Download - Ole - Ipv4onlifesupport
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
IPv4 on life-supportOle Trøan, cisco EngineeringIP fundamentalist
2011-11-22
With help from:Randy Bush (Dr Vision)Dan Wing (Mr NAT)Mark Townsley (Mr Tunnel)Geoff Huston (Dr Doom)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
The “inevitability” of technological evolution?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
The “inevitability” of technological evolution?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Not exactly according to plan…
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5Cisco ConfidentialCisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 5
“I’m driving at 100 kph, and I see a wall 100m ahead of me.
I’m not there yet; I’ll worry about that tomorrow…”
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 6
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 7
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 8
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Who deploys IPv6 today?• Enthusiasts working in corporations, friendly to “new stuff”
• Encouraged by government regulation / procurement requirements
• Out of fear (let’s be ready if this IPv6 thing happens…)
• New opportunities. If we are early into IPv6 we may have an advantage.
• Green field. Let’s not bother with legacy stuff in a new network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
“Why Has theTransitionto IPv6Been so Slow?”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
“Is it the Vendors?”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
“Is it the lazy Operators, - as the IPv6 idealist claim?”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
“Is it the lack of content?”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
“Is it that Applications do not support IPv6?”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
“Is the CPE?”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
“Is it the End-user host stack?”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
“Isn’t the 430 transition mechanisms enough?”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
“Transition depends on All of Those at the SAME TIME – a recipe for failure”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
The challenge often lies in managing the transition from one technology to another
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
IPv4
IPv6
CGNs
ALGs CDNs
The challenge often lies in managing the transition from one technology to another
To get from “here” to “there” requires an excursion through an environment of CGNs, CDNs, ALGs and similar middleware ‘solutions’ to IPv4 address exhaustion
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
IPv4
IPv6
CGNs
ALGs CDNs
Transition requires the network owner to undertake capital investment in network service infrastructure to support IPv4 address sharing/rationing.
But will this be merely a temporary phase of transition?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
The risk in this transition phase is that the Internet heads off in a completely different direction!
IPv4
IPv6
CGNs
ALGs CDNs
The challenge often lies in managing the transition from one technology to another
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
IPv4
IPv6
CGNs
ALGs CDNs
APNIC
RIPE NCC
LACNICAFRINIC
ARIN201x?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
“The IPv4 InternetWas a Simple PlaceWhere Packets FlowedFreely Between Us”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
128 bits
32 bits
CGN
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
We are the Salmon
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
“But We Can EasilyDestroy theEnvironment in theNext Year or Two”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
“There isOne SeriousProblemWith CGNs”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
and When They Say“Service Continuity”What They Mean isThey are NOT Transitioning to IPv6”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
IPv4 Life Support
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
“Think About a WorldWhere You Can NotDeploy New Protocols(e.g. Skype)Without Telenor’s (or Apple’s or Google’s)Lawyers’ Approval”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
“Tunnels and translators”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Two types of transition mechanism• IPv6 service (to end users)
6rd, L2TP, (IPv6 in IP, GRE, ISATAP, Teredo, Tunnel brokers)
• IPv4 exhaustion (IP address sharing)A+P: Mapping of Address and port (Shared IPv4 address over IPv6)
CGN / SD-NAT
DS-lite
• “Interoperate”:IPv6 to IPv4 connectivity
NAT64, TRT, Application proxies
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Is it because we only have 430 transition mechanisms?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
What goes in should come out..
Tunnels act like the layer below that which they are carrying
Often not perfectly, but “good enough” for a specific purpose
IP tunnels act like Data Link Layers
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
They provide us a Layer of Indirection
All problems in computer science can be solved by another level of indirection…
…except for the problem of too many levels of indirection
- David Wheeler
They have a wide variety of uses…
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Subscribers Providers Internet
Private IPv4
IPv6
IPv6
Private IPv4
IPv6
IPv4
IPv6
IPv4
IPv6
Private IPv4
IP address sharing (NAT placement)
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 40
Address Sharing Gone Bad
Source: Shin Miyakawa, NTT Communications
40IETF82 - INTAREA
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
41IETF82 - INTAREA
IPv4 Address Sharing Technologies
IPv4 AddressRun-Out
IPv4
IPv6 6rd
Obtain IPv4 Addresses (RIR, address broker)
IPv4 Address SharingCGN,
NAT44, SD-NAT
6rd+
CGN
DualStackLite
MAP(4rd/dIVI)native
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
2. Connect IPvX to IPvY
• NAT Purpose 2: connect IPv6 to IPv4
IPv4 IPv6
IPv4-only hosts IPv6-only hosts
NAT64
42IETF82 - INTAREA
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Connecting IPvX hosts to IPvY hosts• NAT64 is not perfect
• IPv6 and IPv4 are not compatibleFragmentation (IPv4: network fragments, IPv6: hosts fragment)
minimum MTU (IPv4: 576, IPv6: 1280)
IPv4 options versus IPv6 extensions
• Like NAT44:NAT64 can also bring Application Layer Gateway (ALG) issues
Complicates troubleshooting and abuse handling
43IETF82 - INTAREA
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Smart Edge & Stupid Core• Traditional Voice has stupid edge devices,
phone instruments, and a very smart expensive core
• The Internet has a smart edge, computers with operating systems, applications, …, and a simple stupid core, which just does packet forwarding
• Adding an entirely new Internet service is just a matter of distributing an application to a few consenting desktops (until NATs)
• Compare that to adding a service to Voice
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Conclusions
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
IPv6 Transition: Tunnel or Translate?
translate tunnel native routing
worst best
46IETF82 - INTAREA
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
IPv4-OnlyNetwork
IPv4-OnlyNetwork
IPv4-OnlyUsers
NAT
NAT
IPv6-Only
IPv6-OnlyUsers
CE
Dual Stack Network
Dual-StackUsers
PEPE
CE
Dual Stack Transition Leap
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
IPv4-OnlyNetwork
IPv4-OnlyNetwork
IPv4-OnlyUsers
NAT
NAT
IPv6-Only
Dual StackNetwork
IPv6-OnlyUsers
CE
6↔4
Dual StackNetwork
IIPv6Only
Dual-StackUsers
Dual-StackUsers
IPv6 Only
Dual StackNetwork
Dual Stack Network
Dual-StackUsers
PEPE
CE CE CE
Transition Steps Instead of Leaps…
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
While:• IP address sharing is necessary to keep business running
• Necessary to keep end users happy (long tail IPv4)
• It is never ideal
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 50
Principle #1:Choose mechanisms which are progress towards IPv6
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 51
Principle #2:Prefer Mechanisms Which are simple, Stateless, Use IPv6 not IPv4, …
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 52
Principle #3:Keep state at the edge not the core
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 53
Principle #4:Use Mechanisms Which Preserve e2e and the Other Basic Principles as Much as Possible