IPv4 address run-out has impacted the Internet community. Service providers must now face the dual challenges of sustaining and growing IPv4-based customers and services for the foreseeable future while executing on a strategy to transition to IPv6. The first challenge involves acquiring unused public IPv4 address space (difficult and potentially very expensive) or deploying IPv4 address sharing vehicles (e.g. CGN). The latter in the near term involves a number of different technologies and solutions including but not limited to dual-stack or IPv6-over-IPv4 tunneling (e.g. 6rd). Longer term transition will take on a more IPv6-centric profile with NAT64 and IPv4-over-IPv6 tunnels figuring prominently. This session will look at the overall problem space and suite of solutions to address the dual challenges of run-out and transition. It will examine what is deployable right now (2011 and 2012) to address these issues and then what planners can expect to see over the next few years. Observations on different technologies including IPv4 address sharing (e.g. CGN, Stateful NAT64, DS-Lite AFTR), tunneling and translation will be discussed. A composite look at what operators are thinking about and doing as well as different architectural solutions will be presented. And finally some thoughts potential alternative strategies will be discussed.
Citation preview
1. [email protected] 2010 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 1
2. Top of Mind IPv6 Transition Technology Observations IPv6
Transition Architecture Models Final Thoughts References 2010 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential
2
3. IPv4 Run-Out has happened. We are done. Post run-out surge
of interest in IPv4 address sharing solutions Running code and TTM
is back in Its new and we need to try it out in networks Stateful
vs Stateless Non-Debate Everybody suddenly (finally) cares about
IPv6 2010 Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 3
4. Before Run-Out lots of serious/thoughtful examination and
action on problem space and potential solutions. Examples: 6rd vs
DS-Lite vs Dual-Stack LI and security implications of IPv4 address
sharing accelerated testing/certification of IPv4/IPv6 interworking
solutions for 2012 deployment readiness Considering CGN deployment
to buy time Post Run-Out Jack Bauer: Youre running out of time. You
dont have a better option 2010 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 4
5. Must keep IPv4 Going and Growing Pays the bills, keeps
customers happy and funds IPv6 transition IPv6 uptake still small
ONOS (One Network One Stack) Model Emerging? Maybe IPv4 Address
Sharing Logging Challenges Routing to/from IPv4 address sharing
vehicle MPLS and IPv6 2010 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 5
6. Costs to Operator Time 2010 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 6
7. 1. Support IPv4 connectivity to the public IPv4 Internet in
the post-IPv4 Run-Out World2. Facilitate IPv6 Transition 2010 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential
7
8. 2010 Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 8
9. Performance/Scale are paramount for Stateful IPv4 Address
Sharing, period. Need to give IPv4 clients a straight shot to the
public IPv4 Internet Native IPv4, CGN and Dual-Stack do this.
Others not quite ready, yet. Too hung up on end-game. Think
evolution from Current IPv6 BEHAVE Solutions bring native IPv6 out
of the closet they can talk to the public IPv4 Internet 2010 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential
9
10. DS-Lite Mux N number of subscriber sessions AFTR Stateful
thru fewer public IPv4 addresses (N:1 CGN CGN NAT64 address
sharing) Create/delete session state composed of binding entries in
table stored in memory IPv4 IPv6 IPv6 Common (and necessary)
technology deployed over different timelines in the NAT44 B4 IPv6
transition epoch 2010 Cisco and/or its affiliates. All rights
reserved. v4 v4 v4 V4/6 v6 v6 Cisco Confidential 10
11. Attribute CGN (NAT44) DS-Lite AFTR (NAT44) Stateful NAT64
Subscribers IPv4 IPv4 via 4over6 tunnel IPv6 Deployment Status Yes,
BB wireline & Early adoptor BB wireline Early adoptor - Mobile
mobile IPv6 N/A Yes natively routed Yes translate to v4 or natively
routed Logging Yes Yes Yes Inside routing to IPv4 routing or MPLS
v6 tunnels to AFTR from B4 V6 routing based on XLAT switching
prefix Dynamic Yes PCP Yes PCP Yes PCP subscriber control Standard
RFC4787, 5382, 5508 draft-ietf-softwire-dual- RFC6146, 6147
draft-ietf-behave-lsn- stack-lite requirements 2010 Cisco and/or
its affiliates. All rights reserved. Cisco Confidential 11
12. Big NAT is better than smaller NAT. Key metrics CGN are:
Smaller NAT entities O(10s of millions of session states) NAT44
NAT44 NAT44 NAT44 O(10Gs of tput) O(1M conn setups/sec) NAT session
logging Factor in growth & b/w per subscriber Significant costs
to deploying under-sized IPv4 Composite address sharing vehicle in
large networks Smaller CANNOT impact data-plane or control plane
NAT CGN performance and scale of host router/switch $$ NAT scale
requirement 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 12
13. Thruput Session Session Setups/sec V4 Addr Sharing States
Resource Pool Logging 2010 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 13
14. Really want to avoid. Reasons are numerous: Regulatory
pushback if SPs modify OTT apps using ALGs Protocols becoming
encrypted Many apps already do NAT traversal without ALG
SP-provided services already sourced from private network thus
never passing thru CGN Existence and deployment of NAT traversal
mechanisms Operational cost/complexity of supporting CGN ALGs for
O(thousands) of private IP subscribers some of whom might need
different versions of an ALG depending upon the application Cant
avoid some ActiveFTP RTSPv1 for Mobile 2010 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 14
15. Not needed or desired. SBC performs media-latching 2010
Cisco and/or its affiliates. All rights reserved. Source:
draft-metz-cgn-considered-helpful Cisco Confidential 15
16. 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 16
17. Dynamic Port Creat Event (bytes) 21 Dynamic Port Delete
Event (bytes) 11 Number of Translations per Day per Subscriber 8000
Number of Days per Year 365 Number of Subscribers 1000000
Compression Rate 8.2 Total NAT Log Bytes (includes DB overhead)
1.8688E+14 Total NAT Log Terabytes 186.88 Total NAT Log Terabytes
Compressed 22.79 2010 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 17
18. Stateful Sync Cost/complexity to sync gazzillions of
short-lived ephemeral session states?? More straightforward to
focus on fast hardware switchover and fast IP convergence Will
address Static Port Forwarding issue with PCP (applicable to IPv6
too); draft-ietf-pcp-base Response to NAT444 impacts draft @
http://www.ietf.org/mail- archive/web/behave/current/msg09027.html
2010 Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 18
19. Translation is not new Other transition methods do not
apply Dual-stack not feasible or desirable Tunnels only enable
IPv6-only connectivity (e.g. like-to-like across un- like) We need
IPv6-only talking to IPv4-only (e.g. like to unlike) Encourages
IPv6 deployments Hosts/applications not confined to just IPv6-only
communication can talk to IPv4 networks including public IPv4
Internet!! Addresses IPv4 run-out 2010 Cisco and/or its affiliates.
All rights reserved. Cisco Confidential 19
20. Stateful NAT64 Stateless NAT64 Each flow creates state in
the Flow DOES NOT create any translator state in the translator
Amount of state based on O(# of Algorithmic operation performed sub
* # of sessions/sub) on packet headers Supports IPv4 Address
Sharing (N:1 NO IPv4 address sharing mappings like NAPT with NAT44)
1:1 mappings consumes one IPv4 address for each connected IPv6
host) Requires symmetric packet flow (like NAT44) Asymmetric packet
flow RFC6052, 6144, 6146, 6147 RFC6052, 6144, 6145, 6147 2010 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential
20
21. stateful stateless IPv4 IPv6 1. Network Internet 2. IPv4
IPv6 Internet Network 3. IPv6 IPv4 Internet Network 4. IPv4 IPv6
Network Internet 5. IPv6 IPv4 Network Network 6. IPv4 IPv6 Network
Network 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 21
22. 6to4 6to4 Stateless 6-over-4 encap using WK 2002::/16
prefix IPv6 IPv4 Internet Internet Public IPv4 only Asymmetric
routing problem 6rd BR LNS 6rd Stateless 6-over-4 encap using SP
IPv6 prefix Public/ Public/ Public Works over public/private IPv4
Private Private IPv4 IPv4 IPv4 RFC5969 6to4 6rd LAC Softwires H/S
RFC5571; uses L2TPv2/IPv4 infra 2010 Cisco and/or its affiliates.
All rights reserved. v4 V4/6 v4 V4/6 v4 V4/6 Cisco Confidential
22
23. Softwires H/S RFC5571; leverages L2TPv2/IPv6 infra IPv4
Internet Dual-Stack Lite 4over6 tunnels terminate in CGN DS-Lite
AFTR NAT44 on AFTR CGN+ LNS 4ov6 TC 4rd Stateful IPv4 address
sharing 4rd Stateless IPv4-over-IPv6 tunnel encap/decap IPv6 IPv6
IPv6 Can do stateless IPv4 address sharing by allocating per-CPE
port ranges LAC B4 4rd CPE does NAT44+4rd encap/decap
draft-despres-intarea-4rd-xx 2010 Cisco and/or its affiliates. All
rights reserved. v4 V4/6 v4 V4/6 v4 V4/6 Cisco Confidential 23
24. Stateful Advantages Stateless Advantages No IPv6 addressing
constraints It scales, routing is asymmetric, much simpler to code
and test, can load share and do anycast Optimal IPv4 address
sharing routing Subscriber and/or session aware Robust and
resilient CGN is classic example 6rd over anycast IPv4 is classic
example Stateful Disadvantages Stateless Disadvantages Complexity
and scalability challenges Imposes IPv6 addressing constraints More
work to code and test Sub-optimal wrt to IPv4 address sharing
Requires symmetric routing 4rd is example Resiliency comes at a
cost CGN is classic example 2010 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 24
25. 1. Determine IPv4 run-out impact on your network2. Execute
plan to keep IPv4 going3. Determine where/when/how to introduce
IPv6 and execute 3. IPv6 6rd 6rd Dual Dual + Stack Stack IPv4
Address CGN + Run-Out. CGN 2. 2/1/2011 IPv4 Address Sharing What
next? Solutions (e.g. CGN) IPv4 1. Obtain IPv4 Addresses 2010 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential
25
26. Public Public IPv6 IPv4 Internet Internet IPv4 and IPv6
Packets IPv4/IPv6 Backbone (P and PE) Infrastructure Network Deploy
now to IPv6-enable the backbone Dual-Stack or 6PE/6vPE CPE
Prerequisite for launching IPv6 connectivity and services to
Dual-Stack IPv6 adjacent customer address realmsCustomers V4/6 v6
2011 2012 2013 2014 2015 2010 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 26
27. Public IPv4 Internet IPv4/IPv6 Backbone Infrastructure
Deployed now to address IPv4 run-out Network CGN CPE, access
network and home network stay IPv4 (for the time being) Public IPv4
Private IPv4 Precursor for SP-class IPv4 Address Sharing solutions
(e.g. DS-Lite AFTR, Stateful NAT44 Any RG NAT64) Staging point for
additional IPv6 Transition servicesCustomers and apps v4 v4 v4 v4
v4 2011 2012 2013 2014 2015 2010 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 27
28. Public IPv4 Internet Public IPv6 Internet IPv4/IPv6
Backbone Deployed now to enable IPv6 subscriber connectivity over
existing Infrastructure CGN 6rd Network IPv4 access network. New
CPE and border relay needed, Public everything else stays the same
IPv4 Private IPv4 Integrated with CGN or operate in 6rd standalone
NAT44 CE* Broad RG vendor support RFC5969Customers v4 v4 v4 v4 V4/6
2011 2012 2013 2014 2015 2010 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 28
29. Public Public IPv6 Internet IPv4 Internet IPv4/IPv6
Backbone DS-Lite offers same customer service as CGN +6rd (already
Infrastructure CGN deployed) Network CGN+6rd AFTR Requires IPv6
build-out & CPE B4 element Private IPv6 Not quite operationally
ready IPv4 consider interim step towards DS- NAT44 6rd Lite
B4Customers v4 V4/6 v4 V4/6 2011 2012 2013 2014 2015 2010 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential
29
30. Public Public IPv6 Internet IPv4 Internet IPv4/IPv6
Backbone Infrastructure Network CGN + 4/6type Solutions NAT64 Small
IPv6 Dual-Stack Dual-Stack Public IPv4 Private IPv4 Big IPv6 4/6
Host Stack v4 v4 v4 v4 V4/6 V4/6 v6 v4 V4/6 v6 v6 v6 v6 v6 v6 2011
2010 Cisco and/or its affiliates. All rights reserved. 2013 2014
2015 Cisco Confidential 30
31. 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 31
32. Based on what has and is being deployed in real networks as
we speak Placeholder for additional solutions that will be
operationally ready beginning next year Note that there is not one
size that fits all Looking at: Composite BB residential space
Mobile Enterprise Recalling the problem statement it is about
keeping the IPv4 lights on while adding IPv6 at low-risk and
incremental cost 2010 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 32
33. 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 33
34. 3GPP Pre-Release 8 required separate parallel v4 and v6 PDP
contexts to be established between mobile node and gateway Release
8 and onward supports single PDN connection carrying v4 and v6
payloads 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 34
35. Absent v6 PDP support , how about leveraging 6rd tunneling
from MN to BR for IPv6 Internet connectivity? 2010 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 35
36. 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 36
37. Native IPv6 PDP from handset to gateway > 50% of traffic
bound for GOOG IPv6; rest goes thru NAT64 to public IPv4 Internet
Obvious NAT64 exit strategy is present 2010 Cisco and/or its
affiliates. All rights reserved. Source: Cameron Byrne Cisco
Confidential 37
38. 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 38
39. 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 39
40. Whole IPv6 Transition Space is White Hot at the moment No
more IPv4 addresses and our choices are limited Entering the Age of
the Big IPv4 Address Sharing Vehicles on the Internet Dont be
afraid, they will work and they are not permanent because IPv6 is
cheaper in the long run Help keep the IPv4 Internet going and
growing and a tool for IPv6 Transition Performance/scale is key
essential along with investment/future protection Operators already
asking for 80G solution Backbone is covered and mix of dual-stack
or v6-over-v4 tunnels to customer networks is feasible right now,
v4-over-v6 tunnels coming later Need stateful and stateless
transition mechanisms but factor in tradeoffs when evaluating
options 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 40
41. IPv6 Transition includes equal parts IPv6 (looking forward)
and IPv4 (glancing back) Implicit is the assumption of dual-stack
on IP end-points. Think about it: Dual Stack Tax on the operator
Stalls IPv6 adoption? When does IPv4 go away? Ever? Unhappy
Eyeballs generating helpdesk calls from unsophisticated future
ex-customers One Network One Stack strategy says Private IPv4 IPv6,
bypass dual-stack and collect $200 NAT64/DNS64 moves into cloud
with inherent exit strategy Operator now dealing with one network,
one stack, a translator and sound familiar? 2010 Cisco and/or its
affiliates. All rights reserved. Cisco Confidential 41
42. Old Thinking: We need less tools and more transitioning
Lars Eggert, IETF76 New Thinking: IPv6 Transition is code for
legacy IPv4 into perpetuity. IPv6, lets get it on !! aggregated
paraphrase from nanog thread 2010 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 42
43. All kidding aside we are all in this together We will make
it work and out of it will emerge a faster, cleaner, better
Internet [email protected] 2010 Cisco and/or its affiliates. All
rights reserved. Cisco Confidential 43
44.
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_14-1/index.html
Metz, et al., CGN Considered Helpful,
draft-metz-cgn-considered-helpful
http://www.circleid.com/posts/ipv6_and_transitional_myths/
https://datatracker.ietf.org/doc/draft-ietf-softwire-dual-stack-lite/
http://tools.ietf.org/html/draft-arkko-ipv6-transition-guidelines
http://tools.ietf.org/html/draft-arkko-ipv6-only-experience
http://www.ietf.org/proceedings/79/slides/plenaryt-9.pdf
https://datatracker.ietf.org/doc/draft-wing-tsvwg-happy-eyeballs-sctp/
http://tools.ietf.org/html/rfc5969
http://tools.ietf.org/html/draft-ford-shared-addressing-issues-02
http://tools.ietf.org/html/draft-operators-softwire-stateless-4v6-motivation-01
2010 Cisco and/or its affiliates. All rights reserved. Cisco
Confidential 44
45. #CNSF2011 2010 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 45
46. #CNSF2011 2010 Cisco and/or its affiliates. All rights
reserved. Cisco Confidential 46