IPV6 TECHNIQUES TO Re-IMAGINE RESEARCH AND EDUCATION NETWORKS Benoit Lourdelet blourdel@juniper.net PSD CTO Office
IPv6 IN R&E NETWORKS 1990 : IPv6 First Steps - 1995 : IETF Stockholm : first ping. - 1996 : 6bone IPv6 stacks, tunnels 2000 : operational deployments Dual Stack, Overlay 2010 : IPv4 as a legacy service IPv4 on top of IPv6, IPv4 address Sharing
IPv6 DEPLOYMENTS FACTS Content Transit backbone End-Users > 50% Reachable over IPv6 Netflix (32%),YouTube (17%),Facebook (2%), Yahoo, Yahoo, Akamai, Limelight – Source Sandvine.com NAT64 then native Transit backbone Around 75% of Transit backbones are IPv6 enabled IPv6 Peering Policy more liberal than IPv4 Actual SLA not at parity End-Users 1.2% of Google users
A case for IPv4 oVER IPv6 ? IPv4 Service continuity is a must IPv4-only end-node and/or applications won’t go away by virtue of will power (e.g. Skype) IPv4 not necessarily routed in the Core IPv4 Address are already shared Most of the current IPv4 experience must be retained
IPv4 over IPv6 OVERLAY Single Stack Network – a viable option OPEX is reduced Maximizing IPv4 address use Recovering blocks Re-Aggregating Almost 100% as centralized IPv4 On Demand when necessary IPCP, DSTM, Lw4over6, etc.
Copyright © 2012 Juniper Networks, Inc. www.juniper.net IPv4 over IPv6 Technologies 6 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
CLASSIC DS-Lite Architecture RFC 6333 IPv4 IPv6 IPv4 IPv4 over IPv6 DHCPv6 Server AFTR AFTR dynamic Per-flow mapping table CGNAT PE Pre: transition slides DHCPv6 configures: - CPE IPv6 address - CPE IPv6 delegated prefix - DNS resolver - AFTR IPv6 address DS-Lite CPE implements: - B4 element B4 (No NAT)
IETF IPv4overIPv6 solutions Transform CGN into a simple port range Router Remove per-flow states and associated logging Deterministic NAT, Port Block Allocation Pass ports and address allocation to the CPE Lw4over6 : hub and spoke, static definition of L4 port ranges MAP : enables meshing via a formula to map IPv6 address and IPv4 Address/L4 ports DHCP Server PE MAP rules or Port Ranges CPE (NAT)
MAPPING of Address And PORTs A formula links IPv6 address, IPv4 address and ports IPv6 Prefix /41 8 4 2001:db8:9500:/41 A B 41 53 64 128 IPv4 Address : (256) Users (4096) Ports (4032 = 63*64) 192.168.1 A >0 B Available 24 32 6 4 6
Light Weight 4OVER6 USE case Keep SP-managed states to a minimum L4 port pairs to store MAP Mathematical link between IPv4 & IPv6 addresses reduces flexibility in IPv4 address management Offer IPv4 address assignment flexibility Offer finer granularity in IPv4 address and port allocations Keep the DHCP reservation paradigm where configuration parameters are distributed from a central table Volume of per-subscriber state well below a PPP context
LwAFTR Per-subscriber LW 4OVER6 Architecture IPv4 IPv6 IPv4 over IPv6 IPv4 DHCPv6/DHCPv4 Servers LwAFTR announces 192.0. 2.1/24 Lw AFTR LwAFTR Per-subscriber mapping table (No NAT) IPv6@ of CPE IPv4@ of CPE IPv4 port range 2001:db8:1:1::1 192.0.2.1 4000-4999 2001:db8:1:1::2 192.0.2.2 2000-2999 2001:db8:1:1::77 1030-10990 2001:db8:1:1::101 192.0.2.3 1991-5999 2001:db8:1:1::88 192.0.2.4 PE DHCPv6 configures: - Lw AFTR IPv6 address - IPv6 address of DHCPv4 server LW 4OVER6 CPE implements: - DHCPv4 Client Relay Agent - DHCPv4 Port Range option DHCPv4 (over IPv6) configures: - CPE B4 IPv4 address - Port range LwB4 (NAT)
IMPLEMENTATIONS Lightweight 4over6: An Extension to DS-Lite Architecture IETF 86,Orlando, March 2013
OraNGE
WHAT SERVICE PROVIDERS ARE DOING ?
IMPACT ON ROUTERS IPv6 technology evolving rapidly Programmable Silicon helps Need for inline NAT-P/T, encapsulation, de-capsulation Juniper Trio Chipset
Ipv6 deployment in R&E NETWORKS Internet Gateway LwAFTR Remote Campus NAT64 LwB4 Servers Access Core Content
Ipv6 deployment in CAMPUS NEtwORKS LwAFTR Bld A LwB4 200 ports Bld B LwB4 65000 ports Server Campus Core Add text : New locations are deployed with IPv6 as a transport IPv4 pool and port range is adjusted based on needs
CONCLUSION Today Focus is on IPv4 Phasing out SP are actively testing IPv6 only Networks Juniper is developing hardware to support this effort