ipv6 workshop - apnic training wiki

IPv6 WorkshopAPNIC Technical Workshop December 21-22, 2017 in Beijing, China.

Hosted By:

韦蓓 (Jessica Wei)

Training Officer, APNICResponsible for the development and delivery of technical training to the APNIC community and deliver technical assistance to network operating members in the Asia Pacific region.

After graduating from China’s Huazhong University of Science and Technology in 2007 with a degree in electronic engineering, Bei(whose nickname is Jessica) joined Huawei as a network training officer.

Over the next six years, she provided Huawei technical training on LAN/WAN systems, broadband access, IP core and IP mobile backhaul networks as well as working on technical training course design and the development of IP training materials.

Contact: Email: [email protected]

Presenter

Overview IPv6 Workshop

– Where are we now?

– Introduction to IPv6

– IPv6 Protocol Architecture

– IPv6 Addressing and Sub-netting (Including Hands-on Exercise)

– IPv6 Host Configuration (Including Lab Exercise)

– Network Design Overview and IPv6 Addressing Plan (Case Study)

– IPv4 to IPv6 Transition Principle and Strategy (Case Study)

IPv4 Exhaustion

http://www.potaroo.net/tools/ipv4/

5

Global IPv6 End-User Readiness

IPv6 capable = 16.45 (12/12/2017)100% increase in last 12 months!

https://stats.labs.apnic.net/ipv6/ 12/12/2017

Global IPv6 End-User Readiness


IPv6 Economy League tableCC Economy IPv6 Capable

BE Belgium 59.21%

IN India 51.60%

DE Germany 42.94%

US United States 41.11%

CH Switzerland 37.21%

GR Greece 37.16%

UY Uruguay 34.15%

LU Luxembourg 31.99%

GB United Kingdom 27.42%

JP Japan 25.67%

PT Portugal 23.61%

FR France 23.51%

TT Trinidad and Tobago 22.13%

CA Canada 21.69%


How About Asia?CC Economy IPv6 CapableIN India 51.60%JP Japan 25.67%MY Malaysia 19.26%TH Thailand 10.23%MO Macao SAR 9.13%KR Korea 9.13%VN Vietnam 8.68%LK Sri Lanka 6.04%SG Singapore 5.23%CN China 0.76%ID Indonesia 0.20%


India

India IPv6 Capable: 52.29%274.57% increase in the last 12 months!


India IPv6 Leaderboard

ASN Organization IPv6 Capable AS55836 Reliance Jio Infocomm Limited 88.32%AS45271 IDEA Cellular Limited 33.21%AS38266 Vodafone Essar Ltd. 20.47%AS55441 TTSL-ISP DIVISION 15.77%AS17803 BSES TeleCom Limited 14.57%AS23870 Telenor (India) Communication Pvt. Ltd. 12.17%AS10199 Tata Communications Ltd 4.92%AS45609 Bharti Airtel Ltd. 2.22%


Japan


Japan IPv6 Capable: 27.13%65.53% increase in last 12 months!

Japan IPv6 LeaderboardASN Organization IPv6 Capable AS7522 STCN STNet, Incorporate 61.92%AS2516 KDDI Corporation 54.07%

AS18144 AS-ENECOM Energia Communications,Inc. 46.48%

AS18126 CTCX Chubu Telecommunications Company, Inc.

44.01%

AS2527 SO-NET Entertainment Corporation 37.50%AS17676 GIGAINFRA Softbank BB Corp. 36.47%AS2518 BIGLOBE Inc. 35.73%AS4685 Asahi Net 29.63%AS4713 OCN NTT Communications Corporation 22.82%


China


China IPv6 LeaderboardASN Organization IPv6

Capable AS23910 China Next Generation Internet CERNET2 97.73%AS4538 China Education and Research Network Center 29.63%AS7497 Computer Network Information Center 28.53%AS17964 Beijing Dian-Xin-Tong Network Technologies

Co., Ltd.8.05%

AS136189 Opera Software Technology (Beijing) Co., Ltd. 6.55%AS37943 Zhengzhou GIANT Computer Network

Technology Co., Ltd5.04%

AS17622 GZ China Unicom Guangzhou network 3.55%AS4847 China Networks Inter-Exchange 3.53%AS4809 China Telecom Next Generation Carrier Network 3.20%


IPv6 Performance

• Enough data accumulated to analyze IPv6 performance• APNIC R&D, Geoff Huston’s recent study

– Presented @ APRICOT 2016 (Feb, 2016)

• Is IPv6 as robust as IPv4:– Do all TCP connection attempt succeed?

• Connection failure = No ACK for acknowledged SYN

– IPv4 connection failure sits at 0.2%– IPv6 connection failure sits at 1.8%

http://www.potaroo.net/presentations/2016-02-22-ipv6-performance.pdf

IPv6 Performance

• Enough data accumulated to analyze IPv6 performance• APNIC R&D, Geoff Huston’s recent study

– Presented @ APRICOT 2016 (Feb, 2016)

• Is IPv6 as fast as IPv4? (IPv6 unicast)– Comparison of RTT (e2e)

• Time since SYN till ACK (factors out any congestion issues)

– IPv6 is faster about half of the time• 36-90ms faster

– IPv6 as fast as IPv4http://www.potaroo.net/presentations/2016-02-22-ipv6-performance.pdf

IPv6 Performance

• There are good use cases and implementation• LinkedIn Senior Director of Infrastructure Engineering, Zaid

Ali Kahn– Presented @ APNIC42 (September, 2016)

• IPv6 at LinkedIn– For some select networks in Europe, LinkedIn is seeing up to 40%

performance improvements over IPv6, and in the US, up to 10%.– TCP timeout on IPv4 over mobile carrier networks is as high as 4.6%

and IPv6 timeouts are on a much lower side at 1.6%.

https://blog.apnic.net/2016/05/13/linkedin-ipv6-measurements/

Industry Trend: Content-Top 1000 Websites IPv6

http://www.worldipv6launch.org/measurements/

Industry Trend: Devices Worldwide

Mobiles +50% of all visible devices

Since Oct 2016 Mobile access services represent 75% of all Access Provider revenue

Mobile

Desktop

Tablet

http://gs.statcounter.com/platform-market-share/desktop-mobile-tablet/ 13/12/2017

Industry Trend: Devices in ChinaMobile are now more than

50% of visible devices!

http://gs.statcounter.com/platform-market-share/desktop-mobile-tablet/ 13/12/2017

Mobile

Desktop

Tablet

IPv6 Enabled Devices

• Android and Windows Phone support 464XLAT transitiontechnology– Apple iOS IPv6-only network support since version 9– All Apple AppStore apps must include IPv6 support since early 2016

• Others incld: Huawei E398, E352u, Nokia N/E series

IPv6 Mobile Network and Technology

Questions?

What is IPv6? • IP (Internet Protocol)

– The most common protocol over the Internet– defines how packets are sent over the internet– Addressing and routing

• Current versions– IPv4 & IPv6

• There was an IPv5 (Internet Stream Protocol)– an experimental network layer protocol for real-time data transfer

[RFC1190]

• IPv6 was called IPng in the early days of protocol development stage

26

IPv6 Background • August 1990

– First wakeup call by Solensky in IETF on IPv4 address exhaustion

• December 1994– IPng working group was formed within IETF [RFC1719] – List of technical criteria was defined to choose IPng [RFC1726]

• January 1995– IPng director recommendation to use 128 bit address [RFC1752]

• December 1995– First version of IPv6 address specification [RFC1883]

• December 1998– Updated version changing header format from 1st version [RFC2460]

27

Motivation Behind IPv6 Protocol • Plenty of address space (IoT - Mobile Phones, Tablet

Computers, Car Parts, etc. J )• Need for hierarchical addressing, which IPv4 is unable to

provide– Aggregation at each level – Simplifies ACLs/filters/firewall rules– Less routing table entries

• True E2E communication by eliminating NAT– Peer-to-peer services (VOIP, Video Conferencing) becomes more

efficient

• Secure transfer of data and faster packet processing • Stable service for mobile network

28

Network Prefix - Global Routing Table

29

Stat source: http://www.cidr-report.org/as2.0/

De-aggregation: 692922/59576= 11.63 Prefix/ASN

(as of Dec 15, 2017)

(IPv4)Active AS Number


30

Stat source: http://bgp.potaroo.net/v6/as2.0/index.html

De-aggregation: 44820/14483= 3.09 Prefix/ASN

(as of Dec 15, 2017)

(IPv6)

Active AS Number

Changes Compared with IPv4• Address Space

– Increase from 32-bit to 128-bit address space

• Management– Stateless autoconfiguration (SLAAC) means no more need to configure

IP addresses for end systems, even via DHCP

• Performance– Simplified header means efficient packet processing – No header checksum re-calculation at every hop (when TTL is

decremented) => left to lower and upper layers!

• No hop-by-hop fragmentation - PMTUD

31

Changes Compared with IPv4• Directed data flow

– Uses multicast instead of broadcast (saves resources - CPU, BW)– Flow label to identify packets belonging to a flow

• Mobile IPv6 – Eliminate triangular routing to simplify IP mobility– Directly routed from correspondent node to mobile node, bypass home

agent

• Network Layer Security– IPv6 implements network layer encryption and authentication using

IPsec (built-in to the protocol)– Routing Protocol authentication

• Built-in support for QoS – Flow Label, Traffic Class

32

Questions?

Protocol Header Comparison

• IPv4 contains 10 basic header fields, while IPv6 has 6 basic header fields

• IPv6 header size is 40 octets compared to 20 octets for IPv4

• So a smaller number of header fields and the header is 64-bit aligned to enable fast processing by current processors

• Next Header – Identifies the type of header immediately following IPv6 header (upper layer)Diagram Source: www.cisco.com

35

IPv6 Protocol Header Format • Version:

– A 4-bit field, same as in IPv4. It contains the number 6 instead of the number 4 for IPv4

• Traffic class: – A 8-bit field similar to the type of service

(ToS) field in IPv4. It tags packet with a traffic class that it uses in differentiated services (DiffServ). These functionalities are the same for IPv6 and IPv4.

• Flow label: – A completely new 20-bit field. It tags a

flow for the IP packets. It can be used for multilayer switching techniques and faster packet-switching performance

IPv6 Protocol Header Format • Payload length:

– This 16-bit field is similar to the IPv4 Total Length Field, except that with IPv6 the Payload Length field is the length of the data carried after the header, whereas with IPv4 the Total Length Field included the header. 216 = 65536 Octets.

• Next header: – The 8-bit value of this field determines the type of

information that follows the basic IPv6 header. It can be a transport-layer packet, such as TCP or UDP, or it can be an extension header. The next header field is similar to the protocol field of IPv4.

• Hop limit: – This 8-bit field defines by a number which count

the maximum hops that a packet can remain in the network before it is destroyed. With the IPv4 TLV field this was expressed in seconds and was typically a theoretical value and not very easy to estimate.

IPv6 Extension Header • IPv6 allows an optional Extension Header in between the

IPv6 header and upper layer header– to carry additional Internet layer information, identified by the unique

Next Header values

38

IPv6 Header (Next Header = 6) TCP header + data

IPv6 Header Next Header = 44

Fragment headerNext header = 6 TCP header + data

Next Header values:0 Hop-by-hop option2 ICMP6 TCP17 UDP43 Source routing44 Fragmentation50 Encrypted security payload51 Authentication59 Null (No next header)60 Destination option

Extension Header

IPv6 Extension Header (contd)

• An IPv6 packet may carry none or many extension headers– A next header value/code of 6 (TCP) indicates there is no extension

header– the next header field points to TCP header, which is the payload

• Unless the next header value is 0 (Hop-by-Hop option), extension headers are processed only by the destination node, specified by the destination address.

39

Fragmentation Handling in IPv6• Unlike IPv4, in IPv6, fragmentation is only performed by the

host/source nodes, and not the routers along the path.

• Each source device tracks the MTU size for each session

• When an IPv6 host has large amount of data to be sent, it will be send in a series of IPv6 packets (fragmented)– IPv6 hosts use Path MTU Discovery (PMTUD) to determine the most

optimum MTU size along the path

Source: www.cisco.com

40

Path MTU Discovery

• With PMTUD, the source IPv6 device assumes the initial PMTU is the MTU of the first hop in the path– upper layers (Transport/Application) send packet sizes based on the

first hop MTU

– If the device receives an “ICMP packet too big” message, it informs the upper layer to reduce its packet size, based on the actual MTU size (contained in the message) of the node that dropped the packet

41

MTU 1500 MTU 1200 MTU 1100 MTU 1500

PATH MTU =1100 PATH MTU =1100

IPv6 Header Compression

• IPv6 header size is double then IPv4• Some time it becomes an issue on limited bandwidth link i.e

Radio• Robust Header Compression [RoHC] standard can be used

to minimize IPv6 overhead transmission in limited bandwidth link

• RoHC is IETF standard for IPv6 header compression

42

Questions?

• An IPv6 address is 128 bits long• Number of IPv6 addresses : 2^128 = 3.4 x 1038

• IPv6 address is represented in hexadecimal – 4-bits (nibble) represent a hexadecimal digit– 128 bits get reduced to 32 hexadecimal digits– represented as eight hextets (4 nibbles or 16 bits), each separated by

a colon (:)

2001:ABCD:1234::DC0:A910

1010 1001 0001 0000

nibble

45

Hextet

IPv6 Address Representation

IPv6 Address Representation (2) 2001:0DB8:0000:0000:0000:036E:1250:2B00

• Abbreviated form of address

2001:0DB8:0000:0000:0000:036E:1250:2B00

– Leading zeroes (0) in any hextet can be omitted2001:DB8:0:0:0:36E:1250:2B00

– A double colon (::) can replace contiguous hextet segments of zeroes

2001:DB8::36E:1250:2B00

– (::) can only be used once!

Sequence of 0s

Leading 0s

Double colons

46

IPv6 Address Representation (3)

• Double colons (::) representation– RFC5952 recommends that the rightmost set of :0: be replaced with

:: for consistency2001:DB8:0:0:2F:0:0:5

2001:DB8:0:0:2F::5 instead of 2001:DB8::2F:0:0:5

• Prefix Representation– Representation of prefix is similar to IPv4 CIDR

→ prefix/prefix-length2001:DB8:12::/40

47

Exercise 1

1. 2001:0db8:0000:0000:0000:0000:0000:00002. 2001:0db8:0000:0000:d170:0000:0100:0ba8

3. 2001:0db8:0000:0000:00a0:0000:0000:10bc4. 2001:0db8:0fc5:007b:ab70:0210:0000:00bb

IPv6 Addressing Model• Unicast Address

– Assigned to a single interface– Packet sent only to the interface with that address

• Anycast Address– Same address assigned to more than one interface

(on different nodes)– Packet for an anycast address routed to the nearest

interface (routing distance)

• Multicast Address– group of interfaces (on different nodes) join a

multicast group– A multicast address identifies the group of interfaces– Packet sent to the multicast address/group is

replicated to all interfaces in the group

49

RFC 4291

AB

A

A

B

B

B

B

Special Unicast Addresses

• Unspecified Address (absence of a address) ::/128

• Loopback (test OSI/TCP-IP stack implementation)::1/128

• IPv4-mapped IPv6 address (IPv6 address for IPv4 nodes)::FF/96 + [32-bit IPv4 address]Example: ::FFFF:192.168.41.90

50

Global Unicast Addresses• Globally unique and routable IPv6 address• Currently, only global unicast address with first three bits of

001 have been assigned 0010 0000 0000 0000 (2000::/3)

0011 1111 1111 1111 (3FFF::/3)

• IANA gives a /12 each from 2000-3FFF::/3 to each RIR

51

APNIC 2400::/12ARIN 2600::/12LACNIC 2800::/12RIPE NCC 2A00::/12AfriNIC 2C00::/12

Global Unicast Addresses

52

0010 0000 0000 0000 (2000)0011 1111 1111 1111 (3FFF)

Global Routing Prefix(2000::/3 – 3FFF::/3)

Global Unicast Address001

3 bits

APNIC 2400::/12ARIN 2600::/12LACNIC 2800::/12RIPE NCC 2A00::/12AfriNIC 2C00::/12

RIR

12 bits 128 bits

IPv6 Addressing Structure

Subnet ID

48-56 bits

128 bits

8-16 bits

Customer/Site Prefix

64 bits

53

Interface ID

Network PrefixRFC 6177

• Customer/Site Prefix: assigned to a customer site (group of links/subnets)– RIRs generally assign a /32 to ISPs– ISPs/RIRs ‘would’ assign /48s or /56s to customers

• Subnet ID/prefix: identifies subnets/links within a site

• Interface ID: host portion of IPv6 address– how many hosts can be supported within a subnet

IPv6 Addressing Structure

54

1 128

ISP /32

20

128 bits

Customer site /48

16

End site subnet /64

16 64

Device 128-bit address

Interface ID65

Network prefix 64

Unicast /3

3

Regional /12

9

ISP given global prefix SLAAC interface ID


55

/12

/12

/12

/12/12

/3

ISP /32

ISP /32 ISP /32

ISP /32ISP /32

Enterprise /48

Enterprise /48

Enterprise /48

Enterprise /48Enterprise /48

Subnetting (Example)

• Provider A has been allocated an IPv6 block 2001:DB8::/32

• Provider A will delegate /48 blocks to its customers• Find the blocks provided to the first 4 customers

56


2001:0DB8::/32

2001:0DB8:0000:/48

Original block:

Rewrite as a /48 block: This is your network prefix!

How many /48 blocks are there in a /32?

Find only the first 4 /48 blocks…

57

48-32 = 16 (/48 blocks in a /32)


2001:0DB8:0000::/48 In bits

0000 0000 0000 0000 2001:0DB8: ::/48

0000 0000 0000 0001 2001:0DB8: ::/48

0000 0000 0000 0010 2001:0DB8: ::/48

0000 0000 0000 0011 2001:0DB8: ::/48

Start by manipulating the LSB of your network prefix – write in BITS

2001:0DB8:0000::/48

2001:0DB8:0001::/48

2001:0DB8:0002::/48

2001:0DB8:0003::/48

Then write back into hex digits

58

Exercise 1.1: IPv6 subnetting

Identify the first four /36 address blocks out of 2406:6400::/32

1. _____________________2. _____________________3. _____________________4. _____________________

59

Exercise 1.2: IPv6 subnetting

Identify the first four /35 address blocks out of2406:6400::/32

1. _____________________2. _____________________3. _____________________4. _____________________

60

Link-local Unicast Addresses

61

• Auto configured address– Every IPv6 enabled device must have a link-local address– To communicate with other IPv6 devices on the same link– FE80::/10

• The link-local address is used by routers as the next-hopaddress when forwarding IPv6 packets

• All IPv6 hosts on a subnet/link, uses the router’s link-local as the default gateway– Routers use the link-local as the source in RA messages (neighbor

discovery)s

Unique-Local Addresses

• FC00::/7• Unique-Local Addresses (ULAs) are NOT routable on the

Internet– L-bit set to 1 – which means the address is locally assigned– Addresses similar to the RFC 1918 (private address) in IPv4 – Ensures uniqueness

• ULAs are used for:– Isolated networks– Local communications & inter-site VPNs

• Example webtools to generate ULA prefix– http://www.sixxs.net/tools/grh/ula/

Well-known Multicast Addresses

• Multicast addresses can only be destinations and never a sourceFF00::/8

• Pre-defined multicast addresses:– FF02::1 All nodes multicast

• All IPv6 enabled devices join this multicast group• Packets sent to this address is received by all nodes

– FF02::2 All routers multicast• The moment IPv6 is enabled on a router (ipv6 unicast-routing), the router becomes a

member of this group

– FF02::1:FFXX:XXXX/104 Solicited Node multicast• NS messages (~IPv4 ARP request) are sent to this address• Uses the least significant 24-bits of its unicast/anycast address• Must compute and join for every unicast (link-local & global) on a interface

63

Well-known Multicast Addresses

• Pre-defined multicast addresses:

– FF02::1:2 All DHCP Servers/Relay Agents• Clients use this multicast address to discover any DHCPv6 servers/relays on the

local link (link-scoped)

– FF05::1:3 All DHCP servers• Generally used by Relays to talk to servers• Site-scoped

64

Modified EUI-64 format

• Allows IPv6 device to compute a unique 64 bit Interface ID using the interface MAC address (48 bit)

– MAC address is split into two 24 bit halves

– Then 0xFFFE is inserted between the two halves

– Invert 7th bit (U/L) to get the EUI-64 address

65

00 21 48A2102F

00 21 48A2102F FF FE

0000 00000000 0010

02 21 48A2102F FF FE

IPv6 Addressing ExamplesLAN: 2001:db8:213:1::/64

Ethernet0

MAC address: 0060.3e47.1530interface Ethernet0ipv6 address 2001:db8:213:1::/64 eui-64

router# show ipv6 interface Ethernet0Ethernet0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::260:3EFF:FE47:1530Global unicast address(es):

2001:db8:213:1:260:3EFF:FE47:1530, subnet is 2001:db8:213:1::/64Joined group address(es):

FF02::1:FF47:1530FF02::1FF02::2

MTU is 1500 bytes

ICMPv6 Neighbor Discovery• Router Solicitation (RS):

– sent by IPv6 host to "all routers" multicast to request RA

• Router Advertisement (RA): – sent by a IPv6 router to the "all nodes" multicast (200 secs)– IPv6 prefix/prefix length, and default gateway

• Neighbor Solicitation (NS): – sent by IPv6 host to the "solicited node" multicast to find the MAC

address of a given IPv6 address (IPv4 ARP request).

• Neighbor Advertisement (NA): – sent by a device in response to a NS message and informs of its MAC

address.

• ICMPv6 Redirect: – informs the source of a better next-hop

67

RFC 4861

IPv6 Neighbour Discovery (ND)

68

IPv6 Address Resolution

69

ICMPv6 NS Type135

ICMPv6 NA Type136

SMAC: 00:26:BB:06:FF:81 DMAC: 33:33:FF:00:00:20

Source IPv6: FE80::0226:BBFF:FE06:FF81

Destination IPv6:FF02:0:0:0:0:1:FF00:0020

Payload

Multicast

Unicast

SMAC: 00:26:BB:06:FF:82 DMAC: 00:26:BB:06:FF:81

Source IPv6: FE80::0226:BBFF:FE06:FF82

Destination IPv6:FE80::0226:BBFF:FE06:FF81

Payload

1

2

IPv6 Address Resolution

70

IPv6 Packet

IPv6 Packet


Source IPv6:2406:6400::0010

Dest IPv6:2406:6400::0020

Payload

Unicast

Unicast


Source IPv6: 2406:6400::0020

Dest IPv6:2406:6400::0010

Payload

3

4

IPv6 Address Auto-configuration

• Stateless address auto-configuration (SLAAC)– No manual configuration required– Gets the IPv6 prefix and prefix length from the local router– EUI-64 to compute the interface ID

• Stateful - DHCPv6– To track address assignments

71

Stateless Address Autoconfig (1)

72

RFC 2462

When a host joins a link/subnet:• It auto-generates a link-local using the

FE80::/10 prefix and EUI-64:– Ex: FE80::346A:3BFF:FE76:CAF9

• DAD is performed on the link-local:– NS message is sent to the “solicited-node”

multicast (FF02::1:FF76:CAF9), with ::/128 as the source

– If no NA message is received back, the generated address can be used• If a node is using the link-local, it would send a NA message

to the “all-nodes” multicast (FF02::1)

FE80::346A:3BFF:FE76:CAF9

NS

Stateless Address Autoconfig (2)

73

Once the node has a link-local address:• sends a RS message to the ”all-routers” multicast

(FF02::2)– link-local as the source address

• The router responds with a RA message– IPv6 prefix and prefix length– link-local is the source – Managed and Other flags are not set!

• The node generates the IPv6 address– uses the received prefix (2001:DB8::/64)– Interface ID (EUI-64)– 2001:DB8::346A:3BFF:FE76:CAF9– DAD not necessary (link-local validated for the same

interface!)

FE80::346A:3BFF:FE76:CAF92001:DB8::346A:3BFF:FE76:CAF9

RS

RA

2001:DB8::/64

Stateful Autoconfig – DHCPv6 (1)

74

RFC 3315

DHCPv6 is used:– If there are no router(s) on the subnet/link, OR– If the RA message specifies to get addressing information via

DHCPv6

If the router’s RA message has the:

– O (other) flag set: stateless DHCPv6• auto-generate IPv6 address (IPv6 prefix, prefix length in the RA)• obtain other information (DNS server, domain) via DHCPv6

– M (managed) flag set:• obtain all addressing information via DHCPv6• ‘O’ flag is redundant

1. Client sends Solicit message to FF02::1:2 to find any available DHCPv6 servers

2. Server responds with an Advertise message• the tentative IPv6 address• Other parameters (DNS, domain, default gateway,

lease time)• could receive multiple Advertise messages

3. Client selects the server, and sends a Requestasking to confirm the indicated IPv6 address• Usually the server that responds first

4. Server responds with a Reply to confirm the assignment

5. Performs DAD before using!

Stateful Autoconfig – DHCPv6 (2)

75

Solicit

Advertise

Request

Reply

IPv6 Client DHCPv6 Server

IPv6 Interface ID – Privacy Concerns

• Overcome the ability to track (interface ID based on MAC address):– Temporary address (changes): outgoing connections– Secured address: incoming connection

Temp > 2001:dc0:a000:4:84a3:49b6:1919:26fbSecured> 2001:dc0:a000:4:108b:3690:9335:b7ecTemp > 2001:dc0:a000:4:14e6:d4a3:815d:91dd

• Ease network management yet improve privacy:– Stable interface identifiers for each subnet

Secured> 2001:dc0:a000:4:cbb:347c:6215:1083

76

RFC 4941

RFC 7217

Zone IDs for Link-localsInterface en0 - fe80::4e0:37e4:c5d1:c845%en0Interface en5 - fe80::aede:48ff:fe00:1122%en5

• Zone IDs help uniquely distinguish which link/subnet an interface is connected to

• To ping a remote IPv6 node, use your interface zone ID (so that the response packet has a path)

77

Quiz of Zone ID

• Please write down the commands:– PCA ping PCB– PCA telnet PCC

78

fe80::a1%11

fe80::a2%12

PCA

PCB

PCC

fe80::b1%1

fe80::c1%en0

Questions?

Configuration of IPv6 Node Address

81

Quantity Address Requirement ContextOne Loopback [::1] Must define Each nodeOne Link-local Must define Each InterfaceZero to many

Unicast Optional Each interface

Zero to many

Unique-local Optional Each interface

One All-nodes multicast[ff02::1]

Must listen Each interface

One Solicited-node multicast ff02:0:0:0:0:1:ff/104

Must listen Each unicast and anycast define

Any Multicast Group Optional listen Each interface

Exercise 1: IPv6 Host Configuration

• Configuring an interface– netsh interface ipv6 add address “Local Area Connection” 2406:6400::1

• Prefix length is not specified with address which will force a /64 on the interface


Verify your Configuration• c:\>ipconfig

Verify your neighbor table

• c:\>netsh interface ipv6 show neighbors• # ip -6 neigh show [Linux]• #ndp –a [Mac OS]


• Disable privacy state variable

C:\> netsh interface ipv6 set privacy state=disable OR

C:\> netsh interface ipv6 set global randomizeidentifiers=disabled


Testing your configuration

• ping fe80::260:97ff:fe02:6ea5%4

Note: the Zone id is YOUR interface index


• Enabling IPv6 on Linux– Set the NETWORKING_IPV6 variable to yes in

/etc/sysconfig/network# vi /etc/sysconfig/networkNETWORKING_IPV6=yes# service network restart

• Adding IPv6 address on an interface# ifconfig eth0 add inet6 2406:6400::1/64


• Configuring RA on Linux– Set IPv6 address forwarding on# echo 1 > /proc/sys/net/ipv6/conf/all/forward– Need radvd-0.7.1-3.i386.rpm installed– On the demon conf file /etc/radvd.conf# vi /etc/radvd.confInterface eth1 {advSendAdvert on;prefix 2406:6400::/64 {AdvOnLink on; }; };


• Enabling IPv6 on FreeBSD– Set the ipv6_enable variable to yes in the /etc/rc.conf# vi /etc/rc.confIpv6_enable=yes

• Adding IPv6 address on an interface# ifconfig fxp0 inet6 2406:6400::1/64


• Configuring RA on FreeBSD– Set IPv6 address forwarding on# sysctl -w net.inet6.ip6.forwarding=1

- Assign IPv6 address on an interface# ifconfig en1 inet6 2001:07F9:0400:010E::1 prefixlen 64

- RA on an interface# rtadvd en1


• Configure RA on Cisco Config t

Interface e0/1

Ipv6 nd prefix-advertisement 2406:6400::/64

• Configure RA on Huawei[RouterA] interface gigabitethernet 1/0/0

[RouterA-GigabitEthernet1/0/0] ipv6 enable

[RouterA-GigabitEthernet1/0/0] ipv6 address 3001::1/64

[RouterA-GigabitEthernet1/0/0] undo ipv6 nd ra halt

90

Questions?

IPv6 Address Planning

• Network Operators allocated /32 by RIRs

• Global Routing prefix /48– /56 (ISPs to end site)– Upstream could filter anything smaller– Consider the routing table size!

IPv6 Address Planning

• Future traffic engineering needs?– Contiguous assignment vs Split assignment

• Shift in thought:– IPv4: number of hosts– IPv6: number of subnets!

IPv6 Address Plan: ISP Infra

• Loopbacks

• Point-to-Point links

• Internal Server LAN– Also called NOC LAN– Not seen from outside

• External Server LAN– Mail, DNS, etc

Addressing Plans – ISP Infrastructure

• Address block for infrastructure– /48 allows 65k subnets– /48 per region (for the largest international networks)– /48 for whole backbone (for the majority of networks)– Summarise between sites if it makes sense

• Address block for router loopback interfaces– Generally number all loopbacks out of one /48 (/60 and /64 also

common)– /128 per loopback

Addressing Plans – ISP Infrastructure

• What about LANs?– /64 per LAN

• What about Point-to-Point links?– Protocol design expectation is that /64 is used– /127 now recommended/standardised

• http://www.rfc-editor.org/rfc/rfc6164.txt• (reserve /64 for the link, but address it as a /127)

– Other options:• /126s are being used (mirrors IPv4 /30)• /112s are being used

– Leaves final 16 bits free for node IDs• Some discussion about /80s, /96s and /120s too

Addressing Plans – Enterprise Customer• Consider regional delegation

– Aggregation in mind!– /40 per region?

• One /48 per customer– Could be transit customers or leased line customers– Could be given additional /48s as they grow

• Common to see ISPs give:– /56 to mid-sized customers– /64 or /60 for very small customers– Please share your experience

Addressing Plans– Customer WAN links

• Either use from their own /48 block– /64 from their block

• Dedicate a /48 block for customer WAN links– Helps to monitor customer links– Not to be mistaken with the trusted infra PtP block!– Actual addressing still the same:

• Reserve /64 and use /127

• Carried in iBGP (not IGP)– Aggregated at the GW router or POP routers

Addressing Plans– Broadband Customer

• Depends on your deployment– ND-RA for CPE WAN side

• A /64 prefix on BRAS can still support 2^64 CPEs through SLAAC– DHCP-PD for CPE LAN side

• A /48 pool on each BRAS (65k /64s can be delegated)

• Dedicate a /40 (or bigger) for Broadband network– /48s out of the /40 to each BRAS– Announced in iBGP by BRAS

Addressing Plans– DC services

• DC infra blocks from your infra block– Loopbacks– PtP links

• dedicate /40 for Data Center (hosted) services– Depends on DC architecture– Dedicated VLAN/subnet per service?

• /64 per VLAN/subnet (2^64 servers)– Dedicated subnet per customer (customer buys VMs/hosts services)?

• /64 per customer or subnet (2^64 VMs)

– Announced in iBGP (DC border router)

Addressing Plans– Traffic Shaping

• Borrow from IPv4– sub-aggregates to shape traffic– Difficult with contiguous assignment

• Assign customer prefixes (that attract traffic) from both ends of address space– Infrastructure prefix do not attract traffic

Addressing Plans– Traffic Shaping

• Customer prefixes assigned from each /33 sub-prefix– Similar to IPv4 sub-aggregates!– Allows us to balance incoming traffic

Addressing Plans - Planning

• Registries will usually allocate the next block to be contiguous with the first allocation– Minimum allocation is /32– Very likely that subsequent allocation will make this up to a /31– So plan accordingly

Addressing Plans - Example

• One ISP– Has 2001:db8::/32 address block– Takes first /48 for network infrastructure

• First /64 for loopbacks• Last /60 for NOC

– Remainder of address space for delegation to customers, content hosting and broadband pools

• Network Operator has 20 PoPs around the country

Example: Allocations from the /32

Address Block PurposeSingle /64 LoopbacksSingle /48 Backbone Point to Point links (/64 each)Single /40 65536 Broadband Customers in Region 1 (/56 each)Single /40 256 Enterprise Customers in Region 1 (/48 each)Single /40 65536 Broadband Customers in Region 2 (/56 each)Single /40 256 Enterprise Customers in Region 2 (/48 each)….

Master allocation documentation would look like this:

Example: High Level PlanPrefix Assignment2001:db8:0000::/32 ISP Block

2001:db8:0000::/40 Infrastructure(Loopbacks, PtP)2001:db8:0100::/40 Enterprise Customers Reg12001:db8:0200::/40 Broadband Customers Reg12001:db8:0300::/40 Enterprise Customers Reg32001:db8:0400::/40 Broadband Customers Reg3…..

2001:db8:8100::/40 Enterprise Customers Reg22001:db8:8200::/40 Broadband Customers Reg22001:db8:8300::/40 Enterprise Customers Reg42001:db8:8400::/40 Broadband Customers Reg4…..

Example: InfrastructurePrefix Assignment2001:db8::/32 ISP Block

2001:db8:0000::/40 Infrastructure(Loopbacks, PtP)2001:db8:0000::/64 Loopbacks2001:db8:0001::/48 Point-to-Point2001:db8:0002::/48 NOC2001:db8:0003::/48 Future Infra use2001:db8:0004::/48

2001:db8:0005::/48……2001:db8:00ff::/48

Example: Enterprise Customers Reg1Prefix Assignment2001:db8::/32 ISP Block

2001:db8:0100::/40 Enterprise Customers Reg12001:db8:0100::/48 Customer WAN Links2001:db8:0101::/48 Customer1 in Region12001:db8:0102::/48 Customer2 in Region12001:db8:0103::/48 Future Customers use2001:db8:0104::/48

2001:db8:0105::/48……2001:db8:01ff::/48

Example: CustomerPrefix Assignment2001:db8::/32 ISP Block

2001:db8:0200::/40 Broadband Customers Reg12001:db8:0200::/48 Broadband Pool 1 in Region 12001:db8:0201::/48 Broadband Pool 2 in Region 12001:db8:0202::/48 Broadband Pool 3 in Region 12001:db8:0203::/48 Future Customers use2001:db8:0204::/48

2001:db8:0205::/48……2001:db8:02ff::/48


2001:db8:8100::/40 Enterprise Customers Reg32001:db8:8100::/48 Customer WAN Links2001:db8:8101::/48 Customer1 in Region22001:db8:8102::/48 Customer2 in Region22001:db8:8103::/48 Future Customers use2001:db8:8104::/48

2001:db8:8105::/48……2001:db8:81ff::/48


2001:db8:8200::/40 Broadband Customers Reg22001:db8:8200::/48 Broadband Pool 1 in Region 22001:db8:8201::/48 Broadband Pool 2 in Region 22001:db8:8202::/48 Broadband Pool 3 in Region 22001:db8:8203::/48 Future Customers use2001:db8:8204::/48

2001:db8:8205::/48……2001:db8:82ff::/48

Training ISP Network Topology

• Scenario:– Training ISP has 4 main operating area or region– Each region has 2 small POP– Each region will have one datacenter to host content– Regional network are inter-connected with multiple link


Training ISP Topology Diagram


• Regional Network:– Each regional network will have 3 routers– 1 Core & 2 Edge Routers– 2 Point of Presence (POP) for every region– POP will use a router to terminate customer network i.e

Edge Router– Each POP is an aggregation point of ISP customer


• Access Network:– Connection between customer network & Edge router– Usually 10 to 100 MBPS link– Separate routing policy from most of ISP– Training ISP will connect them on edge router with

separate customer IP prefix

• Transport Link:– Inter-connection between regional core router– Higher data transmission capacity then access link– Training ISP has 2 transport link for link redundancy– 2 Transport link i.e Purple link & Green link are connected

to two career grade switch


Training ISP Core IP Backbone


• Design Consideration:– Each regional network should have address summarization

capability for customer block and CS link WAN.– Prefix planning should have scalability option for next

couple of years for both customer block and infrastructure– No Summarization require for infrastructure WAN and

loopback address


• Design Consideration:– All WAN link should be ICMP reachable for link monitoring

purpose (At least from designated host) – Conservation will get high preference for IPv4 address

planning and aggregation will get high preference for IPv6 address planning.


• Design Consideration:– OSPF is running in ISP network to carry infrastructure IP

prefix – Each region is a separate OSPF area– Transport core is in OSPF area 0– Customer will connect on either static or eBGP (Not OSPF)– iBGP will carry external prefix within ISP core IP network

Training ISP IPv6 Addressing Plan

Example Address Plan

• IPv6 Allocation Form Registry is– 2406:6400::/32

• IPv4 Allocation From Registry is– 172.16.0.0/19


•


Table 4: Datacenter prefix summarization options Block# Prefix Description Reverse Domain

12 2406:6400:0800:0000::/39 Region 1 DC Summary [R2] 13 2406:6400:0a00:0000::/39 Region 2 DC Summary [R5] 14 2406:6400:0c00:0000::/39 Region 3 DC Summary [R8] 15 2406:6400:0e00:0000::/39 Region 4 DC Summary [R11]

!

Training ISP IPV4 Addressing Plan

Training ISP IPV4 Addressing Plan

Training ISP IPv4 Address Plan

R12

R4

R5

SW1 SW2

R2

R1

R3

R7

R8R11

R10

fa0/1

fa0/

0e1

/3

e1/0

e1/0fa0/0

fa0/0

e1/1

e1/1

e1/1

e1/0

172.

16.1

0.8/

30

9

10

172.

16.1

0.0/

3017

2.16

.10.

4/30

2

1

5

6

172.16.0.0/23

1

172.

16.1

6.0/

2317

2.16

.18.

0/23

1

1

172.16.13.0/24

172.16.12.0/24

1

2

fa0/

1fa

0/1

fa0/1

fa0/

0

e1/3

e1/0

e1/1

e1/0 fa0/0

e1/1

e1/1

e1/0 fa0/0

e1/0

e1/3

e1/0

e1/1

e1/1

e1/0 fa0/0

fa0/0

e1/3

e1/0

e1/1

e0/0

e1/0

e1/1

e1/1

fa0/0

fa0/0

1

2

172.16.2.0/23

172.16.24.0/23

172.16.4.0/23172.16.6.0/23

172.

16.2

8.0/

2317

2.16

.30.

0/23

172.16.10.32/30

33

34R6

172.16.10.24/30172.16.10.28/30

25

29

26

30

57

58

49

53

50

54

R9

172.16.10.56/30

172.16.10.48/30

172.

16.1

0.80

/30

81

82

172.

16.1

0.72

/30

172.

16.1

0.76

/30

74

73

77

78

3

3 4

4

fa0/11fa0/2 fa0/5

fa0/8

fa0/11fa0/2

fa0/

5

fa0/0

fa0/

8

fa0/0

lo 0172.16.15.2/32

lo 0172.16.15.5/32

lo 0172.16.15.8/32

lo 0172.16.15.11/32

lo 0172.16.15.1/32

lo 0172.16.15.3/32

lo 0172.16.15.10/32

lo 0172.16.15.12/32

lo 0172.16.15.4/32

172.16.20.0/23

lo 0172.16.15.6/32

172.16.22.0/23

lo 0172.16.15.7/32

lo 0172.16.15.9/32

172.16.26.0/23

1

1

1

1

1

1

1

1

e1/1 172.16.10.52/30

1

Questions?

Strategies available for Service Providers• Do nothing

– Wait and see what competitors do– Business not growing, so don’t care what happens

• Extend life of IPv4– Force customers to NAT– Buy IPv4 address space on the marketplace

• Deploy IPv6– Dual-stack infrastructure– IPv6 and NATed IPv4 for customers– 6rd (Rapid Deploy) with native or NATed IPv4 for customers– Or various other combinations of IPv6, IPv4 and NAT

Dual-Stack Networks

• Both IPv4 and IPv6 have been fully deployed across all the infrastructure– Routing protocols handle IPv4 and IPv6– Content, application, and services available on IPv4 and IPv6

• End-users use dual-stack network transparently:– If DNS returns IPv6 address for domain name query, IPv6 transport is

used– If no IPv6 address returned, DNS is queried for IPv4 address, and

IPv4 transport is used instead

• It is envisaged that the Internet will operate dual-stack for many years to come

IP in IP Tunnels

• A mechanism whereby an IP packet from one address family is encapsulated in an IP packet from another address family– Enables the original packet to be transported over network of another

address family

• Allows ISP to provide dual-stack service prior to completing infrastructure deployment

• Tunnelling techniques include:– IPinIP, GRE, 6to4, Teredo, ISATAP, 6rd, MPLS

Address Family Translation (AFT)

• Refers to translation of IP address from one address family into another address family– e.g. IPv6 to IPv4 translation (sometimes called NAT64)– Or IPv4 to IPv6 translation (sometimes called NAT46)

Network Address Translation (NAT)

• NAT is translation of one IP address into another IP address• NAPT (Network Address & Port Translation) translates

multiple IP addresses into one other IP address– TCP/UDP port distinguishes different packet flows

Carrier Grade NAT (CGN)

• Network Operator version of Subscriber NAT– Subscriber NAT can handle only hundreds of translations– Carrier Grade NAT can handle millions of translations

• Not limited to just translation within one address family, but does address family translation as well

• Often referred to as Large Scale NAT (LSN)

“Happy Eyeballs” – RFC6555

• The device or application chooses the protocol which will give the user the best experience

• Designed to work around shortcomings in either IPv4 or IPv6 infrastructure, or misconfigured IPv4 or IPv6 destination devices

• Short summary for dual stack device:– Application asks for IPv4 and IPv6 address– If both are returned, application opens connection using IPv6 and

IPv4 simultaneously (or IPv6 first, then IPv4 after a short (few ms) delay)

– Application uses the transport which responds with a connection first

NAT Issues (1)

• How to scale NAT performance for large networks?– Limiting tcp/udp ports per user harms user experience

• CGN deployment usually requires redesign of SP network– Deploy in core, or access edge, or border,…?

• Breaks the end-to-end model of IP• Breaks end-to-end network security

• Breaks non-NAT friendly applications– Or NAT has to be upgraded (if possible)

NAT Issues (2)

• Makes fast rerouting and multihoming more difficult– Moving IPv4 address pools between CGNs for external traffic

engineering

• Address sharing has reputation, reliability and security issues for end-users

• Layered NAT devices (double or even triple NAT)• Mandates that the network keeps the state of the

connections• Makes the NAT device a target for miscreants due to

possible impact on large numbers of users• Makes content hosting impossible

NAT Issues (3)

• Limited ports for NAPT:– Typical user device 400 sessions– TCP/UDP ports per IPv4 address 130k– Implies 130000/400 users 320 users– One IPv4 /22 has: 1024 addresses– One IPv4 /22 could support: 320k users

• Sizing a NAT device has to be considered quite seriously

NAT Issues (4)

• Consumer NAT device:– 3000 sessions means only 7 connected devices!– “NAT table FULL” error messages– “Broken Googlemaps”– “Stuck Internet”

• Carrier Grade NAT device:– 20 million sessions (Cisco ASR9001 ISM)– Which realistically is 50k users (400 sessions per user)– APNIC final /22 only allows 320k users L

• How to support LTE networks?!– Number of users? Public IPv4 addresses for CGN?– Maintaining LTE performance? Throughput of CGN?

Strategy OneDo Nothing

IPv4 only Network

• The situation for many SPs today:– No IPv6 for consumer– IPv4 scaling lasts as long as IPv4 addresses are available

IPv4 Internet

IPv4 host

IPv4+IPv6 host

Subscriber Network IPv4-only SP Network Internet

IPv4

CustomerRouter

IPv6 host

IPv6 Internet

IPv6

IPv4 only: Issues

• Advantages– Easiest and most cost effective short term strategy

• Disadvantages– Limited to IPv4 address availability (RIRs or marketplace)– No access to IPv6– Negative public perception of Network Operator as a laggard– Strategy will have to be reconsidered once IPv4 address space is no

longer available

Strategy TwoExtend life of IPv4 network

Extending life of IPv4 Network

• Two ways of extending IPv4 network– Next step along from “Strategy One: Do nothing”

• Force customers to use NAT– Customers moved to RFC1918 address space– SP infrastructure moved to RFC1918 address space where feasible

• Acquire IPv4 address space from another organisation– IPv4 subnet trading

SP NAT in IPv4-only network

• Next step on from “doing nothing”:– SP introduces NAT in core when IPv4 addresses run out– No access to IPv6 Internet for IPv6 enabled hosts

IPv4 Internet

IPv4 host

IPv4+IPv6 host

Subscriber Network SP IPv4-only Network using RFC1918 addresses

Internet

IPv4

CustomerRouter

IPv6 host

IPv6 Internet

IPv6

SP NATSharing IPv4 address(es)

SP NAT in IPv4-only network: Issues• Advantages

– ISPs can reclaim global IPv4 addresses from their customers, replacing with non-routable private addresses and NAT

– Allows continued IPv4 subscriber growth• Disadvantages

– SP needs a large NAT device in the aggregation or core layers– Has every well known technical drawback of NAT, including prevention of

service deployment by customers– Double NAT highly likely (customer NAT as well as SP NAT)– Sharing IPv4 addresses could have behavioural, security and liability

implications– Tracking association of port/address and subscriber, not to mention

Lawful Intercept issues, are still under study– May postpone IPv6 deployment for a couple of years– Prevents subscribers from using IPv6 content, services and applications

Strategy ThreeIPv4/v6 Coexistence/Transition techniques

IPv4/IPv6 coexistence & transition

• Three strategies for IPv6 transition:– Dual Stack Network

• The original strategy• Depends on sufficient IPv4 being available

– 6rd (Rapid Deploy)• Improvement on 6to4 for SP customer deployment

– 464XLAT or DS-Lite or NAT64 with CGN• SP deploys large NAT boxes to do address and/or protocol translation

• The three strategies are now to some extent interdependent

IPv4/IPv6 coexistence & transition

• Carrier Grade NAT (CGN)– Dual-Stack Lite

• IPv4 to IPv4 over IPv6• Documented in RFC6333

– 464XLAT• IPv4 to IPv4 over IPv6• Documented in RFC6877

– NAT64• Translation between IPv6 and IPv4• Documented in RFC6146

Dual-Stack Network

• The original transition scenario, but dependent on:– IPv6 being available all the way to the consumer– Sufficient IPv4 address space for the consumer and SP core

IPv4 Internet

IPv4 host

IPv4+IPv6 host

Subscriber Network Dual-Stack SP Network Internet

IPv4

CustomerRouter

IPv6 host

IPv6 Internet

IPv6

Dual-Stack Network: Issues

• Advantages – Most cost effective long term model – Once services are on IPv6, IPv4 can simply be discontinued

• Disadvantages – IPv4 growth limited to available IPv4 address space – Running dual-stack network requires extra staff training – IPv6 on existing IPv4 infrastructure might cost extra in terms of

hardware changes (RIB and FIB memories) – IPv6-only end-points cannot access IPv4, but given most IPv6 end-

points are dual-stack, require IPv4 address too

Dual-Stack with SP NAT

• More likely scenario:– IPv6 being available all the way to the consumer– SP core and customer has to use IPv4 NAT due to v4 depletion

IPv4 Internet

IPv4 host

IPv4+IPv6 host

Subscriber Network Dual-Stack SP Network using RFC1918 addresses

Internet

IPv4

CustomerRouter

IPv6 hostIPv6

Internet

IPv6


Dual-Stack with SP NAT: Issues• Advantages

– ISPs can reclaim global IPv4 addresses from their customers, replacing with non-routable private addresses and NAT

– Allows continued IPv4 subscriber growth – SP can offer IPv6 connectivity too – Does not postpone IPv6 deployment – SP NAT off-load (compared with IPv4-only network)

• Disadvantages – SP needs a large NAT device in the aggregation or core layers – Has every well known technical drawback of NAT, including prevention of service

deployment by customers – Double NAT highly likely (customer NAT as well as SP NAT) – Sharing IPv4 addresses could have behavioural, security and liability implications – Tracking association of port/address and subscriber, not to mention Lawful

Intercept issues, are still under study – SP incurs additional investment and operational expenditure by deploying an

IPv6 infrastructure

Dual-Stack with SP-NAT: Applicability

• For Network Operators who: – Do not have sufficient IPv4 address space and are content deploying

CGN (NAT44) in the core – Are able to reclaim public IPv4 address space from customers for

redeployment on their backbone infrastructure – Have no legacy equipment or infrastructure which does not support

IPv6 – Are willing to support dual-stack CPE

• Note: this is considered the realistic best practice

• Example: – Typical traditional Internet Service Provider deployment

Aside: SP-NAT Offload

• If 50% of end user traffic is IPv6, then this means 50% less IPv4 traffic which has to be mapped and translated via the SP’s CGN installation– The greater the proportion of IPv6 traffic (compared with IPv4), the less

the load is on the CGN devices, and reduced demand on the public IPv4 address pool

– CGN is used simply for accessing legacy IPv4 sites

• Operators with high data volumes realise that by deploying IPv6:– End users have better Internet experience when traffic is not NAT’ed– They have reduced CapEx deploying fewer CGN devices– Savings from reduced CGN CapEx are often greater than the additional

costs to deploy IPv6 to end-users

• This is called SP-NAT Offload

6rd

• 6rd (Rapid Deploy) used where ISP infrastructure to customer is not IPv6 capable (eg IPv4-only BRAS)– Customer has IPv4 Internet access either natively or via NAT– Customer IPv6 address space based on ISP IPv4 block

6rd Tunnel

• 6rd (example): – ISP has 192.168.0.0/16 IPv4 address block– ISP has 2001:db8::/32 IPv6 address block– Final 16 bits of IPv4 address used on customer point-to-point link to create

customer /48 ® customer uses 2001:db8:4002::/48 address space– IPv6 tunnel to ISP 6rd relay bypasses infrastructure which cannot handle IPv6

ISP IPv4 BackboneIPv6

NetworkIPv4

Internet

6rd Router

192.168.64.2Network prefix:2001:db8:4002::/48 ISP IPv4 address block:

192.168.0.0/16

ISP 6rd Relay IPv6 Internet

192

6rd: Issues

• Advantages– The service provider has a relatively quick way of providing IPv6 to their

customer without deploying IPv6 across their infrastructure– Subscribers can readily get access to IPv6– SP NAT off-load (compared with IPv4-only network)– 6rd relay and CPE are becoming available from vendors– 6rd operation is completely stateless, does not have the operational

drawbacks of 6to4, and does not postpone IPv6 deployment

• Disadvantages– 6rd is not a long-term solution for transitioning to IPv6 – one further

transition step to remove the tunnels– CPE needs to be upgraded to support 6rd– The ISP has to deploy one or several 6rd termination devices– If customer or SP uses NAT for IPv4, all NAT disadvantages are

inherited

6rd: Applicability

• For Network Operators who:– Do not have sufficient IPv4 address space and are content deploying

CGN (NAT44) in the core– Are able to reclaim public IPv4 address space from customers for

redeployment on their backbone infrastructure– Have legacy equipment or infrastructure which does not support IPv6

• And realize that it will eventually have to be upgraded– Are willing to run a 6rd Border Router– Are willing to support dual-stack CPE (with 6rd)

• Example:– Broadband operators who have legacy DSLAMs or lease a third party’s

L2 network

• Due to its disadvantages, notably that it is not a long-term solution, this mechanism is less commonly deployed compared to the 464XLAT.

464XLAT

• Service Provider deploys IPv6-only infrastructure:– IPv6 being available all the way to the consumer– IPv4 is transported through IPv6 core to Internet via SIIT on customer

router, and NAT64 on SP NAT device

464XLAT in Mobile Network

464XLAT- IPv6-only to IPv4 ‘Internet’

DNS64

• Generate AAAA records from A records– Allows IPv6 client to talk to IPv4 hosts– If ‘AAAA’ records exists, no synthesis– If only ‘A’ record exist for the queried name (after recursive query),

synthesize to AAAA record

464XLAT-- v4p to IPv4 ‘Internet’

464XLAT: Issues

• Advantages– The SP is using IPv6 across their entire infrastructure, avoiding the IPv4

address pool depletion issue totally– The SP can scale their infrastructure without any IPv4 dependencies– Consumers can transition from IPv4 to IPv6 without being aware of any

differences in the protocols– Devices not supporting IPv6 can access IPv6-only networks– IPv6 packets routed natively– SP NAT off-load (compared with IPv4-only network)

• Disadvantages– SP requires NAT device in core (PLAT – NAT64)– Subscriber router needs to be IPv6 capable and support IPv4/IPv6

header translation (CLAT – SIIT)– Model has all drawbacks of SP NAT model for IPv4 traffic

464XLAT: Applicability

• For Network Operators who:– Are considering “green-field” deployments– Are content running an IPv6-only backbone– Are willing to deploy CGN (PLAT) in the core– Are willing to support dual-stack CPE (CLAT)

• Example:– Mobile operators rolling out a brand new network, with handsets

which have dual-stack radios

• This mechanism has been widely deployed by a number of telecommunication providers including SK Telecom(Korea), Orange(Poland), T-Mobile(USA), and Telstra(Australia).

Dual-Stack Lite

• Service Provider deploys IPv6-only infrastructure:– IPv6 being available all the way to the consumer– IPv4 is tunnelled through IPv6 core to Internet via SP NAT device

IPv4+IPv6 host


CustomerRouter

IPv6 host

IPv6 Internet

IPv6

IPv4 Internet

IPv4 host

IPv4


Tunnel

Dual-Stack Lite

203

DS-LiteCGN

Private IPv4

IPv6 Internet

IPv6

NetworkDS-Lite CPE

• CPE distributes private IPv4 addresses for the LAN clients• CPE uses its global IPv6 connection to deliver the packet to the ISP's

CGN, which has a global IPv4 address.

IPv4Internet

Public IPv6 IPv6

Dual-Stack Lite: Issues

• Advantages– The SP is using IPv6 across their entire infrastructure, avoiding the

IPv4 address pool depletion issue totally– The SP can scale their infrastructure without any IPv4 dependencies– Consumers can transition from IPv4 to IPv6 without being aware of

any differences in the protocols– IPv6 packets routed natively– SP NAT off-load (compared with IPv4-only network)

• Disadvantages– SP requires NAT device in core supporting DS-Lite– Subscriber router needs to be IPv6 capable– Model has all drawbacks of IPv4 address sharing model

Dual-Stack Lite: Applicability

• For Network Operators who:– Are considering “green-field” deployments– Are content running an IPv6-only backbone– Are willing to deploy CGN (DS-Lite) in the core– Are willing to support dual-stack CPE (with DS-Lite)

• Example:– Mobile operators rolling out a brand new network, with handsets

which have dual-stack radios

Stateful AFT (NAT64)

• Service Provider deploys IPv6-only infrastructure:– Only IPv6 is available to the consumer– IPv4 Internet available via Address Family Translation on SP NAT

device

IPv4 host

IPv4+IPv6 host


CustomerRouter

IPv6 hostIPv6

Internet

IPv6

IPv4

IPv4 Internet

SP DNS64

SP NAT64Sharing IPv4 address(es)

NAT64 IPv6

Stateful AFT (NAT64) Details

Stateful AFT: Issues

• Advantages– Allows IPv6 only consumers access to IPv4 based content without

giving them IPv4 address resources– IPv6 services and applications offered natively to consumers– SP network runs IPv6 only, avoiding IPv4 dependencies

• Disadvantages– SP requires NAT device in core– SP’s DNS infrastructure needs to be modified to support NAT64– Subscriber router needs to be IPv6 capable– Subscriber devices need to be IPv6 capable (no legacy support)– Model has all drawbacks of IPv4 address sharing model for IPv4

traffic

Functionalities and Operational Issues• Complexity of operation:

– Moderate in the case of a single network with two address families

• Complexity of troubleshooting:– Running two address families and/or tunnels is assumed to be more

complex

• Breaks end-to-end connectivity in IPv4:– Subscribers sharing a CGN will have little to no hurdles in their

communication– Subscribers separated by one or several CGN will experience some

application issues

Comparing where changes will occur

IPv4 only network

IPv4-onlynetworkwith IPv4NAT

Dual-Stack, no SP NAT

SP IPv4-NAT & Dual-Stack

network

6rd, no IPv4 NAT

6rd with IPv4-NAT

DS-Lite 464XLAT Stateful AFT

Change CPE No No

Only if custom

er wants IPv6

Only if custom

er wants IPv6

Yes Yes Yes Yes Yes

CPE to do AFT to access IPv6

No No No No No No No No No

NAT in core/edge No Yes No Yes No Yes Yes Yes No

AFT in core/edge to access

IPv6

Yes Yes No No No No No No Yes

ConclusionsPotential Scenarios• Most of the content and applications move to IPv6 only;• Most of the content and applications are offered for IPv4 and

IPv6;• Most of the users move to IPv6 only

– Especially mobile operators offering LTE handsets in emerging countries

• No change (the contents/applications stay IPv4 and absence of pro-IPv6 regulation), SP customer expectations devolve to double-NAT;

• No change (the contents/applications stay IPv4) but SP customer expectations do not devolve to double-NAT (or they are ready to pay for peer-to-peer connectivity). – Perhaps well established broadband markets like US or Europe

Recommendations

• Start deploying IPv6 as a long term strategy• Evaluate current addressing usage to understand if IPv4 to

IPv4 NAT is sufficient for transition period• Prepare a translation mechanism from the IPv4 Internet to

the IPv6 Internet• Educate your user based on IPv6 introduction, the use

cases and troubleshooting

Acknowledgements

• Cisco Systems• Dr. Philip Smith

Questions?

APNIC Helpdesk Chat

eLearning – Free to the public

216

apnic.academy

APNIC Academy Web classes

training.apnic.net/courses

YouTube

youtube.com/APNICTraining

Stay up-to-datehttps://mailman.apnic.net/mailman/

listinfo/training-announce

Technical Assistance

• Practical, real-world, hands-on support for network operators on day-to-day operational issues

• Open standard (IETF) technologies, best current operational practices, neutral, vendor independent, technical advice

• Community-driven

• Cost-recovery basis (can be part of training delivery to reduce costs if needed)

Community Trainers

• Subject matter, operational experts– Engineers respected by their

communities– Provide Internet operational

training• Invited regularly to join APNIC

training• They provide important local

knowledge on operational issues and challenges

APNIC Policy Development Process

www.apnic.net/community/policy/participate

The APNIC Foundation

A global, open, stable, and secure Internet that serves the entire Asia Pacific community

https://apnic.foundation

A grants and awards program supporting creative Internet solutions to development needs in the Asia Pacific to achieve positive social and

economic development

Would you like to know more?Awards www.isif.asia/awardGrants www.isif.asia/grant

Details for partnership opportunities www.isif.asia/join_us

Follow us on:

ISIF.asia

@ISIF_Asia

TheISIFGrantsAwards

Next Conference

222

https://2018.apricot.net/register

Later…

223

APRICOT 2019Daejeon, Republic of Korea

18 to 28 February 2019

APNIC 46 Noumea, New Caledonia6 to 13 September 2018

Stay in Touch!

224

blog.apnic.net

apnic.net/social

Thank you

ipv6 workshop - apnic training wiki

Documents