A catalyst for deploying new business services - v2.0

WHITE PAPER

IIPPvv66,, aa ccaattaallyysstt ffoorr ddeeppllooyyiinngg nneeww bbuussiinneessss sseerrvviicceess

A White Paper written by 6WIND

Point of contact: [email protected]

6WIND White Paper – IPv6, a catalyst for deploying new business services - 05/03/2003

Version 2.0 2 This document is copyright 2003 6WIND and may not be distributed without explicit permission by 6WIND.

SUMMARY

Ø Overview ............................................................................................................. 3 Ø The evolution of business networks....................................................................... 4 Ø Stumbling blocks to this evolution ......................................................................... 5

ü Necessary Evolution...........................................................................................5

ü NAT ..................................................................................................................5

ü Application security for peer to peer applications.................................................6

ü Terminal configuration.......................................................................................7

ü Terminal mobility...............................................................................................8

Ø IPv6 benefits........................................................................................................ 8

ü An evolution not a revolution .............................................................................8

ü Addressing space...............................................................................................8

ü Access simplification ..........................................................................................8

ü Simplification of network configuration ...............................................................9

ü Managing mobility ...........................................................................................10

ü Security of exchanges......................................................................................11

ü A mature technology .......................................................................................11

Ø IPv6, catalyst for the introduction of wireless and peer to peer in businesses .........11 Ø Service deployment scenarios ..............................................................................13

ü An IPv6 access ................................................................................................13

ü New business service deployment scenarios......................................................13

ü IPv4 / IPv6 coexistence and migration..............................................................14

Ø A new generation of access equipement...............................................................14 Ø The solutions proposed by 6WIND .......................................................................15 Ø Conclusion ..........................................................................................................17 Ø Acronyms ...........................................................................................................18



Ø OVERVIEW

In coming years, an important factor in business productivity gains will involve the introduction of new applications based on greater mobility of terminals and users.

This growth involves the spread of technologies which at present are not very widespread. The availability of IP terminals using wireless technologies (particularly WLAN), the generalization of high speed Internet, the wide scale introduction of peer to peer applications on IP (telephony, videoconferencing, push services) are far from being a reality.

These new technologies are interdependent. How can performing applications be deployed without high speed access or adapted wireless terminals? It is also essential to wonder about the capacity of IP networks to be able to directly connect correspondents for peer to peer applications, to manage the mobility of terminals and to consider transparently configuring terminals and network equipment.

Existing NAT-based IP architectures have too many limits to be used for wide scale deployment of network architectures able to generalize these new services. IPv6 is the ideal technology for playing a catalyst role in deploying innovative services based on wireless technology and mobility within businesses. IPv6 actually offers solutions adapted for all encountered problems: almost unlimited addressing space, end to end secure access for peer to peer applications, automatic terminal and router configuration and terminal mobility.

To be able to deploy these highly added value services, it is first necessary to offer a high speed IPv6 access to businesses, parallel to existing IPv4 access if required. This then involves intelligently considering the current situation of the company in service deployment scenarios in order to ensure a harmonious coexistence of IPv4 and IPv6. The company will thus have mechanisms which facilitate a transparent migration for users from IPv4 to IPv6 applications.

The deployment of new services also involves the availability of a new generation of access equipment based on innovative processing architecture, which integrates in one single machine, functions previously divided on various machines (QoS, IP and application layer security, routing). This equipment must possess processing resources sufficient for offering new services (mobility, zero-configuration, peer to peer application support), and allow a transparent transition of IP networks to IPv6. This type of approach is not foreseeable with current access routers where the architecture, optimised for processing packets and IP filtering, is limited when more evolved functions need to be implemented, requiring significant processing capacity.

6WIND considers all aspects of this approach by offering a complete solution based on its 6WINDGate access equipment. This solution allows ISP to rapidly provide, without significant investment in their infrastructures, a highly added value service taking advantage of IPv6. Thanks to this solution, businesses will have innovative services, improving their productivity without undermining the choices made in their IP architecture. For both companies and ISP, 6WIND solution helps prepare a smooth migration to IPv6.



Ø THE EVOLUTION OF BUSINESS NETWORKS

Predicting the evolution of techniques in the business network field is not risk free. Nevertheless, it is necessary to analyse current trends for various IP-related technologies, in order to anticipate their impact on the architectures which constitute the base of almost all business networks. We are going to review those that we feel will be the most promising in the next 2 - 3 years.

WLAN - WPAN: After long years of work, the WLAN and WPAN market seems to be really taking off. The 802.11b technology for WLAN is already widespread in a strongly growing market and Bluetooth seems like a future technology in the WPAN field. For users the freedom of wireless networks is a clear plus. The lack of security, the disturbances detected during simultaneous use of the two 802.11b and Bluetooth technologies and the lack of QoS management are the primary remaining limits. Despite this, these technologies will probably undergo significant development in the field of business local area networks. It will be equally interesting to follow the development of 802.11b technologies as an alternative solution to 2.5 -3G technologies and the arrival of high speed WLAN (802.11a and Hiperlan/2).

2.5 - 3G technologies: At present the GPRS market and even more so the UMTS market have not yet taken off. The development of GPRS terminals and infrastructures has actually taken longer than predicted even if first GPRS specifications date back to 1997. Moreover, investments for UMTS licenses and deployment in Europe are very high so the business model is not totally consolidated. Market predictions of mobile Internet are still very uncertain. Studies conducted by the UMTS Forum bank on 400 million mobile Internet subscribers for more than a billion mobile voice subscribers in 2004. This pace of progress is important as GSM took 8 years to reach an equivalent number of subscribers.

High speed Internet access: The penetration of high speed Internet is currently very different depending on the country, varying from more than 60% for Korea to a few percentage points for some European countries. However, it appears that high speed access will undergo significant development in the next few years, thanks to low connection costs and the multiplication of offers. The technologies that should see the largest deployments are xDSL, local loop Ethernet and cable. The availability of these high speed accesses is crucial for the real deployment of bandwidth-hungry multimedia applications.

General IP connection: All of the previously mentioned technologies have one point in common: convergence to IP. In the medium term, it is thus possible to imagine an IP connection for various types of terminals (fixed and mobile phones, PDA, bar code readers, on-board equipment…) while currently it is almost exclusively used for computers or workstations. In addition, wired or wireless terminals will appear which transparently manage different types of interfaces for the user. IP terminals are thus going to diversify and their number will greatly grow in coming years.

Peer to peer applications: The deployment of peer to peer applications is very slow. Nevertheless, peer to peer applications are strategic as they include telephony over IP, videoconference over IP and all push services. The main reasons for this delay are different based on the applications: to be able to replace traditional telephony, telephony over IP must ensure a comparable service at an equivalent cost; videoconference requires a very high bandwidth, and like all push services, must be based on protocols which effectively manage multicast. However, wide scale deployment of all these services is faced with the problem of NAT since NAT does not allow to directly address the corresponding system. This latter point remains the major problem to be resolved following the recent progress linked to QoS management over IP and the increase in available bandwidth.

In the coming years other technologies will probably have an impact on business networks. It is nevertheless possible to predict that the major innovations will involve:

Deployment of wireless technologies -in particular WLAN-,

Penetration rate of high speed Internet,

Wide scale introduction of peer to peer applications,

Multiplication and diversification of IP terminals.



Ø STUMBLING BLOCKS TO THIS EVOLUTION

ü Necessary Evolution

Due to its remarkable flexibility and great simplicity, IP protocol has always adapted to new needs which have arisen after its creation (transport of heterogeneous flows, QoS, security). It has become established as the unifying protocol, able to run applications with very different features on a wide range of supports.

IETF has greatly anticipated future evolutions, made inevitable due to the success of IP and the introduction of new technologies. Among these:

• Taking account of the increase in number of fixed or mobile terminals,

• Mobility introduced by wireless technologies,

• The need to simplify configuration operations due to the introduction of IP in public environments,

• The capacity of wide scale deployment of peer to peer applications requiring direct connection with corresponding systems.

Stumbling blocks to these evolutions are situated at different levels which we shall examine.

ü NAT

The scarcity of IPv4 addresses, originally with unequal geographic distribution, has led to the deployment of mechanisms such as NAT, which cleverly hides a very large number of private addresses behind a very small number of public addresses, and which manages the gateway between public and private domains.

NAT conceals the end user, which ensures the user a certain level of confidentiality, however, it cannot easily connect a correspondent located behind NAT, in the private space. Thus, NAT is well-suited for a client-server type architecture -the server being in the public space and the client in the private space- since communication is solely client initiated.

Figure 1: Limits of NAT-based architectures

However, NAT presents a certain number of problems for the future:



• For operators or facilities managers who have to configure NAT and provide for remote administration, the non-transparency of the network, due to confidentiality, creates high operating costs due to the difficulty of establishing a reliable diagnosis.

• The on fly manipulation of IP packet headers, necessary for establishing a link between private and public space makes end to end IPsec security impossible. In fact, modifying the packet header leads to a rejection of it during IPsec controls.

• NAT penalizes performances, this becomes a problem for applications which are sensitive to transit times.

• NAT is a stumbling block for deployment of peer to peer applications. The installation of a local Web server, which becomes feasible thanks to the availability of high speed access lines, also poses problems with NAT. Actually, in all these cases, it is necessary to know the correspondent address located in the private space. So with NAT, complex application related mechanisms need to be put in place in order to find the address of the final correspondent. These mechanisms add complexity, are specific to the application used, penalize performance and increase operating costs.

• Joint operation of NAT and mobility is very uncertain: during movement, mobile phones are likely to use addresses that are private, not routable and that may overlap.

To get around the various problems posed by NAT, the most common solutions are to deploy proxies, generally depending on the applications; these proxies are complex, poorly performing and become increasingly difficult to configure, deploy and maintain, even for network experts.

Other solutions used non-standardized protocols to partially resolve some of the problems mentioned above.

ü Application security for peer to peer applications

The central problem of security, particularly for business networks, has led to the development of increasingly sophisticated IP security architectures based on mechanisms that can be broken down into two big complimentary families (cf. Figure 2):

• IP access can be made secure with VPN IPsec: the correspondent can be authenticated and/or exchanged data can be encrypted.

• Application security with proxies or firewalls that analyse the used protocols.

Figure 2: Security for IP architectures

IP access security techniques have been very well mastered. The same is true for application security techniques for simpler protocols like HTTP or SMTP, that use static ports.



In addition to the problems related to the accessibility of a correspondent hidden behind a NAT, numerous applications - among these all peer to peer applications - pose specific problems for firewalls, particularly tied to the use of dynamic ports by these applications. Thus proxies and firewalls become very complex. They are all the more complex since they must be combined with similar mechanisms in order to pass through NAT. Thus they are very difficult to deploy or perform poorly. Currently used solutions involve punching limited security holes for an easier management of these flows. These solutions present other vulnerabilities linked to denial of service for example.

ü Terminal configuration

IP terminal configuration must become simpler, primarily for two reasons:

• The need to eliminate terminal configuration and public application operations (zero- configuration concept).

• The need to extend the freedom provided by wireless technologies thanks to IP configuration at a network level that is transparent for the user.

For nomad users, wireless technologies constitute an ideal connection means to Internet or Intranet of their company or organization. For example, they can connect to networks of various sites of their companies while away by remote access to a hot spot installed in an airport, a hotel network or a conference room.

The introduction of WLAN technologies in companies is going to multiply the terminal connection - disconnection phases. With a generalization to all company applications, nomadism will impose new performance constraints on configuration mechanisms.

At present to connect a terminal to a network, various configuration operations are required such as the address configuration following a pre-set addressing scheme and the definition of a default route to reach the first router. In a company environment, configuration is made manually or by using DHCP protocol, that allows the terminal to request an address from the server that in turn assigns one. Configuration operations are rare because most terminals are fixed.

Due to the introduction of new technologies, configuration problems are no longer limited to the IP address and the default route. Indeed, this is not sufficient for peer to peer type applications. A terminal can be contacted by a correspondent which does not use an IP address, but a machine name; the connection is provided by a DNS server. Movement of the terminal requires updating the correspondence between name and address in the DNS. To do this, the DNS server must be located then updated with the new IP address of a mobile. Thus, regardless the application used, a terminal which is moved will automatically reconnect without user intervention and can be connected after the move like it was before.

Figure 3: Updating a DNS for peer to peer applications



It is also interesting to localize application servers, so that a user can find a complete work environment.

ü Terminal mobility

Terminal configuration management mechanisms resolve problems tied to nomadism. Offering the user true mobility means preliminary treatment of the problems tied to service continuity. Ensuring IP mobility consists for instance in maintaining a telephony over IP conversation while the user changes routers while moving. This type of use will become more and more frequent due to the use of wireless IP phones.

IP mobility protocols are based on the capacity of underlying wireless technologies (2.5 - 3G, WLAN) to manage a first level of mobility in wireless cells.

Network level protocols must take into account the mobile movement in a new IP sub-network, the acquisition of a new IP address as well as the data forwarding towards this new location. Mechanism performances in this regard must ensure a continuity of service.

Ø IPV6 BENEFITS

ü An evolution not a revolution

At IETF, IPv6 constitutes the necessary IP evolution cornerstone for new application fields occurring with wireless networks, mobility and accessibility of terminals.

This is definitely an evolution and not a revolution. It is not a question of discarding an existing technology that works well, but simply providing IP - as has been already done in the past - some "fuel" for developing new ideas and applications.

IPv6 has many technical benefits; they are described in detail in the 6WIND White Paper « IPv6 Benefits ». The main benefits connected to business services are described below.

ü Addressing space

The addressing space extension from 32 to 128 bits offered by IPv6 is clearly the basis for the evolution of IP networks. It affects:

• Access of countries suffering from a poor IPv4 address allocation to a sufficient addressing space,

• Deployment of mobile Internet and its billions of terminals,

• Management of permanent connections (ADSL, cable) and IP mobility.

In other circumstances, the telephone could not have developed except by extending for addressing space. Currently available services (personal voice mail, call forwarding etc.) would not have been effectively developed if we had stayed with a single standard number to serve all the company.

ü Access simplification

IPv6 addressing space opens a new field that simplifies access for the final user. Consequently, it is no longer useful to imagine complex solutions to get around NAT type mechanisms that no longer have a place.

NAT's confidentiality is easily recreated with IPv6 technology that sets addresses of varying scopes (local, site or global). Depending on the applications, addresses of varying range can be used. But is this really necessary?

Confidentiality is often viewed as an advantage for hiding the number of locally connected machines from service providers. Will this model still have a reason for existing in a world where IP protocol is present on a very high number of terminals, and where service will be bound by a contract with the user - company or private individual-, integrating bandwidth, quality of service, security, application services etc … ?



On the other hand, the idea of confidentiality is not the same for peer to peer applications. In a company environment, who at present prefers confidentiality -meaning not to divulge its telephone number to anyone (except maybe to its secretarial office)- to personalized management of its phone calls?

ü Simplification of network configuration

From its beginning, IPv6 was designed to offer "plug and play", providing a simple, high-performance solution for configuring terminals and basic mechanisms for managing IP mobility. This type of mechanism is adapted to nomadism: moving a terminal from an IP sub-network to another IP sub-network, without maintaining in progress connections. Mobile IP that we discuss in the following paragraph, addresses the problem of mobility more specifically, without interrupting in progress connections. Different configuration protocols are shown in Figure 4.

First of all IPv6 integrates a stateless auto-configuration mechanism, this means without a server, used for a terminal -when it arrives in a new network- to simply construct its address starting from a prefix sent by the local router. So it is no longer useful to install or maintain a DHCP server.

Configuring the address is not enough for peer to peer applications. Movement of the terminal requires updating the name-address correspondence in the DNS (DNS Update).

Anycast addressing -also available in basic IPv6 specifications-, compared to traditional multicast techniques, constitutes a very effective means for locating a DNS server, and generally all types of servers. Communication is indeed established with the first server that responds. Reserved anycast addresses (for example addresses for DNS) are set.

To offer a complete solution for configuring business networks, in addition IPv6 integrates mechanisms used by service providers to configure prefixes in its clients' routers (« Prefix Delegation »).

For businesses, it is also possible to quickly redefine a complete addressing scheme (« Router Renumbering »), using a step by step construction of :

• Prefixes to be used on the different interfaces of the router starting from the access router prefix delegated by the operator, the service provider or the service in charge of the business network administration.

• Terminal addresses built thanks to the stateless auto-configuration mechanism using the local router prefix.

For example, this approach resolves the problem of merging private networks, poorly managed by IPv4.

Figure 4: Network configuration protocols



ü Managing mobility

Managing Mobile IP involves defining protocols for routing information to a terminal, no matter where it is connected, without interrupting the connections in progress. To do this it is necessary to locate the terminal and route the information to the new destination, without modifying the connection in progress.

Figure 5: Mobile IP

The Mobile IP protocol is defined for both IPv4 and IPv6. Nevertheless, implementation of IPv4 poses important problems that are stumbling blocks to its vast scale deployment. These problems have been treated in the Mobile IPv6 specification.

• First of all Mobile IP protocols are based on the availability of a permanent address called « Home Address »-, and temporary addresses acquired during movement. Mobile IP thus involves having a significant number of available permanent addresses.

• Temporary addresses are acquired by mobiles at the time of movement, according to the associated IP sub-network. Mobile IPv6 is based on the IPv6 native address auto-configuration mechanism -unavailable in IPv4, thus requiring the use of more complex mechanisms to acquire an address-.

• Unlike Mobile IPv4, Mobile IPv6 mechanisms optimise traffic. Packets coming from the correspondent of the mobile can be directly routed without going through the « Home Agent » of the mobile, thus avoiding triangulation phenomena in the network.

• Joint operation of NAT and mobility is very uncertain: during movement, mobile phones are likely to use addresses that are private, not routable and that may overlap.

• The use of IPSec is compulsory in IPv6, integration of Mobile IP and security is better guaranteed and less subject to interoperability problems and poor implementation.

Nomadism and mobility requirements can be satisfied in IPv6, in a different way as shown in Table 1.



Service Application example Auto-configuration protocols

Mobility management protocols

Nomadism

A company employee travels to various sites of his company and

connects to different IP networks.

Useable by updating DNS. Useable without updating DNS.

Mobility

A wireless IP phone user moves around its company, changes access router and thus IP sub-

network.

Unusable because the protocols cut the

connection and interrupt service.

Useable because the protocols maintain the

connections. Based on auto-configuration protocols.

Table 1: Nomadism and mobility

ü Security of exchanges

The improvements to IPv4 architecture security, both at the network layer (IPsec) and in application security (proxies or firewall type solutions), can be implemented in the same way on IPv6.

IPv6 also brings an immediate solution to end to end security of flows that is not possible through NAT-based IPv4 architectures.

So IPv6 combines a complete set of mechanisms that maintain the current architectures while proposing end to end solutions particularly well suited for peer to peer applications.

ü A mature technology

The basic IPv6 specifications (IETF RFC 2460) date back to 1998 and were developed after long years of work, implementation and testing. Numerous implementations have been available at router providers (core, aggregation or access routers) and software publishers for many years. Interoperability sessions that regularly take place demonstrate the high level of maturity of the protocol.

Like all the areas IETF handles, new proposals are regularly created to improve basic IPv6 specifications without changing anything.

These practices do not indicate that IPv6 is not fully mature, but simply that the technical responses take into consideration new problems; it was this type of approach and repetitious work methods that allowed the IPv4 protocol to meet with the success that it did.

Ø IPV6, CATALYST FOR THE INTRODUCTION OF WIRELESS AND PEER TO PEER IN BUSINESSES

The main innovations identified at the beginning of this paper and listed below are all closely linked.

Deployment of wireless technologies -in particular WLAN-,

Penetration rate of high speed Internet,

Wide scale introduction of peer to peer applications,

Multiplication and diversification of IP terminals.



In fact, the introduction of wide scale peer to peer applications (telephony, videoconferencing, push services, dedicated multi-media applications), heavy consumers of bandwidth, would be impossible without high speed Internet access.

The deployment of wireless technologies (2.5 - 3G or WLAN) greatly competes for the multiplication and diversification of IP terminals. A large number of these terminals (telephones, PDA, etc.) will be used for peer to peer applications in mobile environments.

So wireless technologies and new applications will require a larger variety of new IP terminals in order to meet user demand.

Figure 6: Innovating services for businesses

IPv6 is an ideal technology for playing the role of catalyst for introducing innovative business services, since it offers solutions adapted for all encountered problems:

Almost unlimited addressing space,

End to end secure access for peer to peer applications,

Terminal and router configuration,

Terminal mobility.

IPv6 technology solves these problems while also improving QoS and security management. The architecture simplification will also provide substantial improvement in terms of network management.

Table 2 provides a detailed look at IPv6 advantages in the different areas covered in this document.



Addressing Peer to Peer Applications Configuration Mobility Security

IPv4 NAT.

Require application

proxies to resolve problems with

NAT.

Manual configuration or by DHCP server.

Service discovery using multicast.

No router configuration.

Complex protocol to implement. Problem of address number and

NAT.

Solutions based on proxies or firewalls. End to end IPsec network security impossible due to

NAT.

IPv6

No more NAT thanks to

addressing space. Use of

local addresses if needed.

No particular problem.

Address configuration without IPv6 server.

Service discovery using anycast.

Router configuration.

Use of address auto-configuration process.

Enough addressing capacities to assign a permanent address to each mobile. Transfer

optimisation.

Solutions based on proxies or firewalls.

End to end IPsec network security

possible.

Table 2: Comparison IPv4 – IPv6

Ø SERVICE DEPLOYMENT SCENARIOS

To successfully deploy new high added value services thanks to IPv6, it is necessary to:

• Be able to offer a high speed IPv6 access to companies, parallel to existing IPv4 access if required.

• To intelligently consider the current situation of the company in service deployment scenarios in order to ensure a harmonious coexistence of IPv4 and IPv6.

• To start to put into place mechanisms which facilitate transparent migration for users from IPv4 to IPv6 applications.

ü An IPv6 access

Simple solutions exist for offering companies native high speed IPv6 access. The solutions can be implemented on existing service provider architectures without losing previously made investments.

The 6WIND white paper « Deploying IPv6 on ADSL » describes different possible scenarios for offering IPv6 access on an existing ADSL architecture. The following scenarios are envisioned:

• Having an IPv4 access and an IPv6 tunnel in IPv4; the access is based on PPPv4 as level 2 protocol,

• Having two separate IPv4 and IPv6 accesses based respectively on PPPv4 and PPPv6,

• Having two IPv4 and IPv6 accesses directly on ATM.

The advantages of each scenario are discussed in the white paper.

Having a double IPv4 / IPv6 access makes it easier to set-up new IPv6 services, without initially disturbing the existing IPv4 infrastructure. The availability of adapted mechanisms in access equipment makes it possible to very simply choose between the two types of access, IPv4 or IPv6.

ü New business service deployment scenarios

The question related to new service deployment scenarios in businesses is essential, no matter what technology is envisaged, and even more so if it is about IPv6. IP protocol is indeed an essential part of currently deployed communication architectures and constitutes a critical element in the operation of many applications.



The fundamental principles that deployment scenarios for new business services are based on, are as follows:

Base the introduction of innovative services linked to WLAN, mobility and peer to peer on IPv6,

Maintain the current architecture for existing applications,

Set-up mechanisms for coexistence of IPv4 and IPv6,

Prepare transparent migration for the user to IPv6.

ü IPv4 / IPv6 coexistence and migration

The mechanisms used for the IPv6 migration are described in detail in the 6WIND white paper « IPv6 Transition mechanisms ». In addition, the questions related to the IPv6 transition are summarized in the document http://www.isoc.org/briefings/006/.

To successfully deploy new services based on IPv6, it is necessary to introduce the greatest flexibility and transparency in order to answer the questions regarding IPv4 / IPv6 coexistence and migration to IPv6. It also involves dealing with technical and economic constraints of such a process.

The first condition for a successful deployment is to make IPv6 services currently existing on IPv4 available to users. Among these services are the most widespread routing protocols (RIP, OSPF, BGP), flow management to ensure the required QoS level, security management both for IP (VPN IPsec) and applications (firewall type filtering). That way no regression will be produced in moving to IPv6. This migration will be all the more simpler as network management will allow to quickly pass from IPv4 to IPv6. It will thus be possible to deploy new IPv6 services (support for peer to peer applications, zero-configuration and mobility).

Then, it is necessary to implement all the IPv4 to IPv6 transition mechanisms established by IETF which cover very different migration scenarios. The following are among these mechanisms:

• The two protocol version support ( « double stack » approach).

• The different tunnelling mechanisms used to connect IPv6 machines to IPv4 networks such as configured and « 6to4 » tunnels for publics interconnections or ISATAP for equipment connected to private NAT networks.

• Translation type mechanisms, NAT-PT or application layer proxies for example, which offer application layer solutions compatible with NAT.

• DSTM mechanism, which in a more advanced phase of IPv6 deployment, limits the number of IPv4 addresses needed for IPv6 terminals to communicate with IPv4 servers.

Having this variety of mechanisms allows the user to choose which is the most appropriate and even more importantly the best schedule for migration. This schedule may be phased to the upgrade of an Operating System version, the implementation of a new application or the replacement of a network equipment.

From an economic point of view the change to IPv6 may seem expensive. However, it is necessary to compare the cost of introducing IPv6 with that of upgrading IPv4 (to add new services), or the installation of new proxies (to operate on NAT-based architectures). In the second case, costs are recurring for each application, whereas investments tied to IPv6 are largely mutualized for all future applications.

Ø A NEW GENERATION OF ACCESS EQUIPEMENT

Up until recently the access equipment which offered IP services was developed on a machine architecture optimised for processing functions tied to access to ISP infrastructures, NAT or routing. IP services were limited to mainly providing Internet connection to companies.



As new services were introduced, it was necessary to add new functions to existing routing functions such as quality of service management or IP and application layer security. For this reason dedicated equipment for bandwidth management, security gateways and application firewalls and proxies were progressively introduced. In addition to acquisition costs, management costs have increased considerably due to administration of heterogeneous equipment.

To reduce the number of machines and administration costs, it is natural to imagine implementing these new functions in access routers. However, this approach clashes with relatively fixed architecture of routing equipment, optimised for processing packets and IP filtering, but limited when it involves implementing more evolved functions which require a significant processing capacity.

The multiplication of intelligent functions at the access level, such as managing terminal mobility, providing network auto-configuration, supporting peer to peer applications, allowing the coexistence of applications running in IPv4 and IPv6, reinforces this need to increase the processing capacity of access equipment.

Thus, a new generation of access equipment is needed based on innovative processing architecture that can:

Integrate in one single machine functions previously divided in various machines (routing, QoS, security),

Offer processing resources sufficient for offering new services (mobility, zero-configuration, support for peer to peer applications) and for permitting transparent migration of IP networks to IPv6.

Ø THE SOLUTIONS PROPOSED BY 6WIND

The solutions proposed by 6WIND respond to the problems of new service deployment scenarios. They take advantage of the expertise developed by the company for IPv6 architectures and technologies. They are based on 6WIND’s access equipment that are built on an innovative architecture allowing not only to have effective packet processing functions, but also to implement functions for more sophisticated bandwidth-hungry processing.

It is therefore possible to adapt 6WIND solutions at the same rate as IPv6 introduction in companies and to focus on immediate added value services for the company while minimizing the risks on existing architecture.

Figure 7 shows the 6WIND solution based on its 6WINDGate equipment.

Figure 7: 6WIND Solution for introducing added value IP services



Depending on the available access service, two different IP accesses are proposed:

• The first is IPv4 access used in existing architectures, generally based on NAT.

• The second is IPv6 access, which can be native or IPv6 in IPv4 if the ISP offers a tunnelling service.

The local company network is also based on a parallel IPv4 / IPv6 architecture that can use a level two technology such as Ethernet, VLAN Ethernet and/or WLAN. Routing and security (filtering, VPN IPsec) services as well as QoS management mechanisms are available both for existing applications and IPv6 applications. Coexistence of the two protocols and migration to IPv6 are very easy to manage as all these functions are available on one single machine and administration of the machine (configuration, monitoring) is identical in IPv4 and IPv6.

The local IPv6 network is initially used to set up new services. To do this 6WINDGate equipment manages zero-configuration (0conf) type functions -which minimize configuration and management operations-, support of peer to peer applications, end to end security and IP mobility.

6WINDGate equipment already integrates all the mechanisms necessary for IPv4 and IPv6 networks to interoperate. Thanks to proxy type mechanisms, it is then possible for an IPv4 or IPv6 web browser located in a company network to access an IPv4, IPv6 or dual stack server, whether it is placed on Internet or Intranet.

The presence of these mechanisms allows companies to migrate at their own pace, taking for example advantage of upgrading their terminal Operating System in order to migrate to IPv6 in a way that is transparent for the end user. Certain applications can remain in IPv4 if there is no advantage to having them in IPv6.



Ø CONCLUSION

At present IPv6 technology is primarily known for its almost unlimited IP addressing space. This capacity offers sufficient addressing space for countries which currently lack IPv4 addresses. It can also be used to manage deployment of future mobile networks and their billions of terminals or to provide a permanent address for high speed, always on Internet access (xDSL, cable etc.) which is becoming standard.

In addition to this capacity, IPv6 will be the catalyst for future communication evolutions within businesses, evolutions that will be characterized by a high level of mobility thanks to wireless technologies and massive introduction of peer to peer applications.

IPv6 is a mature technology that can be deployed without risk by using intelligent service deployment scenarios. These scenarios must allow introduction of new services taking advantage of IPv6, and at the same time, maintain existing architectures for as long as needed. This is possible if network equipment makes IPv6 services currently existing on IPv4 available to users to ensure a continuity of service and if all the transition mechanisms are available to ensure coexistence of the two protocols. Migration to IPv6 can thus be effected in line with a timeframe best suited for the company.

It is also necessary that access equipment processing architectures evolve, to offer more than the typical routing and packet filtering features and provide more sophisticated processing capacities. This makes it possible to have in a single machine all the functions that to date have been divided among dedicated machines with separate management and to deploy the new services that the company really needs.

This type of approach offers ISP an adapted solution to quickly provide a highly added value service taking advantage of IPv6 without significant investments in their infrastructures. In addition, it allows companies to have innovative services which optimise their competitiveness (for example videoconferences in a mobile environment improve communication within the company and minimizes communication and travel expenses) without undermining the choices made in their IP architecture. For both companies and ISP, this means preparing for a risk-free migration to IPv6.

6WIND solutions based on new generation 6WINDGate equipment allows ISP and businesses to implement this approach right away.



Ø ACRONYMS

0CONF Zero-configuration 2.5G See GPRS 3G See UMTS ADSL Asymmetrical Digital Subscriber Line ATM Asynchronous Transfer Mode BAS Broadband Access Server BGP Border Gateway Protocol DHCP Dynamic Host Configuration Protocol DMZ Demilitarized Zone DNS Domain Name System DSLAM Digital Subscriber Line Access Multiplexer DSTM Dual Stack Transition Mechanism GPRS General Packet Radio Service HTTP HyperText Transfer Protocol IETF Internet Engineering Task Force IP Internet Protocol IPsec Internet Protocol Security IPv4 Internet Protocol version 4 IPv6 Internet Protocol version 6 ISATAP Intra-Site Automatic Tunnel Addressing Protocol ISP Internet Service Provider LAC L2TP Access Concentrator LAN Local Area Network LNS L2TP Network Server NAT Network Address Translation NAT-PT Network Address Translation – Protocol Translation NSP Network Service Provider OSPF Open Shortest Path First PDA Personal Digital Assistant PPP Point-to-Point Protocol PPPoA Point-to-Point Protocol over ATM PPPoE Point-to-Point Protocol over Ethernet QoS Quality of Service RADIUS Remote Authentication Dial In User Service RIP Routing Information Protocol RFC Request For Comment SMTP Simple Mail Transfer Protocol UMTS Universal Mobile Telecommunication System VPN Virtual Private Network WAN Wide Area Network WLAN Wireless Local Area Network WPAN Wireless Personal Area Network xDSL Variations of DSL technology (Digital Subscriber Line)

Documents

A catalyst for deploying new business services - v2.0