Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
IPv4 Exhaustion
and IPv6 Deployment
Architecture
Josef Ungerman
Cisco, CCIE #6167
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Agenda
2
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPv4
Address‐space
Usage
Trends
Source:
h*p://www.potaroo.net/tools/ipv4/
or
h*p://www.nic.ad.jp/en/ip/ipv4pool/
The
red
line
indicates
the
number
of
/8
address
blocks
remaining
in
the
IANA
(Internet
Assigned
Numbers
Authority)
free
pool.
The
green
line
indicates
the
number
of
/8
address
blocks
available
in
RIR
(Regional
Internet
Registry)
free
address
pools.
The
verAcal
line
indicates
today.
3
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPv6 Drivers
4
Exponential bandwidth growth → traffic without NAT is cheaper!
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPv6 Internet
Google over IPv6 (via local IXP)
Google services available currently How it began:
1. Google search (image, blog and code search) 1. March 2008: Google search over IPv6 on
2. Alerts IPv6-only websites like ipv6.google.com
(IPv6 connection required). No other
3. Docs
service available.
4. Finance
5. Gmail
6. Health
7. iGoogle
8. News
9. Reader
10. Picasa 2. Google over IPv6: seamless access to
11. Maps most Google services over IPv6 simply by
using same websites
IPv6 peering with Google is prerequisite (RS).
IP NGN
Prosper
Prepare
Preserve
7
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Large Scale NAT44 (LSN44)
1. Multiple customers multiplexed behind an SP
managed NAT device (a Large Scale NAT) Large Scale NAT44
AAA
NAT44 NAT44
NAT
IPv4
Internet
IPv4-Private IPv4-Private
Home Access
Gateway Node BRAS LSN
8
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
CRS-1 and CRS-3
CGSE: the Carrier-Grade Services Engine
Introducing the new engine for massive Cisco CGv6 deployments
CGN (roadmap)
2 million active translations
Cisco ASR 1002 Netflow V9 logging
100K connections per second
20Gb/s of throughput
Rich edge services delivery beyond CGv6
- Security, VPNs, Session Border Control
Cisco ASR 1004
iTunes
Google
Maps
Playstation
Network
Windows Live
iPhone Messenger
App
Store
Google
Talk And More…..
11
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Large Scale NAT44 (LSN44)
SP LSN NAT44
Pros Cons
• ISPs can reclaim global IPv4 • SP NAT results in margin &
addresses from customers, competitive implications
replacing with non-routable • Does not solve address
private addresses and NAT
exhaust problem in the long
• Addresses immediate IPv4 term
exhaust problem • Sharing IPv4 addresses could
• No change to subscriber CPE have user behavioral and
• No IPv4 re-addressing in home liability implications
• User control over NAT
• Dense utilization of Public IP
address/port combinations
12
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Staying with IPv4
Other approaches not involving NAT
Pros Cons
• Valuation of IPv4 addresses • Market may not materialize, so
may hasten IPv6 adoption by organizations hoping to benefit
encouraging sellers, perhaps may not
more than offsetting costs to
move some or all of their • Depending on region, if RIR
network to v6 doesn’t register transfer, there
may be no routability
• Receivers of transferred IPv4
address space can prolong • Risk to integrity of routing
their IPv4 networks system, as RIRs no longer
authoritative for address
records. Will BGP Prefix
Validation be universally
deployed in time?
• Even more rapid growth of
routing system
14
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Agenda
15
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Native IPv6 and IPv4 dual stack
1. Classic RFC 4213 solution
Logical deployment choice when one has little control over end-point
2. In the short term deploying IPv6 in dual stack does not solve IPv4
exhaust; IPv4 shortage is expected before full deployment
Can be easily combined with NAT44 solution, while allowing IPv6
deployment ramp-up.
NAT44
IPv4-Private
IPv6-Public Home Access
Node BRAS LSN
Gateway
IPv6
Internet
16
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Internet: Native IPv6 and IPv4 dual stack
1. Broadband PPP Access
PPP Session
Dual-stack IPv6 and IPv4 supported over a shared
PPP session with v4 and v6 NCPs running as IPv4
IPv6
ships in the night.
Should not consume extra BRAS session state nor
require Access-Node upgrades
17
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
BNGv6 Cluster – ASR1000 and IOS XE
Nx 32K dual-stack sessions with ACL, QoS, uRPF, AAA,...
Q2 CY08 Q3 CY08 Q4 CY08 Q1 CY09 Q2 CY09 Q3 CY09 Q4 CY09 Q1 CY10 Q2 CY10 CY10
RLS1 RLS2 RLS3 RLS4 RLS5 RLS6 RLS7
Please refer to ASR1K IPv6 feature list on CEC for exact details. Native IPv6 IPv6 Broadband
IPv6 Tunnel IPv6 over MPLS
Available Committed Planning/ CUBE(SP) Security
Uncommitted & Services
18
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Native IPv6 and IPv4 dual stack
Pros Cons
• Classic standard solution • Continuing to use public IPv4
model doesn’t solve IPv4 exhaustion
• Supports legacy (IPv4) • IPv6 alongside existing IPv4
applications infrastructure might cost extra
in terms of opex and hardware
• Flexible: can be combined with changes
NAT44 deployment for
addressing IPv4 exhaustion • Some forms of dual-stack
deployments or
• Once services are on IPv6, implementations can lead to
IPv4 can simply be double user sessions and
discontinued decreased network scalability
Dual-stack is a solution for the IP/MPLS infrastructure, not for IPv4 Exhaust.
So what are the options for broadband clients?
19
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPv6 and Large Scale AFT64
AFT64 technology is only applicable in case where there are
IPv6 only end-points that need to talk to IPv4 only end-points.
AFT64 for going from IPv6 to IPv4.
NAT64
IPv4
NAT Public
LSN64
IPv6
Public Serving PDNGW
eNB IPv6
Gateway
Public
2. Stateless
Flow DOES NOT create any state in the translator
Algorithmic operation performed on packet headers
1:1 mappings (one IPv4 address used for each translation to an IPv6
host).
For internet access public IPv4 address pool is required for each
IPv6 host.
Supports both IPv6 and IPv4 host initiated communication 21
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
AFT64 Stateful Translators
• IPv6 addresses representing
IPv4 hosts
Stateful AFT64
• “IPv4 Mapped” IPv6 Addresses
• AFT keeps binding state between
Format is: inner IPv6 address and outer IPv4+port
PREFIX (/96):IPv4 Portion: (full cone)
(optional Suffix)
• Any IPv6 address
• NAT64 ALGs are still required
PREFIX::
IPv6 announced in AFT64
UE IPv6 IGP
0::0
IPv6 announced in Stateless
UE IPv6 IGP AFT64
23
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Native IPv6 and Large Scale AFT64
Pros Cons
• Allows IPv6 only clients access • Technical viability of IPv6 only
to IPv4 content service (IPv6 stack not enabled
on all hosts)
• IPv6 services and applications
offered natively to consumers • Does not address IPv4
customer base
• SP network runs IPv6 only,
avoiding IPv4 support costs • ALGs required
• Stateless technique can be • DNS infrastructure must be
used for IPv4 to IPv6 access modified to support NAT64
• Operations & troubleshooting of
transient issues
• Stateful NAT has many of the
same implications as NAT44
24
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IP Tunneling
IPv4 Tunnel
IPv6 IPv6
IPv6 Tunnel
IPv4 IPv4
25
Source: RFC3439
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IP Tunneling
IPv6 in IPv4 – Why?
Deployment of fully native IPv6 affects numerous system
components, aka “touch points” NMS/Addressing
AAA/DHCP • IPv6 Parameters
• DHCPv6
IPv6 IPv4
L2
RG Access
Node BNG
RG IPv4 Address
6rd CPE
Residence’s IPv6 Subnet is constructed from:
ISP’s IPv6 Prefix + RG IPv4 Address + SLA
/64 /128
For IPv6 traffic destined to the backbone, the RG uses the destination IPv4 of the 6rd Relay.
27
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
IPv6 Rapid Deployment (6rd) - 6rd Prefix Delegation
(From a Private IPv4 Prefix)
6rd IPv6 Prefix Customer IPv6 Prefix
Subnet-
2011:1000 1.1.1
ID Interface ID
0 32 56 64
In this example, the
6rd Prefix is /32
Customer’s IPv4 prefix, without the “10.” (24 bits)
Any number of bits may be masked off, as long as they are common for
the entire domain. This is very convienent when deploying with a CGSE ,
but is equally applicable to aggregated global IPv4 space.
28
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
IPv6 Rapid Deployment (6rd) - Packet Flow and Encapsulation
6rd 6rd
IPv4 + IPv6
IPv4 + IPv6
IPv4 + IPv6
IPv4 + IPv6 Core /
6rd Border
CE Relays Internet
IPv4
THEN Encap in
IF 6rd IPv6 IPv4 with
Prefix Positive
embedded
Match address
Pros Cons
• It enables a v6 service to a routed CPE • Continuing to use public IPv4
user doesn’t solve IPv4 exhaustion.
• IPv6 can traverse existing IPv4 Solution may need to be combined
infrastructure. No new access CAPEX with NAT44.
to enable v6.
• Doesn’t currently support IPv6
• Derives IPv6 from IPv4 addresses, multicast
eliminating need for much of IPv6 OSS
• Efficient local routing of user-user
• Extra encapsulation overhead
traffic
• Stateless = easier to scale & operate
• Easily combined with NAT44 to solve
IPv4x. In this mode dual stack
• Makes operational models of v4 and v6
similar
30
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
Dual Stack Lite – IPv4 in IPv6
1. Tunneling IPv4 using IPv6 transport.
2. Two common options allowed by:
http://tools.ietf.org/html/draft-ietf-softwire-dual-stack-lite-02
3. Dual-stack Lite with NAT44
Tunnel from CPE is to a LSN NAT44 device.
LSN NAT44 is stateful. No CPE NAT44
NAT44 or A+P
4. Dual-stack Lite Address+Port (A+P) Routing
Tunnel is between CPE and A+P Router
CPE is doing port restricted NAT44 CMTS
CPE
31
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
Dual Stack Lite – LSN44
IPv6-only AAA
and/or DHCP
ds-lite
NAT
IPv4-Private + IPv6
Route
IPv6 + IPv4
Dual Stack IPv6 IPv4-Public
Customer IPv6 DS-Lite
CMTS/BNG
CPE LSN44
(IPv6)
CPE configuration.
1. ISP IPv6 Prefix (DHCPv6 or SLAAC assigned)
2. DS-Lite Tunnel Gateway address (IPv6)
3. CPE has a dummy IPv4 address (eg 0.0.0.1). NAT44 is disabled
All user sourced IPv4 traffic is routed by the CPE onto point-point ds-lite IPv6 tunnel
towards LSN
LSN44 performs NAT44 function on each subscriber’s IPv6 tunnel.
32
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
Dual Stack Lite – A+P
DHCPv6
and DHCPv4
ds-lite
+PNAT44
CPE configuration.
1. ISP IPv6 Prefix (DHCPv6 or SLAAC assigned)
2. DS-Lite Tunnel Gateway address (IPv6)
3. CPE is dynamically assigned a public IPv4 address and a restricted range of
IPv4 ports. Port restricted NAT44 is enabled.
All user sourced IPv4 traffic is NAT’ed by the CPE into the restricted IPv4 port space
and passed onto IPv6 tunnel
A+P Router performs per user IPv4 port range routing.
33
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
Dual Stack Lite – IPv4 in IPv6
Pros Cons
• In theory: Single IPv6 stack • In practice: Operation of IPv4
network operation streamlined stack in the network will still
by limited exposure to IPv4 continue…
• Consumers can transition from • …And it will need to change
IPv4 to IPv6 without being due to IPv6.
aware of any differences in the
protocols • Requires full IPv6 production
grade network. Works well for
• “A+P” model retains user those already there
control of NAT44
• “LSN44” Model has remaining
drawbacks of NAT44 model
• “A+P” model likely to have
lower address saving
characteristics
34
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPv4 Exhaust Technologies Summary
NAT44 Dual Stack NAT64
6RD Tunneling
DS-Lite Tunneling
IPv4 Depletion
Yes
Yes
Yes
Yes
Yes
Countermeasure
Depends on
Full IPv6. IPv4 Full IPv6. IPv4
whether IPv6 is
depends on the Yes/No : stateless/ depends on the
Scalability
Limited
deployed to the
number of IPv4 stateful
number of IPv4
end-points and
addresses or NAT44
addresses or NAT44
NAT44
Phase-in (for the existing H1 2010: CRS Available Now. H1 2010: ASR1K
CRS, ASR1K
CRS, ASR1K
IPv4 infrastructure)
H2 2010: ASR1K
BNGv6: ASR1K
H2 2010: CRS
35
Presentation_ID Cisco CRS – CGSE module
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco ASR1000
Agenda
36
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Recent IPv6 Success Stories…
1. NREN’s
CERNET2: 100 universities connected IPv6-only
2. Japanese Service Providers
government supported, on-net IPv6 Voice and IPv6 Video
3. Free Telecom in France
Nov 7, 2007 – “6rd” presented, decided to deploy
Nov 10, 2007 – RIPE v6 prefix got, CRS-1 core configured for dual-stack, 6RD
RG/BR prototype built
Dec 11, 2007 - “Opt-in” service made available to 3M subscribers, 250K sign up
right away
March 2008 – Deployed “telesite” IPv6-only service to all 3M subs
4. Google over IPv6
Dec 5, 2007 – Challenged to deploy IPv6 by IETF 73
Jan 2008 – First production IPv6 router
Oct 2008 – First “trusted tester” receives AAAA for www.google.com
Nov 16, 2008 – Challenge met at IETF 73 37
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Japanese IPv6
ASR1000 in Distributed Integrated Service Edge:
Internet Access (IPv4 – BB, LAC, PPPoE)
Voice & Video Telephony (IPv4/IPv6 – SBC)
IPTV VoD (IPv6 – SBC, HDTV)
IPTV TV (IPv6 – Multicast, SD/HD)
VoIP B’cast TV Video Conf VOD
Diameter
….
Gq’
RACS Applications
H.248
Control
Residence IPv4 / IPv6 Dual Core ASR1K
LNS
Content
ONT GE-PON OLT MGW POTS Servers
CPE
Access SW ASR1K
FTTH
Up to 24Mbit/s
Cat6500 CRS-1
Freebox
DSLAM IPv4 / IPv6
core network
Cat6500
IP-STB Freebox
FTTH CRS-1 IPv4
100 Mbit/s
Internet
IPv4 / IPv6
access &
Cat4500 aggregation
FTTH Access network
Native IPv6
IPv6 encapsulated in 6RD
39 39
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
USA – Wireline Operator
LSN44 + 6rd
• Agg1 & Agg2
Subscriber VLAN termination. L2 security. IPv4 snooping
• Routed IPv6 6rd and IPv4 NAT CPE VPLS
Private IPv4 address. Global IPv6. IP v4 routing (unicast and multicast). IPv4 PBR.
Multicast: IPv4 only now DHCP v4 relay.
• Access Node: • IP Agg
1:1 VLAN to UNI IPv6 and v4 routing.
IPv4 IGMP snooping for multicast Local service injection (VoD, etc). Internet access.
DHCPv4 Option 82 insertion Carrier Grade NAT44
Routed CPE 6rd Border Router
Non dot1Q
Trunk
IP
UNI
HSI/VoIP
IPv4
IPv4 & IPv6
STB VPLS (no split IPv4 NAT
MCast TV horizon 44 Backbone
dot1Q downstream)
Routed CPE
Non IPv6
Trunk 6rd
UNI
IP
HSI/VoIP IPv4
IGMP
dot1Q PIM-SSM
STB
40
Subscriber AN Agg1 Agg2 IP Agg
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
USA – Cable Operator
CPE-to-LSN
DS-lite
CRS-1
C7609
IP/ IP/MPLS
D3
MPLS LSN D3 modem Home
G/W
CRS-1 CRS-1 M-CMTS
41
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
CE Telecom – Introduction of IPv6 extension for HSI service
2 Phase Approach
time
43
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
44
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential