1 copyright © 2003 juniper networks, inc. proprietary and confidential robert healey hardware...

1Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net

Robert Healey

Hardware Product Group Manager, Juniper Networks

APAC

IPv6 IPv6 over Broadband over Broadband

Service Models and Service Models and DeploymentsDeployments


Juniper’s E-series Juniper’s E-series Broadband Services Router FamilyBroadband Services Router Family

The industry’s leading high-end Broadband Services Routers.

Worldwide market share leader for Broadband deployments

Full IPv6 Support


The T-series Core Router The T-series Core Router FamilyFamily

Highly Resilient, Available

3-Dimensional Scalability

Proven PlatformsTX Matrix

T640

T320

Full IPv6 Support


Juniper Introduces the TX Matrix Platform

TX Matrix – Super CoreTX Matrix – Super Core

T640T640

T640T640

Over 3 Billion Packets Per Second !


Juniper Networks IPv6 deploymentJuniper Networks IPv6 deploymentWorldwideWorldwide

Americas EMEA APAC


IPv6 Network ReferencesIPv6 Network References

GEANT IPv6 Test Program: http://www.juniper.net/news/pressreleases/2001/pr-011128.html

ESNET / 6TAP at PAIX: http://www.juniper.net/news/pressreleases/2001/pr-011128.html

France Telecom / VTHD: http://www.juniper.net/news/pressreleases/2001/pr-011128.html

CSC / FUNET: http://www.juniper.net/news/pressreleases/2002/pr-020507.html

Internet2 / Abilene: http://archives.internet2.edu/guest/archives/I2-NEWS/log200204/msg00003.html

Canarie / CA*net 4: http://www.juniper.net/news/pressreleases/2002/pr-020710.html

ESNET: http://www.juniper.net/news/pressreleases/2002/pr-020828.html

ARNES, DANTE, and REDiris: http://www.juniper.net/news/pressreleases/2002/pr-021003.htmlhttp://archives.internet2.edu:8080/guest/archives/I2-NEWS/log200210/msg00005.html

Internet2 Gigapops: http://www.juniper.net/news/pressreleases/2002/pr-021111.html

Japan Gigabit Network: http://www.juniper.net/news/pressreleases/2002/pr-021112.html

Chunghwa Telecom HiNet: http://www.juniper.net/news/pressreleases/2003/pr-030114.html

NTT Communications: http://www.juniper.net/company/presscenter/pr/2003/pr-030218a.html


References in IPv6 Network References in IPv6 Network EngineeringEngineering

• GEANT V6 task force

• http://www.join.uni-muenster.de/geantv6/

• DANTE:

• www.dante.net/nep/ipv6/index.html


IPv6 over Broadband Services – IPv6 over Broadband Services – Target Market and Service Target Market and Service

RequirementsRequirements

Carriers in APAC want to run IPv6 across their broadband networks

Most interest so far in Japan due to Government technology push &

funding for IPv6 development

Interest is also growing in other APAC countries including Korea,

India, China, Taiwan, etc.

Japan market has 2 IPv6 over Broadband standards :

NTT Com, ACCA, KDDI etc in Japan are running or trialling PPP

based IPv4 and IPv6 “Dual Stack” BRAS

NTT East / West / SI Labs is building a whole new nationwide

network and they want Non-PPP based services.


Technical Service Technical Service Details for IPv4Details for IPv4

• PPP-Based ServicesPPP-Based Services• Non PPP-Based ServicesNon PPP-Based Services


IPv4 StandardsIPv4 Standards

• Business broadband – generally uses Bridged or Routed 1483 for static, always-on service models.

• Subscriber services are based on either PPPoE or DHCP.

• Point to Point Protocol over Ethernet (PPPoE) based on PPP, extended by RFC 2516

• Dynamic Host Configuration Protocol (DHCP) is based on work in BootP, extended by RFC 1541, usually implemented as compliant to RFC 2131.


Protocol Design IntentionsProtocol Design Intentions

• PPPoE• PPPoE is designed to establish a WAN

connection to a remote client. PPPoE extends PPP to Ethernet, providing for authentication, authorization, accounting and network layer configuration.

• DHCP• DHCP is designed to supply DHCP clients

(usually in a broadcast domain i.e. LAN) with network configuration parameters.


PPP & DHCP Feature PPP & DHCP Feature ComparisonComparison

Feature PPPoE DHCPAuthentication Integrated, provided by

LCP. Identifies user.No authentication, can be extended using options but identifies machine.

Authorization Supplied to NAS/BRAS by RADIUS based on user identity.

No authorisation. Can be extended by ext. apps using DHCP options based on machine identity.

Accounting Supplied by NAS/BRAS. No accounting. Supported by external applications.


Feature PPPoE DHCP

Statefulness State kept by PPP keepalives

No state kept. Can be supplied by keeping lease short.

PC Support Requires 3rd party software unless OS < 2yr old.

Supported by all current OS.

Customer service support

+ Provides feedback on connectivity.

- 3rd party s/w hard to troubleshoot.

- No feedback on connectivity. Need CLI (or winipcfg).

+ No need for 3rd party s/w

PPP & DHCP Feature PPP & DHCP Feature ComparisonComparison


Summary - IPv4 BRAS Service Summary - IPv4 BRAS Service ModelsModels

PPP-based model

• Requires PPPoE client software or CPE device

• Session based service model

• User authentication & accounting information present

• Radius based AAA• Leverages LCP and IPCP

protocols

Non PPP-based model• Business services

• Bridged / Routed 1483 services

• Subscriber Services • DHCP based broadband

remote access• Good for lightweight

clients• Requires many add-ins to

DHCP to allow AAA, session monitoring, accounting, etc etc etc etc….


IPv6 over BroadbandIPv6 over BroadbandTechnical Service DetailsTechnical Service Details



Carrier IPv4 and IPv6

NetworkLayer 2 Access

The PPP-Based IPv4/IPv6 Service The PPP-Based IPv4/IPv6 Service ModelModel

VC or VLAN

IPv4 and / or IPv6 devices

Layer 2 or Layer 3 CPE

device

ERX IPv4/IPv6 Edge Router

RADIUS

Simultaneous Support for IPv4 and IPv6 traffic over a single PPP connection


Dual Stack BRASDual Stack BRAS - protocols- protocols

PPPoE or PPPoA

PPP

IPv4 IPv6

IPv4 Applications

IPv6 Applications

Based on PPP(oX)

One PPP Session

Two Layer 3 Protocols

ATM or Ethernet

}


More detail – IPv4 Connection More detail – IPv4 Connection SetupSetup

PPPoE or PPPoA

PPP / LCP

IPv4 / IPCP

NCP - IPCP used for • IP address assignment

– via Local pools or Radius• DNS Server addresses, etc• etc

ATM or Ethernet

PPP - LCP used for :• user authentication • connection establishment • connection maintenance / monitoring


More detail – IPv6 Connection More detail – IPv6 Connection SetupSetup

PPPoE or PPPoA

PPP / LCP

IPv6 : DHCPv6 DHCP-PDOpt-DNS

Network Layer Setup :• IPv6CP – not useful here• DHCPv6 messaging used• DHCP-PD used to delegate IPv6 prefixes• Opt-DNS informs client of v6 DNS server addresses

ATM or Ethernet

PPP – LCP - only done once for both IPv4 and IPv6


Dual Stack Connection Dual Stack Connection ModelModel

Based on : “draft-shirasaki-dualstack-service-03.txt” (expires August, 2004)

This draft references the following documents :

[RFC3315] Droms, R., "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", July 2003.

[RFC3633] Troan, O. and Droms, R., "IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6", December 2003.

[RFC3646] Droms, R., "DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", December 2003.


Notes about IPv6 Connection Notes about IPv6 Connection setup:setup:

NCP – IPv6CP used only for exchange of Link-Local addresses - not much use at all in a BRAS environment.

JunosE development started in 2002 while specifications were Internet Drafts but they are now RFCs :

DHCPv6 – draft-ietf-dhc-dhcp6-26.txt RFC 3315

draft-troan-dhcpv6-opt-prefix-delegation-01.txt RFC 3633

draft-ietf-dhc-dhcpv6-opt-dnsconfig-03 RFC 3646

JUNOSe 5.1 and 5.2 support the earlier draft specs

JUNOSe 5.3 supports the RFC version docs and is also backwards compatible with the earlier implementations


Carrier IPv4 and

IPv6 Network

Layer 2

Access

Futures of the PPP modelFutures of the PPP model

VC or VLAN


Layer 2 CPE device


• Native Client device support for both IPv4 and IPv6 over single PPP stack

•Eg - simply extend the existing Windows XP PPPoE client to support IPv6

•Eg Windows “Longhorn” 2004 (->2007?)


Technical Service Technical Service DetailsDetails



Carrier IPv4 and

IPv6 Network

Layer 2

Access

The Non-PPP modelThe Non-PPP model

Prefixes statically provisioned on user facing interface (VC / VLAN) DHCP-PD and opt-DNS could also be used without PPP ND / RA could also be used to advertise prefixes over Ethernet access

How to do DNS in this case ?

Less protocol overhead due to no PPP – BUT – bit of a drag due to lost functionality (user auth, accounting, session monitoring, etc)

VC or VLAN


Layer 2 or Layer 3 CPE

device



Carrier IPv4 and

IPv6 Network

Layer 2

Access

Prefix Assignment in the Non-PPP Prefix Assignment in the Non-PPP modelmodel

- Layer 3 CPE Case - Layer 3 CPE Case

VC or VLAN


Layer 3 CPE device


•DHCP-PD•Opt-DNS

•pppoe• ND / RA

•(Or whatever)


Layer 3 CPE - DetailsLayer 3 CPE - Details

Prefixes statically provisioned on the ERX One Prefix per access subinterface (VC / VLAN)

DHCP-PD and opt-DNS used between ERX and CPE router CPE initiates DHCPv6 exchange to ERX

Requests IPv6 Prefix via DHCP-PD Requests DNSv6 info via Opt-DNS

ERX responds with configured values ND / RA used to assign IPv6 addresses to IPv6 devices behind

CPE Router.


Carrier IPv4 and

IPv6 Network

Layer 2

Access

Prefix Assignment in the Non-PPP Prefix Assignment in the Non-PPP modelmodel

- Layer - Layer 22 CPE Case CPE Case

VC or VLAN


Layer 2 CPE device


• Neighbor Discovery• Router Advertisement

• (some sort of DNS info exchange?)


Layer 2 CPE - DetailsLayer 2 CPE - Details

Prefixes statically provisioned on the ERX One Prefix per access subinterface (VC / VLAN)

Neighbor Discovery & Router Advertisement used between ERX and IPv6 hosts

IPv6 host devices initiate Neighbor Discovery to ERX Host Retrieves IPv6 Prefix info and default gateway data via ND /

RA DNSv6 info retrieved via IPv6 DNS client software ???

ERX responds with configured IPv6 Prefix & DNS information Stateless Autoconfiguration used to generate IPv6 addresses for IPv6

devices


DHCP-PD model detailsDHCP-PD model details

• client authentication based entirely on interface

• one prefix per interface, statically configured

• default prefix lifetime configured per VR, may be overridden by

• per-interface prefix configuration

• DNS information per VR only, not per client or per interface

• DNS information may be retrieved during prefix delegation, or with an Information request


Non-PPP Model SummaryNon-PPP Model Summary

Function Layer 2 CPE Layer 3 CPE

IPv6 Prefix configuration

Static per interface (via ND config)

Static per interface (via DHCP-PD config)

Prefix assignment method

Neighbor Discovery / Router Advertisement on PC

DHCP-PD on CPE router

DNS Server assignment method

“Opt-DNS” Client software, DHCPv6 on ERX

Opt-DNS on CPE router, DHCPv6 on ERX

User authentication None None

Access media supported

ATM Bridged Ethernet, Ethernet

ATM Bridged Ethernet, Ethernet

Accounting data Per subinterface Per subinterface

# hosts supported per VC / VLAN

1 only (?) Many (behind CPE)


PPP Model SummaryPPP Model Summary

Function Layer 2 CPE (future)

Layer 3 CPE

IPv6 Prefix configuration

Radius Radius

Prefix assignment method

DHCP-PD on host DHCP-PD on CPE router

DNS Server assignment method

Opt-DNS on host Opt-DNS on CPE router

User authentication Username / Password Username / Password

Access media supported

All All

Accounting data Radius Radius

# hosts supported per VC / VLAN

Many (via multiple PPPoE sessions)

Many (behind CPE)


IPv6 BRAS Service Model IPv6 BRAS Service Model SummarySummary

• PPP based• Requires Dual Stack

(IPv4/v6) PPPoE client or device

• Session based service model

• User authentication & accounting information present

• Radius based AAA• Leverages DHCP-PD

and opt-DNS

• Non PPP-based

• DHCP-PD or ND/RA can be used in the access network

• No native authentication or accounting

• More suitable to “always-on” service


IPv6 ServicesIPv6 Services

In Production TodayIn Production Today


Broadband Access

Juniper IPv6 Firewall and B-RASJuniper IPv6 Firewall and B-RAS

(Major Service Provider in Japan)(Major Service Provider in Japan)


NS 5XTIPv6 CPE Firewall

PPPoE

PPP

IPv4 IPv6

ATM VC or Ethernet VLAN

•One Circuit

•2 Network Protocols

ERX IPv4/IPv6 B-RAS

IPv4 / IPv6 Firewall &

VPN platform

IPv4

IPv6

DHCP-PD or NeighborDiscovery


Broadband Access

Juniper IPv6 LNS – Juniper IPv6 LNS –

France TelecomFrance Telecom


Dual Stack CPE Router

ERX IPv4 B-RAS

L2TP/IPv4

ERX IPv6 LNS

PPPoE Dual StackPPPoE Dual Stack sessions transported over L2TP/IPv4


Siemens “Tango” Siemens “Tango” Dual Stack PPPoEDual Stack PPPoEClient SoftwareClient Software


What is the Tango Client ?What is the Tango Client ?

• PPPoE dual stack PC client software

• Developed by Siemens / Efficient Networks in partnership with Juniper

• Designed to meet NTT Communications’ Dual Stack service requirements

• Efficient Networks (http://subscriber.communications.siemens.com/subscriber_networks/software.shtml) is the world’s #1 PPPoE client software market leader

• over 12 million copies of Tango sold in Japan


Tango DualStack PPPoE Tango DualStack PPPoE clientclient


Click here to create a new Click here to create a new connectionconnection


Create a new ConnectionCreate a new Connection

Enable IPv6 support


Add username & Add username & passwordpassword


Locate your Dualstack Locate your Dualstack BRASBRAS


FinishedFinished


Check Connection PropertiesCheck Connection Properties


Connection PropertiesConnection Properties



Just check these 2 boxes to Enable IPv6 support !


Connection In ProgressConnection In Progress

Double Click to connect

IPv4 connects first

Then IPv6 connects


Connection sequenceConnection sequence10/15/2004 15:01:12 - ACCA dualstack Opening port...10/15/2004 15:01:12 - ACCA dualstack Port opened.10/15/2004 15:01:12 - ACCA dualstack Connecting10/15/2004 15:01:13 - ACCA dualstack Connected.10/15/2004 15:01:13 - ACCA dualstack All devices connected.10/15/2004 15:01:13 - ACCA dualstack Authenticating10/15/2004 15:01:13 - ACCA dualstack Authentication Notify10/15/2004 15:01:13 - ACCA dualstack Authentication projection.10/15/2004 15:01:13 - ACCA dualstack Authentication Notify10/15/2004 15:01:13 - ACCA dualstack Projected.10/15/2004 15:01:13 - ACCA dualstack Authentication Notify10/15/2004 15:01:13 - ACCA dualstack Successful Authentication. IPv4 connection setup usually finished by this point

10/15/2004 15:01:18 - ACCA dualstack PPPv6 is up10/15/2004 15:01:18 - ACCA dualstack Acquiring DHCPv6 information, please wait...10/15/2004 15:01:24 - ACCA dualstack Added IPv6 DNS address 2001:380::5310/15/2004 15:01:26 - ACCA dualstack Added IPv6 DNS address 2001:380:0:1::5310/15/2004 15:01:27 - ACCA dualstack Added Global IPv6 address 2001:380:22f:0:5449:52ff:fe41:440010/15/2004 15:01:29 - ACCA dualstack Added Anycast Ipv6 address 2001:380:22f::10/15/2004 15:01:31 - ACCA dualstack Added IPv6 route to fe80::200:87ff:fefa:d1b110/15/2004 15:01:32 - ACCA dualstack Successfully acquired DHCPv6 information


Connection established !Connection established !


Radius User configRadius User config


ERX configERX config! bras & ipv6 licences

!

license b-ras “Secret”

!

license ipv6 “Secret”

!

! run the ipv6 protocol itself

ipv6

!

! loopback address - v4 & v6 addresses

!

interface loopback 0

ip address 1.0.0.1 255.255.255.255

ipv6 address 1::1/128

!

! user profile - note v6 loopback & VR assignment

!

profile dualuser

ip virtual-router default

ip unnumbered loopback 0

ipv6 virtual-router default

ipv6 unnumbered loopback 0

ppp authentication pap chap

! ipv4 address pool

ip address-pool local

ip local pool v4pool 10.0.0.1 10.0.0.10

!

!

! radius server details - note the user needs to have a "Framed-IPv6-Prefix" assigned to them in radius

!

radius authentication server 172.27.60.221

key secret

!

radius accounting server 172.27.60.221

key secret

!

interface fastEthernet 6/0

ip address 172.27.60.150 255.255.255.0

!

radius update-source-addr 172.27.60.150

!


ERX configERX config

! instantiate the local DHCPv6 Server, configure options

!

service dhcpv6-local

ipv6 dhcpv6-local prefix-lifetime 0 0 2 0

ipv6 dhcpv6-local dns-server aaaa::1

ipv6 dhcpv6-local dns-server bbbb::1

!

!

! User facing PPPoE interface - note it looks just like IPv4 only (and still works for IPv4 only)

!

interface fastEthernet 8/0

pppoe

pppoe auto-configure

pppoe profile any dualuser


IPv6 futuresIPv6 futuresFeatures that have been considered but are not yet committed to any specific release :

• MPLS Forwarding of IPv6 traffic

• BGP Enterprise MIB support for BGP over TCP/IPv6

• Mobile IP Home Agent support

• IP Subscriber Manager for IPv6

• IPv6 over IPv4 tunneling

• Dynamic IPv6 interfaces other than PPP & PPPoE

• SNMP over IPv6

• Dynamic IPv6 prefix provisioning

• High availability IPv6

• High Availability IPv6 Multicast

• IPv6 - Local address pools

• IPv6 – TACACS


IPv6 LNS –IPv6 LNS –

The Simplest IPv6 The Simplest IPv6 Deployment Method Deployment Method


IPv6 LNS Technical IPv6 LNS Technical RequirementsRequirements

• Sessions

• Tunnels

• Prefix assignment method


IPv6 LNS requirementsIPv6 LNS requirements• 4000 L2TP tunnels• IPv6 LNS• 100kbps per PPP session• Radius & radius based prefix-

assignment• Fragmentation avoidance• OSPFv2 & v3, BGP-4 & 4+ routing• If possible support for both fixed and

variable prefix assignment• (future) Multicast & redundancy


Additional Beneficial Features for an Additional Beneficial Features for an IPv6 LNSIPv6 LNS

• Application Level QoS for IPv4 and IPv6 traffic

• Hardware based LNS functionality – adds reliability and performance

• Full production-quality IPv6 multicast service

• SDX session management & dynamic service creation

• High Availability

• In Service Software Updates (ISSU)

• etc


Thank You !

1 copyright © 2003 juniper networks, inc. proprietary and confidential robert healey hardware...

Documents

juniper networks apac

ipv6 support slide

deployments slide

broadband deployments

broadband service models

internet2 abilene

tseries core router

japan gigabit network