Anastasios Chatzithomaoglou IP Engineering – Forthnet 17-10-2013.

Slides:



Advertisements
Similar presentations
Draft-ietf-softwire-dual-stack-lite-01.txt Yiu Lee
Advertisements

IETF 80 th Problem Statement for Operational IPv6/IPv4 Co-existence 3/31/2011 Chongfeng Xie Qiong Sun
Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.
CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Firewalls and Network Address Translation (NAT) Chapter 7.
CSC458 Programming Assignment II: NAT Nov 7, 2014.
DHCPv6.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_b Subnetting,Supernetting, CIDR IPv6 Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.
PRIVATE NETWORK INTERCONNECTION (NAT AND VPN) & IPv6
IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
Implementing IPv6 Module B 8: Implementing IPv6
IPv4 Run Out and Transitioning to IPv6 Marco Hogewoning Trainer, RIPE NCC.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 25 Introduction to Computer Networks.
CS 457 – Lecture 16 Global Internet - BGP Spring 2012.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
Some Observations on CGNs Geoff Huston Chief Scientist APNIC.
Deployment Considerations for Dual-stack Lite draft-lee-softwire-dslite-deployment-00 Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker
Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )
DS-Lite for Point-to- Point Access Network IETF 78 Maastricht 2010 July 30.
Middleboxes & Network Appliances EE122 TAs Past and Present.
For IPv6 host connecting IPv4 Internet 1 Yong Cui, Jianping Wu Tsinghua Univ. (CERNET) Contact:
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
4V6 – aka stateless 4Via6 stateless-4v6-00 W. Dec 1.
Network LayerII-1 RSC Part II: Network Layer 3. IP addressing (2nd part) Redes y Servicios de Comunicaciones Universidad Carlos III de Madrid These slides.
Adapted from: Computer Networking, Kurose/Ross 1DT066 Distributed Information Systems Chapter 4 Network Layer.
1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
Lightweight 4over6 + SD-nat (aka stateless DS-Lite) = Lightweight DS-Lite (twice as light!) Alain Durand (Juniper) Ian Farrer (DT) (Softwire item, presented.
CIS 3360: Internet: Network Layer Introduction Cliff Zou Spring 2012.
Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
Sharing a single IPv4 address among many broadband customers
UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.
1 Objectives Identify the basic components of a network Describe the features of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)
Transport Layer3-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.
Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Bjorn Landfeldt, The University of Sydney 1 NETS 3303 IPv6 and migration methods.
PacINET 2011 The state of IP address distribution and its impact Elly Tawhai Senior Internet Resource Analyst/Liaison Officer, Pacific, APNIC 1.
Ch. 23, 25 Q and A (NAT and UDP) Victor Norman IS333 Spring 2015.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
NT1210 Introduction to Networking
Network Layer IP Address.
Lightweight 4over6: An Extension to DS-Lite Architecture draft-cui-softwire-b4-translated-ds-lite-09 Y. Cui, Q. Sun, M. Boucadair, T. Tsou, Y. Lee and.
IETF 80 th Lightweight Address Family Transition for IPv6 draft-sunq-v6ops-laft6-01 Chongfeng Xie( China Telecom ) Qiong Sun( China Telecom)
19.1 Chapter 19 Network Layer: Logical Addressing Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IPv4 shortage and CERN 15 January 2013
4.3 Network Layer Logical Addressing
Implementing IP Addressing Services
NAT (Network Address Translation)
IPV6 TECHNIQUES TO Re-IMAGINE RESEARCH AND EDUCATION NETWORKS
IPv6 Deployment: Business Cases and Development Options
CS 3700 Networks and Distributed Systems
Stateless Source Address Mapping for ICMPv6 Packets
CIS 82 Routing Protocols and Concepts Chapter 11 NAT
CS 3700 Networks and Distributed Systems
CHAPTER 8 Network Management
DHCP: Dynamic Host Configuration Protocol
Multicast Support for Dual Stack Lite and 6RD
Presentation transcript:

Anastasios Chatzithomaoglou IP Engineering – Forthnet

IPv6 IPv6 in (2)(2) Reserve IPv6 prefixes Configure IPv6 prefixes Update DNS TR-069 MAIL WEB √ √ √ √ √ √ √ √ √ √ √ √ Update IPv6 filters …in just a few hours…

Forthnet Statistics (3)(3)

IPv6 IPv6 measurements (4)(4) RIPE: 4,8% W6L: 2,35% APNIC: 5%

IPv6 IPv6 subscribers (5)(5) More than 10% of subscribers could access the internet over IPv6 in June A wrong default value in the latest firmware of one of our CPEs But only 8% can actually do it Why? But only 8% can actually do it Why? Almost 23% of subscribers should access the internet over IPv6 in October in 2014

IPv6 IPv6 traffic vs IPv4 traffic (6)(6) IPv6 traffic percentage Dual-Stack Subscribers 15% of Dual-Stack subscribers are uploading more IPv6 than IPv4 20% of Dual-Stack subscribers are downloading more IPv6 than IPv4 15% of Dual-Stack subscribers are uploading more IPv6 than IPv4 20% of Dual-Stack subscribers are downloading more IPv6 than IPv4 Jun 2013 vs Oct 2013

IPv6 IPv6 traffic (7)(7) Almost 2% of our traffic is over IPv6 We expect that to reach 6% in 2014

IPv6 IPv6 CPEs (8)(8) IPv6 in CPEs  5 CPEs with Dual-Stack (6 firmwares avg)  5 CPEs with DS-Lite (3 firmwares avg)  1 CPE with PCP (5 firmwares avg) Most common problems  DHCPv6-PD not working  Passing DNS info to clients  Non-optimal MTU

Forthnet DS-Lite (9)(9) IPv4 Address Depletion DS-Lite

IPv4 Address Depletion Centralized IPv4 (10) Migrating from Decentralized IPv4 Assignment to Centralized  Currently each BRAS has its own IPv4 local pool (distributed model)  There exist 5 BRAS clusters (to become 3 soon), each one with an overflow BRAS  Due to BRAS clustering, only the overflow BRAS has underutilization of its local IPv4 address pool  A migration is underway in order to move distributed pools from overflow BRAS of all clusters to a centralized DHCPv4 server  Routing de-aggregation will be minimal  An extension of a few months is expected for the IPv4 depletion date

DS-Lite NAT444 vs DS-Lite Cost (11) Multiplier Months

DS-Lite DS-Lite in Forthnet (12)

(1) Forthnet & DS-Lite DS-Lite Operation (13) IPv4 HostCPE (B4)BRASAFTRIPv4 Servers IPv4 InternetIPv6 Network a02:2148:99::992a02:2148:77:76:1:: Softwire IPv4 src: IPv4 dst: TCP src: 1025 TCP dst: 80 IPv6 src: 2a02:2148:99::99 IPv6 dst: 2a02:2148:77:76:1::1 IPv4 src: IPv4 dst: TCP src: 1025 TCP dst: 80 IPv4 src: IPv4 dst: TCP src: 2025 TCP dst: 80 IPv4 src: IPv4 dst: TCP src: 80 TCP dst: 2025 IPv6 src: 2a02:2148:77:76:1::1 IPv6 dst: 2a02:2148:99::99 IPv4 src: IPv4 dst: TCP src: 80 TCP dst: 1025 IPv4 src: IPv4 dst: TCP src: 80 TCP dst: 1025 (2) Tunnel (3) NAT44 (4) (5) NAT44 & Tunnel (6) add IPv6 header remove IPv6 header, do translation remove IPv6 header, do translation do translation, add IPv6 header do translation, add IPv6 header remove IPv6 header

DS-Lite Logging Parameters (14) Current Logging Parameters  Date/Time  Reporting device identifier  Subscriber identifier (Username/Circuit-ID)  IPv4 address/network  WAN IPv6 Prefix (used for correlation with the new logging parameters)  LAN IPv6 Prefix

DS-Lite Logging Parameters (15) New Logging Parameters  Reporting device type (Optional)  Reporting device identifier (Optional/Mandatory per case)  Subscriber identifier (Mandatory)  External IPv4 address (Mandatory)  External port or ICMP identifier (Mandatory)  Protocol identifier (Optional/Mandatory per case)  Internal port or ICMP identifier (Optional/Mandatory per case)  Internal address of the source of the packet (Optional/Mandatory per case) Dst IPv4 Address is not required/recommended due to privacy issues Dst owner should keep track of source ports Dst IPv4 Address is not required/recommended due to privacy issues Dst owner should keep track of source ports

DS-Lite Logging Solutions (16) efficient customized requires collector requires extra application IPFIX readable searchable reduced performance larger volume SYSLOG SYSLOG could be used on a back-end device processing IPFIX records in real-time

DS-Lite DS-Lite Logging (17) Sample output from AFTR Original MessageStored Message 2013 Sep 14 19:19: aftr-kln-01_re0 (FPC Slot 2, PIC Slot 0) :19:17 {DSLITE-SERVICE-SET}[FWNAT]: ASP_SFW_CREATE_ACCEPT_FLOW: proto 6 (TCP) application: tcp, xe-0/1/0.0: : > :80, creating forward or watch flow ; source address and port translate to :1886 ;Softwire 2a02:2148:100:301:f53a:a74a:1c28:a36f- >2a02:2148:77:76:1:0:0:1 FieldOriginal ValueFinal Value Date/Time 2013 Sep 14 19:19:17 19:19:17 ActionCreate/DeleteC/D ProtocolTCP6 Src Int IPv4 Address Src Int IPv4 Port Src Ext IPv4 Address Sep 14 19:29: aftr-kln-01_re0 (FPC Slot 2, PIC Slot 0) :29:19 {DSLITE-SERVICE-SET}[FWNAT]: ASP_SFW_DELETE_FLOW: proto 6 (TCP) application: any, (null)(null) : > :80, deleting forward or watch flow ; source address and port translate to :1886 ;Softwire 2a02:2148:100:301:f53a:a74a:1c28:a36f- >2a02:2148:77:76:1:0:0:1 Src Ext IPv4 Port1886 Dst IPv4 Address-- Dst IPv4 Port-- Src IPv6 Address 2a02:2148:100:301:f 53a:a74a:1c28:a36f 2a02:2148:100:301 Total Bytes11456 Date is not required, because it’s embedded in each log filename Dst IPv4 Address is not required/recommended (Dst owner should keep track of source ports too) Further decrease can be accomplished by omitting some delimiters, prefixes and the Delete/Release actions Date is not required, because it’s embedded in each log filename Dst IPv4 Address is not required/recommended (Dst owner should keep track of source ports too) Further decrease can be accomplished by omitting some delimiters, prefixes and the Delete/Release actions

DS-Lite Logging Volume (18) Logging Volume Calculations An average subscriber generates 27k connections per 24 hours (assuming not idle) An bittorent user makes 27k connections per hour! 1/5 of these are unique… Logging messages can have a length of 114 bytes or 56 bytes if optimized  27k x 114 = 3,1 MB logs per user per day  27k x 56 = 1,5 MB logs per user per day if optimized A CGN can serve at least 32k subscribers  32k x 3,1 MB = 99 GB per day, aka 3,0 TB per month  32k x 1,5 MB = 48 GB per day, aka 1,4 TB per month if optimized Assumptions  No compression is happening  Can provide 1/10 smaller size  Makes searching harder and slower  No traffic is switched over to IPv6  IPv6 traffic is currently 2% of IPv4, showing exponential increase  New IPv4 subscribers are added every day

DS-Lite DS-Lite with PBA/PCP Logging (19) Sample output from AFTR (PBA+PCP) Original MessageStored Message 2013 Sep 19 10:08: aftr-kln-01_re0 (FPC Slot 8, PIC Slot 0) :08:10 [FWNAT]:ASP_NAT_PORT_BLOCK_ALLOC: 2a02:2149:ff01:6869:7c84:6829:ca04:f3cd -> : Sep 19 09:58: aftr-kln-01_re0 (FPC Slot 8, PIC Slot 0) :58:48 {TEST-PCP-SERVICE- SET}[FWNAT]:ASP_PCP_NAT_MAP_CREATE: 2a02:2149:ff01:6869:7c84:6829:ca04:f3cd : > :48000 FieldOriginal ValueFinal Value Date/Time2013 Sep 19 10:08:1010:08:10 Action Create/Delete Allocate/Release C/D/A/R Protocol?? Src Int IPv4 Address Src Int IPv4 Port Src Ext IPv4 Address Sep 19 10:50: aftr-kln-01_re0 (FPC Slot 8, PIC Slot 0) :50:59 [FWNAT]:ASP_NAT_PORT_BLOCK_RELEASE: 2a02:2149:ff01:6869:7c84:6829:ca04:f3cd -> : x523aa Sep 19 10:58: aftr-kln-01_re0 (FPC Slot 8, PIC Slot 0) :58:48 {TEST-PCP-SERVICE- SET}[FWNAT]:ASP_PCP_NAT_MAP_DELETE: 2a02:2149:ff01:6869:7c84:6829:ca04:f3cd : > :48000 Src Ext IPv4 Port Range Dst IPv4 Address-- Dst IPv4 Port-- Src IPv6 Address 2a02:2149:ff01:6869: 7c84:6829:ca04:f3cd 2a02:2149:ff01:6869 Total Bytes12462 Date is not required, because it’s embedded in each log filename Dst IPv4 Address is not required/recommended (Dst owner should keep track of source ports too) Further decrease can be accomplished by omitting some delimiters, prefixes and the Delete/Release actions Date is not required, because it’s embedded in each log filename Dst IPv4 Address is not required/recommended (Dst owner should keep track of source ports too) Further decrease can be accomplished by omitting some delimiters, prefixes and the Delete/Release actions

DS-Lite PBA Logging Volume (20) PBA Logging Volume Calculations An average subscriber makes 60 block allocations per 24 hours (assuming not idle) An bittorent user makes 80 block allocations per 24 hours. Very little difference… Logging messages can have a length of 124 bytes or 62 bytes if optimized  60 x 124 = 7 KB logs per user per day  60 x 62 = 3,7 KB logs per user per day if optimized A CGN can serve at least 32k subscribers  32k x 7 KB = 238 MB per day, aka 7 GB per month  32k x 3,7 KB = 119 MB per day, aka 3,5 GB per month if optimized Outcomes & Comments  No compression needed  No optimization needed  Little dependency on IPv6 traffic switchover  PCP mappings make very little difference  Depending on port block size and timeout, further optimization can be achieved

DS-Lite Next Steps (21) Next steps regarding IPv4 depletion  Focus on technologies that lead to logging per port-set (natx4-log-reduction, deterministic-cgn, etc.)  Evaluate Lw4over6 (move NAT from AFTR to B4)  Evaluate other stateless solutions like MAP (still lacking CPE vendor interest)  Implement automatic correlation of BRAS radius acct records with AFTR NAT mapping logs, unless RFC 6736 gets implemented first Migrating customers to native IPv6 is always top priority

Forthnet PCP (22) PCP

About (23) PCP  Port Control Protocol  RFC 6887  Server & Client/Proxy  UPnP IGD-PCP Interworking Function PCP main objective  Enable subscriber applications to receive incoming connections in coordination with an ISP NAT/Firewall device  Enable an explicit communication between CPE/applications and the ISP NAT/Firewall device, instead of using NAT traversal techniques (STUN/TURN/ICE)  Good potential to become the “carrier-grade” evolution of UPnP and NAT-PMP PCP & DS-Lite  In plain mode, B4 element acts as PCP-client or PCP-proxy for IPv4 clients behind it and will send requests for PCP mappings using the THIRD_PARTY option PCP might become an all-around protocol for signaling (like BGP)

PCP PCP & DS-Lite Operation (24) IPv4 Host (Server) CPE (B4) PCP Client BRAS AFTR PCP Server IPv4 Host (Client) IPv4 InternetIPv6 Network a02:2148:99::992a02:2148:77:76:1:: Softwire IPv6 src: 2a02:2148:99::99 IPv6 dst: 2a02:2148:77:76:1::1 UDP dst: 5351 Lifetime: 3600 Client IP : 2a02:2148:99::99 Protocol: 6 (TCP) Int Port: Sug Ext Port: Sug Ext IP : ::ffff: Int IP: ::ffff: IPv4 src: IPv4 dst: TCP src: TCP dst: IPv6 src: 2a02:2148:77:76:1::1 IPv6 dst: 2a02:2148:99::99 UDP src: 5351 Lifetime: 3600 Protocol: 6 (TCP) Int Port: Ass Ext Port: Ass Ext IP: ::ffff: Int IP : ::ffff: IPv4 src: IPv4 dst: TCP src: TCP dst: (1) MAP Request (3) (2) MAP Response (5) Ask TCP port for 1h Give TCP port for 1h IPv6 src: 2a02:2148:77:76:1::1 IPv6 dst: 2a02:2148:99::99 IPv4 src: IPv4 dst: TCP src: TCP dst: (4) NAT44 & Tunnel remove IPv6 header do translation, add IPv6 header do translation, add IPv6 header

PCP PCP/UPnP & DS-Lite Operation (25) CPE (B4) UPnP/IWF & PCP Client BRAS AFTR PCP Server IPv4 InternetIPv6 Network a02:2148:99::992a02:2148:77:76:1:: Softwire IPv6 src: 2a02:2148:99::99 IPv6 dst: 2a02:2148:77:76:1::1 UDP dst: 5351 Lifetime: 3600 Client IP : 2a02:2148:99::99 Protocol: 6 (TCP) Int Port: Sug Ext Port: Sug Ext IP : ::ffff: Int IP: ::ffff: IPv4 src: IPv4 dst: TCP src: TCP dst: IPv6 src: 2a02:2148:77:76:1::1 IPv6 dst: 2a02:2148:99::99 UDP src: 5351 Lifetime: 3600 Protocol: 6 (TCP) Int Port: Ass Ext Port: Ass Ext IP: ::ffff: Int IP : ::ffff: IPv4 src: IPv4 dst: TCP src: TCP dst: (2) MAP Request (5) (3) MAP Response (7) Ask TCP port for 1h Give TCP port for 1h IPv6 src: 2a02:2148:77:76:1::1 IPv6 dst: 2a02:2148:99::99 IPv4 src: IPv4 dst: TCP src: TCP dst: (6) NAT44 & Tunnel remove IPv6 header do translation, add IPv6 header do translation, add IPv6 header IPv4 src: IPv4 dst: Lease Duration: 3600 Protocol: TCP Ext Port: Int Port: Int Client: (1) UPnP AddAnyPortMapping IPv4 src: IPv4 dst: Res Port:46000 (4) UPnP AddAnyPortMapping Ask TCP port for 1h Give TCP port for 1h IPv4 Host (Server) IPv4 Host (Client)

PCP Custom CPE page for tests (26) A custom page was created on the CPE in order to start experimenting with PCP

PCP Tests (27) Create a NAT port-forwarding entry for a web server on internal port Create a NAT port-forwarding entry for a web server on internal port 50006

PCP Issues (28) Implementation issues  Many PCP servers seem to be stuck at draft versions (RFC out from April)  Support mostly for MAP opcode  Main focus on PCP client and PCP/UPnP-IGD IWF functionality  PCP proxy not preferred (any apps out there?)  PREFER_FAILURE by default on  Many bugs with lifetimes and timeouts Nevertheless, DS-Lite and PCP work! Nevertheless, DS-Lite and PCP work! Still a lot to be done in PCP

Forthnet Past, Present & Future (29)

IPv6, DS-Lite & PCP The End (30)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.