ipv4 shortage and cern · cern it department ch-1211 genève 23 switzerland ipv4 shortage and cern...
TRANSCRIPT
![Page 1: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/1.jpg)
CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
IPv4 shortage and CERN
15 January [email protected]
![Page 2: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/2.jpg)
2CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
Summary
• IPv4 shortage• IPv4 and IPv6 coexistence• Tunnels and Translations• CERN strategy• Conclusions
![Page 3: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/3.jpg)
3CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
IPv4 shortage
![Page 4: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/4.jpg)
4CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
IPv4 exhaustion predictions
http://www.potaroo.net/tools/ipv4/
![Page 5: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/5.jpg)
5CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
IPv4 exhaustion status
http://www.potaroo.net/tools/ipv4/
IANA Unallocated Address Pool Exhaustion: 03-Feb-2011 Projected RIR Address Pool Exhaustion Dates and remaining /8s (16M blocks): APNIC: 19-Apr-2011 (actual) 0.8938 RIPE NCC: 14-Sep-2012 (actual) 0.9462 ARIN: 07-Jun-2014 3.0049 LACNIC: 23-Sep-2014 2.8778 AFRINIC: 27-Feb-2021 3.8043
[as of 7th of January 2013]
![Page 6: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/6.jpg)
6CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
CERN IPv4 addresses status
128.141.0.0/16 (64K) - GPN dynamic addresses (~65% used)128.142.0.0/16 (64K) - LCG servers in the CC (~40% used)137.138.0.0/16 (64K) - GPN static addresses (~92% used)188.184.0.0/16 (64K) - GPN static addresses (~5% used)188.185.0.0/16 (64K) - Wigner datacentre194.12.128.0/18 (16K) - Network infrastructure (~35% used)
[as of 7th of January 2013]
Allocation of 188.184.0.0/16 started in October 2012: 5% allocated in only 2 months
CERN can ask only for one additional /22 (1K)
![Page 7: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/7.jpg)
7CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
IPv4 and IPv6 coexistence
![Page 8: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/8.jpg)
8CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
Incompatible headers
32 bits
Version
IHL Type-of-Service Total Length
Identification Flags
Fragment Offset
Time to Live Protocol Header checksum
Source address
Destination address
Options
Version
Traffic Class Flow Label
Payload Length Next Header
Hop Limit
Source address
Destination address
32 bits
10x32bits = 40 bytes
IPv4 header IPv6 header
6x32bits = 24 bytes
![Page 9: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/9.jpg)
9CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
Co-existence strategies
Several NAT/Tunneling options:
or:
DUAL-STACK:
Address Translator
IPv4/IPv6 bridge
IPv4 Internet
IPv6 Internet
IPv4 LAN IPv6 Internet
IPv4 InternetIPv6 LAN
IPv6-only server
IPv6-only server
IPv4-only server
IPv4-only server
IPv4-only client
IPv6-only client
Dual-Stack client
![Page 10: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/10.jpg)
10CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
Pros and Cons
Tunnelings:+ rapid deployment (few changes)+ cheap - limited performance/doesn't scale well - missing some protocol features
Dual-stack:+ best performance+ full features+ scale well / long term solution - re-configuration of all devices - expensive
![Page 11: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/11.jpg)
11CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
Tunnel and Translationprotocols
![Page 12: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/12.jpg)
12CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
NAT64
NAT64 allows IPv6-only clients to reach IPv4-only servers.In general, NAT64 is designed to be used when the communications are initiated by IPv6 hosts. Static address mapping exists to allow the reverse.
The v4-v6 bridge/NAT device works in conjunction with a special DNS server that converts v4 addresses in local v6 ones.
![Page 13: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/13.jpg)
13CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
SIIT
Stateless IP/ICMP Translation (SIIT) allows communications between an IPv4 host and an IPv6 host by translating the packet headers.
Good for bidirectional reachability
It maps one v4-address to one v6-address
![Page 14: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/14.jpg)
14CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
DS-Lite (Dual Stack lite)
DS-Lite allows communications between IPv4 hosts in IPv4 islands. IPv4 clients uses private IPv4 addresses.
IPv4 client packets are encapsulated into IPv6 packets when crossing the IPV6-only ISP backbone.
IPv4 packets are decapsulated and NATed by special DS-Lite CGN devices (Carrier Grade NAT), then routed to the IPv4 Internet.
![Page 15: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/15.jpg)
15CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
6to4
6to4 allows communications between IPv6 hosts in IPv6 islands.
IPv6 packets are encapsulated into IPv4 packets when crossing the IPv4 Internet.
IPv6 encapsulated packets are exchanged between well-known 6to4 routers and relay.
![Page 16: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/16.jpg)
16CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
6rd (Rapid Deployment)
Derived from 6to4 but designed to operates entirely within the end-user's ISP's network, to avoid problems due to misconfigured 6to4 routers.
Developed and currently used by Free.fr for their ADSL customers.
![Page 17: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/17.jpg)
17CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
4rd
4rd is a mechanism to facilitate IPv4 residual deployment across IPv6 networks.
It is the reverse of 6rd.
![Page 18: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/18.jpg)
18CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
Teredo
Teredo allows IPv4-only clients to reach IPv6 only servers by establishing IPv4 tunnels to well-known Teredo relays
Similar to 6to4 but with more limitations.
![Page 19: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/19.jpg)
19CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
MAP
MAP allows IPv4 communication between IPv4 islands. Similar to DS-lite + CGN but with the NAT functions delegated to the CPE device (customer router)
Still an IETF draft.
![Page 20: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/20.jpg)
20CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
CERN strategy
![Page 21: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/21.jpg)
21CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
IPv6 Service Description
- Dual Stack
- One IPv6 address assigned to every IPv4 one
- Identical performance as IPv4, no degradation
- Common provisioning tools for IPv4 and IPv6
- Same network services portfolio as IPv4
- Common security policies for IPv4 and IPv6
![Page 22: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/22.jpg)
22CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
IPv6 deployment plan
- Testing of network devices: completed- IPv6 Testbed for CERN users: available- New LANDB schema: in production- Addressing plan in LANDB: in production- Provisioning tools (cfmgr and csdbweb): almost done- Network configuration: on going- Network services (DNS, DHCPv6...): on going- User interfaces (webreq): on going- User training- IPv6 Service ready for production in 2013 2013Q2
2011Q2
Today
2011Q3
2021Q1
2012Q1
![Page 23: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/23.jpg)
23CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
IPv4 shortage at CERN
Current VMs adoption plan may cause IPv4 depletion during 2014
Then:A) IPv6-only VMsorB) VMs with private IPv4 addresses
![Page 24: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/24.jpg)
24CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
A) IPv6-only VMs
+ Unlimited number of VMs- Several applications don't run over IPv6
(PXE, AFS, ...)- Very few remote sites have IPv6+ Will push IPv6 adoption in the WLCG
community
NAT64 or SIIT may be used:http://tools.ietf.org/html/draft-anderson-siit-dc-00
![Page 25: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/25.jpg)
25CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
B) private IPv4 addresses
+ Works flawlessly inside CERN domain- Needs NAT to reach not-CERN IPv4-only
hosts: - may not work fairly with some application - still need public IPv4 addresses for
external services - reduced performance
![Page 26: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/26.jpg)
26CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
Conclusions
![Page 27: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/27.jpg)
27CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
Conclusions
- IPv4 shortage will soon hit CERN
- Applications will have to live either with private ipv4 addresses or ipv6-only stacks
- Use of IPv6 in the WLCG have to start as soon as possible
![Page 28: IPv4 shortage and CERN · CERN IT Department CH-1211 Genève 23 Switzerland IPv4 shortage and CERN 15 January 2013 edoardo.martelli@cern.ch](https://reader033.vdocuments.mx/reader033/viewer/2022060812/60902b6985d70045f74e2b3b/html5/thumbnails/28.jpg)
28CERN IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
More information:http://cern.ch/ipv6