Ole Ipv4onlifesupport

53
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 IPv4 on life-support Ole Trøan, cisco Engineering IP fundamentalist 2011-11-22 With help from: Randy Bush (Dr Vision) Dan Wing (Mr NAT) Mark Townsley (Mr Tunnel) Geoff Huston (Dr Doom)

Transcript of Ole Ipv4onlifesupport

Page 1: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

IPv4 on life-supportOle Trøan, cisco EngineeringIP fundamentalist

2011-11-22

With help from:Randy Bush (Dr Vision)Dan Wing (Mr NAT)Mark Townsley (Mr Tunnel)Geoff Huston (Dr Doom)

Page 2: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

The “inevitability” of technological evolution?

Page 3: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

The “inevitability” of technological evolution?

Page 4: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

Not exactly according to plan…

Page 5: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5Cisco ConfidentialCisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 5

“I’m driving at 100 kph, and I see a wall 100m ahead of me.

I’m not there yet; I’ll worry about that tomorrow…”

Page 6: Ole Ipv4onlifesupport

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 6

Page 7: Ole Ipv4onlifesupport

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 7

Page 8: Ole Ipv4onlifesupport

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 8

Page 9: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

Who deploys IPv6 today?• Enthusiasts working in corporations, friendly to “new stuff”

• Encouraged by government regulation / procurement requirements

• Out of fear (let’s be ready if this IPv6 thing happens…)

• New opportunities. If we are early into IPv6 we may have an advantage.

• Green field. Let’s not bother with legacy stuff in a new network

Page 10: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

“Why Has theTransitionto IPv6Been so Slow?”

Page 11: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

“Is it the Vendors?”

Page 12: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

“Is it the lazy Operators, - as the IPv6 idealist claim?”

Page 13: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

“Is it the lack of content?”

Page 14: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

“Is it that Applications do not support IPv6?”

Page 15: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

“Is the CPE?”

Page 16: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

“Is it the End-user host stack?”

Page 17: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

“Isn’t the 430 transition mechanisms enough?”

Page 18: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

“Transition depends on All of Those at the SAME TIME – a recipe for failure”

Page 19: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

The challenge often lies in managing the transition from one technology to another

Page 20: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

IPv4

IPv6

CGNs

ALGs CDNs

The challenge often lies in managing the transition from one technology to another

To get from “here” to “there” requires an excursion through an environment of CGNs, CDNs, ALGs and similar middleware ‘solutions’ to IPv4 address exhaustion

Page 21: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21

IPv4

IPv6

CGNs

ALGs CDNs

Transition requires the network owner to undertake capital investment in network service infrastructure to support IPv4 address sharing/rationing.

But will this be merely a temporary phase of transition?

Page 22: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22

The risk in this transition phase is that the Internet heads off in a completely different direction!

IPv4

IPv6

CGNs

ALGs CDNs

The challenge often lies in managing the transition from one technology to another

Page 23: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

IPv4

IPv6

CGNs

ALGs CDNs

APNIC

RIPE NCC

LACNICAFRINIC

ARIN201x?

Page 24: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

“The IPv4 InternetWas a Simple PlaceWhere Packets FlowedFreely Between Us”

Page 25: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

Page 26: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

128 bits

32 bits

CGN

Page 27: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

We are the Salmon

Page 28: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28

“But We Can EasilyDestroy theEnvironment in theNext Year or Two”

Page 29: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29

“There isOne SeriousProblemWith CGNs”

Page 30: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

and When They Say“Service Continuity”What They Mean isThey are NOT Transitioning to IPv6”

Page 31: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

IPv4 Life Support

Page 32: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

“Think About a WorldWhere You Can NotDeploy New Protocols(e.g. Skype)Without Telenor’s (or Apple’s or Google’s)Lawyers’ Approval”

Page 33: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33

“Tunnels and translators”

Page 34: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34

Two types of transition mechanism• IPv6 service (to end users)

6rd, L2TP, (IPv6 in IP, GRE, ISATAP, Teredo, Tunnel brokers)

• IPv4 exhaustion (IP address sharing)A+P: Mapping of Address and port (Shared IPv4 address over IPv6)

CGN / SD-NAT

DS-lite

• “Interoperate”:IPv6 to IPv4 connectivity

NAT64, TRT, Application proxies

Page 35: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35

Is it because we only have 430 transition mechanisms?

Page 36: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36

What goes in should come out..

Tunnels act like the layer below that which they are carrying

Often not perfectly, but “good enough” for a specific purpose

IP tunnels act like Data Link Layers

Page 37: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37

They provide us a Layer of Indirection

All problems in computer science can be solved by another level of indirection…

…except for the problem of too many levels of indirection

- David Wheeler

Page 38: Ole Ipv4onlifesupport

They have a wide variety of uses…

Page 39: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39

Subscribers Providers Internet

Private IPv4

IPv6

IPv6

Private IPv4

IPv6

IPv4

IPv6

IPv4

IPv6

Private IPv4

IP address sharing (NAT placement)

Page 40: Ole Ipv4onlifesupport

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 40

Address Sharing Gone Bad

Source: Shin Miyakawa, NTT Communications

40IETF82 - INTAREA

Page 41: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41

41IETF82 - INTAREA

IPv4 Address Sharing Technologies

IPv4 AddressRun-Out

IPv4

IPv6 6rd

Obtain IPv4 Addresses (RIR, address broker)

IPv4 Address SharingCGN,

NAT44, SD-NAT

6rd+

CGN

DualStackLite

MAP(4rd/dIVI)native

Page 42: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42

2. Connect IPvX to IPvY

• NAT Purpose 2: connect IPv6 to IPv4

IPv4 IPv6

IPv4-only hosts IPv6-only hosts

NAT64

42IETF82 - INTAREA

Page 43: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43

Connecting IPvX hosts to IPvY hosts• NAT64 is not perfect

• IPv6 and IPv4 are not compatibleFragmentation (IPv4: network fragments, IPv6: hosts fragment)

minimum MTU (IPv4: 576, IPv6: 1280)

IPv4 options versus IPv6 extensions

• Like NAT44:NAT64 can also bring Application Layer Gateway (ALG) issues

Complicates troubleshooting and abuse handling

43IETF82 - INTAREA

Page 44: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44

Smart Edge & Stupid Core• Traditional Voice has stupid edge devices,

phone instruments, and a very smart expensive core

• The Internet has a smart edge, computers with operating systems, applications, …, and a simple stupid core, which just does packet forwarding

• Adding an entirely new Internet service is just a matter of distributing an application to a few consenting desktops (until NATs)

• Compare that to adding a service to Voice

Page 45: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45

Conclusions

Page 46: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46

IPv6 Transition: Tunnel or Translate?

translate tunnel native routing

worst best

46IETF82 - INTAREA

Page 47: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47

IPv4-OnlyNetwork

IPv4-OnlyNetwork

IPv4-OnlyUsers

NAT

NAT

IPv6-Only

IPv6-OnlyUsers

CE

Dual Stack Network

Dual-StackUsers

PEPE

CE

Dual Stack Transition Leap

Page 48: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48

IPv4-OnlyNetwork

IPv4-OnlyNetwork

IPv4-OnlyUsers

NAT

NAT

IPv6-Only

Dual StackNetwork

IPv6-OnlyUsers

CE

6↔4

Dual StackNetwork

IIPv6Only

Dual-StackUsers

Dual-StackUsers

IPv6 Only

Dual StackNetwork

Dual Stack Network

Dual-StackUsers

PEPE

CE CE CE

Transition Steps Instead of Leaps…

Page 49: Ole Ipv4onlifesupport

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49

While:• IP address sharing is necessary to keep business running

• Necessary to keep end users happy (long tail IPv4)

• It is never ideal

Page 50: Ole Ipv4onlifesupport

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 50

Principle #1:Choose mechanisms which are progress towards IPv6

Page 51: Ole Ipv4onlifesupport

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 51

Principle #2:Prefer Mechanisms Which are simple, Stateless, Use IPv6 not IPv4, …

Page 52: Ole Ipv4onlifesupport

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 52

Principle #3:Keep state at the edge not the core

Page 53: Ole Ipv4onlifesupport

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 53

Principle #4:Use Mechanisms Which Preserve e2e and the Other Basic Principles as Much as Possible