Cisco IOS Advantage Webinars
NAT64 Technology: NAT64,
IPv6 Branch Functionality
Steve Simlo
Prashant Jhingran
© 2011 Cisc...
•  Submit questions in Q&A panel and send to “All Panelists”
Avoid CHAT window for better access to panelists
•  For WebEx...
Speakers
Panelists
Andrew Yourtchenko
Technical Engineering
Leader
ayourtch@cisco.com
Amit Dutta
Product Manager
amdutta...
§  IPv6 Market Drivers
§  Cisco IPv6 Strategy
§  IPv6 Transition Technologies
§  IPv6/IPv4 Translation Scenarios
§  T...
© 2011 Cisco and/or its affiliates. All rights reserved.
5
The world will run out of IPv4 addresses in the next few years.
Mobile devices are growing
faster than the mobile
subscri...
© 2011 Cisco and/or its affiliates. All rights reserved.
7
IPv4 Address Run-Out
National IPv6 Strategies
US DoD, China NGI, EU
IPv6
IPv6 OS, Content &
Applications
Infrastructure...
Modern Devices Support IPv6
•  Prefer IPv6 connectivity (RFC 5221)
•  Use SLAAC/DHCPv6 and have Link Local Addresses
(RFC...
IPv6
DNS
<AAAA, A>
IPv4
CGN
True End to End
© 2011 Cisco and/or its affiliates. All rights reserved.
10
IPv6 Estimated Adoption Timeframes
2010
2012
2014
•  2010: Low Impact – Buying behavior shift
limited to mandated and e...
© 2011 Cisco and/or its affiliates. All rights reserved.
12
Preserve
Preserve the customer’s existing investment
Prepare
Prepare a migration and deployment plan
Prosper
•  Audit...
IPv6 User Access @ Cisco
•  Secured broad executive support
•  Progress requires multi-functional teams – not just a netwo...
© 2011 Cisco and/or its affiliates. All rights reserved.
15
© 2011 Cisco and/or its affiliates. All rights reserved.
16
Dual-Stack
Dual Stack Network
IPv4
IPv6
Internet
Peering
DMZ
SLB
IPv6 & IPv4
Servers
SLB
IPv6 & IPv4
Servers
SLB
...
IPv6/IPv4 Translation,
BEHAVE working group
Dual-Stack Network
Internet
IPv6 &
IPv4
Internet
IPv6
IPv6 over IPv4 & IP...
© 2011 Cisco and/or its affiliates. All rights reserved.
19
IPv4
Internet
1.
IPv6
Network
2.
IPv4
Internet
IPv6
Network
3.
IPv6
Internet
IPv4
Network
5.
IPv6
Network
IPv4
N...
Translation is not a long-term support
strategy; it is a medium-term
coexistence strategy that can be used to
facilitate a...
© 2011 Cisco and/or its affiliates. All rights reserved.
22
Enterprise / ISP Networks
Enterprise /ISP A
Having “greenfield” IPv6 only
Network.
DNS64
Server
IPv4 / IPv6 Internet
Sce...
Stateless NAT64
Stateful NAT64
1:1 translation
1:N translation
No conservation of IPv4
address
Conserves IPv4 address...
IPv4
IPv6
V6-only
End User
ISP
Hosting/
CDN
ISP
IPv4
Content
Subscribers
4 6
6 4
Considerations:
Experience, Scale,...
•  Synthesizes AAAA records when AAA not
present
With IPv6 prefix of NAT64 translator
DNS64
Internet
IPv6-only host
A...
© 2011 Cisco and/or its affiliates. All rights reserved.
27
ASR1000 Benefits
Solution Characteristics
§  IPv4 preservation. Support ICMP, UDP, TCP Apps.
§  NAT64 to provide IPv4 ...
Solution Characteristics
§  IPv4 preservation. Support ICMP, UDP, TCP Apps.
§  IPv6 Network Adoption and Acceleration
§...
ASR1000 Benefits
Solution Characteristics
§  Deployment flexibility from 2.5G to100G, low initial
investment required
§...
•  Security event correlation and
reduction for multi-gigabit traffic
Introducing NetFlow v9
capabilities on ASR1000
Exte...
© 2011 Cisco and/or its affiliates. All rights reserved.
32
IOS-XR Router
Domain
Application
Domain
• Linux Based
• Multi-Purpose Compute
Resource
• Used for CDS
Application with On...
© 2011 Cisco and/or its affiliates. All rights reserved.
34
§  NAT64 facilitates a gradual migration to IPv6 by allowing
“green-field” IPv6 networks to connect with the existing “l...
Cisco ISR
G2
Cisco ASR
1000
Series
Cisco
Carrier
Routing
System
(CRS-1 / 3)
Cisco ASR
9000 Series
Integrated
Service
Mo...
§  For more information about IPv6, visit http://www.cisco.com/go/ipv6
§  For more information about Cisco service provi...
§  ASR 1000 - Internet Gateway Router Design
http://www.cisco.com/en/US/prod/collateral/routers/ps9343/
solution_overvie...
•  Thank you!
•  Please complete the post-event survey
•  Join us for upcoming webinars:
Register: www.cisco.com/go/techad...
of 39

NAT64 Technology: NAT64, IPv6 Branch Functionality TechAdvantage Webinar

Slides from the Cisco TechAdvantage Webinar for a technical overview of Network Address Translation IPv6 to IPv4 (NAT64). As the world moves to IPv6 the issue of migrating an existing operational Internet to a new protocol, and supporting an ever increasing number of devices is a significant challenge. A critical part of this move is to provide a seamless transition between IPv4 and IPv6. The end user experience either on a pure IPv4 or a pure IPv6 network is supposed to be exactly the same. NAT64 is an important transition step for the enterprise to enable the move from a pure IPv4 Internet to an architecture where most or all transport is over IPv6. To ensure that the move to mixed mode scenarios is smooth and non-disruptive, various transition technologies have been invented; one of these is NAT64. By attending this webinar, you will learn how to manage and deploy NAT64 in your network. WebEx Replay: https://cisco.webex.com/ciscosales/lsr.php?AT=pb&SP=EC&rID=72827977&rKey=8b886dcdb23e099a
Published on: Mar 3, 2016
Published in: Technology      
Source: www.slideshare.net


Transcripts - NAT64 Technology: NAT64, IPv6 Branch Functionality TechAdvantage Webinar

  • 1. Cisco IOS Advantage Webinars NAT64 Technology: NAT64, IPv6 Branch Functionality Steve Simlo Prashant Jhingran © 2011 Cisco and/or its affiliates. All rights reserved. 1
  • 2. •  Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists •  For WebEx audio, select COMMUNICATE > Join Audio Broadcast •  For WebEx call back, click ALLOW phone button at the bottom of participants side panel •  Where can I get the presentation? Or send email to: ask_techadvantage@cisco.com •  Please complete the post-event survey •  Join us for upcoming TechAdvantage Webinars: www.cisco.com/go/techadvantage © 2011 Cisco and/or its affiliates. All rights reserved. 2
  • 3. Speakers Panelists Andrew Yourtchenko Technical Engineering Leader ayourtch@cisco.com Amit Dutta Product Manager amdutta@cisco.com Steve Simlo Prashant Jhingran Product Manager ssimlo@cisco.com Technical Marketing Engineer © 2011 Cisco and/or its affiliates. All rights reserved. pjhingra@cisco.com Wojciech Dec Technical Engineering Leader wdec@cisco.com 3
  • 4. §  IPv6 Market Drivers §  Cisco IPv6 Strategy §  IPv6 Transition Technologies §  IPv6/IPv4 Translation Scenarios §  Technologies Facilitating IPv6/IPv4 Translation §  Stateful NAT64 implementation on Cisco Platforms §  Summary §  References © 2011 Cisco and/or its affiliates. All rights reserved. 4
  • 5. © 2011 Cisco and/or its affiliates. All rights reserved. 5
  • 6. The world will run out of IPv4 addresses in the next few years. Mobile devices are growing faster than the mobile subscribers that use them. By 2016 there will be 7.5 billion people... ...and 19 billion fixed and mobile-connected devices. © 2011 Cisco and/or its affiliates. All rights reserved. 6
  • 7. © 2011 Cisco and/or its affiliates. All rights reserved. 7
  • 8. IPv4 Address Run-Out National IPv6 Strategies US DoD, China NGI, EU IPv6 IPv6 OS, Content & Applications Infrastructure Evolution End Point Explosion Smart Grid – Smart Meters Smart Cities – Internet of Things Cable – Set Top Boxes Mobile Telephony https://www.arin.net/knowledge/v4-v6.html © 2011 Cisco and/or its affiliates. All rights reserved. 8
  • 9. Modern Devices Support IPv6 •  Prefer IPv6 connectivity (RFC 5221) •  Use SLAAC/DHCPv6 and have Link Local Addresses (RFC 4862) •  Can run IPv6 over an IPv4 network under certain circumstances Tunneled over an IPv4 core, And/or on L2 segment •  Will try to use IPv6 if they receive a AAAA record from DNS •  Don’t always display IPv6 information (mobile devices) •  Use privacy addresses (RFC 4961) •  Modern browsers implement RFC 6555 (Happy Eyeballs) •  Use IPv6 link-local capabilities for plug and play protocols © 2011 Cisco and/or its affiliates. All rights reserved. 9
  • 10. IPv6 DNS <AAAA, A> IPv4 CGN True End to End © 2011 Cisco and/or its affiliates. All rights reserved. 10
  • 11. IPv6 Estimated Adoption Timeframes 2010 2012 2014 •  2010: Low Impact – Buying behavior shift limited to mandated and early adopters Globalization Early Adopters Transition Planning IPv6 Government Mandate Deadlines IPv4/IPv6 Co-existence •  2012: Mandates take effect – Globalization WorldIPv6Launch - Massive Mobile deployment. Transition to IPv6 forces customers to acquire product or managed services to sustain business and customer reach •  2014: IPv6 is mainstream – customers without transition infrastructure experience reduced service levels, diminished customer reach IPv6 Business Impact – The Cost of Waiting Goes Up Low Risk © 2011 Cisco and/or its affiliates. All rights reserved. Moderate Risk High Risk 11
  • 12. © 2011 Cisco and/or its affiliates. All rights reserved. 12
  • 13. Preserve Preserve the customer’s existing investment Prepare Prepare a migration and deployment plan Prosper •  Audit and leverage existing IPv6 capabilities •  Identify and enable critical IPv6 functional areas Prosper through the transition to IPv6 Internet •  Enable all systems with dual-stack capabilities •  Grow seamlessly as customers transition to IPv6 © 2011 Cisco and/or its affiliates. All rights reserved. 13
  • 14. IPv6 User Access @ Cisco •  Secured broad executive support •  Progress requires multi-functional teams – not just a networking problem •  Pursuing Outside-In and Inside-Out in parallel •  Coordinated equipment upgrades and software updates with fleet upgrade program •  Made sure common client configurations were tested •  Made operational changes e.g. IPv6-specific security mechanisms and monitoring solutions for IPv6 traffic •  To date •  Provided IPv6 access in approximately one-third of global offices – tunnel access for interim connectivity •  IPv6-enabled 100% of the core network •  Observed Happy Eyeballs (RFC 6555) in action •  Observed IPv6 attacks •  Monitor worldwide usage with 6lab.cisco.com/stats © 2011 Cisco and/or its affiliates. All rights reserved. 14
  • 15. © 2011 Cisco and/or its affiliates. All rights reserved. 15
  • 16. © 2011 Cisco and/or its affiliates. All rights reserved. 16
  • 17. Dual-Stack Dual Stack Network IPv4 IPv6 Internet Peering DMZ SLB IPv6 & IPv4 Servers SLB IPv6 & IPv4 Servers SLB IPv4 only Servers IPv4-Only Network IPv6 Tunneling IPv4 Internet Switching Tunnel Peering DMZ Switching Translation IPv4-Only Network IPv4 IPv6 6:4 Internet © 2011 Cisco and/or its affiliates. All rights reserved. Peering DMZ Switching 17
  • 18. IPv6/IPv4 Translation, BEHAVE working group Dual-Stack Network Internet IPv6 & IPv4 Internet IPv6 IPv6 over IPv4 & IPv4 over IPv6, Softwire Working Group IPv6 IPv4 Internet IPv4 © 2011 Cisco and/or its affiliates. All rights reserved. 18
  • 19. © 2011 Cisco and/or its affiliates. All rights reserved. 19
  • 20. IPv4 Internet 1. IPv6 Network 2. IPv4 Internet IPv6 Network 3. IPv6 Internet IPv4 Network 5. IPv6 Network IPv4 Network 6. IPv4 Network stateless IPv4 Network 4. stateful IPv6 Network IPv6 Internet With Static v6v4 mappings Not viable because too few IPv4 addresses With Static v6v4 mappings © 2011 Cisco and/or its affiliates. All rights reserved. 20
  • 21. Translation is not a long-term support strategy; it is a medium-term coexistence strategy that can be used to facilitate a long-term program of IPv6 transition by both Enterprises and ISPs.
  • 22. © 2011 Cisco and/or its affiliates. All rights reserved. 22
  • 23. Enterprise / ISP Networks Enterprise /ISP A Having “greenfield” IPv6 only Network. DNS64 Server IPv4 / IPv6 Internet Scenario 1 Enterprise / Content Providers Scenario 3 6:4 DNS(AAAA) Authoritative Server 6:4 IPv6 Internet Example-v4.com Application Servers in “legacy” IPv4 only network. Scenario 2 Example-v6.com Application Servers in “greenfield” IPv6 only network. 4:6 Enterprise/ISP B Having “legacy” IPv4 only Network. DNS (A) Authoritative Server IPv4 Internet Example-v4v6.com Application Servers in “dualstack” IPv4/IPv6 network. DNS Server Example.com Application Servers in “legacy” IPv4 only network. © 2011 Cisco and/or its affiliates. All rights reserved. 23
  • 24. Stateless NAT64 Stateful NAT64 1:1 translation 1:N translation No conservation of IPv4 address Conserves IPv4 address Assures end-to-end address transparency and scalability Uses address overloading, hence lacks in end-to-end address transparency No state or bindings created on the translation State or bindings are created on every unique translation Requires IPv4-translatable IPv6 addresses assignment No requirement on the nature of IPv6 address assignment Requires either manual or DHCPv6 based address assignment for IPv6 hosts Free to choose any mode of IPv6 address assignment viz. Manual, DHCPv6, SLAAC © 2011 Cisco and/or its affiliates. All rights reserved. 24
  • 25. IPv4 IPv6 V6-only End User ISP Hosting/ CDN ISP IPv4 Content Subscribers 4 6 6 4 Considerations: Experience, Scale, Cost, Operations, Technology… © 2011 Cisco and/or its affiliates. All rights reserved. 25
  • 26. •  Synthesizes AAAA records when AAA not present With IPv6 prefix of NAT64 translator DNS64 Internet IPv6-only host AAAA? (sent simultaneously) 2001:DB8:ABCD::192.0.2.1 © 2011 Cisco and/or its affiliates. All rights reserved. AAAA? Empty answer A? 192.0.2.1 26 2
  • 27. © 2011 Cisco and/or its affiliates. All rights reserved. 27
  • 28. ASR1000 Benefits Solution Characteristics §  IPv4 preservation. Support ICMP, UDP, TCP Apps. §  NAT64 to provide IPv4 preservation via PAT §  Bring up additional customers/sites with IPv6 §  Concurrently run NAT64 with PE features without performance degradation §  Dual-stack solutions to run multiple services §  IPv6 Network Adoption and Acceleration §  Integrated Services, NAT64 at Provider Edge §  Large selection of I/O and High Throughput §  Concurrent support for IPv4 & IPv6 Services §  QoS Policies aggregation for bandwidth reservation and prioritization §  Customer segmentation using VLANs with QoS to implement SLAs IPv6 Subscribers IP Edge Access WiFi Mesh v6 v4 Core Content Farms Applications & Services WiMAX Mobile Ethernet VOD TV SIP GGSN PDN GW Internet HA DSLAM Residential OLT Business NAT64 Ethernet/ MPLS/IP Core Network MPLS /IP Internet CMTS Corporate © 2011 Cisco and/or its affiliates. All rights reserved. 28
  • 29. Solution Characteristics §  IPv4 preservation. Support ICMP, UDP, TCP Apps. §  IPv6 Network Adoption and Acceleration §  Integrated Services, NAT64, IPsec, FW & CE §  Large selection of I/O and High Throughput §  Concurrent support for IPv4 & IPv6 Services §  Customer segmentation using VLANs with QoS to implement SLAs IPv4 Network Services ASR1000 Benefits §  NAT64 to provide IPv4 preservation via PAT §  Bring up additional customers/sites with IPv6 §  Concurrently run NAT64 with CE, IPsec, and Firewall features without performance degradation §  Dual-stack solutions to run multiple services §  QoS Policies aggregation for bandwidth reservation and prioritization ASR1K Stateful NAT64 Translator V6 Enabled CPEs Public Internet Services IPv4 addr IPv4 Internet IPv6 Address ISR 2900/3900 Branch Offices/ Customers V6 Network Branch/ Customer Enterprise Edge/ SP Edge IPv6 Prefix IPv4 addr suffix Any type of IPv6 Prefix is allowed © 2011 Cisco and/or its affiliates. All rights reserved. 29
  • 30. ASR1000 Benefits Solution Characteristics §  Deployment flexibility from 2.5G to100G, low initial investment required §  Hardware processed - High performance/ High scalability §  No need for dedicated hardware §  Directly and effectively addresses IPv4 address exhaustion for residential service providers §  Highly deployable based on known technology §  Least impact on existing infrastructure, including backend systems, maximizes return on investment §  Works for both PTA and LNS deployment models §  Rich ALG support Firewall NAT per PPP session Internet ISP A BRAS/LAC ASR1000 NAT per PPP session Ethernet LNS ASR1000 © 2011 Cisco and/or its affiliates. All rights reserved. 30
  • 31. •  Security event correlation and reduction for multi-gigabit traffic Introducing NetFlow v9 capabilities on ASR1000 Extends 10+ years of NetFlow innovation Enables compliance auditing •  Cisco ASR1000 •  Netflow v9 Netflow Collector 3rd Party Partner •  Support Logging of: §  Source and Destination IP/Ports §  Translated Source and Destinations IP/Ports §  VRF-ID © 2011 Cisco and/or its affiliates. All rights reserved. 31
  • 32. © 2011 Cisco and/or its affiliates. All rights reserved. 32
  • 33. IOS-XR Router Domain Application Domain • Linux Based • Multi-Purpose Compute Resource • Used for CDS Application with Onboard Modular Flash Storage • Used for Translation Setup and Logging of CGN Applications • IOS-XR • Control Plane • Data Forwarding • L3, L2 (management) • IRB (4.1.1) • Hardware Management Decoupling Application and IOSXR Plane delivers Highly Scalable and Flexible Services © 2011 Cisco and/or its affiliates. All rights reserved. 33
  • 34. © 2011 Cisco and/or its affiliates. All rights reserved. 34
  • 35. §  NAT64 facilitates a gradual migration to IPv6 by allowing “green-field” IPv6 networks to connect with the existing “legacy” IPv4 internet/networks. §  Stateful NAT64 facilitates seamless internet experience to users accessing the existing IPv4 internet services via a “green-field” IPv6-only network. §  SPs/Enterprises/Content providers or enablers can provide the IPv4 services seamlessly to IPv6 internet users by using stateful NAT64 technology, with minimal or no changes in the existing network infrastructure and thus maintaining IPv4 business continuity. §  Translation is not a long-term support strategy; it is a medium- term coexistence strategy that can be used to facilitate a longterm program of IPv6 transition by both Enterprises and SPs. © 2011 Cisco and/or its affiliates. All rights reserved. 35
  • 36. Cisco ISR G2 Cisco ASR 1000 Series Cisco Carrier Routing System (CRS-1 / 3) Cisco ASR 9000 Series Integrated Service Module Stateless NAT64 Cisco IOS 15.4(1) (Nov 2013) Cisco IOS® XE 3.2S Cisco IOS XR 3.9.3 N/A Stateful NAT64 Cisco IOS 15.4(2) (March 2014) Cisco IOS XE 3.4S Cisco IOS XR 4.1.2 Cisco IOS XR 4.3.0 © 2011 Cisco and/or its affiliates. All rights reserved. 36
  • 37. §  For more information about IPv6, visit http://www.cisco.com/go/ipv6 §  For more information about Cisco service provider solutions, visit http://www.cisco.com/go/sp §  For more information about Cisco enterprise solutions, visit http://www.cisco.com/go/enterprise §  Whitepaper - NAT64 Technology: Connecting IPv6 and IPv4 Networks http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/ white_paper_c11-676278.html §  Whitepaper - NAT64 Stateless versus Stateful http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/ white_paper_c11-676277.html §  For additional white papers on IPv6, visit http://www.cisco.com/en/US/products/ps6553/prod_white_papers_list.html §  http://blogs.cisco.com/news/world-ipv6-day-working-together-towards-a-new- internet-protocol/ © 2011 Cisco and/or its affiliates. All rights reserved. 37
  • 38. §  ASR 1000 - Internet Gateway Router Design http://www.cisco.com/en/US/prod/collateral/routers/ps9343/ solution_overview_c22-450068_ps9343_Product_Solution_Overview.html §  Cisco ASR 1000 Series Embedded Services Processors Data Sheet http://www.cisco.com/en/US/prod/collateral/routers/ps9343/ data_sheet_c78-450070.html §  ASR 9000 Series Integrated Service Module http://www.cisco.com/en/US/prod/collateral/routers/ps9853/ data_sheet_c78-663164.pdf §  CRS-1/3 Carrier-Grade Services Engine http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/ brochure_c02-560497_ns1017_Networking_Solutions_Brochure.html © 2011 Cisco and/or its affiliates. All rights reserved. 38
  • 39. •  Thank you! •  Please complete the post-event survey •  Join us for upcoming webinars: Register: www.cisco.com/go/techadvantage Follow us © 2011 Cisco and/or its affiliates. All rights reserved. @GetYourBuildOn 39

Related Documents