IPv4
Anuncio
LACNOC 2010 Technology Options for Access Providers with IPv6 Michael De Leo CTO LATAM [email protected] Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Agenda Service Provider Access IPv6 in Access Networks xDSL, ETTH, WLAN and CABLE So where is the content? IPv4 Exhaustion Technologies Applying Technologies to Migration Paths Your Options Conclusions Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 2 Service Provider: Access Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 3 IPv6 Broadband Access Solutions Layer 2 Encapsulation(s) IPv4/IPv6 Firewall PIX®, Cisco IOS® FW PSTN Dial NAS ISP A Internet DSL DSLAM DOCSIS 3.0 Proposal Cable BAS Head-End Distributed Computing (GRID) Access Ethernet 802.11 Mobile RAN ATM RFC 1483 Routed or Bridged (RBE) PPP, PPPoA, PPPoE, Tunnel (Cable) Presentation_ID Enterprise © 2007 Cisco Systems, Inc. All rights reserved. IPv6 Prefix Pools IPv6 RADIUS (Cisco VSA and RFC 3162) DHCPv6 Prefix Delegation Stateless DHCPv6 DHCPv6 Relay Generic Prefix Dual-Stack or MPLS (6PE) Core Cisco Public Video IPv6 Multicast IPv4/IPv6 4 Two Broadband Access Models Today Network access provider = internet service provider Access Layer Core ISP Network access provider # internet service provider Access Layer NAP Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Core ISP 5 Transition Technologies: Summary Private IP/ NAT Today IPv6 over IPv4 (6rd/ 6PE) IPv4 over Dual-Stack IPv6 (DSLite) All IPv6 Business / Consumer IP NGN Prosper Prepare Preserve = IPv4 Presentation_ID = Private IP © 2007 Cisco Systems, Inc. All rights reserved. = IPv6 Cisco Public 6 xDSL, ETTH and WLAN Networks Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 7 Point-to-Point Model NAP Customer Premises NSP Edge Router DSLAM (NAP) Layer 2 xDSL NSP Customer Premises Acc Sw Agg Sw Edge Router (NAP) Layer 2 ETTH Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 8 L2TPv2 Access Aggregation (LAA) Model Customer Premises NAP DSLAM NSP BRAS Edge Router NAP PPP xDSL AAA RADIUS Server BRAS Acc Sw NAP Agg Sw PPP © 2007 Cisco Systems, Inc. All rights reserved. Edge Router ISP L2TPv2 AAA RADIUS Server ETTH Presentation_ID ISP L2TPv2 Cisco Public 9 PPP Terminated Aggregation (PTA) Model Customer Premises NAP DSLAM NSP BRAS Edge Router NAP PPPoX xDSL ISP AAA RADIUS Server BRAS Acc Sw Agg Sw Edge Router NAP ISP PPPoE ETTH Only one PPPoA session per PVC Multiple PPPoE sessions per VLAN The PPPoE sessions can be initiated by the hosts or the CPE Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public AAA RADIUS Server 10 Hybrid: IPv4 LAA Model and IPv6 PTA Model Customer Premises NAP DSLAM PPP BRAS PPP PPP NSP NAP ISP L2TPv2 xDSL AAA RADIUS Server BRAS Acc Sw PPP NAP Agg Sw PPP PPP © 2007 Cisco Systems, Inc. All rights reserved. Edge Router ISP L2TPv2 AAA RADIUS Server ETTH Presentation_ID Edge Router Cisco Public IPv4 IPv6 11 IPv6 RBE Different Than IPv4 RBE: Pick out the 0x86DD type and route the traffic Enabled per PVC, IPv6 address is configured per PVC, each PVC supports a different subnet IPv4 Traffic Bridged L2TPv2 ISP BRAS IPv6 RBE Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. IPv6 Traffic Cisco Public Edge Router IPv4 IPv6 12 Cable Networks Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 13 CableLabs IPv6 Decision and Approach CableLabs members put IPv6 in consideration for DOCSIS 3.0 Cisco responded with proposal for IPv6 architecture and features IPv6 identified as one of top three ranked order priorities by MSOs Decision: DOCSIS 3.x MUST fully support IPv6 Cisco primary author for DOCSIS 3.0 IPv6 and enhanced IPv4/6 Multicast specifications Rationale Increased address space for CM management New CPE services Proposed phases Phase 1—CM hardware impacting features, CM provisioning and management over IPv6, embedded IPv6 router in CM Phase 2—remaining IPv6 features for CPE services, for example IPv6 CPE provisioning and IPv6 service support Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 14 IPv6 Deployment Models for DOCSIS 3.0 Customer Admin Domain MSO Admin Domain Servers Access Model 1 DHCP, DNS TFTP CM1 Bridge CPE1 TOD Management Access Model 2 HOME/ SMB CPE2 HFC CPE Router CM2 Bridge CPE3 CORE CMTS Router Access Model 3 HOME/ SMB To Internet CM Router Management Prefix: 2001:DB8:FFFF:0::/64 Service Prefix: 2001:DB8:FFFE:0::/64 Customer 2 Prefix: 2001:DB8:2::/48 Customer 3 Prefix: 2001:DB8:3::/48 HFC Link; Assigned 2001:DB8:FFFF:0::/64 (Mgmt) and 2001:DB8:FFFE:0::/64 (Serv) Customer 2 Premises Link; Assigned 2001:DB8:2:0::/64 Customer 3 Premises Link; Assigned 2001:DB8:3:0::/64 Routers Span Customer and MSO Administrative Domains Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 15 So where is the content? Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 16 Content on IPv4 today Not much content in the IPv6 world yet Customer equipment mostly IPv4 devices, but more devices are IPv6 ready Not all client CPE or hosts have same basic functions or migration technologies Most users have windows computers, but more than just computers connect to the Internet – Tivo, Xbox/PS, When IPv4 address are exhausted what are some addressing scenarions: IPv4 NAT (sometimes called NAT44) IPv6 native IPv6 with Address Family Translation (AFT) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 17 How to get to content: IPv4 IPv6 We will need NATting or more precisely Address Family Translation (AFT) NAT-PT (NAT Protocol Translation) is deprecated New proposals are being developed under the Behave and Softwires Working Groups in the IETF See draft-wing-nat-pt-replacement-comparison-02 Still in flux – many proposals are being dropped Different places where AFT can take place CPE router ISP Edge Network Core Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 18 Challenges with NAT and AFT NAT or AFT has its own challenges Scalability – e.g. applications like Google Maps (AJAX) use many ports simultaneously May require application changes to work with NAT/AFT Stateful management could be a challenge – lawful intercept and logging RFC 2993 documents some architectural implications of NAT Some cases might require DNS rewriting Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 19 Network Address Translation (NAT) Terminology Presentation_ID NAT44 The classic IPv4 NAT NAT444 Double NAT (NAT on Residential Gateway (RG) + NAT within SP network) NAT46 Protocol translation from IPv4 to IPv6 (may also include DNS46) NAT464 Double NAT with IPv6 transport NAT64 Protocol translation from IPv6 to IPv4 (may also include DNS64) NAT66 Hiding addresses for reachability or domain independence IVI Prefix-specific & stateless address mapping for IPv4/IPv6 coexistence and transition LSN Large Scale NAT CGN Carrier Grade NAT AFT Address Family Translator © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public In practice, all three mean the SP performs some form of NAT for many subscribers 20 Should You Do Large Scale NAT (LSN) or IPv6? This is not an either/or choice. Depending on your drivers, you may have to do both. Long term, not doing IPv6 increases your risk/cost to support any new services, or changes to existing services For now you may also choose do neither if you have plenty of IPv4 addresses But in the long run there is risk. Competitors scrambling today might get the jump using IPv6. Still, not being forced unwillingly to the market first is a nice position :-) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 21 Large Scale NAT444 in Operation Subscribers Access Provider Network Public Internet IPv4 Today: IPv4public IPv4 Public IPv4 Internet Core IPv4 IPv4 Adding LSN: IPv4 (NOT)-IPv4public LSN Public IPv4 Internet Core IPv4 = public IPv4 = NOT public IPv4 Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 22 LSN 444 Advantages and Challenges Advantages Challenges Addresses immediate IPv4 exhaust problem User traceability No change to subscriber CPE Local traffic requires hair pinning No IPv4 re-addressing in home Telling users “you are out of bindings” Allows deferral of IPv6 architecture selection Users expectations versus having a private IP service only? Dense utilization of Public IP address/port combinations Margin & competitive implications No new UNI protocols extensions Operations & troubleshooting of transient issues No standard body delays User control over NAT Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 23 Large Scale NAT 444 Will Happen Its simply too late for IPv6 to meet IPv4 exhaust demands gracefully IPv6 Content Tilt Public IPv4 BB users Public IPv6 BB users Accessing IPv6 Internet Private IPv4 BB users Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public * source: Infonetics 2008 24 Who First? Simplistic answer: where the growth of public endpoints outstrips capacity What Costs? LSN 444: Who Can, Who Can’t Incremental costs of Network based NAT Mobile (Emerging) Mobile (Developed) Wireline Addressable Endpoints (Developed) Capital Operations Binding maintenance for application keep alives Lawful Intercept – binding archiving OSS But what applications cannot afford LSN? Applications requiring universal connectivity / addressability at low cost Applications of high bandwidth & transport little revenue ($Cost / Mb) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 25 LSN Must Handle Traffic Growth In 2010 Internet video will surpass P2P in volume. This will be the first time since 2000 that any application has displaced P2P as the top traffic driver. Mobile Data Traffic Almost 64 percent of the world’s mobile traffic will be video by 2013. Mobile video will grow at a CAGR of 150 percent between 2008 and 2013. Mobile video has the highest growth rate of any application category measured within the Cisco VNI Forecast at this time. Mobile broadband handsets with higher than 3G speeds and laptop aircards will drive over 80 percent of global mobile traffic by 2013. A single high-end phone like the iPhone/Blackberry generates more data traffic than 30 basic-feature cell phones. A laptop aircard generates more data traffic than 450 basic-feature cell phones. Source: 2009 Cisco Global Mobile Data Traffic Forecast Update Subscriber Traffic Growth Must Be Matched Against Expected Trends in Service Delivery Price/Performance Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 26 LSN Engineering Depends on Service Mix What will be your LSN engineering constraint: Bandwidth? Bindings? What is your margin for the service most constrained? Your answer is one indicator of when IPv6 becomes a “must” Price per Megabyte for different services Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 27 Choosing an Optimal Address-Type per Service Characteristics wrt/ Addressing Service Most content is currently IPv4 HTTP/ email Type IPv4 IPv4 over LSN IPv6 Cisco’s Global Consumer Internet Traffic Forecast ClientServer Walled Garden Cost/bit IPTV optimized delivery ClientServer Over-the-top HD Video Cost/bit optimized delivery ClientServer BitTorrent Availability of seeds without keep-alive ClientClient Sensors & Alarms Low power/utilization devices can‘t afford frequent keep-alives ClientServer Telepresense & Video Conferencing “Specialized P2P”; Multiple applications Clientlinked together; strong Client requirements for ALGs if NAT is employed “Internet-to-TV traffic will bypass Internet video-to-PC traffic by 2009 and will exceed 1 exabyte per month in 2011.” – Approaching the zetabyte era, Cisco 2008 * Assessment based on the assumption that LSN will incurr additional cost (CAPEX for additional NAT-device and/or processing, as well as OPEX for NAT operation & control) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 28 Access Network Provider Services Model Affects IPv6 Approach “Integrated Services” Provider Seek to create user experience and suite of own services “Connectivity Services” Provider Optimize cost of bandwidth delivery and scale. One network for all services Often independent networks for different services Support with multiple applications that drive connectivity Cost per bit is not 1st concern IPv6 as a differentiator IPv6 mainly for internal optimization in the short term. Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 29 An LSN + IPv6 SP Adoption Scenario One of the Many Possible... IPv6 enabled endpoint IPv4 address pool exhausted New end-systems deployment (handset/RG) IPv4 enabled endpoint IPv6 Internet (IPv6 only transport viable from a market perspective) IPv6 only endpoints technically viable NAT64 Dual-Stack deployment NAT46 Large Scale NAT (LSN) introduction time Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 30 IPv4 Exhaustion Technologies Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 31 Menu of IPv4 Exhaust Technologies Method 1 Method 2 Method 3 Method 4 Method 5 Method 6 v6 Hosts (& Dual Stack) Large Scale NAT 444 NAT 64 v6 Tunneling v4 Tunneling over v6 v4 Subnet Trading / Exchange Interworking / coexistence will be necessary Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 32 Method 1 IPv6 Hosts (and Dual Stack) v6 hosts: Relief of tight private IP address space Bypass NAT application problems Functional separation of firewall from universal addressability “v6 only” devices likely to start in application specific pockets (sensors, SIP phones) v6+v4 hosts (dual stack): Will smooth market entry as devices & network are less tightly coupled Defers some IPv6 infrastructure investment (e.g., use DNSv4) Operation costs increase for Dual-Stack We have forgotten how to operate multi-protocol networks Facts: Obvious: There aren’t enough IPv4 addresses to sustain the current v4 model Corollary: There aren’t enough IPv4 addresses to support the dual stack model Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 33 Method 2 Large Scale NAT 444 NAT is already helping with v4 exhaustion Works via mapping multiple hosts into the port range of a single IP-Address Creates client reachability & potential ALG issues (sometimes sold as a “feature”) Expanding NAT into SP infrastructure increases longevity of IPv4 Sadly client software has little reason to minimize number of Ports used Large scale carrier NAT not considered in application design Ultimately this will be a scaling limitation Cisco’s FWSM & ACE Enterprise NAT boxes already doing LSN in Mobile Smartphone applications often different than those on Broadband PCs Changing usage patterns for mobile (wireless as the only connectivity) All NAT solutions suffer from complicating host-host communications. Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 34 Method 3 NAT 64 IPv6 hosts to access any IPv4 Internet endpoint Some IPv6 devices might only need sporadic access to the IPv4 Internet Solution: Global NAT 64 with N:1 mapping (i.e., Large Scale NAT 64) IPv6 hosts to Private IPv4 servers Local domain might allow v6 clients to access content on local v4 hosts Access to IPv4 home server while on the IPv6 road Solution: Local NAT 64 with 1:1 mapping Application Layer Gateways (ALG): Application specific NAT Session Border Controller ALG (for SIP phones) DNS ALG Going from Presentation_ID 6→4 Fact: is easy. Initiating from the IPv4 side is harder. © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 35 Method 4 v6 Tunneling : v6 over PPP SPs would love to have their embedded access infrastructure support IPv6 However legacy DSLAMs often cannot pass IPv6 These DSLAMs can pass PPP or IPv4, so it is possible to tunnel IPv6. This means massive investment reused Tunnels can originate from RG or CPE. When on CPE, no coordination with RG or Access Provider required! Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 36 Method 4 v6 Tunneling: IPv6 Rapid Deployment (6rd) A form of v6/v4 which efficiently traverses the aggregation cloud without added IPv6 provisioning For IPv6 traffic destined for the Home, the 6rd Relay pulls the RG’s IPv4 from within the destination IPv6 address (when combined with a CGN lookup this is 6rd+) For IPv6 traffic destined to a nearby 6rd user, the RG pulls the target IPv4 tunnel endpoint from within the destination IPv6 address 6rd Relay RG IPv4 Address 6rd RG Residence’s IPv6 Subnet is constructed from: ISP’s IPv6 Prefix + RG IPv4 Address + Interface ID /32 /64 /128 For IPv6 traffic destined to the backbone, the RG uses the destination IPv4 of the 6rd Relay. Backbone traffic is identified by masking the destination IPv6 for either: NOT (ISP IPv6 Prefix), or NOT (routable unicast public IPv4 address) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 37 Approach: Keep the IPv4 Access & Aggregation Network “as is” AAA, DHCP, OSS IPv6 Ready Backbone (6PE or Native) IPv6 Ready Hosts RG Access BNG Node (BRAS, (DSLAM) CMTS) Router IPv4-Only Access, Aggregation, AAA Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 38 Tunneling 6rd – RFC5969 Subscriber IPv6 prefix derived from IPv4 address “One line” global config for IPv6 Gateway 6rd 6rd 6rd Dual Stack Native or 6PE Core IPv4 + IPv6 IPv4 + IPv6 IPv4 + IPv6 CE 6rd Border Relays 6rd IPv4 Native dual-stack IP service to the subscriber Simple, stateless, automatic IPv6-in-IPv4 encapsulation & decapsulation IPv6 traffic automatically follows IPv4 routing 6rd Border Relay placed at IPv6 edge Conceptually similar to “6to4” (RFC3056) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 39 6rd Automatic Prefix Delegation (From a Global IPv4 Prefix) 6rd IPv6 Prefix Customer IPv6 Prefix 129.1.1.1 2011:100 This prefix length is variable in 6rd, /28 is just an example Presentation_ID 60 28 0 Subnet-ID Interface ID 64 Customer’s IPv4 prefix (32 bits -­‐ or less) © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 40 6rd Automatic Prefix Delegation (From a Private IPv4 Prefix) 6rd IPv6 Prefix Customer IPv6 Prefix 1.1.1 2011:1000 0 Subnet-ID Interface ID 56 64 32 Customer’s IPv4 prefix Without the "10." (24 bits) Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 41 Packet Flow and Encapsulation 6rd 6rd IPv4 + IPv6 6rd IPv4 + IPv6 Core IPv4 + IPv6 IPv4 + IPv6 6rd Border Relays RG 6rd IPv4 THEN encap in IPv4 with embedded address IF (6rd IPv6 prefix) Dest = Inside 6rd domain 2001:100 8101:0101 ENCAP with BR IPv4 Anycast address ELSE IPv6 Dest = Outside 6rd domain Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Not 2001:100... Cisco Public Interface ID Interface ID 42 6rd BR Setup and Provisioning 6rd BORDER RELAY REPRESENTATIVE CONFIG (IOS, ASR1K) interface Loopback0 IPv4-only AAA ip address 10.100.100.1 255.255.255.0 and/or DHCP ! NAT44 interface Tunnel0 + 6rd tunnel source Loopback0 tunnel mode ipv6ip 6rd NAT tunnel 6rd ipv4 prefix-len 8 IPv4-Private + IPv6 IPv4 tunnel 6rd prefix 2001:db80::/32 6rd Native Dual Stack Access Border to Customer ipv6 address 2001:db80:6464:100::/128 BNG Node RG Relay (IPv4) anycast (IPv4) ! ipv6 route 2001:db80::/32 Tunnel0 ipv6 route 2001:db80:6464:100::/56 Null0 IPv6 + IPv4 1. BR must havetoIPv6 reachability (Native, 6PE, GRE Simple and Easy setup! Tunnel, etc). Additional tip: Use the ipv6 general-prefix command to automatically create the ipv6 address anycast address... 2. An access-network-facing IPv4 address (likely anycast) 3. Global 6rd ISP Prefix and Length *One BR may serve one or more 6rd Domains Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 43 Method 5 v4 Tunneling over v6 For networks willing/able to push IPv6 access & aggregation Use #1: SPs exhausting 10.x.x.x space in their aggregation networks Cable Modems & mobile access/aggregation devices: NB/eNB, S-GW,... Use #2: IPv4 & IPv6 services over IPv6 transport Dual Stack Light NAT 444 by SP (1:1 or N:1) means no impact to premises IPv4 numbering Allows graceful turn-down of IPv4 over time CPE Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 44 Method 6 v4 Subnet Trading / Exchange Markets form to balance offer & demand for scarce resources Discussions on IPv4 subnet trading already started (as did the trading in some cases) Current IPv4 address allocation mechanisms were not built to support the dynamic reallocation of subnets Facilitating address trading means protecting against address hijacking / false announcements etc. BGP Prefix Validation draft-pmohapat-sidr-pfx-validate Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public Source: http://arstechnica.com/old/content/2008/02/ can-an-ipv4-stock-market-stave-off-address-depletion-ipv6.ars 45 Your Options Presentation_ID © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 46 IPv6 Dialogs with Broadband/Mobile Carriers Business Driver Interest UNI Exhaust Technologies Broadband: reuse access infrastructure ✔✔✔ Dual Stack Method 1 Method 2 Method 3 Method 4 Broadband: replace access infrastructure ✔✔ Dual Stack Method 1 Method 2 Method 3 Method 5 Mobile: IPv6 Handsets ✔✔ IPv6 © 2007 Cisco Systems, Inc. All rights reserved. 1 Method 3 Note: This table doesn’t cover v4 only topologies, ie: Presentation_ID Method Cisco Public Method 2 LSN 4 →4 or IPv6 Hosts LSN 4→4 LSN 6→4 IPv6 over PPP / 6rd+ IPv6 Hosts LSN 4→4 LSN 6→4 Dual Stack Lite: v4/v6 IPv6 Hosts LSN 6→4 Method 6 v4 Subnet trading 47 Making the Architectural Choices The good news: You have lots of Options! (The bad news: you have a lot of options!) Aggregation • Native • over MPLS L3 Adjacency • One BNG • Many BNGs • Wholesale Tunneling L2 Edge • 1:1 VLAN • N:1 VLAN CPE • v6 / Ethernet • v6 / PPPoE Presentation_ID RG UNI • Routing • Bridging © 2007 Cisco Systems, Inc. All rights reserved. Access • v6 / Ethernet • v6 / PPPoE • v6/ v4 Additional complexities: - Integrating embedded IPv4 - Transition mechanisms Which mix is right for you? Cisco Public 48
