CGN—IPv6快速增量部署方案.ppt

,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Security Level:,2010-4-9,CGN-IPv6 IncrementalDeployment SLiu XuebinHuawei Carrier IP Senior Marketing Manager,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 2,IPTV、M2MVoIP、VPN,BIG ICP,SmallICP,services,EnclosedSP Owned,OpenedBig ICP,OpenedSmall ICP,networkterminal,IPv4,IPv6,IPv6 Evolution Strategy,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 3,Most challenges of IPv6 Migration comefrom Application,Terminal&ServiceEdge,BRAS,Audio,Web,Video,NAT,P,Access,Edge,Core,Application,Fixed,Access,DHCP,P,P,PC,TV,ToIP,HGW,Terminal,DNS,Mostly pipe,Mostly pipe,1st,but outof scope,3rd,undercontrol,2nd,partlyunder,control,Metro,MobileAccess,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 4,No“one-fit-all”,should be Customized,Dual-Stack,Tunneling,Translation,Advs.,Simple&Matured,without ALG&MTUlimitationGood at scalability,reliability,performance,The most effective way ofisland connection,without ALG limitation,NAT64:the only way ofIPv6-only host accessIPv4-only serviceNAT444:prolong IPv4,Cons.,No help with IPv4address exhaustion,HG Update,NAT444：ALG limitation&,weak scalabilityNAT64：ALG limitation&,weak scalability,Suggs.,1st priority in early stepsCoordinating with othertechs,6PE/6VPE in backboneDS-Lite(CGN)in metro,Reduce NAT deploymentAvoid 2 level NAT,IPv6 Evolution,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 5,DS+NAT444,Seamless IPv6evolution,IPv6,DS-Lite+NAT64,1,2,Delay IPv4 address exhaustion,IPv4,6RD fast IPv6intrduce,Flexible Evolution PathDS-lite accelerate,IPv6 evolution,6RD3,DS or DS-Lite can make IPv6 evolution seamlessly,while 6RDneed more step to DS ore DS-Lite,and no help to delay IPv4address exhaustion,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 6,DS-Lite with 6PE/6vPE accelerates IPv6Incremental Deployment(CGN Solution),Home,DSLAMDSLAM,IPv4IPv6,IPv6/IPv4 MPLS Metro,IPv4IPv6,LAN:Dual,StackWAN:IPv6 only4-in-6 tunneling,Bridged or Routed mode,CGN:DS-Lite Concentrator withNAT44,BNG:DHCPv6 or PPPoEv6 subsmgmt,6PE/6VPE,DS-Lite principle:Native IPv6 Ocean with IPv4 home network and IPv4 serviceislandIPv4 subscriber management using IPv6 BNG only4-in-6 tunneling between CPE and CGN,address translation at CGNIPv6 enabled transport network using 6PE&6vPE technologies,CGN/BNG,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 7,CPE,CGN,IPv4 headerVLANEthernet,payloadIPv6 header,IPv6 headerIPv4 header,MPLS label stackVLANEthernet,payload,IPv4 headerVLANEthernet,payloadIPv6 header,payloadIPv4 headerEthernet,IPv6 headerIPv4 header,MPLS label stackVLANEthernet,payload,IPv4 headerVLANEthernet,payloadIPv6 header,payloadIPv4 headerEthernet,IPv4 headerVLANEthernet,payloadIPv6 header,IPv6 routed mode,IPv4/v6 LANIPv4Host,IPv4 traversing DS-Lite Network4-in-6 tunnelv4 public,6PE tunnelIPv4/MPLS,networkIPV4,DS-Lite,DS-Lite,6PE,6PE,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 8,Metro,Tunneling,6PE,6vPE,Horizontal Scaling with CGNs,Audio,Web,Video,P,Core,Application,P,P,BRAS,BNG,Edge,CGN,DNS,Tunneling,6PE,6vPE,BRAS,BNG,Edge,DNS,CGN,Distributed CGNs deployed for load-balancing,redundancy and scalability considerations,Access,FixedAccess,PC,TV,ToIP,HGW,Terminal,MobileAccess,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 9,Advantages of DS-Lite CGN&6PE/6vPE,CGN(DS-Lite),Single NAT,no need of multiple layers of NAT,only enable NAT in operators networkNo impact on applications running behind NAT(i.e.,SIP,Skype,online gaming,UPnP etc),Each home can use the full RFC 1918 addressspace,Single BNG based on IPv6No need of private IPv4 addresses in SP networkEasy and simple tunnel establishmentTunnel endpoint is discovered with StatelessDHCPv6No signaling required between CPE and AFTRA lightweight solution for providing IPv4 connectivity,over IPv6 only access,metro and backbone,infrastructure,Control plane(IGP,BGP,LSP)sessions continue tobe signaled over IPv4,P routers does not need anymodificationMinimizes operational costand risk,6PE/6vPELeverages on existing MPLS,VRRP gropu 2,VRRP,gruop2-1,VRRP,group2-2,VRRP group1,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 10,BFD,HRP,VRRP for CGN,One anycast address for multi-CGNs;Active sends VRRP Hello packet to Backupperiodically,then Backup will be changed to Active when it can not receive VRRP Hellopacket more than 3 times;link state is detected by BFD less than 50ms,the switchover timecould be less than 30ms,CGN State Synchronization HRP“Huawei Redundancy Protocol“NAT hot standby“draft-xu-stateful-nat-standby”SCSP“draft-xu-nat-state-sync-00”,different anycast address formulti-VRRP groupseach group is associated withdifferent anycast address,CGN Hot-standby&Load BalancingCGN1 Priority=90ActiveCGN1 Priority=10Backup,Internet v4CGN2 Priority=10BackupCGN1 Priority=90Active,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 11,6vPE1,6vPE3,P1,P2,CE1,IPv6 VPNA,IPv6 VPNA,IP/MPLS,CE2 2001:A304:6,101:1:E0:F7,26:4E58/64,1.1.1.1/32,2.2.2.2/32,6vPE routing tableDestination address:2001:A304:6101:1:E0:F726:4E58/64Next hop：1.1.1.1/32Backup next hop：2.2.2.2/32,Problem definition:One PE2 failure,service convergence timedepends on time required to update the FIBentries in PE1 with the alternative routesVPN FRR working principle Routing information of both PE2 and PE3 arestored in FIB of PE1 When PE2 node failure is detected at PE1,traffic is immediately switched to standby,VPN FRR route6vPE FRR can guarantee 200ms convergence when 6vPE node failure occurs,6vPE FRR ensures 200ms Protection6vPE2,NAT,Address,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 12,3-tuple on CPE with Session Mappingon CGN ensures Real-nameRegistration,DS-LiteCGN,DS-LiteIPv4HostCPETimestamp,IPv6 orIPv4/MPLSMetroHash Key1,Source Address,Source PortTunnel ID,Source Address after,Source Port after NATTunnel ID,Destination,Destination Port,3-tuplefrom CPE,6PEIPv4/MPLS BackboneCoreHash Key2,6PEIPV4Hash Key3,HUAWEI TECHNOLOGIES CO.,LTD.,Huawei Confidential,Page 13,Summary,Core routers are hardware capable to support IPv6 and dual stackoperation modeMetro Access,Metro Core routers,Multi-service Edge,BRAS,BNGplatforms are,Support 6PE and 6vPE for transit services between address familiesHardware capable to support IPv6 and dual stack,CGN Solution,Router based platform,can be deployed pluggable cards or standalonedevicesScalability(number of tunnels,and sessions)Resiliency(1:1,1+1,N:1,Load balancing),Access Node MA5600T series,Support for dual stack operation in both bridged and routed mode,Huawei Confidential,Mature commercial deploymentHUAWEI TECHNOLOGIES CO.,LTD.,Huawei CGN&BNG HighlightsCGN highlights Centralized or distributed deployment flexibility Integrated CGN card in NE80E/NE40E/ME60 Industry leading load balancing,hot standby,reliabilityIPv6 BNG highlights Includes Industry leading features like BRASpool,5-level QoS,PPP/IPoE hot standby,40G/100G interfaces,value added serviceslike DPI,SBC,firewall,etc,Standalone CGN,IntegratedCGN card,ME60 X3,ME60-X8Page 14,ME60-X16,Thank you,