itm-1011 coexistence and transition: implementing ipv4 and ipv6
TRANSCRIPT
ITM-1011
Coexistence and Transition:Implementing IPv4 and IPv6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 2
Agenda
Why IPv6?Main drivers & benefits to evolve/migrate from IPv4 to IPv6
Industry statusIPv6 penetration and deployment today
Challenges/issues IPv4 to IPv6 migration
Industry best practices & lessons learned
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 3
Near vs. Long term perspective
Perspective:In the long term, all networks want the relative simplicity and limited cost of a single networking protocol
In the short term, the world isn’t going to switch simultaneously
Two definitions:“Migration”: Turning the new on and turning the old off
“Deployment”: Turning the new on
I tend to think that:In the near term, the question is how to deploy and use IPv6 in new network offerings and interoperate with existing IPv4 capabilities
In the long term, once a critical percentage of users have IPv6 enabled, continuing to run IPv4 becomes a business decision.
When we turn IPv4 off, we have migrated.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 4
Why IPv6?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 5
Why did the IETF design IPv6?
Running out of IPv4 addressesExcept it was 1992 and statistically we expected to run out in 1993-1994
Response to the issue:RFC 1550: IP: Next Generation (IPng) White Paper Solicitation
Four responses, resulting in IPv6 – RFCs 1883, 1884, 1885, 1886
Also, description of GSE and the NIMROD Routing Architecture
CIDR deployed by RIRs and incorporated into routing protocols – RFCs 1517, 1518, 1519, 1520, early 1990’s
Also OSPFv2, IS-IS, BGP, and RIPv2
RFC 1918 private addresses, and implementation of Network Address Translation
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 6
And the result was…
CIDRUbiquitous right away
Network Address TranslationQuickly became common, and allowed large private address spacesWe (marketing) decided later that this was a “security” solution. Not clear why, apart from sales of NATs.
IPv4 lived ~15 years longer than it would have with Classful Allocation
IPv6Initially developed, deployed in testbed and research networks, and implemented in Linux, BSD, and Apple products. Cisco beta code the most common IPv6 Router.Lack of Cisco production code, support in GSR engines 0-2 and products outside routing/switching, and Microsoft implementation delayed usefulness.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 7
Where Is the Broadband Internet Today?The Europe/America/East Asia/ANZ Fiber Corridor
Map copyright 2008 TeleGeographyToday
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 8
Power, and by Extension, Money, Throughout the World
NASA “Earth at Night,” August 2006
Today
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 9
IPv4 Address space throughout the world today
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 10
The issue of address depletion
The ISP problem:The Internet that is deployed will continue to run
But it will be harder for ISPs and edge networks to deploy new services and add new customers
The user problem:ISPs will be forced to provide current services using shared IPv4 address space and offer IPv6 for user-managed services
At some point, services that consumers want to get to will require them to use IPv6 as a result
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 11
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 12
Industry Status
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 13
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 14
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 15
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 16
ISP comments in IETF and RIRs
Over the past two years, we have seen a 180 degree change in ISP viewpoints in NANOG, RIPE, APNIC, and the IETF
Oct 26, 2007: The Day the Routers Died “I guess we‘ll have to look at IPv6”
August 2008: CTO of major ISP “we have to switch to IPv6 by 2012, but we‘re worried about content”
2009: CERNET, Comcast, and Free standardizing tools for IPv6 deployment
2009, 2010: Google IPv6 Implementor‘s Conferences
IETF meetings in 2010: “We are deploying, and these are our problems”
IETF-79 (November 2010, Beijing)Numerous ISPs making impassioned pleas for support in their transition plans
Example: China Telecom, “IPv6-only within two years” with IPv4 overlay
Example: Telstra, “Dual Stack, planning to use Carrier Grade NAT for IPv4”
Example: numerous DSL networks using 6rd like Free.fr is
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 17
Who is implementing/adopting IPv6?
Originally, the research networks and communitiesInternet II, Renater, CERNET2, TWAREN, AARNET, …
Commercial Networks in Japan: NTT, IIJ, KDDI, …
Large companies, major ISPs, and content providers Facebook, Google, …
Comcast, Free.fr, Verizon, AT&T, …
Governments
Starting to hear ofISPs losing customers over lack of IPv6 offerings in RFI/RFP responses, which suggests that auditors are driving enterprise customers to require IPv6 service even if they don’t buy it today.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 18
Prepare
Plan
Operate
Implement
Design
Optimize
ipv6.google.com
IPv6 enabled web sites (growing list at sixy.ch)
http://[2001:440:fff9:100:202:b3ff:fea4:a44e]
http://[2001:252:0:1::2008:6]
http://[2a01:48:1:0:2e0:81ff:fe05:4658]
http://[2001:838:1:1:210:dcff:fe20:7c7c]
http://[2001:218:2001:3005::8a]
http://[2a01:e0c:1:1599::1]
http://[2001:9b0:1:104:230:48ff:fe56:31ae]http://[2001:4f8:fff6::21]
http://[2001:470:0:64::2]
http://[2a01:a8:0:5::26]
http://[2a02:250::6]
Yosemite
http://[2001:470:d:2ed::1]
http://[2001:b48:12:1::2]
http://[2001:2040:2000::6]
Helsingborg Dagblad
Sandviken Kommun http://[2001:b48:10::3]
http://[2001:470:1:3a::13]
http://[2001:da8:200:200::4:28] http://[2405:5000:1:2::99]
http://[2607:f0d0:1000:11:1::2]
http://[2001:49f0:1000::3]
http://[2001:4830:20e0:1::5]
http://[2620:0:ef0:13::20]
http://[2620:0:1cfe:face:b00c::3]
http://[2607:f4e8:12:fffe:230:48ff:fe96:f99e]
http://[2406:0:6a:4::167]
http://[2001:558:1004:9:69:252:76:96]
http://[2402:6000:200:100::4]
http://[2607:f0d0:3001:62:1::53]
http://[2607:f238:2::51]
http://[2001:470:0:e6::4a52:2717]
http://[2001:470:1:1d::d8da:84ea]
http://[2001:44b8:8020:f501:250:56ff:feb3:6633]
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 1919
Mobile Telephones and Networks
Telephones:iPhone IOS 4.0, Android
IPv6 is on, can run IPv6-only, can’t turn IPv6 off from UI
Samsung, Nokia support IPv6
Windows Mobile has supported IPv6 on the WiFi interface since 2005
Motorola doesn’t yet
NetworksChina Mobile has convened two 3GPP workshops on IPv6-only networks
3GPP later versions target IPv6-only networks
Data derived from public statements
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 20
Challenges: IPv4->IPv6 Migration
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 21
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 22
What are the current issues?
UrgencyMost companies see IPv6 as “in the indefinite future”
Have missed the fact of IPv4 address exhaustion
Business CaseWhile company’s business partners do not require IPv6, they generally do not see the need
Unless – they offer services that depend on address availability.
EducationIPv6 ≠ IPv4, and absent business case many have not taken the time to figure out the differences
Vendor SupportIssues with Load managers, residential CPEs, legacy equipment
Application SupportApplication and Content Providers have the same business case issues
Innovator’s Dilemma
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 23
The view from IPv6 Operations WG, presented to a joint workshop IETF+3GPP
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 24
Recommended Approach to Deployment:RFC 4213 Dual-Stack Deployment
Solution:Hosts today are IPv4+IPv6:
Windows Vista, Macintosh, Linux, BSD
Make the network IPv4+IPv6.
When forced to deploy IPv6-only networks, they will be able to talk with other hosts.
But…We have run out of time for this to be smooth
IPv4+IPv6 Hosts
IPv4+IPv6Network
IPv6-onlyHosts or Network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 25
First goal: coexistence and transition
1. The point is to get people to turn IPv6 on in their networksWhile they leave IPv4 on, that is coexistence
When they turn IPv4 off, that is a transition
The question is not about IPv4. It is about IPv6.
2. Rule of solution suitabilityIf a solution make it desirable for IPv4 to remain on and IPv6 off for an extended period of time, IPv6 has not been turned on.
In this case, see rule 1.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 26
Second goal: deploy IPv6
Transition technologies fall into two major categories:
Those that facilitate IPv6 deployment in a way that when they are no longer necessary we have deployed IPv6
Those that change IPv6 “temporarily” in some way, making host changes that will survive the transition
The latter kinds of technologies do not deploy IPv6They deploy IPv6 with subtle changes that we live with for much longer than we intended
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 27
Third Goal: enable communication
This may seem silly, but it is pretty basic
Something that doesn’t enable applications to communicate fails to deliver
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 28
Fourth goal: reliability, maintainability, serviceability
Operators have to be able to turn it on, diagnose problems, and deliver predictable service to their customers
This is both enterprise and service provider
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 29
Two broad scenarios
IPv6 applications <-> IPv6
IPv4 applications <-> IPv4
Three possible approachesDual stack – ships in the night
X-Y-X by translation
X-Y-X by encapsulation/tunneling
IPv4 applications <-> IPv6 Two possible approaches:
Stateful translation
Similar to IPv4/IPv4 NAT
Stateless translation
IPv4 address in IPv6 prefix
SIIT-like translation
NAT-PT deprecated due to scaling issues
IPv6 IPv6IPv4
IPv6 IPv6IPv4
IPv6 IPv4IPv4+IPv6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 30
X-Y-X scenarios:Comparison to goals
X-Y-X by translation ✔ Gets IPv6 deployed
✔ Deploys IPv6 unchanged
? Enables communication?
? Reliability, Serviceability, Maintainability?
Issue: translation implies gateway applications for some applications,
Issues similar to IPv4/IPv4 NAT
X-Y-X by encapsulation ✔ Gets IPv6 deployed
✔ Deploys IPv6 unchanged
✔ Enables communication
✔ Reliability, Serviceability, Maintainability
Issue: standard tunneling/VPN problems in terms of message length
We have solutions for that
IPv6 IPv6IPv4 IPv6 IPv6IPv4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 31
Obvious encapsulation solutions
Service Provider Solutions
IPv6/IPv4 Tunnels6rd: See Mark Townsley’s workshop
Static Tunnels such as SIXXS deploys
IPv4/IPv6 Tunnels4rd or ds-lite
Prototyping solutions Several common
prototyping solutions:6to4, ISATAP, Teredo, …
My recommendation: don’t use them
They are a reasonable way to prototype in trials
Numerous issues Randomness of
routing through tunnels
Security issues
✔
✔
?Risky to make bread-and-butterdepend on brand new network…
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 32
Dynamic IPv6/IPv4 tunneling
L3 Edge(IPv4)
6rd Border Relays
IPv4 IPv6 + IPv4 Network
CEIPv6 packet
IPv6 packet
IPv6 packets
IPv6 service in the home is essentially identical to native IPv6 service
IPv6 Packets Follow IPv4 routing
6rd Border Relay traversed only when exiting or entering a 6rd Domain
6rd Border Relays are fully stateless, no limit on “number of subscribers” supported
Border Relays may be placed in multiple locations, addressed via anycast.
Access Node
SP IPv4 Network
6rd
6rd
6rd
IPv6 IPv6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 33
Translation scenarios
Objectives:Scalable => stateless if possible
Reliable, Maintainable, Serviceable => simple to understand and manage
Would like to be able to initiate sessions:From IPv4-only clients/peers to IPv6-only servers/peers
From IPv6-only clients/peers to IPv4-only servers/peers
Would like to be able to run in edge network and service provider network environments
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 34
Issues in existing translation
NAT-PT:Interaction between DNS and NAT components reduces scalability
SIIT:Use of a well-known prefix limits routability
IPv6 community really likes well-known prefix, but service providers implementing it use a routable prefix
Traditional IPv4/IPv4 style NAT (NAT64):Ephemeral state in Carrier-grade NAT
Initiates sessions IPv6->IPv4 but not IPv4->IPv6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 35
Solution: three components
DNSALG
IPv4 or IPv6Internet
IPv4 or IPv6 Network
DNS64:IPv4 host asks for A records, gets A recordsIPv6 host asks for AAAA records, may get translated A recordNo fiddling with NAT tables
TranslatorStateless mode based on CERNET/CERNET2 IVI
Modified SIIT algorithmUses Service Provider PrefixPermits session initiation IPv4
<-> IPv4-mapped-IPv6
Stateful mode (NAT64) similar to IPv4/IPv4 NAT
Permits session initiation IPv6-native -> IPv4 hostsDoes not permit session
initiation IPv4-> IPv6-native
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 36
Oh my goodness!
What about initiating sessions IPv4-> generic IPv6 address?
Sky falling: whatever shall we do?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 3737
For further reading…
http://tools.ietf.org/html/draft-arkko-ipv6-transition-guidelines
"Guidelines for Using IPv6 Transition Mechanisms",
Jari Arkko, Fred Baker, 27-Dec-2010
(soon to be an RFC)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 38
So what…
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 39
RFC 1958 Architectural Principles of the Internet. B. Carpenter, Ed.. June 1996.
http://www.ietf.org/rfc/rfc1958.txt
“The current exponential growth of the network seems to show that connectivity is its own reward, and is more valuable than any individual application such as mail or the world-wide web.”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 40
So what…?
Cisco viewpoint:John Chambers has set a policy for Cisco products to support IPv6 and be useful in IPv6 networks
We have some issues we’re sorting out, but this is a front-burner issue for us
Your take-away should be:Networks, both transit and edge, are changing
It’s time to get good education and a transition plan in place