Transicao IPv6 - IXbr - SaoPaulo

Fórum Regional lX.
br - SP
Como ir do IPv4 para o IPv6, passando
Access
pelo Platforms
CGNAT e NAT64. Update
Service Provider Infrastructure Group
Adalberto Lins
Fabio Marques
[email protected]
Date: November 2016
Cisco Confidential
Março de 2019
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential !2
Perguntas
1. Esse assunto é relevante para vocês?
2. Tem IPv4 válido sobrando para atender? SEM CGNAT
3. Quem esta fazendo CGNAT?
4. Você se sente a vontade para experimentar e implementar IPv6?
5. Quem já esta fazendo peering e recebendo IPV6 na Borda BGP?
6. Quem já tem IPv6 implementado em clientes ou em piloto?

Esgotamento no LACNIC
Política implemetada em 2011 com 3 fases:
• FASE 1 “Estoque” /9 – Mai 2014
• FASE 2 “Estoque” /10 – jun 2014 (esgotamento)
• FASE 3 (atual) – Jan 2017
• Alocação inicial somente (/24 a /22)
Previsão atual de esgotamento: Jan/2020
Ricardo Patara (NIC.br)

Panorama do esgotamento do IPv4 e implantação do IPv6 na Internet
10anos.ipv6.br - Out/2018 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential !5
https://www.aelius.com/njh/google-ipv6/
http://6lab.cisco.com/stats/
“O dado que é público é que a rede da VIVO como um todo somando todos os
produtos é em torno de quase 50% de tráfego IPv6. Na móvel ele é ainda
mais concetrado” ... “esta em torno de 70%”.
“O Nat64 passa a fazer sentido quando ele passa da metade, pois passamos
a economizar efetivamente”
Fábio Scartoni (Vivo)

Painel: Desafios da implantação do IPv6 e desligamento do IPv4
Fórum Brasileiro de IPv6 – 09.10.2018
https://10anos.ipv6.br/
Problemas conhecidos do CGNAT
• On-line gaming
• Video streaming (Netflix, Hulu, …)
• IP cameras
• Security
• BitTorrent/Limewire (seeding – uploading)
• Port forwarding (Surveillance, Home-Automation)
• VoIP
• UPnP-IGD (Universal Plug & Play - Internet Gateway Device protocol)
• NAT-PMP (NAT Port Mapping Protocol)
• Other NAT Traversal mechs
• AJAX (Asyncronous Javascript And XML)
• FTP (big files)
• Tunnels, VPN, IPsec, ...
https://conference.apnic.net/46/
Tutorial 6-13 de Setembro: IPv6-only transition with demo
Esforços já adiantados para concluir as últimas pendencias práticas
Internet Society
IETF Meeting Nov/2018
• Trusted Systems, IoT & IPv6

• IPv6, NTP, Routing Security & IoT
• IPv6, TLS, DNS Privacy & Other Crypto
https://www.internetsociety.org/issues/ipv6/
Key Takeaway – No one size fits all
Multiple technology adoption scenarios
IPv6 Internet
IPv6 enabled IPv4 address pool exhausted (IPv6 only transport
endpoints viable from a market
New end-systems deployment (handset/RG) perspective)
IPv4 enabled
endpoints
Dual-Stack IPv6 only endpoints
technically viable
deployment
•NAT64
•6rd introduction NAT46

Large Scale NAT
(LSN) introduction
time
▪ Preserve IPv4, Prepare and Prosper with IPv6
▪ Remember: IPv6 Makes IPv4 network with NAT44 works better © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential !14
Key Takeaway – No one size fits all
Multiple technology adoption scenarios
IPv6 Internet
IPv6 enabled IPv4 address pool exhausted (IPv6 only transport
endpoints viable from a market
New end-systems deployment (handset/RG)
IPv4 enabled perspective)
endpoints
Dual-Stack IPv6 only endpoints
technically viable
deployment
•NAT64
•6rd introduction NAT46

Large Scale NAT
(LSN) introduction
▪ Preserve seu IPv4, Prepare e Prospere com IPv6

▪ LEMBRE-SE: IPv6 torna a rede IPv4 com NAT44 muito melhor
time
Topologia de Referencia
CPE
FTTH, PON OSPF, MPLS, BGP, BNG BGP BGP
WiFi
GPON, STP, VPLS, L3VPN (PPPoE/IPoE/BRAS) Full IPv4/
SD WAN CGNAT,
REP, 802.1Q IPv6
Security
Etc, Segment Routing DDoS
IPv6 NAT64
BGP-eVPN
DWDM © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential !16
Qual parte do backbone precisa fornecer trânsito
IPv6 ?
e IPv6
IPv4 e IPv6 sobre PPPoE
Trânsito IPv6
CGNAT
BNG
BGP
e IPv6
IPv4
IPv4 e IPv6 IPv4 e IPv6 e IPv6
• Peering IPv6
• Endereçamento IPv6
• Roteamento IPv6
• Serviços IPv6 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential !17
Borda
Agregação
Acesso
TOPOLOGIA LOGICA DO LAB
= 179.160.44.52 / 28
Roteador BGP - Recebe o IP = 179.160.44.52

2804:414:1004::/56 Cisco ISR 2900
Servidor BORDA - ASR-1001-X

BGP – PPPoE – BNG
Autenticação CGNAT / NAT64
IPv4 e IPV6
Distribuição
Router NCS – 540
Topo do ANEL
192.168.10.9 /24
L2VPN L2VPN
Distribuição
Anel MPLS / OSPF / L2VPN
MPLS/OSPF Cisco ASR-920
Cisco IE 3400
IP = CGNAT = 100.64.20.0 /24
CPE cliente PPPoE

Cisco ASR 1800
Cisco ASR 1900
Partindo de um Ambiente IPv4 Only
ASR – 1001-X
• BGPv4
• PPPoE IPv4
• BNG – RADIUS
• CGNAT
ASR – 1001-X
• BGPv4 BGPv6
• PPPoE IPv6
• BNG – RADIUS
• CGNAT
ASR – 1001-X
• BGPv4 BGPv6
• PPPoE IPv6
• BNG – RADIUS
• CGNAT NAT64
Mais informações
➔ Tutorial NIC.br
Como ir do IPv4 para o IPv6, passando pelo CGNAT e NAT64.
https://tutoriais.semanainfrabr.nic.br/2018/
➔ Canal ISP.Express
https://isp.express/
➔ Cursos e Eventos NIC.br
http://ipv6.br/
➔ Estatísticas IPv6 - CISCO
6lab.cisco.com/stats/
➔ IPv6 Country Rank
https://www.aelius.com/njh/google-ipv6/
Upcoming End of Sale Product Plan
OBRIGADO !!!
EoS/EoL Product Announcement Date Migration Platform
ME 3600X October 2016 ASR 920
ME 3800X October 2016 ASR 900 RSP3
ASR 901S October 2016 TBD
Adalberto Lins
[email protected]
Source:
Slides de Backup
ASR 1001-X Block Diagram
Resource /
2ndGeneration QFP: 20 Packet Buffer
Gbps Forwarding & Memory (4G)
Feature processing
ASR1001-X
Temp Sensor Mgmt Console CPU Memory
Rsrc/Pkt Oversub TCAM4 USB ENET and Aux
DDR3 DDR3 (10 Mbit) Power Ctlr DDR3
EEPROM
Processor Pool
PPE0
PPE0
PPE0
PPE1
PPE0
PPE0
PPE0
PPE2
PPE0
PPE0
PPE0
PPE3
PPE0
PPE0
PPE0
PPE4 QFP Stratum-3E
Network clock
circuit
PPE0
PPE0
PPE0
PPE0
PPE0
PPE6
… PPE0
PPE0
PPE0 Buffer,queue,
queue, schedule (BQS)
PPE0
PPE5 PPE31 Buffer, schedule (BQS) nvram
CPU
(2.0 GHz Quad-Core) Bootdisk
Dispatcher/Pkt
Buffer
SA table DRAM Boot Flash

(OBFL, …)
10GE
Integrated Crypto Integrated Control
SIP & Enet I/O Plane
Subsystem 10 10
- Quad Core CPU
GE GE GE GE GE GE GE GE Encryption
NIM SPA Coprocessor
8G Crypto
Solid State Drive Suite-B
200G or 400G PCIe 1G
Optionally in NIM SPA Control
SPA Bus Other
Slot
ASR 1001-X Block Diagram
Management NVRAM
TCAM
(10Mbit) QFP complex Ethernet
Card Infrastructure
Console SSD
PPEs BQS USB & Aux 200G/400G in
Resource NIM Boot Flash
DRAM (OBFL,…)
PPE1 PPE2 PPE3
(4GB)
Packet Buffer CPU Memory DDR3
DRAM
(512MB)
PPE4 PPE31 CPU (8GB) - Default
I2C Chassis
Crypto
2.0 GHz dual-core Management Bus
(Nitrox-II
CN6645 10 Dispatcher Packet Buffer
Cores)
Interconnect
GE, 1Gbps
I2C
MACSec Dual MACSec Quad MACSec Dual SPA Control
SPA Bus
10GE PHY 1GE PHY 1GE PHY
PCI
NIM HHSPA Other
TenGE0 GE0 GE2 GE4

TenGE1 GE1 GE3 GE5
Lab 1:
Partindo de um Ambiente
IPv4 Only
EQUIPAMENTOS DO LAB
TOPOLOGIA LOGICA DO LAB
= 179.160.44.52 / 28
Roteador BGP - Recebe o IP = 179.160.44.52

2804:414:1004::/56 Cisco ISR 2900
Servidor BORDA - ASR-1001-X

BGP – PPPoE – BNG
Autenticação CGNAT / NAT64
IPv4 e IPV6
Distribuição
Router NCS – 540
Topo do ANEL
192.168.10.9 /24
L2VPN L2VPN
Distribuição
Anel MPLS / OSPF / L2VPN
MPLS/OSPF Cisco ASR-920
Cisco IE 3400
IP = CGNAT = 100.64.20.0 /24
CPE cliente PPPoE

Cisco ASR 1800
Cisco ASR 1900
Borda
Agregação
Acesso
ASR – 1001-X
• BGPv4
• PPPoE IPv4
• BNG – RADIUS
• CGNAT
CONFIGURAÇÃO DO POOL PPPoE CGNAT - BNG SR 1001-X
interface Virtual-Template10
mtu 1480
ip unnumbered Loopback10
no ip unreachables
no ip proxy-arp
ip nat inside
no ipv6 nd ra suppress
peer default ip address pool v4cgn-pool1
ppp authentication chap pap calin
ppp ipcp dns 8.8.8.8 8.8.4.4
ip local pool v4cgn-pool1 100.64.20.10 100.64.20.110
CONFIGURAÇÃO CGNAT - BNG SR 1001-X
ip nat settings mode cgn
access-list 1 permit 100.64.20.0 0.0.0.255
ip nat pool POOL_CGNAT 179.150.55.106 179.150.55.106 prefix-length 28
ip nat inside source list 1 pool POOL_CGNAT
ip nat settings pap bpa set—size 512 step-size 8
Proporção de Tradução x alocação de portas
1 IP Valido == > 100 Ips de CGNAT = 512 portas
ip nat log translations flow-export v9 udp destination 192.168.10.16 2055
Passo 1:
Preparando o Backbone IPv6
IPv6 sobre PPPoE

Dual Stack CGNAT
ASR – 1001-X
• BGPv4 BGPv6
• PPPoE IPv6
• BNG – RADIUS
• CGNAT
IPv6 ?
IPv4 sobre PPPoE
CGNAT
BNG
BGP
IPv4
IPv4 IPv4
IPv6 ?
e IPv6
Trânsito IPv6
CGNAT
BNG
BGP
e IPv6
IPv4
• Peering IPv6
• Endereçamento IPv6
• Roteamento IPv6
• Serviços IPv6 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential !41
CONFIGURAÇÃO DE INTERFACES E POOL PPPoE IPv6 - BNG
BGPv6 SR 1001-X
interface GigabitEthernet0/0/1
description BGP_ISR2900
ip address 172.31.200.2 255.255.255.0
ip nat outside
negotiation auto
ipv6 address 2804:414:1004:5::1/64
ipv6 enable
router bgp 65500

bgp router-id 172.31.200.2
bgp log-neighbor-changes
neighbor 2804:414:1004:5::2 remote-as 65600
neighbor 2804:414:1004:5::2 description BGP_ISR2900
neighbor 172.31.200.1 remote-as 65600
neighbor 172.31.200.1 description BGP_ISR2900
CONFIGURAÇÃO DE INTERFACES E POOL PPPoE IPv6 - BNG
BGPv6 SR 1001-X
interface Virtual-Template10
ipv6 unnumbered Loopback10
ipv6 enable
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 nd router-preference High
ipv6 dhcp server dhcpv6
peer default ipv6 pool v6-pool1
ipv6 dhcp pool dhcpv6
prefix-delegation pool dhcpv6-pool1 lifetime 1800 600
dns-server 2001:4860:4860::8888
domain-name cisco.ainet.com.br
ipv6 local pool dhcpv6-pool1 2804:414:1004:4::/64
Lab 3:
NAT64 – IPv6
CGNAT
Onde Chegamos

IPv6
IPv4
NAT64
IPv6 IPv6
IPv4 BNG
BGP
IPv4
CGNAT IPv4
CONFIGURAÇÃO DE NAT64
interface GigabitEthernet0/0/1
nat64 enable
ipv6 access-list MYLIST

permit ipv6 64:FF9B::/96 any
permit ipv6 2804:414:1004:4::/64 any
permit ipv6 2804:414:1004::/56 any
permit ipv6 2804:414:1004:1::/64 any
nat64 prefix stateful 2804:414:1004::/96

nat64 v4 pool NAT64 172.31.201.2 172.31.201.3
nat64 v6v4 list MYLIST pool NAT64 overload
O que falta ser tratado?
No Passado Hoje No Futuro
v4 v4 v6 v4 v4 v6
CGN NAT64 6to4 6to4
v6
v4 v4 v4
(Público) (Público) (Privado)
v6
IPv4 e IPv6 Operando em Paralelo
NAT NAT 4to6 4to6
v4 v4 v4 v4 v6 v6 v6 v4 v4 v6 !47
© 2016 (Público)
Cisco and/or its affiliates. All rights reserved. Cisco Confidential
(Público) (Privado) (Público) (Privado) (Privado)

Transicao IPv6 - IXbr - SaoPaulo

Uploaded by

Copyright:

Available Formats

Transicao IPv6 - IXbr - SaoPaulo

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Transicao IPv6 - IXbr - SaoPaulo

Uploaded by

Copyright:

Available Formats

Fórum Regional lX.

1. Esse assunto é relevante para vocês?

2. Tem IPv4 válido sobrando para atender? SEM CGNAT

3. Quem esta fazendo CGNAT?

4. Você se sente a vontade para experimentar e implementar IPv6?

5. Quem já esta fazendo peering e recebendo IPV6 na Borda BGP?

6. Quem já tem IPv6 implementado em clientes ou em piloto?

Previsão atual de esgotamento: Jan/2020

Ricardo Patara (NIC.br)

Fábio Scartoni (Vivo)

• Trusted Systems, IoT & IPv6

•6rd introduction NAT46

•6rd introduction NAT46

▪ Preserve seu IPv4, Prepare e Prospere com IPv6

Roteador BGP - Recebe o IP = 179.160.44.52

Servidor BORDA - ASR-1001-X

CPE cliente PPPoE

ME 3600X October 2016 ASR 920

ME 3800X October 2016 ASR 900 RSP3

ASR 901S October 2016 TBD

SA table DRAM Boot Flash

TenGE0 GE0 GE2 GE4

Roteador BGP - Recebe o IP = 179.160.44.52

Servidor BORDA - ASR-1001-X

CPE cliente PPPoE

ip local pool v4cgn-pool1 100.64.20.10 100.64.20.110

ip nat settings pap bpa set—size 512 step-size 8

Proporção de Tradução x alocação de portas

1 IP Valido == > 100 Ips de CGNAT = 512 portas

ip nat log translations flow-export v9 udp destination 192.168.10.16 2055

IPv6 sobre PPPoE

IPv4 sobre PPPoE

router bgp 65500

IPv6 e IPv4 sobre PPPoE

ipv6 access-list MYLIST

nat64 prefix stateful 2804:414:1004::/96

CGN NAT64 6to4 6to4

NAT NAT 4to6 4to6

You might also like