IPv6 Juniper Presentation
21
IPV6 TRANSITION STRATEGIES Alessandro Salesi Alessandro Salesi Athens, Apr 13rd 2011
-
Upload
hassan-khan -
Category
Documents
-
view
62 -
download
2
Transcript of IPv6 Juniper Presentation
IPV6 TRANSITION STRATEGIES
Alessandro SalesiAlessandro Salesi
Athens, Apr 13rd 2011
2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
JUNIPER PERSPECTIVE ON IPV4 EXHAUSTION AND IPV6 DEPLOYMENT
IPV6 NEWS
2008Q4 - Google IPv6 launch (ipv6.google.com)
2008Q4 - Free 6rd deployment
2009-06 - Comcast announce Ipv6 Transit Wholesale service
2009-06 - Netflix available through Ipv6
2009-06 - VZ Wireless announce that any LTE phone will have to have an IPv6@ to connect their network
2010-1 - Comcast announce Ipv6 trial for end customer in april
3 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
2010-2 - Youtube is now available on IPv6
2010-7 – T-Mobile USA is launching an Ipv6-only trial
2010-9 – USA Federal agencies CIO announced Ipv6 services schedule
2010-11 – Akamai announced their IPv6 project (rollou t in 2011)
2010-12 – Level3 is offering Ipv6 transit
2010-12 – VZW launched their LTE network. Dual stack and full IPv6 IMS.
IPV4 REALITY CHECK:IANA FREE POOL HAS EXHAUSTED
Post 2008 recession
Pre 2008 recession
2008 recession effect
IANA exhaust: 2/1/2011RIR exhaust: soon after
4 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Post 2008 recession
After completion:Existing IPv4 addresses will not stop working.Current networks will still operate.
0%
INDUSTRY IPV6 SCORE CARD
Function Element Status
Network Core Router: T
Edge Routers: MX, 6PE
Servers Linux 2.6+
Datacenter equipments, CDN
End-user clients Windows 7(Many XP boxes out there)
5 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
(Many XP boxes out there)
MacOS 10.x
Game consoles Wii, PS3, Xbox
Software Web Browser: Firefox, IE, Safari
Skype
On-line PC games
SSL VPN
Content Web content available over IPv6
CE CPEs
Number 1 & 2issues
Number 1 & 2issues
WEB REACHABILITY ON IPV6?COMCAST IPV6 MONITOR /1
0.17%
Google had white-listed Comcast for
a short period of time
Source: http://ipv6monitor.comcast.net
6 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
0.14%
Average0.15%
Dec 2009 Oct 2010
Current measurement:0.15% of Alexa top 1-million web sites are available via IPv6(This number has not changed in the last 12 months) Source: http://ipv6monitor.comcast.net
WEB CONTENT ON IPV6?COMCAST IPV6 MONITOR /2
Google had white-listed Comcast for
a short period of time
10%
20%
Source: http://ipv6monitor.comcast.net
7 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
10%
0%
There is a direct correlation between content popul arity and IPv6 presence.Source: http://ipv6monitor.comcast.net
# DNS QUERY
8 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Source : Yoshinobu Matsuzaki @ IIJ IPv6/IPv4 = 0.41%
IPV6 ALONE IS NOT THE ANSWER TO IPV4 ADDRESS DEPLETION
Short Term: IPv6 to simplify IPv4 service delivery.IPv6 networks with IPv4 overlays enable the management of a large number of customers while maintaining an IPv4 service.
Today: CGN solves IPv4 exhaust.
Feb 1st 2011: IPv4 exhaustion occurred.
9 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Medium Term: Emergence of IPv6 content.The decoupling of deploying IPv6 networks from the deployment ofIPv6 applications & content solves the chicken and egg problem.IPv6 traffic is a cap& grow strategy around NAT scaling issues.
number of customers while maintaining an IPv4 service.
Long Term: IPv4 dies (very slowly) .IPv4 & IPv6 co-exist until IPv6 become pervasive.
IPV6 UNDER-LAYER (“L2.5”): DS-LITE
ISP IPv6
Network
IPv4 & IPv6
The IPv4 NAT function is moved from the CPE to a box in the service provider network:Only one level of
NAT
Requires:
- IPv6 access network
- DS-Lite aware IPv6 CPE
Dual-stack wireless device
provisioned only with IPv6
10 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPv6/IPv4 tunnel
IPv4 & IPv6 IPv4
CPE are provisioned
only with IPv6 IPv6IPv6 traffic
flows directly
AFTR
PROBLEM STATEMENT:GETTING CONTENT AVAILABLE OVER IPV6 QUICKLY
How to get example.com web site available over IPv6 quickly and at the lowest possible cost?
☐ Get everything dual-stack (Network, Load-balancer, Servers…)
☐ Get the network dual-stack and leave the servers IPv4(Easier, as the engineering teams dealing with servers are often not the
11 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
(Easier, as the engineering teams dealing with servers are often not the same as the ones dealing with the network)
� Don’t touch anything and let some else handle the problem…
An IPv6->IPv4 translator in the cloudcan do this translation for you.
PRODUCT TO BUILD: “TRANSLATOR IN THE CLOUD” TO QUICKLY DELIVER IPV6 SERVICE
IPv4IPv6
IPv4 address ofwww.example.com
IPv6 clients
12 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Cloud
Translator
NAT 64
www.example.comDNS AAAA 2001:…
IPV4/IPV6 TRANSITION MECHANISM CHOICE
12
14
16
18
20
No.
of C
usto
mer
s
IPv4/IPv6 Mechanism
A+P
6rd
6to4
13 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
0
2
4
6
8
10
12
A+P 6rd 6to4 DS-Lite NAT444 NAT64 NAT66 4rd
No.
of C
usto
mer
s
6to4
DS-Lite
NAT444
NAT64
NAT66
4rd
OBSERVATIONS ABOUT TRANSITION TECHNIQUES
All transition techniques (NAT444+6RD, NAT64, DS-Li te) revolve around the notion of sharing IPv4 addresses via some form of NAT.
14 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
They all require the exact same amount of IPv4 addresses to be shared in a NAT pool.
� The difference is how packets are transported to the NAT
Sharing addresses among customers introduces issues:� LEA/Abuse/Logging/Geo-location/Access control
CONCLUSION
Now is the time to get serious about IPv6.In doing so, it is critical to preserve IPv4 service .
Key hot topics are:� Replacing every CPE to enable IPv6
Making the operation of IPv4 NAT technologies scale
15 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
� Making the operation of IPv4 NAT technologies scale� Getting content on IPv6
16 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
UPCOMING KEY TECHONOLOGIES
UPCOMING TECHNOLOGY: PCP (NEW DEVELOPMENT)
PCP: Port Control Protocol
PCP objectives are to enable applications to receive incoming connections in the presence of an ISP NAT/Firewall.
Instead of ‘working around’ NATs like other NAT traversal techniques like STUN/TURN/ICE, PCP enables an explicit dialog between applications and the NAT.
17 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
between applications and the NAT.
PCP can be seen as a ‘carrier-grade’ evolution of UPnP-IGD and NAT-PMP.
The work on PCP is done at IETF in a new working group co-chaired by Alain Durand (Juniper) & Dave Thaler (Microsoft).
PCP IN A NUTSHELL
ISP network
Applications negotiate ports with the ISP NAT to establish external presence.Application asks: “I’d like to get port 5000 for 48 hours”, NAT PCP server responds:“I give you port 6003 for 12 hours”.
No more keep-alive!Better radio efficiencyBetter battery life
18 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
IPv4NAT
ISP network
19 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
JUNIPER SOLUTIONS
IP FAMILY TRANSITION SERVICES ON MS-PIC/MS-DPC
IPv6 Features� IPv6 NAT and IPv6 Stateful Firewall� NAT-PT Supported (ICMP ALG)� NAT-PT DNS ALG (10.4)� Stateful NAT66 supported� NAT64 (10.4)
8 MS-DPC supported by Single MX Chassis (1H2011)
20 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
NAT44� Support CGN requirement � (draft-ietf-behave-lsn-requirements-00)
IPv6 Softwire� DS-Lite (10.4)� 6rd/6to4 (11.1-Now)
