Journey to IPv6: A Real-World deployment for Mobiles Real-World deployment for Mobiles ......
Transcript of Journey to IPv6: A Real-World deployment for Mobiles Real-World deployment for Mobiles ......
Journey to IPv6:A Real-World deployment for
Mobiles
ITU/APNIC/PacNOG21 IPv6 Workshop4th – 8th December 2017
Nuku’alofa
TelstraUnrestrictedLast updated 1st March 2017
Acknowledgementsp We would like to acknowledge Jeff Schmidt @ Telstra for
permitting us to use his original APRICOT 2017 tutorial slides
n https://2017.apricot.net/program/schedule/#/day/9/journey-to-ipv6---a-real-world-deployment-for-mobiles
2
Agendap Why IPv6?p Business and Technical considerationsp Network Architecturesp Addressing and Subnettingp Deployment Modelp Our Experiencep Q&A
3
Why IPv6?p Traffic growth and device per personp Network readiness for new technologies:
n Internet-of-Thingsn VoLTE/IMSn ViLTEn Management and Backhaul
p IPv4 public/private address depletionp Reduction in network inefficiencies
5
Business and Technical Considerationsp Non-interworkingprivateIPv4addressrangesduplicatedbetweendomains,thatnowrequireinterworking
9
10.0.0.0 10.0.0.0
10.0.0.0 10.0.0.0
Business and Technical Considerations
10
ContinualinvestmenttoextendIPv4resourcesvsIPv6tofutureproofournetwork
NAT
IoT
$
$or
Business and Technical Considerationsp As IPv4 addresses deplete, it will be more expensive to
extend IPv4 resources
p Dual-Stack is an effective transition technology but does not solve the IPv4 depletion problem
p Introducing IPv6:n Reduced dependency on NATn Remove the need for regionalisationn Pushes applications to move to IPv6
11
IPv6 ImplementationCentralised CGN
p CGN performs NAT/PAT 44 and NAT/PAT 64n PAT substantially reduces Public and Private IPv4 address demand, but does
not prevent IPv4 address depletion.13
Internet
IPCore/Edge
Internet
CGNAT BR
Region1
Region2
NAT/PAT44PrivateIPv4toPublicIPv4
CGNAT BR
NAT/PAT64PublicIPv6toPublicIPv4
Backhaul
EPG
Backhaul
EPG
IPv6 ImplementationTraffic Flow
14
IPv4PublicInternet
CarrierNetwork(IPv4+IPv6)
IPv6PublicInternetIBR
NAT64PublicIPv6toPublicIPv4
NativeIPv6
RadioNetwork(IPv4transport)
EPG
Single–BearerIPv6onlyuserplane
IPv6
Running multiple APNsp Create multiple real APNs that supports IPv4, IPv6, and
IPv4v6 individually
15
InternetRadio Network Carrier Network
IPv4
eNodeB
GGSN/EPG
IPv6 APN
IPv4v6 APN
IPv4 APN
IPv4v6
IPv6
IBRNAT44 / NAT64
DNS64
DNS-DS
Running a Single APNp Create a single real APN that supports both DS and SS
16
InternetRadio Network Carrier Network
IPv4
eNodeB
GGSN/EPG
IPv4v6 APN
IPv4v6
IPv6
IBRNAT44 / NAT64
DNS-DS
DNS64
IPv6 ImplementationSecurity
17
IPv4PublicInternet
CarrierNetwork(IPv4+IPv6)
IPv6PublicInternetCGNAT BR
NAT44/64TranslationStatefulfirewall
UntrusttoTrustBlockalltrafficoriginatingfrominternet
TrusttoUntrustAllowalltraffic
RadioNetwork(IPv4transport)
EPG
FirewallApplication
IPv6
IPv6NativeStatefulfirewall
UntrusttoTrustBlockalltrafficoriginatingfromInternet
TrusttoUntrustAllowalltrafficoriginatingfromIPv6handsetrangesonlyAllowDNStrafficBlockallinfrastructurerangesBlockallVoLTEranges
APNACL
AdvertiseonlyhandsetrangestoCarrierNetworkBlocktrafficwithIPrangesnotconfiguredontheEPG
Infrastructure Cloud IPv6
18
L3FabricEVPN
InternetProviderCoreNetworkMPLS
PE
DCGateway
ToR
vCGN
BR
vEPC
464XLAT Architecture for Mobiles
20
CarrierCore
UserEquipment/MobilePhone
IPv6
IPv4 CLATFunction
PLAT(NAT64)
IPv6Internet
IPv4Internet
CLAT>IPv4hostaddressforXLATE(clat4)
[192.0.0.4/32]IPv6hostaddressforXLATE[2001:db8:aaaa::464/128PLAT-SideXLATEIPv6Prefix
[2001:db8:bbbb::/96]
PLAT>IPv4pool
[192.0.2.1–192.0.2.100]PLAT-SideXLATEIPv6Prefix
[2001:db8:bbbb::/96]
IPv4SRC192.0.0.4IPv4DST
198.51.100.1
IPv6SRC2001:db8:aaaa::464
IPv6DST2001:db8:bbbb::198.51.100.1
IPv4SRC192.0.2.1IPv4DST
198.51.100.1StatelessNAT64
[RFC6145]
StatefulNAT64
[RFC6146]
198.51.100.1
2001:db8:ca7e::d007
Addressing and Subnettingp 3GPP currently dictates each UE to receive a /64p Future releases may require a /60 with DHCP-PD for single APN
tetheringp 4x /44 per APN per EPG = 4M prefixesp You will probably also need a similar range for VoLTE APNsp KEY: make sure it is a structured subnetting schema so it is
consistent nationally and across the entire organisation.
22
Addressing and Subnettingp Infrastructure Addressing:
n /64 per VLAN – Keep it simple!n Private or Public – but remember to use a firewall and policies to
avoid advertising the infrastructure out to the internet!n NAT is not a security feature!
23
Carrier ExamplesSP1 SP2 / SP3 SP4
Dual-Stack SS+NAT64+DNS64+CLAT SS/DS+NAT64+DNS-HD+CLAT
p Every carrier will have a unique set of circumstances that dictates which transition method they will use. There is no standard way of doing this.
p You must determine which is the best method for your network.
p In any method, remember to ensure you have a long-term strategy for the eventual deployment of native Single Stack IPv6!
25
Different APNs for different purposes
26
Two existing APNs – one for Handsets, one for Mobile Broadband and Tethering
or
464XLAT + NAT64 + DNS64 for the Handset APN only
IPv6 enabled DNS for all other APNs
Telstra.WAP
Telstra.Internet
NAT64/DNS64
464XLAT Internet
DNS-DS/ NAT44 Internet
Packet Core Configurationp HSS Configuration
n PDP Context id = IPv4v6p MME Configuration
n DAF = setp EPG Configuration
n PDPTYPE = IPv4v6
p EPG will then also have the following as a minimum within each APN:n IPv6 Handset Rangen IPv4 Handset Rangen 2x IPv4 DNS Name Servers, 2x IPv6 DNS Name Servers
27
UE Requirements and Settingsp Android 4.3+ supports 464XLAT. We recommend using
anything that is 4.4.4+ or 5.1+p Depending on your setup, either PDP selection is based
on the UE or the Network. p International Roaming over IPv6 works today! But we
recommend the APN Roaming Protocol to be set to IPv4 only for the next two years.
28
Launch Considerationsp Informed Front of House and provided training, as well as
Enterprise support and sales personnelp Updated internal Knowledge Basep Briefed Operations and provided trainingp Created moderated forum with official details on the network
changep Provided direct email contact to Telstra Engineeringp Contacted the technical community via mailing lists and public
forums before launch
29
Our Experiencep iPad Dual-Stack Carrier Settings
n Significant IPv6 takeup on iPads since carrier update was made available with Dual-Stack.
n Update made via iOS patch. Users are not immediately aware IPv6 is available on their iPads. Transparent migration.
n IPv6 take up occurs when iPads are patched to the latest version
n Single Stack will come later this year
31
Our Experience
32
05,000
10,00015,00020,00025,00030,00035,00040,00045,00050,00055,00060,00065,000
01/07/16
01/08/16
01/09/16
01/10/16
01/11/16
01/12/16
01/01/17
NSW QLD SA
telstra.wap - IPv6 Usage
BYO device and existing servicesp APN – IPv4v6, HLR/HSS – IPv4v6p Legacy devices configured with IPv4 only are not impactedp New devices configured with IPv4v6 obtains both addresses and is
currently growing significantlyp Existing devices configured with IPv6 only obtains IPv6 only
p CGNATp NAT64 ALGs: ftp, sip, pptp, rtsp, h323
33
IPv4 vs IPv6p Some applications fail with IPv6 – even with 464XLAT. Routing
issues?p VPNs are a real problem – but is it a carrier problem or an
application / server problem?p HTTP / HTTPS works very wellp SSH is not a major problemp IPv6 is faster in some cases – smaller BGP table, no NAT etc.p Major apps work very well – especially from the major content
providers
34
Customer Supportp Engage the community early so they know what’s coming. They
will appreciate you are still developing and they will want to be part of the journey!
p We receive support email through our contact points and reply as soon as possible. Don’t keep your customers waiting
p Skip the red tape – let customers engage engineering directlyp Keep management happy! Report SIO and bandwidth usage!
35
Contactp Jeff Schmidt
n Technology Team ManagerTelstra Wireless Network Engineering
p Sunny Yeungn Senior Technology Specialist
Telstra Wireless Network Engineeringn [email protected]
38