Upload
dario-benitez
View
221
Download
0
Embed Size (px)
Citation preview
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
1/22
Juniper Networks and IPv6
April 5th, 2011
Yves Gheerolfs
Sr System Engineer
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
2/22
2 Copyright 2010 Juniper Networks, Inc. www.juniper.net
Legal statement
This presentation sets forth Juniper Networkscurrent intention and is subject to change at anytime without notice.
No purchases are contingent upon JuniperNetworks delivering any feature or functionalitydepicted in this presentation.
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
3/22
3 Copyright 2010 Juniper Networks, Inc. www.juniper.net
AGENDA
Who is Juniper Networks?
Juniper perspective on IPv4 exhaustion andIPv6 deployment
Juniper Supported Solutions
Juniper Product overview
Conclusion
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
4/22
4 Copyright 2010 Juniper Networks, Inc. www.juniper.net
WHO IS JUNIPER NETWORKS?
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
5/22
5 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER NETWORKS:FIFTEEN YEARS OF INNOVATION
IC Series
$500M $1.3B $2B
4800Employees 1000 1500
Revenue
M Series
T SeriesSSG Series
2500 3500
$2.8B$2.3B
5300
$3.5B
6500
FORTUNE
1THOUSAND#789
T1600
MX Series
Incorporated
SRX Series
MobileBackhaul
Acorn
TX Matrix+EX Series
$3.3B
7000
2002
1998 19992000
1996
2006
2004
2007
2005
2009
2008
$4B
8700
T4000
2010 MobileNext
MobileSecurity
Suite
2011
QFabric
PTX
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
6/22
6 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER NETWORKS:LEADER IN HIGH-PERFORMANCE NETWORKING
Top 100 Service Providers Fortune 100 Enterprises Public Sector
Best In Choice Operational Excellence
Government
$2.8BCash andinvestments
8,772Dedicatedemployees
$837M*AnnualR&D engine
As of December 31, 2010*Non-GAAP
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
7/22
7 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER PERSPECTIVE ON IPV4EXHAUSTION AND IPV6 DEPLOYMENT
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
8/22
8 Copyright 2010 Juniper Networks, Inc. www.juniper.net
IPV4 REALITY CHECK:IANA FREE POOL HAS EXHAUSTED
Post 2008 recession
Pre 2008 recession
2008 recession effect
After completion:Existing IPv4 addresses will not stop working.Current networks will still operate.
IANA exhaust: 2/1/2011RIR exhaust: soon after
0%
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
9/22
9 Copyright 2010 Juniper Networks, Inc. www.juniper.net
IPV6 REALITY CHECK: THE IPV4 LONG TAIL
Many hosts & applications in customer residentialnetworks (eg Win 95/98/2000/XP, Playstations,consumer electronic devices) are IPv4-only.
Most software & servers in enterprise network areIPv4-only
They will not function in an IPv6-only environment.
Few of those can or will upgrade to IPv6.
Content servers (web, email,) are hosted on theInternet by many different parties. It will take time toupgrade those to IPv6.
Current measurement:0.15% of Alexa top 1-million web sites are available via IPv6(This number has not changed in the last 12 months)Source: http://ipv6monitor.comcast.net
Function Element Status
Network Core Router: T
Edge Routers: MX, 6PE
Servers Linux 2.6+
Datacenter equipments, CDN
End-userclients
Windows 7(Many XP boxes out there)
MacOS 10.x
Game consoles Wii, PS3, Xbox
Software Web Browser: Firefox, IE, Safari
Skype
On-line PC games
SSL VPN
Content Web content available over IPv6
CE CPEs
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
10/22
10 Copyright 2010 Juniper Networks, Inc. www.juniper.net
IS IPV6 TAKING OFF?
A number of very large ISPs and very large content providers are deployingIPv6 and various transition technologies now.
Still early in the adoption curve.
But momentum is building fast So definitely cant be ignored.
But, IPv6 does not solve the immediate problem of IPv4 address exhaust.
Maintaining IPv4 service after IPv4 exhaustion is #1 priority for most players.
This implies some form of IPv4 address sharing: NAT
This implies transition technologies to choose from: DS-lite,
This implies transport technologies to choose from: MPLS (6PE, 6VPE), IPsec,
All having an impact on solution and network architecture
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
11/22
11 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER SUPPORTED SOLUTIONS
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
12/22
12 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNOS supported IPv6 transport schemes
MPLSbased
6PEIPv6 Layer 3 VPN
(6VPE)
IPv6 schemes
Native IPv6(IPv4/IPv6dual stack)
IPv6 over IPv4configured
tunnels(GRE, IPsec,6rd)
IPbased
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
13/22
13 Copyright 2010 Juniper Networks, Inc. www.juniper.net
IPv6 transport schemes
MPLS tunnel
IPv6IPv6 IPv6IPv6IPv4IPv4
6PE6PE
MPLS tunnelVPNVPN
VPNVPN6VPE6VPE
IPsec / GRE tunnelIPoIPIPoIP
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
14/22
14 Copyright 2010 Juniper Networks, Inc. www.juniper.net
6RD (Rapid Deployment)
6rd is a transition technology to provide IPv6 service to end users over an existingIPv4 infrastructure.
IPv6 packets are tunneled in IPv4 with stateless v6 to v4 mapping and automaticprefix delegation derived from the v6 destination of each packet.
The key component changes are to the routed CPE to make it 6rd capable viasoftware or hardware upgrade, and introduction of a 6rd border relay function inthe Internet service provider (ISP) network to route the packets to IPv6 networks.
This transition technology alternative enables IPv6 services over IPv4infrastructure; however, it does not mitigate any IPv4 exhaustion concerns. 6rd can
therefore be used as a complement to NAT444.
IPv6 end-user IPv6 in IPv4 tunnel
6RD CPE
6RD RelayIPv6
IPv6IPv6 IPv6IPv6IPv4IPv4
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
15/22
15 Copyright 2010 Juniper Networks, Inc. www.juniper.net
IPv4 depletion and translation mechanism
DS-lite
NAT444
NAT64
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
16/22
16 Copyright 2010 Juniper Networks, Inc. www.juniper.net
DS-Lite
DS Lite function occurs on a customer premises equipment (CPE) device such as a home gateway.
If a device sends an IPv6 packet, the packet is routed normally to the IPv6 destination.
If a device sends an IPv4 packet, the CPE gateway performs the IPv4-in-IPv6 encapsulation, setting
the destination address of the IPv6 packet to the address of the DS Lite enabled CGNAT (aka AFTR).
A variation on the DS-Lite model implements DS-Lite on an individual end systemrather than on a CPE device.
The device is dual stacked, and therefore can send and receive both IPv4 and IPv6packets.
This has great potential for mobile broadband.
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
17/22
17 Copyright 2010 Juniper Networks, Inc. www.juniper.net
NAT444:
Three layers of IPv4 addressing
A private IPv4 block within the user network (behind the CPE NAT)
A different private IPv4 block for the user-to-provider links (between the CPE NAT and the CGNAT)
A public IPv4 address on the outside of the CG-NAT
In NAT444, the same IPv4 address block can be reused within each customer network,and the same IPv4 block can be reused on the inside of each CGNAT for the user-to-provider links.
It is this reuse of addresses behind multiple CG-NATs that provides the IPv4 addressscaling for NAT444 architecture.
A key advantage of this architecture is that it imposes no special requirements on the CPE NAT (assuming that RFC 1918 address space is used).However, to enable IPv6 services, either natively or via an IPv6 rapid deployment (6rd) tunneling technology, the CPE devices will need to be upgraded.
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
18/22
18 Copyright 2010 Juniper Networks, Inc. www.juniper.net
NAT64
Is an IPv4to-IPv6 Network Address Translator.
The headers of packets passing between an IPv6-only end system and an IPv4-only endsystem are converted from one protocol to the other,
allowing the end systems to communicate without knowing that the remote system isusing a different IP version.
A special DNS ALG, known as DNS64, is used to trick IPv6 hosts into thinking that theIPv4 destination is an IPv6 address.
The IPv6 host thinks that it is communicating with another IPv6 system, and the IPv4 system thinks that it is talking to another IPv4 system.
Neither end system participates directly in the translation process
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
19/22
19 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER PRODUCT PORTFOLIO
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
20/22
20 Copyright 2010 Juniper Networks, Inc. www.juniper.net
Security and CPE
PRODUCT PORTFOLIO POWERS THE NEW NETWORKRunning JUNOS SOFTWARE : THE POWER OF ONE:
Switches Routers
High-end SRX Series
SA Series & UAC
SRC Series SBR Series
EX Series
M Series
J SeriesT Series
E Series
Branch SRX Series
FULL IPv6 toolkit enabled, provided by
One OS, one release train, one architecture
FULL IPv6 toolkit enabled, provided by
One OS, one release train, one architecture
MX Series
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
21/22
21 Copyright 2010 Juniper Networks, Inc. www.juniper.net
CONCLUSION
It is the time for providers to get serious about IPv6.In doing so, it is critical to preserve IPv4 services.
Actions to be taken: Replacing/upgrading every CPE to enable IPv6
Making the operation of NAT technologies scale
Getting content on IPv6
Building an end-to-end network IPv6 enabled
Juniper provides what is needed today
More info on www.juniper.net/IPv6
and/or http://ipv6.juniper.net/IPv6
7/31/2019 06 Yves Gheerolfs Juniper en Ipv6
22/22
Thank You