121-Ripe 20 Dollar Cgn

Real, Relevant, Surprising and Fresh: Cisco Brand (animated)

Run your next CGN on a $20 OpenWRTAndrew Yourtchenko@ayourtch

Cisco Public# 2013 Cisco and/or its affiliates. All rights reserved.

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#What is this talk about ?Therere plenty of interesting technologies emergingLets pick MAP: a sustainable life-support for IPv4Not all of them are on the shelves yetThere are some CPE vendors working on it, but I want one *now*Practical steps to make your own CPE for experimental purposes

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Post-IPv4 SP technologies


2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#WARNING: IPv6-only ahead !Requires IPv6 in productionpost-IPv4: IPv4 as a service

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#

Dual Stack Lite (DS-Lite)

SubscribersProvidersInternet

IPv6

IPv6IPv6IPv4Private IPv4Private IPv4

IPv6Private IPv4

IPv6IPv4 in IPv6 TunnelIPv4 in IPv6 Tunnel

IPv6

IPv6

IPv6-only

AFTR



IPv6


IPv6Private IPv4

IPv6IPv4 in IPv6 TunnelIPv4 in IPv6 Tunnel

IPv6

IPv6

IPv6-only

AFTRLightweight 4 over 6 (also Public 4over6)


6

10 000s hostroutes per BNG 100s IGP prefixes10s BGP prefixes1 000 000s of subscribers

:

DS-Lite/LW46/Public 4over6 Per-subscriber tunnels1 000 000s of DS-Lite or LW46 Tunnel endpoints

AFTR


7

1 000 000s of subscribers:10s of MAP Rules and no CGN

10 000s hostroutes per BNG 100s IGP prefixes10s BGP prefixesMAP Exploits Aggregation in IPv6 Routing


8


IPv6


IPv6Private IPv4IPv6IPv4 i IPv6 Tunnel

IPv6

IPv6

IPv6-only

Mapping Address + Port (MAP)

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Stateless Address Sharing With MAPA public IPv4 address: (32 MAP IPv4 prefix len) = p bitsPSID: Port Set ID: q bitsp + q = DHCPv6-PD (user) pref.len. MAP Rule IPv6 pref. len


IPv6 Delegated Prefix (e.g., /56)

IPv4 AddressPort

Interface IDSubnet-ID 64 (fixed) EA Bits56-42 = 1401010101 111000/562001:0DB8:00 /42Mapping Domain PrefixSize = 42 bits (provisioned)042 > 0XXXX126061610-6 = 4130.67.1 /24IPv4 Prefix 24 bits (provisioned)024+01010101111000

IPv4 Suffix32-24 = 814-8 = 6Port Set ID3226=64 port setsper IPv4 AddressPorts 0-1023 skipped, each CPE gets 216/26 - 24 = 1008 portsFor this Example+One IPv4 /24 serves 2(6+8) 16,384 (vs.256) subscribersStateless Address Sharing: Example


http://6lab.cisco.com/map


IPv4IPv6TransportLinkIPv4TransportLinkIPv4TransportLinkIPv6TransportLinkORIPv4

Native IPv6 InfrastructureCE

BR

MAPMAP

MAP-EMAP-TEncapsulation or Translation Boils down to 20 bytes

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Standardizing MAP in the IETF

MAP-E will be a Standards Track RFChttp://tools.ietf.org/html/draft-ietf-softwire-map-07MAP-T, 4rd, etc. will be Experimental or Informationalhttp://tools.ietf.org/html/draft-ietf-softwire-map-t-01LW46/Pubilc4over6 can be viewed as special cases of MAP Goal: One unified standard for CPE vendorsStretch Goal: One unified standard for BR/AFTR vendors


14

Running code


2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#MAP testing by NIC.brThe working applications had no need of a special configuration to work.Most of the applications work OKFTP active mode does not work. (But, its 2013)More info:http://tools.ietf.org/html/draft-cordeiro-experience-mapt-testing-00


IPv6 MAP Testing at Multi-Vendor Interoperability Test Event 2013European Advanced Networking Test Center

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Mapping of Address and Port (MAP)IPv6 TestsStateless counterpart to DS-LiteDesigned to be used without Carrier-Grade NATCisco ASR1000, ASR9000 and Cernet (CPE) participatedSuccessfully tested:Mapping of Address and Port with Encapsulation (MAP-E)Mapping of Address and Port using Translation (MAP-T)


MAP on ASR 9KMAP does not route traffic through the ISM Blade, yielding line rate performance. Using A9K-24x10G line cards = 240 Gbps per slot!7 x 240 = 1.68 Tbps on a 9010 chassis.DS-Lite routes traffic through the ISM Blade14Gbps per slot

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#CPE code: http://github.com/cernet/MAP

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#DIY CPE: How To


2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#E or T ?http://tools.ietf.org/html/draft-ietf-softwire-mapStandards TrackRunning code on ASR9khttp://tools.ietf.org/html/draft-ietf-softwire-map-tExperimental TrackRunning code on ASR9k, ASR1kMy deciding factor: the size of the box. Also, I like NATs. T.

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Your own CPE: OpenWRTGreat platform supportWell documentedOpen Source

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#My own CPE: the hardware (TP-Link)X86 VMThe cheapestTL-WR703NThe smallestTL-MR3020Feels more polishedTL-WR1043NDPoC platform of choiceTL-WDR4300The luxury CPE.

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Getting your build environmentUbuntu 12.04 Server install with all-defaultsIn a VM => easy to rollbacksudo apt-get updatesudo apt-get upgradesudo apt-get install build-essential subversion git-core libncurses5-dev sudo apt-get install zlib1g-dev gawk flex quilt libssl-dev unzipsudo apt-get install xsltproc libxml-parser-perl

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Check out the trunk: bleeding edgegit clone git://git.openwrt.org/openwrt.git

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Update and add all the packagescd openwrt./scripts/feeds update -a./scripts/feeds install -a

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Configure your CPE a la carte!make menuconfig

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Run make: Take a break!make

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#But, what about MAP ?


2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Several packages existASAMAP (kernel patches)http://enog.jp/~masakazu/vyatta/map/CERNET MAP (kernel module)https://github.com/cernet/MAP

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#CERNET MAP manual provisioningivictl -s -i br-lan -I wan0 -H -a 192.168.1.1/24 -A 1.1.1.1/32 -P 2001:6f8:147e:1000::/52 -R 16 -z 4 -o 14 -c 1234 -Tivictl -r -d -P 2610:d0:1208:cafe::/64 T

(does it look complicated to you too ?)

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Theres got to be a better way!IETF draft - draft-ietf-softwire-map-dhcp-03A new MAP DHCPv6 optionRule optionDMR optionMAP Port Parameters

*static* value, the same across the entire MAP domainLets do some coding!

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Odhcp6c custom scriptingStarts /etc/odhcp6c.user on addressing changesPreset environment variablesAllocated prefixesDHCPv6 options requested

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#First implementation in shell~1 day to write Works Problem: way too slowNeed a rewrite!

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Lets do it in Chttps://github.com/ayourtch/mdpc

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#DHCPv6 interactionodhcp6codhcp6c.usermdpcivictl

Not in standard image

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Adding your stuff todefault image


2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Packages and feedsPackageAn OpenWRT-specific abstractionDescribes- building process- name and place in the menuconfig menu- dependencies to enableVery flexible retrieval mechanism (git, tarball, http, etc.)FeedA collection of packagesSimple way to add functionalityOnly one-line edit needed for the source!

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Openwrt-map: experimental feedhttps://github.com/ayourtch/openwrt-mapAdds CERNET MAP packageAdds MDPC packageTested on Barrier Breaker (trunk in October 2013)


MAP-T example demo configuration

IPv6IPv6IPv4Private IPv4IPv6Private IPv4IPv6

IPv6

IPv6-only

nat64 map-t domain 1 default-mapping-rule 2610:D0:1208:CAFE::/64 basic-mapping-rule ipv6-prefix 2001:6F8:147E:1000::/52 ipv4-prefix 153.16.17.83/32 port-parameters share-ratio 16

2001:6F8:147E:1F00::/56DHCPv6 MAP option(*)

DHCPv6


41

How to construct the DHCPv6 option ?

https://github.com/ayourtch/mdpc/blob/master/html/provision-03.html

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#End result: DHCPv6-provisioned MAP CPEDIY demo: http://tinyurl.com/map-cpe

(links to http://www.youtube.com/watch?v=UQUK5nnqilA)

2013 Cisco and/or its affiliates. All rights reserved.Cisco Public#Summary

NATs are good! MAPs are good!Theres a MAP CPE ready for your experiments todayMy home office connects through a MAP-T CPE and CSR1000V BRAsk your CPE supplier for the production-grade codeThis model is replicable for other technologiesAllows to evaluate the new tech w/o waiting for the vendorsThe code they ship can contain lessons from early iterations


Thank you.


121-Ripe 20 Dollar Cgn

Documents

Transcript of 121-Ripe 20 Dollar Cgn