Embed Size (px)
DESCRIPTION
IPv6 @ Swisscom. Martin Gysi, 9.5.2011 Senior Network Development Engineer, Swisscom Public. The question „will IPv6 ever by widely deployed?“ is no longer open. The answer is a clear „yes“. Google, Facebook are accessible using IPv6 - PowerPoint PPT Presentation
Citation preview
IPv6 @ Swisscom
Martin Gysi, 9.5.2011Senior Network Development Engineer, SwisscomPublic
2
The question „will IPv6 ever by widely deployed?“ is no longer open.The answer is a clear „yes“.
• Google, Facebook are accessible using IPv6• Free.fr has 500‘000 IPv6-enabled customers (which makes it
the largest IPv6 ISP in the world)• Most major Telcos have stated that they are now starting to
deploy real IPv6 services. Most will do so in 2011/2012• And yes, IPv4 addresses will become scarce real soon… But
that’s another story…
3
The driver for IPv6 is the lack of IPv4 addresses.But IPv6 does not solve the IPv4 address shortage problem
• IPv6 is not compatible to IPv4. So IPv4 must continue to be operated
• IPv4 addresses can be saved by using them more efficiently, or by deploying NAT inside the carrier‘s network (NAT44, CGN). Drives complexity and costs short term fix.
• IPv6 is not the short term solution. But in the long run it‘s the only way to continue the Internet as we know it today.
• IPv6 does not replace IPv4, it‘s added in parallel to it „Dual Stack“
IPv4 address depletion
Short term fix:NAT44 deployment
Medium term strategy:IPv6 migration
Action plan: End-to-end
IPv6 deployment
4
Our IPv6 policy:We enable our customers to access the IPv6 Internet, and we offer our services to the IPv6 Internet
• External communication (aka Internet) will need IPv6 first. Gartner recommends that enterprises establish an IPv6 Internet presence no longer than 2014.
• Internal networks and services can remain IPv4 on the longer term
• Swisscom is currently analyzing all its services, to identify the steps required for introducing IPv6, and is working out a detailed roll-out plan
– Entire IT tool chain: order entry, service fulfillment and assurance, billing
– Network elements (routers, firewalls, load-balancers…) and platforms
– Regulatory aspects, such as lawful intercept– Security, both from Swisscom’s and our customer’s point of view– Product integration (part of the standard offering or option, …)– Customer experience– Impact on operations, training of staff
5
So, what are we doing right now?IPv6 @ Swisscom
• IP-plus backbone is fully dual-stack, IP-plus business Internet access is available with native IPv6.
• IPv6 in our mobile network. Works in the lab, are now expanding from there into the IT systems (RADIUS, User Databases (HLR), Mobile Proxy, Billing, etc.) and into the radio access network.
– The few handsets that support IPv6 cannot operate Dual Stack. IPv6 only is not interesting for most people
– LTE Rel. 8 / 3G Rel. 9 defines a Dual Stack PDP context.– Newest chipsets support PDPv4v6, so the handset situation
will improve.• More labs for broadband access and datacenter environments.
Gives those engineers and sysadmins something to learn from!
• We’ll launch IPv6 for residential Internet access this year
6
What is required for an IPv6 Internet Access Service?Complex infrastructure is barrier to cost-efficient IPv6 deployment. Legacy infrastructure cannot be upgraded easily.End-to-end overview of Swisscom‘s Internet Access Service network
ADSL
VDSL
ATM
native Ethernet
BRAS
3P-PE
No IPv6 support in used mode of operation
L2 platform, IPv6 not required
L2 platform, IPv6 not required
L2 platform,IPv6 not required, but scalability issues
PPPIPoE
IPoEoA
Access Edge
ISP connectivity
Aggregation
Access Core
FTTH
L2 platform, IPv6 not required
Ethernet over MPLS
L2 platform, IPv6 not required
6VPE ready
BNG
IPoE
IT Systems:DHCP, RADIUS, LDAP
ISP core Internet peering
IPv4/IPv6 dual stack
IT Systems: Various user/service databases
LNS
Route Reflector:
Required IPv6 features available
Required IPv6 features available (6VPE)
P Routers:
IPv6 not required
SSG
ISG
MPLS VPN
MP
LS V
PN
MP
LS V
PN
wholesale retail
7
Using 6RD, IPv6 Internet access is an incremental upgrade. Production-quality IPv6 Internet access at a fraction of the costs
• No complex upgrade of infrastructure, leverage IPv4 network to provide IPv6 access. Simply...
– Add IPv6 and 6RD support to customer modems
– Add 6RD Border Relays to dual-stack portion of network
IPv4 access
network
Internet peering (dual stack)
IPv6 Internet
6RD Border Relay
Lausanne
6RD Border Relay Zürich
native IPv6 home
network
Home network (dual stack) Swisscom Internet Access Service network
(IPv4 only)
6RD CErouter
ADSL
VDSL
ATM
native Ethernet
BRAS
3P-PE
No IPv6 support in used mode of operation
L2 platform, IPv6 not required
L2 platform, IPv6 not required
L2 platform,IPv6 not required, but scalability issues
PPPIPoE
IPoEoA
Access Edge
ISP connectivity
Aggregation
Access Core
FTTH
L2 platform, IPv6 not required
Ethernet over MPLS
L2 platform, IPv6 not required
6VPE ready
BNG
IPoE
IT Systems:DHCP, RADIUS, LDAP
ISP core Internet peering
IPv4/IPv6 dual stack
IT Systems: Various user/service databases
LNS
Route Reflector:
Required IPv6 features available
Required IPv6 features available (6VPE)
P Routers:
IPv6 not required
SSG
ISG
MPLS VPN
MP
LS V
PN
MP
LS V
PN
wholesale retail
8
Network topology
6RD is a Stateless Tunnel Technology, Embedding the CE’s IPv4 Address into the IPv6 Prefix.
IPv4 network
native IPv6
network
native IPv6
network6RD CE router 6RD Border Relay
0 28 60 64
subscriber subnetting
up to 32 bits of subscriber’s IPv4 address
Interface IDSubnet ID85.5.7.171 2A02:1200
6RD prefix
IPv4 dest 85.5.7.171
IPv4 Header IPv6 Header
IPv6 Payload
copy
send to preconfigured BR addresssend to embedded CE address
IPv6 Rapid Deployment on IPv4 Infrastructures (RFC 5969)
IPv6 address format for 6RD
IPv4 header & encapsulated IPv6 packet (downstream)
IPv6 prefix is calculated from the IPv4 address
9
OSPFv3OSPFv2
6RD Border RelayImplementation Details
6RD Border Relay
Dual stack core router
IPv4 IPv6
OSPFv3
IPv4 + IPv6
OSPFv2
6RD Border Relay
IPv4 IPv6Link failure propagated
on both IGPs
Link failure propagated
on both IGPs
Link failure not noticed in IPv4
IGP (or vice versa)
Link failure not noticed in IPv4
IGP (or vice versa)
Router on a stick Separate IPv4 and IPv6 interface
• Cisco ASR1002-ESP10 scales up to 10 Gb/s per box (tested)
• Using anycast IPv4 address, geographically distributed scale by adding more boxes
• Topology: “Router on a stick“ No danger of black hole routing, as IPv4 and IPv6 interface status is inherently coupled.
10
6RD CPE Routers Implementation Details
• Vendors: Motorola, ADB Broadband (formerly Pirelli Broadband)
• 6RD parameters configured using TR-069– Swisscom 6RD prefix and length (2a02:1200::/28)– IPv4 bits suffix length (all 32 bits)– 6rd Border Relay anycast IPv4 address– Swisscom DNS servers– IPv6 flag (enable/disable)
• IPv6 must be enabled by customer on “customer centre” website (no other changes to IT/OSS tools)
• Third-party modems (AVM Fritz Box and others) work, but need manual configuration
11
• Display IPv6 check box on “customer centre” website if router supports IPv6, store IPv6 status in customer database
• Display IPv6 status to customer support, enable them to change status
• Implement new TR069 parameters for 6RD• No other changes! No address management, no provisioning,
etc!
• Separate DNS (Google white-listed) that can stop handing out AAAA records if problems with IPv6 should occur
• 6rd.swisscom.com
Implementation detailsIT aspects
IT Systems
DNS
12
First deployment experiences:expect to find problems with turning on IPv6
• 2011 – the year of the MTU? Make sure Path MTU Discovery works!
• 7600 with 6748 LAN card and IOS 12.2(22)SXF10: sets IPv6 MTU to 1486 Bytes (no matter what is configured)
• Motorola CPE (Beta version) does not do PTMUD at all…• ASR-1k: ICMP Packet Too Big messages use final destination’s
address as source address (not local address)
• 7600 with 12.2(33)SRE3: Buffer leak when IPv6 is enabled. Requires periodic reboot of the box.
13
Swisscom will launch IPv6 for residential customers in 2011, using 6rd technology.
• 6RD changes the IPv6 “business case” from complex & expensive to simple & cheap. There’s no excuse for not deploying IPv6 now!
• 6RD is simple, reliable, scalable technology– Fast prototyping thanks to Linux implementation– Vendors engineering/beta implementations quickly
available, yet (inter-) worked flawlessly– Tested and proven scalability
• Large-scale pilot to be started in July 2011.– If you are a Swisscom customer and– have a “Centro” series router, then– apply at [email protected]– Check out the “sneak preview” at http://labs.swisscom.com
14
