status of ipv6 rollout at swisscom - swiss network operators … · 2018-07-30 · • remote...
TRANSCRIPT
Status of IPv6 Rollout at Swisscom
Martin Gysi, 22.10.2014
public
2
Status of IPv6 Rollout at Swisscom Agenda
• Residential
• Datacenter
• Mobile
• Enterprise Customers
Remember IPv6? It’s IP with longer addresses!
(Nothing more, nothing less. But it’s crucial for the future of the Internet)
• Remote activation of IPv6 began in March 2013 for ADB «centro» routers
• IPv6 is not yet activated by default. So, due to customer churn, numbers decline after a rollout. New customers are activated periodically
• New firmware for older CPEs will allow turning on v6 by default. Rollout depends on VDSL vectoring, don’t know when it is going to happen. Should roughly double the number of active users
0
200000
400000
600000
800000
1000000
1200000
1400000
Jan
uar
Feb
rua
r
Mä
rz
Ap
ril
Ma
i
Jun
i
Juli
Au
gust
Sep
tem
ber
Okt
ob
er
No
vem
be
r
De
zem
be
r
Jan
uar
Feb
rua
r
Mä
rz
Ap
ril
Ma
i
Jun
i
Juli
Au
gust
Sep
tem
ber
Okt
ob
er
No
vem
be
r
De
zem
be
r
Residential IPv6 customers 2013-14
Residential Evolution of dual-stack customers
3
?
Residential Evolution of bandwidth for dual-stack users
• Average peak traffic per customer since start of rollout:
– Total: +50%
– IPv4: + 30%
– IPv6: + 245%
• IPv6 traffic is 26% of total traffic
• Services that are available on IPv6 grow significantly faster than the average!
4
020406080
100120140160180
IPv4 average peak traffic per
customer
0
10
20
30
40
50
60
IPv6 average peak traffic per
customer
Residential IPv6 traffic sources
5
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
Distribution of IPv6 packet sizes
40-117 37%
118-277 2%
278-597 1%
598-1237 1%
1238-1472 58%
60% from Google, 5% FB, 35% rest of Internet
6
Network topology
IPv6 Rapid Deployment on IPv4 Infrastructures (RFC 5969)
6RD is a Stateless Tunnel Technology, Embedding the CE’s IPv4 Address into the IPv6 Prefix.
IPv4 only. IPv6
tunnelled over IPv4 Native
IPv4/IPv6
Native
IPv4/IPv6
6rd CE router 6rd Border Relay
0 28 60 64
subscriber subnetting
up to 32 bits of subscriber’s IPv4 address
Interface ID Subnet ID 85.5.7.171 2A02:1200
6RD prefix
IPv4 dest 85.5.7.171
IPv4 Header IPv6 Header
IPv6 Payload
copy
send to preconfigured BR address send to embedded CE address
IPv6 address format for 6rd
IPv4 header & encapsulated IPv6
packet (downstream)
Residential Border Relay (ASR 9010) technical details
• 6rd encapsulation and decapsulation is performend on «NPU» of line cards
• Three ports of a 24-Port Line Card share 1 NPU
• Service Blade for «exceptional traffic», e.g. ICMP (Ping, Traceroute, Path MTU Discovery)
• First step of rollout: Use every third port on LC.
7
6rd BR
IPN, 8-port LC
NPU NPU NPU NPU NPU NPU NPU NPU
Te0/1/0/0
Te0/5/0/0
IPN 1 IPN 2
Te0/1/0/3 Te0/1/0/6 Te0/1/0/21 Te0/1/0/23
Te0/5/0/3 Te0/5/0/0 Te0/5/0/3
service cgn SC_6rd
service-location preferred-active 0/0/CPU0
service-type tunnel v6rd 6rd1
path-mtu 1472
br
ipv6-prefix 2a02:1200::/28
source-address 193.5.29.1
unicast address 2a02:120c:1051:d010::1
!
address-family ipv4
interface ServiceApp4
!
address-family ipv6
interface ServiceApp6
!
!
!
show command: #sh cgn tunnel v6rd 6rd1 statistics
8
RP/0/RSP0/CPU0:lssic20p-brd001#sh cgn tunnel v6rd 6rd1 statistics
Tue Aug 5 07:57:05.253 UTC
Tunnel 6rd configuration
=========================
Tunnel 6rd name: 6rd1
IPv6 Prefix/Length: 2a02:1200::/28
Source address: 193.5.29.1
BR Unicast address: 2a02:120c:1051:d010::1
IPv4 Prefix length: 0
IPv4 Suffix length: 0
TOS: , TTL: , Path MTU: 1472
Tunnel 6rd statistics
======================
IPv4 to IPv6
=============
Incoming packet count : 2452764625
Incoming tunneled packets count : 2452712654
Decapsulated packets : 2452694282
ICMP translation count : 20353
Insufficient IPv4 payload drop count : 0
Security check failure drops : 1483
No DB entry drop count : 0
Unsupported protocol drop count : 0
Invalid IPv6 source prefix drop count : 16889
IPv6 to IPv4
=============
Incoming packet count : 3174456512
Encapsulated packets count : 3174445625
No DB drop count : 0
Unsupported protocol drop count : 0
IPv4 ICMP
==========
Incoming packets count : 51971
Reply packets count : 1
Throttled packet count : 21924
Nontranslatable drops : 9693
Unsupported icmp type drop count : 0
IPv6 ICMP
==========
Incoming packets count : 1346
Reply packets count : 1325
Packet Too Big generated packets count : 2128
Packet Too Big not generated packets count : 0
NA generated packets count : 0
TTL expiry generated packets count : 0
Unsupported icmp type drop count : 0
Throttled packet count : 7434
IPv4 to IPv6 Fragments
=======================
Incoming fragments count : 0
Reassembled packet count : 0
Reassembed fragments count : 0
ICMP incoming fragments count : 0
Total fragment drop count : 0
Fragments dropped due to timeout : 0
Reassembly throttled drop count : 0
Duplicate fragments drop count : 0
Reassembly disabled drop count : 0
No DB entry fragments drop count : 0
Fragments dropped due to security check failure : 0
Insufficient IPv4 payload fragment drop count : 0
Unsupported protocol fragment drops : 0
Invalid IPv6 prefix fragment drop count : 0
IPv6 to IPv4 Fragments
=======================
Incoming ICMP fragment count : 0
RP/0/RSP0/CPU0:lssic20p-brd001#
Tunnel 6rd configuration
=========================
Tunnel 6rd name: 6rd1
IPv6 Prefix/Length: 2a02:1200::/28
Source address: 193.5.29.1
BR Unicast address: 2a02:120c:1051:d010::1
IPv4 Prefix length: 0
IPv4 Suffix length: 0
TOS: , TTL: , Path MTU: 1472
Tunnel 6rd statistics
======================
IPv4 to IPv6
=============
Incoming packet count : 2452764625
Incoming tunneled packets count : 2452712654
Decapsulated packets : 2452694282
ICMP translation count : 20353
Insufficient IPv4 payload drop count : 0
Security check failure drops : 1483
No DB entry drop count : 0
Unsupported protocol drop count : 0
Invalid IPv6 source prefix drop count : 16889
IPv6 to IPv4
=============
Incoming packet count : 3174456512
Encapsulated packets count : 3174445625
No DB drop count : 0
Unsupported protocol drop count :
IPv4 ICMP
==========
Incoming packets count : 51971
Reply packets count : 1
Throttled packet count : 21924
Nontranslatable drops : 9693
Unsupported icmp type drop count : 0
IPv6 ICMP
==========
Incoming packets count : 1346
Reply packets count : 1325
Packet Too Big generated packets count : 2128
Packet Too Big not generated packets count : 0
NA generated packets count : 0
TTL expiry generated packets count : 0
Unsupported icmp type drop count : 0
Throttled packet count : 7434
IPv4 to IPv6 Fragments
=======================
Incoming fragments count : 0
Reassembled packet count : 0
Reassembed fragments count : 0
ICMP incoming fragments count : 0
Total fragment drop count : 0
Fragments dropped due to timeout : 0
Reassembly throttled drop count : 0
Duplicate fragments drop count : 0
Reassembly disabled drop count : 0
No DB entry fragments drop count : 0
Fragments dropped due to security check failure : 0
Insufficient IPv4 payload fragment drop count : 0
Unsupported protocol fragment drops : 0
Invalid IPv6 prefix fragment drop count : 0
IPv6 to IPv4 Fragments
=======================
Incoming ICMP fragment count : 0
RP/0/RSP0/CPU0:lssic20p-brd001#
Residential 6rd vs. CG-NAT
• As we don’t have enough public IPv4 addresses, a number of (low-end) customers get RFC 6598 addresses combined with NAT.
• Restricted IPv4 access.
• Of course, their IPv6 /60 prefix is public!
• 6rd uses IPv4 as transport between CPE and Border Relay, in a completely stateless fashion
• RFC 6598 addresses are routed (non-natted) to the BR.
• Saving IPv4 addresses and deploying IPv6 are two separate, distinct problems that must both be solved!
9
Reverse DNS in IPv6 – how?
• In IPv4, ISPs assign a reverse DNS entry for every IP address that they assign to their customers – 243.109.192.178.in-addr.arpa. IN PTR 243-109.192-178.cust.bluewin.ch.
• In IPv6, that’s a hard thing to do: Swisscom has 2^100 addresses for residential customers alone. No DB or flat file could hold so many entries. (See Lee Howard from
Time Warner Cable: draft-howard-isp-ip6rdns-06)
– No entry: Common. But not best practice
– «No such domain (NXDOMAIN)» entry: Gives you no answer, but at least you know that somebody owns this space
– «Wildcard» entry: Return the same answer for all requests within a certain space. That’s what Swisscom does. Disadvantage: Forward and reverse entries will never match. *.0.2.1.2.0.a.2.ip6.arpa. IN PTR dynamic.wline.6rd.res.cust.swisscom.ch.
– Generated-on-the-fly entry: More CPU intensive (especially with DNSsec). Advantage: Matching forward end reverse entries
– Dynamic DNS: ISP’s DNS delegate to Residential Gateways, hosts automatically register their names there.
10
Datacenter Overview
• «Product IT networks» (PIN) datacenter:
– Routing (IPv6 on MPLS) has been in place for 40 weeks. Services are tested end-to-end in lab and work fine.
– Load balancers are still nok, due to software issues not related to IPv6. So no live services are running dual-stack today, no DNS, no bluewin.ch, no mail.
– Next IOS release for LB will be available in November. another round of IPv6-testing.
• Swisscom IT Services datacenter:
– swisscom.ch: Running dual-stack since «World IPv6 Launch», using two dedicated F5 load balancers
11
Datacenter Some learnings and caveats
• PIN runs on old hardware (c7609 with SUP720 and PFC3B/C line cards)
• Routes: Limited to max 256 k
– 32 k IPv6 routes by default (an IPv6 route counts as two IPv4 routes)
• ACLs: 128 Bit TCAM. So not enough room for IPv6 address + port, ACL exceeding 128 Bits are treated in software ( bad idea! )
– Activate «ACL compression»:
– Verify ACL is not punted to CPU (watch for «punt» in output):
12
c6500#show mls cef maximum-routes
FIB TCAM maximum routes : ======================= Current :- ------- IPv4 + MPLS - 192k (default)
IPv6 + IP Multicast - 32k (default)
c6500(config)#mls cef maximum-routes ? ip number of ip routes ip-multicast number of multicast routes ipv6 number of ipv6 routes mpls number of MPLS labels
mls ipv6 acl compress address unicast
sh tcam interface gigabitEthernet 1/10 acl in ipv6
Mobile
• VoLTE (VoIP over LTE) will use an IPv6-only APN (~VRF in mobile). Launch announced for mid 2015.
• No launch date for IPv6 on the Internet APN. But should be achievable with the experience gained from the VoLTE rollout.
• We plan on using 464XLAT (RFC 6877) to get rid of IPv4 in the mobile network, but still enable IPv4 connectivity for applications that need it.
13
IPv4
IPv6
IPv4-only app
NAT
46 NAT
64
IPv4 service
Internet CG-NAT Mobile Network
IPv6 only
Handset
IPv6 app IPv6 service
Enterprise customers
• Currently working on a dual-stack offer for SME customers.
• IPv6 will be part of the «All-IP» product bundles (“my KMU office”), to be launched mid-2015.
• Mid-range offer will include
– Static /48 subnet
– CPE supporting DHPv6 prefix delegation, making it possible to chain routers
• IPv6 Internet Services from IP-plus have been available for more than ten years, on a best-effort basis …
• LAN-I (L3-VPN): On customer request. We currently have one pilot site running (Alte Kantonsschule Aarau).
14
dd
/mm
/yyy
y
15
Cla
ssif
ica
tio
n,
Firs
t n
am
e &
su
rna
me
, O
rga
niz
ati
on
, Fi
len
am
e_
Ve
rsio
n
Addressing the infrastructure 2001:4d98::/32
• Organized by service, zone, network, device type (e.g. mgmt) etc. Default /48 per service or zone. Larger allocations require justification by an address concept.
• Geographical significance (if any) only within assigned block, local responsibility
• Every service or zone is assigned with an Internet-routed (x16) and an internal-only (x16 + 800016) block. Use according to need.
Infrastructure2001:4d98::/32
IA Core /48
Datacentre/36
IP-Plus /40
Routed to Internet2001:4d98::/34
Reserved
...
Mobile core/48
ReservedNot routed to Internet,
internal only2001:4d98:8000::/34
IA Core /48
...
Mobile core/48
Big chunks Small chunks Datacentrereserv.
/36
Datacentre/36
IP-Plus /40
Datacentrereserv.
/36
Deploy IPv6, help put Switzerland back on top!
• Belgium: 27.1%
• Luxembourg: 11.32%
• Germany: 11.15%
• Switzerland: 10.57%
16
IPv6. It’s not an option!
17
Contact information
Swisscom AG
Martin Gysi
Network Development
Binzring 17
CH-8045 Zürich
www.swisscom.ch