Mapping of Address and Port (MAP) an ISPs Perspective. E. Jordan Gottlieb Principal Engineer Charter Communications

Similar documents
Mapping of Address and Port using Translation (MAP-T) E. Jordan Gottlieb Network Engineering and Architecture

Mapping of Address and Port Using Translation

IPv6 Rapid Deployment (6rd) in broadband networks. Allen Huotari Technical Leader June 14, 2010 NANOG49 San Francisco, CA

IPv6 Rapid Deployment: Provide IPv6 Access to Customers over an IPv4-Only Network

Comcast IPv6 Trials NANOG50 John Jason Brzozowski

6RD. IPv6 Rapid Deployment. Version Fred Bovy. Chysalis6 6RD 1-1

Internet Engineering Task Force (IETF) Request for Comments: 7600

Unit 5 - IPv4/ IPv6 Transition Mechanism(8hr) BCT IV/ II Elective - Networking with IPv6

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

Planning for Information Network

An Industry view of IPv6 Advantages

COE IPv6 Roadmap Planning. ZyXEL

Yasuo Kashimura Senior Manager, Japan, APAC IPCC Alcatel-lucent

IPv6 : Internet Protocol Version 6

History. IPv6 : Internet Protocol Version 6. IPv4 Year-Wise Allocation (/8s)

Transitioning to IPv6

Stateful Network Address Translation 64

Tutorial 9. SOLUTION Since the number of supported interfaces is different for each subnet, this is a Variable- Length Subnet Masking (VLSM) problem.

BIG-IP CGNAT: Implementations. Version 13.0

Dual-Stack lite. Alain Durand. May 28th, 2009

IPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines. Merike Kaeo

b. Suppose the two packets are to be forwarded to two different output ports. Is it

IPV6 SIMPLE SECURITY CAPABILITIES.

IPv6 Address Planning

Configuring IPv6. Information About IPv6. Send document comments to CHAPTER

VXLAN Overview: Cisco Nexus 9000 Series Switches

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing

The Interconnection Structure of. The Internet. EECC694 - Shaaban

LOGICAL ADDRESSING. Faisal Karim Shaikh.

Network layer: Overview. Network Layer Functions

Internet Engineering Task Force (IETF) Request for Comments: 7040 Category: Informational. O. Vautrin Juniper Networks Y. Lee Comcast November 2013

Lecture 8. Network Layer (cont d) Network Layer 1-1

Introduction to IPv6 - II

Integrated Security 22

Cisco IOS IPv6. Cisco IOS IPv6 IPv6 IPv6 service provider IPv6. IPv6. data link IPv6 Cisco IOS IPv6. IPv6

IPv6 Next generation IP

TR-242 IPv6 Transition Mechanisms for Broadband Networks

Transition To IPv6 October 2011

IPv6 Technical Challenges

IPv6 Transition Mechanisms

IPv6: An Introduction

ECE 461 Internetworking Fall Quiz 1

Foreword xxiii Preface xxvii IPv6 Rationale and Features

Introduction to Network Address Translation

Network Layer Part A (IPv6) Network Layer 4-1

Network Configuration Example

CIS-331 Final Exam Spring 2016 Total of 120 Points. Version 1

CCNA Questions/Answers IPv6. Select the valid IPv6 address from given ones. (Choose two) A. FE63::0043::11:21 B :2:11.1 C.

Transition Strategies from IPv4 to IPv6: The case of GRNET

Network Configuration Example

Chapter 5 OSI Network Layer

IPv6 Transition Mechanisms

Radware ADC. IPV6 RFCs and Compliance

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Network Basic v0.1. Network Basic v0.1. Chapter 3 Internet Protocol. Chapter 3. Internet Protocol

BIG-IP CGNAT: Implementations. Version 12.1

Lecture 3. The Network Layer (cont d) Network Layer 1-1

Advanced Computer Networking. CYBR 230 Jeff Shafer University of the Pacific. IPv6

Internetworking Part 2

IPv6 Deployment Experiences. John Jason Brzozowski

Internet Engineering Task Force (IETF) A. Retana Cisco Systems July 2013

IPv4/v6 Considerations Ralph Droms Cisco Systems

ETSF05/ETSF10 Internet Protocols Network Layer Protocols

Charles Perkins Nokia Research Center 2 July Mobility Support in IPv6 <draft-ietf-mobileip-ipv6-14.txt> Status of This Memo

Position of IP and other network-layer protocols in TCP/IP protocol suite

Communication Systems DHCP

An IPv6 unicast address is an identifier for a single interface, on a single node. A packet that is sent to a unicast

The Netwok 15 Layer IPv4 and IPv6 Part 3

Network Layer/IP Protocols

Implementing IP in IP Tunnel

Athanassios Liakopoulos Slovenian IPv6 Training, Ljubljana, May 2010

Cisco Network Address Translation (NAT)

EP2120 Internetworking/Internetteknik IK2218 Internets Protokoll och Principer

The Internet Protocol (IP)

CSCI-1680 Network Layer:

University of Toronto Faculty of Applied Science and Engineering. Final Exam, December ECE 461: Internetworking Examiner: J.

6to4 & 6rd. Explained

Last time. Wireless link-layer. Introduction. Characteristics of wireless links wireless LANs networking. Cellular Internet access

Help I need more IPv6 addresses!

Patrick Grossetete Cisco Systems Cisco IOS IPv6 Product Manager 2003, Cisco Systems, Inc. All rights reserved.

Implementing MPLS VPNs over IP Tunnels

Internet Engineering Task Force (IETF) Request for Comments: 5969 Category: Standards Track ISSN: August 2010

Politecnico di Milano Scuola di Ingegneria Industriale e dell Informazione. 09 Intranetting. Fundamentals of Communication Networks

Data Communication & Networks G Session 7 - Main Theme Networks: Part I Circuit Switching, Packet Switching, The Network Layer

TCP/IP Protocol Suite

Datagram. Source IP address. Destination IP address. Options. Data

A Border Gateway Protocol 3 (BGP-3) DNS Extensions to Support IP version 6. Path MTU Discovery for IP version 6

Problem space matrix based on the guideline* Crossing IPv4 Island

IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker

Internet Engineering Task Force (IETF) Request for Comments: C. Jacquenet. Orange. S. Vinapamula Juniper Networks Q. Wu Huawei January 2019

Network Layer PREPARED BY AHMED ABDEL-RAOUF

IPv4 addressing, NAT. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley.

Best Current Operational Practice for operators: choose. Jordi Palet

The trend of IPv4 over IPv6 techniques, use cases and experience

Configuring Interfaces (Transparent Mode)

Subnet Masks. Address Boundaries. Address Assignment. Host. Net. Host. Subnet Mask. Non-contiguous masks. To Administrator. Outside the network

IP - The Internet Protocol

Packetization Layer Path Maximum Transmission Unit Discovery (PLPMTU) For IPsec Tunnels

The Network 15 Layer IPv4 and IPv6 Part 3

Completing Interface Configuration (Transparent Mode)

Transcription:

Mapping of Address and Port () an ISPs Perspective E. Jordan Gottlieb Principal Engineer Charter Communications jordan.gottlieb@charter.com

Agenda What is? Benefits of in Action Algorithms in Action Deployment Considerations Resources and Attributions

What is? Enables a service provider to support IPv4 based Internet access to customers over an IPv6 network domain Primary application is N:1 IPv4 address sharing Competing technology in the CGN/LSN solution space Can be deployed without IPv4 address overloading defines two transport modes Mapping of Address and Port with Encapsulation ( E) Transports traffic across IPv6 domain by encapsulating IPv4 traffic within a IPv6 header as specified in RFC2473 Mapping of Address and Port using Translation( T) Transports traffic by translating IPv4 headers to IPv6 headers using RFC6145 stateless translation Extremely complementary to native IPv6 deployments

Components in Context Private IPv4 RFC1918 IPv6 Public IPv4 CE BR Client Network Provider Network Internet Customer Edge (CE) A home gateway or router with support Responsible for forwarding native IPv6 traffic and translating between IPv4 and IPv6 Border Relay (BR) Provider side network gear that supports Can be existing (upgraded) equipment or dedicated appliance Responsible for forwarding IPv6 traffic and translating traffic between IPv4 and IPv6

Domains domains: A collection of interconnected CEs and BRs that share a common set of parameters Rule IPv6 Prefix: Customers are assigned end user prefixes out of this block for the purpose of defining mapping rules Rule IPv4 Prefix: The pool of available IPv4 addresses used to define mapping rules Embedded Address (EA): A value representing the number bits used to represent the mapping of address and ports BR Address or Prefix: Depending on transport mode a BR is reachable via a BR address ( E) or BR prefix ( T)

Rules Base Mapping Rule (BMR) Uses rule IPv6 prefix, rule IPv4 prefix, and EA length to define how the CEs derive their related addressing and assigned port allocations from their IPv6 end user prefix Forward Mapping Rule (FMR) Optional rules to allow direct CE to CE communications Default Mapping Rule (DMR) Used by T to reach destinations outside the domain through the BR. E defines a BR address to achieve the same capability

CE Addressing Private IPv4 RFC1918 IPv6 Public IPv4 CE LAN IPv6 Address CE CE IPv6 Address CE WAN IPv6 Address BR CE LAN IPv4 Address Client Network Provider Network Internet IPv4 CE Addressing Customer controls assignment on CE LAN segment (typically RFC1918) IPv6 CE Addressing WAN address assigned by provider and is independent of address is derived from assigned end user prefix LAN prefix is allocated from assigned end user prefix

Mapping of Address and Port A CE is assigned a logical Public IPv4 Address The BMR is used to obtain this address by extracting an index value from the EA bits within the end user IPv6 prefix When a Public IPv4 address is shared the EA bits also contain an index value into a set of ports a CE can use for the NAPT function Port set ID (PSID): The index value for a particular unique set of algorithmically assigned layer 4 ports and ICMP messages with the Identifier field Given a rule IPv6 prefix length /48, a rule IPv4 prefix length /24, and an EA length of 14 (sharing ratio of 64 to 1): EA Bits 48-61 (14 bits) End User IPv6 Prefix /62 Rule IPv6 Pfx: Bits 0-47 AddrIndex 8 bits PSID 6 bits End-User Host Bits 62-127

Benefits of Traditional Broadband CPE Paradigm Stateless Border Relays Minimal Logging Requirements Aligns with Native IPv6 Deployments

Traditional Broadband CPE Paradigm Private IPv4 RFC1918 IPv6 Public IPv4 NAPT Function CE Assigned 68.114.2.2 PSID 1 (1008 ports) 192.168.1.0/24 Client Network Internet NAPT Function CE 192.168.1.0/24 Client Network Assigned 68.114.2.2 PSID 2 (1008 ports) Provider Network Looks and operates in similar fashion as traditional broadband services only with a reduced number of provisioned layer 4 ports Scales better than NAT444 with RFC6598 (100.64.0.0/10) addressing as forwarding to and from CE is with a IPv6 address

Stateless Border Relays Private IPv4 RFC1918 IPv6 Public IPv4 CE BR Address or Prefix can be originated via anycast in support of HA and ECMP Client Network Asymmetric traffic flows are permitted Internet Provider Network Internet Border relays behave more like routers and less like firewalls Easier to test than competing stateful LSN approaches (no ALGs, no state) Testing consists of valid unidirectional flows

Minimal Logging Requirements Low logging overhead in support of law enforcement and abuse requests Non shared public IPv4 addresses can be algorithmically mapped back to the assigned IPv6 end user prefix Shared public IPv4 address and port combination can be algorithmically mapped back to the assigned IPv6 end user prefix Even a network engineer can do it: https://github.com/ejordangottlieb/pyswmap: A Python 3 module I wrote

Aligns with Native IPv6 Deployments Private IPv4 RFC1918 IPv6 Public IPv4 Delegated Prefix 2001:506:101:2e8::/62 CE Rule IPv6 Prefix 2001:506:101::/48 BR Aggregate IPv6 Prefix 2001:506:101::/48 Client Network Provider Network Internet Basically a native IPv6 deployment where an IPv6 prefix is assigned to the customer LAN Delta: Requires CPE and BR with support and provisioning of domain parameters Derives IPv4 address and port allocations without requiring new IPv6 aggregation and customer prefix allocations

in Action Using our example PD of 2001:506:101:2e8:/62 Rule IPv6 Prefix 2001:506:101::/48 Rule IPv4 Prefix 68.114.2.0/24 EA length 14 (sharing ratio 64 to 1) PSID 58 (derived from our assigned PD) DHCPv6 Provisioning Example E Traffic Flow Example T Traffic Flow Example

DHCPv6 Provisioning Example Private IPv4 RFC1918 IPv6 Public IPv4 CE PD 2001:506:101:2e8::/62 Option 94 or 95 DHCPv6 Complex BR Client Network Provider Network Internet Nearly identical to DHCPv6 with Prefix Delegation Option 94 ( E) and Option 95 ( T) provide domain values Rule IPv6 and IPv4 Prefix EA Length PSID Offset BR address for E or BR prefix for T

E Example State: TCP 192.168.1.101:1025 68.114.1.2:4000 206.1.1.1:80 Private IPv4 RFC1918 IPv6 Public IPv4 Delegated Prefix 2001:506:101:2e8::/62 CE BR address 2001:db8::1 BR Client Network Provider Network Internet IPv4 Forwarding IPv6 Forwarding 1025 80 4000 80 TCP 192.168.1.101 206.1.1.1 TCP 68.114.2.2 206.1.1.1 IPv4 Forwarding NAPT and IPv6 Encapsulation at CE 4000 80 TCP 68.114.2.2 206.1.1.1 2001:506:101:2e8:0:4472:202:3a 2001:db8::1 4000 80 TCP 68.114.2.2 206.1.1.1 4000 80 TCP 2001:506:101:2e8:0:4472:202:3a 2605:ab:cd::1 IPv6 Forwarding

T Example State: TCP 192.168.1.101:1025 68.114.1.2:4000 206.1.1.1:80 Private IPv4 RFC1918 IPv6 Public IPv4 Delegated Prefix 2001:506:101:2e8::/62 CE BR Prefix 2001:db8::/64 BR Client Network Provider Network Internet IPv4 Forwarding IPv6 Forwarding 1025 80 4000 80 TCP 192.168.1.101 206.1.1.1 TCP 68.114.2.2 206.1.1.1 IPv4 Forwarding NAPT and Stateless IPv6 Translation at CE 4000 80 TCP 2001:506:101:2e8:0:4472:202:3a 2001:db8::ce:101:0100:0 4000 80 TCP 68.114.2.2 206.1.1.1 4000 80 TCP 2001:506:101:2e8:0:4472:202:3a 2605:ab:cd::1 IPv6 Forwarding

Algorithms in Action Basic Mapping Rule (BMR) PSID Algorithm

Basic Mapping Rule (BMR) Using our example PD of 2001:506:101:2e8::/62 Rule IPv6 Prefix 2001:506:101::/48 Rule IPv4 Prefix 68.114.2.0/24 EA length 14 (sharing ratio 64 to 1) 2001:506:101:[0000001011101000]::/62 = 2001:506:101:2e8::/62 68.114.2.0/24 index 2 = 68.114.2.2 PSID = 58

PSID Algorithm Using our example PD of 2001:506:101:2e8::/62 Rule IPv6 Prefix 2001:506:101::/48 Rule IPv4 Prefix 68.114.2.0/24 Sharing Ratio 64 to 1 PSID Offset: 6 PSID = 58 from our previous example 0000001110100000 16 bits representing all possible layer 4 port values A Y M Allowed ports = (A >= 000001), Y=PSID, and any value M A >= 000001 (because PSID Offset = 6) is => 1024 A = 000001 and M = 0000 thru A = 111111 and M = 1111 1024 + 928 + 0 = 1952 is first available port 64512 + 928 + 15 = 65455 is last available port

Deployment Considerations IPv4 BR Fragment Handling Payload Considerations Layer 3 Transparency Rule IPv6 Prefix Sizing E or T?

BR Fragment Handling Border relay forwarding is not 100% stateless Initial fragment contains layer 4 information and can be forwarded to the correct CE address using the mapping algorithm Subsequent packet fragments do not include layer 4 information and must be forwarded by IPv4 destination and fragment ID which requires state maintenance

Payload Considerations Encapsulation and translation as transport mechanism come with varying levels of overhead E overhead is >= 40 bytes over original transmitted IPv4 packet T overhead is >= 20 bytes over original transmitted IPv4 packet Jumbo frame support in the IPv6 domain is desirable A CE with a 1500 byte LAN MTU and a jumbo WAN MTU can mimic a traditional IPv4 1500 MTU broadband environment

Layer 3 Transparency Layer 3 Transparency refers to the ability to retain all the values stored in the IPv4 header E achieves full transparency by encapsulating the IPv4 header T achieves a high level of transparency by mapping to equivalent IPv6 header values through address translation techniques T Propagation of DF and MF Flags RFC6145 describes stateless translation algorithms used by T DF Bit = 0 include a IPv6 fragment header in translation process DF Bit = 1 do not include a IPv6 fragment header in translation process MF Bit = 1 implied when IPv6 fragment header is present No way to do DF=1 and MF=1 which is a recommendation made in RFC4821 section 8

Rule IPv6 Prefix Sizing domain rule IPv6 scope and sharing ratio drives the IPv4 prefix requirement Domains defined on top level IPv6 aggregation boundaries will require a large contiguous IPv4 block A domain defined on a regional boundary with a /32 IPv6 prefix allocation, a /62 user prefix, and a 64:1 ratio requires a /7 IPv4 prefix allocation Smaller IPv4 prefix allocations drive more domain instances per region A domain defined with a /46 IPv6 prefix allocation, a /62 user prefix allocation, and 64:1 ratio requires a /22 prefix allocation

E or T I am an advocate of T because of the full 5 tuple visibility which allows Traditional deployment of edge filters and classifiers Traffic engineering for IPv4 destinations outside the domain The ability to deploy IPv4 mapped IPv6 addressed servers and services that support IPv4 customer endpoints. BR is not necessary. Superior levels of granularity for link aggregation and ECMP Utilization of DoS countermeasures based on BGP Flowspec

Resources and Attributions Resources http://map46.cisco.com/.php Cisco Simulation Tool and Other Links https://github.com/ejordangottlieb/pyswmap A Module for Python 3 http://enog.jp/~masakazu/vyatta/map/ Vyatta based BR or CE Attributions https://tools.ietf.org/html/draft ietf softwire map t T https://tools.ietf.org/html/draft ietf softwire map E https://tools.ietf.org/html/draft ietf softwire map dhcp DHCP Options https://tools.ietf.org/html/rfc6052 IPv6 Addressing of IPv4/IPv6 Translators https://tools.ietf.org/html/rfc6145 IP/ICMP Translation Algorithm https://tools.ietf.org/html/rfc4821 Packetization Layer Path MTU Discovery http://www.cisco.com/c/en/us/solutions/collateral/ios nx ossoftware/enterprise ipv6 solution/whitepaper_c11 729800.html Cisco Technical Guide to Mapping of Address and Port

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback