IPv6 Transition for Service Providers

• Top of Mind
• IPv6 Transition Technology Observations
• IPv6 Transition Architecture Models
• Final Thoughts
• References


• IPv4 Run-Out has happened. We are done.
• Post run-out surge of interest in IPv4 address
sharing solutions
• Running code and TTM is back in
Its new and we need to try it out in networks
• Stateful vs Stateless Non-Debate
• Everybody suddenly (finally) cares about IPv6 


• Before Run-Out lots of serious/thoughtful examination and
action on problem space and potential solutions. Examples:
6rd vs DS-Lite vs Dual-Stack
LI and security implications of IPv4 address sharing
accelerated testing/certification of IPv4/IPv6 interworking solutions for
2012 deployment readiness
Considering CGN deployment to buy time
• Post Run-Out
Jack Bauer: “You’re running out of time.
You don’t have a better option”


• Must keep IPv4 “Going and Growing”
Pays the bills, keeps customers happy and funds IPv6 transition
IPv6 uptake still small
• ONOS (One Network One Stack) Model Emerging? Maybe …
• IPv4 Address Sharing Logging Challenges
• Routing to/from IPv4 address sharing vehicle
• MPLS and IPv6


Costs to Operator

Time

1. Support IPv4 connectivity to the public IPv4
Internet in the post-IPv4 Run-Out World

2. Facilitate IPv6 Transition


• Performance/Scale are paramount for Stateful IPv4 Address
Sharing, period.
• Need to give IPv4 clients a “straight shot” to the public IPv4
Internet
Native IPv4, CGN and Dual-Stack do this. Others not quite ready, yet.
• Too hung up on “end-game”. Think evolution from
Current  IPv6 …
• BEHAVE Solutions bring native IPv6 out of the closet – they
can talk to the public IPv4 Internet

DS-Lite
• Mux N number of subscriber sessions AFTR
Stateful
thru fewer public IPv4 addresses (N:1 CGN CGN NAT64
address sharing)
• Create/delete session state composed
of binding entries in table stored in
memory IPv4 IPv6 IPv6

• Common (and necessary) technology
deployed over different timelines in the
NAT44 B4
IPv6 transition epoch

© 2010 Cisco and/or its affiliates. All rights reserved. v4 v4 v4 V4/6 v6 v6
Cisco Confidential 10

Attribute CGN (NAT44) DS-Lite AFTR (NAT44) Stateful NAT64

Subscribers IPv4 IPv4 via 4over6 tunnel IPv6

Deployment Status Yes, BB wireline & Early adoptor – BB wireline Early adoptor - Mobile
mobile
IPv6 N/A Yes natively routed Yes – translate to v4 or natively
routed
Logging Yes Yes Yes

Inside routing to IPv4 routing or MPLS v6 tunnels to AFTR from B4 V6 routing based on XLAT
switching prefix
Dynamic Yes – PCP Yes – PCP Yes – PCP
subscriber control
Standard RFC4787, 5382, 5508 draft-ietf-softwire-dual- RFC6146, 6147
draft-ietf-behave-lsn- stack-lite
requirements

• Big NAT is better than smaller NAT. Key metrics CGN
are: Smaller
NAT entities
O(10s of millions of session states)

NAT44
NAT44

NAT44

NAT44
O(10Gs of tput)
O(1M conn setups/sec)
NAT session logging
Factor in growth & b/w per subscriber

• Significant costs to deploying under-sized IPv4
Composite
address sharing vehicle in large networks
Smaller
• CANNOT impact data-plane or control plane NAT CGN
performance and scale of host router/switch $$

NAT scale requirement

Thruput

Session
Session Setups/sec V4 Addr
Sharing States
Resource Pool

Logging


• Really want to avoid. Reasons are numerous:
Regulatory pushback if SP’s modify OTT apps using ALGs
Protocols becoming encrypted
Many apps already do NAT traversal without ALG
SP-provided services already sourced from private network thus never passing
thru CGN
Existence and deployment of NAT traversal mechanisms
Operational cost/complexity of supporting CGN ALGs for O(thousands) of
private IP subscribers … some of whom might need different versions of an
ALG depending upon the application

• Can’t avoid some
ActiveFTP
RTSPv1 for Mobile

• Not needed or desired. SBC performs media-latching

© 2010 Cisco and/or its affiliates. All rights reserved. Source: draft-metz-cgn-considered-helpful

Dynamic Port Creat Event
(bytes) 21
Dynamic Port Delete Event
(bytes) 11
Number of Translations per
Day per Subscriber 8000
Number of Days per Year 365
Number of Subscribers 1000000
Compression Rate 8.2

Total NAT Log Bytes (includes
DB overhead) 1.8688E+14
Total NAT Log Terabytes 186.88
Total NAT Log Terabytes
Compressed 22.79

• Stateful Sync
Cost/complexity to sync gazzillions of short-lived ephemeral session states??
More straightforward to focus on fast hardware switchover and fast IP convergence

• Will address Static Port Forwarding issue with PCP (applicable to IPv6
too); draft-ietf-pcp-base
• Response to NAT444 impacts draft @ http://www.ietf.org/mail-
archive/web/behave/current/msg09027.html


• Translation is not new
• Other transition methods do not apply
Dual-stack not feasible or desirable
Tunnels only enable IPv6-only connectivity (e.g. “like-to-like across un-
like”)
We need IPv6-only talking to IPv4-only (e.g. “like to unlike”)

• Encourages IPv6 deployments
Hosts/applications not confined to just IPv6-only communication – can
talk to IPv4 networks including public IPv4 Internet!!
• Addresses IPv4 run-out


Stateful NAT64 Stateless NAT64
• Each flow creates state in the • Flow DOES NOT create any
translator state in the translator
• Amount of state based on O(# of • Algorithmic operation performed
sub * # of sessions/sub) on packet headers
• Supports IPv4 Address Sharing (N:1 • NO IPv4 address sharing
mappings like NAPT with NAT44) 1:1 mappings – consumes one IPv4
address for each connected IPv6 host)
• Requires symmetric packet flow (like
NAT44) • Asymmetric packet flow
• RFC6052, 6144, 6146, 6147 • RFC6052, 6144, 6145, 6147

stateful stateless
IPv4
IPv6
1. Network Internet

2. IPv4 IPv6
Internet Network

3. IPv6 IPv4
Internet Network

4. IPv4 IPv6
Network
Internet

5. IPv6 IPv4
Network Network

6. IPv4 IPv6
Network Network

• 6to4
6to4
Stateless 6-over-4 encap using WK
2002::/16 prefix IPv6
IPv4 Internet Internet
Public IPv4 only
Asymmetric routing problem
6rd BR LNS
• 6rd
Stateless 6-over-4 encap using SP
IPv6 prefix Public/ Public/
Public
Works over public/private IPv4 Private Private
IPv4
IPv4 IPv4
RFC5969
6to4 6rd LAC
• Softwires H/S
RFC5571; uses L2TPv2/IPv4 infra
© 2010 Cisco and/or its affiliates. All rights reserved. v4 V4/6 v4 V4/6 v4 V4/6

• Softwires H/S
RFC5571; leverages L2TPv2/IPv6 infra
IPv4 Internet
• Dual-Stack Lite
4over6 tunnels terminate in CGN DS-Lite
AFTR
NAT44 on AFTR
CGN+
LNS 4ov6 TC 4rd
Stateful IPv4 address sharing
• 4rd
Stateless IPv4-over-IPv6 tunnel
encap/decap IPv6 IPv6 IPv6
Can do stateless IPv4 address sharing
by allocating per-CPE port ranges
LAC B4 4rd
CPE does NAT44+4rd encap/decap
draft-despres-intarea-4rd-xx
© 2010 Cisco and/or its affiliates. All rights reserved.
v4 V4/6 v4 V4/6 v4 V4/6 Cisco Confidential 23

• Stateful Advantages • Stateless Advantages
No IPv6 addressing constraints It scales, routing is asymmetric, much simpler to
code and test, can load share and do anycast
Optimal IPv4 address sharing
routing
Subscriber and/or session aware
Robust and resilient
CGN is classic example
6rd over anycast IPv4 is classic example
• Stateful Disadvantages
• Stateless Disadvantages
Complexity and scalability challenges
Imposes IPv6 addressing constraints
More work to code and test
Sub-optimal wrt to IPv4 address sharing
Requires symmetric routing
4rd is example
Resiliency comes at a cost
CGN is classic example


1. Determine IPv4 run-out impact on your network
2. Execute plan to keep IPv4 going
3. Determine where/when/how to introduce IPv6 and execute

3.

IPv6 6rd 6rd Dual Dual
+ Stack Stack
IPv4 Address CGN +
Run-Out. CGN
2.
2/1/2011 IPv4 Address Sharing
What next? Solutions (e.g. CGN)
IPv4

1. Obtain IPv4 Addresses


Public Public
IPv6
IPv4 Internet Internet

IPv4 and IPv6 Packets

IPv4/IPv6 Backbone (P and PE)
Infrastructure
Network

• Deploy now to IPv6-enable the backbone

• Dual-Stack or 6PE/6vPE

CPE
• Prerequisite for launching IPv6
connectivity and services to
Dual-Stack IPv6
adjacent customer address realms
Customers
V4/6 v6

2011 2012 2013 2014 2015

Public
IPv4 Internet

IPv4/IPv6 Backbone
Infrastructure

• Deployed now to address IPv4 run-out
Network

CGN
• CPE, access network and home network stay IPv4
(for the time being)
Public
IPv4

Private
IPv4 • Precursor for SP-class IPv4 Address
Sharing solutions (e.g. DS-Lite AFTR, Stateful
NAT44 Any RG NAT64)
Staging point for additional IPv6 Transition services
Customers
and apps
v4 v4 v4 v4 v4

2011 2012 2013 2014 2015


Public
IPv4 Internet
Public
IPv6
Internet

IPv4/IPv6 Backbone
• Deployed now to enable IPv6
subscriber connectivity over existing
Infrastructure

CGN 6rd
Network

IPv4 access network.
• New CPE and border relay needed,
Public

everything else stays the same
IPv4

Private
IPv4 • Integrated with CGN or operate in
6rd
standalone
NAT44 CE*
• Broad RG vendor support
• RFC5969
Customers v4 v4 v4 v4 V4/6

2011 2012 2013 2014 2015


Public
Public IPv6
Internet
IPv4 Internet

IPv4/IPv6 Backbone •DS-Lite offers same customer
service as CGN +6rd (already
Infrastructure

CGN deployed)
Network

CGN+6rd AFTR
•Requires IPv6 build-out & CPE B4
element
Private IPv6 •Not quite operationally ready –
IPv4 consider interim step towards DS-
NAT44 6rd
Lite
B4

Customers v4 V4/6 v4 V4/6

2011 2012 2013 2014 2015


Public
Public IPv6 Internet
IPv4 Internet

IPv4/IPv6 Backbone
Infrastructure
Network

CGN + 4/6–type
Solutions
NAT64

Small IPv6
Dual-Stack

Dual-Stack
Public
IPv4

Private
IPv4 Big IPv6

4/6

Host
Stack
v4 v4 v4 v4 V4/6 V4/6 v6 v4 V4/6 v6 v6 v6 v6 v6 v6

2011
© 2010 Cisco and/or its affiliates. All rights reserved.
2013 2014 2015

• Based on what has and is being deployed in real networks
as we speak
Placeholder for additional solutions that will be operationally
ready beginning next year
• Note that there is not one size that fit’s all
• Looking at:
Composite BB residential space
Mobile
Enterprise

• Recalling the problem statement it is about keeping the IPv4
lights on while adding IPv6 at low-risk and incremental cost


• 3GPP Pre-Release 8 required separate parallel v4 and v6 PDP contexts
to be established between mobile node and gateway
• Release 8 and onward supports single PDN connection carrying v4 and
v6 payloads


• Absent v6 PDP support , how about leveraging 6rd tunneling from MN to
BR for IPv6 Internet connectivity?


• Native IPv6 PDP from handset to gateway
> 50% of traffic bound for GOOG IPv6; rest goes thru NAT64 to public IPv4
Internet
Obvious NAT64 exit strategy is present

© 2010 Cisco and/or its affiliates. All rights reserved. Source: Cameron Byrne

• Whole IPv6 Transition Space is “White Hot” at the moment 
• No more IPv4 addresses and our choices are limited 

• Entering the Age of the Big IPv4 Address Sharing Vehicles on the
Internet
Don’t be afraid, they will work … and they are not permanent because IPv6 is
cheaper in the long run
Help keep the IPv4 Internet “going and growing” and a tool for IPv6 Transition
Performance/scale is key essential along with investment/future protection
Operators already asking for 80G solution

• Backbone is covered and mix of dual-stack or v6-over-v4 tunnels to
customer networks is feasible right now, v4-over-v6 tunnels coming later
• Need stateful and stateless transition mechanisms but factor in
tradeoffs when evaluating options


• IPv6 Transition includes equal parts IPv6 (looking forward) and IPv4 (glancing
back)
• Implicit is the assumption of dual-stack on IP end-points. Think about it:
Dual Stack Tax on the operator
Stalls IPv6 adoption? When does IPv4 go away? Ever?
Unhappy Eyeballs generating helpdesk calls from unsophisticated future ex-customers
• One Network One Stack strategy says
Private IPv4  IPv6, bypass dual-stack and collect $200
NAT64/DNS64 moves into cloud with inherent exit strategy
Operator now dealing with one network, one stack, a translator and … sound familiar?


• Old Thinking: “We need less tools and more
transitioning” – Lars Eggert, IETF76

• New Thinking: “IPv6 Transition is code for legacy
IPv4 into perpetuity. IPv6, let’s get it on !!” –
aggregated paraphrase from nanog thread


• All kidding aside we are all in this
together
• We will make it work and out of it will
emerge a faster, cleaner, better Internet
• chmetz@cisco.com


• http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_14-1/index.html

• Metz, et al., “CGN Considered Helpful”, draft-metz-cgn-considered-helpful

• http://www.circleid.com/posts/ipv6_and_transitional_myths/

• https://datatracker.ietf.org/doc/draft-ietf-softwire-dual-stack-lite/

• http://tools.ietf.org/html/draft-arkko-ipv6-transition-guidelines

• http://tools.ietf.org/html/draft-arkko-ipv6-only-experience

• http://www.ietf.org/proceedings/79/slides/plenaryt-9.pdf

• https://datatracker.ietf.org/doc/draft-wing-tsvwg-happy-eyeballs-sctp/

• http://tools.ietf.org/html/rfc5969

• http://tools.ietf.org/html/draft-ford-shared-addressing-issues-02

• http://tools.ietf.org/html/draft-operators-softwire-stateless-4v6-motivation-01


#CNSF2011

Thank you.

#CNSF2011

IPv6 Transition for Service Providers

Recommended

Recommended

More Related Content

More from Cisco Canada

More from Cisco Canada (20)

Recently uploaded

Recently uploaded (20)

IPv6 Transition for Service Providers