Best Practices for Deploying Ipv6 Over Broadband Access
Total Page:16
File Type:pdf, Size:1020Kb
WHITE PAPER Best Practices for Deploying IPv6 over Broadband Access www.ixiacom.com 915-0123-01 Rev. D, January 2016 2 Table of Contents Introduction ................................................................................................. 4 IPv6 Solutions for Broadband Access......................................................... 4 Translation ................................................................................................... 5 Tunneling ..................................................................................................... 5 Dual-Stack Lite (DS-Lite) ............................................................................ 5 IPv6 Rapid Deployment (6rd) ...................................................................... 6 Dual-Stack ................................................................................................... 8 How Dual-Stack PPP works ....................................................................... 8 Test Requirements ....................................................................................... 9 Testing Tunneling ......................................................................................... 9 Testing Dual-Stack PPP ............................................................................. 11 Conclusion ..................................................................................................12 3 Introduction Service Providers: The IPv6 Bell Tolls for Thee! After more than a decade of forewarning, the IPv4 to IPv6 transition has finally reached critical mass. On February 1, 2011, the Internet Assigned Numbers Authority (IANA) allocated the last freely-available block of IPv4 addresses. At the same time, the number of users and “endpoints” requiring Internet access, and thus a unique IP address, continues to explode. With broadband deployments achieving global exponential growth, next-generation wireless rollouts on the horizon, and smart-phone use escalating, it is expected that there will be an increase of 5 billion unique endpoints between 2010 and 2015. Service providers are challenged to prepare their networks for the influx of IPv6 addresses. As exemplified by Google’s support of IPv6 on its search, news, docs, maps, and YouTube, the Internet is already rich with IPv6 content and services; but IPv4 won’t just vanish as IPv6 comes on board. This creates a challenging situation for service providers, who must upgrade their network infrastructures to handle IPv4 and IPv6 co-existence. While network cores are well-equipped to handle both IPv4 and IPv6, broadband access After more than networks are not. IPv4 and IPv6 co-existence stresses the underlying network systems, a decade of which can introduce latency, degrade network responsiveness, and compromise service- level agreements (SLAs). The biggest transition concern is its impact on customers – will forewarning, introducing IPv6 endpoints, forwarding tables, and services affect connectivity speed, the IPv4 to IPv6 service quality, and network reliability? transition has finally With fierce industry competitiveness over customer retention, service providers need reached critical assurance of a seamless IPv6 transition – at least from the customer perspective. To proactively address customer-impacting problems, service providers need a quick and mass. On February reliable test solution that enables them to predict the effect of the IPv6 transition on their 1, 2011, the Internet broadband access network. Assigned Numbers IPv6 Solutions for Broadband Access Authority (IANA) allocated the last An abrupt transition of the legacy IPv4 infrastructure to IPv6 is not practical because most Internet services are still based on IPv4 and many customers still run operating freely-available systems that do not fully support IPv6. Service providers must support both IPv4 and IPv6 block of IPv4 endpoints and services to guarantee the quality of service (QoS) defined in their SLAs. addresses. There are different methods used to achieve this goal across broadband access networks including: • Translation • Tunneling (includes dual-stack lite and IPv6 rapid deployment) • Dual-stack 4 Translation The easiest way to conserve the depleting IPv4 address space is to use translation so that the outward-facing interface uses a public interface while the private network uses IP addresses that are not routed on the Internet. However, the known performance and scalability issues compel most service providers to deploy either tunneling or dual-stack transition mechanisms in broadband access networks. Tunneling Tunneling mechanisms are used to tunnel IPv6 island traffic over IPv4 networks and vice versa. The two tunneling schemes currently receiving significant industry attention are: • Dual-stack Lite • IPv6 rapid deployment Dual-Stack Lite (DS-Lite) While service While service providers aim to capitalize on the benefits of quickly embracing IPv6, they providers aim to must also contain the costs of doing so and ensure uninterrupted IPv4 support. With DS-Lite, broadband service providers handle IPv4 addresses using IP in IP (IPv4-in- capitalize on the IPv6) tunneling and Network Address Translation (NAT). DS-Lite simplifies the IPv4/IPv6 benefits of quickly transition by de-coupling IPv6 deployment in the service provider network from the rest of the Internet. embracing IPv6, they must also How DS-Lite works contain the costs of DS-Lite uses IPv6-only links between the provider and the customer. The DS-Lite home doing so and ensure gateway is provisioned with an IPv6 address on its WAN interface. At the LAN-side interface, it operates its own DHCPv4 server, handing out RFC1918 private addresses to uninterrupted IPv4 home devices. There is no NAT service on the customer premise equipment (CPE) device, support. such as a home gateway. The NAT service is located on a carrier-grade NAT device in the provider’s network, which is also a tunnel terminator for the Pv4-in-IPv6 tunnel. The IPv4 packet from the home device to an external destination is encapsulated in an IPv6 packet by the DS-Lite home gateway and transported into the provider network. The packet is decapsulated at the carrier-grade NAT device (CGN), also referred to as an Address Family Translation Router (AFTR) and NAT44 is performed to map the home device’s private IPv4 address to a public IPv4 address. The IPv6 tunnel source address is added to the NAT table, along with an IPv4 source address and port, to both disambiguate the customer private address and provide the reference for the tunnel endpoint. If a home device needs to access an IPv6 service, it is transported “as-is” and routed to an Internet server. With DS-Lite technology, the communications between end-nodes stay within their address family without requiring protocol family translation. If a home device needs to access an IPv6 service, it is transported “as-is” and routed to an Internet server. 5 CGN/AFTR: • Builds NAT table (maps IPv4/IPv6) • Terminates IPv4-in-IPv6 tunnel • Encapsulates IPv4 packet in IPv6 tunnel DS-Lite Home Gateway: • Uses IPv6 address WAN interfaces • Operates DHCPv4 server on LAN interfaces • Encapsulates IPv4 packet in IPv6 going to network To quickly offer • Decapsulates IPv6 packet coming from network end-to-end IPv6 service, providers Figure 1: How DS-Lite Works use 6rd to There are multiple advantages of DS-Lite over using NAT cascading: encapsulate IPv6 Tunneling IPv4 over IPv6 is far simpler than translation so it performs much better than traffic in IPv4 NAT464. headers, and tunnel The deployment of IPv6 in the service provider network is decoupled and independent of home users’ IPv6 the customers migrating to IPv6. If customer equipment is IPv6-aware, the packets simply traffic through follow the IPv6 routing to reach the destination, and no tunneling is performed. the IPv4 network Increased traffic load is handled by adding more AFTR elements in the service provider to IPv6 internet network, providing flexibility to adapt to changing traffic load. service. IPv6 Rapid Deployment (6rd) In order to quickly offer end-to-end IPv6 service, providers use 6rd to encapsulate IPv6 traffic in IPv4 headers, and tunnel home users’ IPv6 traffic through the IPv4 network to IPv6 internet service. This tunnel is terminated by an edge router on the service provider network and native IPv6 packets are then transmitted to the IPv6-capable Internet. This allows for rapid introduction of IPv6 services in provider networks as they transition from IPv4 to IPv6. This approach minimizes deployment costs because it only requires upgrades to the routers at the customer edge (CE routers) to support 6rd and additional border routers (BR) that terminate the tunnel. The service provider can operate one or several BRs at its border between its IPv4 infrastructure and the IPv6 Internet depending on the number of IPv6 hosts it has to support and the capacity of a single BR. How 6rd works 6rd relies on IPv4 and is designed to deliver production-quality IPv6 alongside IPv4 with as little change to IPv4 networking and operation as possible.A 6rd domain consists of: 6 • 6rd CE routers, also referred to as Residential Gateways (RGs) or Customer Premises Equipment (CPE). A 6rd CE router functions as a customer edge in a 6rd deployment and is the initiator of the 6rd tunnel • One or more 6rd BRs. A 6rd-enabled router is managed by the service provider at the edge of a 6rd domain. The BR terminates the IPv4 tunnel and transmits native IPv6 into the IPv6 network. 6rd CPE: • Encapsulates