Service Provider IPv6 Deployment

Transcription

1 Service Provider IPv6 Deployment TXv6TF 2010 IPv6 Summit October 11-12, 2010 Salman Asadullah Cisco Systems

2 Prerequisites: Session Abstract This session focuses on SP IPv6 deployment techniques which will help network designers/administrators understand IPv6 operation and implementation options for native IPv4 and MPLS Core environments. This session will also cover IPv6 integration techniques in SP Broadband Access Networks (xdsl, ETTH, Cable, Wireless), IPv6 Provisioning techniques and SP Advanced Services. This session will highlight IPv6 integration options available for end-to-end SP networks (i.e. Access, Core and Provisioning Systems). Attendee must have a solid foundation of IPv6 basics (Addressing, Routing), MPLS, Multicast, IPv4 Broadband Access networks and Provisioning Cisco and/or its affiliates. All rights reserved. Cisco Public 2

3 Agenda SP IPv6 Integration Strategy IPv6 in Core Networks and Deployment Models Native IPv4 Environments MPLS Environments IPv6 in Access Networks and Deployment Models IPv4 Translation (NAT444) IPv6 Integration DOCSIS 3.0 IPv6 Reference Architecture IPv6 Provisioning Conclusion 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3

4 SP IPv6 Integration Strategy Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4

5 The Growing Internet Challenge The gap between supply and demand for IP addresses the key Internet resource is widening IPv4 Address Blocks Remaning 1 Internet-Enabled Devices 2 25 < 700 Days Remaining 15B 0 Today Sep 2011 The pool of IPv4 address blocks is dwindling rapidly 5B Today While the number of new Internet devices is exploding 1 Geoff Huston, APNIC, tracking /8 address-blocks managed by the Internet Assigned Numbers Authority 2 Cisco Visual Networking Index / Intel Embedded Internet Projections 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5

6 ... and Internet Evolution Moving to 3 IP Address Families: Public IPv4, Private IPv4, IPv6 Public IPv4 Public IPv4 Private IPv4 IPv6 Private IPv4 Services & Applications running over IPv6 IPv4/IPv6 Coexistence Infrastructure Preserve IPv4 IPv6 Internet Today v4 run out Cisco and/or its affiliates. All rights reserved. Cisco Public 6

7 IPv6 in the SP: Drivers External Drivers SP customers that need access to IPv6 resources (for development or experimentation purposes) SP customers that need to interconnect their IPv6 sites SP customers that need to interface with their own customers over IPv6 (ex: contractors for DoD) Internal Drivers Handle some problems that are hard to fix with IPv4 (ex: managing large number of devices such as Cell phones, set-tops, IP cameras, sensors, etc.) Public IPv4 address exhaustion (~2011/2012) Private IPv4 address exhaustion Strategic Drivers Long term expansion plans and service offering strategies Preparing for new services and gaining competitive advantage 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

8 IPv6 Integration and Co-Existence Many ways to deliver IPv6 services to End Users, Most important is End to End IPv6 traffic forwarding as applications are located at the edge SPs may have different deployment needs and mechanisms but basic steps are common IPv6 Addressing Scheme Routing Protocol(s) IPv6 Services - QoS, Multicast, DNS, Security Network Management Resources are shared between the two protocols for both Control and Forwarding Plane. Evaluate processor utilization and memory needs Most vendors have good IPv6 HW forwarding performance 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

9 Today s Network Infrastructure SP Core Infrastructures 2 Basic Paths MPLS with its associated services MPLS/VPN, L2 services over MPLS, QoS, Native IPv4 core with associated services L2TPv3, QoS, Multicast, IP Services Portfolio Access Enterprise: Leased lines Home Users/SOHO: ADSL, FTTH, Dial Data Center: Web hosting, servers, Next step The integration of IPv6 services 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

10 Service Provider: CORE Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 10

11 IPv6 Deployment Options CORE IPv6 in Native IPv4 Environments Tunneling IPv6-in-IPv4 Native IPv6 with Dedicated Resources Dual-Stack IPv4 and IPv6 IPv6 in MPLS Environments 6PE 6VPE 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11

12 IPv6 in Native IPv4 Environments Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12

13 Tunnelling IPv6 in IPv4 IPv6 SP IPv6 Site A IPv4 SP BB U N I V E R S I T Y IPv6 IX IPv6 Site B Tunnelling Options Manual Tunnels (RFC 2893), GRE Tunnels (RFC 2473), L2TPv3, SP Scenarios Configured Tunnels in Core Configured Tunnels or Native IPv6 to IPv6 Enterprise s Customers MP-BGP4 Peering with other IPv6 users Connection to an IPv6 IX 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 13

14 Native IPv6 over Dedicated Data Link Internet Service Provider ATM Backbone with IPv4 and IPv6 Services IPv6 IX IPv6 IPv4 ISP Scenario Dedicated Data Links between Core routers Dedicated Data Links to IPv6 Customers Connection to an IPv6 IX Campus IPv4 and IPv6 VLANs 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14

15 Dual-Stack IPv4 and IPv6 Enterprise Dual-Stack or Dedicated L2 Circuits Relay Courtesy Service DSL, Cable, FTTH, etc. Aggregation Dual-Stack Core IPv6 Broadband Users Hot-Spot IPv6 transit services IPv6 enabled on Core routers Enterprise and consumer IPv6 access 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

16 Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

17 IPv6 over MPLS Many ways to deliver IPv6 services to end users Most important is end-to-end IPv6 traffic forwarding Many service providers have already deployed MPLS in their IPv4 backbone for various reasons MPLS can be used to facilitate IPv6 integration Multiple approaches for IPv6 over MPLS: IPv6 over L2TPv3 IPv6 over EoMPLS/AToM IPv6 CE-to-CE IPv6 over IPv4 tunnels IPv6 Provider Edge Router (6PE) over MPLS IPv6 VPN Provider Edge (6VPE) over MPLS Native IPv6 MPLS 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

18 6PE Overview Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

19 IPv6 Provider Edge Router (6PE) over MPLS 2001:DB8:: v6 ibgp (MBGP) Sessions v6 2003:1:: v4 Dual Stack IPv4-IPv6 Routers 6PE P P 6PE v6 2001:CAFE:: Dual Stack IPv4-IPv6 Routers 2001:F00D:: v6 v4 CE 6PE P IPv4 MPLS P 6PE v CE CE IPv6 global connectivity over and IPv4-MPLS core Transitioning mechanism for providing unicast IP PEs are updated to support dual stack/6pe IPv6 reachability exchanged among 6PEs via ibgp (MBGP) IPv6 packets transported from 6PE to 6PE inside MPLS 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

20 6PE Routing/Label Distribution IGPv6 or MP-BGP Advertising 2001:F00D:: 2001:DB8:: 6PE-1 6PE-2 Sends MP-iBGP Advertisement to 6PE-1 Which Says: 2001:F00D:: Is Reachable Via BGP Next Hop = (6PE-2) Bind BGP Label to 2001:F00D:: (*) IPv6 Next Hop Is an IPv4 Mapped IPv6 Address Built from IGPv4 Advertises Reachability of :F00D:: LDPv4 Binds Label to P1 LDPv4 Binds Label to P2 LDPv4 Binds Implicit-Null (i.e. Pop) to PE-2 IGPv6 or MP-BGP Advertising 2001:F00D:: 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 20

21 6PE Forwarding (6PE-1) 2001:DB8:: IPv6 Packet to 2001:F00D::1 6PE-1 IPv6 Forwarding and Label Imposition: 6PE-1 receives an IPv6 packet Lookup is done on IPv6 prefix Result is: Label binded by MP-BGP to 2001:F00D:: Label1 binded by LDP/IGPv4 to the IPv4 address of BGP next hop (6PE-2) 2001:F00D:: LDP/v4 Label1 to 6PE-2 MP-BGP Label IPv6 Packet 6PE-2 P1 P Cisco and/or its affiliates. All rights reserved. Cisco Public 21

22 6PE Forwarding (P1) 2001:DB8:: 6PE-1 IPv6-UNaware MPLS Label Switching: P1 receives an MPLS packet Lookup is done on Label1 Result is Label2 2001:F00D:: 6PE-2 P1 P2 LDP/v4 Label2 to 6PE-2 MP-BGP Label IPv6 Packet 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 22

23 6PE Forwarding (P2) 2001:DB8:: 6PE-1 IPv6-UNaware MPLS Label Switching: P2 receives an MPLS packet Lookup is done on Label2 Result includes Pop label (PHP), if used 2001:F00D:: 6PE-2 P1 P2 MP-BGP Label IPv6 Packet 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 23

24 6PE Forwarding (6PE-2) 2001:DB8:: 6PE-1 MPLS label forwarding: 6PE-2 receives an MPLS packet Lookup is done on label Result is: Pop label and do IPv6 lookup on v6 destination 2001:F00D:: 6PE-2 P1 P Cisco and/or its affiliates. All rights reserved. Cisco Public 24

25 6PE-1 Configuration ipv6 cef! mpls label protocol ldp! router bgp 100 no synchronization no bgp default ipv4 unicast neighbor 2001:DB8:1::1 remote-as neighbor remote-as 100 neighbor update-source Loopback0! address-family ipv6 neighbor activate neighbor send-label neighbor 2001:DB8:1::1 activate redistribute connected no synchronization exit-address-family 2001:DB8:: ibgp Session 6PE-1 6PE :DB8:1::1 Is the Local CE Is the Remote 6PE Send Labels Along with IPv6 Prefixes by Means of MP-BGP Note: Will Cause Session to Flap 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

26 6PE Show Output 6PE-1#show ip route Routing entry for /32 Known via "isis", distance 115, metric 20, type level-2 [snip] * , from , via FastEthernet1/0 Route metric is 20, traffic share count is 1 6PE-1#show ipv6 route B 2001:F00D::/64 [200/0] via ::FFFF: , IPv6-mpls 6PE-1#show ipv6 cef internal #hidden command.. OUTPUT TRUNCATED :F00D::/64, nexthop ::FFFF: fast tag rewrite with F0/1, , tags imposed {17 28} Other Useful Output: show bgp ipv6 neighbors show bgp ipv6 unicast show mpls forwarding #more on this later 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

27 6PE Benefits/Drawbacks Core network (Ps) untouched (no HW/SW upgrade, no configuration change) IPv6 traffic inherits MPLS benefits (wire-rate, fast re-route, TE, etc.) Incremental deployment possible (i.e., only upgrade the PE routers which have to provide IPv6 connectivity) Each site can be v4-only, v4vpn-only, v4+v6, v4vpn+v6 P routers won t be able to send ICMPv6 messages (TTL expired, traceroute) Cisco 6PE Documentation/Presentations: _data_sheet09186a008052edd3.html 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 27

28 Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 28

29 6VPE Deployment VPN BLUE v4 and v6 VPN ibgp (MBGP) Sessions v4 and v6 VPN VPN BLUE VPN YELLOW v6 Only 6VPE P P 6VPE VPN BLUE v4 and v6 VPN VPN YELLOW v6 Only 6VPE P P MPLS VPNs 6VPE v6 Only VPN YELLOW 6VPE ~ IPv6 + BGP-MPLS IPv4VPN + 6PE Cisco 6VPE is an implementation of RFC4659 VPNv6 address: Address including the 64 bits route distinguisher and the 128 bits IPv6 address MP-BGP VPNv6 address-family: AFI IPv6 (2), SAFI VPN (128) VPN IPv6 MP_REACH_NLRI With VPNv6 next-hop (192bits) and NLRI in the form of <length, IPv6-prefix, label> Encoding of the BGP next-hop 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 29

30 6VPE Example Design Addressing/Routing Enterprise IGP / :DB8:BEEF:1::/ / :DB8:BEEF:2::/64 Enterprise IGP CE1-BLUE Lo MP-iBGP Session PE1 Lo Lo Lo CE2-BLUE MP-eBGP P1 P2 PE2 MP-eBGP IPv4 2001:DB8:CAFE:1::1 1::2 IPv IPv IPv IPv IPv4 2001:DB8:CAFE:3::2 3::1 IPv Cisco and/or its affiliates. All rights reserved. Cisco Public 30

31 6VPE Configuration Example CE1-BLUE to PE1 Enterprise IGP CE1-BLUE / :DB8:BEEF:1::/64 PE1 ipv6 unicast-routing ipv6 cef! interface Ethernet0/0 description to PE1 ip address ipv6 address 2001:DB8:CAFE:1::1/64! interface Ethernet1/0 description to BLUE LAN ip address ipv6 address 2001:DB8:BEEF:1::1/64 ipv6 rip BLUE enable router bgp 500 bgp log-neighbor-changes no bgp default ipv4 unicast neighbor 2001:DB8:CAFE:1::2 remote-as 100 neighbor remote-as 100! address-family ipv4 redistribute connected redistribute eigrp 100 neighbor activate no auto-summary no synchronization exit-address-family! address-family ipv6 neighbor 2001:DB8:CAFE:1::2 activate redistribute connected redistribute rip BLUE no synchronization exit-address-family! ipv6 router rip BLUE redistribute bgp Cisco and/or its affiliates. All rights reserved. Cisco Public 31

32 6VPE Configuration Example PE1 Connections CE1-BLUE PE1 Standard MPLS configuration between PE-P Running IGP in the cloud (OSPF) P1 ipv6 unicast-routing ipv6 cef mpls ldp router-id Loopback0! interface Loopback0 ip address ! interface Ethernet0/0 description to CE1-BLUE vrf forwarding BLUE ip address ipv6 address 2001:DB8:CAFE:1::2/64! interface Ethernet2/0 description to P1 ip address mpls ip! router ospf 1 log-adjacency-changes redistribute connected subnets passive-interface Loopback0 network area Cisco and/or its affiliates. All rights reserved. Cisco Public 32

33 6VPE Configuration Example PE1 VRF Definitions VRF BLUE CE1-BLUE CE1-BLUE PE1 VRF BLUE (RD - 200:1) PE1/PE2 Will Hold CE1 Routes CE2 Routes vrf definition BLUE rd 200:1! route-target export 200:1 route-target import 200:1! address-family ipv4 exit-address-family! address-family ipv6 exit-address-family Migration commands available for VPNv4 to multi-protocol VRF (config)#vrf upgrade-cli multi-af-mode {common-policies non-common-policies} [vrf <name>] This command forces migration from old CLI for IPv4 VRF to new VRF multi-af CLI 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 33

34 6VPE Configuration Example PE1 BGP Setup VRF BLUE CE1-BLUE CAFE:1::1 MP-eBGP PE1 MP-iBGP Session PE router bgp 100 bgp log-neighbor-changes neighbor remote-as 100 neighbor update-source Loopback0! address-family ipv4 neighbor activate no auto-summary no synchronization exit-address-family! address-family vpnv4 neighbor activate neighbor send-community extended exit-address-family address-family vpnv6 neighbor activate neighbor send-community extended exit-address-family! address-family ipv4 vrf BLUE redistribute connected neighbor remote-as 500 neighbor activate no auto-summary no synchronization exit-address-family! address-family ipv6 vrf BLUE neighbor 2001:DB8:CAFE:1::1 remote-as 500 neighbor 2001:DB8:CAFE:1::1 activate redistribute connected no synchronization exit-address-family 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 34

35 6VPE Configuration Example P Connections P1 P2 mpls ldp router-id Loopback0! interface Loopback0 ip address ! interface Ethernet0/0 description to PE1 ip address mpls ip! interface Ethernet1/0 description to P2 ip address mpls ip! router ospf 1 log-adjacency-changes redistribute connected subnets passive-interface Loopback0 network area 0 mpls ldp router-id Loopback0! interface Loopback0 ip address ! interface Ethernet0/0 description to P1 ip address mpls ip! interface Ethernet1/0 description to PE2 ip address mpls ip! router ospf 1 log-adjacency-changes redistribute connected subnets passive-interface Loopback0 network area Cisco and/or its affiliates. All rights reserved. Cisco Public 35

36 VRF BLUE CE1-BLUE IPv6 Routing Tables CE1-CE2 Default Table BEEF:1::/ ::/64 PE1 Routing Table BLUE ce1-blue#show ipv6 route C 2001:DB8:BEEF:1::/64 [0/0] via Ethernet1/0, directly connected L 2001:DB8:BEEF:1::1/128 [0/0] via Ethernet1/0, receive B 2001:DB8:BEEF:2::/64 [20/0] via FE80::A8BB:CCFF:FE01:F600, Ethernet0/0 C 2001:DB8:CAFE:1::/64 [0/0] via Ethernet0/0, directly connected L 2001:DB8:CAFE:1::1/128 [0/0] via Ethernet0/0, receive B 2001:DB8:CAFE:3::/64 [20/0] via FE80::A8BB:CCFF:FE01:F600, Ethernet0/0 B 8888::/64 [20/0] via FE80::A8BB:CCFF:FE01:F600, Ethernet0/0 R 9999::/64 [120/2] via FE80::A8BB:CCFF:FE01:9000, Ethernet1/0 L FF00::/8 [0/0] via Null0, receive BGP Table MP-iBGP Tunnel Routing Table BLUE PE2 Default Table BEEF:2::/ ::/64 VRF BLUE CE2-BLUE ce2-blue#show ipv6 route B 2001:DB8:BEEF:1::/64 [20/0] via FE80::A8BB:CCFF:FE01:F901, Ethernet0/0 C 2001:DB8:BEEF:2::/64 [0/0] via Ethernet1/0, directly connected L 2001:DB8:BEEF:2::1/128 [0/0] via Ethernet1/0, receive B 2001:DB8:CAFE:1::/64 [20/0] via FE80::A8BB:CCFF:FE01:F901, Ethernet0/0 C 2001:DB8:CAFE:3::/64 [0/0] via Ethernet0/0, directly connected L 2001:DB8:CAFE:3::1/128 [0/0] via Ethernet0/0, receive R 8888::/64 [120/2] via FE80::A8BB:CCFF:FE02:5800, Ethernet1/0 B 9999::/64 [20/0] via FE80::A8BB:CCFF:FE01:F901, Ethernet0/0 L FF00::/8 [0/0] via Null0, receive 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 36

37 VRF BLUE CE1-BLUE IPv6 Routing Tables PE1-PE2 Default Table BEEF:1::/ ::/64 PE1 Routing Table BLUE pe1#show ipv6 route vrf BLUE B 2001:DB8:BEEF:1::/64 [20/0] via FE80::A8BB:CCFF:FE01:F400, Ethernet0/0 B 2001:DB8:BEEF:2::/64 [200/0] via %Default-IP-Routing-Table, indirectly connected C 2001:DB8:CAFE:1::/64 [0/0] via Ethernet0/0, directly connected L 2001:DB8:CAFE:1::2/128 [0/0] via Ethernet0/0, receive B 2001:DB8:CAFE:3::/64 [200/0] via %Default-IP-Routing-Table, indirectly connected B 8888::/64 [200/2] via %Default-IP-Routing-Table, indirectly connected B 9999::/64 [20/2] via FE80::A8BB:CCFF:FE01:F400, Ethernet0/0 L FF00::/8 [0/0] via Null0, receive BGP Table Routing Table BLUE PE2 Default Table BEEF:2::/ ::/64 MP-iBGP Tunnel pe2#show ipv6 route vrf BLUE VRF BLUE CE2-BLUE B 2001:DB8:BEEF:1::/64 [200/0] via %Default-IP-Routing-Table, indirectly connected B 2001:DB8:BEEF:2::/64 [20/0] via FE80::A8BB:CCFF:FE01:FA00, Ethernet1/0 B 2001:DB8:CAFE:1::/64 [200/0] via %Default-IP-Routing-Table, indirectly connected C 2001:DB8:CAFE:3::/64 [0/0] via Ethernet1/0, directly connected L 2001:DB8:CAFE:3::2/128 [0/0] via Ethernet1/0, receive B 8888::/64 [20/2] via FE80::A8BB:CCFF:FE01:FA00, Ethernet1/0 B 9999::/64 [200/2] via %Default-IP-Routing-Table, indirectly connected L FF00::/8 [0/0] via Null0, receive 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 37

38 IPv6 Routing Tables PE1 BGP Next-Hop VRF BLUE CE1-BLUE Default Table BEEF:1::/ ::/64 PE1 Routing Table BLUE BGP Table MP-iBGP Tunnel Routing Table BLUE PE2 Default Table BEEF:2::/ ::/64 VRF BLUE CE2-BLUE pe1#show bgp vpnv6 unicast all #OUTPUT SHORTENED FOR CLARITY Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 200:1 (default for vrf BLUE) *> 2001:DB8:BEEF:1::/ :DB8:CAFE:1:: ? *>i2001:db8:beef:2::/64 ::FFFF: ? *>i2001:db8:cafe:3::/64 ::FFFF: ? *>i8888::/64 ::FFFF: ? *> 9999::/ :DB8:CAFE:1:: ? IPv4-Mapped IPv6 Address (IPv4-Based LSP Setup) 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 38

39 MPLS Forwarding PE1 VRF BLUE CE1-BLUE Default Table BEEF:1::/ ::/64 PE1 MP-iBGP Tunnel PE2 VRF BLUE CE2-BLUE pe1#show mpls forwarding Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 Pop Label /30 0 Et2/ /30 0 Et2/ Pop Label /32 0 Et2/ /32 0 Et2/ /32 0 Et2/ No Label /24[V] 0 Et0/ Aggregate /24[V] 570 BLUE 25 No Label 2001:DB8:BEEF:1::/64[V] \ 570 Et0/0 FE80::A8BB:CCFF:FE01:F Aggregate 2001:DB8:CAFE:1::/64[V] \ BLUE 27 No Label 9999::/64[V] 570 Et0/0 FE80::A8BB:CCFF:FE01:F Cisco and/or its affiliates. All rights reserved. Cisco Public 39

40 A Look at Forwarding 2001:DB8:BEEF:1::1 Lo CE1-BLUE PE1 Lo Lo Lo CE2-BLUE IPv4 P IPv4 pe1#show mpls forwarding Local Outgoing Prefix Outgoing Next Hop Label Label interface 25 No Label 2001:DB8:BEEF:1::/64 Et0/0 FE80::A8BB:CCFF:FE01:F400 p1#show mpls forwarding Local Outgoing Prefix Outgoing Next Hop Label Label interface 17 Pop Label /32 Et0/ p2#show mpls forwarding Local Outgoing Prefix Outgoing Next Hop Label Label interface /32 Et0/ pe2#sh ipv6 cef vrf BLUE 2001:DB8:BEEF:1::/64 nexthop Ethernet0/0 label P IPv4 PE Cisco and/or its affiliates. All rights reserved. Cisco Public 40

41 6VPE Summary RFC4659: BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN 6VPE simply adds IPv6 support to current IPv4 MPLS VPN offering For end-users: v6-vpn is same as v4-vpn services (QoS, hub and spoke, internet access, etc.) For operators: Same configuration operation for v4 and v6 VPN No upgrade of IPv4/MPLS core (IPv6 unaware) Cisco 6VPE Documentation: nter/5.2/mpls_vpn/user/guide/ipv6.html 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 41

42 Service Provider: Access Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 42

43 IPv6 Deployment Options ACCESS IPv6 in IPv4 Access Environments IPv4 Translation (NAT444) IPv6 Integration Dual-Stack IPv4 and IPv6 Dual-Stack with Tunneling IPv6-Only to IPv4-Only Translation IPv6 Provisioning DOCSIS 3.0 IPv6 Reference Architecture 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 43

44 Cisco IOS IPv6 Broadband Access Solutions Layer 2 Encapsulations Dial PSTN NAS IPv4/IPv6 Firewall PIX, Cisco IOS FW ISP A Internet DSL DSLAM BAS Enterprise Cable Access Ethernet Si Mobile DOCSIS 3.0 RAN Head-End IPv6 Prefix Pools IPv6 RADIUS (Cisco VSA and RFC 3162) DHCPv6 Prefix Delegation Stateless DHCPv6 DHCPv6 Relay Generic Prefix Distributed Computing (GRID) Video IPv6 Multicast ATM RFC 1483 Routed or Bridged (RBE) PPP, PPPoA, PPPoE, Cable, CGNv6, 6rd, ds-lite, etc. Dual-Stack or MPLS (6PE/6VPE) Core IPv4/IPv Cisco and/or its affiliates. All rights reserved. Cisco Public 44

45 IPv4 Translation (NAT444) Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 45

46 Public IPv4 Exhaustion with NAT444 Solution Residential Access Aggregation Edge Core IP/MPLS NAT44 CGN NAT44 NAT44 Private IPv4 (Subs.) Private IPv4 (SP Assigned domain) Public IPv4 When Subscriber uses NAT44 (i.e. IPv4 NAT) in addition to the SP using CGN with NAT44 within its network CGN NAT44 multiplexes several customers onto the same public IPv4 address CGN performance and capabilities should be analyzed in planning phase Short-term solution to public IPv4 exhaustion issues without any changes on RG and SP Access/Aggregation/Edge infrastructure Long-term solution is to have IPv6 deployed 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 46

47 Dual-Stack IPv4 and IPv6 Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 47

48 PPP Model (WT-187) Dual PPP Session with Dual-stack IPv4/IPv6 Residential Access Aggregation Edge Core IP/MPLS IP v 6oP P P IP v 4oP P P I P v 6 o P P P I P v 4 o P P P BNG Native Dual-Stack IPv4/IPv6 service on RG LAN side NO changes in existing Access/Aggregation Infrastructure One PPP session per Address Family (IPv4 or IPv6) As an option IPv6 PPP session from Host and bridged (PPPoE) on RG Double amount of selected BNG resources (states, Subscriber plane, memory) IPCPv6 for Link-Local address SLAAC or DHCPv6 for Global address 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 48

49 PPP Model (WT-187) Single PPP Session with Dual-Stack IPv4/IPv6 Residential Access Aggregation Edge Core IP/MPLS IP v 4 v 6oP P P BNG I P v 4 v 6 o P P P Native Dual-Stack IPv4/IPv6 service on RG LAN side NO changes in existing Access/Aggregation Infrastructure Dual-stack IPv6 and IPv4 supported over a shared PPP session with IPv4 and IPv6 NCPs running as ships in the night. Limited impact on PPP control plane Limited impact on BNG data plane IPCPv6 for Link-Local address SLAAC or DHCPv6 for Global address 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 49

50 IPv6oE Model (WT-177) IPv6 over Ethernet with 1:1 VLAN Access Node BNG Customer 1 1:1 VLANs Customer Q, 802.1ad IPv6oE with 1:1 VLANs vs PPPoE - What s different? Line-identifier used for 1:1 VLAN mapping= (S-TAG, C-TAG) At L2 IPv6oE with 1:1 VLANs does resemble PPPoE Effectively point-point broadcast domain does not require any special L2 forwarding constraints on Access Node SLAAC and Router Discovery work the same However 1:1 VLANs and IPoE do require some extra BNG functionality Neighbour Discovery needs to be run (along with some security limits) 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 50

51 IPv6oE Model (WT-177) IPv6 over Ethernet with N:1 VLAN Access Node BNG Customer 1 Customer 2 N:1 VLANs 802.1Q, Requires changes in existing Access Node Security requirements: IPv6 anti-spoofing, RA snooping, DHCPv6 snooping (etc.) Multicast requirements: MLDv2, MLDv2 snooping Subscriber line identification VLAN no longer provides a unique subscriber line identifier Lightweight DHCP Relay Agent on the Access Node to convey subscriber line-identifier N:1 challenges due to NBMA nature Risk of duplicate LL address if shared IPv6 subnet between RGW and BNG (proxy DAD) 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 51

52 Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 52

53 IPv6 over Tunnel IPv6 over L2TP softwire Residential Access Aggregation Edge Core IP/MPLS IPv4 BNG IPv6 LNS IPv4oPPPoE or IPv4oE IPv6oPPPoL2TPv2 Dual-Stack IPv4/IPv6 service on RG LAN side PPPoE or IPv4oE Termination on IPv4-only BNG L2TPv2 softwire between RG and IPv6-dedicated LNS Stateful architecture on LNS, offers dynamic control and granular accounting of IPv6 traffic Limited investment & impact on existing infrastructure 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 53

54 IPv6 over Tunnel IPv6 over IPv4 via 6rd (RFCXXX) Residential Access Aggregation Edge Core 6rd CE IP/MPLS 6rd BR 6rd CE 6rd BR IPv4/v6 IPv4 IPv4/v6 Introduction of two Components: 6rd CE (Customer Edge) and 6rd BR (Border Relay) Automatic Prefix Delegation on 6rd CE Simple, stateless, automatic IPv6-in-IPv4 encap and decap functions on 6rd (CE & BR) IPv6 traffic automatically follows IPv4 Routing 6rd BRs addressed with IPv4 anycast for load-balancing and resiliency Limited investment & impact on existing infrastructure draft-ietf-softwire-ipv6-6rd-10.txt (RFC Soon) 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 54

55 3 Key Components of 6rd IPv6 Prefix Delegation Derived from IPv4 No need for DHCPv6 on 6rd CE WAN interface No need for DHCPv6 server in the network Supports Global IPv4 or NATed IPv4 in same deployment Stateless Mapping and Encapsulation of IPv6 over IPv4 (RFC4213) IPv4 encapsulation automatically determined from each packet s IPv6 destination No per-subscriber tunnel state or provisioning, hence single dimension scaling (data-plane) on 6rd BR IPv4 Anycast to Reach BR Simplify network 6rd BR placement, load-balancing and/or redundancy across multiple 6rd BRs 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 55

56 IPv4 via IPv6 using Dual-Stack Lite (w/nat44) Residential Access Aggregation Edge Core IP/MPLS B4 AFTR B4 IPv4/v6 IPv6 Access, Aggregation, Edge and Core migrated to IPv6. NMS/OSS and network services migrated to IPv6 as well (DNS, DHCP) IPv4 Internet service still available and overlaid on top of IPv6-only network. Introduction of two Components: B4 and AFTR (Address Family Translation Router) B4 typically sits in the RG AFTR is located in the Core infrastructure Assumption: IPv4 has been phased out, IPv6 only Access/aggregation network 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 56

57 IPv6-Only to IPv4-Only Translation Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 57

58 Connecting IPv4-only with IPv6-only: AFT64 Residential Access Aggregation Edge Core IP/MPLS NAT64 DNS64 Public IPv4 Internet IPv4 Datacenter IPv6 ONLY connectivity IPv4 ONLY AFT64 technology is only applicable in case where there are IPv6 only end-points that need to talk to IPv4 only end-points (AFT64 for going from IPv6 to IPv4) AFT64:= stateful v6 to v4 translation or stateless translation, ALG still required Key components includes NAT64 and DNS64 Assumption: Network infrastructure and services have fully transitioned to IPv6 and IPv4 has been phased out 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 58

59 DOCSIS 3.0 IPv6 Reference Architecture Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 59

60 Drivers for IPv6 in Cable Use IPv6 for managing large number of devices Exponential growth in number of IP devices connected to CMTS Cable MSOs in the US would like to use IPv6 to manage CM/MTA Currently RFC1918 addresses assigned to CM for management RFC 1918 provides 16 million 10.net addresses, plus: 1M addresses under /12 65K addresses under /16 Moreover, address utilization efficiency for large numbers decreases with topology hierarchies* 6.5M addresses for 4M CMs Only 61.5% efficient use Density of only 9.8M CMs exhausts all 16M RFC1918 addresses *See HD Ratio, RFC1715 and RFC Cisco and/or its affiliates. All rights reserved. Cisco Public 60