journey to ipv6: a real-world deployment for...
TRANSCRIPT
Journey to IPv6: A Real-World deployment
for Mobiles ITU/APNIC/MOIC IPv6
Workshop 19th – 21st June 2017
Thimphu
Telstra Unrestricted Last updated 1st March 2017
Acknowledgements p We would like to acknowledge Jeff
Schmidt @ Telstra for permitting us to use his original APRICOT 2017 tutorial slides
n https://2017.apricot.net/program/schedule/#/day/9/journey-to-ipv6---a-real-world-deployment-for-mobiles
2
Agenda p Why IPv6? p Business and Technical considerations p Network Architectures p Addressing and Subnetting p Deployment Model p Our Experience p Q&A
3
Why IPv6?
Why IPv6? p Traffic growth and device per person p Network readiness for new technologies:
n Internet-of-Things n VoLTE/IMS n ViLTE n Management and Backhaul
p IPv4 public/private address depletion p Reduction in network inefficiencies
5
IPv6 Global Traffic
6 Source - https://www.google.com/intl/en/ipv6/statistics.html
Business and Technical Considerations
Business and Technical Considerations
8
Depleting public and private IPv4 address range
Business and Technical Considerations p Non-interworking private IPv4 address ranges
duplicated between domains, that now require interworking
9
10.0.0.0 10.0.0.0
10.0.0.0 10.0.0.0
Business and Technical Considerations
10
Continual investment to extend IPv4 resources vs IPv6 to future proof our network
NAT
IoT
$
$ or
Business and Technical Considerations p As IPv4 addresses deplete, it will be more
expensive to extend IPv4 resources
p Dual-Stack is an effective transition technology but does not solve the IPv4 depletion problem
p Introducing IPv6: n Reduced dependency on NAT n Remove the need for regionalisation n Pushes applications to move to IPv6
11
Network Architectures
IPv6 Implementation Centralised CGN
p CGN performs NAT/PAT 44 and NAT/PAT 64 n PAT substantially reduces Public and Private IPv4
address demand, but does not prevent IPv4 address depletion. 13
Internet
IPCore/Edge
Internet
CGNAT BR
Region1
Region2
NAT/PAT44PrivateIPv4toPublicIPv4
CGNAT BR
NAT/PAT64PublicIPv6toPublicIPv4
Backhaul
EPG
Backhaul
EPG
IPv6 Implementation Traffic Flow
14
IPv4PublicInternet
CarrierNetwork(IPv4+IPv6)
IPv6PublicInternetIBR
NAT64PublicIPv6toPublicIPv4
NativeIPv6
RadioNetwork(IPv4transport)
EPG
Single–BearerIPv6onlyuserplane
IPv6
Running multiple APNs p Create multiple real APNs that supports
IPv4, IPv6, and IPv4v6 individually
15
InternetRadio Network Carrier Network
IPv4
eNodeB
GGSN/EPG
IPv6 APN
IPv4v6 APN
IPv4 APN
IPv4v6
IPv6
IBRNAT44 / NAT64
DNS64
DNS-DS
Running a Single APN p Create a single real APN that supports
both DS and SS
16
InternetRadio Network Carrier Network
IPv4
eNodeB
GGSN/EPG
IPv4v6 APN
IPv4v6
IPv6
IBRNAT44 / NAT64
DNS-DS
DNS64
IPv6 Implementation Security
17
IPv4PublicInternet
CarrierNetwork(IPv4+IPv6)
IPv6PublicInternetCGNAT BR
NAT44/64TranslationStatefulfirewall
UntrusttoTrustBlockalltrafficoriginatingfrominternet
TrusttoUntrustAllowalltraffic
RadioNetwork(IPv4transport)
EPG
FirewallApplication
IPv6
IPv6NativeStatefulfirewall
UntrusttoTrustBlockalltrafficoriginatingfromInternet
TrusttoUntrustAllowalltrafficoriginatingfromIPv6handsetrangesonlyAllowDNStrafficBlockallinfrastructurerangesBlockallVoLTEranges
APNACL
AdvertiseonlyhandsetrangestoCarrierNetworkBlocktrafficwithIPrangesnotconfiguredontheEPG
Infrastructure Cloud IPv6
18
L3FabricEVPN
InternetProviderCoreNetworkMPLS
PE
DCGateway
ToR
vCGN
BR
vEPC
How much traffic will use IPv6?
19
464XLAT Architecture for Mobiles
20
CarrierCore
UserEquipment/MobilePhone
IPv6
IPv4 CLATFunction
PLAT(NAT64)
IPv6Internet
IPv4Internet
CLAT>IPv4hostaddressforXLATE(clat4)
[192.0.0.4/32]IPv6hostaddressforXLATE[2001:db8:aaaa::464/128PLAT-SideXLATEIPv6Prefix
[2001:db8:bbbb::/96]
PLAT>IPv4pool
[192.0.2.1–192.0.2.100]PLAT-SideXLATEIPv6Prefix
[2001:db8:bbbb::/96]
IPv4SRC192.0.0.4IPv4DST
198.51.100.1
IPv6SRC2001:db8:aaaa::464
IPv6DST2001:db8:bbbb::198.51.100.1
IPv4SRC192.0.2.1IPv4DST
198.51.100.1StatelessNAT64
[RFC6145]
StatefulNAT64
[RFC6146]
198.51.100.1
2001:db8:ca7e::d007
Addressing and Subnetting
Addressing and Subnetting p 3GPP currently dictates each UE to receive a /64 p Future releases may require a /60 with DHCP-PD
for single APN tethering p 4x /44 per APN per EPG = 4M prefixes p You will probably also need a similar range for
VoLTE APNs p KEY: make sure it is a structured subnetting
schema so it is consistent nationally and across the entire organisation.
22
Addressing and Subnetting p Infrastructure Addressing:
n /64 per VLAN – Keep it simple! n Private or Public – but remember to use a
firewall and policies to avoid advertising the infrastructure out to the internet!
n NAT is not a security feature!
23
Deployment Model
Carrier Examples SP1 SP2 / SP3 SP4 Dual-Stack SS+NAT64+DNS64+CLAT SS/DS+NAT64+DNS-HD+CLAT
p Every carrier will have a unique set of circumstances that dictates which transition method they will use. There is no standard way of doing this.
p You must determine which is the best method for your network.
p In any method, remember to ensure you have a long-term strategy for the eventual deployment of native Single Stack IPv6!
25
Different APNs for different purposes
26
Two existing APNs – one for Handsets, one for Mobile Broadband and Tethering
or 464XLAT + NAT64 + DNS64 for the Handset APN only IPv6 enabled DNS for all other APNs
Telstra.WAP
Telstra.Internet
NAT64/ DNS64
464XLAT Internet
DNS-DS/ NAT44 Internet
Packet Core Configuration p HSS Configuration
n PDP Context id = IPv4v6
p MME Configuration n DAF = set
p EPG Configuration n PDPTYPE = IPv4v6
p EPG will then also have the following as a minimum within each APN: n IPv6 Handset Range n IPv4 Handset Range n 2x IPv4 DNS Name Servers, 2x IPv6 DNS Name Servers
27
UE Requirements and Settings p Android 4.3+ supports 464XLAT. We
recommend using anything that is 4.4.4+ or 5.1+
p Depending on your setup, either PDP selection is based on the UE or the Network.
p International Roaming over IPv6 works today! But we recommend the APN Roaming Protocol to be set to IPv4 only for the next two years.
28
Launch Considerations p Informed Front of House and provided training,
as well as Enterprise support and sales personnel p Updated internal Knowledge Base p Briefed Operations and provided training p Created moderated forum with official details on
the network change p Provided direct email contact to Telstra
Engineering p Contacted the technical community via mailing
lists and public forums before launch
29
Our Experience
Our Experience p iPad Dual-Stack Carrier Settings
n Significant IPv6 takeup on iPads since carrier update was made available with Dual-Stack.
n Update made via iOS patch. Users are not immediately aware IPv6 is available on their iPads. Transparent migration.
n IPv6 take up occurs when iPads are patched to the latest version
n Single Stack will come later this year
31
Our Experience
32
0
5,000
10,000
15,000
20,000
25,000
30,000
35,000
40,000
45,000
50,000
55,000
60,000
65,000
01/07/16
01/08/16
01/09/16
01/10/16
01/11/16
01/12/16
01/01/17
NSW QLD SA VIC WA Total
telstra.wap - IPv6 Usage
BYO device and existing services p APN – IPv4v6, HLR/HSS – IPv4v6 p Legacy devices configured with IPv4 only are not
impacted p New devices configured with IPv4v6 obtains both
addresses and is currently growing significantly p Existing devices configured with IPv6 only obtains
IPv6 only
p CGNAT p NAT64 ALGs: ftp, sip, pptp, rtsp, h323
33
IPv4 vs IPv6 p Some applications fail with IPv6 – even with
464XLAT. Routing issues? p VPNs are a real problem – but is it a carrier
problem or an application / server problem? p HTTP / HTTPS works very well p SSH is not a major problem p IPv6 is faster in some cases – smaller BGP table,
no NAT etc. p Major apps work very well – especially from the
major content providers
34
Customer Support p Engage the community early so they know what’s
coming. They will appreciate you are still developing and they will want to be part of the journey!
p We receive support email through our contact points and reply as soon as possible. Don’t keep your customers waiting
p Skip the red tape – let customers engage engineering directly
p Keep management happy! Report SIO and bandwidth usage!
35
Q&A
CONTACT
Contact p Jeff Schmidt
n Technology Team Manager Telstra Wireless Network Engineering
p Sunny Yeung n Senior Technology Specialist
Telstra Wireless Network Engineering n [email protected]
38