Download pdf - Edge 2014: IPv6 is Here: What You Need to Know

©2014 Akamai Technologies Faster Forward™

IPv6 is Here: IPv6

Erik Nygren, [email protected] Chief Architect, Platform Engineering

What You Need to Know Edge 2014


•  IPv6 Background •  What is Taking So Long? •  Adoption & Landscape •  IPv6 Pitfalls •  Akamai and IPv6 •  What You Can Do

Agenda


IPv6 Background


• Four Billion IPv4 addresses (32-bit value) •  Some is reserved (multicast, localhost, RFC1918, …)

• Used by clients, servers, mobile devices, SSL VIPs, and more •  Impacts of IPv4 as a constrained resource to be more visible

Motivation: Running out of IPv4 addresses

LACNIC (S. America) exhaustion in 2014

APNIC (Asia) exhaustion in 2011 RIPE (Europe) exhaustion in 2012

Source: (from Sept 2014) www.potaroo.net/tools/ipv4/ (Geoff Huston)

ARIN (N. America) exhaustion in 2015


• Constrained IPv4 space means more NAT44 • NAT gateways may be performance bottlenecks • Not an option for servers • Pockets of machines that can’t directly communicate • Client addresses “translated” so servers lose visibility

The ugly alternative: NAT/CGN

IPv4

Private IPv4

Private IPv4

NAT44 NAT44


IPv4 32 bits • Only 4 billion addresses

•  7+ billion people… •  10+ billion devices and growing…

IPv6 128 bits

• Over 1038 possible addresses • Enough to give 50 million addresses to every bacteria on Earth! • Under development/deployment since late 1990’s

Enter IPv6…


• No direct compatibility, so effectively two Internets • Many hosts and devices will live on both (“dual-stack”)

• Dual-stack devices have both IPv4 and IPv6 addresses

• NAT technologies can adapt IPv6 to IPv4 (e.g., NAT64)

The IPv6 network: how does it relate to IPv4?

IPv4

IPv6 ß Dual-stack


• Dual-stack • Transition technologies

• Some still have downsides of NAT44 • Example: NAT64 enables IPv6 devices to speak to IPv4

How does the transition work?

IPv4

IPv6

NAT64


What’s Taking So Long?


q  OS support q  Client software support q  Infrastructure/backbone support q  Content availability q  End-user connectivity q  End-user CPE device support

Blockers for IPv6 adoption


q  OS support q  Client software support q  Infrastructure/backbone support q  Content availability q  End-user connectivity q  End-user CPE device support

Blockers for IPv6 user adoption

Implemented in 2000’s - some small issues remain

Making solid progress


Virtuous cycle More IPv6

Content

More IPv6

Traffic

More IPv6

Connectivity

More IPv6

Eyeballs


IPv6 Adoption Status


• Major factors • Content availability • Client network connectivity • Client & CPE devices

More Content x More Clients è More Traffic

IPv6 Adoption: HTTP(S) traffic levels

Date IPv6 Addresses Observed / week

IPv6 Addresses Observed / day

Akamai IPv6 Requests / Day

June 2011 (W6D) 280k 8.3 million June 2012 (W6L) 19 million 3.8 billion June 2013 300 million 10+ billion Dec 2013 600 million 20+ billion Sept 2014 1.56 billion 225 million 38+ billion


• Robust/Mature IPv6 support in most recent OSes/devices:

•  Apple: Mac OS X 10.7 Lion (with some support back to 10.3) • Microsoft: Windows Vista and Windows 7+

•  Windows 8 will auto-update over IPv6 •  Linux (most distributions from last few years)

•  Android 4.0+ (ICS) •  Apple: iOS 5 (for wifi) and iOS 6+ (for wifi + 4G LTE) • Microsoft: Windows Phone 8, XBox One • RIM: Blackberry 10 •  Some set-top boxes, TVs, and entertainment consoles

• Many browsers implement “Happy Eyeballs” •  Fast fail-back to IPv4 when available

IPv6 Landscape: OSes and Devices


Numerous major sites and content dual-stacked today: • Over 5,000 hostnames on Akamai for over 150 customers • Thousands of US government websites on Akamai (driven by PubSec mandate)

IPv6 Landscape: Content


• IPv6 in US is a major factor in increased client adoption

IPv6 Adoption: Ramping US IPv6 Growth


Leading Countries: 15 months of IPv6 growth

Percent of Requests over IPv6 to dual stack sites on Akamai

from Aug 2013 through Sept 2014


Leading Networks: 15 months of IPv6 growth

Percent of Requests over IPv6 to dual stack sites on Akamai

from Aug 2013 through Sept 2014


• Some leaders in IPv6 deployment: Comcast, AT&T, Deutsche Telekom, Time Warner Cable, Free, Telenet, Swisscom, Google Fiber, SoftBank, …

• “100 percent of Comcast’s broadband network has been fully deployed to support IPv6 dual stack connectivity”

• “crossed 1Tb/s of Internet facing, native IPv6 traffic” •  “Comcast continues to leverage IPv6 across the entire product and service portfolio, with IPv6 only support planned for both the Xfinity X1 [set-top box] platform and Xfinity Voice, with trials slated for later this year.” *

* http://corporate.comcast.com/comcast-voices/comcast-reaches-key-milestone-in-launch-of-ipv6-broadband-network

Leading IPv6 Adoption: Home Broadband


• Many carriers out of private address space • IPv6 will scale and perform better (no NAT) • Carrier control enables IPv6-only handsets

• T-Mobile US, Orange Poland, EE UK, Telenor, SK Telecom, … •  “Legacy” IPv4 connectivity via 464xlat+NAT64 while IPv6 is direct

• Verizon Wireless: over half of their handsets dual-stacked

Leading IPv6 Adoption: Mobile


• United States •  2010: USGv6 purchasing requirements for IPv6 support •  9/2012: public-facing websites must be available via IPv6 (thousands via Akamai) due to US Gov OMB mandate •  9/2014: US Gov OMB client connectivity mandate

• Other governments have similar mandates

Driving IPv6 Adoption: Governments


More Stats: Akamai’s State of the Internet

• Akamai’s quarterly “State of the Internet” report • Daily IPv6 visualizations launching soon at www.StateOfTheInternet.com 6


IPv6 Pitfalls


• Even in 2011 we observed one set of infected hosts that saw a AAAA record appear and followed it • I guess the malware was IPv6-ready?

• Akamai blocking ongoing probes over IPv6 • Make sure your firewalls support IPv6!

Another thing supporting IPv6: Bots!


• Not everything claiming to support IPv6 does so fully • IPv6 connectivity still spotty in some areas

• Pockets of the IPv6 Internet that can’t reach other pockets

• Systems handling IP addresses may need updates

• Example: auth cookies with IP addresses are highly problematic • Example: trying to store a 30 char IPv6 address in a 15 char client_ip database field

• Increased complexity from IPv4 and IPv6 in-parallel

Other common IPv6 pitfalls


• By not providing IPv6 delivery the Internet may not immediately break for you or your users, however…

• Future potential perf issues for IPv6 end-users as they navigate NAT64 CGN • Likely to impact mobile (e.g., 4G LTE) first • IPv6-only devices such as set-top boxes may also have issues

• Lose visibility into end-users behind IPv4 CGN (Carrier Grade NAT) • Breaks geo-location, blocking abusive users by IP, and more

• Compliance issues with US Federal government OMB / USGv6 requirements • Products/services sold must support IPv6 (e.g., ability to auto-update software with IPv6-only network connection)

• Fail to show technology leadership

Risks of getting behind on IPv6


Akamai and IPv6


• Committed to help customers with a smooth transition

• Enable customers to make IPv6 content available to users • Maintain or improve performance & reliability • Deliver content from nearby dual-stack servers • Provide IPv6 edge to IPv4 origin translation service • Soon: Provide an IPv4 edge to IPv6 origin translation service!

• Many Akamai solutions include robust support for IPv6

• Some limitations and feature gaps remain • Opt-in today, but dual-stack will be the default some day

Akamai’s goals around IPv6


• IPv6 now configured and live on Akamai servers in… … over 81 countries … over 400+ cities (in all continents except Antarctica) … over 490+ networks … over 1,200 server locations (limited by some of our network partners not yet having working IPv6)

Akamai and IPv6: current deployment status


• Dual-stacking edge servers • Customer properties can be dual-stacked

• Terminate IPv4 and IPv6 connections in server software • Can go forwards to customer origin via IPv4 (and IPv6 soon) • End-to-end testing recommended and occasional origin changes

How Akamai enables IPv6

Akamai

Origin

Users

IPv4

IPv4 or IPv6


What You Can Do


• Develop a roadmap: gain experience and target key areas

• Incorporate IPv6 support into purchasing requirements • Especially for security products, networking gear, & cloud providers

• Make content available over IPv6 • Akamai helps makes this easy!

• Support IPv6 when building new systems •  Leveraging IPv6 may even simplify some architectures

What You Can Do


• http://www.stateoftheinternet.com/ • http://www.worldipv6launch.org/

Additional Akamai Resources for IPv6 www.akamai.com/ipv6

• http://6lab.cisco.com • http://test-ipv6.com/

Erik Nygren, [email protected]