NAT64 Technology: NAT64, IPv6 Branch Functionality TechAdvantage Webinar

© 2011 Cisco and/or its affiliates. All rights reserved. 1

Cisco IOS Advantage Webinars NAT64 Technology: NAT64, IPv6 Branch Functionality Steve Simlo

Prashant Jhingran


•  Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists

•  Please complete the post-event survey

•  For WebEx audio, select COMMUNICATE > Join Audio Broadcast

•  Where can I get the presentation? Or send email to: [email protected]

•  Join us for upcoming TechAdvantage Webinars: www.cisco.com/go/techadvantage

•  For WebEx call back, click ALLOW phone button at the bottom of participants side panel


Panelists Speakers

Steve Simlo Product Manager

[email protected]

Prashant Jhingran Technical Marketing Engineer

[email protected]

Amit Dutta Product Manager

[email protected]

Wojciech Dec Technical Engineering

Leader [email protected]

Andrew Yourtchenko Technical Engineering

Leader [email protected]


§  IPv6 Market Drivers

§  Cisco IPv6 Strategy

§  IPv6 Transition Technologies

§  IPv6/IPv4 Translation Scenarios

§  Technologies Facilitating IPv6/IPv4 Translation

§  Stateful NAT64 implementation on Cisco Platforms

§  Summary

§  References



The world will run out of IPv4 addresses in the next few years.

By 2016 there will be 7.5 billion people...

...and 19 billion fixed and mobile-connected devices.

Mobile devices are growing faster than the mobile subscribers that use them.



National IPv6 Strategies

US DoD, China NGI, EU

IPv6

IPv4 Address Run-Out

Infrastructure Evolution End Point Explosion

Smart Grid – Smart Meters Smart Cities – Internet of Things

Cable – Set Top Boxes Mobile Telephony

IPv6 OS, Content & Applications

https://www.arin.net/knowledge/v4-v6.html


Modern Devices Support IPv6 •  Prefer IPv6 connectivity (RFC 5221)

•  Use SLAAC/DHCPv6 and have Link Local Addresses (RFC 4862)

•  Can run IPv6 over an IPv4 network under certain circumstances

Tunneled over an IPv4 core, And/or on L2 segment

•  Will try to use IPv6 if they receive a AAAA record from DNS

•  Don’t always display IPv6 information (mobile devices)

•  Use privacy addresses (RFC 4961)

•  Modern browsers implement RFC 6555 (Happy Eyeballs)

•  Use IPv6 link-local capabilities for plug and play protocols


CGN

IPv4

IPv6

DNS <AAAA, A>

True End to End


IPv6 Estimated Adoption Timeframes

Early Adopters

Globalization IPv6 Government

Mandate Deadlines

IPv4/IPv6 Co-existence

High Risk Low Risk Moderate Risk

2010 2012 2014

Transition Planning

•  2012: Mandates take effect – Globalization - WorldIPv6Launch - Massive Mobile deployment. Transition to IPv6 forces customers to acquire product or managed services to sustain business and customer reach

IPv6 Business Impact – The Cost of Waiting Goes Up

•  2010: Low Impact – Buying behavior shift limited to mandated and early adopters

•  2014: IPv6 is mainstream – customers without transition infrastructure experience reduced service levels, diminished customer reach



Preserve the customer’s existing investment •  Audit and leverage existing IPv6 capabilities

Prepare a migration and deployment plan •  Identify and enable critical IPv6 functional areas

Prosper through the transition to IPv6 Internet •  Enable all systems with dual-stack capabilities •  Grow seamlessly as customers transition to IPv6

Preserve

Prepare

Prosper


IPv6 User Access @ Cisco •  Secured broad executive support •  Progress requires multi-functional teams – not just a networking problem •  Pursuing Outside-In and Inside-Out in parallel

•  Coordinated equipment upgrades and software updates with fleet upgrade program

•  Made sure common client configurations were tested •  Made operational changes e.g. IPv6-specific security mechanisms and

monitoring solutions for IPv6 traffic •  To date

•  Provided IPv6 access in approximately one-third of global offices – tunnel access for interim connectivity

•  IPv6-enabled 100% of the core network •  Observed Happy Eyeballs (RFC 6555) in action •  Observed IPv6 attacks •  Monitor worldwide usage with 6lab.cisco.com/stats




Internet Peering DMZ Switching SLB IPv4 only Servers

IPv4

IPv6 6:4

Translation

Internet Peering DMZ Switching SLB IPv6 & IPv4 Servers

IPv4

IPv6

Tunneling

Internet Peering DMZ Switching SLB IPv6 & IPv4 Servers

IPv4

IPv6

Dual-S

tack

IPv4-Only Network

IPv4-Only Network

Dual Stack Network

Tunnel


IPv6 & IPv4 IPv6

IPv4

Internet

Dual-Stack Network IPv6/IPv4 Translation, BEHAVE working group

IPv6 over IPv4 & IPv4 over IPv6, Softwire Working Group

IPv6 Internet

Internet

IPv4



IPv4 Internet

stateful stateless

IPv6 Internet IPv4

Network

IPv6 Network

IPv4 Network

IPv6 Internet

IPv4 Internet IPv6

Network

IPv4 Network

IPv6 Network

IPv4 Network

IPv6 Network

1.

2.

3.

4.

5.

6.

Not viable because too few IPv4 addresses

With Static v6v4 mappings

With Static v6v4 mappings

Translation is not a long-term support strategy; it is a medium-term coexistence strategy that can be used to facilitate a long-term program of IPv6 transition by both Enterprises and ISPs.



Enterprise / Content Providers IPv4 / IPv6 Internet Enterprise / ISP Networks

Scenario 3 Scenario 1 Enterprise /ISP A Having “green-field” IPv6 only Network.

DNS64 Server

DNS Server

6:4

Scenario 2

Example-v4.com Application Servers in “legacy” IPv4 only network.

6:4

Example-v6.com Application Servers in “green-field” IPv6 only network.

Example.com Application Servers in “legacy” IPv4 only network.

Example-v4v6.com Application Servers in “dual-stack” IPv4/IPv6 network.

Enterprise/ISP B Having “legacy” IPv4 only Network.

4:6

IPv6 Internet

DNS(AAAA) Authoritative Server

IPv4 Internet

DNS (A) Authoritative Server


Stateless NAT64 Stateful NAT64 1:1 translation 1:N translation No conservation of IPv4 address

Conserves IPv4 address

Assures end-to-end address transparency and scalability

Uses address overloading, hence lacks in end-to-end address transparency

No state or bindings created on the translation

State or bindings are created on every unique translation

Requires IPv4-translatable IPv6 addresses assignment

No requirement on the nature of IPv6 address assignment

Requires either manual or DHCPv6 based address assignment for IPv6 hosts

Free to choose any mode of IPv6 address assignment viz. Manual, DHCPv6, SLAAC


Subscribers

IPv4 Content

Considerations: Experience, Scale, Cost, Operations, Technology…

Hosting/ CDN ISP V6-only

End User

4

4

6

6

IPv6 IPv4

ISP


•  Synthesizes AAAA records when AAA not present

With IPv6 prefix of NAT64 translator

Internet

AAAA?

IPv6-only host

AAAA?

Empty answer

A?

192.0.2.1 2001:DB8:ABCD::192.0.2.1

(sent simultaneously)

DNS64

26



ASR1000 Benefits §  NAT64 to provide IPv4 preservation via PAT §  Bring up additional customers/sites with IPv6 §  Concurrently run NAT64 with PE features without

performance degradation §  Dual-stack solutions to run multiple services §  QoS Policies aggregation for bandwidth

reservation and prioritization

§  IPv4 preservation. Support ICMP, UDP, TCP Apps.

§  IPv6 Network Adoption and Acceleration

§  Integrated Services, NAT64 at Provider Edge

§  Large selection of I/O and High Throughput

§  Concurrent support for IPv4 & IPv6 Services

§  Customer segmentation using VLANs with QoS to implement SLAs

Solution Characteristics

OLT

CMTS

Content Farms

VOD TV SIP GGSN HA PDN

GW

WiMAX

Ethernet

DSLAM

WiFi Mesh

Mobile

Residential

Business

Corporate

IPv6 Subscribers Access IP Edge Core

Core Network

MPLS /IP

Ethernet/MPLS/IP

Internet

Internet

Applications & Services

v4 v6

NAT64


ASR1000 Benefits Solution Characteristics

IPv4 Internet

ISR 2900/3900 Branch Offices/ Customers Public Internet Services

V6 Enabled CPEs

ASR1K Stateful NAT64 Translator

IPv4 Network Services

IPv6 Prefix IPv4 addr suffix

Any type of IPv6 Prefix is allowed

IPv4 addr IPv6 Address

V6 Network Branch/ Customer

Enterprise Edge/ SP Edge

§  IPv4 preservation. Support ICMP, UDP, TCP Apps.

§  IPv6 Network Adoption and Acceleration

§  Integrated Services, NAT64, IPsec, FW & CE

§  Large selection of I/O and High Throughput

§  Concurrent support for IPv4 & IPv6 Services

§  Customer segmentation using VLANs with QoS to implement SLAs

§  NAT64 to provide IPv4 preservation via PAT §  Bring up additional customers/sites with IPv6 §  Concurrently run NAT64 with CE, IPsec, and Firewall

features without performance degradation §  Dual-stack solutions to run multiple services §  QoS Policies aggregation for bandwidth

reservation and prioritization


ASR1000 Benefits

§  Deployment flexibility from 2.5G to100G, low initial investment required

§  Hardware processed - High performance/ High scalability

§  No need for dedicated hardware §  Works for both PTA and LNS deployment models §  Rich ALG support

§  Directly and effectively addresses IPv4 address exhaustion for residential service providers

§  Highly deployable based on known technology

§  Least impact on existing infrastructure, including backend systems, maximizes return on investment

Solution Characteristics

Internet

ISP A

Firewall

Ethernet

ASR1000

LNS

BRAS/LAC

ASR1000

NAT per PPP session

NAT per PPP session


•  Cisco ASR1000

3rd Party Partner

•  Netflow v9

Netflow Collector

•  Security event correlation and reduction for multi-gigabit traffic

Introducing NetFlow v9 capabilities on ASR1000 Extends 10+ years of NetFlow innovation Enables compliance auditing

•  Support Logging of: §  Source and Destination IP/Ports §  Translated Source and Destinations IP/Ports §  VRF-ID



Application Domain

• Linux Based • Multi-Purpose Compute Resource • Used for CDS Application with On-board Modular Flash Storage • Used for Translation Setup and Logging of CGN Applications

IOS-XR Router Domain

• IOS-XR • Control Plane • Data Forwarding • L3, L2 (management) • IRB (4.1.1) • Hardware Management

Decoupling Application and IOS-

XR Plane delivers Highly Scalable and Flexible

Services



§  NAT64 facilitates a gradual migration to IPv6 by allowing “green-field” IPv6 networks to connect with the existing “legacy” IPv4 internet/networks.

§  Stateful NAT64 facilitates seamless internet experience to users accessing the existing IPv4 internet services via a “green-field” IPv6-only network.

§  SPs/Enterprises/Content providers or enablers can provide the IPv4 services seamlessly to IPv6 internet users by using stateful NAT64 technology, with minimal or no changes in the existing network infrastructure and thus maintaining IPv4 business continuity.

§  Translation is not a long-term support strategy; it is a medium-term coexistence strategy that can be used to facilitate a long-term program of IPv6 transition by both Enterprises and SPs.


Cisco ISR G2

Cisco ASR 1000 Series

Cisco Carrier Routing System (CRS-1 / 3)

Cisco ASR 9000 Series Integrated Service Module

Stateless NAT64

Cisco IOS 15.4(1) (Nov 2013)

Cisco IOS® XE 3.2S

Cisco IOS XR 3.9.3

N/A

Stateful NAT64

Cisco IOS 15.4(2) (March 2014)

Cisco IOS XE 3.4S

Cisco IOS XR 4.1.2

Cisco IOS XR 4.3.0


§  For more information about IPv6, visit http://www.cisco.com/go/ipv6

§  For more information about Cisco service provider solutions, visit http://www.cisco.com/go/sp

§  For more information about Cisco enterprise solutions, visit http://www.cisco.com/go/enterprise

§  Whitepaper - NAT64 Technology: Connecting IPv6 and IPv4 Networks http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/white_paper_c11-676278.html

§  Whitepaper - NAT64 Stateless versus Stateful http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/white_paper_c11-676277.html

§  For additional white papers on IPv6, visit http://www.cisco.com/en/US/products/ps6553/prod_white_papers_list.html

§  http://blogs.cisco.com/news/world-ipv6-day-working-together-towards-a-new-internet-protocol/


§  ASR 1000 - Internet Gateway Router Design

http://www.cisco.com/en/US/prod/collateral/routers/ps9343/solution_overview_c22-450068_ps9343_Product_Solution_Overview.html

§  Cisco ASR 1000 Series Embedded Services Processors Data Sheet

http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-450070.html

§  ASR 9000 Series Integrated Service Module http://www.cisco.com/en/US/prod/collateral/routers/ps9853/data_sheet_c78-663164.pdf

§  CRS-1/3 Carrier-Grade Services Engine http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/brochure_c02-560497_ns1017_Networking_Solutions_Brochure.html


•  Thank you! •  Please complete the post-event survey •  Join us for upcoming webinars: Register: www.cisco.com/go/techadvantage

Follow us @GetYourBuildOn