23/4/20

Guoliang YANG

yanggl@gsta.com

Problem Statement of China Telecom

23/4/20

Problems and Challenges for China Telecom

22

44DeploymentDeployment 33

EnvironmentEnvironment

11MotivationMotivation

22TechnologyTechnology

1.1. Address Pool Exhaustion

Worldwide 2010.10

2012.8Asia

China Telecom 2013.3

Total Space 91

17per yrExhausting speed

( Unit: million )

2.2. Protocol Incompatibility Protocol Incompatibility

Different protocol Packet formatDifferent protocol Packet format Different treatment for softwareDifferent treatment for software

No clear guidelines from governmentNo clear guidelines from government No drivers for ICPNo drivers for ICP Users do not careUsers do not care Long Life cycle of ROILong Life cycle of ROI

(ROI, Return on Investment)(ROI, Return on Investment)

Giant network scope and large Giant network scope and large numbers of service platforms need numbers of service platforms need Considerable human and material Considerable human and material resourcesresources

No practical criteria referenced No practical criteria referenced for IPv6 transitionfor IPv6 transition

4.4. Lack of transition experience Lack of transition experience

For network management,For network management, product development product development and service flow, no mature experiences and and service flow, no mature experiences and examples can be learned from.examples can be learned from.

CT status quoCT status quo

Predicted extinction datePredicted extinction date

3.3. Inactive Industry Chain Inactive Industry Chain

ICP Network Customer

Government

23/4/20

Contents

Transition Technology Selection Problems in deploying Dual Stack

NAT444 authentication User tracing Impact on internet application

Problems in deploying tunnels incapable multicast service in Ds-lite

Problems in deploying protocol translation Infeasible fixed range port in DIVI

Address planning strategy

networnetworkk

applicatioapplicationn

usersusers

IPv4 Contents Transition

Unavailable PPPoEv6 in Windows XP

23/4/20

Transition Technology Selection

Considerations which need to be made when applying various transition technologies to existing networks. Various transition technologies may have different impacts to the services:

Dual Stack with Carrier Grade NAT444 Tunnel technologies Protocol Translation

23/4/20

Problems in deploying Dual StackCarrier Grade NAT444: Authentication

Single-Sign-On of the website： The user’s IPv4 private address is allocated by BRAS after AAA process, so, only

user's private ipv4 address is mapped with the user account in AAA system. In some cases, website may make SSO authentication with user’s IP address via carrier’s AAA server.

User accesses the Internet website with public address, while the address in the carrier’s AAA Server is private address. So the user can not be authorized.

VPN authentication In L2TP and NAT444 environments with user creating VPN itself, if the user wants

to access the enterprise internal network via VPN, some authentication protocol such as EAP, may not be supported in these two environments.

AAA authentication In some cases, dual stack users may establish dial-up sessions to BRAS to get

IPv4 and IPv6 address separately. BRAS may probably send different radius authentication request packets to AAA.

According to current anti-attack policies in AAA server, the AAA server will deal with the first request packet and ignore the other ones.

23/4/20

Problems in deploying Dual StackCarrier Grade NAT444: User tracing

Flow Analysis System and Behavior Analysis System

The existing Flow Analysis and Behavior Analysis System of Carrier is centralized and deployed in backbone. In NAT444 environment, they both need to be placed before NAT device, in order to collect users’ data and analysis their behavior accurately by their IPv4 address.

23/4/20

Problems in deploying Dual StackCarrier Grade NAT444: Others

Internet user access the private network users initiatively. Currently two access methods are considered in the metropolitan area network: Communication between Private IP host, the traffic will

not go through NAT444 device. Communication between Private IP host and Public one,

the traffic will go through NAT444 device.

For the user who wants to visit a website which is provided by private address host, it is not accessible.

NAT444 doesn’t support the current PPTP VPN.

23/4/20

Problems in deploying tunnel

What is the sequence of deployment for tunnel technologies: 6RD 、 DS-lite and L2TP, etc 6RDDS-lite or directly to DS-lite?

Incapable multicast service in DS-Lite: For China Telecom, the IPTV multicast replication point is located in BRAS.

There is a trend to move down the replication point to access node. In the DS-Lite scenario, the IPTV multicast replication point will be at AFTR

which will lead some performance problems and conflict with the above trend.

What is the investment benefit and maintenance cost of different tunnel technology?

23/4/20

Problems in deploying protocol translation

Infeasible fixed range port in DIVI DIVI assigns a fixed range of ports to the HG, for

users sake, it is infeasible and unfair for customers.

Much larger traffic will pass the DIVI gateway than other technology

23/4/20

Address Planning Strategy

When IPv6 is deployed, how to plan the IP address pool in a large scale network is a problem.

23/4/20

IPv4 Contents Transition Lacking business driven and technology driven for IPv4

Internet contents Providers (ICP) to provide IPv6 contents. For example, the lifecycle of online games is short and deploying IPv6 has long lifecycle of ROI. (Return on Investment)

ICPs need carriers’ guidelines or solutions about the IPv4 contents transition.

How ICP can provide IPv6 services with the least changes?

23/4/20

Thank you