ipv6: journey to the next generation ip protocol...ipv6 ipv4 ipv4-only host server load balancer...
TRANSCRIPT
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 1
IPv6: Journey to the next generation IP Protocol Paulo Pereira Senior Manager, Systems Engineering UAE
19 March 2012
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Vint Cerf Chief Internet Evangelist
Bob Kahn Chairman, CEO and
President
Corporation for National
Research Initiatives
Widely known as the founding "fathers of the Internet" source: http://en.wikipedia.org/wiki/Vint_Cerf
Video goes here
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
How did we get here?
Where are we?
How do we move from here?
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 5
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
source: http://www.iana.org/numbers
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
source: http://www.potaroo.net/tools/ipv4/
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
source: http://www.potaroo.net/tools/ipv4/
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
IANA exhausted its IPv4 free
pool (3 February 2011)
RIRs exhaust their
unallocated pools
Expanding networks (ISPs,
businesses, etc) exhaust
their pools of unused
addresses
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Will the internet
STOP?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Autonomous Systems Count
Growth
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
IPv6 is the only
long term solution
Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 13
How do we move from here?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Content
User
ISP
Device
“A deadlock, stalemate, impasse; a roughly equal (frequently unsatisfactory) outcome to a
conflict in which there is no clear winner or loser,”
Where is the
content?
Where is the
network?
Do I pay less or get new
applications? NAT’s are good.
RFC1918 gives
me security, and
IPv4 address
runout is my
ISP’s problem.
The network is not ready,
users don’t care and I don’t
want to risk a poor end-user
experience today for
potential gains tomorrow
Enterprise
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
• Preserve IPv4 address allocation
-Use Private Addresses (10.0.0.0/8 - RFC1918) to address customers
-Use Carrier Grade NAT / Large Scale NAT
• Provide IPv6 addresses
-Native IPv6 Provide bridging function to reach IPv4
-Dual Stack
ISP IPv6
IPv4
Internet
4
4
6 6
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
IPv6
Internet IPv4
Internet
IPv4 Access Network
IPv4 Core
Subscriber Network
NAT
IPv4 Carrier Grade NAT
NAT
IPv6 Access
Network
Dual Stack Core
Subscriber
Network
CE
IPv6-Only Subscriber
6↔4
Dual Stack Core
v6 over
v4
Subscriber Network
IPv6 Rapid Deployment
6rd
or L
2T
P
6rd BR
Subscriber Network
v4
over
v6
Dual Stack Core
4rd
or D
S-L
ite
IPv6-Only Access Network
NAT
Dual Stack
Core +
Access (ex: DOCSIS 3.0)
Subscriber Network
PE
Native
Dual Stack
For more info see: http://www.cisco.com/go/cgv6
PE
CE CE
4rd BR AFTR
CE
LNS
Preserve Prepare Prosper
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Public addresses End-to-end – transparent TCP session
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
IPv4
Sharing public IPv4 addresses => IPv4 Content traverses NAT’s. Challenges: Transparency to application, Location, Security
CGN creates State (and logging) for every sessions
CGN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Web 2.0 (ex: AJAX) Application Behavior Under Constrained NAT Resources
20 NAT Sessions 15 NAT Sessions 10 NAT Sessions 30 NAT Sessions times millions of users How many concurrent sessions will your business require?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Some examples of major Web site
Application # of TCP sessionsNo operation 5~10Yahoo top page 10~20Google image search 30~60ニコニコ動画 50~80OCN photo friend 170~200+iTunes 230~270iGoogle 80~100楽天(Rakuten) 50~60Amazon 90HMV 100YouTube 90
Browser behavior, Port consumption
End-User experience-performance drives Port up (AJAX) Source: NTT : http://www.nttv6.jp/~miyakawa/IETF72/IETF-IAB-TECH-PLENARY-NTT-miyakawa.pdf
Orange Labs : http://opensourceaplusp.weebly.com/experiments-results.html
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
IPv4
IPv6
End to End model restored ! IPv6 Content bypasses NAT Resources, DNS is the switch
CGN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
1. Double-NAT e.g. at CPE and Carrier
2. Hides location of users
3. Security Concerns blocking an IP might black out
entire countries or mobile operator
4. Impacts User Experience e.g. limited number of translations
per user
IPv4/IPv6
INTERNET ISP#1
NAT
44 NAT
64
IPv6 user IPv4 user
ISP#2
ISP#3
Corporate Website IPv4
Corporate IPv4
IPv4/IPv6
INTERNET ISP#1
Corporate Website IPv4/IPv6
Corporate IPv4
NAT
44 NAT
64
IPv6 user IPv4 user
ISP#2
ISP#3
DMZ
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Inside - Out
Dual-Stack Enterprise IPv4 Internet
Outside - In
IPv4 Enterprise IPv6 Internet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
IPv6
IPv4
IPv4-only Host
Server Load Balancer
http reverse proxy
IPv6
Internet
ACE30
Stateful NAT64
IPv4-only Host
IPv6
IPv4
IPv6
Internet
ASR1000
IPv4-only Host
Software Proxy
Web Tier
IPv6
IPv4
-Apache
-MSFT PortProxy
IPv6
Internet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
• What was it?
A single day (24 hrs) where major content providers advertised a AAAA DNS record for their production service (e.g. www.cisco.com, www.facebook.com); coordinated by the Internet Society
• When was it?
June 8, 2011
• Who participated?
Google, Facebook, Yahoo!, Akamai , Cisco , Limelight Networks were among 434 participants that offered content from their main websites over IPv6 for a 24-hour "test drive“ (http://www.worldipv6day.org/participants/index.html)
• Why do this?
Demonstrates commercial viability of IPv6
Helps identify areas of improvement in IPv6 functionality
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
www.cisco.com
ACE
Alpha IPv6 Network Production IPv4
Network
Internet
www
Web Srvrs
(HTTP/HTTPS)
(HT
TP
/
HT
TP
S)
(HT
TP
/
HT
TP
S)
IPv6-enabled
Endpoint
IPv4-only
Endpoint
www.cisco.com www.cisco.com
CN
AM
E CDN DNS
DNS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
From concept (March) to delivery (June) in 3 Months
Cross functional collaboration across 18 Teams in Cisco to make this a successful event (excludes external collaboration)
1.2% of total traffic hitting www.cisco.com was IPv6
1.5% of Unique IPs hitting www.cisco.com were IPv6
No support cases created
http://www.worldipv6launch.org/
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
• Education and awareness
• Define a strategy based on your business drivers
outside-in vs inside–out
• Assessment (infra and apps)
• Mandate IPv6 in all products procurement based on your roadmap
• Get an IPv6 prefix Engage RIR
PI is better
• Monitor IPv6 adoption in your region Core infra and peering
DNS AAAA request
• Engage your SP to get IPv6 access Parity with IPV4 SLA
• Start a project to design a dual-stack internet presence
Routing, Security/Monitoring, SLB, Proxies, DNS, CDN
IPv6 Enable your Networking and Security practice
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
IPv6 Assessment Service
Determine how your network needs to change to support your IPv6 strategy
IPv6 Discovery Service
Guidance in the early stages of considering a transition to IPv6
IPv6 Planning and Design Service
Designs, transition strategy, and support to enable a smooth migration
IPv6 Implementation Service
Validation testing and implementation consulting services
Network Optimization Service
Absorb, manage, and scale IPv6 in your environment
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
www.cisco.com/go/ipv6
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
supportforums.cisco.com
supportforums.cisco.mobi
The Cisco Support Community is your one-stop
community destination from Cisco for sharing
current, real-world technical support knowledge with
peers and experts.
Documents
Discussions
Blogs
Video Ask the Expert
Mobile
• Free for anyone with Cisco.com registration
• Get timely answers to your technical questions
• Find relevant technical documentation
• Engage with over 200,000 top technical experts
• Seamless transition from discussion to TAC Service Request (Cisco customers and partners only)
• Visit the Cisco Support Community booth in the World of Solutions for more information
Thank you.