huawei ipv6 evolution solution
TRANSCRIPT
Huawei Confidential
IPv6
IPv4
IPv4
IPv6
HG (B4)
OLT
DSLAM
Terminal Access Metro Core Servers
CR BRAS
BRAS CR
IPv6-only
CGN (AFTR)
CGN (AFTR)
Dual-stack
Routed HG
DS-Lite+NAT
NAT44
Private IPv4
Public IPv4
IPv6
4in6 Tunnel
Metro network: The BRAS supports IPv6-only. An
IPv6-only network is deployed between the BRAS
and CGN. A dual-stack network is deployed between
the CGNs and CRs.
Access network: Network reconstruction is not
required.
Home area network: HGs that work in routed mode
must be upgraded to support the DS-Lite.
The DS-Lite solution has special requirements on
HGs. Therefore, it is usually used for new users.
The combined use of the dual-stack+NAT and DS-Lite
solutions is recommended. The two solutions can be
switched to each other as needed.
At present, PPPoE access is used for the DS-Lite
solution. An IPv6 network is deployed between
the HG and CGN.
DS+NAT+PPPoE:
Metro network: BRASs and CRs must support
dual-stack. The CGN can be inserted into a
BRAS or be deployed in standalone mode.
Access network: Network reconstruction is not
required.
Home area network: Bridged HGs do not
require reconstruction or upgrade. Routed HGs
must be upgraded to support IPv6.
DS+NAT+IPoE:
Metro network: BRASs and CRs must support
dual-stack. The CGN can be deployed in
distributed or centralized mode.
Access network: The network must be
reconstructed to support IPv6.
Home area network: Routed or hybrid HGs
must be upgraded to support IPv6.
In this scenario, NAT, dual-stack, and dual-
stack+NAT can be separately deployed.
IPv6
IPv4
IPv4/IPv6
IPv4
IPv6
HG
OLT
LSW
Terminal Access Metro Servers
CR
CGN
BRAS
IPv4/IPv6
DS+NAT+IPoE
HG Routed Mode
DS+NAT+IPoE
HG Bridged Mode
NAT44
NAT44 Private IPv4
IPv6
Private IPv4
NAT44
Public IPv4
Public IPv4
IPv6
Private IPv4
DS+NAT+PPPoE
HG Routed Mode
DS+NAT+PPPoE
HG Bridged Mode
NAT44
NAT44 Private IPv4
IPv6
NAT44
Public IPv4
Public IPv4
IPv6 PPPoE
Private IPv4 PPPoE
Private IPv4
BRAS CR
CGN
Core
IP Core
AFTR Address Family Transition Router
B4 Base Bridging BroadBand element
CGN Carrier Grade NAT
DNS64 Domain Name System IPv6&IPv4
DS-Lite Dual-Stack Lite
NAT Network Address Translation
SPOP
UPE AGG
BRAS/SR
Corporation
OLT CGN
CPE
ACC-LSW
MxU
Core AAA
Server
DHCP
Server
U2000
BTV VoD
IPTV HE
U2520
Customer OAM/Service Access Aggregation Core
NGN/IMS
SoftX
IGW
Access device:
Supports DHCPv6 option 18/37
Enables DHCPv6/ND snooping
Trust Domain Untrust Domain
Trust or Untrust Domain
UPE/AGG/BRAS/SR:
Enables DHCPv6/ND snooping
Enables authentication for IPv6 IGP/BGP.
Enables IPv6 URPF to defend against IP
spoofing attacks.
IGW:
Filters invalid IPv6
routes advertised by
EBGP neighbors.
Discards invalid IPv6
traffic.
CGN:
Checks user validity.
Restricts the tunnel and
session quantities.
STB/TV
PC HG
Phone
OLT 1
BRAS 1
CR1
BRAS 2
HA VRRP
CR2 OLT 2
NAT Address Pool 1
User Address Pool 1
Secondary Primary
NAT Address Pool 1 NAT Address Pool 2
PE1 CGN 1
CGN 2 NAT Address Pool 1
User Address Pool 1
NAT Address Pool 2
User Address Pool 2
NAT Address Pool 2
User Address Pool 2
Primary Secondary
NAT Address Pool 1 NAT Address Pool 2
Primary Secondary
Secondary Primary
HA VRRP
PE2
Slot 1 Slot 2
NAT
Address
Pool
CGN inter-board hot backup:
Two CGN boards form a backup group to which a NAT
instance is bound.
Two CGN boards share the same NAT address pool.
Two instances can be configured to dynamically balance
traffic load.
Distributed CGN inter-chassis hot backup:
Two CGN boards on different BRASs form a backup
group.
A NAT instance is configured for every chassis, and
the CGN boards back up each other.
The user and NAT address pools back up each
other.
Centralized CGN inter-chassis hot backup:
Two CGN boards in different CGN chassis form a
backup group.
A NAT instance is configured for every chassis,
and the CGN boards back up each other.
The NAT address pools of the two instances back
up each other.
SOHO/Small-sized Enterprise
Government/Medium-sized
Enterprise
Large-sized
Enterprise
Dial-up Leased Line (PPPoE)
Layer 3 Leased Line (IPoE)
The BRAS allocates an IPv6 address
with the IA_NA/IA_PD option.
The static IPv6 address must
be configured.
Layer 2 Leased Line (IPoE)
The IPv6 address with the IA_NA/IA_PD
option must be manually configured or
allocated by the BRAS.
BRAS (Dual-stack)
SR (Dual-stack)
L2VPN
IPv4 MPLS
UPE (Dual-
stack)
UPE (Dual-
stack)
UPE (Dual-
stack)
UPE (Dual-
stack)
VLL/VPLS
IPv6 L3VPN
L3VPN
BRAS (Dual-stack) E-Line/E-LAN
E-Line/E-LAN
CPE
(Dual-
stack)
CPE
CPE
CPE
CPE
CPE
(Dual-
stack)
CPE
(Dual-
stack)
Internet Leased Line Solution VPN Leased Line Solution
Network
Deployment
Service
Provisioning Fault Locating Network
Monitoring
In-home service
provisioning
Service provisioning
by the U2000
Service provisioning
by the AAA server
CPE status management and information query (ITMS and U2000)
Optical path diagnosis and alarm monitoring on access networks
(by the N2510 and U2000)
Alarm monitoring and fault information collection on metro and IP
core networks (by the U2000 and SmartKit)
U2000/U2520
performance
monitoring
HG OLT BRAS
CGN
AAA Server
DNS Server
Portal Server
Log Server
Supports AAAA and A records.
Supports AAAA and A record
query over IPv4/IPv6.
Provides a syslog interface for communicating
with the CGN.
Provides an interface for querying information
from the background system.
Supports IPv6-related attributes.
Supports CGN-related attributes.
Reconstructs the interfaces
interconnecting the AAA server
and the BRAS/log server/billing
system/portal server/OSS.
CR
OSS BSS
Supports IPv6 HG management.
Supports IPv6 HG information
exchange with the OSS.
ITMS
Supports IPv6 NE management.
Supports the management of IPv6 resources
and services.
Supports the management of CGN resources
and services.
Reconstructs the interfaces interconnecting
the OSS and the AAA server/BSS/ITMS.
Enables the CRM and billing
systems to support IPv6
addresses, private IPv4
addresses, and port ranges.
Reconstructs the interfaces
interconnecting the BSS and
the AAA server/OSS/ITMS.
Supports the extraction of
IPv6 and private IPv4
addresses of users.
Reconstructs the interfaces
interconnecting the portal
server and the AAA server.
Dual-stack
Key points for IPv6 evolution:
What are the main IPv6 evolution techniques?
Dual-stack: Dual-stack is enabled for all devices on the network.
DS-Lite: IPv6 is deployed and DS-Lite tunnels are established between B4 and AFTR to carry IPv4 traffic.
NAT: CGN gateways are deployed to allocate private IPv4 addresses, which helps to reduce public IPv4
address consumption. This technique usually works with the dual-stack technique.
NAT64: This technique is used to deploy a gateway for translating the IPv6 addresses of an IPv6-only
terminal to an IPv4 address. It is a supplement to the dual-stack technique.
IPv6
Evolution
Resolve the
IPv4 address
insufficiency
issue
Remain
good user
experience
Ensure
network
security
IGW (Dual-stack)
CE (Dual-stack)
MAN
MAN IPv6
Internet CE (Dual-stack)
P(IPv4)
IPv4 MPLS
Dual-stack must be enabled for all Layer 3 devices.
Dual-stack routes between all Layer 3 devices must be reachable.
Dual-stack must be enabled for the PE/CE/IGW. Intermediate nodes support IPv4-only.
MPLS must be deployed at the core of the network.
6PE/6vPE tunnels must be established between PEs to deliver dual-stack routing
information.
CR (Dual-stack)
MAN
MAN
IPv6
Internet PE(Dual-stack)
CR (Dual-stack)
PE(Dual-stack)
PE(Dual-stack)
IP Core
Dual-stack IGW (Dual-stack)
IPv4
Internet
IPv4
Internet
BRAS CR NAT6
4
IPv6 User
PE PE
IPv4 Server
IPv6 Server
HG
P
OLT
DSLAM
Terminal Access Metro Core Servers
CR
DNS64
BRAS
Dual-stack
P
IPv4 Server
IPv6 Server
IPv4
IPv6
IPv6
NAT64
IPv6 User
Objectives:
To allow IPv6 users to access IPv4 server over
an IPv6 network.
Usage scenario:
At later stages of network evolution, IPv6-only
users access the IPv4 servers in the Internet.
NAT64 gateways and DNS64 servers must
support dual-stack.
NAT64
Access an IPv4 Server
Access an IPv6 Server
HG
ONT
ONT
Access
CX600-X1
CX600-X2
MA5600T
Metro
CX600-X3
CX600-X8 CX600-X16
Edge
ME60-X3
ME60-X8 ME60-X16
VSUFs and SPs can be combined in
different ways to provide a maximum
of 40G, 80G, 120G, or 160G forwarding
performance.
CGN
SP-160
(40G daughter board) SP-80
(40G daughter board)
VSUF-160
(80G mother board)
VSUF-80
(40G mother board)
Backbone
NE80E NE5000E Cluster
Eudemon 1000E-X3&X5
Eudemon 8000E-X8 Eudemon 8000E-X16
Eudemon 8000E-X3
Firewall
NE40E-X16 NE40E-X8
NE40E-X3
S9303
S9306
S9312
Win the
competition
6PE/6vPE
PE(Dual-stack)
PE(Dual-stack)
PE(Dual-stack)
NAT Instance 2
NAT Instance 1 Primary
Primary
Secondary
Secondary
Note: The IPv6 security solution be deployed under original IPv4 security solution conditions.
Dual-stack solution for the IDC :
It is the mainstream solution for the IPv6
evolution of the IDC.
The dual-stack reconstruction involves a large
scope and a long period.
NAT64 solution for the IDC:
As a supplement to the IDC dual-stack
reconstruction solution, this solution applies to
a scenario where IPv6-only terminals access
controllable services or simple applications.
IDC reconstruction is not required and the
deployment period is short. However, NAT64
gateways may not support some ALGs.
Therefore, NAT64 gateways may become
network bottlenecks.
Users are unwilling to switch from IPv4 to
IPv6 because IPv6 resources are insufficient.
Therefore, dual-stack reconstruction of the
IDC is very important in IPv6 evolution.
NAT64 Solution (IPv6 Users Access the IPv4 Server)
Dual-stack Solution (Dual-stack Users Access the
Dual-stack Server)
Service Area 1 Service Area N
Security
Service PoD
......
iStack iStack
iStack
......
Service Area N
Security
Service PoD
Access
Layer
Core Layer
Egress Router
Server
Aggregation
Layer
Storage
TOR EOR/MOR TOR
CSS
DNS64
Dual-stack IPv6
Dual-stack Solution NAT64
Dual-stack+Service
Reconstruction
Reconstruction is
not required.
Dual-stack+OSPFv3
Dual-stack+EBGP4+
DNS
Dual-stack+AAAA Add DNS64.
Enable dual-stack
for the egress router.
Add a NAT64 gateway
and a log server.
IDC reconstruction is
not required.
IPv4
NAT64 LogServer
Dual-stack User IPv6 User IPv4 User
IPv6-only
Terminal
Gi/SGi
LTE
SGSN GGSN/PDSN
GERAN
UTRAN
Dual-stack
Terminal
Tunnels between the terminals and GGSN/SAE GW carry IPv4/IPv6 packets.
NAT44
NAT64
Solution 1:
Dual-stack+NAT44
Solution 2:
IPv6-only+NAT64
IPv6 Traffic
IPv4 Traffic
IPv4 Traffic
IPv6 Traffic
Terminal IP RAN PS Core IP Core Service
Solution 1: Dual-stack+NAT44
Terminals support dual-stack, IPv6 and/or private IPv4 address.
The IP RAN is an IPv4 network.
The PS core network must support dual-stack. The PS core system
must support IPv6 management. IPv4 tunnels must be established to
transparently transmit IPv4/IPv6 packets.
The IP core network must support dual-stack.
Peripheral systems must be upgraded to support IPv6 management.
Gi/SGi interfaces must support dual-stack and route IPv4 packets to the
NAT44 gateway for NATing.
Solution 2: IPv6-only+NAT64
Terminals support IPv6 and be allocated with IPv6-only addresses.
The IP RAN is an IPv4 network.
The PS core network must support dual-stack. The PS core system
must support IPv6 management. IPv4 tunnels must be established to
transparently transmit IPv4/IPv6 packets.
The IP core network must support dual-stack. NAT64 gateways and
DNS64 servers must be deployed.
Peripheral systems must be upgraded to support IPv6 management.
Gi/SGi interfaces must support dual-stack and route IPv6 packets to
the NAT64 gateway for translating IPv6 addresses into IPv4 addresses.
SAE GW
eNodeB
BTS/NodeB BSC/RNC
MME HSS/HLR PCRF
BRAS Embedded with CGN
and BRAS Traffic Forwarding
CR
AC
AP
AP
AAA Server
Aggregation
Switch
Portal Server
Access
Switch
WLAN Authentication Flow
WLAN IPv4 Flow
CAPWAP Tunnel
IPv6
WLAN IPv6 Flow
AP Bridged Mode
NAT44+IPoE
NAT44
Private IPv4
Public IPv4
Access authentication: Use portal
authentication as an example. The WLAN
terminal uses the IPoE access mode and the
IPv4 web+portal authentication mode.
The portal server must be upgraded to obtain
the public and private IPv4 and IPv6
addresses of users.
NAT: Divert the service traffic in the WLAN
private user domain to the CGN for NAT.
As the portal protocol is carried over IPv4, this solution supports only dual-stack terminal access, not IPv6-only terminal access.
Private
Network
Dual-
stack
Solution
AP Bridged Mode
Dual-stack+IPoE
Public IPv4 Public
Network
Dual-
stack
Solution
IPv6
Solution 1: Private Network Dual-stack Solution
Access authentication: The WLAN
terminal uses the IPoE access mode and
the IPv4 web+portal authentication mode.
The portal server must be upgraded to
obtain the IPv4 and IPv6 addresses of
users.
Solution 2: Public Network Dual-stack Solution
IPv6
Dual-stack
Terminal
IPv4
The BRAS allocates user addresses and
authenticates users.
The AC manages and controls APs in a
unified manner.
IPv6 Evolution Solution
IPv6 Evolution Overview
Broadband Access Solution 4: WLAN Access
Service System Reconstruction Solution
IP Core Network Solution
Broadband Access Solution 1: Dual-stack+NAT
Broadband Access Solution 2: DS-Lite
Broadband Access Solution 3: NAT64
Broadband Access Solution 5: Wireless Access
Government/Enterprise Leased Line Access Solution
Data Center Solution
CGN Reliability Solution
IPv6 Security Solution
E2E O&M Solution
IPv6 Evolution Professional Service Solution
Network
Design
Service
Migration Network
Optimization Consultation
Service
Integration
Test
Service
Verification
Protect network investments, and achieve smooth network evolution and hitless service migration
Project Management and Process Control Capabilities Throughout the Network Construction Period
Huawei Network Product Series Providing the E2E IPv6 Solution
Terms
IPv6 Evolution Network Reconstruction
Costs and Difficulties
Network IPv6 Progress
Mainstream Evolution Solution
Auxiliary Solution at Later
Stages of IPv6 Evolution
DS+N
AT
DS-
Lite
NAT
64
IPv6
Only
NAT
444
IPv4
Only
Dual-stack Solution 6PE/6vPE Solution
Independent U2000
IP LCT deployment
IPv4
GTP/PPP over IPv4
IPv4/IPv6
Dual-stack
IP Core
Aggregation
Network
Dual-stack