Anda di halaman 1dari 44

Future of the Internet

IPv4 Exhaustion
and IPv6 Deployment
Architecture

Josef Ungerman
Cisco, CCIE #6167

[credits to Woj Dec]

Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Agenda

  IPv4-Exhaust Strategies & Technologies


Change is ahead
Preserving IPv4
IPv4 to IPv4 translation
Preparing for IPv6
Dual-Stack IPv4 and IPv6
IPv6-Only to IPv4-Only Translation
Dual Stack with Tunneling
Operator Approach Overview

2
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPv4
Address‐space
Usage
Trends

Source:
h*p://www.potaroo.net/tools/ipv4/

or
h*p://www.nic.ad.jp/en/ip/ipv4pool/


Projected IANA Unallocated Address Pool Exhaustion: 01-Oct-2011


Projected RIR Unallocated Address Pool Exhaustion: 28-Aug-2012

The
red
line
indicates
the
number
of
/8
address
blocks
remaining
in
the
IANA
(Internet
Assigned
Numbers
Authority)

free
pool.


The
green
line
indicates
the
number
of
/8
address
blocks
available
in
RIR
(Regional
Internet
Registry)

free
address

pools.


The
verAcal
line
indicates
today.
 3
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPv6 Drivers

IPv4 Address space completion National IPv6 Strategies


  Compliance: U.S. Federal
  Public or Private Space Mandate, IPv6 task force
  Limiting network expansion   Next Generation Internet
and putting at risk business (CNGI) project in China
continuity and Japan
  Introducing Operational   European Commission
challenges Recommendation

IPv6   Next generation Network


  IPv6 “on” in Microsoft Vista architecture require IPv6
  Sensor Networks   DOCSIS 3.0,Quad Play
  Apple's “Back to My Mac”   Mobile SP
  v6 over v4 OTT tunnel   Networks in Motion
providers   Networked Sensors, i.e.: AIRS

IPv6 in Client Software Infrastructure Evolution

4
Exponential bandwidth growth → traffic without NAT is cheaper!
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPv6 Internet
Google over IPv6 (via local IXP)
Google services available currently How it began:
1. Google search (image, blog and code search) 1. March 2008: Google search over IPv6 on
2. Alerts IPv6-only websites like ipv6.google.com
(IPv6 connection required). No other
3. Docs
service available.
4. Finance
5. Gmail
6. Health
7. iGoogle
8. News
9. Reader
10. Picasa 2.  Google over IPv6: seamless access to
11. Maps most Google services over IPv6 simply by
using same websites
IPv6 peering with Google is prerequisite (RS).

IPv6 Google Search Add-on for


Firefox is another example
where IPv6 connectivity is prerequisite.
  Sources: go6 and Google
5
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Transition Technologies
Spectrum of technologies
IPv6 over IPv4 over
Private IP/ IPv4 (6rd/ Dual-Stack IPv6 (DS-
Today NAT 6PE) Lite) All IPv6
Business /
Consumer

IP NGN

Prosper

Prepare

Preserve

= IPv4 = Private IP = IPv6


6
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Agenda

  IPv4-Exhaust Strategies & Technologies


Change is ahead
Preserving IPv4
IPv4 to IPv4 translation
Preparing for IPv6
Dual-Stack IPv4 and IPv6
IPv6-Only to IPv4-Only Translation
Dual Stack with Tunneling
Operator Approach Overview

7
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Large Scale NAT44 (LSN44)
1. Multiple customers multiplexed behind an SP
managed NAT device (a Large Scale NAT) Large Scale NAT44

LSN44 multiplexes several customers onto the •  O(10G) throughput


•  O(10M) bindings
same public IPv4 address
Each customer has unique private IPv4 address • Transaction logging
• Limited set of ALGs

AAA

NAT44 NAT44

NAT
IPv4
Internet
IPv4-Private IPv4-Private

Home Access
Gateway Node BRAS LSN

2. NAT44 can be deployed as centralized or distributed function.


3. CPE based NAT44 + LSN44 = NAT444 solution

8
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
CRS-1 and CRS-3
CGSE: the Carrier-Grade Services Engine
Introducing the new engine for massive Cisco CGv6 deployments

  20+ million active translations


  100s of thousands of subscribers
  1+ million connections per second
  20Gb/s of throughput per CGSE
Cisco CGSE   XML API (eg. port-forwarding)
  Netflow V9 translation logging
  Security

  Builds upon the proven performance of the


Cisco CRS-1
  Widely deployed where maximum coverage
and ROI can be achieved Cisco CRS-1 & CRS-3
9
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
ASR 1000
NAT Gateway today, and CGN (Carrier-Grade NAT) in future
Optimized for smaller-scale or highly-distributed Cisco CGv6 deployments

CGN (roadmap)
  2 million active translations
Cisco ASR 1002   Netflow V9 logging
  100K connections per second
  20Gb/s of throughput
  Rich edge services delivery beyond CGv6
- Security, VPNs, Session Border Control
Cisco ASR 1004

IOS NAT (today) – tested ESP20/RP2


  4 million concurrent connections (PAT)
  500K connections per second
Cisco ASR 1006   max-entries all-host option
10
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Next-Gen Applications Work thru NAT444
(CRS-1 CGN testing)

iTunes
Google
Maps

Playstation
Network

Windows Live
iPhone Messenger
App
Store

Google
Talk And More…..
11
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Large Scale NAT44 (LSN44)
SP LSN NAT44

Pros Cons
•  ISPs can reclaim global IPv4 •  SP NAT results in margin &
addresses from customers, competitive implications
replacing with non-routable •  Does not solve address
private addresses and NAT
exhaust problem in the long
•  Addresses immediate IPv4 term
exhaust problem •  Sharing IPv4 addresses could
•  No change to subscriber CPE have user behavioral and
•  No IPv4 re-addressing in home liability implications
•  User control over NAT
•  Dense utilization of Public IP
address/port combinations

12
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Staying with IPv4
Other approaches not involving NAT

1.  IP-on-demand optimization


Introduce usage idle-time based
mechanism for public IPv4
address assignment. Release
addresses after idle period.
(Effectively remove always-on-
service for public IPv4)

2.  IP Address Trading


Establish market and regulation
registration mechanism
Enhance Anti IP spoofing/hijacking
technology and interdomain
routing
BGP Prefix Validation! 13
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPv4 Subnet Trading

Pros Cons
•  Valuation of IPv4 addresses •  Market may not materialize, so
may hasten IPv6 adoption by organizations hoping to benefit
encouraging sellers, perhaps may not
more than offsetting costs to
move some or all of their •  Depending on region, if RIR
network to v6 doesn’t register transfer, there
may be no routability
•  Receivers of transferred IPv4
address space can prolong •  Risk to integrity of routing
their IPv4 networks system, as RIRs no longer
authoritative for address
records. Will BGP Prefix
Validation be universally
deployed in time?
•  Even more rapid growth of
routing system

14
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Agenda

  IPv4-Exhaust Strategies & Technologies


Change is ahead
Preserving IPv4
IPv4 to IPv4 translation
Preparing for IPv6
Dual-Stack IPv4 and IPv6
IPv6-Only to IPv4-Only Translation
Dual Stack with Tunneling
Operator Approach Overview

15
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Native IPv6 and IPv4 dual stack
1.  Classic RFC 4213 solution
Logical deployment choice when one has little control over end-point
2.  In the short term deploying IPv6 in dual stack does not solve IPv4
exhaust; IPv4 shortage is expected before full deployment
Can be easily combined with NAT44 solution, while allowing IPv6
deployment ramp-up.

NAT44

IPv4 & IPv6


IPv4
Internet

IPv4-Private
IPv6-Public Home Access
Node BRAS LSN
Gateway
IPv6
Internet
16
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Internet: Native IPv6 and IPv4 dual stack
1.  Broadband PPP Access
PPP Session
Dual-stack IPv6 and IPv4 supported over a shared
PPP session with v4 and v6 NCPs running as IPv4
IPv6
ships in the night.
Should not consume extra BRAS session state nor
require Access-Node upgrades

2.  Broadband IPoE Access VLAN


Form of supporting in “session” form remains to be IPv4 Session
determined. Possibilities include. IPv6 Session

-  Two IP session model, IPv4 and IPv6 L2 Session


independent sessions.
IPv4
-  An L2 session model, IPv4 and IPv6 running on IPv6
common L2/MAC session
3.  Mobile Access
Four types of PDP/PDN contexts: PPP (legacy),
IPv4, IPv6, new “IPv4v6” (introduced in 3GPP IPv4v6 PDN
Rel 9)
IPv4
Dual-stack capable UEs are to request IPv4v6 PDN. IPv6

17
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
BNGv6 Cluster – ASR1000 and IOS XE
Nx 32K dual-stack sessions with ACL, QoS, uRPF, AAA,...

Q2 CY08 Q3 CY08 Q4 CY08 Q1 CY09 Q2 CY09 Q3 CY09 Q4 CY09 Q1 CY10 Q2 CY10 CY10
RLS1 RLS2 RLS3 RLS4 RLS5 RLS6 RLS7

2.1 2.2 2.3 2.4 2.5 2.6 3.1


H2 2010
May ‘08 Sep ’08 Mar ‘09 June ‘09 Nov ‘09 Feb ‘10 June ‘10
  IPv6 Routing   IPv6 Routing   HSRP   Lawful   Per int. neighbor   IPv6 over PPP   6PE/6VPE   IPv6 Netflow
Protocols Protocol Intercept for cache limits LNS
  IPv6 Mcast   IPv6 Rapid   ISG: IPv6 Support
Enhancement IPv6
  IPv6 over v4 support in   IPv6 over   DHCPv6-PD Deployment (6rd)
(RIP, EIGRP)   Carrier Grade NAT
GRE BGP   Global mcast PPPoEoX enhancement
  Match Proto (*,G)   IPv6 mVPN
  IPv6 MIBs   MLDv1 to SSM   Stateless DHCPv6
IPv6
joins   IPv6 BSR   IPV6 IOS FW
Feature Areas

  IPv6 uRPF   Radius support


  CoPP for IPv6
  PIM Bidir   SSH over for IPv6 attributes
  IPv6 ACL
  ISATAP IPv6 IPv6
  IPv6 PPP session
  IPv6 Multicast Tunnels
  IPv6 IPsec accounting
  High Availability   DHCPv6-PD (VTI)
  BB QOS – Model
– NSF/SSO & route insertion/
  6to4 o F & PPPoEoA
ISSU deletion on
GETVPN
VLAN   IPV6 Ready Logo
  6to4 Tunnels
  Ipvx over for ASR1K
  DHCPv6 PD v6(RFC-2473)
  Distributed   JITC/CC/FIPS
CUBE(SP) w/ H. all in
248 progress

Please refer to ASR1K IPv6 feature list on CEC for exact details. Native IPv6 IPv6 Broadband
IPv6 Tunnel IPv6 over MPLS
Available Committed Planning/ CUBE(SP) Security
Uncommitted & Services
18
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Native IPv6 and IPv4 dual stack

Pros Cons
•  Classic standard solution •  Continuing to use public IPv4
model doesn’t solve IPv4 exhaustion
•  Supports legacy (IPv4) •  IPv6 alongside existing IPv4
applications infrastructure might cost extra
in terms of opex and hardware
•  Flexible: can be combined with changes
NAT44 deployment for
addressing IPv4 exhaustion •  Some forms of dual-stack
deployments or
•  Once services are on IPv6, implementations can lead to
IPv4 can simply be double user sessions and
discontinued decreased network scalability

Dual-stack is a solution for the IP/MPLS infrastructure, not for IPv4 Exhaust.
So what are the options for broadband clients?

19
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPv6 and Large Scale AFT64
  AFT64 technology is only applicable in case where there are
IPv6 only end-points that need to talk to IPv4 only end-points.
  AFT64 for going from IPv6 to IPv4.

NAT64

IPv4
NAT Public

LSN64

IPv6
Public Serving PDNGW
eNB IPv6
Gateway
Public

1.  AFT64:= “stateful v6 to v4 translation” or “stateless translation”

See also draft-baker-behave-v4v6-framework,


draft-bagnulo-behave-nat64, draft-bagnulo-
behave-dns64, and related 20
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
AFT64 Translation Framework Terminology
1.  Stateful
Each flow creates state in the translator. Supports only IPv6 host
initiated communication
Amount of state based on O(# of translations)
N:1 mappings (like NAPT with NAT44) (1:1 Mappings are also of
course possible)

2.  Stateless
Flow DOES NOT create any state in the translator
Algorithmic operation performed on packet headers
1:1 mappings (one IPv4 address used for each translation to an IPv6
host).
For internet access public IPv4 address pool is required for each
IPv6 host.
Supports both IPv6 and IPv4 host initiated communication 21
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
AFT64 Stateful Translators
• IPv6 addresses representing
IPv4 hosts
Stateful AFT64
• “IPv4 Mapped” IPv6 Addresses
•  AFT keeps binding state between
Format is: inner IPv6 address and outer IPv4+port
PREFIX (/96):IPv4 Portion: (full cone)
(optional Suffix)
• Any IPv6 address
• NAT64 ALGs are still required

LSN IPv4 address


IPv6 announced IPv4
Public

PREFIX::
IPv6 announced in AFT64
UE IPv6 IGP

N:1 Multiple IPv6 addresses


Responsible for Synthesizing map to single IPv4
IPv4-Mapped IPv6 addresses
“A” Records with IPv4 address

“AAAA” Records with synthesized


Address: DNS64
PREFIX:IPv4 Portion
22
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
AFT64 Stateless Translators
• IPv6 addresses • IPv6 addresses representing
assigned to IPv6 hosts IPv4 hosts Stateful AFT64
• “IPv4 Translatable” IPv6 •  AFT keeps no binding state
• “IPv4 Mapped” IPv6 Addresses
addresses •  IPv6 <-> IPv4 mapping computed
• Format is: Algorithmically
• Format is: PREFIX:IPv4 Portion:(SUFFIX)
PREFIX:IPv4 Portion:(SUFFIX) • NAT64 ALGs are still required

ISP’s IPv4 LIR


address IPv4
IPv6 announced Public

0::0
IPv6 announced in Stateless
UE IPv6 IGP AFT64

1:1 Single IPv6 addresses


Responsible for Synthesizing
map to single IPv4
IPv4-Mapped IPv6 addresses
Incoming Responses: “A” Records with IPv4 address
“AAAA” Records with synthesized Outgoing Responses: “A” Records with IPv4 Portion
Address:
PREFIX:IPv4 Portion:(SUFFIX) DNS64

23
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Native IPv6 and Large Scale AFT64

Pros Cons
•  Allows IPv6 only clients access •  Technical viability of IPv6 only
to IPv4 content service (IPv6 stack not enabled
on all hosts)
•  IPv6 services and applications
offered natively to consumers •  Does not address IPv4
customer base
•  SP network runs IPv6 only,
avoiding IPv4 support costs •  ALGs required
•  Stateless technique can be •  DNS infrastructure must be
used for IPv4 to IPv6 access modified to support NAT64
•  Operations & troubleshooting of
transient issues
•  Stateful NAT has many of the
same implications as NAT44

24
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IP Tunneling
IPv4 Tunnel

IPv6 IPv6
IPv6 Tunnel

IPv4 IPv4

1.  Retains end-end IP semantics


2.  In theory requires “touching” only tunnel end-points
3.  In practice, given today’s transition from IPv4 to IPv6 the
different tunneling approaches represent different transition
philosophies and strategies:
Fast v6 deployment: IPv6 Services and IPv6 end-point enablement (IPv6
over IPv4 using 6rd)
Long-term v4 migration: IPv4 Services using an IPv6 transport (IPv4 over
IPv6 using DS-Lite)

25
Source: RFC3439
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IP Tunneling
IPv6 in IPv4 – Why?
  Deployment of fully native IPv6 affects numerous system
components, aka “touch points” NMS/Addressing
AAA/DHCP • IPv6 Parameters
• DHCPv6

IPv6 IPv4
L2

RG Access
Node BNG

User RG Access Node Aggregation Aggregation Core


• OS v6 Stack • IPv6 LAN •  DHCPv6 snooping • ICMPv6 snooping • IPv6 Stack • IPv6 Routing
• IPv6 WAN •  ICMPv6 snooping • IPv6 NMS • IPv6 PE/VPE
• IPv6 NMS •  IPv6 NMS • IPv6 Routing
•  IPv6 Security • IPv6 NMS
  Some are more challenging or deferrable than others Eg IPv6
upgrade of Access Node
  Tunneling IPv6 over existing IPv4 infrastructure provides a transition
solution with minimal number of “touch points”
26
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
IPv6 Rapid Deployment (6rd) – IPv6 in IPv4
1.  A form of v6/v4 which traverses v4 aggregation clouds
2.  http://tools.ietf.org/html/draft-ietf-softwire-ipv6-6rd-02 (RFC 5569)
For IPv6 traffic destined for the Home, the 6rd Relay pulls the
RG’s IPv4 from within the destination IPv6 address

For IPv6 traffic destined to a same 6rd Relay


SP 6rd user, the RG uses directly
the target IPv4 tunnel endpoint
pulled from the destination IPv6
address

RG IPv4 Address
6rd CPE
Residence’s IPv6 Subnet is constructed from:
ISP’s IPv6 Prefix + RG IPv4 Address + SLA
/64 /128

For IPv6 traffic destined to the backbone, the RG uses the destination IPv4 of the 6rd Relay.

27
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
IPv6 Rapid Deployment (6rd) - 6rd Prefix Delegation
(From a Private IPv4 Prefix)

6rd
IPv6
Prefix
 Customer
IPv6
Prefix


Subnet-
2011:1000 1.1.1
ID Interface ID

0 32 56 64
In this example, the
6rd Prefix is /32

Customer’s
IPv4
prefix,
without
the
“10.”
(24
bits)


Any number of bits may be masked off, as long as they are common for
the entire domain. This is very convienent when deploying with a CGSE ,
but is equally applicable to aggregated global IPv4 space.

28
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
IPv6 Rapid Deployment (6rd) - Packet Flow and Encapsulation

6rd 6rd
IPv4 + IPv6

IPv4 + IPv6
IPv4 + IPv6
IPv4 + IPv6 Core /
6rd Border
CE Relays Internet

IPv4

THEN Encap in
IF 6rd IPv6 IPv4 with
Prefix Positive
embedded
Match address

Dest = Inside 6rd Domain 2001:100 8101:0101 Interface ID

ELSE (6rd IPv6 ENCAP with BR


Prefix Negative IPv4 Anycast
Match) Address

IPv6 Dest = Outside 6rd


“Not 2001:100…” Interface ID
Domain
29
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
IPv6 Rapid Deployment (6rd) – IPv6 in IPv4

Pros Cons
•  It enables a v6 service to a routed CPE •  Continuing to use public IPv4
user doesn’t solve IPv4 exhaustion.
•  IPv6 can traverse existing IPv4 Solution may need to be combined
infrastructure. No new access CAPEX with NAT44.
to enable v6.
•  Doesn’t currently support IPv6
•  Derives IPv6 from IPv4 addresses, multicast
eliminating need for much of IPv6 OSS
•  Efficient local routing of user-user
•  Extra encapsulation overhead
traffic
•  Stateless = easier to scale & operate
•  Easily combined with NAT44 to solve
IPv4x. In this mode dual stack
•  Makes operational models of v4 and v6
similar

30
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
Dual Stack Lite – IPv4 in IPv6
1.  Tunneling IPv4 using IPv6 transport.
2.  Two common options allowed by:
http://tools.ietf.org/html/draft-ietf-softwire-dual-stack-lite-02
3.  Dual-stack Lite with NAT44
Tunnel from CPE is to a LSN NAT44 device.
LSN NAT44 is stateful. No CPE NAT44
NAT44 or A+P
4.  Dual-stack Lite Address+Port (A+P) Routing
Tunnel is between CPE and A+P Router
CPE is doing port restricted NAT44 CMTS

CPE

31
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
Dual Stack Lite – LSN44
IPv6-only AAA
and/or DHCP
ds-lite
NAT

IPv4-Private + IPv6
Route
IPv6 + IPv4
Dual Stack IPv6 IPv4-Public
Customer IPv6 DS-Lite
CMTS/BNG
CPE LSN44
(IPv6)

  CPE configuration.
1.  ISP IPv6 Prefix (DHCPv6 or SLAAC assigned)
2.  DS-Lite Tunnel Gateway address (IPv6)
3.  CPE has a dummy IPv4 address (eg 0.0.0.1). NAT44 is disabled
  All user sourced IPv4 traffic is routed by the CPE onto point-point ds-lite IPv6 tunnel
towards LSN
  LSN44 performs NAT44 function on each subscriber’s IPv6 tunnel.

32
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
Dual Stack Lite – A+P
DHCPv6
and DHCPv4
ds-lite
+PNAT44

IPv4-Private + IPv6 NAT IPv6 + IPv4


Dual Stack Same IPv4
IPv6 IPv4-Public
Customer
address
but different CMTS/BNG
port range (IPv6)
NAT DS-Lite
IPv4-Private + IPv6 A+P
Dual Stack Router
CPE
Customer

  CPE configuration.
1.  ISP IPv6 Prefix (DHCPv6 or SLAAC assigned)
2.  DS-Lite Tunnel Gateway address (IPv6)
3.  CPE is dynamically assigned a public IPv4 address and a restricted range of
IPv4 ports. Port restricted NAT44 is enabled.
  All user sourced IPv4 traffic is NAT’ed by the CPE into the restricted IPv4 port space
and passed onto IPv6 tunnel
  A+P Router performs per user IPv4 port range routing.
33
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tunneling
Dual Stack Lite – IPv4 in IPv6

Pros Cons
•  In theory: Single IPv6 stack •  In practice: Operation of IPv4
network operation streamlined stack in the network will still
by limited exposure to IPv4 continue…
•  Consumers can transition from •  …And it will need to change
IPv4 to IPv6 without being due to IPv6.
aware of any differences in the
protocols •  Requires full IPv6 production
grade network. Works well for
•  “A+P” model retains user those already there
control of NAT44
•  “LSN44” Model has remaining
drawbacks of NAT44 model
•  “A+P” model likely to have
lower address saving
characteristics

34
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IPv4 Exhaust Technologies Summary
NAT44 Dual Stack NAT64 6RD Tunneling DS-Lite Tunneling
IPv4 Depletion
Yes
Yes
Yes
Yes
Yes

Countermeasure
Depends on
Full IPv6. IPv4 Full IPv6. IPv4
whether IPv6 is
depends on the Yes/No : stateless/ depends on the
Scalability Limited deployed to the
number of IPv4 stateful number of IPv4
end-points and
addresses or NAT44 addresses or NAT44
NAT44

IPv6 Support No Yes


Yes
Yes
Yes

Coexistence with IPv6 Yes


Yes
Yes
Yes
Yes

Operational complexity Moderate Low Moderate Low High


Troubleshooting complexity Moderate Low Moderate Moderate High
IPv4 NAT when connecting to
Yes
No Yes
No Yes

server scalability concerns
Yes (with stateful
IPv6 NAT when connecting to
No No NAT). No With No No
server scalability concerns
stateless
CPE Changes No Yes
Yes
Yes
Yes

SP NAT ALG support Limited No Yes
No Limited

Phase-in (for the existing H1 2010: CRS Available Now. H1 2010: ASR1K
CRS, ASR1K
CRS, ASR1K

IPv4 infrastructure) H2 2010: ASR1K BNGv6: ASR1K H2 2010: CRS

35
Presentation_ID Cisco CRS – CGSE module
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco ASR1000
Agenda

  IPv4-Exhaust Strategies & Technologies


Change is Ahead
Preserving IPv4
IPv4 to IPv4 translation
Preparing for IPv6
Dual-Stack IPv4 and IPv6
IPv6-Only to IPv4-Only Translation
Dual Stack with Tunneling
Operator Approach Overview

36
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Recent IPv6 Success Stories…
1.  NREN’s
CERNET2: 100 universities connected IPv6-only
2.  Japanese Service Providers
government supported, on-net IPv6 Voice and IPv6 Video
3.  Free Telecom in France
Nov 7, 2007 – “6rd” presented, decided to deploy
Nov 10, 2007 – RIPE v6 prefix got, CRS-1 core configured for dual-stack, 6RD
RG/BR prototype built
Dec 11, 2007 - “Opt-in” service made available to 3M subscribers, 250K sign up
right away
March 2008 – Deployed “telesite” IPv6-only service to all 3M subs
4.  Google over IPv6
Dec 5, 2007 – Challenged to deploy IPv6 by IETF 73
Jan 2008 – First production IPv6 router
Oct 2008 – First “trusted tester” receives AAAA for www.google.com
Nov 16, 2008 – Challenge met at IETF 73 37
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Japanese IPv6
ASR1000 in Distributed Integrated Service Edge:
Internet Access (IPv4 – BB, LAC, PPPoE)
Voice & Video Telephony (IPv4/IPv6 – SBC)
IPTV VoD (IPv6 – SBC, HDTV)
IPTV TV (IPv6 – Multicast, SD/HD)
VoIP B’cast TV Video Conf VOD

Diameter
….

Gq’
RACS Applications

H.248
Control
Residence IPv4 / IPv6 Dual Core ASR1K
LNS

Content
ONT GE-PON OLT MGW POTS Servers
CPE
Access SW ASR1K
FTTH

SBC VoIP Operators


Access SW ASR1K

•  LAC, DHCP Relay, SBC DBE


•  Multicast Replication
•  Single VLAN per subscriber
•  Sophisticated QoS Model to support
multiple services per subscriber 38
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
IP-STB Freebox Freebox
ADSL DSLAM

Up to 24Mbit/s

IPv4 only 6RD


access & Gateway
aggregation
IP-STB Freebox network IPv6
ADSL
Internet

Cat6500 CRS-1
Freebox
DSLAM IPv4 / IPv6
core network
Cat6500
IP-STB Freebox
FTTH CRS-1 IPv4
100 Mbit/s
Internet
IPv4 / IPv6
access &
Cat4500 aggregation
FTTH Access network

Native IPv6
IPv6 encapsulated in 6RD

39 39
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
USA – Wireline Operator
LSN44 + 6rd
• Agg1 & Agg2
Subscriber VLAN termination. L2 security. IPv4 snooping
•  Routed IPv6 6rd and IPv4 NAT CPE VPLS
Private IPv4 address. Global IPv6. IP v4 routing (unicast and multicast). IPv4 PBR.
Multicast: IPv4 only now DHCP v4 relay.
•  Access Node: • IP Agg
1:1 VLAN to UNI IPv6 and v4 routing.
IPv4 IGMP snooping for multicast Local service injection (VoD, etc). Internet access.
DHCPv4 Option 82 insertion Carrier Grade NAT44
Routed CPE 6rd Border Router
Non dot1Q
Trunk
IP
UNI
HSI/VoIP

IPv4
IPv4 & IPv6
STB VPLS (no split IPv4 NAT
MCast TV horizon 44 Backbone
dot1Q downstream)
Routed CPE
Non IPv6
Trunk 6rd
UNI
IP
HSI/VoIP IPv4
IGMP
dot1Q PIM-SSM

STB

40
Subscriber AN Agg1 Agg2 IP Agg
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
USA – Cable Operator

1.  IPv6 enabled D3.0 CMTS and CPE


2.  IPv6 initially used only for CM management
3.  CPE originated ds-lite IPv4inIPv6 tunnel to LSN44

CPE-to-LSN
DS-lite
CRS-1
C7609

IP/ IP/MPLS
D3
MPLS LSN D3 modem Home
G/W
CRS-1 CRS-1 M-CMTS

Backbone Network Regional Area Network Access Hub Access Home

41
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
CE Telecom – Introduction of IPv6 extension for HSI service
2 Phase Approach

Phase A – IPv6 Connected Devices


  Trial phase
  IPv6 access behind an IPv4 RG
  Basic IPv6 connectivity to very limited endpoints / home
  Separated PPPoE session initiated
from the PC for IPv6 connectivity
  PCs use IPoE for IPv4 based communication
  All the IPv6 traffic is tunneled to centralized IPv6 BNGs

Phase B – IPv6 Connected Homes


  Commercial phase
  IPv6 through an IPv4 / IPv6 capable dual-stack RG
  IPv6 connectivity
  Single PPPoE session initiated from the RG
  IPoE based connection to the PC(s) for both protocols
  ISP network devices are dual-stacked as needed

  Smooth transition / Phase A and Phase B solutions can coexist.

Networkers 2010 - ITMCCS-1896


Key Takeaway – No one size fits all
Multiple technology adoption scenarios

IPv4 address pool IPv6 Internet


IPv6 enabled (IPv6 only transport
endpoints exhausted
viable from a market
IPv4 enabled New end-systems deployment (handset/RG) perspective)
endpoints
IPv6 only endpoints
Dual-Stack technically viable
deployment
NAT64

6rd introduction NAT46


Large Scale NAT
(LSN) introduction

time

  Preserve IPv4, Prepare and Prosper with IPv6


  Cisco offers a comprehensive technology toolset to enable the
IPv6 transition– Cisco’s Carrier-Grade IPv6 Solution (CGv6)

43
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
44
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential