Transition to IPv6: IVI in the University Campus
C. Bao, X. Li2010-11-03
2
Abstract• Due to the IPv4 address deletion problem, the
IPv4 and IPv6 will be coexistent at least for the next decade. In the past three years, we have been developing stateless and prefix-specific translation (IVI).
• In this session we will share our IPv6 transition experience and introduce the IVI deployment program for 100 Campus networks in China.
• In addition, we will discuss the IPv6 transition scheme for the developing countries and the possible collaboration with the Internet2 member universities.
3
IPv4 count down
4
The networks we are running
5
CERNET IPv6 transition experience
Translation IVI
Bi-direction Stateless Translation
IETF Behave WG
Dual-StackNFSCNET
IPv6 onlyCERNET2
• 100 universities• 1M subscribers
TunnelIPv6 over IPv4CERNET-6Bone
TunnelIPv4 over IPv6
IETF softwire WG
IPv4CERNET
• 1500 universities• 20M subscribers
1994 2001 2004 2005 20081998 2006 2007
666
CERNET (IPv4)
• CERNET is the first (1994) nation wide Internet backbone in China.
• CERNET ranks 30 in global CIDR report.
• Over 2,000 universities on CERNET with about 20M subscribers.
7
CIDR report
8
University ranking
9
CERNET-6Bone
• CERNET-6bone is the first (1998) IPv6 network in China.
• Ping traffic
10
Dual stack NSFCNET
• NSFCNET is the first (2000) IPv4/IPv6 high-speed academic network in China.
• It provides IPv4/IPv6 unicast and multicast services to the education and research community, but very, very few IPv6 traffic.
1111
CERNET2 (IPv6)
• Built in 2004, with national coverage
• CERNET2 is the largest IPv6 backbone in China.
• About 200 universities connected to CERNET2 with about 1M subscribers.
12
Be unique, be different• Protocol selection
– Pure IPv6• Equipment
– Multiple vendors• Complexity
– Multiple ASs• Transition
– IPv4 over IPv6 (IETF softwire)– IVI stateless translation (IETF behave)
• Architecture– Source address authentication (IETF SAVI)
13
Softwire IPv4 over IPv6
IPv6 TransitAFBRAFBR
AFBR AFBR
IPv4 accessisland
IPv4 accessisland
IPv4 accessisland
IPv4 accessisland
IPv6 access
IPv6 access
IPv4 static or eBGP peering
Encapsulation and Setup
Same behavior as a dual-stack backbone
softwire
IPv4 over IPv6
• Provide IPv4/IPv6 dual-stack service in PE, but run IPv6-only in P routers – IETF softwire WG
• Save operation cost.
141414
To encourage transition
• CERNET (IPv4) – Congested and charged.
• CERNET2 (IPv6)– Light loaded and free of charge.
• So, for using high quality and free network, port your application to IPv6.
1515
IPv6 applications
• Video• Sensor networks
• Beijing 2008 Olympic website
161616
IPv4 and IPv6 traffic
• IPv6’ traffic is about 10% of IPv4
201020092008
201020092008
IPv4
IPv6
17
Remarks• Upgrading network to dual stack does not
mean transition. The IPv6 traffic is still very small.– NSFCNET
• Promotion IPv6 can help, but does not help to fully solve the transition problem.– CERNET2
18
The killer application
• Video?• P2P?• Internet of Things?• The
intercommunication with the IPv4 Internet is the killer application of IPv6.
19
CERNET (IPv4) CERNET2 (IPv6)
Global IPv4
Global IPv4
Global IPv6
Global IPv6
19
We invented IVI
IVI
IPv4-accessible
servers/clients
Stateless and prefix specific.• 1:1 IVI without IPv4 address sharing• 1:N IVI with IPv4 address sharing
20
Transition technologies
• Dual stack– IPv4 address depletion problem– N2 problem
• Tunnel– Still need dual stack– IPv4 address depletion problem– Upgrade tunnel points
• Translation– Add a translator
21
Translation scenarios
Scenario 1 “an IPv6 network to the IPv4 Internet”Scenario 2 “the IPv4 Internet to an IPv6 network”
xlateThe IPv4Internet
An IPv6NetworkDNS
xlate An IPv6NetworkDNS
An IPv4Network
xlate
The IPv4Internet
An IPv4Network DNS
xlate
DNS
The IPv6Internet
The IPv6Internet
Scenario 3 “an IPv4 network to the IPv6 Internet”Scenario 4 “the IPv6 Internet to an IPv4 network”
Scenario 5 “an IPv6 network to an IPv4network”Scenario 6 “an IPv4 network to an IPv6 network”
Scenario 7 “the IPv6 Internet to the IPv4 Internet”Scenario 8 “the IPv4 Internet to the IPv6Internet”
IVI { < NAT64
IVI {
< NAT64
< NAT64
• Framework (info)• Scenarios• Operation modes• Building blocks
• Address format (std)• Address format• Prefix recommendation
• Translation (std)• Header translation• ICMP handling
• DNS (std)• A AAAA mapping• DNSSec handling
• Session database (std)• Mapping table handing
• Others (APL-ALGs, multicast, …)
Refer to
Refer to
Stateless translator
Stateful translator
Refer to
IETF behave WG document layout
23
IETF standards
24
Stateless translation (IVI)
A subset of IPv6 addresses
IPv6IPv4
Real IPv6 hostReal IPv4 host mirrored IPv6 host mirrored IPv4 host
IVI
A subset of IPv6 addresses
25
IVI address format
Mapping Rule: IPv4 addresses are embedded from bit 40 to bit 72 of the IPv6 addresses of a specific /32.
Example: ISP’s IPv6 /32 2001:250::/32borrowed IPv4 address (IVI4): 202.38.108.0/24mapped IVI IPv6 address (IVI6): 2001:250:ffca:266c::/64
26
IVI address mapping(1)
Bi-dir borrowing
IPG6
IPS6(i)
IVI4(i)
IVIG46(i) IVI6(i)
4 66 4
IPS4(i)
IPG4
It is the (end) users who are communicating with users/contents located in IPv4 (IPG4 && all other IVI4(j)) via IVIG46(i).
27
IVI address mapping(2)
IVIG46(i) IVI6(i) IVIG46(j) IVI6(j)
IPG4 IVI4(i)
Bi-dir borrowing
6 4
IVI4(j)
4 64 6 6 4
IPS6(i) IPS6(j)
IPG6
28
IVI routing Routing and mapping configuration example
ip route IVI4/k 192.168.1.1
ip route 0.0.0.0 0.0.0.0 192.168.1.2
ipv6 route 2001:DB8:FF00::/40 2001:DB8::1
IVIR1 R2192.168.1.1 2001:DB8::1
2001:DB8::2192.168.1.2 IPv4IPv4 IPv6IPv6
ipv6 route IVI6/(40+k) 2001:DB8::2
mroute IVI4-network IVI4-mask pseudo-address interface source-PF destination-PFmroute6 destination-PF destination-PF-pref-len
29
IVI reachability matrix
OKOKNONon-IVI
OKOKOKIVI
NOOKOKIPG4
Non-IVI
IVI v4
30
IVI incremental deployment (1)IPG4
IPG6
IVI gateway
AB
A’
C’
A’ B’B’ A’
A BB A
B’
31
IVI incremental deployment (2)
IVI gateway2
IPG4
IPG6
IVI gateway1
AB
B’A’
B’’A’’
C’
A’ B’
A B A B
A’’ B’’B’’ A’’
B AB A
B’ A’
32
IVI incremental deployment (3)
IVI gateway2
IPG4
IPG6
IVI gateway1
AB
B’A’
B’’A’’
C’
A’ B’’
B’’ A’
33
Header translation (IPv4 IPv6)
(discarded) Options (same as above) Destination Addr. Apply IVI stateless address mapping Source Address (discarded) Header Checksum Next Header Protocol Hop Limit Time to Live (same as above) Offset (same as above) Flags (discarded, cf. Subsection V-C) Identification Payload Length = Total Length -IHL * 4 Total Length (discarded) Type of Service (discarded) IHL Version (0x6) Version (0x4) Translated to IPv6 IPv4 Field
34
Header translation (IPv6 IPv4)
Header Checksum recalculated —
IHL = 5 —
(same as above) Destination Addr.
Apply IVI inverse address mapping Source Address
TTL Hop Limit
Protocol Next Header
Total Length = Payload Length + 20 Payload Length
(discarded) Flow Label
(discarded) Traffic Class
Version (4) Version (6)
Translated to IPv4 Header IPv6 Field
35
IVI DNS (DNS46 and DNS64)
IPv6IPv6
mapped IVI IPv6 address
IPv4IPv4
IVI
IVIDNS
• DNS46• Authoritative DNS server
– Example– www.ivi2.org AAAA 2001:250:ffca:266c:200::– www.ivi2.org A 202.38.108.2
• DNS64• Caching DNS server
– Example – www.mit.edu A 18.7.22.83 – www.mit.edu AAAA 2001:250:ff12:0716:5300::
36
DNS64
37
ALG issue
• IVI supports– web:ssh,telnet、DVTS,vlc,email
• ALG requirements– ftp– URL contains IPv4 literals
38
www.ivi2.org
39
Equipments
40
Deployment issues
• Network topology• Address plan• IVI address calculator• Host configuration• Trouble shooting
41
Network topology
CNGI-CERNETIPv6 主干网
IPv6校园网
校园网 IPv6 /48IVI子网 IPv6 /64
R
默认路由
IVI DNS=2001:250:aaa0:100:1::2
2001:da8:ff3a:c8e4:fe00::/64
2001:da8:ff3a:c8e4:100::/64
2001:da8:ff3a:c8e4:200::/64
2001:da8:ff3a:c8e4:300::/64
2001:da8:ff3a:c8e4:fd00::/64
S
H1
H2
H3
H253
CNGI-CERNETIPv6 主干网
IPv6校园网
校园网 IPv6 /48IVI子网 IPv6 /64
R
默认路由
IVI DNS=2001:250:aaa0:100:1::2
2001:da8:ff3a:c8e4:fe00::/64
2001:da8:ff3a:c8e4:100::/64
2001:da8:ff3a:c8e4:200::/64
2001:da8:ff3a:c8e4:300::/64
2001:da8:ff3a:c8e4:fd00::/64
SCNGI-CERNETIPv6 主干网
CNGI-CERNETIPv6 主干网
IPv6校园网IPv6校园网
校园网 IPv6 /48IVI子网 IPv6 /64
R
默认路由
IVI DNS=2001:250:aaa0:100:1::2
2001:da8:ff3a:c8e4:fe00::/64
2001:da8:ff3a:c8e4:100::/64
2001:da8:ff3a:c8e4:200::/64
2001:da8:ff3a:c8e4:300::/64
2001:da8:ff3a:c8e4:fd00::/64
S
H1
H2
H3
H253Default route
Campus IPv6 /48IVI IPv6 /64
Campusbackbone
42
Address plan
• IVI subnet– IVI4=58.200.228.0/24– IVI6=2001:da8:ff3a:c8e4::/64
• R interface address– 2001:da8:ff3a:c8e4:fe00::(58.200.228.254)
• IVI6 hosts – 2001:da8:ff3a:c8e4:100:: (58.200.228.1) – 2001:da8:ff3a:c8e4:200:: (58.200.228.2) – ……– 2001:da8:ff3a:c8e4:fd00:: (58.200.228.253)
43
Address translation calculator• From IPv4 to IPv6
– http://www.ivi2.org/cgi-bin/ivimap.pl?ipv4=0.0.0.0/0&lir=2001:da8• From IPv6 to IPv4
– http://www.ivi2.org/cgi-bin/ivi6map.pl?ipv4=2001:da8:ff00:0:0::&lir=2001:da8
Address translation calculator: http://www.ivi2.org
44
Host configuration• Static configuration
– IVI6 address/prefix length= 2001:da8:ffca:266e:100::/64– default gateway= 2001:da8:ffca:266e:fe00::– Nameserver= 2001:da8:aaae::201– Disable auto-configuration
• Auto-configuration– Cannot use SLAAC– Cannot use stateless DHCPv6
• Stateful DHCPv6– IVI6 address/prefix length: DHCPv6– default gateway: RA– nameserver: DHCPv6
45
Trouble shooting (1)
IPv4 IVI IPv6
b
a
1
IVI
Non-IVIIPv4
IPv4 address
IPv6 address
PREFIX=2001:da8:ff00::/403 2
46
Trouble shooting (2)
47
CNGI-CERNET2 100 campus
2: Campus network IPv6 upgrades (100)
3: Key technologies (6)
4: Applications (20)
1: Project Architecture
5: International/Dom
estic peering
48
Key technologies
• Source address validation and services• IPv4/IPv6 transition• Large-scale IPv6 multicast• Backbone management• Service platform• Campus management
49
Campus network connectivity
Global IPv4
Global IPv4
Global IPv6
Global IPv6
IPv4-only IPv4/IPv6Dual-stack IPv6-only
Campus network
CERNET2 (IPv6)CERNET (IPv4)
NAT64
50
Backbone IVI setup
主干
IVI 设备
CNGI - CERNET2
IPv6/32校园网
IPv6/48
IPv4
Internet
IPv6
Internet
主干
IVI IPv6
计算机
主干 IVI
DNS
CERNET
校园
IVI IPv6
计算机
校园
Non - IVI IPv6
计算机
校园
Non - IVI IPv6
计算机
CNGI - CERNET2
IPv6/32
CNGI - CERNET2
IPv6/32IPv6/48
IPv4
Internet
IPv4
Internet
IPv6
Internet
IPv6
Internet
IVI IPv6
DNS64DNS46
Campus CERNET
IVI IPv6
Non - IVI IPv6
Non - IVI IPv6IVIcore
100 universities
51
IVI address assignment
52
Tsinghua campus WLAN example
53
L3 switch configuration• Cisco7609
interface Vlan30no ip addressipv6 address 2001:DA8:FF3A:C881:100::/64ipv6 enableipv6 nd prefix default 2592000 604800 no‐autoconfigipv6 nd managed‐config‐flagipv6 nd other‐config‐flagipv6 nd ra suppressipv6 dhcp relay destination 2402:F000:1:901::9:8
no‐autoconfig A=0managed‐config‐flag M=1other‐config‐flag O=1
54
DHCPv6 server configuration
• ISC DHCP4.1.1‐P1:
subnet6 2001:da8:ff3a:c881::/64 {range6 2001:da8:ff3a:c881:200:: 2001:da8:ff3a:c881:200::;range6 2001:da8:ff3a:c881:300:: 2001:da8:ff3a:c881:300::;
... ...range6 2001:da8:ff3a:c881:fe00:: 2001:da8:ff3a:c881:fe00::;option dhcp6.name‐servers 2001:250:aaa0:100:1::2;option dhcp6.domain‐search "v6.tsinghua.edu.cn";
}
55
Windows 7 client
56
ping
57
Remarks
• Windows 7– Plug and play– Dibbler server does not work properly for Windows 7– The default gateway is from RA
• Windows XP– Does not have build in DHCPv6 client– Cannot resolve DNS via IPv6
58
• Windows XP does not have DHCPv6 – Download dibbler client
• Windows XP cannot resolve DNS via IPv6 transport – DHCP assign a RFC1918 addresses,via
IPv4 resolver to get AAAA– Use DNSMASQ to proxy the IPv4 and IPv6
DNS queries
Windows XP auto-configuration(1)
59
Windows XP auto-configuration(2)
IVI IPv6
IVI DNS
IPv4
Windows XP
server
202.112.35.200
Rrouter
192.168.1.1/242001:252:ffca:2669:fe00:100::/64
2001:252:ffca:2669:fe00::/64
192.168.1.7 2001:252:ffca:2669:700::/64
IVI IPv6
IVI DNS
IPv4
Windows XP
server
202.112.35.200
Rrouter
192.168.1.1/242001:252:ffca:2669:fe00:100::/64
2001:252:ffca:2669:fe00::/64
192.168.1.7 2001:252:ffca:2669:700::/64
60
Dibbler DHCPv6 configuration
61
The Windows XP configuration• Install IPv6 stack by run cmd and type ipv6 install• Set network configuration to DHCP• Download
– http://klub.com.pl/dhcpv6/dibbler/dibbler-0.7.2-win32.exe– Install dibbler-client only.
• Start All Program dibbler client Edit Config File– modify iface to match the local system.. for example
• Start All Program Dibbler Client Run in the console, every time in the IVI mode – Setup Client Install as service不工作。
62
Useful links• DHCP
– http://linux.softpedia.com/get/System/Networking/ISC-DHCP6320.shtml• DHCPv6 (Dibbler)
– http://klub.com.pl/dhcpv6/#DOWNLOAD• DNS proxy
– http://www.thekelleys.org.uk/dnsmasq/• Dibbler Windows client
– http://klub.com.pl/dhcpv6/dibbler/dibbler-0.7.2-win32.exe
63
New progress
• 1:N IVI– Share IPv4 address among IPv6-only hosts
• 1:N dIVI– Share IPv4 address among IPv6-only hosts– Do not require ALG– Do not require DNS64
• IVI66– Map SLAAC address to IVI addresses
64
i=2
i=1
2001:da8:ffca:266c:0500::4:0
2001:da8:ffca:266c:0500::4:1
2001:da8:ffca:266c:0500::4:2
2001:da8:ffca:266c:0500::4:3
202.38.108.5
84
85
86
87
8786
8584
i=0
i=3
IPv4 address
IPv6 address
port
port
1:N IVI
• If R=256• A /24 is equivalent to a /16
65
1:N dIVI
The IPv4Internet
1:NIVI Hgw1
An IPv6network
Hgw2
HgwK
Hgw0H0DS
H1DS
H2DS
HKDS
The IPv6Internet
66
IVI66
IVI nat66Any IPv6
addressesAny IPv6
addressesIPv4InternetIPv4
Internet
IVI addresses
IVI addresses
IPv6InternetIPv6
Internet
67
IVI and Internet2
68
Move forward
• Constrains – IPv4 addresses are running out (2011-2012)– Incremental deployment
• Major goals– Move contents to IPv6– Increase subscriber base
69
Possible solutions
• If the SP has enough IPv4 addresses– Deploy dual stack access network, wait for
some part of the Internet is IPv6-only• If the SP does not have enough IPv4
addresses– Deploy dual stack access network, install
CGN (NAT44), wait for some part of the Internet is IPv6-only
– Or construct a IPv6-only access network, install stateless IPv4/IPv6 translator (IVI)
70
The IVI solution
• Move contents to IPv6– Build IPv6-only access network– Use 1:1 IVI to make IPv6-only servers
accessible to the IPv4 Internet• Increase subscriber base
– Build IPv6-only access network– Use 1:N IVI or 1:N dIVI to provide IPv4/IPv6
services to customers
71
IVI illustration
IPv6Shared IPv4
The IPv4 Internet
The IPv6 Internet
IPv4/IPv6Core Network PE
PEPE
PE
PE
IPv4/IPv6
Access network
IPv6
Dual-stack core IPv6 accessXLATE
1:NIVI
1:1IVI
serversclients
72
Recommendations
• For developed countries – Move servers to IPv6-only and deploy IVI
translator– Build new IPv6-only segments of the campus
network and deploy IVI translator• For developing countries
– Build IPv6-only campus network and deploy IVI translator
73
IVI IPv4/IPv6 transition
Support IPv4 Support IPv6 (IVI)
SupportIPv6 (IVI)
Support IPv4
IPv4 area IPv6 area
Service
Netw
orkU
ser
V4 only Network V6 only Network
IVI
SupportIPv6 (non-IVI)
Support IPv6 (non-IVI)
Transition IPv4 IPv6