Um ihren Kunden den Zugang zum IPv6 Internet zu ermöglichen, hat Swisscom den 6rd Mechanismus gewählt. Der Vortrag gibt einen Überblick zur Funktionsweise von 6rd und über den geplanten Dienst.
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
1. IPv6 @ Swisscom
Martin Gysi, 8.6.2011
Senior Network Development Engineer,
IPv6 Strategy Swisscom
Public
2. The question „will IPv6 ever by widely deployed?“ is no
longer open.
The answer is a clear „yes“. 2
• Google, Facebook are accessible using IPv6
• Free.fr has 500„000 IPv6-enabled customers (which makes it the
largest IPv6 ISP in the world)
• Most major Telcos have stated that they are now starting to deploy
real IPv6 services. Most will do so in 2011/2012
• And yes, IPv4 addresses will become scarce real soon… But that‟s
another story…
3. The driver for IPv6 is the lack of IPv4 addresses.
But IPv6 does not solve the IPv4 address shortage
problem 3
• IPv6 is not compatible to IPv4. So IPv4 must continue to be operated
• IPv4 addresses can be saved by using them more efficiently, or by
deploying NAT inside the carrier„s network (NAT44, CGN). Drives
complexity and costs short term fix.
• IPv6 is not the short term solution. But in the long run it„s the only way
to continue the Internet as we know it today.
Medium term strategy:
IPv4 address depletion
IPv6 migration
Action plan:
Short term fix:
End-to-end
NAT44 deployment IPv6 deployment
• IPv6 does not replace IPv4, it„s added in parallel to it „Dual Stack“
4. Our IPv6 policy:
We enable our customers to access the IPv6
Internet, and we offer our services to the IPv6
Internet 4
• External communication (aka Internet) will need IPv6 first. Gartner
recommends that enterprises establish an IPv6 Internet presence in the 2012
to 2015 time frame.
• Internal networks and services can remain IPv4 on the longer term
• Swisscom is currently analyzing all its services, to identify the steps required
for introducing IPv6, and is working out a detailed roll-out plan
– Entire IT tool chain: order entry, service fulfillment and assurance, billing
– Network elements (routers, firewalls, load-balancers…) and platforms
– Regulatory aspects, such as lawful intercept
– Security, both from Swisscom‟s and our customer‟s point of view
– Product integration (part of the standard offering or option, …)
– Customer experience
– Impact on operations, training of staff
• About to launch IPv6 for residential wireline Internet access:
5. So, what are we doing right now?
IPv6 @ Swisscom 5
• IP-plus backbone is fully dual-stack, IP-plus business Internet access
is available with native IPv6.
• IPv6 in our mobile network. Works in the lab, are now expanding from
there into the IT systems (RADIUS, User Databases (HLR), Mobile
Proxy, Billing, etc.) and into the radio access network.
– The few handsets that support IPv6 cannot operate Dual Stack.
IPv6 only is not interesting for most people
– LTE Rel. 8 / 3G Rel. 9 defines a Dual Stack PDP context.
– Newest chipsets support PDPv4v6, so the handset situation will
improve.
• More labs for broadband access and datacenter environments. Gives
those engineers and sysadmins something to learn from!
• We‟ll launch IPv6 for residential Internet access this year
6. What is required for an IPv6 Internet Access Service?
Complex infrastructure is barrier to cost-efficient IPv6
deployment. Legacy infrastructure cannot be upgraded easily. 6
End-to-end overview of Swisscom‘s Internet Access Service
network IT Systems:
DHCP, RADIUS,
wholesale LDAP retail
ADSL ATM
BRAS
MPLS VPN IT Systems: Various
user/service
L2 platform, L2 platform, PPP Route databases
IPv6 not IPv6 not IPoE Reflector: IPv4/IPv6
required required IPoEoA Required
Required IPv6 IPv6 dual stack
features features
available LNS
VDSL native Ethernet available
(6VPE)
MPLS VPN
MPLS VPN
No IPv6
support in
L2 platform, 3P-PE
used mode
IPv6 not required, but SSG
of operation
scalability issues 6VPE ready
FTTH Ethernet over MPLS P Routers:
BNG IPv6 not
required
IPoE
ISG
L2 platform,
IPv6 not
required L2 platform, IPv6
not required Access Core ISP connectivity ISP core Internet peering
Access Aggregation Edge
7. Using 6RD, IPv6 Internet access is an incremental
upgrade.
Production-quality IPv6 Internet access at a fraction of the costs 7
IT Systems:
• No complex upgrade of infrastructure,
wholesale
DHCP, RADIUS,
retail
LDAP
ADSL
leverage IPv4 network to provide
ATM
IPv6 access. Simply... BRAS
MPLS VPN 6RD Border
IT Systems: Various
– Add IPv6 and 6RD support to Relay user/service
L2 platform,
customer modems
L2 platform, PPP Route Lausanne databases
IPv6 not IPv6 not IPoE Reflector:
required
– Add 6RD Border Relays to dual-stack
required IPoEoA Required IPv4/IPv6
Required IPv6 IPv6 dual stack
portion of network features features LNS
available
VDSL native Ethernet available
6RD CE (6VPE)
router
native IPv6 IPv4 access IPv6
MPLS VPN
home network Internet
MPLS VPN
No IPv6 network
support in
L2 platform, 3P-PE
used mode
IPv6 not required, but SSG
of operation
scalability issues 6VPE ready
Home network (dual stack) Swisscom P Routers:
FTTH Ethernet over MPLS Internet
BNG IPv6 not
Access Service
required
network (IPv4 only)
IPoE 6RD Border ISG
L2 platform, Relay Zürich
IPv6 not
required L2 platform, IPv6
not required AccessInternetISP connectivity stack) core
Core peering (dual ISP Internet peering
Access Aggregation Edge
8. 6RD is a Stateless Tunnel Technology, Embedding the
CE‟s IPv4 Address into the IPv6 Prefix.
IPv6 Rapid Deployment on IPv4 Infrastructures (RFC 5969) 8
Network
topology IPv4 native IPv6
native
IPv6 network network
network
6RD CE router 6RD Border Relay
send to preconfigured BR address send to embedded CE address
IPv6 address
format for 6RD IPv6 prefix is calculated from the IPv4 address
2A02:1200 85.5.7.171 Subnet ID Interface ID
0 28 60 64
6RD prefix subscriber subnetting
up to 32 bits of subscriber’s IPv4 address
IPv4 header &
encapsulated
IPv6 packet IPv4 Header IPv6 Header
(downstream)
IPv4 dest 85.5.7.171
copy IPv6 Payload
9. 6RD Border Relay
Implementation Details 9
• Cisco ASR1002-ESP10
scales up to 10 Gb/s per box (tested)
• Using anycast IPv4 address, geographically distributed scale by adding
more boxes
• Topology: “Router on a stick“
No danger of black hole routing, as IPv4 and IPv6 interface status is
inherently coupled.
Router on a stick Separate IPv4
6RD Border Relay and IPv6
interface 6RD Border Relay
IPv4 + IPv6 OSPFv2 OSPFv3
OSPFv2 OSPFv3
IPv4 IPv6
IPv4 Link failure
Link failure IPv6
propagated not noticed in
Dual stack core IPv4 IGP (or
router on both
IGPs vice versa)
10. 6RD CPE Routers
Implementation Details 10
• Vendors: Motorola, ADB Broadband (formerly Pirelli
Broadband)
• 6RD parameters configured using TR-069
– Swisscom 6RD prefix and length (2a02:1200::/28)
– IPv4 bits suffix length (all 32 bits)
– 6rd Border Relay anycast IPv4 address
– Swisscom DNS servers
– IPv6 flag (enable/disable)
• IPv6 must be enabled by customer on “customer centre”
website (no other changes to IT/OSS tools)
• Third-party modems (AVM Fritz Box and others) work, but
need manual configuration
11. Implementation details
IT aspects
11
IT Systems • Display IPv6 check box on “customer centre” website if router
supports IPv6, store IPv6 status in customer database
• Display IPv6 status to customer support, enable them to change
status
• Implement new TR069 parameters for 6RD
• No other changes! No address management, no provisioning, etc!
DNS • Separate DNS (Google white-listed) that can stop handing out AAAA
records if problems with IPv6 should occur
• 6rd.swisscom.com
12. First deployment experiences:
expect to find problems with turning on IPv6 12
• 2011 – the year of the MTU? Make sure Path MTU Discovery works!
– 7600 with 6748 LAN card and IOS 12.2(22)SXF10: sets IPv6 MTU
to 1486 Bytes (no matter what is configured)
– Motorola CPE (Beta version) does not do PTMUD at all…
– ASR-1k: ICMP Packet Too Big messages use final destination‟s
address as source address (not local address)
• 7600 with 12.2(33)SRE3: Buffer leak when IPv6 is enabled. Requires
periodic reboot of the box.
13. Project IPv6 6rd:
Phased introduction of IPv6 13
• Phase 0, ongoing: Internal testing and internal pilot with very friendly
customers
• Phase 1, July – September: Pilot with ~1000 customers (internal and
external)
– Dedicated team of customer support agents, trained for IPv6
• Phase 2, September – ?: Rollout of the IPv6-capable router firmware,
with IPv6 deactivated
– Customer has to active IPv6 himself on his customer portal
– Expecting slow takeup, giving us time to fix bugs and ramp up IPv6
knowledge of support personnel
• Phase 3: When we have gained enough confidence in our IPv6
capabilities: Activate IPv6 by default, by enabling it with our home
device management system.
14. Swisscom will launch IPv6 for residential
customers in 2011, using 6rd technology. 14
• 6RD changes the IPv6 “business case” from complex & expensive to
simple & cheap. There‟s no excuse for not deploying IPv6 now!
• 6RD is simple, reliable, scalable technology
– Fast prototyping thanks to Linux implementation
– Vendors engineering/beta implementations quickly available, yet
(inter-) worked flawlessly
– Tested and proven scalability
• Large-scale pilot to be started in July 2011.
– If you are a Swisscom customer and
– have a “Centro” series router, then apply!
– (Link to be published)
– Check out the “sneak preview” at http://labs.swisscom.com