IPv6 over xDSL: The DIODOS Proposal

Athanassios Liakopoulosaliako@grnet.gr

Greek Research & Technology Network

International IPv6 Workshop, Kopaonik, March 6th,2005

International IPv6 Workshop - Kopaonik, March '05 2

Outline

Introduction to DSL technology IPv6 services over DSL The DIODOS project IPv6 services in DIODOS

International IPv6 Workshop - Kopaonik, March '05 3

Entities involved in an xDSL environment Subscriber (xDSL User) Network Access Provider (NAP)

Responsible for the management of the copper local loop.

Network Service Provider Responsible for providing interconnection with the

Internet. May offer other added-value services.

International IPv6 Workshop - Kopaonik, March '05 4

Basic Network Elements

Subscriber (DSL User) PC, modem, CPE router

Network Access Provider (NAP) DSLAM, BBRAS, radius server (?)

Network Service Provider Edge router, radius server (?)

Subscriber

CPE

ModemDSLAM BBRAS

Network Access Provider (NAP)

Network Service Provider (NSP)

Radius server

RouterEdge router

International IPv6 Workshop - Kopaonik, March '05 5

Implementation details

xDSL modem Encapsulates Subscribers’ traffic to ATM cells, signal (de)modulation

DSL Access Multiplexer (DSLAM) Signal (de)modulation, aggregates traffic over ATM links

Broad Band Remote Access Concentrator BBRAS Terminates the Subscribers’ ATM connections, forwards traffic to the

NSP edge router.

Radius Server Contains configuration templates

NSP edge router

International IPv6 Workshop - Kopaonik, March '05 6

Subscriber

CPE

ModemDSLAM

xDSL

ATM

PHY

IPv6

802.3

PHY

802.3RFC1483

ATM

xDSL

Ethernet bridging

PHY

Ethernet bridging over ATM The CPE forwards IP packets using multi-protocol encapsulation over ATM

adaptation layer 5 (AAL5). Minimum functionality is required for CPE, aka xDSL modem (L3 unaware

device). A single ATM PVC is used for IPv4/6 interconnection Subscriber’s PCs are configured with static IPv6 address, or via DHCPv6 or

via auto-configuration This method does not support authentication and authorization functionality!

International IPv6 Workshop - Kopaonik, March '05 7

PPP over AAL5 (PPPoA)

Subscriber

CPE

Modem DSLAM BBRAS

Network Access Provider (NAP) / Network Service

Provider

Radius server

Router

xDSL

ATM

PHY

IPv6

802.3

PHY

802.3RFC1483

ATM

xDSLPHY

PPPoA

IPv6

RFC1483

ATM

PHY

PPPoA

IPv6

PPPoA

The CPE supports IPv6/4 packet forwarding and interconnects multiple systems in the Subscriber’s local network.

A single PPPoA session is established over a ATM PVC allowing the CPE router to establish two PPP sessions; an IPv6 (IPCPv6) and an IPv4 (IPv4)

IPv6 addresses are assigned automatically over the PPP sessions using attributes stored in a centralised radius server or a local database.

The CPE can be authenticated using one of the multiple protocols, such as PAP, CHAP, MS-CHAP, EAP, etc.

International IPv6 Workshop - Kopaonik, March '05 8

PPP over AAL5 (PPPoA)

Subscriber

CPE

Modem DSLAM LAC(BBRAS)

Router

PPPoA

Network Access Provider (NAP)

Network Service Provider (NSP)

Radius server

LNS(Edge router)

L2TP

In case the NAP and the NSP are different, the PPP sessions do not terminate at the BBRAS but at the edge router. BBRAS = L2TP Access Concentrator (LAC) Edge router = L2TP Network Server (LNS)

Two PPP sessions are established from the CPE router, which terminate at the LNS.

Address assignment and authentications methods are performed in the same was as previously but now the radius server is managed by the NSP.

International IPv6 Workshop - Kopaonik, March '05 9

PPP over Ethernet (PPPoE)

Subscriber

CPE

Modem DSLAM BBRAS

Network Access Provider (NAP) / Network Service

Provider

Radius server

Router

xDSL

ATM

PHY

IPv6

802.3

PHY

802.3RFC1483

ATM

xDSLPHY

PPPoE

IPv6

RFC1483

ATM

PHY

PPPoE

IPv6

PPPoE

Separate PPP sessions are established between the CPE and the BBRAS for IPv6 and IPv4 traffic. Sessions terminate in the LNS in the NSP network (not shown). PPP sessions may terminate in the Subscriber’s system. This allows the

CPE to be L3 unaware and, thus, cheap(!) but requires specific software to be installed in the Subscribers’ systems.

International IPv6 Workshop - Kopaonik, March '05 10

The DIODOS project

In Greek, the word “diodos” means “passage”. Established under the authority of the Ministry of

Development, the Ministry of National Education & Religious Affairs and the Ministry of Transport and Communications Realised by the General Secretariat for Research and

Technology with the support of Greek Research & Technology Network.

http://www.diodos.net.gr/ (in greek)

International IPv6 Workshop - Kopaonik, March '05 11

DIODOS objectives (?)

Improve the quality of training in Greece Enabling tele-teaching, collaboration, videoconferencing,

etc Easy access to available content, such as digital

libraries, multimedia content, virtual labs, etc. Increase the penetration of broadband technology

in Greece Give motives to ISPs to improve their infrastructure Create future potential Users

International IPv6 Workshop - Kopaonik, March '05 12

DIODOS Entities

Network Access Provider (NAP) Network Service Provider

GRNETProvide the Internet interconnection services

Accounting – Management ISPsMaintaining the radius serversAccounting and billing of Subscribers

International IPv6 Workshop - Kopaonik, March '05 13

Obstacles

Greece-wide service Centralised architecture, high availability

Limited amount of time for implementation and deployment

Management complexity Three different entities involved Information System had to be implemented Lack of management tools

Open to all competitive ISPs

International IPv6 Workshop - Kopaonik, March '05 14

Why IPv6 support is important?

“Always-on” xDSL connections require a routable IP address per subscriber Thousands of new IPv4 addresses have to be

allocated for DIODOS connections. In the hypothetical case that all the students on Aristotle

University of Thessaloniki take advantage of DIODOS programme, more than 150 class C networks has to be allocated!

A /9 IPv4 address has to be allocated to all Greek Universities!

International IPv6 Workshop - Kopaonik, March '05 15

Why IPv6 support is important? (2)

Take advantage of the experience gained from other IPv6 deployments in Greece. GRNET provides IPv6 interconnection services since

the end of 2003. The Greek School Network (GSN) introduced IPv6

interconnection services over xDSL on a pilot basis.

If DIODOS will support only IPv4 services, it may affect

the impact of the other IPv6-enalbed networks.

International IPv6 Workshop - Kopaonik, March '05 16

Why IPv6 support is important? (3)

Exposing students to new technologies is one of the major objectives of any educational system. New advanced services and applications may

take advantage of the unique IPv6 features, Large portion of Greek student still has not

access to IPv6 technology

DIODOS could become a “vehicle” to improve the educational process and further stimulate innovation.

International IPv6 Workshop - Kopaonik, March '05 17

Possible IPv6-enabled implementations Use Global Unicast IPv6 and Private IPv4

addresses Overcome the IPv4 depletion problem Static NAT is used for IPv4 connectivity

Possible scalability problems.

Problems with application protocols caring IP addresses in their payload

Application-Level Gateways (ALG) are needed Affected protocols: ICMP, FTP, H.323, SNMP, DNS,

NetBIOS over TCP/IP (NBT) etc. Difficulties with IPSec.

International IPv6 Workshop - Kopaonik, March '05 18

Possible IPv6-enabled implementations Use open replay 6to4 servers

No solution to IPv4 depletion problem Security configuration

Tunnel Broker More complex solution than 6to4 tunneling No solution to IPv4 depletion problem

Open VPN solutions

International IPv6 Workshop - Kopaonik, March '05 19

Thank you!