2005 Cisco Systems, Inc. All rights reserved. Session Number. Presentation_ID.
Cisco Confidential. Cisco IPv4 – IPv6 Transition Architecture. (CGNv6).
Cisco IPv4 – IPv6 Transition Architecture (CGNv6)
Istvan Kakonyi, VSA
[email protected]
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Agenda • Introduction Why do we need IPv6? The Promise of IPv6
• The Cisco 346 Transition Framework NAT444 6rd – Border Relay + NAT444 DS-Lite + NAT 444
• CGv6 Implementation CGSE IPv6TS Software
• Summary
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Agenda • Introduction Why do we need IPv6? The Promise of IPv6
• The Cisco 346 Transition Framework NAT444 6rd – Border Relay + NAT444 DS-Lite + NAT 444
• CGv6 Implementation CGSE IPv6TS Software
• Summary
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
The Growing Internet Internet growth – in terms the number of connected devices - is accelerating at an exponential rate IP Video / Collaboration
§India added 15 million new subscribers in August – more than the population of Greece1 §China Mobile has surpassed 500 million subscribers – more than the population of North America2
Mobility / Device Proliferation
Embedded Internet Session Number Presentation_ID
§The ‘Embedded Internet’ will consist of over 15 billion devices by 20153
1 – Indian Regulator TRAI 2 – China Mobile 3 – Intel Embedded Internet Projections
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
The Growing Internet Challenge The gap between supply and demand for IP addresses – the key Internet resource – is widening IPv4 Address Blocks Remaning1 25
< 700 Days Remaining
Internet-Enabled Devices2 15B
5B
0 Today
Sep 2011
The pool of IPv4 address blocks is dwindling rapidly
Today
2015+
While the number of new Internet devices is exploding
1 – Geoff Huston, APNIC, www.potaroo.net, tracking /8 address-blocks managed by the Internet Assigned Numbers Authority 2 – Cisco Visual Networking Index / Intel Embedded Internet Projections
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
Why Begin at Core / Edge? Key requirements for scale, performance and impact are maximized in the core and edge Cost / Devices / Difficulty
∑
§Cost and operational impact are reduced Home
§Platforms are inherently reliable, scalable §Coverage, flexibility, and ROI are maximized Access Data Center Edge Core Coverage / Speed
Translations x 1000 Home Scale Session Number Presentation_ID
x 100,000
x 10 Million
Enterprise Scale
© 2005 Cisco Systems, Inc. All rights reserved.
x 1 Billion Carrier Scale Cisco Confidential
6
Agenda • Introduction Why do we need IPv6? The Promise of IPv6
• The Cisco 346 Transition Framework NAT444 6rd – Border Relay + NAT444 DS-Lite + NAT 444
• CGv6 Implementation CGSE IPv6TS Software
• Summary
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
“346”: A 3 Tier Transition Framework for Moving from IPv4 to IPv6 IPv6
Services & Applications running over IPv6
IPv4/IPv6 Coexistence Infrastructure
IPv6 Internet
IPv4
Session Number Presentation_ID
Preserve IPv4
Today
IPv4 Run-Out
2009
2011 © 2005 Cisco Systems, Inc. All rights reserved.
2020+ Cisco Confidential
8
346 Technology Buckets Cloud Data Center
Services over IPv6
IPv4/IPv6 Coexistence Infrastructure
Telepresence Sensor Smart Grid
Mobility P2P
Dual-Stack/ IPv6 Routing/Ops
Tunnels & Encaps
6TS plays here
Connected Home
IPv4/IPv6 Translators (Stateful/Stateless)
IPv6 Internet Preserve IPv4
Session Number Presentation_ID
Network Address and Port Translators
IPv4 Address Trading Market
Today
IPv4 Run-Out
2009
2011 © 2005 Cisco Systems, Inc. All rights reserved.
2020+ Cisco Confidential
9
Where to Start? • In the backbone where a reasonable dual-stack capability exists Many have turned on dual-stack or some variant of dualstack edge + tunnels (e.g. 6PE, 6VPE) Establish v4/v6 coexistence infrastructure
• From backbone it becomes possible to “launch” IPv6 connectivity and/or IPv6 transition “initiatives” into the adjacent customer address realms • It is much more difficult to build the IPv6-capable access infrastructure (home networks, RGs, AAA systems, BNGs, provisioning, etc) Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
IPv6 “Backbone-First” Solutions – 2010-2011 Wireline
Peering/ Enterprise Edge
Consumer Home
Dual-Stack PE
BRAS CMTS OLT
Enterprise v6
VRF VRF
DS-Lite
CGN NAT44
6rd
DS-Lite
Enterprise v4 & v6
SP Core
CGN
6rd
Mobility / Wireless
Dual-stack/ Softwires Mesh
Data Center
CGN NAT64
IPv4 Internet
Dual-Stack AFBR
IPv6 Service/Content Provider
v6 Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
IPv6 “Backbone-First” Solutions – 2010-2011 Wireline
Peering/ Enterprise Edge Consumer Internet
Consumer Home
Dual-Stack Enterprise v6 PE IPv6 VPN
BRAS CMTS OLT
VRF Enterprise & Govt
IPv6 in the DS-Lite Home
VRF
CGN NAT44
6rd
DS-Lite
Enterprise v4 & v6
SP Core
CGN
6rd
Mobility / Wireless 4G/LTE IPv6 Mobile
Dual-stack/ Softwires Mesh
Data Center
CGN NAT64
IPv4 Internet
Dual-Stack AFBR
IPv6 IPv6 Peering Service/Content Provider IPv6 Data Center
v6 Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
One Strategy for Dealing with the IPv4 Address Run-Out Problem Customers
SP Network
Public Internet
IPv4 IPv4
Public IPv4 Internet
IPv4public Core
IPv4 Post IPv4 Address Completion
IPv4 IPv4
Carrier Grade NAT
CGN Public IPv4 Internet
(NOT)-IPv4public Core
IPv4
= public IPv4 = NOT public IPv4
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
What is a Carrier Grade NAT? • “..A NAT or NAPT device used by many subscribers, where 'many' would be on the order of dozens to hundreds of thousands of subscribers. This might NAT between any combination of IPv4 and IPv6..”* • O(20M) translations (sessions) • O(Thousands) private IP addresses (depending on sessions per user. A “user” could be a home napt box) • O(10Gb/sec) Performance – Full Duplex • Scenarios Double NAT444 Dual-Stack Lite (softwire 4over6 tunnel for access) 6rd Border Relay (softwire 6over4 tunnel for access) Stateful/Stateless IPv4/IPv6 Translator (like NAT64)
• CGN Bypass (route around NAT) • Must be Carrier-Grade in Scale and Performance * source: draft-wing-nat-pt-replacement-comparison Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
= public IPv4
CGN – Double NAT444
= private IPv4
CPE with private IPv4 address on WAN CGN NAT44
Private IPv4
IPv4private NAT44 Edge
Public IPv4 Internet
Core
• CGN does NAT44 or O(large number) of private IPv4 end-points • No need for IPv6 anywhere • Compliant with standard NAT behaviors (RFC4787, RFC5382, RFC5508) • Challenge: CGN never deployed with this scale in SP networks Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
= public IPv4
CGN – 6rd Border Relay Consumer Home Private IPv4
= private IPv4
IPv4-only AAA and/or DHCP
CGN 6rd BR
NAT44
Public IPv4 Internet
IPv4private IPv4/IPv6
CPE/RG 4/6
Core
Public IPv6
6rd tunnel
• No change to IPv4-based access infrastructure • IPv6 address in derived from ISP IPv6 prefix and CPE IPv4 address; RG and 6rd BR perform automatic IPv6/IPv4 encap/decap • CGN becomes 6rd Border Relay- NO NAT or XLAT performed • Simple, stateless, automatic IPv6-in-IPv4 encap and decap function on CPE/RG • Based on 6to4 (RFC 3056) and draft-despres-6rd-03.txt + CGN/NAT444 extensions • draft-ietf-softwire-ipv6-6rd Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
Gory Details: Three parts of the “6rd” Mechanism
• IPv6 Prefix Delegation derived from IPv4 Global IPv4 or Natted IPv4 in same deployment
• Stateless mapping and Encapsulation of IPv6 over IPv4 (RFC 4213) IPv4 encapsulation automatically determined from each packet’s IPv6 destination No per-subscriber tunnel state or provisioning
• IPv4 Anycast to reach Border Routers
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Packet Flow and Encapsulation 6rd
6rd
IPv4 + IPv6
6rd
IPv4 + IPv6 IPv4 + IPv6
6rd Border Relays
CE
IPv4 + IPv6 Core / Internet 6rd
IPv4 THEN Encap in IPv4 with embedded address
IF 6rd IPv6 Prefix Positive Match
Dest = Inside 6rd Domain
2001:100
ELSE (6rd IPv6 Prefix Negative Match)
IPv6 Dest = Outside 6rd Domain Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Interface ID
8101:0101
“Not 2001:100…”
ENCAP with BR IPv4 Anycast Address
Interface ID
Cisco Confidential
18
6rd vs 6to4 Attribute
6rd
6to4
IPv6 Address
SP’s IPv6 Address Prefix
2002::/16
SP-managed service
Yes
No
Always Route thru SP’s network
Yes
Maybe
IPv6 Address “Reputation”
Excellent, it is an ISP IPv6 Prefix
It is “6to4” and everybody knows that
RG Support
Under development
Supported
Cisco Products
IOS and Linksys Prototypes; planned for 6TS (ASR1K, CRS1)
IOS
Doc
draft-ietf-softwireipv6-6rd
RFC3056
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
= public IPv4 = private IPv4
CGN - Dual-Stack Lite CGN - Dual-Stack Lite
Consumer Home
NAT44 done here for IPv4 packets
V4-over-V6 IP Tunnel
Public IPv4 Internet
CGN
Private IPv4
Public IPv6
= public IPv6
IPv6 IPv4/v6 Edge
Core * AKA Softwires + NAT = SNAT
Public IPv6
• Employs softwire 4over6 tunnels plus CGN-NAT44 to support private IPv4 connectivity to public IPv4 Internet • IPv6 hosts use native IPv6 routing to public IPv6 Internet • Challenge is laying out IPv6 access network • draft-ietf-softwire-dual-stack-lite Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
Agenda • Introduction Why do we need IPv6? The Promise of IPv6
• The Cisco 346 Transition Framework NAT444 6rd – Border Relay + NAT444 DS-Lite + NAT 444
• CGv6 Implementation CGSE IPv6TS Software
• Summary
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
CRS-1 IPv6 Transition Services Solution Components
CRS-1 with IOS XR • High-capacity, carrier-class SP platform with Cisco IOS/XR • Leverages previously developed XR infrastructure to divert packets to Multi-Service PLIM • Provides single, integrated configuration & management infrastructure for Service PLIM
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Carrier Grade Service Engine (Roddick) • Leverages existing 40G MSC hardware & software • Rapid and flexible Linux-based development & test environment • Supports required CGN – NAT44 performance & scale • Cornerstone of 346 Backbone First IPv6 Transition Strategy
Cisco Confidential
22
CGSE (Roddick) PLIM and IPv6 Transition Services (6TS) • Hardware 6TS function resides on Multi-Service PLIM Quad Octeon multiprocessor architecture, 64 CPU cores Standard interface to MSC, 10 Gbps full-duplex nominal
§Software – IOS-XR on MSC, Linux on Octeon CPUs – Leverages XR App SVI to divert packets to/from CGN function – Leverages Vector Packet Path (VPP) for NAT application – Integrated configuration & management via IOS XR Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
23
CGN Packet Walk-Thru
VLAN
iMetro
VRF
VRF
iMetro
eMetro
Packets egress to public network
© 2005 Cisco Systems, Inc. All rights reserved.
4 x Octeon 64 CPUs
Octeon CPU performs NAT, PT, and/or tunnel encaps Forwards packet to CGN iMetro
CGN iMetro performs ingress lookup, selects output LC, forwards through fabric
GLIK
Tunnel
eMetro
iMetro
GLIK
VRF
Roddick Services PLIM Bambi
VLAN
MSC
4 x Octeon 64 CPUs
GLIK
iMetro
eMetro
VRF
To Core
eMetro
VRF
Tunnel
I/O PLIM
Session Number Presentation_ID
App SVI
CGN eMetro filters based on protocol Load balance selects Octeon & core
GLIK
VRF
Packets routed to CGN pass XR App SVI, forwarded to CGN eMetro
Bambi
From Subscribers
Packets enter from private network
Other packets may bypass NAT entirely
iMetro ingress lookup maps VLAN or tunnel to VRF Applies ingress features Routes to CGN
Fabric eMetro on egress MSC performs normal egress features
Multiple Roddick CGN blades support good scaling and/or 1:1 redundancy Cisco Confidential
24
CRS-1 6TS Project Update (September 2009) • Demo Topology active and operational in SJ – currently testing applications • Preliminary Performance Measurements: 6.7Mpps (IMIX) 10Gbps full-duplex tput 1 + 1 Warm Standby Switchover measured to be < 1 sec
• Logging to external server based on Netflow9 records • Analysis of deployment scenarios with customers • Customer Demo/EFT engaged & planned – End of Nov/Early Dec. 2009 • IPv6 Features in development - will align with IETF BEHAVE docs • External Launch planned for this Fall • FCS in IOS-XR Release 3.9.1 (April 2010) Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
25
CGN Connectivity Models
Subscriber to/from CGN; remote attachment
CGN-remote
Private Subs Public Subs
vlan Tunneling
Global BRAS/CMTS
Private Subs Public Subs
CGN
Penultimate Hop Router vlan vlan
vlan
vlan
vlan vlan
BRAS/CMTS
CGN Global
CGN-local
Subscriber to/from CGN; local attachment
Session Number Presentation_ID
Private Subs
Public Subs
vlan
vlan
BRAS/CMTS
© 2005 Cisco Systems, Inc. All rights reserved.
CGN Global
Cisco Confidential
26
6TS Roadmap IPv4/IPv6 Coexistence 4Q2009 1H2010 6TSv1 NAT44 XR Infra
6TSv2 IPv6 Features/ Services Session Number Presentation_ID
EFT
FCS
IPv6 SVI Testing XML Interface
6rd Demo/EFT v4/v6 xlat Coding/Demo DS-Lite TC Coding
© 2005 Cisco Systems, Inc. All rights reserved.
2H2010
1H2011
NAT44 Instrumentation & Management Enhancements
IPv6 SVI TE into VRF (CGN-remote)
• 6rd Border Relay • Stateless IPv4/IPv6 XLAT • DS-Lite TC Demo
1 + 1 Hot Standby
• Stateful IPv4/IPv6 XLAT/DNS64 • DS-Lite TC • ServiceWire
Cisco Confidential
27
ASR1000 IPv6 Broadband Solution Layer 2 Access Networks
ASR1000 IPv6 BB Aggregation Internet
ISP A DSL
DSLAM
IPv6 PTA/LAC
Access Ethernet
ASR1000
802.11 IPv6 LNS ASR1000
Si
Mobile
Multimedia Content Server
RAN
Dual-Stack/L2TPv2/MPLS Core
PPPoEoA, PPPoE
IPv4/IPv6
IPv6 Broadband • IPv6 Prefix Pools • IPv6 RADIUS • (Cisco VSA and RFC 3162) • DHCPv6 Prefix Delegation • Stateless DHCPv6 Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
•IPv6 PTA (RLS5 November 2009) •IPv6 LAC (RLS5 November 2009) •IPv6 LNS (RLS6 February 2010) •IPv6 ISG (Roadmap) •CGN (in Planning) Cisco Confidential
28
Agenda • Introduction Why do we need IPv6? The Promise of IPv6
• The Cisco 346 Transition Framework NAT444 6rd – Border Relay + NAT444 DS-Lite + NAT 444
• CGv6 Implementation CGSE IPv6TS Software
• Summary
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
29
Preserve IPv4 infrastructure, assets, and service offerings
Large-Scale Translation (LSN)
Cisco CGv6
Continue and accelerate subscriber and device growth using Private-IP
Internet
Private-IP IPv4
IPv4
New Customers
Existing Customers
Today Session Number Presentation_ID
With Cisco CG6 © 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
30
Prepare, with 6rd (6-over-4) Subscriber IPv6 traffic is tunneled over IPv4 to gateways within the IP-NGN while IPv6 grows Subscribers
Provider IP-NGN
Internet
Source = IPv6 Destination = IPv4, Tunnel Termination + AFT Destination = IPv6, Tunnel Termination
Private IPv4
IPv4
Private IP
IPv6
IPv6 Private IPv4
IPv4
IPv6
Cisco CGv6
IPv6
IPv6 moves out to subscribers IPv6 Rapid Deployment (6rd) defines such a 6-over-4 model Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
31
Prepare, with DS-Lite (4-over-6) Remaining subscriber IPv4 traffic is tunneled over IPv6 to gateways within the IP-NGN Subscribers
Provider IP-NGN
Internet
Source = IPv4 Destination = IPv4, Tunnel Termination Destination = IPv6, Tunnel Termination + AFT
IPv6
IPv4 Private IP
Dual-Stack CPE
IPv6
IPv6 IPv6 Cisco CGv6
IPv4
Dual-Stack Lite (DS-Lite) defines such a 4-over-6 model Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
32
Q and A
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
33
Session Number Presentation_ID
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
34
