sized IPv4 Composite address sharing vehicle in large networks Smaller CANNOT impact data-plane or control plane NAT CGN performance and scale of host router/switch $$ NAT scale requirement 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

14. Really want to avoid. Reasons are numerous: Regulatory pushback if SPs modify OTT apps using ALGs Protocols becoming encrypted Many apps already do NAT traversal without ALG SP-provided services already sourced from private network thus never passing thru CGN Existence and deployment of NAT traversal mechanisms Operational cost/complexity of supporting CGN ALGs for O(thousands) of private IP subscribers some of whom might need different versions of an ALG depending upon the application Cant avoid some ActiveFTP RTSPv1 for Mobile 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

17. Dynamic Port Creat Event (bytes) 21 Dynamic Port Delete Event (bytes) 11 Number of Translations per Day per Subscriber 8000 Number of Days per Year 365 Number of Subscribers 1000000 Compression Rate 8.2 Total NAT Log Bytes (includes DB overhead) 1.8688E+14 Total NAT Log Terabytes 186.88 Total NAT Log Terabytes Compressed 22.79 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

18. Stateful Sync Cost/complexity to sync gazzillions of short-lived ephemeral session states?? More straightforward to focus on fast hardware switchover and fast IP convergence Will address Static Port Forwarding issue with PCP (applicable to IPv6 too); draft-ietf-pcp-base Response to NAT444 impacts draft @ http://www.ietf.org/mail- archive/web/behave/current/msg09027.html 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

19. Translation is not new Other transition methods do not apply Dual-stack not feasible or desirable Tunnels only enable IPv6-only connectivity (e.g. like-to-like across unlike) We need IPv6-only talking to IPv4-only (e.g. like to unlike) Encourages IPv6 deployments Hosts/applications not confined to just IPv6-only communication can talk to IPv4 networks including public IPv4 Internet!! Addresses IPv4 run-out 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

20. Stateful NAT64 Stateless NAT64 Each flow creates state in the Flow DOES NOT create any translator state in the translator Amount of state based on O(# of Algorithmic operation performed sub * # of sessions/sub) on packet headers Supports IPv4 Address Sharing (N:1 NO IPv4 address sharing mappings like NAPT with NAT44) 1:1 mappings consumes one IPv4 address for each connected IPv6 host) Requires symmetric packet flow (like NAT44) Asymmetric packet flow RFC6052, 6144, 6146, 6147 RFC6052, 6144, 6145, 6147 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

21. stateful stateless IPv4 IPv6 1. Network Internet 2. IPv4 IPv6 Internet Network 3. IPv6 IPv4 Internet Network 4. IPv4 IPv6 Network Internet 5. IPv6 IPv4 Network Network 6. IPv4 IPv6 Network Network 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21

22. 6to4 6to4 Stateless 6-over-4 encap using WK 2002::/16 prefix IPv6 IPv4 Internet Internet Public IPv4 only Asymmetric routing problem 6rd BR LNS 6rd Stateless 6-over-4 encap using SP IPv6 prefix Public/ Public/ Public Works over public/private IPv4 Private Private IPv4 IPv4 IPv4 RFC5969 6to4 6rd LAC Softwires H/S RFC5571; uses L2TPv2/IPv4 infra 2010 Cisco and/or its affiliates. All rights reserved. v4 V4/6 v4 V4/6 v4 V4/6 Cisco Confidential 22

23. Softwires H/S RFC5571; leverages L2TPv2/IPv6 infra IPv4 Internet Dual-Stack Lite 4over6 tunnels terminate in CGN DS-Lite AFTR NAT44 on AFTR CGN+ LNS 4ov6 TC 4rd Stateful IPv4 address sharing 4rd Stateless IPv4-over-IPv6 tunnel encap/decap IPv6 IPv6 IPv6 Can do stateless IPv4 address sharing by allocating per-CPE port ranges LAC B4 4rd CPE does NAT44+4rd encap/decap draft-despres-intarea-4rd-xx 2010 Cisco and/or its affiliates. All rights reserved. v4 V4/6 v4 V4/6 v4 V4/6 Cisco Confidential 23

24. Stateful Advantages Stateless Advantages No IPv6 addressing constraints It scales, routing is asymmetric, much simpler to code and test, can load share and do anycast Optimal IPv4 address sharing routing Subscriber and/or session aware Robust and resilient CGN is classic example 6rd over anycast IPv4 is classic example Stateful Disadvantages Stateless Disadvantages Complexity and scalability challenges Imposes IPv6 addressing constraints More work to code and test Sub-optimal wrt to IPv4 address sharing Requires symmetric routing 4rd is example Resiliency comes at a cost CGN is classic example 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

25. 1. Determine IPv4 run-out impact on your network2. Execute plan to keep IPv4 going3. Determine where/when/how to introduce IPv6 and execute 3. IPv6 6rd 6rd Dual Dual + Stack Stack IPv4 Address CGN + Run-Out. CGN 2. 2/1/2011 IPv4 Address Sharing What next? Solutions (e.g. CGN) IPv4 1. Obtain IPv4 Addresses 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

26. Public Public IPv6 IPv4 Internet Internet IPv4 and IPv6 Packets IPv4/IPv6 Backbone (P and PE) Infrastructure Network Deploy now to IPv6-enable the backbone Dual-Stack or 6PE/6vPE CPE Prerequisite for launching IPv6 connectivity and services to Dual-Stack IPv6 adjacent customer address realmsCustomers V4/6 v6 2011 2012 2013 2014 2015 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

27. Public IPv4 Internet IPv4/IPv6 Backbone Infrastructure Deployed now to address IPv4 run-out Network CGN CPE, access network and home network stay IPv4 (for the time being) Public IPv4 Private IPv4 Precursor for SP-class IPv4 Address Sharing solutions (e.g. DS-Lite AFTR, Stateful NAT44 Any RG NAT64) Staging point for additional IPv6 Transition servicesCustomers and apps v4 v4 v4 v4 v4 2011 2012 2013 2014 2015 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

28. Public IPv4 Internet Public IPv6 Internet IPv4/IPv6 Backbone Deployed now to enable IPv6 subscriber connectivity over existing Infrastructure CGN 6rd Network IPv4 access network. New CPE and border relay needed, Public everything else stays the same IPv4 Private IPv4 Integrated with CGN or operate in 6rd standalone NAT44 CE* Broad RG vendor support RFC5969Customers v4 v4 v4 v4 V4/6 2011 2012 2013 2014 2015 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28

29. Public Public IPv6 Internet IPv4 Internet IPv4/IPv6 Backbone DS-Lite offers same customer service as CGN +6rd (already Infrastructure CGN deployed) Network CGN+6rd AFTR Requires IPv6 build-out & CPE B4 element Private IPv6 Not quite operationally ready IPv4 consider interim step towards DS- NAT44 6rd Lite B4Customers v4 V4/6 v4 V4/6 2011 2012 2013 2014 2015 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29

30. Public Public IPv6 Internet IPv4 Internet IPv4/IPv6 Backbone Infrastructure Network CGN + 4/6type Solutions NAT64 Small IPv6 Dual-Stack Dual-Stack Public IPv4 Private IPv4 Big IPv6 4/6 Host Stack v4 v4 v4 v4 V4/6 V4/6 v6 v4 V4/6 v6 v6 v6 v6 v6 v6 2011 2010 Cisco and/or its affiliates. All rights reserved. 2013 2014 2015 Cisco Confidential 30

32. Based on what has and is being deployed in real networks as we speak Placeholder for additional solutions that will be operationally ready beginning next year Note that there is not one size that fits all Looking at: Composite BB residential space Mobile Enterprise Recalling the problem statement it is about keeping the IPv4 lights on while adding IPv6 at low-risk and incremental cost 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

34. 3GPP Pre-Release 8 required separate parallel v4 and v6 PDP contexts to be established between mobile node and gateway Release 8 and onward supports single PDN connection carrying v4 and v6 payloads 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34

37. Native IPv6 PDP from handset to gateway > 50% of traffic bound for GOOG IPv6; rest goes thru NAT64 to public IPv4 Internet Obvious NAT64 exit strategy is present 2010 Cisco and/or its affiliates. All rights reserved. Source: Cameron Byrne Cisco Confidential 37

40. Whole IPv6 Transition Space is White Hot at the moment No more IPv4 addresses and our choices are limited Entering the Age of the Big IPv4 Address Sharing Vehicles on the Internet Dont be afraid, they will work and they are not permanent because IPv6 is cheaper in the long run Help keep the IPv4 Internet going and growing and a tool for IPv6 Transition Performance/scale is key essential along with investment/future protection Operators already asking for 80G solution Backbone is covered and mix of dual-stack or v6-over-v4 tunnels to customer networks is feasible right now, v4-over-v6 tunnels coming later Need stateful and stateless transition mechanisms but factor in tradeoffs when evaluating options 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40

41. IPv6 Transition includes equal parts IPv6 (looking forward) and IPv4 (glancing back) Implicit is the assumption of dual-stack on IP end-points. Think about it: Dual Stack Tax on the operator Stalls IPv6 adoption? When does IPv4 go away? Ever? Unhappy Eyeballs generating helpdesk calls from unsophisticated future ex-customers One Network One Stack strategy says Private IPv4 IPv6, bypass dual-stack and collect $200 NAT64/DNS64 moves into cloud with inherent exit strategy Operator now dealing with one network, one stack, a translator and sound familiar? 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41

42. Old Thinking: We need less tools and more transitioning Lars Eggert, IETF76 New Thinking: IPv6 Transition is code for legacy IPv4 into perpetuity. IPv6, lets get it on !! aggregated paraphrase from nanog thread 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42

43. All kidding aside we are all in this together We will make it work and out of it will emerge a faster, cleaner, better Internet [email protected] 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43

44. http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_14-1/index.html Metz, et al., CGN Considered Helpful, draft-metz-cgn-considered-helpful http://www.circleid.com/posts/ipv6_and_transitional_myths/ https://datatracker.ietf.org/doc/draft-ietf-softwire-dual-stack-lite/ http://tools.ietf.org/html/draft-arkko-ipv6-transition-guidelines http://tools.ietf.org/html/draft-arkko-ipv6-only-experience http://www.ietf.org/proceedings/79/slides/plenaryt-9.pdf https://datatracker.ietf.org/doc/draft-wing-tsvwg-happy-eyeballs-sctp/ http://tools.ietf.org/html/rfc5969 http://tools.ietf.org/html/draft-ford-shared-addressing-issues-02 http://tools.ietf.org/html/draft-operators-softwire-stateless-4v6-motivation-01 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44

47. Thank you. #CNSF2011

ipv6 transition for service providers

Technology

ipv4 run

rights reserved

lite aftr

cnsf2011 2010 cisco

ipv4

ipv6

cgn

network