More Related Content More from Cisco Canada (20) IPv6 Transition for Service Providers 2. • Top of Mind
• IPv6 Transition Technology Observations
• IPv6 Transition Architecture Models
• Final Thoughts
• References
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
3. • IPv4 Run-Out has happened. We are done.
• Post run-out surge of interest in IPv4 address
sharing solutions
• Running code and TTM is back in
Its new and we need to try it out in networks
• Stateful vs Stateless Non-Debate
• Everybody suddenly (finally) cares about IPv6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
4. • Before Run-Out lots of serious/thoughtful examination and
action on problem space and potential solutions. Examples:
6rd vs DS-Lite vs Dual-Stack
LI and security implications of IPv4 address sharing
accelerated testing/certification of IPv4/IPv6 interworking solutions for
2012 deployment readiness
Considering CGN deployment to buy time
• Post Run-Out
Jack Bauer: “You’re running out of time.
You don’t have a better option”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
5. • Must keep IPv4 “Going and Growing”
Pays the bills, keeps customers happy and funds IPv6 transition
IPv6 uptake still small
• ONOS (One Network One Stack) Model Emerging? Maybe …
• IPv4 Address Sharing Logging Challenges
• Routing to/from IPv4 address sharing vehicle
• MPLS and IPv6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
6. Costs to Operator
Time
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
7. 1. Support IPv4 connectivity to the public IPv4
Internet in the post-IPv4 Run-Out World
2. Facilitate IPv6 Transition
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
8. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
9. • Performance/Scale are paramount for Stateful IPv4 Address
Sharing, period.
• Need to give IPv4 clients a “straight shot” to the public IPv4
Internet
Native IPv4, CGN and Dual-Stack do this. Others not quite ready, yet.
• Too hung up on “end-game”. Think evolution from
Current IPv6 …
• BEHAVE Solutions bring native IPv6 out of the closet – they
can talk to the public IPv4 Internet
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
10. DS-Lite
• Mux N number of subscriber sessions AFTR
Stateful
thru fewer public IPv4 addresses (N:1 CGN CGN NAT64
address sharing)
• Create/delete session state composed
of binding entries in table stored in
memory IPv4 IPv6 IPv6
• Common (and necessary) technology
deployed over different timelines in the
NAT44 B4
IPv6 transition epoch
© 2010 Cisco and/or its affiliates. All rights reserved. v4 v4 v4 V4/6 v6 v6
Cisco Confidential 10
11. Attribute CGN (NAT44) DS-Lite AFTR (NAT44) Stateful NAT64
Subscribers IPv4 IPv4 via 4over6 tunnel IPv6
Deployment Status Yes, BB wireline & Early adoptor – BB wireline Early adoptor - Mobile
mobile
IPv6 N/A Yes natively routed Yes – translate to v4 or natively
routed
Logging Yes Yes Yes
Inside routing to IPv4 routing or MPLS v6 tunnels to AFTR from B4 V6 routing based on XLAT
switching prefix
Dynamic Yes – PCP Yes – PCP Yes – PCP
subscriber control
Standard RFC4787, 5382, 5508 draft-ietf-softwire-dual- RFC6146, 6147
draft-ietf-behave-lsn- stack-lite
requirements
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
12. • Big NAT is better than smaller NAT. Key metrics CGN
are: Smaller
NAT entities
O(10s of millions of session states)
NAT44
NAT44
NAT44
NAT44
O(10Gs of tput)
O(1M conn setups/sec)
NAT session logging
Factor in growth & b/w per subscriber
• Significant costs to deploying under-sized IPv4
Composite
address sharing vehicle in large networks
Smaller
• CANNOT impact data-plane or control plane NAT CGN
performance and scale of host router/switch $$
NAT scale requirement
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
13. Thruput
Session
Session Setups/sec V4 Addr
Sharing States
Resource Pool
Logging
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
14. • Really want to avoid. Reasons are numerous:
Regulatory pushback if SP’s modify OTT apps using ALGs
Protocols becoming encrypted
Many apps already do NAT traversal without ALG
SP-provided services already sourced from private network thus never passing
thru CGN
Existence and deployment of NAT traversal mechanisms
Operational cost/complexity of supporting CGN ALGs for O(thousands) of
private IP subscribers … some of whom might need different versions of an
ALG depending upon the application
• Can’t avoid some
ActiveFTP
RTSPv1 for Mobile
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
15. • Not needed or desired. SBC performs media-latching
© 2010 Cisco and/or its affiliates. All rights reserved. Source: draft-metz-cgn-considered-helpful
Cisco Confidential 15
16. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
17. Dynamic Port Creat Event
(bytes) 21
Dynamic Port Delete Event
(bytes) 11
Number of Translations per
Day per Subscriber 8000
Number of Days per Year 365
Number of Subscribers 1000000
Compression Rate 8.2
Total NAT Log Bytes (includes
DB overhead) 1.8688E+14
Total NAT Log Terabytes 186.88
Total NAT Log Terabytes
Compressed 22.79
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
18. • Stateful Sync
Cost/complexity to sync gazzillions of short-lived ephemeral session states??
More straightforward to focus on fast hardware switchover and fast IP convergence
• Will address Static Port Forwarding issue with PCP (applicable to IPv6
too); draft-ietf-pcp-base
• Response to NAT444 impacts draft @ http://www.ietf.org/mail-
archive/web/behave/current/msg09027.html
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
19. • Translation is not new
• Other transition methods do not apply
Dual-stack not feasible or desirable
Tunnels only enable IPv6-only connectivity (e.g. “like-to-like across un-
like”)
We need IPv6-only talking to IPv4-only (e.g. “like to unlike”)
• Encourages IPv6 deployments
Hosts/applications not confined to just IPv6-only communication – can
talk to IPv4 networks including public IPv4 Internet!!
• Addresses IPv4 run-out
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
20. Stateful NAT64 Stateless NAT64
• Each flow creates state in the • Flow DOES NOT create any
translator state in the translator
• Amount of state based on O(# of • Algorithmic operation performed
sub * # of sessions/sub) on packet headers
• Supports IPv4 Address Sharing (N:1 • NO IPv4 address sharing
mappings like NAPT with NAT44) 1:1 mappings – consumes one IPv4
address for each connected IPv6 host)
• Requires symmetric packet flow (like
NAT44) • Asymmetric packet flow
• RFC6052, 6144, 6146, 6147 • RFC6052, 6144, 6145, 6147
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
21. stateful stateless
IPv4
IPv6
1. Network Internet
2. IPv4 IPv6
Internet Network
3. IPv6 IPv4
Internet Network
4. IPv4 IPv6
Network
Internet
5. IPv6 IPv4
Network Network
6. IPv4 IPv6
Network Network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
22. • 6to4
6to4
Stateless 6-over-4 encap using WK
2002::/16 prefix IPv6
IPv4 Internet Internet
Public IPv4 only
Asymmetric routing problem
6rd BR LNS
• 6rd
Stateless 6-over-4 encap using SP
IPv6 prefix Public/ Public/
Public
Works over public/private IPv4 Private Private
IPv4
IPv4 IPv4
RFC5969
6to4 6rd LAC
• Softwires H/S
RFC5571; uses L2TPv2/IPv4 infra
© 2010 Cisco and/or its affiliates. All rights reserved. v4 V4/6 v4 V4/6 v4 V4/6
Cisco Confidential 22
23. • Softwires H/S
RFC5571; leverages L2TPv2/IPv6 infra
IPv4 Internet
• Dual-Stack Lite
4over6 tunnels terminate in CGN DS-Lite
AFTR
NAT44 on AFTR
CGN+
LNS 4ov6 TC 4rd
Stateful IPv4 address sharing
• 4rd
Stateless IPv4-over-IPv6 tunnel
encap/decap IPv6 IPv6 IPv6
Can do stateless IPv4 address sharing
by allocating per-CPE port ranges
LAC B4 4rd
CPE does NAT44+4rd encap/decap
draft-despres-intarea-4rd-xx
© 2010 Cisco and/or its affiliates. All rights reserved.
v4 V4/6 v4 V4/6 v4 V4/6 Cisco Confidential 23
24. • Stateful Advantages • Stateless Advantages
No IPv6 addressing constraints It scales, routing is asymmetric, much simpler to
code and test, can load share and do anycast
Optimal IPv4 address sharing
routing
Subscriber and/or session aware
Robust and resilient
CGN is classic example
6rd over anycast IPv4 is classic example
• Stateful Disadvantages
• Stateless Disadvantages
Complexity and scalability challenges
Imposes IPv6 addressing constraints
More work to code and test
Sub-optimal wrt to IPv4 address sharing
Requires symmetric routing
4rd is example
Resiliency comes at a cost
CGN is classic example
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
25. 1. Determine IPv4 run-out impact on your network
2. Execute plan to keep IPv4 going
3. Determine where/when/how to introduce IPv6 and execute
3.
IPv6 6rd 6rd Dual Dual
+ Stack Stack
IPv4 Address CGN +
Run-Out. CGN
2.
2/1/2011 IPv4 Address Sharing
What next? Solutions (e.g. CGN)
IPv4
1. Obtain IPv4 Addresses
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
26. Public Public
IPv6
IPv4 Internet Internet
IPv4 and IPv6 Packets
IPv4/IPv6 Backbone (P and PE)
Infrastructure
Network
• Deploy now to IPv6-enable the backbone
• Dual-Stack or 6PE/6vPE
CPE
• Prerequisite for launching IPv6
connectivity and services to
Dual-Stack IPv6
adjacent customer address realms
Customers
V4/6 v6
2011 2012 2013 2014 2015
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
27. Public
IPv4 Internet
IPv4/IPv6 Backbone
Infrastructure
• Deployed now to address IPv4 run-out
Network
CGN
• CPE, access network and home network stay IPv4
(for the time being)
Public
IPv4
Private
IPv4 • Precursor for SP-class IPv4 Address
Sharing solutions (e.g. DS-Lite AFTR, Stateful
NAT44 Any RG NAT64)
Staging point for additional IPv6 Transition services
Customers
and apps
v4 v4 v4 v4 v4
2011 2012 2013 2014 2015
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
28. Public
IPv4 Internet
Public
IPv6
Internet
IPv4/IPv6 Backbone
• Deployed now to enable IPv6
subscriber connectivity over existing
Infrastructure
CGN 6rd
Network
IPv4 access network.
• New CPE and border relay needed,
Public
everything else stays the same
IPv4
Private
IPv4 • Integrated with CGN or operate in
6rd
standalone
NAT44 CE*
• Broad RG vendor support
• RFC5969
Customers v4 v4 v4 v4 V4/6
2011 2012 2013 2014 2015
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
29. Public
Public IPv6
Internet
IPv4 Internet
IPv4/IPv6 Backbone •DS-Lite offers same customer
service as CGN +6rd (already
Infrastructure
CGN deployed)
Network
CGN+6rd AFTR
•Requires IPv6 build-out & CPE B4
element
Private IPv6 •Not quite operationally ready –
IPv4 consider interim step towards DS-
NAT44 6rd
Lite
B4
Customers v4 V4/6 v4 V4/6
2011 2012 2013 2014 2015
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
30. Public
Public IPv6 Internet
IPv4 Internet
IPv4/IPv6 Backbone
Infrastructure
Network
CGN + 4/6–type
Solutions
NAT64
Small IPv6
Dual-Stack
Dual-Stack
Public
IPv4
Private
IPv4 Big IPv6
4/6
Host
Stack
v4 v4 v4 v4 V4/6 V4/6 v6 v4 V4/6 v6 v6 v6 v6 v6 v6
2011
© 2010 Cisco and/or its affiliates. All rights reserved.
2013 2014 2015
Cisco Confidential 30
31. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
32. • Based on what has and is being deployed in real networks
as we speak
Placeholder for additional solutions that will be operationally
ready beginning next year
• Note that there is not one size that fit’s all
• Looking at:
Composite BB residential space
Mobile
Enterprise
• Recalling the problem statement it is about keeping the IPv4
lights on while adding IPv6 at low-risk and incremental cost
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
33. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
34. • 3GPP Pre-Release 8 required separate parallel v4 and v6 PDP contexts
to be established between mobile node and gateway
• Release 8 and onward supports single PDN connection carrying v4 and
v6 payloads
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
35. • Absent v6 PDP support , how about leveraging 6rd tunneling from MN to
BR for IPv6 Internet connectivity?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
36. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
37. • Native IPv6 PDP from handset to gateway
> 50% of traffic bound for GOOG IPv6; rest goes thru NAT64 to public IPv4
Internet
Obvious NAT64 exit strategy is present
© 2010 Cisco and/or its affiliates. All rights reserved. Source: Cameron Byrne
Cisco Confidential 37
38. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
39. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
40. • Whole IPv6 Transition Space is “White Hot” at the moment
• No more IPv4 addresses and our choices are limited
• Entering the Age of the Big IPv4 Address Sharing Vehicles on the
Internet
Don’t be afraid, they will work … and they are not permanent because IPv6 is
cheaper in the long run
Help keep the IPv4 Internet “going and growing” and a tool for IPv6 Transition
Performance/scale is key essential along with investment/future protection
Operators already asking for 80G solution
• Backbone is covered and mix of dual-stack or v6-over-v4 tunnels to
customer networks is feasible right now, v4-over-v6 tunnels coming later
• Need stateful and stateless transition mechanisms but factor in
tradeoffs when evaluating options
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
41. • IPv6 Transition includes equal parts IPv6 (looking forward) and IPv4 (glancing
back)
• Implicit is the assumption of dual-stack on IP end-points. Think about it:
Dual Stack Tax on the operator
Stalls IPv6 adoption? When does IPv4 go away? Ever?
Unhappy Eyeballs generating helpdesk calls from unsophisticated future ex-customers
• One Network One Stack strategy says
Private IPv4 IPv6, bypass dual-stack and collect $200
NAT64/DNS64 moves into cloud with inherent exit strategy
Operator now dealing with one network, one stack, a translator and … sound familiar?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
42. • Old Thinking: “We need less tools and more
transitioning” – Lars Eggert, IETF76
• New Thinking: “IPv6 Transition is code for legacy
IPv4 into perpetuity. IPv6, let’s get it on !!” –
aggregated paraphrase from nanog thread
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
43. • All kidding aside we are all in this
together
• We will make it work and out of it will
emerge a faster, cleaner, better Internet
• chmetz@cisco.com
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
44. • http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_14-1/index.html
• Metz, et al., “CGN Considered Helpful”, draft-metz-cgn-considered-helpful
• http://www.circleid.com/posts/ipv6_and_transitional_myths/
• https://datatracker.ietf.org/doc/draft-ietf-softwire-dual-stack-lite/
• http://tools.ietf.org/html/draft-arkko-ipv6-transition-guidelines
• http://tools.ietf.org/html/draft-arkko-ipv6-only-experience
• http://www.ietf.org/proceedings/79/slides/plenaryt-9.pdf
• https://datatracker.ietf.org/doc/draft-wing-tsvwg-happy-eyeballs-sctp/
• http://tools.ietf.org/html/rfc5969
• http://tools.ietf.org/html/draft-ford-shared-addressing-issues-02
• http://tools.ietf.org/html/draft-operators-softwire-stateless-4v6-motivation-01
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44