Today's Internet faces severe challenges including: * IPv4 address exhaustion * explosion of BGP tables and IP routing tables * exponential traffic growth (which might not be a problem after all)

1. Upcoming Internet challenges Ivan Pepelnjak (ip@nil.com)NIL Data Communications

2. The big three (from my perspective) IPv4 address exhaustion Routing table explosion Traffic growth (or maybe not) Business model failures

3. IPv4 address exhaustion Source: IPv4 address report (Geoff Huston, www.potaroo.net)

4. IPv4 address exhaustion: solutions Walled gardens NAT444 DS-Lite/A+P IPv6

5. IPv4-only NAT options CPE CPE Baseline:NAT44 RFC1918 IPv4 ProviderPrivate IPv4 Internet IPv4 Internet IPv4 Internet Walled garden NAT44 IPv4 RFC1918 LSN CGN/LSN NAT444 RFC1918 LSN

6. NAT options: DS-Lite or A+P CPE B4 DS-Lite RFC1918 AFTR IPv4 Internet IPv4 Internet IPv6 IPv6 A+P RFC1918 AFTR DS-Lite: B4 is a smart bridge AFTR does NAT44 A+P: B4 is a NAT CPE AFTR allocates IP address + port range to B4

7. NAT-less IPv4 4ever AFTR IPv4 Internet IPv6 A+P on the host Native IPv6 for transport only Tunnel from host to AFTR ~ 100x increase in address utilization No need for public IPv6 deployment ... until we colonize the solar system

9. Simple P2P session setup

11. Requests to server come from public IP address

13. Requires outbound session setup

14. P2P applications with NAT are a nightmare

15. End-to-end connectivity might not be possible

17. Longer addresses, new routing protocols, some other changes in L2/L3 protocols

19. IPv6 adoption: the unpleasant reality IPv6 adoption [%] IPv6-onlyclients? NAT and RFC 1918 IPv6 pilots Time [years] Early adopters 15 yearswasted IPv4 addressexhaustion

20. Enterprise customer connectivity  IPv6 customer IPv4+IPv6/MPLS core   Easy deployment: IPv6 edge is on the PE routers (no IPv6 support needed on access switches) IPv6 over MPLS (6PE) or native IPv6 in the core IPv6 over MPLS/VPN (6VPE) for L3 VPN services Caveats: Native IPv6 switching performance (PE routers or the whole core) Packet filters Keep IPv4 in the SP management plane

21. Content hosting IPv6 core ? ? ? Various levels of IPv6 support on: Network-level firewalls Web application firewalls Load balancers Additional issues: Coping with partial IPv6 connectivity Application issues: Legacy operating systems and web servers? Incoming IPv6 session support? IP address handling in logs and back-end databases?

22. Residential (consumer) Internet ? ? ? IPv4+IPv6/MPLS core ? ? ?  ? Common issues: IPv6 support in CPE equipment IPv6 multicast support IPv6 on 3play devices IPv6-to-IPv4 translation Consumer awareness Legacy operating systems Mobile networks Only Nokia is IPv6-ready DSL issues IPv6CP support on CPE devices Carrier Ethernet issues DHCPv6 support on CPE devices DHCPv6 and RA guard on the switches

23. Routing Table Explosion Main caveats: Careless/clueless Service Providers Multihoming Traffic engineering IPv4 address space fragmentation Why is it bad? CRS/GSR/7600 memory is expensive High-end devices & TCAM not on Moore Law curve BGP no longer reaches steady-state

24. The biggest offenders Source: CIDR report (Geoff Huston, www.cidr-report.org) Potential “reasons” Blind & stupid redistribution Address space protection Traffic engineering

25. Traffic Engineering with BGP Upstream ISP #1 Customer AS ½ PI PI > /24 Upstream ISP #2 ½ PI

26. Multihoming Upstream ISP #1 Customer AS PI PI prefix Commercial reasons Cheapest way to redundancy Offload your costs to the community No pollution tax Technical reasons Broken protocol stack Broken socket API IPv6 is not a solution(yet another urban legend) Upstream ISP #2 PI

27. Broken protocol stack Application Application Application DNS Presentation Session Transport Transport TCP UDP Network Internet IPv4 IPv6 Data-link Link layer Other people’s problems Physical ISO/OSI IETF IETF implementation Session layer is missing Application sessions established between IP addresses DNS is an optional add-on application

28. Broken Socket API conn = Network.Connect("example.com","http") TBD Ideal conn = new Socket("example.com",80) Java OK memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; error = getaddrinfo("example.com", "http", &hints, &res0); if (error) { errx(1, "%s", gai_strerror(error)); } s = -1; for (res = res0; res; res = res->ai_next) { s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (s < 0) { cause = "socket"; continue; } if (connect(s, res->ai_addr, res->ai_addrlen) < 0) { cause = "connect"; close(s); s = -1; continue; } break; /* okay we got one */ } if (s < 0) { err(1, "%s", cause); } Socket API Broken

29. Proposed fixes SCTP New transport protocol Supports multihoming & streams LISP Global directory-driven mGRE/NHRP-like solution shim6 Add-on for TCP over IPv6 HIP Replaces IP address with signed host identifiers Application SCTP HIP TCP UDP shim6 IPv4 IPv6 LISP Other people’s problems IETF implementation

30. IPv6 will make matters worse IPv6 does not solve multihoming/TE issues Even more PI prefixes than in IPv4 Each prefix requires 4x more memory RS_AS6730>show ipbgp summary | include memory 327801 network entries using 33107901 bytes of memory 964287 path entries using 46285776 bytes of memory 98182 BGP path attribute entries using 5498864 bytes of memory 226 BGP rrinfo entries using 5424 bytes of memory 62132 BGP AS-PATH entries using 1583924 bytes of memory 52 BGP community entries using 1526 bytes of memory 203729 BGP route-map cache entries using 6519328 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 93002743 total bytes of memory RS_AS6730>show proc mem | include Process|BGP PID TTY Allocated Freed Holding GetbufsRetbufs Process 119 0 4287871096 23691312 213522288 0 0 BGP Router 120 0 14954976 0 6856 0 0 BGP I/O 121 0 23432 1550080 32680 0 0 BGP Scanner

31. Traffic explosion – is it a problem? Facts HDTV over access networks is a reality Proven technology is available It’s just a commercial question Considerations How much bandwidth do we really need? What’s the killer application? Source: monitoring of 20 Mbps residential Internet link Long-term average: 170 kbps

32. More information Webinars: http://www.ioshints.info Market trends in Service Provider networks Enterprise IPv6 deployment Presentations: http://www.slideshare.net/ioshints NAT64 and DNS64 in 30 minutes Blog posts: http://blog.ioshints.info Articles: Ivan Pepelnjak on SearchTelecom @ ioshints.info