Journey to IPv6: A Real-World deployment

for Mobiles ITU/APNIC/MOIC IPv6

Workshop 19th – 21st June 2017

Thimphu

Telstra Unrestricted Last updated 1st March 2017

Acknowledgements p We would like to acknowledge Jeff

Schmidt @ Telstra for permitting us to use his original APRICOT 2017 tutorial slides

n  https://2017.apricot.net/program/schedule/#/day/9/journey-to-ipv6---a-real-world-deployment-for-mobiles

2

Agenda p Why IPv6? p Business and Technical considerations p Network Architectures p Addressing and Subnetting p Deployment Model p Our Experience p Q&A

3

Why IPv6?

Why IPv6? p  Traffic growth and device per person p Network readiness for new technologies:

n  Internet-of-Things n  VoLTE/IMS n  ViLTE n  Management and Backhaul

p  IPv4 public/private address depletion p Reduction in network inefficiencies

5

IPv6 Global Traffic

6 Source - https://www.google.com/intl/en/ipv6/statistics.html

Business and Technical Considerations

Business and Technical Considerations

8

Depleting public and private IPv4 address range

Business and Technical Considerations p  Non-interworking private IPv4 address ranges

duplicated between domains, that now require interworking

9

10.0.0.0 10.0.0.0

10.0.0.0 10.0.0.0

Business and Technical Considerations

10

Continual investment to extend IPv4 resources vs IPv6 to future proof our network

NAT

IoT

$

$ or

Business and Technical Considerations p As IPv4 addresses deplete, it will be more

expensive to extend IPv4 resources

p Dual-Stack is an effective transition technology but does not solve the IPv4 depletion problem

p  Introducing IPv6: n  Reduced dependency on NAT n  Remove the need for regionalisation n  Pushes applications to move to IPv6

11

Network Architectures

IPv6 Implementation Centralised CGN

p  CGN performs NAT/PAT 44 and NAT/PAT 64 n  PAT substantially reduces Public and Private IPv4

address demand, but does not prevent IPv4 address depletion. 13

Internet

IPCore/Edge

Internet

CGNAT BR

Region1

Region2

NAT/PAT44PrivateIPv4toPublicIPv4

CGNAT BR

NAT/PAT64PublicIPv6toPublicIPv4

Backhaul

EPG

Backhaul

EPG

IPv6 Implementation Traffic Flow

14

IPv4PublicInternet

CarrierNetwork(IPv4+IPv6)

IPv6PublicInternetIBR

NAT64PublicIPv6toPublicIPv4

NativeIPv6

RadioNetwork(IPv4transport)

EPG

Single–BearerIPv6onlyuserplane

IPv6

Running multiple APNs p Create multiple real APNs that supports

IPv4, IPv6, and IPv4v6 individually

15

InternetRadio Network Carrier Network

IPv4

eNodeB

GGSN/EPG

IPv6 APN

IPv4v6 APN

IPv4 APN

IPv4v6

IPv6

IBRNAT44 / NAT64

DNS64

DNS-DS

Running a Single APN p Create a single real APN that supports

both DS and SS

16

InternetRadio Network Carrier Network

IPv4

eNodeB

GGSN/EPG

IPv4v6 APN

IPv4v6

IPv6

IBRNAT44 / NAT64

DNS-DS

DNS64

IPv6 Implementation Security

17

IPv4PublicInternet

CarrierNetwork(IPv4+IPv6)

IPv6PublicInternetCGNAT BR

NAT44/64TranslationStatefulfirewall

UntrusttoTrustBlockalltrafficoriginatingfrominternet

TrusttoUntrustAllowalltraffic

RadioNetwork(IPv4transport)

EPG

FirewallApplication

IPv6

IPv6NativeStatefulfirewall

UntrusttoTrustBlockalltrafficoriginatingfromInternet

TrusttoUntrustAllowalltrafficoriginatingfromIPv6handsetrangesonlyAllowDNStrafficBlockallinfrastructurerangesBlockallVoLTEranges

APNACL

AdvertiseonlyhandsetrangestoCarrierNetworkBlocktrafficwithIPrangesnotconfiguredontheEPG

Infrastructure Cloud IPv6

18

L3FabricEVPN

InternetProviderCoreNetworkMPLS

PE

DCGateway

ToR

vCGN

BR

vEPC

How much traffic will use IPv6?

19

464XLAT Architecture for Mobiles

20

CarrierCore

UserEquipment/MobilePhone

IPv6

IPv4 CLATFunction

PLAT(NAT64)

IPv6Internet

IPv4Internet

CLAT>IPv4hostaddressforXLATE(clat4)

[192.0.0.4/32]IPv6hostaddressforXLATE[2001:db8:aaaa::464/128PLAT-SideXLATEIPv6Prefix

[2001:db8:bbbb::/96]

PLAT>IPv4pool

[192.0.2.1–192.0.2.100]PLAT-SideXLATEIPv6Prefix

[2001:db8:bbbb::/96]

IPv4SRC192.0.0.4IPv4DST

198.51.100.1

IPv6SRC2001:db8:aaaa::464

IPv6DST2001:db8:bbbb::198.51.100.1

IPv4SRC192.0.2.1IPv4DST

198.51.100.1StatelessNAT64

[RFC6145]

StatefulNAT64

[RFC6146]

198.51.100.1

2001:db8:ca7e::d007

Addressing and Subnetting

Addressing and Subnetting p  3GPP currently dictates each UE to receive a /64 p  Future releases may require a /60 with DHCP-PD

for single APN tethering p  4x /44 per APN per EPG = 4M prefixes p  You will probably also need a similar range for

VoLTE APNs p  KEY: make sure it is a structured subnetting

schema so it is consistent nationally and across the entire organisation.

22

Addressing and Subnetting p  Infrastructure Addressing:

n  /64 per VLAN – Keep it simple! n  Private or Public – but remember to use a

firewall and policies to avoid advertising the infrastructure out to the internet!

n  NAT is not a security feature!

23

Deployment Model

Carrier Examples SP1 SP2 / SP3 SP4 Dual-Stack SS+NAT64+DNS64+CLAT SS/DS+NAT64+DNS-HD+CLAT

p  Every carrier will have a unique set of circumstances that dictates which transition method they will use. There is no standard way of doing this.

p  You must determine which is the best method for your network.

p  In any method, remember to ensure you have a long-term strategy for the eventual deployment of native Single Stack IPv6!

25

Different APNs for different purposes

26

Two existing APNs – one for Handsets, one for Mobile Broadband and Tethering

or 464XLAT + NAT64 + DNS64 for the Handset APN only IPv6 enabled DNS for all other APNs

Telstra.WAP

Telstra.Internet

NAT64/ DNS64

464XLAT Internet

DNS-DS/ NAT44 Internet

Packet Core Configuration p  HSS Configuration

n  PDP Context id = IPv4v6

p  MME Configuration n  DAF = set

p  EPG Configuration n  PDPTYPE = IPv4v6

p  EPG will then also have the following as a minimum within each APN: n  IPv6 Handset Range n  IPv4 Handset Range n  2x IPv4 DNS Name Servers, 2x IPv6 DNS Name Servers

27

UE Requirements and Settings p Android 4.3+ supports 464XLAT. We

recommend using anything that is 4.4.4+ or 5.1+

p Depending on your setup, either PDP selection is based on the UE or the Network.

p  International Roaming over IPv6 works today! But we recommend the APN Roaming Protocol to be set to IPv4 only for the next two years.

28

Launch Considerations p  Informed Front of House and provided training,

as well as Enterprise support and sales personnel p  Updated internal Knowledge Base p  Briefed Operations and provided training p  Created moderated forum with official details on

the network change p  Provided direct email contact to Telstra

Engineering p  Contacted the technical community via mailing

lists and public forums before launch

29

Our Experience

Our Experience p  iPad Dual-Stack Carrier Settings

n  Significant IPv6 takeup on iPads since carrier update was made available with Dual-Stack.

n  Update made via iOS patch. Users are not immediately aware IPv6 is available on their iPads. Transparent migration.

n  IPv6 take up occurs when iPads are patched to the latest version

n  Single Stack will come later this year

31

Our Experience

32

0

5,000

10,000

15,000

20,000

25,000

30,000

35,000

40,000

45,000

50,000

55,000

60,000

65,000

01/07/16

01/08/16

01/09/16

01/10/16

01/11/16

01/12/16

01/01/17

NSW QLD SA VIC WA Total

telstra.wap - IPv6 Usage

BYO device and existing services p  APN – IPv4v6, HLR/HSS – IPv4v6 p  Legacy devices configured with IPv4 only are not

impacted p  New devices configured with IPv4v6 obtains both

addresses and is currently growing significantly p  Existing devices configured with IPv6 only obtains

IPv6 only

p  CGNAT p  NAT64 ALGs: ftp, sip, pptp, rtsp, h323

33

IPv4 vs IPv6 p  Some applications fail with IPv6 – even with

464XLAT. Routing issues? p  VPNs are a real problem – but is it a carrier

problem or an application / server problem? p  HTTP / HTTPS works very well p  SSH is not a major problem p  IPv6 is faster in some cases – smaller BGP table,

no NAT etc. p  Major apps work very well – especially from the

major content providers

34

Customer Support p  Engage the community early so they know what’s

coming. They will appreciate you are still developing and they will want to be part of the journey!

p  We receive support email through our contact points and reply as soon as possible. Don’t keep your customers waiting

p  Skip the red tape – let customers engage engineering directly

p  Keep management happy! Report SIO and bandwidth usage!

35

Q&A

CONTACT

Contact p  Jeff Schmidt

n  Technology Team Manager Telstra Wireless Network Engineering

n  sunny.yeung@team.telstra.com

p Sunny Yeung n  Senior Technology Specialist

Telstra Wireless Network Engineering n  sunny.yeung@team.telstra.com

38