Using 464XLAT in Residential Networks - RIPE 74 · 2017-05-11 · Using 464XLAT in Residential...
Transcript of Using 464XLAT in Residential Networks - RIPE 74 · 2017-05-11 · Using 464XLAT in Residential...
- 2
Do you know …
• We already run out of IPv4?
• How you keep deploying Internet access to your residential customers?
• Are you using IPv4 to deploy IPv6?– such as tunnel broker, 6RD and so?
- 3
Once upon a time …• IETF was considering to solve this problem by
more tunneling …
• So we build up softwires, which decided to use L2TP, so we could do– IPv6 in IPv4, IPv4 in IPv6– (as well IPv4 in IPv4 and IPv6 in IPv6 for multicast in
unicast)
• As a result we have, among others:– DS-Lite– Carrier Grade NAT (AFTR)– lw4o6
- 4
NAT444
NAT
InternetIPv4
ISP network
AFTR
10.0.0.x/24
AFTR
NAT
10.0.0.x/24
v4 v4 v4 v4/v6
InternetIPv6
“plain” IPv6Private IPv4192.168.1.x
NAT44 Level 1
NAT44 Level 2
Public IPv4
- 5
DS-Lite
CPE (B4)
InternetIPv4
ISP network
AFTR
10.0.0.x/24
AFTR
CPE (B4)
10.0.0.x/24
v4 v4 v4 v4/v6
InternetIPv6
“plain” IPv6IPv6-only
access
IPv4-in-IPv6tunnel
NAT44 Level 1
Public IPv4
- 6
lw4o6
CPE (lwB4)
InternetIPv4
ISP network
lwAFTR
10.0.0.x/24
lwAFTR
CPE (lwB4)
10.0.0.x/24
v4 v4 v4 v4/v6
InternetIPv6
“plain” IPv6IPv6-only
access
IPv4-in-IPv6 tunnel
NAT44 Level 1
Public IPv4
- 7
Tunnels per subscribers• DS-Lite/lw4o6
…
…
AFTR
BNG routes: Thousands
Subscribers: Millions
IGP prefixes: Hundreds
Tunnels: Millions
BGP prefixes: Tens
- 8
CGN breaks …• UPnP-IGD (Universal Plug & Play - Internet Gateway
Device protocol)• NAT-PMP (NAT Port Mapping Protocol)• Other NAT Traversal mechs• Security• AJAX (Asyncronous Javascript And XML)• FTP (big files)• BitTorrent/Limewire (seeding – uploading)• On-line gaming• Video streaming (Netflix, Hulu, …)• IP cameras• Tunnels, VPN, IPsec, ...• VoIP• Port forwarding• ...
- 9
NAT64
CPE
InternetIPv4
ISP network
NAT64
10.0.0.x/24
NAT64
CPE
10.0.0.x/24
v4 v4 v4 v4/v6
InternetIPv6
”plain” IPv6IPv6-only
access
Public IPv4
DNS64NAT64
- 10
NAT64 breaks …App Name Functionality Version 464XLAT
Fixedconnection tracker Broken NA NADoubleTwist Broken 1.6.3 YESGo SMS Pro Broken NA YESGoogle Talk Broken 4.1.2 YESGoogle+ Broken 3.3.1 YESIP Track Broken NA NALast.fm Broken NA YESNetflix Broken NA YESooVoo Broken NA YES
Pirates of the Caribean Broken NA YESScrabble Free Broken 1.12.57 YESSkype Broken 3.2.0.6673 YESSpotify Broken NA YESTango Broken NA YESTexas Poker Broken NA YESTiKL Broken 2.7 YESTiny Towers Broken NA YESTrillian Broken NA YES
TurboxTax Taxcaster Broken NAVoxer Walkie Talkie Broken NA YESWatch ESPN Broken 1.3.1Zynga Poker Broken NA YESXabber XMPP Broken NA
*T-Mobile
- 11
464XLAT• 464XLAT (RFC6877): RFC6145 + RFC6146• Very efficient use of scarce IPv4 resources
– N*64.000 flows per each IPv4 address– Network growth not tied to IPv4 availability
• IPv4 basic service to customers over an-IPv6 only infrastructure– WORKS with applications that use socket APIs and literal IPv4
addresses (Skype, etc.)• Allows traffic engineering
– Without deep packet inspection• Easy to deploy and available
– Commercial solutions and open source
- 12
464XLAT
CPE CLAT
InternetIPv4
ISP network
NAT64PLAT
10.0.0.x/24
NAT64PLAT
CPE CLAT
10.0.0.x/24
v4 v4 v4 v4/v6
InternetIPv6
“plain” IPv6IPv6-only
access
NAT46
Public IPv4
DNS64NAT64
- 13
How it works 464XLAT?
CLAT PLATISP+
IPv6 Internet
Public IPv4Private IPv4
IPv4 Internet
IPv4+
IPv6
IPv4
IPv6
IPv6
IPv6Stateless (4->6)
[RFC6145]Stateful (6->4)
[RFC6146]
CLAT: Customer side translator (XLAT)PLAT: Provider side translator (XLAT)
IPv4
IPv6
- 14
Possible “app” cases
ISP IPv6-only IPv6-only Internet464XLAT
ISP IPv6-only IPv4-only Internet464XLAT
PLATDNS64/NAT64
ISP IPv6-only IPv4-only Internet464XLAT
PLAT6->4
CLAT4->6
- 15
Multiservice Network
…
…
464XLAT
PLATDNS64/NAT64
…
Cellular network
Residential network
Corporate network
- 18
464XLAT deployment• NAT64:
– A10– Cisco– F5– Juniper– NEC– Huawei– Jool, Tayga, Ecdsys, Linux, OpenBSD, …
• CLAT– Android– Nokia– Windows phone– NEC– OpenWRT
• Commercial deployments:– T-Mobile US: +68 Millions of users– Orange– Telstra– SK Telecom– …– Big trials in several ISPs (thousands of users)
- 19
Performance
*FaceBook data(17/3/2015)
US Mobile Performance – Dual Stack Provider iOS
v6
v4 30%
• iPhone 6 on LTE only • No Instrumentation of the client • Examining Client Last Byte Time • Time it takes for the device to read the
response • Read all the data for a newsfeed
Time of HTTP GET completion
US Mobile Performance – Dual Stack Provider Android
v6
v4 40%
• Android 4/5 • Galaxy S5 on LTE only • No Instrumentation of the client • Examining Client Last Byte Time • Time it takes for the device to read the
response • Read all the data for a newsfeed
Time of HTTP GET completion
US Mobile Performance – Dual Stack Provider iOS
v6
v4 40%
• iPhone 6 • Client instrumentation • No A/B testing • Mobile Proxygen • Examining Total Request Time • Similar to Client Last Byte Time
Total Request Time
- 20
Update of RFC7084• Basic Requirements for IPv6 Customer Edge Routers
– Originally include support only for 6RD and DS-LITE– Being updated to include support for 464XLAT, MAP T/E, lw4o6, …
• https://tools.ietf.org/html/draft-ietf-v6ops-rfc7084-bis