itm-1011 coexistence and transition: implementing ipv4 and ipv6

ITM-1011

Coexistence and Transition:Implementing IPv4 and IPv6

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 2

Agenda

Why IPv6?Main drivers & benefits to evolve/migrate from IPv4 to IPv6

Industry statusIPv6 penetration and deployment today

Challenges/issues IPv4 to IPv6 migration

Industry best practices & lessons learned


Near vs. Long term perspective

Perspective:In the long term, all networks want the relative simplicity and limited cost of a single networking protocol

In the short term, the world isn’t going to switch simultaneously

Two definitions:“Migration”: Turning the new on and turning the old off

“Deployment”: Turning the new on

I tend to think that:In the near term, the question is how to deploy and use IPv6 in new network offerings and interoperate with existing IPv4 capabilities

In the long term, once a critical percentage of users have IPv6 enabled, continuing to run IPv4 becomes a business decision.

When we turn IPv4 off, we have migrated.


Why IPv6?


Why did the IETF design IPv6?

Running out of IPv4 addressesExcept it was 1992 and statistically we expected to run out in 1993-1994

Response to the issue:RFC 1550: IP: Next Generation (IPng) White Paper Solicitation

Four responses, resulting in IPv6 – RFCs 1883, 1884, 1885, 1886

Also, description of GSE and the NIMROD Routing Architecture

CIDR deployed by RIRs and incorporated into routing protocols – RFCs 1517, 1518, 1519, 1520, early 1990’s

Also OSPFv2, IS-IS, BGP, and RIPv2

RFC 1918 private addresses, and implementation of Network Address Translation


And the result was…

CIDRUbiquitous right away

Network Address TranslationQuickly became common, and allowed large private address spacesWe (marketing) decided later that this was a “security” solution. Not clear why, apart from sales of NATs.

IPv4 lived ~15 years longer than it would have with Classful Allocation

IPv6Initially developed, deployed in testbed and research networks, and implemented in Linux, BSD, and Apple products. Cisco beta code the most common IPv6 Router.Lack of Cisco production code, support in GSR engines 0-2 and products outside routing/switching, and Microsoft implementation delayed usefulness.


Where Is the Broadband Internet Today?The Europe/America/East Asia/ANZ Fiber Corridor

Map copyright 2008 TeleGeographyToday


Power, and by Extension, Money, Throughout the World

NASA “Earth at Night,” August 2006

Today


IPv4 Address space throughout the world today


The issue of address depletion

The ISP problem:The Internet that is deployed will continue to run

But it will be harder for ISPs and edge networks to deploy new services and add new customers

The user problem:ISPs will be forced to provide current services using shared IPv4 address space and offer IPv6 for user-managed services

At some point, services that consumers want to get to will require them to use IPv6 as a result


Industry Status


ISP comments in IETF and RIRs

Over the past two years, we have seen a 180 degree change in ISP viewpoints in NANOG, RIPE, APNIC, and the IETF

Oct 26, 2007: The Day the Routers Died “I guess we‘ll have to look at IPv6”

August 2008: CTO of major ISP “we have to switch to IPv6 by 2012, but we‘re worried about content”

2009: CERNET, Comcast, and Free standardizing tools for IPv6 deployment

2009, 2010: Google IPv6 Implementor‘s Conferences

IETF meetings in 2010: “We are deploying, and these are our problems”

IETF-79 (November 2010, Beijing)Numerous ISPs making impassioned pleas for support in their transition plans

Example: China Telecom, “IPv6-only within two years” with IPv4 overlay

Example: Telstra, “Dual Stack, planning to use Carrier Grade NAT for IPv4”

Example: numerous DSL networks using 6rd like Free.fr is


Who is implementing/adopting IPv6?

Originally, the research networks and communitiesInternet II, Renater, CERNET2, TWAREN, AARNET, …

Commercial Networks in Japan: NTT, IIJ, KDDI, …

Large companies, major ISPs, and content providers Facebook, Google, …

Comcast, Free.fr, Verizon, AT&T, …

Governments

Starting to hear ofISPs losing customers over lack of IPv6 offerings in RFI/RFP responses, which suggests that auditors are driving enterprise customers to require IPv6 service even if they don’t buy it today.


Prepare

Plan

Operate

Implement

Design

Optimize

ipv6.google.com

IPv6 enabled web sites (growing list at sixy.ch)

http://[2001:440:fff9:100:202:b3ff:fea4:a44e]

http://[2001:252:0:1::2008:6]

http://[2a01:48:1:0:2e0:81ff:fe05:4658]

http://[2001:838:1:1:210:dcff:fe20:7c7c]

http://[2001:218:2001:3005::8a]

http://[2a01:e0c:1:1599::1]

http://[2001:9b0:1:104:230:48ff:fe56:31ae]http://[2001:4f8:fff6::21]

http://[2001:470:0:64::2]

http://[2a01:a8:0:5::26]

http://[2a02:250::6]

Yosemite

http://[2001:470:d:2ed::1]

http://[2001:b48:12:1::2]

http://[2001:2040:2000::6]

Helsingborg Dagblad

Sandviken Kommun http://[2001:b48:10::3]

http://[2001:470:1:3a::13]

http://[2001:da8:200:200::4:28] http://[2405:5000:1:2::99]

http://[2607:f0d0:1000:11:1::2]

http://[2001:49f0:1000::3]

http://[2001:4830:20e0:1::5]

http://[2620:0:ef0:13::20]

http://[2620:0:1cfe:face:b00c::3]

http://[2607:f4e8:12:fffe:230:48ff:fe96:f99e]

http://[2406:0:6a:4::167]

http://[2001:558:1004:9:69:252:76:96]

http://[2402:6000:200:100::4]

http://[2607:f0d0:3001:62:1::53]

http://[2607:f238:2::51]

http://[2001:470:0:e6::4a52:2717]

http://[2001:470:1:1d::d8da:84ea]

http://[2001:44b8:8020:f501:250:56ff:feb3:6633]


Mobile Telephones and Networks

Telephones:iPhone IOS 4.0, Android

IPv6 is on, can run IPv6-only, can’t turn IPv6 off from UI

Samsung, Nokia support IPv6

Windows Mobile has supported IPv6 on the WiFi interface since 2005

Motorola doesn’t yet

NetworksChina Mobile has convened two 3GPP workshops on IPv6-only networks

3GPP later versions target IPv6-only networks

Data derived from public statements


Challenges: IPv4->IPv6 Migration


What are the current issues?

UrgencyMost companies see IPv6 as “in the indefinite future”

Have missed the fact of IPv4 address exhaustion

Business CaseWhile company’s business partners do not require IPv6, they generally do not see the need

Unless – they offer services that depend on address availability.

EducationIPv6 ≠ IPv4, and absent business case many have not taken the time to figure out the differences

Vendor SupportIssues with Load managers, residential CPEs, legacy equipment

Application SupportApplication and Content Providers have the same business case issues

Innovator’s Dilemma


The view from IPv6 Operations WG, presented to a joint workshop IETF+3GPP


Recommended Approach to Deployment:RFC 4213 Dual-Stack Deployment

Solution:Hosts today are IPv4+IPv6:

Windows Vista, Macintosh, Linux, BSD

Make the network IPv4+IPv6.

When forced to deploy IPv6-only networks, they will be able to talk with other hosts.

But…We have run out of time for this to be smooth

IPv4+IPv6 Hosts

IPv4+IPv6Network

IPv6-onlyHosts or Network


First goal: coexistence and transition

1. The point is to get people to turn IPv6 on in their networksWhile they leave IPv4 on, that is coexistence

When they turn IPv4 off, that is a transition

The question is not about IPv4. It is about IPv6.

2. Rule of solution suitabilityIf a solution make it desirable for IPv4 to remain on and IPv6 off for an extended period of time, IPv6 has not been turned on.

In this case, see rule 1.


Second goal: deploy IPv6

Transition technologies fall into two major categories:

Those that facilitate IPv6 deployment in a way that when they are no longer necessary we have deployed IPv6

Those that change IPv6 “temporarily” in some way, making host changes that will survive the transition

The latter kinds of technologies do not deploy IPv6They deploy IPv6 with subtle changes that we live with for much longer than we intended


Third Goal: enable communication

This may seem silly, but it is pretty basic

Something that doesn’t enable applications to communicate fails to deliver


Fourth goal: reliability, maintainability, serviceability

Operators have to be able to turn it on, diagnose problems, and deliver predictable service to their customers

This is both enterprise and service provider


Two broad scenarios

IPv6 applications <-> IPv6

IPv4 applications <-> IPv4

Three possible approachesDual stack – ships in the night

X-Y-X by translation

X-Y-X by encapsulation/tunneling

IPv4 applications <-> IPv6 Two possible approaches:

Stateful translation

Similar to IPv4/IPv4 NAT

Stateless translation

IPv4 address in IPv6 prefix

SIIT-like translation

NAT-PT deprecated due to scaling issues

IPv6 IPv6IPv4

IPv6 IPv6IPv4

IPv6 IPv4IPv4+IPv6


X-Y-X scenarios:Comparison to goals

X-Y-X by translation ✔ Gets IPv6 deployed

✔ Deploys IPv6 unchanged

? Enables communication?

? Reliability, Serviceability, Maintainability?

Issue: translation implies gateway applications for some applications,

Issues similar to IPv4/IPv4 NAT

X-Y-X by encapsulation ✔ Gets IPv6 deployed

✔ Deploys IPv6 unchanged

✔ Enables communication

✔ Reliability, Serviceability, Maintainability

Issue: standard tunneling/VPN problems in terms of message length

We have solutions for that

IPv6 IPv6IPv4 IPv6 IPv6IPv4


Obvious encapsulation solutions

Service Provider Solutions

IPv6/IPv4 Tunnels6rd: See Mark Townsley’s workshop

Static Tunnels such as SIXXS deploys

IPv4/IPv6 Tunnels4rd or ds-lite

Prototyping solutions Several common

prototyping solutions:6to4, ISATAP, Teredo, …

My recommendation: don’t use them

They are a reasonable way to prototype in trials

Numerous issues Randomness of

routing through tunnels

Security issues

✔

✔

?Risky to make bread-and-butterdepend on brand new network…


Dynamic IPv6/IPv4 tunneling

L3 Edge(IPv4)

6rd Border Relays

IPv4 IPv6 + IPv4 Network

CEIPv6 packet

IPv6 packet

IPv6 packets

IPv6 service in the home is essentially identical to native IPv6 service

IPv6 Packets Follow IPv4 routing

6rd Border Relay traversed only when exiting or entering a 6rd Domain

6rd Border Relays are fully stateless, no limit on “number of subscribers” supported

Border Relays may be placed in multiple locations, addressed via anycast.

Access Node

SP IPv4 Network

6rd

6rd

6rd

IPv6 IPv6


Translation scenarios

Objectives:Scalable => stateless if possible

Reliable, Maintainable, Serviceable => simple to understand and manage

Would like to be able to initiate sessions:From IPv4-only clients/peers to IPv6-only servers/peers

From IPv6-only clients/peers to IPv4-only servers/peers

Would like to be able to run in edge network and service provider network environments


Issues in existing translation

NAT-PT:Interaction between DNS and NAT components reduces scalability

SIIT:Use of a well-known prefix limits routability

IPv6 community really likes well-known prefix, but service providers implementing it use a routable prefix

Traditional IPv4/IPv4 style NAT (NAT64):Ephemeral state in Carrier-grade NAT

Initiates sessions IPv6->IPv4 but not IPv4->IPv6


Solution: three components

DNSALG

IPv4 or IPv6Internet

IPv4 or IPv6 Network

DNS64:IPv4 host asks for A records, gets A recordsIPv6 host asks for AAAA records, may get translated A recordNo fiddling with NAT tables

TranslatorStateless mode based on CERNET/CERNET2 IVI

Modified SIIT algorithmUses Service Provider PrefixPermits session initiation IPv4

<-> IPv4-mapped-IPv6

Stateful mode (NAT64) similar to IPv4/IPv4 NAT

Permits session initiation IPv6-native -> IPv4 hostsDoes not permit session

initiation IPv4-> IPv6-native


Oh my goodness!

What about initiating sessions IPv4-> generic IPv6 address?

Sky falling: whatever shall we do?


For further reading…

http://tools.ietf.org/html/draft-arkko-ipv6-transition-guidelines

"Guidelines for Using IPv6 Transition Mechanisms",

Jari Arkko, Fred Baker, 27-Dec-2010

(soon to be an RFC)


So what…


RFC 1958 Architectural Principles of the Internet. B. Carpenter, Ed.. June 1996.

http://www.ietf.org/rfc/rfc1958.txt

“The current exponential growth of the network seems to show that connectivity is its own reward, and is more valuable than any individual application such as mail or the world-wide web.”


So what…?

Cisco viewpoint:John Chambers has set a policy for Cisco products to support IPv6 and be useful in IPv6 networks

We have some issues we’re sorting out, but this is a front-burner issue for us

Your take-away should be:Networks, both transit and edge, are changing

It’s time to get good education and a transition plan in place

itm-1011 coexistence and transition: implementing ipv4 and ipv6

Documents

cisco andor

cisco public presentation

ipv6 slide

cisco beta code

ipv6 rfcs

lack of cisco production

ipv4 addresses

challengesissues ipv4