ipv4/ipv6 transition technologies

© 2010 Cisco and/or its affiliates. All rights reserved. 1

Tibor Nagy – Cisco Systems

[email protected]

IPv4/IPv6 Transition Technologies

mailto:[email protected]




• It is really about Business Continuity (for SPs)

Not about IPv6 ‘cool’ factor

Not about SP Network, per say

• It is really about customers’ Internet access* and experience

Internet is mostly IPv4 reachable

Customers still use IPv4 only devices

Source – Univ. Of Penn. IPv6 Monitor

Only ~4-8% of Top 1000 websites are

IPv6 reachable

Top-10

websites

Top-100

websites

Top-1000

websites

* There are reasons other than Internet Acess, but not focused here

http://mnlab-ipv6.seas.upenn.edu/monitor/index.html

http://mnlab-ipv6.seas.upenn.edu/monitor/index.html


• There is more to Internet Access than just IPv4/v6 packet forwarding: 1. DNS (Domain Name System)

2. ALG (Application Layer Gateway)

3. Lawful Intercept (Logging/Capturing/Storing)

4. DPI (Deep Packet Inspection)

5. Stateful NAT44 or 46 performance, resiliency

6. CPE Cost

• The top 3 can make or break the Internet Access/experience

• The bottom 4 can impact SP’s CAPEX & OPEX


• SP assigns IP address(es) its customers via one of the following:

1. Single-Stack IPv4 (Private)

2. Single-Stack IPv6 (Public)

3. Dual-Stack IPv4 (Private) + IPv6 (Public)

• Solution may involve Tunneling

Tunneling could be 4o6 or 6o4 or none

• Solution would involve Address Translation

Translation could be stateless or stateful CGN

Translation could be 44 or 64 or 46

Translation could happen on CPE and/or Network


• Stateful NAT44 happens in the Network (Internet Gateway, say)

With or without an additional NAT44 in Home

• TCP/UDP Ports are typically shared among customers

Per-customer port limit on CGN device

Boundary

Router

IPv4 Network

Public IPv4

IPv4 backend

Modem (L2)

Gateway (L3) Residential Edge

Public IPv4

Private IPv4

IPv6

Router (L3) CGN44


Advantages:

• Available and deployed now (TTM)

• No IPv6 dependency

• No CPE dependency

Disadvantages:

• Massive Port Sharing -> Major issue

• LI infrastructure changes -> CAPEX/OPEX+

• ALG enforcement

• Routing enforcement


• A customer device supporting IPv6 could use native IPv6 forwarding

Assuming the destination is available on IPv6 Internet

• Otherwise, the customer device uses IPv4 forwarding

Same consideration as that of just CGN applies, assuming private IPv4 addressing

Boundary

Router

IPv4 + IPv6

Network

Public IPv4

IPv4/v6-Backend

Modem (L2)


Public IPv4

Private IPv4

IPv6

Router (L3)

CGN44

Public IPv6


Advantages:

• Simplest and Available now (TTM)

• No need for DNS64 support

• No need for ALG64 in network

• No changes to Routing design

• IPv6 can be enabled incrementally

• IPv4 can be removed selectively

Disadvantages:




• IPv6 traffic tunneled over IPv4 network

No DHCPv6, no IPv6 ND on CPE -> Customer IPv6 delegated prefix derived from CPE’s IPv4 address and 6rd Prefix

• IPv4 traffic forwarded natively

Same consideration as that of just CGN applies, assuming private IPv4 addressing

• Simple, stateless, automatic IPv6-in-IPv4 encapsulation and decapsulation

Boundary

Router

IPv4 Network

Public IPv4

IPv4-only backend


Public IPv4

Private IPv4

IPv6

Router (L3)

CGN44

Public IPv6

6RD BR

6RD

2011:100 ?.?.?.? Interface ID Subnet-ID

0 28 56 64

6rd IPv6 Prefix (variable length) Customer IPv6 Prefix

Customer’s IPv4 prefix (32 bits)

6RD


Advantages:

• Doesn’t require SP to enable IPv6 in network




• IPv6 can be offered incrementally

• IPv4 may be removed selectively

Disadvantages:



• Requires tunneling -> Fragmentation on Access


• IPv4 traffic tunneled over IPv6 network

V4 and AFTR do v4ov6 tunneling

NAT44 done by AFTR; NAT entries also include IPv6 address

NAT44 on CPE must be disabled

• IPv6 traffic forwarded natively

Boundary

Router

IPv6 Network

Public IPv4

IPv4/v6-backend

Modem (L2)


Public IPv4

Private IPv4

IPv6

Router (L3)

Public IPv6

AFTR

B4

B4


Advantages:




• IPv4 may be removed selectively

Disadvantages:

• IPv6 end-to-end



• Requires tunneling -> Fragmentation on Access

• Requires ALG44 in network

• Breaks DPI

• Breaks VoIP prioritization on (DOCSIS) access

• NAT44 on CPE is enabled


• Stateless = No dynamic state created/induced by traffic + configuration per user/IP

• Stateless does NOT mean NO configuration

• Example of Stateless/Stateful

• Stateless allows better scaling, performance & flexibility in network design and equipment.

Stateless Stateful

IP Router & IP Forwarding Firewall, NAPT44, SBC

MAP Border Relay DS-Lite AFTR


• http://tools.ietf.org/html/draft-ietf-softwire-stateless-4v6-motivation

• Allow IPv6 only SP operations

• Minimize need/impact of NAT44 OSS, logging

• Scale in terms of IP forwarding capacity, rather than dynamic per subscriber state

• Support asymmetric routing to/from the IPv4 Internet + route optimization

• Maximize the ease of deployment and redundancy of nodes

• Support a redundant multi vendor environment

• Allow direct user-user traffic flows (eg allows for direct CPE-CPE)

• Retain today’s user experience (NAT on CPE) and supports today’s operational model.


MAP Draft-ietf-softwire-map

MAP

Defines Port indexing and IPv4<->IPv6 address

mapping algorithm.

Allows Translated (-T) or Encapsulated (-E)

transport modes

Integrates both in CPE and Border Relay.

MAP-Translation

- Stateless NAT64 based transport using MAP

algorithm

- Compatible with core stateful or stateless

NAT64 core MAP DHCPv6

draft-mdt-softwire-map-dhcp-

option-00

MAP DHCP

Defines DHCPv6 Option for configuring MAP CE.

MAP-Encapsulation

- Stateless IPv4 in IPv6 Encapsulation based

transport using MAP algorithm

- Backwards compatible with DS-Lite AFTR core

http://tools.ietf.org/html/draft-mdt-softwire-mapping-address-and-port-02

http://tools.ietf.org/html/draft-mdt-softwire-mapping-address-and-port-02

http://tools.ietf.org/html/draft-mdt-softwire-map-dhcp-option-00















Uses NAT64 and IPv6-only transport – regular IPv6 data plane. Allows IPv4-IPv6 communication

Stateless NAT64 Core MAP Border Relay (can also be stateful)

1. CPE uses combination of IPv6 prefix + DHCPv6 MAP Option to derive CPE’s IPv4 address + port set id

2. CPE derives its TCP/UDP port range by decoding the port-set id using MAP algorithm

End user IPv6 hosts use the same IPv6 prefix. MAP-T has no impact on IPv6 hosts/traffic.

NAT

CMTS/BNG (IPv6)

IPv6 IPv6 + IPv4 IPv4-Public

Stateless MAP Relay

IPv4Private Subscriber 1

MAP CE

CPE

IPv4-Private Subscriber 2

NAT

IPv6-only server


IPinIP based transport - (same dataplane as DS-Lite)

Stateless IPinIP core MAP Border Relay (can also be stateful, eg AFTR)

1. CPE uses combination of IPv6 prefix + DHCPv6 MAP Option to derive CPE’s IPv4 address + port set id

2. CPE derives its TCP/UDP port range by decoding the port-set id using MAP algorithm

End user IPv6 hosts use the same IPv6 prefix. MAP-E has no impact on IPv6 hosts/traffic.

CPE

MAP CE

NAT

Gateway (IPv6)

Stateless MAP Relay

IPv6

IPv6 + IPv4 IPv4-Private Customer

IPv4-Public

NAT IPv4-Private

Customer


MAP CE

NAT

MAP BR IPv6

IPv4-Private Customer + IPv6

IPv4-Public MAP Address= 2001:beef:(1.1.1.1.

f)

2001:beef:<1.1.1.1.f> 2001:beef::a

TCP IPv6 IPv4

Router/CMTS/GGSN/BNG/etc Gw address=

2001:beef::a

1.1.1.1 8.8.8.8 5000 80

192.168.0.1 8.8.8.8 1444 80

IPv4 TCP NAT44 Source IP

Address + Port

1.1.1.1 8.8.8.8 5000 80

IPv4 TCP

Stateless Encap

5000 80

IPv4 TCP

1.1.1.1 8.8.8.8

Stateless Decap

MAP Index f = Port

range 5000-5999


MAP CE

NAT

MAP BR IPv6


IPv4-Public MAP Address = 2001:beef:(1.1.1.1.

f)

2001:beef::a 2001:beef:<1.1.1.1.f>

TCP IPv6 IPv4


2001:beef::a

8.8.8.8 1.1.1.1 80 5000

80 5000

IPv4 TCP

8.8.8.8 1.1.1.1

8.8.8.8 192.168.0.1 80 1444

IPv4 TCP

8.8.8.8 1.1.1.1 80 5000

IPv4 TCP

IPv4 to IPv6 mapping +

ce-index + stateless

encapsulation

Port range 5000-

5999=Index f


MAP CE

Route

DS-Lite AFTR

BR

IPv6


IPv4-Public MAP Address= 2001:beef:(IID)

2001:beef:<1.1.1.1.f> 2001:beef::a

TCP IPv6 IPv4


2001:beef::a

192.168.0.1 8.8.8.8 1444 80

192.168.0.1 8.8.8.8 1444 80

IPv4 TCP IPinIP Tunneling

5000 80

IPv4 TCP

1.1.1.1 8.8.8.8

Stateful NAT44

NAT44 is turned off

via DHCPv6 MAP

DMR Option

MAP-E Mode: Compatible with AFTR

MAP-T Mode: Compatible with NAT64


• Example of info at the CPE used to derive IPv4 address:

IPv6 Delegated Prefix (e.g., /Y)

MAP IPv4 Address Port

MAP Interface ID Subnet-ID

64 (fixed) “EA Bits”

Y - X = a

01010101 111000

/Y

2001:0DB8:00 /X

Mapping Domain Prefix

Size = X bits (provisioned)

0 /X

> 0 XXXX

6+c

6 (fixed)

0 6 16

10-c

130.67.1 /Z

IPv4 Prefix

Z bits (provisioned)

0 /Z

+ 01010101 111000

IPv4 Suffix

32 – Z = b a - b = c

Port Set ID 32

+

Via DHCPv6 PD

Z, a and b are derived from

DHCPv6 MAP Option.


http://map46.cisco.com/

http://map46.cisco.com/


Advantages:

• No IP-in-IP Tunneling

No DOCSIS forwarding performance degradation

• No need for CGN44 & per-session NAT logging in network

• No need for Lawful Intercept infrastructure changes


• No need for ALG44 or 46 in network

• No changes to BGP Routing design

• Better deep packet inspection (DPI) support

• Customer is always traceable (thanks to A+P) tuple

• Better Geo-location and Geo-proximity

• Future Flexibility to disable NAT64 on network

• CPE logic deemed less expensive (than DS-lite)

Disadvantages:

• Under IETF standardization

• CPE support will come after standardization

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

Technical Superiority Includes:

– IPv4 address Saving

– Scale & Performance

– Complexity & Cost

– LI, DPI, QoS

– Multicasting

1 CGNAT44/4

DS 2

6RD 4

Technical Superiority

Ease

of

Dep

loym

en

t /

Op

era

tio

ns

High

High Low

4 2

1 DS-Lite 3

3 Ease of Operations Includes:

– Network changes

– CMTS software changes

– CM or CPE changes

– Backend system changes

4RD 5

5

4464 (MAP-T) 6

6

7 IVI (NAT64)

7

8 IPv6 native

8

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

• MAP Fulfills the requirements for a stateless transition technology

Scales according to traffic and number of rules only, not number of users or number of users per rule

High Performance

Flexibility of deployment (incl combination with stateful technologies)

Open standard

• MAP Standard is based on the combination of both MAP-T and MAP-E

MAP-T : allows for use native IPv6 traffic classification & handling features on IPv6-only devices. Compatible with stateful NAT64 core

MAP-E : Based on IPinIP – allows IPv4 transport over IPv6. Backwards compatible with DS-Lite AFTR core

• Open source MAP CPE available

• Cisco MAP Border Relay shipping in Q4 2012.

Thank you.

ipv4/ipv6 transition technologies

Documents