Journey to IPv6:A Real-World deployment for

Mobiles

ITU/APNIC/PacNOG21 IPv6 Workshop4th – 8th December 2017

Nuku’alofa

TelstraUnrestrictedLast updated 1st March 2017

Acknowledgementsp We would like to acknowledge Jeff Schmidt @ Telstra for

permitting us to use his original APRICOT 2017 tutorial slides

n https://2017.apricot.net/program/schedule/#/day/9/journey-to-ipv6---a-real-world-deployment-for-mobiles

2

Agendap Why IPv6?p Business and Technical considerationsp Network Architecturesp Addressing and Subnettingp Deployment Modelp Our Experiencep Q&A

3

Why IPv6?

Why IPv6?p Traffic growth and device per personp Network readiness for new technologies:

n Internet-of-Thingsn VoLTE/IMSn ViLTEn Management and Backhaul

p IPv4 public/private address depletionp Reduction in network inefficiencies

5

IPv6 Global Traffic

6Source - https://www.google.com/intl/en/ipv6/statistics.html

Business andTechnical Considerations

Business and Technical Considerations

8

Depleting public and private IPv4 address range

Business and Technical Considerationsp Non-interworkingprivateIPv4addressrangesduplicatedbetweendomains,thatnowrequireinterworking

9

10.0.0.0 10.0.0.0

10.0.0.0 10.0.0.0

Business and Technical Considerations

10

ContinualinvestmenttoextendIPv4resourcesvsIPv6tofutureproofournetwork

NAT

IoT

$

$or

Business and Technical Considerationsp As IPv4 addresses deplete, it will be more expensive to

extend IPv4 resources

p Dual-Stack is an effective transition technology but does not solve the IPv4 depletion problem

p Introducing IPv6:n Reduced dependency on NATn Remove the need for regionalisationn Pushes applications to move to IPv6

11

Network Architectures

IPv6 ImplementationCentralised CGN

p CGN performs NAT/PAT 44 and NAT/PAT 64n PAT substantially reduces Public and Private IPv4 address demand, but does

not prevent IPv4 address depletion.13

Internet

IPCore/Edge

Internet

CGNAT BR

Region1

Region2

NAT/PAT44PrivateIPv4toPublicIPv4

CGNAT BR

NAT/PAT64PublicIPv6toPublicIPv4

Backhaul

EPG

Backhaul

EPG

IPv6 ImplementationTraffic Flow

14

IPv4PublicInternet

CarrierNetwork(IPv4+IPv6)

IPv6PublicInternetIBR

NAT64PublicIPv6toPublicIPv4

NativeIPv6

RadioNetwork(IPv4transport)

EPG

Single–BearerIPv6onlyuserplane

IPv6

Running multiple APNsp Create multiple real APNs that supports IPv4, IPv6, and

IPv4v6 individually

15

InternetRadio Network Carrier Network

IPv4

eNodeB

GGSN/EPG

IPv6 APN

IPv4v6 APN

IPv4 APN

IPv4v6

IPv6

IBRNAT44 / NAT64

DNS64

DNS-DS

Running a Single APNp Create a single real APN that supports both DS and SS

16

InternetRadio Network Carrier Network

IPv4

eNodeB

GGSN/EPG

IPv4v6 APN

IPv4v6

IPv6

IBRNAT44 / NAT64

DNS-DS

DNS64

IPv6 ImplementationSecurity

17

IPv4PublicInternet

CarrierNetwork(IPv4+IPv6)

IPv6PublicInternetCGNAT BR

NAT44/64TranslationStatefulfirewall

UntrusttoTrustBlockalltrafficoriginatingfrominternet

TrusttoUntrustAllowalltraffic

RadioNetwork(IPv4transport)

EPG

FirewallApplication

IPv6

IPv6NativeStatefulfirewall

UntrusttoTrustBlockalltrafficoriginatingfromInternet

TrusttoUntrustAllowalltrafficoriginatingfromIPv6handsetrangesonlyAllowDNStrafficBlockallinfrastructurerangesBlockallVoLTEranges

APNACL

AdvertiseonlyhandsetrangestoCarrierNetworkBlocktrafficwithIPrangesnotconfiguredontheEPG

Infrastructure Cloud IPv6

18

L3FabricEVPN

InternetProviderCoreNetworkMPLS

PE

DCGateway

ToR

vCGN

BR

vEPC

How much traffic will use IPv6?

19

464XLAT Architecture for Mobiles

20

CarrierCore

UserEquipment/MobilePhone

IPv6

IPv4 CLATFunction

PLAT(NAT64)

IPv6Internet

IPv4Internet

CLAT>IPv4hostaddressforXLATE(clat4)

[192.0.0.4/32]IPv6hostaddressforXLATE[2001:db8:aaaa::464/128PLAT-SideXLATEIPv6Prefix

[2001:db8:bbbb::/96]

PLAT>IPv4pool

[192.0.2.1–192.0.2.100]PLAT-SideXLATEIPv6Prefix

[2001:db8:bbbb::/96]

IPv4SRC192.0.0.4IPv4DST

198.51.100.1

IPv6SRC2001:db8:aaaa::464

IPv6DST2001:db8:bbbb::198.51.100.1

IPv4SRC192.0.2.1IPv4DST

198.51.100.1StatelessNAT64

[RFC6145]

StatefulNAT64

[RFC6146]

198.51.100.1

2001:db8:ca7e::d007

Addressing and Subnetting

Addressing and Subnettingp 3GPP currently dictates each UE to receive a /64p Future releases may require a /60 with DHCP-PD for single APN

tetheringp 4x /44 per APN per EPG = 4M prefixesp You will probably also need a similar range for VoLTE APNsp KEY: make sure it is a structured subnetting schema so it is

consistent nationally and across the entire organisation.

22

Addressing and Subnettingp Infrastructure Addressing:

n /64 per VLAN – Keep it simple!n Private or Public – but remember to use a firewall and policies to

avoid advertising the infrastructure out to the internet!n NAT is not a security feature!

23

Deployment Model

Carrier ExamplesSP1 SP2 / SP3 SP4

Dual-Stack SS+NAT64+DNS64+CLAT SS/DS+NAT64+DNS-HD+CLAT

p Every carrier will have a unique set of circumstances that dictates which transition method they will use. There is no standard way of doing this.

p You must determine which is the best method for your network.

p In any method, remember to ensure you have a long-term strategy for the eventual deployment of native Single Stack IPv6!

25

Different APNs for different purposes

26

Two existing APNs – one for Handsets, one for Mobile Broadband and Tethering

or

464XLAT + NAT64 + DNS64 for the Handset APN only

IPv6 enabled DNS for all other APNs

Telstra.WAP

Telstra.Internet

NAT64/DNS64

464XLAT Internet

DNS-DS/ NAT44 Internet

Packet Core Configurationp HSS Configuration

n PDP Context id = IPv4v6p MME Configuration

n DAF = setp EPG Configuration

n PDPTYPE = IPv4v6

p EPG will then also have the following as a minimum within each APN:n IPv6 Handset Rangen IPv4 Handset Rangen 2x IPv4 DNS Name Servers, 2x IPv6 DNS Name Servers

27

UE Requirements and Settingsp Android 4.3+ supports 464XLAT. We recommend using

anything that is 4.4.4+ or 5.1+p Depending on your setup, either PDP selection is based

on the UE or the Network. p International Roaming over IPv6 works today! But we

recommend the APN Roaming Protocol to be set to IPv4 only for the next two years.

28

Launch Considerationsp Informed Front of House and provided training, as well as

Enterprise support and sales personnelp Updated internal Knowledge Basep Briefed Operations and provided trainingp Created moderated forum with official details on the network

changep Provided direct email contact to Telstra Engineeringp Contacted the technical community via mailing lists and public

forums before launch

29

Our Experience

Our Experiencep iPad Dual-Stack Carrier Settings

n Significant IPv6 takeup on iPads since carrier update was made available with Dual-Stack.

n Update made via iOS patch. Users are not immediately aware IPv6 is available on their iPads. Transparent migration.

n IPv6 take up occurs when iPads are patched to the latest version

n Single Stack will come later this year

31

Our Experience

32

05,000

10,00015,00020,00025,00030,00035,00040,00045,00050,00055,00060,00065,000

01/07/16

01/08/16

01/09/16

01/10/16

01/11/16

01/12/16

01/01/17

NSW QLD SA

telstra.wap - IPv6 Usage

BYO device and existing servicesp APN – IPv4v6, HLR/HSS – IPv4v6p Legacy devices configured with IPv4 only are not impactedp New devices configured with IPv4v6 obtains both addresses and is

currently growing significantlyp Existing devices configured with IPv6 only obtains IPv6 only

p CGNATp NAT64 ALGs: ftp, sip, pptp, rtsp, h323

33

IPv4 vs IPv6p Some applications fail with IPv6 – even with 464XLAT. Routing

issues?p VPNs are a real problem – but is it a carrier problem or an

application / server problem?p HTTP / HTTPS works very wellp SSH is not a major problemp IPv6 is faster in some cases – smaller BGP table, no NAT etc.p Major apps work very well – especially from the major content

providers

34

Customer Supportp Engage the community early so they know what’s coming. They

will appreciate you are still developing and they will want to be part of the journey!

p We receive support email through our contact points and reply as soon as possible. Don’t keep your customers waiting

p Skip the red tape – let customers engage engineering directlyp Keep management happy! Report SIO and bandwidth usage!

35

Q&A

CONTACT

Contactp Jeff Schmidt

n Technology Team ManagerTelstra Wireless Network Engineering

n sunny.yeung@team.telstra.com

p Sunny Yeungn Senior Technology Specialist

Telstra Wireless Network Engineeringn sunny.yeung@team.telstra.com

38