Escolar Documentos
Profissional Documentos
Cultura Documentos
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Goal of IPv6 Transition Technologies
Recommended Approach to Deployment:
RFC 4213 Dual-Stack Deployment
IPv6-only
Hosts or Network
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Perspective
So:
IPv6 needs to interoperate with IPv4
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Address Depletion Causes Friction
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Transition Goals
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Overview of Transition Technologies
Transition Technologies in one Slide
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Obtain IPv4 Addresses
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Obtain IPv4 Addresses
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Dual Stack: Host Gets IPv4 and IPv6 Address
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Problems with Dual Stack
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Problem and Solution
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Problem Described
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
The Happy Eyeballs Solution
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Optimizing Happy Eyeballs
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Happy Eyeballs
Users are happy fast response even if IPv6 (or IPv4) path is down
Network administrators are happy
Users no longer trying to disable IPv6
Reduces IPv4 usage (reduces load on CGN)
Content providers are happy
Improved geolocation and DoS visibility with IPv6
RFC6555, draft-ietf-v6ops-happy-eyeballs
By Dan Wing and Andrew Yourtchenko
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Happy Eyeballs Coverage
www other
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Happy Eyeballs Implementations
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Chrome and Firefox Implementation
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Apple Implementation
http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
IPv4 Address Sharing: CGN
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Carrier Grade NAT (CGN, LSN)
Private
IP
Private
IPv4
Private IP IP
IPv4
IPv4
Private IP
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Dual-Stack Lite
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Dual-Stack Lite
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Dual-Stack Lite: IPv4 over IPv6 Access
Private
IPv4
IPv6
IPv4
IPv6
Private IPv6
IPv4
IPv4
IPv6
IPv4-over-IPv6 Carrier-Grade
tunnels NAT44 (CGN, LSN)
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
6rd and 6rd with CGN
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Problem: Gap in IPv6 Availability
AAA,
DHCP,
OSS
IPv6 Ready
Backbone
(6PE or
Native)
IPv4-Only Access,
Aggregation, AAA
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
6rd: While Connecting IPv6 Islands
IPv6 over IPv4
Private
IPv4
IPv6
Private IPv6
IPv4 IPv4
IPv4
IPv6
Border Relay
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
6rd in One Slide
Subscriber IPv6 prefix One line global
derived from IPv4 address config for IPv6
Gateway 6rd
6rd 6rd
IPv4
CGN44
IPv6
6rd
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Essential Parts of 6rd
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
MAP
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Mapping of Address and Port
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Mapping of Address and Port (MAP)
MAP-T, Translation
Formerly called Dual-IVI, draft-mdt-softwire-map-translation
CPE router performs NAT46, ISP performs NAT64
Advantage: IPv6 on the wire, (future) ability to do NAT46
MAP-E, Encapsulation
Formerly called 4rd, draft-mdt-softwire-map-encapsulation
Advantage: Tunnel (familiar technology)
4rd-U
Combination of MAP-T and MAP-E, draft-despres-softwire-4rd-u
Non-translatable IPv4 placed into IPv6 Fragmentation Header
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Deep Dive: Address Sharing
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
IP Reputation
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
IPv4 Address Sharing
CGN
a big NAT operated by an ISP (carrier), enterprise, or University
Dual-Stack Lite (called AFTR)
NAT444 (subscribers NAT44 and ISPs CGN44)
NAT64
MAP (Mapped Address and Port)
Conceptually, a CGN with (some) fixed ports
Address + Port, SD-NAT (Juniper), Deterministic NAT (Cablelabs)
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
IP Reputation
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Network Numbering, Port Limits, and Port
Forwarding
Subscribers will always have NATs at home
Faster wireless, $20 rebate coupon
Network numbering between subscriber and address-sharing device
RFC1918 conflicts with users space, breaks some subscriber NATs
Thus, use RFC1918 space or maybe RFC6598 (100.64.0.0/10) space
Per-subscriber TCP/UDP port limits
Prevent denying service to other subscribers
If too low, can interfere with applications (see next slide)
Port forwarding
Games, servers at home (Slingbox, webcam, etc.)
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Application Layer Gateway (ALG)
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Modern Applications Avoid Relying on ALG
Successful applications have to work everywhere
Coffee shop, home, work, hotel, airport, 3G
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
IP Address Sharing: Operating a Server
One port only goes to one subscriber
Everybody wants TCP/80
Address
IPv4
IPv4private Sharing Internet
device
(CGN, MAP)
TCP/80
(HTTP)
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Port Control Protocol (PCP)
UPnP IGD 1.0 and 2.0 are unsuitable for CGN
Multicast discovery, no support for NAT64, XML
PCP is a new protocol, draft-ietf-pcp-base
Simple UDP request/responses, easy to parse
Two major functions:
1. Port forwarding
2. Reduce keepalive traffic (battery-operated devices: tablets, smartphones)
PCP Supports:
IPv6 firewall, IPv4 firewall, NAT44, NAT64, NAT46, NPTv6 (NAT66), RFC6296
Home NAT and Carrier Grade NAT
Supported by all the major vendors
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
PCP: Purpose
52
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
PCP Deployment
Host implements PCP
PCP Server
PCP Server
IPv4
IPv6
NAT64
IPv6-only hosts IPv4-only hosts
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
From NAT-PT to NAT64
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
IPv6/IPv4 Translation
Stateful Stateless
1:N translation 1:1 translation
NAPT NAT
TCP, UDP, ICMP Any protocol
Shares IPv4 addresses No IPv4 address savings
Just like dual-stack
(MAP does share)
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
IPv4/IPv6 Translation Scenarios
stateful stateless
IPv6 IPv4
1. Network
Internet
2. IPv4 IPv6
Network
Internet
3. IPv6 IPv4
Internet Network
5. IPv6
Network
IPv4
Network
6. IPv4
Network
IPv6
Network
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Details on Scenario 1 and Scenario 3
stateful stateless
IPv6 IPv4
1. Network
Internet
2. IPv4 IPv6
Network
Internet
3. IPv6 IPv4
Internet Network
5. IPv6
Network
IPv4
Network
6. IPv4
Network
IPv6
Network
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Connecting an IPv6 network to the IPv4 Internet
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Connecting an IPv6 network to the IPv4 Internet
IPv6
Internet
DNS64
IPv6/IPv4
IPv4
Translator
Internet
(NAT64)
IPv6-only clients
DNS64 Internet
IPv6-only host
AAAA? AAAA?
Empty answer
(sent
simultaneously) A?
2001:DB8:ABCD::192.0.2.1 192.0.2.1
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
DNS64
Works for applications that do DNS queries
http://www.example.com
IMAP, connecting to XMPP servers, etc.
Works with DNSSEC
Breaks for applications that use IP address literals
http://1.2.3.4
SIP, RTSP, H.323, XMPP peer to peer, etc.
Solutions:
Application-level proxy for IP address literals (HTTP proxy)
Learn NAT64s prefix, draft-ietf-behave-nat64-discovery-heuristic
NAT46/BIH (Bump In the Host), RFC6535
464XLAT (see next slide)
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
464XLAT
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Details on Scenario 1 and Scenario 3
stateful stateless
IPv6 IPv4
1. Network
Internet
2. IPv4 IPv6
Network
Internet
3. IPv6 IPv4
Internet Network
5. IPv6
Network
IPv4
Network
6. IPv4
Network
IPv6
Network
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
IPv6 Internet into IPv4-only Datacenter
IPv6 Stateful
NAT64 Public IPv4
Private IPv4
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Issues with NAT64 for Data Center
Requires stateful translation
Because IPv6 Internet is bigger than IPv4 address space
Cannot represent every address in IPv4
All connections come from translators IPv4 address
Problem for abuse logging
Lack of X-Forwarded-For: header
Application proxy can be superior
Application proxy can add X-Forwarded-For: header
Example: Load balancer, Lighthttpd
But TLS interaction is different
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Summary of Technology Requirements
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Complete Your Online
Session Evaluation
Give us your feedback and you
could win fabulous prizes.
Winners announced daily.
Receive 20 Passport points for each
session evaluation you complete.
Complete your session evaluation
online now (open a browser through
our wireless network to access our Dont forget to activate your
portal) or visit one of the Internet Cisco Live Virtual account for access to
stations throughout the Convention all session material, communities, and
on-demand and live activities throughout
Center. the year. Activate your account at the
Cisco booth in the World of Solutions or visit
www.ciscolive.com.
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Final Thoughts
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
BRKSPG-2602 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public