© 2011 Cisco and/or its affiliates. All rights reserved. 1
Cisco IOS Advantage Webinars NAT64 Technology: NAT64, IPv6 Branch Functionality Steve Simlo
Prashant Jhingran
© 2011 Cisco and/or its affiliates. All rights reserved. 2
• Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists
• Please complete the post-event survey
• For WebEx audio, select COMMUNICATE > Join Audio Broadcast
• Where can I get the presentation? Or send email to: [email protected]
• Join us for upcoming TechAdvantage Webinars: www.cisco.com/go/techadvantage
• For WebEx call back, click ALLOW phone button at the bottom of participants side panel
© 2011 Cisco and/or its affiliates. All rights reserved. 3
Panelists Speakers
Steve Simlo Product Manager
Prashant Jhingran Technical Marketing Engineer
Amit Dutta Product Manager
Wojciech Dec Technical Engineering
Leader [email protected]
Andrew Yourtchenko Technical Engineering
Leader [email protected]
© 2011 Cisco and/or its affiliates. All rights reserved. 4
§ IPv6 Market Drivers
§ Cisco IPv6 Strategy
§ IPv6 Transition Technologies
§ IPv6/IPv4 Translation Scenarios
§ Technologies Facilitating IPv6/IPv4 Translation
§ Stateful NAT64 implementation on Cisco Platforms
§ Summary
§ References
© 2011 Cisco and/or its affiliates. All rights reserved. 5
© 2011 Cisco and/or its affiliates. All rights reserved. 6
The world will run out of IPv4 addresses in the next few years.
By 2016 there will be 7.5 billion people...
...and 19 billion fixed and mobile-connected devices.
Mobile devices are growing faster than the mobile subscribers that use them.
© 2011 Cisco and/or its affiliates. All rights reserved. 7
© 2011 Cisco and/or its affiliates. All rights reserved. 8
National IPv6 Strategies
US DoD, China NGI, EU
IPv6
IPv4 Address Run-Out
Infrastructure Evolution End Point Explosion
Smart Grid – Smart Meters Smart Cities – Internet of Things
Cable – Set Top Boxes Mobile Telephony
IPv6 OS, Content & Applications
https://www.arin.net/knowledge/v4-v6.html
© 2011 Cisco and/or its affiliates. All rights reserved. 9
Modern Devices Support IPv6 • Prefer IPv6 connectivity (RFC 5221)
• Use SLAAC/DHCPv6 and have Link Local Addresses (RFC 4862)
• Can run IPv6 over an IPv4 network under certain circumstances
Tunneled over an IPv4 core, And/or on L2 segment
• Will try to use IPv6 if they receive a AAAA record from DNS
• Don’t always display IPv6 information (mobile devices)
• Use privacy addresses (RFC 4961)
• Modern browsers implement RFC 6555 (Happy Eyeballs)
• Use IPv6 link-local capabilities for plug and play protocols
© 2011 Cisco and/or its affiliates. All rights reserved. 10
CGN
IPv4
IPv6
DNS <AAAA, A>
True End to End
© 2011 Cisco and/or its affiliates. All rights reserved. 11
IPv6 Estimated Adoption Timeframes
Early Adopters
Globalization IPv6 Government
Mandate Deadlines
IPv4/IPv6 Co-existence
High Risk Low Risk Moderate Risk
2010 2012 2014
Transition Planning
• 2012: Mandates take effect – Globalization - WorldIPv6Launch - Massive Mobile deployment. Transition to IPv6 forces customers to acquire product or managed services to sustain business and customer reach
IPv6 Business Impact – The Cost of Waiting Goes Up
• 2010: Low Impact – Buying behavior shift limited to mandated and early adopters
• 2014: IPv6 is mainstream – customers without transition infrastructure experience reduced service levels, diminished customer reach
© 2011 Cisco and/or its affiliates. All rights reserved. 12
© 2011 Cisco and/or its affiliates. All rights reserved. 13
Preserve the customer’s existing investment • Audit and leverage existing IPv6 capabilities
Prepare a migration and deployment plan • Identify and enable critical IPv6 functional areas
Prosper through the transition to IPv6 Internet • Enable all systems with dual-stack capabilities • Grow seamlessly as customers transition to IPv6
Preserve
Prepare
Prosper
© 2011 Cisco and/or its affiliates. All rights reserved. 14
IPv6 User Access @ Cisco • Secured broad executive support • Progress requires multi-functional teams – not just a networking problem • Pursuing Outside-In and Inside-Out in parallel
• Coordinated equipment upgrades and software updates with fleet upgrade program
• Made sure common client configurations were tested • Made operational changes e.g. IPv6-specific security mechanisms and
monitoring solutions for IPv6 traffic • To date
• Provided IPv6 access in approximately one-third of global offices – tunnel access for interim connectivity
• IPv6-enabled 100% of the core network • Observed Happy Eyeballs (RFC 6555) in action • Observed IPv6 attacks • Monitor worldwide usage with 6lab.cisco.com/stats
© 2011 Cisco and/or its affiliates. All rights reserved. 15
© 2011 Cisco and/or its affiliates. All rights reserved. 16
© 2011 Cisco and/or its affiliates. All rights reserved. 17
Internet Peering DMZ Switching SLB IPv4 only Servers
IPv4
IPv6 6:4
Translation
Internet Peering DMZ Switching SLB IPv6 & IPv4 Servers
IPv4
IPv6
Tunneling
Internet Peering DMZ Switching SLB IPv6 & IPv4 Servers
IPv4
IPv6
Dual-S
tack
IPv4-Only Network
IPv4-Only Network
Dual Stack Network
Tunnel
© 2011 Cisco and/or its affiliates. All rights reserved. 18
IPv6 & IPv4 IPv6
IPv4
Internet
Dual-Stack Network IPv6/IPv4 Translation, BEHAVE working group
IPv6 over IPv4 & IPv4 over IPv6, Softwire Working Group
IPv6 Internet
Internet
IPv4
© 2011 Cisco and/or its affiliates. All rights reserved. 19
© 2011 Cisco and/or its affiliates. All rights reserved. 20
IPv4 Internet
stateful stateless
IPv6 Internet IPv4
Network
IPv6 Network
IPv4 Network
IPv6 Internet
IPv4 Internet IPv6
Network
IPv4 Network
IPv6 Network
IPv4 Network
IPv6 Network
1.
2.
3.
4.
5.
6.
Not viable because too few IPv4 addresses
With Static v6v4 mappings
With Static v6v4 mappings
Translation is not a long-term support strategy; it is a medium-term coexistence strategy that can be used to facilitate a long-term program of IPv6 transition by both Enterprises and ISPs.
© 2011 Cisco and/or its affiliates. All rights reserved. 22
© 2011 Cisco and/or its affiliates. All rights reserved. 23
Enterprise / Content Providers IPv4 / IPv6 Internet Enterprise / ISP Networks
Scenario 3 Scenario 1 Enterprise /ISP A Having “green-field” IPv6 only Network.
DNS64 Server
DNS Server
6:4
Scenario 2
Example-v4.com Application Servers in “legacy” IPv4 only network.
6:4
Example-v6.com Application Servers in “green-field” IPv6 only network.
Example.com Application Servers in “legacy” IPv4 only network.
Example-v4v6.com Application Servers in “dual-stack” IPv4/IPv6 network.
Enterprise/ISP B Having “legacy” IPv4 only Network.
4:6
IPv6 Internet
DNS(AAAA) Authoritative Server
IPv4 Internet
DNS (A) Authoritative Server
© 2011 Cisco and/or its affiliates. All rights reserved. 24
Stateless NAT64 Stateful NAT64 1:1 translation 1:N translation No conservation of IPv4 address
Conserves IPv4 address
Assures end-to-end address transparency and scalability
Uses address overloading, hence lacks in end-to-end address transparency
No state or bindings created on the translation
State or bindings are created on every unique translation
Requires IPv4-translatable IPv6 addresses assignment
No requirement on the nature of IPv6 address assignment
Requires either manual or DHCPv6 based address assignment for IPv6 hosts
Free to choose any mode of IPv6 address assignment viz. Manual, DHCPv6, SLAAC
© 2011 Cisco and/or its affiliates. All rights reserved. 25
Subscribers
IPv4 Content
Considerations: Experience, Scale, Cost, Operations, Technology…
Hosting/ CDN ISP V6-only
End User
4
4
6
6
IPv6 IPv4
ISP
© 2011 Cisco and/or its affiliates. All rights reserved. 26
• Synthesizes AAAA records when AAA not present
With IPv6 prefix of NAT64 translator
Internet
AAAA?
IPv6-only host
AAAA?
Empty answer
A?
192.0.2.1 2001:DB8:ABCD::192.0.2.1
(sent simultaneously)
DNS64
26
© 2011 Cisco and/or its affiliates. All rights reserved. 27
© 2011 Cisco and/or its affiliates. All rights reserved. 28
ASR1000 Benefits § NAT64 to provide IPv4 preservation via PAT § Bring up additional customers/sites with IPv6 § Concurrently run NAT64 with PE features without
performance degradation § Dual-stack solutions to run multiple services § QoS Policies aggregation for bandwidth
reservation and prioritization
§ IPv4 preservation. Support ICMP, UDP, TCP Apps.
§ IPv6 Network Adoption and Acceleration
§ Integrated Services, NAT64 at Provider Edge
§ Large selection of I/O and High Throughput
§ Concurrent support for IPv4 & IPv6 Services
§ Customer segmentation using VLANs with QoS to implement SLAs
Solution Characteristics
OLT
CMTS
Content Farms
VOD TV SIP GGSN HA PDN
GW
WiMAX
Ethernet
DSLAM
WiFi Mesh
Mobile
Residential
Business
Corporate
IPv6 Subscribers Access IP Edge Core
Core Network
MPLS /IP
Ethernet/MPLS/IP
Internet
Internet
Applications & Services
v4 v6
NAT64
© 2011 Cisco and/or its affiliates. All rights reserved. 29
ASR1000 Benefits Solution Characteristics
IPv4 Internet
ISR 2900/3900 Branch Offices/ Customers Public Internet Services
V6 Enabled CPEs
ASR1K Stateful NAT64 Translator
IPv4 Network Services
IPv6 Prefix IPv4 addr suffix
Any type of IPv6 Prefix is allowed
IPv4 addr IPv6 Address
V6 Network Branch/ Customer
Enterprise Edge/ SP Edge
§ IPv4 preservation. Support ICMP, UDP, TCP Apps.
§ IPv6 Network Adoption and Acceleration
§ Integrated Services, NAT64, IPsec, FW & CE
§ Large selection of I/O and High Throughput
§ Concurrent support for IPv4 & IPv6 Services
§ Customer segmentation using VLANs with QoS to implement SLAs
§ NAT64 to provide IPv4 preservation via PAT § Bring up additional customers/sites with IPv6 § Concurrently run NAT64 with CE, IPsec, and Firewall
features without performance degradation § Dual-stack solutions to run multiple services § QoS Policies aggregation for bandwidth
reservation and prioritization
© 2011 Cisco and/or its affiliates. All rights reserved. 30
ASR1000 Benefits
§ Deployment flexibility from 2.5G to100G, low initial investment required
§ Hardware processed - High performance/ High scalability
§ No need for dedicated hardware § Works for both PTA and LNS deployment models § Rich ALG support
§ Directly and effectively addresses IPv4 address exhaustion for residential service providers
§ Highly deployable based on known technology
§ Least impact on existing infrastructure, including backend systems, maximizes return on investment
Solution Characteristics
Internet
ISP A
Firewall
Ethernet
ASR1000
LNS
BRAS/LAC
ASR1000
NAT per PPP session
NAT per PPP session
© 2011 Cisco and/or its affiliates. All rights reserved. 31
• Cisco ASR1000
3rd Party Partner
• Netflow v9
Netflow Collector
• Security event correlation and reduction for multi-gigabit traffic
Introducing NetFlow v9 capabilities on ASR1000 Extends 10+ years of NetFlow innovation Enables compliance auditing
• Support Logging of: § Source and Destination IP/Ports § Translated Source and Destinations IP/Ports § VRF-ID
© 2011 Cisco and/or its affiliates. All rights reserved. 32
© 2011 Cisco and/or its affiliates. All rights reserved. 33
Application Domain
• Linux Based • Multi-Purpose Compute Resource • Used for CDS Application with On-board Modular Flash Storage • Used for Translation Setup and Logging of CGN Applications
IOS-XR Router Domain
• IOS-XR • Control Plane • Data Forwarding • L3, L2 (management) • IRB (4.1.1) • Hardware Management
Decoupling Application and IOS-
XR Plane delivers Highly Scalable and Flexible
Services
© 2011 Cisco and/or its affiliates. All rights reserved. 34
© 2011 Cisco and/or its affiliates. All rights reserved. 35
§ NAT64 facilitates a gradual migration to IPv6 by allowing “green-field” IPv6 networks to connect with the existing “legacy” IPv4 internet/networks.
§ Stateful NAT64 facilitates seamless internet experience to users accessing the existing IPv4 internet services via a “green-field” IPv6-only network.
§ SPs/Enterprises/Content providers or enablers can provide the IPv4 services seamlessly to IPv6 internet users by using stateful NAT64 technology, with minimal or no changes in the existing network infrastructure and thus maintaining IPv4 business continuity.
§ Translation is not a long-term support strategy; it is a medium-term coexistence strategy that can be used to facilitate a long-term program of IPv6 transition by both Enterprises and SPs.
© 2011 Cisco and/or its affiliates. All rights reserved. 36
Cisco ISR G2
Cisco ASR 1000 Series
Cisco Carrier Routing System (CRS-1 / 3)
Cisco ASR 9000 Series Integrated Service Module
Stateless NAT64
Cisco IOS 15.4(1) (Nov 2013)
Cisco IOS® XE 3.2S
Cisco IOS XR 3.9.3
N/A
Stateful NAT64
Cisco IOS 15.4(2) (March 2014)
Cisco IOS XE 3.4S
Cisco IOS XR 4.1.2
Cisco IOS XR 4.3.0
© 2011 Cisco and/or its affiliates. All rights reserved. 37
§ For more information about IPv6, visit http://www.cisco.com/go/ipv6
§ For more information about Cisco service provider solutions, visit http://www.cisco.com/go/sp
§ For more information about Cisco enterprise solutions, visit http://www.cisco.com/go/enterprise
§ Whitepaper - NAT64 Technology: Connecting IPv6 and IPv4 Networks http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/white_paper_c11-676278.html
§ Whitepaper - NAT64 Stateless versus Stateful http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/white_paper_c11-676277.html
§ For additional white papers on IPv6, visit http://www.cisco.com/en/US/products/ps6553/prod_white_papers_list.html
§ http://blogs.cisco.com/news/world-ipv6-day-working-together-towards-a-new-internet-protocol/
© 2011 Cisco and/or its affiliates. All rights reserved. 38
§ ASR 1000 - Internet Gateway Router Design
http://www.cisco.com/en/US/prod/collateral/routers/ps9343/solution_overview_c22-450068_ps9343_Product_Solution_Overview.html
§ Cisco ASR 1000 Series Embedded Services Processors Data Sheet
http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-450070.html
§ ASR 9000 Series Integrated Service Module http://www.cisco.com/en/US/prod/collateral/routers/ps9853/data_sheet_c78-663164.pdf
§ CRS-1/3 Carrier-Grade Services Engine http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/brochure_c02-560497_ns1017_Networking_Solutions_Brochure.html
© 2011 Cisco and/or its affiliates. All rights reserved. 39
• Thank you! • Please complete the post-event survey • Join us for upcoming webinars: Register: www.cisco.com/go/techadvantage
Follow us @GetYourBuildOn