06 Yves Gheerolfs Juniper en Ipv6

7/31/2019 06 Yves Gheerolfs Juniper en Ipv6

1/22

Juniper Networks and IPv6

April 5th, 2011

Yves Gheerolfs

Sr System Engineer

[email protected]


2/22

2 Copyright 2010 Juniper Networks, Inc. www.juniper.net

Legal statement

This presentation sets forth Juniper Networkscurrent intention and is subject to change at anytime without notice.

No purchases are contingent upon JuniperNetworks delivering any feature or functionalitydepicted in this presentation.


3/22


AGENDA

Who is Juniper Networks?

Juniper perspective on IPv4 exhaustion andIPv6 deployment

Juniper Supported Solutions

Juniper Product overview

Conclusion


4/22


WHO IS JUNIPER NETWORKS?


5/22


JUNIPER NETWORKS:FIFTEEN YEARS OF INNOVATION

IC Series

$500M $1.3B $2B

4800Employees 1000 1500

Revenue

M Series

T SeriesSSG Series

2500 3500

$2.8B$2.3B

5300

$3.5B

6500

FORTUNE

1THOUSAND#789

T1600

MX Series

Incorporated

SRX Series

MobileBackhaul

Acorn

TX Matrix+EX Series

$3.3B

7000

2002

1998 19992000

1996

2006

2004

2007

2005

2009

2008

$4B

8700

T4000

2010 MobileNext

MobileSecurity

Suite

2011

QFabric

PTX


6/22


JUNIPER NETWORKS:LEADER IN HIGH-PERFORMANCE NETWORKING

Top 100 Service Providers Fortune 100 Enterprises Public Sector

Best In Choice Operational Excellence

Government

$2.8BCash andinvestments

8,772Dedicatedemployees

$837M*AnnualR&D engine

As of December 31, 2010*Non-GAAP


7/22


JUNIPER PERSPECTIVE ON IPV4EXHAUSTION AND IPV6 DEPLOYMENT


8/22


IPV4 REALITY CHECK:IANA FREE POOL HAS EXHAUSTED

Post 2008 recession

Pre 2008 recession

2008 recession effect

After completion:Existing IPv4 addresses will not stop working.Current networks will still operate.

IANA exhaust: 2/1/2011RIR exhaust: soon after

0%


9/22


IPV6 REALITY CHECK: THE IPV4 LONG TAIL

Many hosts & applications in customer residentialnetworks (eg Win 95/98/2000/XP, Playstations,consumer electronic devices) are IPv4-only.

Most software & servers in enterprise network areIPv4-only

They will not function in an IPv6-only environment.

Few of those can or will upgrade to IPv6.

Content servers (web, email,) are hosted on theInternet by many different parties. It will take time toupgrade those to IPv6.

Current measurement:0.15% of Alexa top 1-million web sites are available via IPv6(This number has not changed in the last 12 months)Source: http://ipv6monitor.comcast.net

Function Element Status

Network Core Router: T

Edge Routers: MX, 6PE

Servers Linux 2.6+

Datacenter equipments, CDN

End-userclients

Windows 7(Many XP boxes out there)

MacOS 10.x

Game consoles Wii, PS3, Xbox

Software Web Browser: Firefox, IE, Safari

Skype

On-line PC games

SSL VPN

Content Web content available over IPv6

CE CPEs


10/22


IS IPV6 TAKING OFF?

A number of very large ISPs and very large content providers are deployingIPv6 and various transition technologies now.

Still early in the adoption curve.

But momentum is building fast So definitely cant be ignored.

But, IPv6 does not solve the immediate problem of IPv4 address exhaust.

Maintaining IPv4 service after IPv4 exhaustion is #1 priority for most players.

This implies some form of IPv4 address sharing: NAT

This implies transition technologies to choose from: DS-lite,

This implies transport technologies to choose from: MPLS (6PE, 6VPE), IPsec,

All having an impact on solution and network architecture


11/22


JUNIPER SUPPORTED SOLUTIONS


12/22


JUNOS supported IPv6 transport schemes

MPLSbased

6PEIPv6 Layer 3 VPN

(6VPE)

IPv6 schemes

Native IPv6(IPv4/IPv6dual stack)

IPv6 over IPv4configured

tunnels(GRE, IPsec,6rd)

IPbased


13/22


IPv6 transport schemes

MPLS tunnel

IPv6IPv6 IPv6IPv6IPv4IPv4

6PE6PE

MPLS tunnelVPNVPN

VPNVPN6VPE6VPE

IPsec / GRE tunnelIPoIPIPoIP


14/22


6RD (Rapid Deployment)

6rd is a transition technology to provide IPv6 service to end users over an existingIPv4 infrastructure.

IPv6 packets are tunneled in IPv4 with stateless v6 to v4 mapping and automaticprefix delegation derived from the v6 destination of each packet.

The key component changes are to the routed CPE to make it 6rd capable viasoftware or hardware upgrade, and introduction of a 6rd border relay function inthe Internet service provider (ISP) network to route the packets to IPv6 networks.

This transition technology alternative enables IPv6 services over IPv4infrastructure; however, it does not mitigate any IPv4 exhaustion concerns. 6rd can

therefore be used as a complement to NAT444.

IPv6 end-user IPv6 in IPv4 tunnel

6RD CPE

6RD RelayIPv6

IPv6IPv6 IPv6IPv6IPv4IPv4


15/22


IPv4 depletion and translation mechanism

DS-lite

NAT444

NAT64


16/22


DS-Lite

DS Lite function occurs on a customer premises equipment (CPE) device such as a home gateway.

If a device sends an IPv6 packet, the packet is routed normally to the IPv6 destination.

If a device sends an IPv4 packet, the CPE gateway performs the IPv4-in-IPv6 encapsulation, setting

the destination address of the IPv6 packet to the address of the DS Lite enabled CGNAT (aka AFTR).

A variation on the DS-Lite model implements DS-Lite on an individual end systemrather than on a CPE device.

The device is dual stacked, and therefore can send and receive both IPv4 and IPv6packets.

This has great potential for mobile broadband.


17/22


NAT444:

Three layers of IPv4 addressing

A private IPv4 block within the user network (behind the CPE NAT)

A different private IPv4 block for the user-to-provider links (between the CPE NAT and the CGNAT)

A public IPv4 address on the outside of the CG-NAT

In NAT444, the same IPv4 address block can be reused within each customer network,and the same IPv4 block can be reused on the inside of each CGNAT for the user-to-provider links.

It is this reuse of addresses behind multiple CG-NATs that provides the IPv4 addressscaling for NAT444 architecture.

A key advantage of this architecture is that it imposes no special requirements on the CPE NAT (assuming that RFC 1918 address space is used).However, to enable IPv6 services, either natively or via an IPv6 rapid deployment (6rd) tunneling technology, the CPE devices will need to be upgraded.


18/22


NAT64

Is an IPv4to-IPv6 Network Address Translator.

The headers of packets passing between an IPv6-only end system and an IPv4-only endsystem are converted from one protocol to the other,

allowing the end systems to communicate without knowing that the remote system isusing a different IP version.

A special DNS ALG, known as DNS64, is used to trick IPv6 hosts into thinking that theIPv4 destination is an IPv6 address.

The IPv6 host thinks that it is communicating with another IPv6 system, and the IPv4 system thinks that it is talking to another IPv4 system.

Neither end system participates directly in the translation process


19/22


JUNIPER PRODUCT PORTFOLIO


20/22


Security and CPE

PRODUCT PORTFOLIO POWERS THE NEW NETWORKRunning JUNOS SOFTWARE : THE POWER OF ONE:

Switches Routers

High-end SRX Series

SA Series & UAC

SRC Series SBR Series

EX Series

M Series

J SeriesT Series

E Series

Branch SRX Series

FULL IPv6 toolkit enabled, provided by

One OS, one release train, one architecture

FULL IPv6 toolkit enabled, provided by

One OS, one release train, one architecture

MX Series


21/22


CONCLUSION

It is the time for providers to get serious about IPv6.In doing so, it is critical to preserve IPv4 services.

Actions to be taken: Replacing/upgrading every CPE to enable IPv6

Making the operation of NAT technologies scale

Getting content on IPv6

Building an end-to-end network IPv6 enabled

Juniper provides what is needed today

More info on www.juniper.net/IPv6

and/or http://ipv6.juniper.net/IPv6


22/22

Thank You

Documents

06 Yves Gheerolfs Juniper en Ipv6