ipv6 workshop - apnic training wiki
TRANSCRIPT
韦蓓 (Jessica Wei)
Training Officer, APNICResponsible for the development and delivery of technical training to the APNIC community and deliver technical assistance to network operating members in the Asia Pacific region.
After graduating from China’s Huazhong University of Science and Technology in 2007 with a degree in electronic engineering, Bei(whose nickname is Jessica) joined Huawei as a network training officer.
Over the next six years, she provided Huawei technical training on LAN/WAN systems, broadband access, IP core and IP mobile backhaul networks as well as working on technical training course design and the development of IP training materials.
Contact: Email: [email protected]
Presenter
Overview IPv6 Workshop
– Where are we now?
– Introduction to IPv6
– IPv6 Protocol Architecture
– IPv6 Addressing and Sub-netting (Including Hands-on Exercise)
– IPv6 Host Configuration (Including Lab Exercise)
– Network Design Overview and IPv6 Addressing Plan (Case Study)
– IPv4 to IPv6 Transition Principle and Strategy (Case Study)
Overview IPv6 Workshop
– Where are we now?
– Introduction to IPv6
– IPv6 Protocol Architecture
– IPv6 Addressing and Sub-netting (Including Hands-on Exercise)
– IPv6 Host Configuration (Including Lab Exercise)
– Network Design Overview and IPv6 Addressing Plan (Case Study)
– IPv4 to IPv6 Transition Principle and Strategy (Case Study)
Global IPv6 End-User Readiness
IPv6 capable = 16.45 (12/12/2017)100% increase in last 12 months!
https://stats.labs.apnic.net/ipv6/ 12/12/2017
IPv6 Economy League tableCC Economy IPv6 Capable
BE Belgium 59.21%
IN India 51.60%
DE Germany 42.94%
US United States 41.11%
CH Switzerland 37.21%
GR Greece 37.16%
UY Uruguay 34.15%
LU Luxembourg 31.99%
GB United Kingdom 27.42%
JP Japan 25.67%
PT Portugal 23.61%
FR France 23.51%
TT Trinidad and Tobago 22.13%
CA Canada 21.69%
https://stats.labs.apnic.net/ipv6/ 12/12/2017
How About Asia?CC Economy IPv6 CapableIN India 51.60%JP Japan 25.67%MY Malaysia 19.26%TH Thailand 10.23%MO Macao SAR 9.13%KR Korea 9.13%VN Vietnam 8.68%LK Sri Lanka 6.04%SG Singapore 5.23%CN China 0.76%ID Indonesia 0.20%
https://stats.labs.apnic.net/ipv6/ 12/12/2017
India
India IPv6 Capable: 52.29%274.57% increase in the last 12 months!
https://stats.labs.apnic.net/ipv6/ 12/12/2017
India IPv6 Leaderboard
ASN Organization IPv6 Capable AS55836 Reliance Jio Infocomm Limited 88.32%AS45271 IDEA Cellular Limited 33.21%AS38266 Vodafone Essar Ltd. 20.47%AS55441 TTSL-ISP DIVISION 15.77%AS17803 BSES TeleCom Limited 14.57%AS23870 Telenor (India) Communication Pvt. Ltd. 12.17%AS10199 Tata Communications Ltd 4.92%AS45609 Bharti Airtel Ltd. 2.22%
https://stats.labs.apnic.net/ipv6/ 12/12/2017
Japan
https://stats.labs.apnic.net/ipv6/ 12/12/2017
Japan IPv6 Capable: 27.13%65.53% increase in last 12 months!
Japan IPv6 LeaderboardASN Organization IPv6 Capable AS7522 STCN STNet, Incorporate 61.92%AS2516 KDDI Corporation 54.07%
AS18144 AS-ENECOM Energia Communications,Inc. 46.48%
AS18126 CTCX Chubu Telecommunications Company, Inc.
44.01%
AS2527 SO-NET Entertainment Corporation 37.50%AS17676 GIGAINFRA Softbank BB Corp. 36.47%AS2518 BIGLOBE Inc. 35.73%AS4685 Asahi Net 29.63%AS4713 OCN NTT Communications Corporation 22.82%
https://stats.labs.apnic.net/ipv6/ 12/12/2017
China IPv6 LeaderboardASN Organization IPv6
Capable AS23910 China Next Generation Internet CERNET2 97.73%AS4538 China Education and Research Network Center 29.63%AS7497 Computer Network Information Center 28.53%AS17964 Beijing Dian-Xin-Tong Network Technologies
Co., Ltd.8.05%
AS136189 Opera Software Technology (Beijing) Co., Ltd. 6.55%AS37943 Zhengzhou GIANT Computer Network
Technology Co., Ltd5.04%
AS17622 GZ China Unicom Guangzhou network 3.55%AS4847 China Networks Inter-Exchange 3.53%AS4809 China Telecom Next Generation Carrier Network 3.20%
https://stats.labs.apnic.net/ipv6/ 12/12/2017
IPv6 Performance
• Enough data accumulated to analyze IPv6 performance• APNIC R&D, Geoff Huston’s recent study
– Presented @ APRICOT 2016 (Feb, 2016)
• Is IPv6 as robust as IPv4:– Do all TCP connection attempt succeed?
• Connection failure = No ACK for acknowledged SYN
– IPv4 connection failure sits at 0.2%– IPv6 connection failure sits at 1.8%
http://www.potaroo.net/presentations/2016-02-22-ipv6-performance.pdf
IPv6 Performance
• Enough data accumulated to analyze IPv6 performance• APNIC R&D, Geoff Huston’s recent study
– Presented @ APRICOT 2016 (Feb, 2016)
• Is IPv6 as fast as IPv4? (IPv6 unicast)– Comparison of RTT (e2e)
• Time since SYN till ACK (factors out any congestion issues)
– IPv6 is faster about half of the time• 36-90ms faster
– IPv6 as fast as IPv4http://www.potaroo.net/presentations/2016-02-22-ipv6-performance.pdf
IPv6 Performance
• There are good use cases and implementation• LinkedIn Senior Director of Infrastructure Engineering, Zaid
Ali Kahn– Presented @ APNIC42 (September, 2016)
• IPv6 at LinkedIn– For some select networks in Europe, LinkedIn is seeing up to 40%
performance improvements over IPv6, and in the US, up to 10%.– TCP timeout on IPv4 over mobile carrier networks is as high as 4.6%
and IPv6 timeouts are on a much lower side at 1.6%.
https://blog.apnic.net/2016/05/13/linkedin-ipv6-measurements/
Industry Trend: Devices Worldwide
Mobiles +50% of all visible devices
Since Oct 2016 Mobile access services represent 75% of all Access Provider revenue
Mobile
Desktop
Tablet
http://gs.statcounter.com/platform-market-share/desktop-mobile-tablet/ 13/12/2017
Industry Trend: Devices in ChinaMobile are now more than
50% of visible devices!
http://gs.statcounter.com/platform-market-share/desktop-mobile-tablet/ 13/12/2017
Mobile
Desktop
Tablet
IPv6 Enabled Devices
• Android and Windows Phone support 464XLAT transitiontechnology– Apple iOS IPv6-only network support since version 9– All Apple AppStore apps must include IPv6 support since early 2016
• Others incld: Huawei E398, E352u, Nokia N/E series
Overview IPv6 Workshop
– Where are we now?
– Introduction to IPv6
– IPv6 Protocol Architecture
– IPv6 Addressing and Sub-netting (Including Hands-on Exercise)
– IPv6 Host Configuration (Including Lab Exercise)
– Network Design Overview and IPv6 Addressing Plan (Case Study)
– IPv4 to IPv6 Transition Principle and Strategy (Case Study)
What is IPv6? • IP (Internet Protocol)
– The most common protocol over the Internet– defines how packets are sent over the internet– Addressing and routing
• Current versions– IPv4 & IPv6
• There was an IPv5 (Internet Stream Protocol)– an experimental network layer protocol for real-time data transfer
[RFC1190]
• IPv6 was called IPng in the early days of protocol development stage
26
IPv6 Background • August 1990
– First wakeup call by Solensky in IETF on IPv4 address exhaustion
• December 1994– IPng working group was formed within IETF [RFC1719] – List of technical criteria was defined to choose IPng [RFC1726]
• January 1995– IPng director recommendation to use 128 bit address [RFC1752]
• December 1995– First version of IPv6 address specification [RFC1883]
• December 1998– Updated version changing header format from 1st version [RFC2460]
27
Motivation Behind IPv6 Protocol • Plenty of address space (IoT - Mobile Phones, Tablet
Computers, Car Parts, etc. J )• Need for hierarchical addressing, which IPv4 is unable to
provide– Aggregation at each level – Simplifies ACLs/filters/firewall rules– Less routing table entries
• True E2E communication by eliminating NAT– Peer-to-peer services (VOIP, Video Conferencing) becomes more
efficient
• Secure transfer of data and faster packet processing • Stable service for mobile network
28
Network Prefix - Global Routing Table
29
Stat source: http://www.cidr-report.org/as2.0/
De-aggregation: 692922/59576= 11.63 Prefix/ASN
(as of Dec 15, 2017)
(IPv4)Active AS Number
Network Prefix - Global Routing Table
30
Stat source: http://bgp.potaroo.net/v6/as2.0/index.html
De-aggregation: 44820/14483= 3.09 Prefix/ASN
(as of Dec 15, 2017)
(IPv6)
Active AS Number
Changes Compared with IPv4• Address Space
– Increase from 32-bit to 128-bit address space
• Management– Stateless autoconfiguration (SLAAC) means no more need to configure
IP addresses for end systems, even via DHCP
• Performance– Simplified header means efficient packet processing – No header checksum re-calculation at every hop (when TTL is
decremented) => left to lower and upper layers!
• No hop-by-hop fragmentation - PMTUD
31
Changes Compared with IPv4• Directed data flow
– Uses multicast instead of broadcast (saves resources - CPU, BW)– Flow label to identify packets belonging to a flow
• Mobile IPv6 – Eliminate triangular routing to simplify IP mobility– Directly routed from correspondent node to mobile node, bypass home
agent
• Network Layer Security– IPv6 implements network layer encryption and authentication using
IPsec (built-in to the protocol)– Routing Protocol authentication
• Built-in support for QoS – Flow Label, Traffic Class
32
Overview IPv6 Workshop
– Where are we now?
– Introduction to IPv6
– IPv6 Protocol Architecture
– IPv6 Addressing and Sub-netting (Including Hands-on Exercise)
– IPv6 Host Configuration (Including Lab Exercise)
– Network Design Overview and IPv6 Addressing Plan (Case Study)
– IPv4 to IPv6 Transition Principle and Strategy (Case Study)
Protocol Header Comparison
• IPv4 contains 10 basic header fields, while IPv6 has 6 basic header fields
• IPv6 header size is 40 octets compared to 20 octets for IPv4
• So a smaller number of header fields and the header is 64-bit aligned to enable fast processing by current processors
• Next Header – Identifies the type of header immediately following IPv6 header (upper layer)Diagram Source: www.cisco.com
35
IPv6 Protocol Header Format • Version:
– A 4-bit field, same as in IPv4. It contains the number 6 instead of the number 4 for IPv4
• Traffic class: – A 8-bit field similar to the type of service
(ToS) field in IPv4. It tags packet with a traffic class that it uses in differentiated services (DiffServ). These functionalities are the same for IPv6 and IPv4.
• Flow label: – A completely new 20-bit field. It tags a
flow for the IP packets. It can be used for multilayer switching techniques and faster packet-switching performance
IPv6 Protocol Header Format • Payload length:
– This 16-bit field is similar to the IPv4 Total Length Field, except that with IPv6 the Payload Length field is the length of the data carried after the header, whereas with IPv4 the Total Length Field included the header. 216 = 65536 Octets.
• Next header: – The 8-bit value of this field determines the type of
information that follows the basic IPv6 header. It can be a transport-layer packet, such as TCP or UDP, or it can be an extension header. The next header field is similar to the protocol field of IPv4.
• Hop limit: – This 8-bit field defines by a number which count
the maximum hops that a packet can remain in the network before it is destroyed. With the IPv4 TLV field this was expressed in seconds and was typically a theoretical value and not very easy to estimate.
IPv6 Extension Header • IPv6 allows an optional Extension Header in between the
IPv6 header and upper layer header– to carry additional Internet layer information, identified by the unique
Next Header values
38
IPv6 Header (Next Header = 6) TCP header + data
IPv6 Header Next Header = 44
Fragment headerNext header = 6 TCP header + data
Next Header values:0 Hop-by-hop option2 ICMP6 TCP17 UDP43 Source routing44 Fragmentation50 Encrypted security payload51 Authentication59 Null (No next header)60 Destination option
Extension Header
IPv6 Extension Header (contd)
• An IPv6 packet may carry none or many extension headers– A next header value/code of 6 (TCP) indicates there is no extension
header– the next header field points to TCP header, which is the payload
• Unless the next header value is 0 (Hop-by-Hop option), extension headers are processed only by the destination node, specified by the destination address.
39
Fragmentation Handling in IPv6• Unlike IPv4, in IPv6, fragmentation is only performed by the
host/source nodes, and not the routers along the path.
• Each source device tracks the MTU size for each session
• When an IPv6 host has large amount of data to be sent, it will be send in a series of IPv6 packets (fragmented)– IPv6 hosts use Path MTU Discovery (PMTUD) to determine the most
optimum MTU size along the path
Source: www.cisco.com
40
Path MTU Discovery
• With PMTUD, the source IPv6 device assumes the initial PMTU is the MTU of the first hop in the path– upper layers (Transport/Application) send packet sizes based on the
first hop MTU
– If the device receives an “ICMP packet too big” message, it informs the upper layer to reduce its packet size, based on the actual MTU size (contained in the message) of the node that dropped the packet
41
MTU 1500 MTU 1200 MTU 1100 MTU 1500
PATH MTU =1100 PATH MTU =1100
IPv6 Header Compression
• IPv6 header size is double then IPv4• Some time it becomes an issue on limited bandwidth link i.e
Radio• Robust Header Compression [RoHC] standard can be used
to minimize IPv6 overhead transmission in limited bandwidth link
• RoHC is IETF standard for IPv6 header compression
42
Overview IPv6 Workshop
– Where are we now?
– Introduction to IPv6
– IPv6 Protocol Architecture
– IPv6 Addressing and Sub-netting (Including Hands-on Exercise)
– IPv6 Host Configuration (Including Lab Exercise)
– Network Design Overview and IPv6 Addressing Plan (Case Study)
– IPv4 to IPv6 Transition Principle and Strategy (Case Study)
• An IPv6 address is 128 bits long• Number of IPv6 addresses : 2^128 = 3.4 x 1038
• IPv6 address is represented in hexadecimal – 4-bits (nibble) represent a hexadecimal digit– 128 bits get reduced to 32 hexadecimal digits– represented as eight hextets (4 nibbles or 16 bits), each separated by
a colon (:)
2001:ABCD:1234::DC0:A910
1010 1001 0001 0000
nibble
45
Hextet
IPv6 Address Representation
IPv6 Address Representation (2) 2001:0DB8:0000:0000:0000:036E:1250:2B00
• Abbreviated form of address
2001:0DB8:0000:0000:0000:036E:1250:2B00
– Leading zeroes (0) in any hextet can be omitted2001:DB8:0:0:0:36E:1250:2B00
– A double colon (::) can replace contiguous hextet segments of zeroes
2001:DB8::36E:1250:2B00
– (::) can only be used once!
Sequence of 0s
Leading 0s
Double colons
46
IPv6 Address Representation (3)
• Double colons (::) representation– RFC5952 recommends that the rightmost set of :0: be replaced with
:: for consistency2001:DB8:0:0:2F:0:0:5
2001:DB8:0:0:2F::5 instead of 2001:DB8::2F:0:0:5
• Prefix Representation– Representation of prefix is similar to IPv4 CIDR
→ prefix/prefix-length2001:DB8:12::/40
47
Exercise 1
1. 2001:0db8:0000:0000:0000:0000:0000:00002. 2001:0db8:0000:0000:d170:0000:0100:0ba8
3. 2001:0db8:0000:0000:00a0:0000:0000:10bc4. 2001:0db8:0fc5:007b:ab70:0210:0000:00bb
IPv6 Addressing Model• Unicast Address
– Assigned to a single interface– Packet sent only to the interface with that address
• Anycast Address– Same address assigned to more than one interface
(on different nodes)– Packet for an anycast address routed to the nearest
interface (routing distance)
• Multicast Address– group of interfaces (on different nodes) join a
multicast group– A multicast address identifies the group of interfaces– Packet sent to the multicast address/group is
replicated to all interfaces in the group
49
RFC 4291
AB
A
A
B
B
B
B
Special Unicast Addresses
• Unspecified Address (absence of a address) ::/128
• Loopback (test OSI/TCP-IP stack implementation)::1/128
• IPv4-mapped IPv6 address (IPv6 address for IPv4 nodes)::FF/96 + [32-bit IPv4 address]Example: ::FFFF:192.168.41.90
50
Global Unicast Addresses• Globally unique and routable IPv6 address• Currently, only global unicast address with first three bits of
001 have been assigned 0010 0000 0000 0000 (2000::/3)
0011 1111 1111 1111 (3FFF::/3)
• IANA gives a /12 each from 2000-3FFF::/3 to each RIR
51
APNIC 2400::/12ARIN 2600::/12LACNIC 2800::/12RIPE NCC 2A00::/12AfriNIC 2C00::/12
Global Unicast Addresses
52
0010 0000 0000 0000 (2000)0011 1111 1111 1111 (3FFF)
Global Routing Prefix(2000::/3 – 3FFF::/3)
Global Unicast Address001
3 bits
APNIC 2400::/12ARIN 2600::/12LACNIC 2800::/12RIPE NCC 2A00::/12AfriNIC 2C00::/12
RIR
12 bits 128 bits
IPv6 Addressing Structure
Subnet ID
48-56 bits
128 bits
8-16 bits
Customer/Site Prefix
64 bits
53
Interface ID
Network PrefixRFC 6177
• Customer/Site Prefix: assigned to a customer site (group of links/subnets)– RIRs generally assign a /32 to ISPs– ISPs/RIRs ‘would’ assign /48s or /56s to customers
• Subnet ID/prefix: identifies subnets/links within a site
• Interface ID: host portion of IPv6 address– how many hosts can be supported within a subnet
IPv6 Addressing Structure
54
1 128
ISP /32
20
128 bits
Customer site /48
16
End site subnet /64
16 64
Device 128-bit address
Interface ID65
Network prefix 64
Unicast /3
3
Regional /12
9
ISP given global prefix SLAAC interface ID
Network Prefix - Global Routing Table
55
/12
/12
/12
/12/12
/3
ISP /32
ISP /32 ISP /32
ISP /32ISP /32
Enterprise /48
Enterprise /48
Enterprise /48
Enterprise /48Enterprise /48
Subnetting (Example)
• Provider A has been allocated an IPv6 block 2001:DB8::/32
• Provider A will delegate /48 blocks to its customers• Find the blocks provided to the first 4 customers
56
Subnetting (Example)
2001:0DB8::/32
2001:0DB8:0000:/48
Original block:
Rewrite as a /48 block: This is your network prefix!
How many /48 blocks are there in a /32?
Find only the first 4 /48 blocks…
57
48-32 = 16 (/48 blocks in a /32)
Subnetting (Example)
2001:0DB8:0000::/48 In bits
0000 0000 0000 0000 2001:0DB8: ::/48
0000 0000 0000 0001 2001:0DB8: ::/48
0000 0000 0000 0010 2001:0DB8: ::/48
0000 0000 0000 0011 2001:0DB8: ::/48
Start by manipulating the LSB of your network prefix – write in BITS
2001:0DB8:0000::/48
2001:0DB8:0001::/48
2001:0DB8:0002::/48
2001:0DB8:0003::/48
Then write back into hex digits
58
Exercise 1.1: IPv6 subnetting
Identify the first four /36 address blocks out of 2406:6400::/32
1. _____________________2. _____________________3. _____________________4. _____________________
59
Exercise 1.2: IPv6 subnetting
Identify the first four /35 address blocks out of2406:6400::/32
1. _____________________2. _____________________3. _____________________4. _____________________
60
Link-local Unicast Addresses
61
• Auto configured address– Every IPv6 enabled device must have a link-local address– To communicate with other IPv6 devices on the same link– FE80::/10
• The link-local address is used by routers as the next-hopaddress when forwarding IPv6 packets
• All IPv6 hosts on a subnet/link, uses the router’s link-local as the default gateway– Routers use the link-local as the source in RA messages (neighbor
discovery)s
Unique-Local Addresses
• FC00::/7• Unique-Local Addresses (ULAs) are NOT routable on the
Internet– L-bit set to 1 – which means the address is locally assigned– Addresses similar to the RFC 1918 (private address) in IPv4 – Ensures uniqueness
• ULAs are used for:– Isolated networks– Local communications & inter-site VPNs
• Example webtools to generate ULA prefix– http://www.sixxs.net/tools/grh/ula/
Well-known Multicast Addresses
• Multicast addresses can only be destinations and never a sourceFF00::/8
• Pre-defined multicast addresses:– FF02::1 All nodes multicast
• All IPv6 enabled devices join this multicast group• Packets sent to this address is received by all nodes
– FF02::2 All routers multicast• The moment IPv6 is enabled on a router (ipv6 unicast-routing), the router becomes a
member of this group
– FF02::1:FFXX:XXXX/104 Solicited Node multicast• NS messages (~IPv4 ARP request) are sent to this address• Uses the least significant 24-bits of its unicast/anycast address• Must compute and join for every unicast (link-local & global) on a interface
63
Well-known Multicast Addresses
• Pre-defined multicast addresses:
– FF02::1:2 All DHCP Servers/Relay Agents• Clients use this multicast address to discover any DHCPv6 servers/relays on the
local link (link-scoped)
– FF05::1:3 All DHCP servers• Generally used by Relays to talk to servers• Site-scoped
64
Modified EUI-64 format
• Allows IPv6 device to compute a unique 64 bit Interface ID using the interface MAC address (48 bit)
– MAC address is split into two 24 bit halves
– Then 0xFFFE is inserted between the two halves
– Invert 7th bit (U/L) to get the EUI-64 address
65
00 21 48A2102F
00 21 48A2102F FF FE
0000 00000000 0010
02 21 48A2102F FF FE
IPv6 Addressing ExamplesLAN: 2001:db8:213:1::/64
Ethernet0
MAC address: 0060.3e47.1530interface Ethernet0ipv6 address 2001:db8:213:1::/64 eui-64
router# show ipv6 interface Ethernet0Ethernet0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::260:3EFF:FE47:1530Global unicast address(es):
2001:db8:213:1:260:3EFF:FE47:1530, subnet is 2001:db8:213:1::/64Joined group address(es):
FF02::1:FF47:1530FF02::1FF02::2
MTU is 1500 bytes
ICMPv6 Neighbor Discovery• Router Solicitation (RS):
– sent by IPv6 host to "all routers" multicast to request RA
• Router Advertisement (RA): – sent by a IPv6 router to the "all nodes" multicast (200 secs)– IPv6 prefix/prefix length, and default gateway
• Neighbor Solicitation (NS): – sent by IPv6 host to the "solicited node" multicast to find the MAC
address of a given IPv6 address (IPv4 ARP request).
• Neighbor Advertisement (NA): – sent by a device in response to a NS message and informs of its MAC
address.
• ICMPv6 Redirect: – informs the source of a better next-hop
67
RFC 4861
IPv6 Address Resolution
69
ICMPv6 NS Type135
ICMPv6 NA Type136
SMAC: 00:26:BB:06:FF:81 DMAC: 33:33:FF:00:00:20
Source IPv6: FE80::0226:BBFF:FE06:FF81
Destination IPv6:FF02:0:0:0:0:1:FF00:0020
Payload
Multicast
Unicast
SMAC: 00:26:BB:06:FF:82 DMAC: 00:26:BB:06:FF:81
Source IPv6: FE80::0226:BBFF:FE06:FF82
Destination IPv6:FE80::0226:BBFF:FE06:FF81
Payload
1
2
IPv6 Address Resolution
70
IPv6 Packet
IPv6 Packet
SMAC: 00:26:BB:06:FF:81 DMAC: 00:26:BB:06:FF:82
Source IPv6:2406:6400::0010
Dest IPv6:2406:6400::0020
Payload
Unicast
Unicast
SMAC: 00:26:BB:06:FF:82 DMAC: 00:26:BB:06:FF:81
Source IPv6: 2406:6400::0020
Dest IPv6:2406:6400::0010
Payload
3
4
IPv6 Address Auto-configuration
• Stateless address auto-configuration (SLAAC)– No manual configuration required– Gets the IPv6 prefix and prefix length from the local router– EUI-64 to compute the interface ID
• Stateful - DHCPv6– To track address assignments
71
Stateless Address Autoconfig (1)
72
RFC 2462
When a host joins a link/subnet:• It auto-generates a link-local using the
FE80::/10 prefix and EUI-64:– Ex: FE80::346A:3BFF:FE76:CAF9
• DAD is performed on the link-local:– NS message is sent to the “solicited-node”
multicast (FF02::1:FF76:CAF9), with ::/128 as the source
– If no NA message is received back, the generated address can be used• If a node is using the link-local, it would send a NA message
to the “all-nodes” multicast (FF02::1)
FE80::346A:3BFF:FE76:CAF9
NS
Stateless Address Autoconfig (2)
73
Once the node has a link-local address:• sends a RS message to the ”all-routers” multicast
(FF02::2)– link-local as the source address
• The router responds with a RA message– IPv6 prefix and prefix length– link-local is the source – Managed and Other flags are not set!
• The node generates the IPv6 address– uses the received prefix (2001:DB8::/64)– Interface ID (EUI-64)– 2001:DB8::346A:3BFF:FE76:CAF9– DAD not necessary (link-local validated for the same
interface!)
FE80::346A:3BFF:FE76:CAF92001:DB8::346A:3BFF:FE76:CAF9
RS
RA
2001:DB8::/64
Stateful Autoconfig – DHCPv6 (1)
74
RFC 3315
DHCPv6 is used:– If there are no router(s) on the subnet/link, OR– If the RA message specifies to get addressing information via
DHCPv6
If the router’s RA message has the:
– O (other) flag set: stateless DHCPv6• auto-generate IPv6 address (IPv6 prefix, prefix length in the RA)• obtain other information (DNS server, domain) via DHCPv6
– M (managed) flag set:• obtain all addressing information via DHCPv6• ‘O’ flag is redundant
1. Client sends Solicit message to FF02::1:2 to find any available DHCPv6 servers
2. Server responds with an Advertise message• the tentative IPv6 address• Other parameters (DNS, domain, default gateway,
lease time)• could receive multiple Advertise messages
3. Client selects the server, and sends a Requestasking to confirm the indicated IPv6 address• Usually the server that responds first
4. Server responds with a Reply to confirm the assignment
5. Performs DAD before using!
Stateful Autoconfig – DHCPv6 (2)
75
Solicit
Advertise
Request
Reply
IPv6 Client DHCPv6 Server
IPv6 Interface ID – Privacy Concerns
• Overcome the ability to track (interface ID based on MAC address):– Temporary address (changes): outgoing connections– Secured address: incoming connection
Temp > 2001:dc0:a000:4:84a3:49b6:1919:26fbSecured> 2001:dc0:a000:4:108b:3690:9335:b7ecTemp > 2001:dc0:a000:4:14e6:d4a3:815d:91dd
• Ease network management yet improve privacy:– Stable interface identifiers for each subnet
Secured> 2001:dc0:a000:4:cbb:347c:6215:1083
76
RFC 4941
RFC 7217
Zone IDs for Link-localsInterface en0 - fe80::4e0:37e4:c5d1:c845%en0Interface en5 - fe80::aede:48ff:fe00:1122%en5
• Zone IDs help uniquely distinguish which link/subnet an interface is connected to
• To ping a remote IPv6 node, use your interface zone ID (so that the response packet has a path)
77
Quiz of Zone ID
• Please write down the commands:– PCA ping PCB– PCA telnet PCC
78
fe80::a1%11
fe80::a2%12
PCA
PCB
PCC
fe80::b1%1
fe80::c1%en0
Overview IPv6 Workshop
– Where are we now?
– Introduction to IPv6
– IPv6 Protocol Architecture
– IPv6 Addressing and Sub-netting (Including Hands-on Exercise)
– IPv6 Host Configuration (Including Lab Exercise)
– Network Design Overview and IPv6 Addressing Plan (Case Study)
– IPv4 to IPv6 Transition Principle and Strategy (Case Study)
Configuration of IPv6 Node Address
81
Quantity Address Requirement ContextOne Loopback [::1] Must define Each nodeOne Link-local Must define Each InterfaceZero to many
Unicast Optional Each interface
Zero to many
Unique-local Optional Each interface
One All-nodes multicast[ff02::1]
Must listen Each interface
One Solicited-node multicast ff02:0:0:0:0:1:ff/104
Must listen Each unicast and anycast define
Any Multicast Group Optional listen Each interface
Exercise 1: IPv6 Host Configuration
• Configuring an interface– netsh interface ipv6 add address “Local Area Connection” 2406:6400::1
• Prefix length is not specified with address which will force a /64 on the interface
Exercise 1: IPv6 Host Configuration
Verify your Configuration• c:\>ipconfig
Verify your neighbor table
• c:\>netsh interface ipv6 show neighbors• # ip -6 neigh show [Linux]• #ndp –a [Mac OS]
Exercise 1: IPv6 Host Configuration
• Disable privacy state variable
C:\> netsh interface ipv6 set privacy state=disable OR
C:\> netsh interface ipv6 set global randomizeidentifiers=disabled
Exercise 1: IPv6 Host Configuration
Testing your configuration
• ping fe80::260:97ff:fe02:6ea5%4
Note: the Zone id is YOUR interface index
Exercise 1: IPv6 Host Configuration
• Enabling IPv6 on Linux– Set the NETWORKING_IPV6 variable to yes in
/etc/sysconfig/network# vi /etc/sysconfig/networkNETWORKING_IPV6=yes# service network restart
• Adding IPv6 address on an interface# ifconfig eth0 add inet6 2406:6400::1/64
Exercise 1: IPv6 Host Configuration
• Configuring RA on Linux– Set IPv6 address forwarding on# echo 1 > /proc/sys/net/ipv6/conf/all/forward– Need radvd-0.7.1-3.i386.rpm installed– On the demon conf file /etc/radvd.conf# vi /etc/radvd.confInterface eth1 {advSendAdvert on;prefix 2406:6400::/64 {AdvOnLink on; }; };
Exercise 1: IPv6 Host Configuration
• Enabling IPv6 on FreeBSD– Set the ipv6_enable variable to yes in the /etc/rc.conf# vi /etc/rc.confIpv6_enable=yes
• Adding IPv6 address on an interface# ifconfig fxp0 inet6 2406:6400::1/64
Exercise 1: IPv6 Host Configuration
• Configuring RA on FreeBSD– Set IPv6 address forwarding on# sysctl -w net.inet6.ip6.forwarding=1
- Assign IPv6 address on an interface# ifconfig en1 inet6 2001:07F9:0400:010E::1 prefixlen 64
- RA on an interface# rtadvd en1
Exercise 1: IPv6 Host Configuration
• Configure RA on Cisco Config t
Interface e0/1
Ipv6 nd prefix-advertisement 2406:6400::/64
• Configure RA on Huawei[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ipv6 enable
[RouterA-GigabitEthernet1/0/0] ipv6 address 3001::1/64
[RouterA-GigabitEthernet1/0/0] undo ipv6 nd ra halt
90
Overview IPv6 Workshop
– Where are we now?
– Introduction to IPv6
– IPv6 Protocol Architecture
– IPv6 Addressing and Sub-netting (Including Hands-on Exercise)
– IPv6 Host Configuration (Including Lab Exercise)
– Network Design Overview and IPv6 Addressing Plan (Case Study)
– IPv4 to IPv6 Transition Principle and Strategy (Case Study)
IPv6 Address Planning
• Network Operators allocated /32 by RIRs
• Global Routing prefix /48– /56 (ISPs to end site)– Upstream could filter anything smaller– Consider the routing table size!
IPv6 Address Planning
• Future traffic engineering needs?– Contiguous assignment vs Split assignment
• Shift in thought:– IPv4: number of hosts– IPv6: number of subnets!
IPv6 Address Plan: ISP Infra
• Loopbacks
• Point-to-Point links
• Internal Server LAN– Also called NOC LAN– Not seen from outside
• External Server LAN– Mail, DNS, etc
Addressing Plans – ISP Infrastructure
• Address block for infrastructure– /48 allows 65k subnets– /48 per region (for the largest international networks)– /48 for whole backbone (for the majority of networks)– Summarise between sites if it makes sense
• Address block for router loopback interfaces– Generally number all loopbacks out of one /48 (/60 and /64 also
common)– /128 per loopback
Addressing Plans – ISP Infrastructure
• What about LANs?– /64 per LAN
• What about Point-to-Point links?– Protocol design expectation is that /64 is used– /127 now recommended/standardised
• http://www.rfc-editor.org/rfc/rfc6164.txt• (reserve /64 for the link, but address it as a /127)
– Other options:• /126s are being used (mirrors IPv4 /30)• /112s are being used
– Leaves final 16 bits free for node IDs• Some discussion about /80s, /96s and /120s too
Addressing Plans – Enterprise Customer• Consider regional delegation
– Aggregation in mind!– /40 per region?
• One /48 per customer– Could be transit customers or leased line customers– Could be given additional /48s as they grow
• Common to see ISPs give:– /56 to mid-sized customers– /64 or /60 for very small customers– Please share your experience
Addressing Plans– Customer WAN links
• Either use from their own /48 block– /64 from their block
• Dedicate a /48 block for customer WAN links– Helps to monitor customer links– Not to be mistaken with the trusted infra PtP block!– Actual addressing still the same:
• Reserve /64 and use /127
• Carried in iBGP (not IGP)– Aggregated at the GW router or POP routers
Addressing Plans– Broadband Customer
• Depends on your deployment– ND-RA for CPE WAN side
• A /64 prefix on BRAS can still support 2^64 CPEs through SLAAC– DHCP-PD for CPE LAN side
• A /48 pool on each BRAS (65k /64s can be delegated)
• Dedicate a /40 (or bigger) for Broadband network– /48s out of the /40 to each BRAS– Announced in iBGP by BRAS
Addressing Plans– DC services
• DC infra blocks from your infra block– Loopbacks– PtP links
• dedicate /40 for Data Center (hosted) services– Depends on DC architecture– Dedicated VLAN/subnet per service?
• /64 per VLAN/subnet (2^64 servers)– Dedicated subnet per customer (customer buys VMs/hosts services)?
• /64 per customer or subnet (2^64 VMs)
– Announced in iBGP (DC border router)
Addressing Plans– Traffic Shaping
• Borrow from IPv4– sub-aggregates to shape traffic– Difficult with contiguous assignment
• Assign customer prefixes (that attract traffic) from both ends of address space– Infrastructure prefix do not attract traffic
Addressing Plans– Traffic Shaping
• Customer prefixes assigned from each /33 sub-prefix– Similar to IPv4 sub-aggregates!– Allows us to balance incoming traffic
Addressing Plans - Planning
• Registries will usually allocate the next block to be contiguous with the first allocation– Minimum allocation is /32– Very likely that subsequent allocation will make this up to a /31– So plan accordingly
Addressing Plans - Example
• One ISP– Has 2001:db8::/32 address block– Takes first /48 for network infrastructure
• First /64 for loopbacks• Last /60 for NOC
– Remainder of address space for delegation to customers, content hosting and broadband pools
• Network Operator has 20 PoPs around the country
Example: Allocations from the /32
Address Block PurposeSingle /64 LoopbacksSingle /48 Backbone Point to Point links (/64 each)Single /40 65536 Broadband Customers in Region 1 (/56 each)Single /40 256 Enterprise Customers in Region 1 (/48 each)Single /40 65536 Broadband Customers in Region 2 (/56 each)Single /40 256 Enterprise Customers in Region 2 (/48 each)….
Master allocation documentation would look like this:
Example: High Level PlanPrefix Assignment2001:db8:0000::/32 ISP Block
2001:db8:0000::/40 Infrastructure(Loopbacks, PtP)2001:db8:0100::/40 Enterprise Customers Reg12001:db8:0200::/40 Broadband Customers Reg12001:db8:0300::/40 Enterprise Customers Reg32001:db8:0400::/40 Broadband Customers Reg3…..
2001:db8:8100::/40 Enterprise Customers Reg22001:db8:8200::/40 Broadband Customers Reg22001:db8:8300::/40 Enterprise Customers Reg42001:db8:8400::/40 Broadband Customers Reg4…..
Example: InfrastructurePrefix Assignment2001:db8::/32 ISP Block
2001:db8:0000::/40 Infrastructure(Loopbacks, PtP)2001:db8:0000::/64 Loopbacks2001:db8:0001::/48 Point-to-Point2001:db8:0002::/48 NOC2001:db8:0003::/48 Future Infra use2001:db8:0004::/48
2001:db8:0005::/48……2001:db8:00ff::/48
Example: Enterprise Customers Reg1Prefix Assignment2001:db8::/32 ISP Block
2001:db8:0100::/40 Enterprise Customers Reg12001:db8:0100::/48 Customer WAN Links2001:db8:0101::/48 Customer1 in Region12001:db8:0102::/48 Customer2 in Region12001:db8:0103::/48 Future Customers use2001:db8:0104::/48
2001:db8:0105::/48……2001:db8:01ff::/48
Example: CustomerPrefix Assignment2001:db8::/32 ISP Block
2001:db8:0200::/40 Broadband Customers Reg12001:db8:0200::/48 Broadband Pool 1 in Region 12001:db8:0201::/48 Broadband Pool 2 in Region 12001:db8:0202::/48 Broadband Pool 3 in Region 12001:db8:0203::/48 Future Customers use2001:db8:0204::/48
2001:db8:0205::/48……2001:db8:02ff::/48
Example: CustomerPrefix Assignment2001:db8::/32 ISP Block
2001:db8:8100::/40 Enterprise Customers Reg32001:db8:8100::/48 Customer WAN Links2001:db8:8101::/48 Customer1 in Region22001:db8:8102::/48 Customer2 in Region22001:db8:8103::/48 Future Customers use2001:db8:8104::/48
2001:db8:8105::/48……2001:db8:81ff::/48
Example: CustomerPrefix Assignment2001:db8::/32 ISP Block
2001:db8:8200::/40 Broadband Customers Reg22001:db8:8200::/48 Broadband Pool 1 in Region 22001:db8:8201::/48 Broadband Pool 2 in Region 22001:db8:8202::/48 Broadband Pool 3 in Region 22001:db8:8203::/48 Future Customers use2001:db8:8204::/48
2001:db8:8205::/48……2001:db8:82ff::/48
Training ISP Network Topology
• Scenario:– Training ISP has 4 main operating area or region– Each region has 2 small POP– Each region will have one datacenter to host content– Regional network are inter-connected with multiple link
Training ISP Network Topology
• Regional Network:– Each regional network will have 3 routers– 1 Core & 2 Edge Routers– 2 Point of Presence (POP) for every region– POP will use a router to terminate customer network i.e
Edge Router– Each POP is an aggregation point of ISP customer
Training ISP Network Topology
• Access Network:– Connection between customer network & Edge router– Usually 10 to 100 MBPS link– Separate routing policy from most of ISP– Training ISP will connect them on edge router with
separate customer IP prefix
• Transport Link:– Inter-connection between regional core router– Higher data transmission capacity then access link– Training ISP has 2 transport link for link redundancy– 2 Transport link i.e Purple link & Green link are connected
to two career grade switch
Training ISP Network Topology
• Design Consideration:– Each regional network should have address summarization
capability for customer block and CS link WAN.– Prefix planning should have scalability option for next
couple of years for both customer block and infrastructure– No Summarization require for infrastructure WAN and
loopback address
Training ISP Network Topology
• Design Consideration:– All WAN link should be ICMP reachable for link monitoring
purpose (At least from designated host) – Conservation will get high preference for IPv4 address
planning and aggregation will get high preference for IPv6 address planning.
Training ISP Network Topology
• Design Consideration:– OSPF is running in ISP network to carry infrastructure IP
prefix – Each region is a separate OSPF area– Transport core is in OSPF area 0– Customer will connect on either static or eBGP (Not OSPF)– iBGP will carry external prefix within ISP core IP network
Example Address Plan
• IPv6 Allocation Form Registry is– 2406:6400::/32
• IPv4 Allocation From Registry is– 172.16.0.0/19
Training ISP IPv6 Addressing Plan
Table 4: Datacenter prefix summarization options Block# Prefix Description Reverse Domain
12 2406:6400:0800:0000::/39 Region 1 DC Summary [R2] 13 2406:6400:0a00:0000::/39 Region 2 DC Summary [R5] 14 2406:6400:0c00:0000::/39 Region 3 DC Summary [R8] 15 2406:6400:0e00:0000::/39 Region 4 DC Summary [R11]
!
Training ISP IPV4 Addressing Plan
Training ISP IPv4 Address Plan
R12
R4
R5
SW1 SW2
R2
R1
R3
R7
R8R11
R10
fa0/1
fa0/
0e1
/3
e1/0
e1/0fa0/0
fa0/0
e1/1
e1/1
e1/1
e1/0
172.
16.1
0.8/
30
9
10
172.
16.1
0.0/
3017
2.16
.10.
4/30
2
1
5
6
172.16.0.0/23
1
172.
16.1
6.0/
2317
2.16
.18.
0/23
1
1
172.16.13.0/24
172.16.12.0/24
1
2
fa0/
1fa
0/1
fa0/1
fa0/
0
e1/3
e1/0
e1/1
e1/0 fa0/0
e1/1
e1/1
e1/0 fa0/0
e1/0
e1/3
e1/0
e1/1
e1/1
e1/0 fa0/0
fa0/0
e1/3
e1/0
e1/1
e0/0
e1/0
e1/1
e1/1
fa0/0
fa0/0
1
2
172.16.2.0/23
172.16.24.0/23
172.16.4.0/23172.16.6.0/23
172.
16.2
8.0/
2317
2.16
.30.
0/23
172.16.10.32/30
33
34R6
172.16.10.24/30172.16.10.28/30
25
29
26
30
57
58
49
53
50
54
R9
172.16.10.56/30
172.16.10.48/30
172.
16.1
0.80
/30
81
82
172.
16.1
0.72
/30
172.
16.1
0.76
/30
74
73
77
78
3
3 4
4
fa0/11fa0/2 fa0/5
fa0/8
fa0/11fa0/2
fa0/
5
fa0/0
fa0/
8
fa0/0
lo 0172.16.15.2/32
lo 0172.16.15.5/32
lo 0172.16.15.8/32
lo 0172.16.15.11/32
lo 0172.16.15.1/32
lo 0172.16.15.3/32
lo 0172.16.15.10/32
lo 0172.16.15.12/32
lo 0172.16.15.4/32
172.16.20.0/23
lo 0172.16.15.6/32
172.16.22.0/23
lo 0172.16.15.7/32
lo 0172.16.15.9/32
172.16.26.0/23
1
1
1
1
1
1
1
1
e1/1 172.16.10.52/30
1
Overview IPv6 Workshop
– Where are we now?
– Introduction to IPv6
– IPv6 Protocol Architecture
– IPv6 Addressing and Sub-netting (Including Hands-on Exercise)
– IPv6 Host Configuration (Including Lab Exercise)
– Network Design Overview and IPv6 Addressing Plan (Case Study)
– IPv4 to IPv6 Transition Principle and Strategy (Case Study)
Strategies available for Service Providers• Do nothing
– Wait and see what competitors do– Business not growing, so don’t care what happens
• Extend life of IPv4– Force customers to NAT– Buy IPv4 address space on the marketplace
• Deploy IPv6– Dual-stack infrastructure– IPv6 and NATed IPv4 for customers– 6rd (Rapid Deploy) with native or NATed IPv4 for customers– Or various other combinations of IPv6, IPv4 and NAT
Dual-Stack Networks
• Both IPv4 and IPv6 have been fully deployed across all the infrastructure– Routing protocols handle IPv4 and IPv6– Content, application, and services available on IPv4 and IPv6
• End-users use dual-stack network transparently:– If DNS returns IPv6 address for domain name query, IPv6 transport is
used– If no IPv6 address returned, DNS is queried for IPv4 address, and
IPv4 transport is used instead
• It is envisaged that the Internet will operate dual-stack for many years to come
IP in IP Tunnels
• A mechanism whereby an IP packet from one address family is encapsulated in an IP packet from another address family– Enables the original packet to be transported over network of another
address family
• Allows ISP to provide dual-stack service prior to completing infrastructure deployment
• Tunnelling techniques include:– IPinIP, GRE, 6to4, Teredo, ISATAP, 6rd, MPLS
Address Family Translation (AFT)
• Refers to translation of IP address from one address family into another address family– e.g. IPv6 to IPv4 translation (sometimes called NAT64)– Or IPv4 to IPv6 translation (sometimes called NAT46)
Network Address Translation (NAT)
• NAT is translation of one IP address into another IP address• NAPT (Network Address & Port Translation) translates
multiple IP addresses into one other IP address– TCP/UDP port distinguishes different packet flows
Carrier Grade NAT (CGN)
• Network Operator version of Subscriber NAT– Subscriber NAT can handle only hundreds of translations– Carrier Grade NAT can handle millions of translations
• Not limited to just translation within one address family, but does address family translation as well
• Often referred to as Large Scale NAT (LSN)
“Happy Eyeballs” – RFC6555
• The device or application chooses the protocol which will give the user the best experience
• Designed to work around shortcomings in either IPv4 or IPv6 infrastructure, or misconfigured IPv4 or IPv6 destination devices
• Short summary for dual stack device:– Application asks for IPv4 and IPv6 address– If both are returned, application opens connection using IPv6 and
IPv4 simultaneously (or IPv6 first, then IPv4 after a short (few ms) delay)
– Application uses the transport which responds with a connection first
NAT Issues (1)
• How to scale NAT performance for large networks?– Limiting tcp/udp ports per user harms user experience
• CGN deployment usually requires redesign of SP network– Deploy in core, or access edge, or border,…?
• Breaks the end-to-end model of IP• Breaks end-to-end network security
• Breaks non-NAT friendly applications– Or NAT has to be upgraded (if possible)
NAT Issues (2)
• Makes fast rerouting and multihoming more difficult– Moving IPv4 address pools between CGNs for external traffic
engineering
• Address sharing has reputation, reliability and security issues for end-users
• Layered NAT devices (double or even triple NAT)• Mandates that the network keeps the state of the
connections• Makes the NAT device a target for miscreants due to
possible impact on large numbers of users• Makes content hosting impossible
NAT Issues (3)
• Limited ports for NAPT:– Typical user device 400 sessions– TCP/UDP ports per IPv4 address 130k– Implies 130000/400 users 320 users– One IPv4 /22 has: 1024 addresses– One IPv4 /22 could support: 320k users
• Sizing a NAT device has to be considered quite seriously
NAT Issues (4)
• Consumer NAT device:– 3000 sessions means only 7 connected devices!– “NAT table FULL” error messages– “Broken Googlemaps”– “Stuck Internet”
• Carrier Grade NAT device:– 20 million sessions (Cisco ASR9001 ISM)– Which realistically is 50k users (400 sessions per user)– APNIC final /22 only allows 320k users L
• How to support LTE networks?!– Number of users? Public IPv4 addresses for CGN?– Maintaining LTE performance? Throughput of CGN?
IPv4 only Network
• The situation for many SPs today:– No IPv6 for consumer– IPv4 scaling lasts as long as IPv4 addresses are available
IPv4 Internet
IPv4 host
IPv4+IPv6 host
Subscriber Network IPv4-only SP Network Internet
IPv4
CustomerRouter
IPv6 host
IPv6 Internet
IPv6
IPv4 only: Issues
• Advantages– Easiest and most cost effective short term strategy
• Disadvantages– Limited to IPv4 address availability (RIRs or marketplace)– No access to IPv6– Negative public perception of Network Operator as a laggard– Strategy will have to be reconsidered once IPv4 address space is no
longer available
Extending life of IPv4 Network
• Two ways of extending IPv4 network– Next step along from “Strategy One: Do nothing”
• Force customers to use NAT– Customers moved to RFC1918 address space– SP infrastructure moved to RFC1918 address space where feasible
• Acquire IPv4 address space from another organisation– IPv4 subnet trading
SP NAT in IPv4-only network
• Next step on from “doing nothing”:– SP introduces NAT in core when IPv4 addresses run out– No access to IPv6 Internet for IPv6 enabled hosts
IPv4 Internet
IPv4 host
IPv4+IPv6 host
Subscriber Network SP IPv4-only Network using RFC1918 addresses
Internet
IPv4
CustomerRouter
IPv6 host
IPv6 Internet
IPv6
SP NATSharing IPv4 address(es)
SP NAT in IPv4-only network: Issues• Advantages
– ISPs can reclaim global IPv4 addresses from their customers, replacing with non-routable private addresses and NAT
– Allows continued IPv4 subscriber growth• Disadvantages
– SP needs a large NAT device in the aggregation or core layers– Has every well known technical drawback of NAT, including prevention of
service deployment by customers– Double NAT highly likely (customer NAT as well as SP NAT)– Sharing IPv4 addresses could have behavioural, security and liability
implications– Tracking association of port/address and subscriber, not to mention
Lawful Intercept issues, are still under study– May postpone IPv6 deployment for a couple of years– Prevents subscribers from using IPv6 content, services and applications
IPv4/IPv6 coexistence & transition
• Three strategies for IPv6 transition:– Dual Stack Network
• The original strategy• Depends on sufficient IPv4 being available
– 6rd (Rapid Deploy)• Improvement on 6to4 for SP customer deployment
– 464XLAT or DS-Lite or NAT64 with CGN• SP deploys large NAT boxes to do address and/or protocol translation
• The three strategies are now to some extent interdependent
IPv4/IPv6 coexistence & transition
• Carrier Grade NAT (CGN)– Dual-Stack Lite
• IPv4 to IPv4 over IPv6• Documented in RFC6333
– 464XLAT• IPv4 to IPv4 over IPv6• Documented in RFC6877
– NAT64• Translation between IPv6 and IPv4• Documented in RFC6146
Dual-Stack Network
• The original transition scenario, but dependent on:– IPv6 being available all the way to the consumer– Sufficient IPv4 address space for the consumer and SP core
IPv4 Internet
IPv4 host
IPv4+IPv6 host
Subscriber Network Dual-Stack SP Network Internet
IPv4
CustomerRouter
IPv6 host
IPv6 Internet
IPv6
Dual-Stack Network: Issues
• Advantages – Most cost effective long term model – Once services are on IPv6, IPv4 can simply be discontinued
• Disadvantages – IPv4 growth limited to available IPv4 address space – Running dual-stack network requires extra staff training – IPv6 on existing IPv4 infrastructure might cost extra in terms of
hardware changes (RIB and FIB memories) – IPv6-only end-points cannot access IPv4, but given most IPv6 end-
points are dual-stack, require IPv4 address too
Dual-Stack with SP NAT
• More likely scenario:– IPv6 being available all the way to the consumer– SP core and customer has to use IPv4 NAT due to v4 depletion
IPv4 Internet
IPv4 host
IPv4+IPv6 host
Subscriber Network Dual-Stack SP Network using RFC1918 addresses
Internet
IPv4
CustomerRouter
IPv6 hostIPv6
Internet
IPv6
SP NATSharing IPv4 address(es)
Dual-Stack with SP NAT: Issues• Advantages
– ISPs can reclaim global IPv4 addresses from their customers, replacing with non-routable private addresses and NAT
– Allows continued IPv4 subscriber growth – SP can offer IPv6 connectivity too – Does not postpone IPv6 deployment – SP NAT off-load (compared with IPv4-only network)
• Disadvantages – SP needs a large NAT device in the aggregation or core layers – Has every well known technical drawback of NAT, including prevention of service
deployment by customers – Double NAT highly likely (customer NAT as well as SP NAT) – Sharing IPv4 addresses could have behavioural, security and liability implications – Tracking association of port/address and subscriber, not to mention Lawful
Intercept issues, are still under study – SP incurs additional investment and operational expenditure by deploying an
IPv6 infrastructure
Dual-Stack with SP-NAT: Applicability
• For Network Operators who: – Do not have sufficient IPv4 address space and are content deploying
CGN (NAT44) in the core – Are able to reclaim public IPv4 address space from customers for
redeployment on their backbone infrastructure – Have no legacy equipment or infrastructure which does not support
IPv6 – Are willing to support dual-stack CPE
• Note: this is considered the realistic best practice
• Example: – Typical traditional Internet Service Provider deployment
Aside: SP-NAT Offload
• If 50% of end user traffic is IPv6, then this means 50% less IPv4 traffic which has to be mapped and translated via the SP’s CGN installation– The greater the proportion of IPv6 traffic (compared with IPv4), the less
the load is on the CGN devices, and reduced demand on the public IPv4 address pool
– CGN is used simply for accessing legacy IPv4 sites
• Operators with high data volumes realise that by deploying IPv6:– End users have better Internet experience when traffic is not NAT’ed– They have reduced CapEx deploying fewer CGN devices– Savings from reduced CGN CapEx are often greater than the additional
costs to deploy IPv6 to end-users
• This is called SP-NAT Offload
6rd
• 6rd (Rapid Deploy) used where ISP infrastructure to customer is not IPv6 capable (eg IPv4-only BRAS)– Customer has IPv4 Internet access either natively or via NAT– Customer IPv6 address space based on ISP IPv4 block
6rd Tunnel
• 6rd (example): – ISP has 192.168.0.0/16 IPv4 address block– ISP has 2001:db8::/32 IPv6 address block– Final 16 bits of IPv4 address used on customer point-to-point link to create
customer /48 ® customer uses 2001:db8:4002::/48 address space– IPv6 tunnel to ISP 6rd relay bypasses infrastructure which cannot handle IPv6
ISP IPv4 BackboneIPv6
NetworkIPv4
Internet
6rd Router
192.168.64.2Network prefix:2001:db8:4002::/48 ISP IPv4 address block:
192.168.0.0/16
ISP 6rd Relay IPv6 Internet
192
6rd: Issues
• Advantages– The service provider has a relatively quick way of providing IPv6 to their
customer without deploying IPv6 across their infrastructure– Subscribers can readily get access to IPv6– SP NAT off-load (compared with IPv4-only network)– 6rd relay and CPE are becoming available from vendors– 6rd operation is completely stateless, does not have the operational
drawbacks of 6to4, and does not postpone IPv6 deployment
• Disadvantages– 6rd is not a long-term solution for transitioning to IPv6 – one further
transition step to remove the tunnels– CPE needs to be upgraded to support 6rd– The ISP has to deploy one or several 6rd termination devices– If customer or SP uses NAT for IPv4, all NAT disadvantages are
inherited
6rd: Applicability
• For Network Operators who:– Do not have sufficient IPv4 address space and are content deploying
CGN (NAT44) in the core– Are able to reclaim public IPv4 address space from customers for
redeployment on their backbone infrastructure– Have legacy equipment or infrastructure which does not support IPv6
• And realize that it will eventually have to be upgraded– Are willing to run a 6rd Border Router– Are willing to support dual-stack CPE (with 6rd)
• Example:– Broadband operators who have legacy DSLAMs or lease a third party’s
L2 network
• Due to its disadvantages, notably that it is not a long-term solution, this mechanism is less commonly deployed compared to the 464XLAT.
464XLAT
• Service Provider deploys IPv6-only infrastructure:– IPv6 being available all the way to the consumer– IPv4 is transported through IPv6 core to Internet via SIIT on customer
router, and NAT64 on SP NAT device
DNS64
• Generate AAAA records from A records– Allows IPv6 client to talk to IPv4 hosts– If ‘AAAA’ records exists, no synthesis– If only ‘A’ record exist for the queried name (after recursive query),
synthesize to AAAA record
464XLAT: Issues
• Advantages– The SP is using IPv6 across their entire infrastructure, avoiding the IPv4
address pool depletion issue totally– The SP can scale their infrastructure without any IPv4 dependencies– Consumers can transition from IPv4 to IPv6 without being aware of any
differences in the protocols– Devices not supporting IPv6 can access IPv6-only networks– IPv6 packets routed natively– SP NAT off-load (compared with IPv4-only network)
• Disadvantages– SP requires NAT device in core (PLAT – NAT64)– Subscriber router needs to be IPv6 capable and support IPv4/IPv6
header translation (CLAT – SIIT)– Model has all drawbacks of SP NAT model for IPv4 traffic
464XLAT: Applicability
• For Network Operators who:– Are considering “green-field” deployments– Are content running an IPv6-only backbone– Are willing to deploy CGN (PLAT) in the core– Are willing to support dual-stack CPE (CLAT)
• Example:– Mobile operators rolling out a brand new network, with handsets
which have dual-stack radios
• This mechanism has been widely deployed by a number of telecommunication providers including SK Telecom(Korea), Orange(Poland), T-Mobile(USA), and Telstra(Australia).
Dual-Stack Lite
• Service Provider deploys IPv6-only infrastructure:– IPv6 being available all the way to the consumer– IPv4 is tunnelled through IPv6 core to Internet via SP NAT device
IPv4+IPv6 host
Subscriber Network IPv6-only SP Network Internet
CustomerRouter
IPv6 host
IPv6 Internet
IPv6
IPv4 Internet
IPv4 host
IPv4
SP NATSharing IPv4 address(es)
Tunnel
Dual-Stack Lite
203
DS-LiteCGN
Private IPv4
IPv6 Internet
IPv6
NetworkDS-Lite CPE
• CPE distributes private IPv4 addresses for the LAN clients• CPE uses its global IPv6 connection to deliver the packet to the ISP's
CGN, which has a global IPv4 address.
IPv4Internet
Public IPv6 IPv6
Dual-Stack Lite: Issues
• Advantages– The SP is using IPv6 across their entire infrastructure, avoiding the
IPv4 address pool depletion issue totally– The SP can scale their infrastructure without any IPv4 dependencies– Consumers can transition from IPv4 to IPv6 without being aware of
any differences in the protocols– IPv6 packets routed natively– SP NAT off-load (compared with IPv4-only network)
• Disadvantages– SP requires NAT device in core supporting DS-Lite– Subscriber router needs to be IPv6 capable– Model has all drawbacks of IPv4 address sharing model
Dual-Stack Lite: Applicability
• For Network Operators who:– Are considering “green-field” deployments– Are content running an IPv6-only backbone– Are willing to deploy CGN (DS-Lite) in the core– Are willing to support dual-stack CPE (with DS-Lite)
• Example:– Mobile operators rolling out a brand new network, with handsets
which have dual-stack radios
Stateful AFT (NAT64)
• Service Provider deploys IPv6-only infrastructure:– Only IPv6 is available to the consumer– IPv4 Internet available via Address Family Translation on SP NAT
device
IPv4 host
IPv4+IPv6 host
Subscriber Network IPv6-only SP Network Internet
CustomerRouter
IPv6 hostIPv6
Internet
IPv6
IPv4
IPv4 Internet
SP DNS64
SP NAT64Sharing IPv4 address(es)
NAT64 IPv6
Stateful AFT: Issues
• Advantages– Allows IPv6 only consumers access to IPv4 based content without
giving them IPv4 address resources– IPv6 services and applications offered natively to consumers– SP network runs IPv6 only, avoiding IPv4 dependencies
• Disadvantages– SP requires NAT device in core– SP’s DNS infrastructure needs to be modified to support NAT64– Subscriber router needs to be IPv6 capable– Subscriber devices need to be IPv6 capable (no legacy support)– Model has all drawbacks of IPv4 address sharing model for IPv4
traffic
Functionalities and Operational Issues• Complexity of operation:
– Moderate in the case of a single network with two address families
• Complexity of troubleshooting:– Running two address families and/or tunnels is assumed to be more
complex
• Breaks end-to-end connectivity in IPv4:– Subscribers sharing a CGN will have little to no hurdles in their
communication– Subscribers separated by one or several CGN will experience some
application issues
Comparing where changes will occur
IPv4 only network
IPv4-onlynetworkwith IPv4NAT
Dual-Stack, no SP NAT
SP IPv4-NAT & Dual-Stack
network
6rd, no IPv4 NAT
6rd with IPv4-NAT
DS-Lite 464XLAT Stateful AFT
Change CPE No No
Only if custom
er wants IPv6
Only if custom
er wants IPv6
Yes Yes Yes Yes Yes
CPE to do AFT to access IPv6
No No No No No No No No No
NAT in core/edge No Yes No Yes No Yes Yes Yes No
AFT in core/edge to access
IPv6
Yes Yes No No No No No No Yes
ConclusionsPotential Scenarios• Most of the content and applications move to IPv6 only;• Most of the content and applications are offered for IPv4 and
IPv6;• Most of the users move to IPv6 only
– Especially mobile operators offering LTE handsets in emerging countries
• No change (the contents/applications stay IPv4 and absence of pro-IPv6 regulation), SP customer expectations devolve to double-NAT;
• No change (the contents/applications stay IPv4) but SP customer expectations do not devolve to double-NAT (or they are ready to pay for peer-to-peer connectivity). – Perhaps well established broadband markets like US or Europe
Recommendations
• Start deploying IPv6 as a long term strategy• Evaluate current addressing usage to understand if IPv4 to
IPv4 NAT is sufficient for transition period• Prepare a translation mechanism from the IPv4 Internet to
the IPv6 Internet• Educate your user based on IPv6 introduction, the use
cases and troubleshooting
eLearning – Free to the public
216
apnic.academy
APNIC Academy Web classes
training.apnic.net/courses
YouTube
youtube.com/APNICTraining
Stay up-to-datehttps://mailman.apnic.net/mailman/
listinfo/training-announce
Technical Assistance
• Practical, real-world, hands-on support for network operators on day-to-day operational issues
• Open standard (IETF) technologies, best current operational practices, neutral, vendor independent, technical advice
• Community-driven
• Cost-recovery basis (can be part of training delivery to reduce costs if needed)
Community Trainers
• Subject matter, operational experts– Engineers respected by their
communities– Provide Internet operational
training• Invited regularly to join APNIC
training• They provide important local
knowledge on operational issues and challenges
The APNIC Foundation
A global, open, stable, and secure Internet that serves the entire Asia Pacific community
https://apnic.foundation
A grants and awards program supporting creative Internet solutions to development needs in the Asia Pacific to achieve positive social and
economic development
Would you like to know more?Awards www.isif.asia/awardGrants www.isif.asia/grant
Details for partnership opportunities www.isif.asia/join_us
Follow us on:
ISIF.asia
@ISIF_Asia
TheISIFGrantsAwards
Later…
223
APRICOT 2019Daejeon, Republic of Korea
18 to 28 February 2019
APNIC 46 Noumea, New Caledonia6 to 13 September 2018