IPv6 @ Swisscom
Martin Gysi, 9.5.2011
Senior Network Development Engineer, Swisscom
Public
The question „will IPv6 ever by widely deployed?“ is no
longer open.
The answer is a clear „yes“.
• Google, Facebook are accessible using IPv6
• Free.fr has 500‘000 IPv6-enabled customers (which makes it the
largest IPv6 ISP in the world)
• Most major Telcos have stated that they are now starting to deploy real
IPv6 services. Most will do so in 2011/2012
• And yes, IPv4 addresses will become scarce real soon… But that’s
another story…
2
The driver for IPv6 is the lack of IPv4 addresses.
But IPv6 does not solve the IPv4 address shortage
problem
• IPv6 is not compatible to IPv4. So IPv4 must continue to be operated
• IPv4 addresses can be saved by using them more efficiently, or by
deploying NAT inside the carrier‘s network (NAT44, CGN). Drives
complexity and costs  short term fix.
• IPv6 is not the short term solution. But in the long run it‘s the only way
to continue the Internet as we know it today.
IPv4 address depletion
Short term fix:
NAT44 deployment
Medium term strategy:
IPv6 migration
Action plan:
End-to-end
IPv6 deployment
• IPv6 does not replace IPv4, it‘s added in parallel to it  „Dual Stack“
3
Our IPv6 policy:
We enable our customers to access the IPv6
Internet, and we offer our services to the IPv6
Internet
• External communication (aka Internet) will need IPv6 first. Gartner
recommends that enterprises establish an IPv6 Internet presence no longer
than 2014.
• Internal networks and services can remain IPv4 on the longer term
• Swisscom is currently analyzing all its services, to identify the steps required
for introducing IPv6, and is working out a detailed roll-out plan
– Entire IT tool chain: order entry, service fulfillment and assurance, billing
– Network elements (routers, firewalls, load-balancers…) and platforms
– Regulatory aspects, such as lawful intercept
– Security, both from Swisscom’s and our customer’s point of view
– Product integration (part of the standard offering or option, …)
– Customer experience
– Impact on operations, training of staff
4
So, what are we doing right now?
IPv6 @ Swisscom
5
• IP-plus backbone is fully dual-stack, IP-plus business Internet access
is available with native IPv6.
• IPv6 in our mobile network. Works in the lab, are now expanding from
there into the IT systems (RADIUS, User Databases (HLR), Mobile
Proxy, Billing, etc.) and into the radio access network.
– The few handsets that support IPv6 cannot operate Dual Stack.
IPv6 only is not interesting for most people
– LTE Rel. 8 / 3G Rel. 9 defines a Dual Stack PDP context.
– Newest chipsets support PDPv4v6, so the handset situation will
improve.
• More labs for broadband access and datacenter environments. Gives
those engineers and sysadmins something to learn from!
• We’ll launch IPv6 for residential Internet access this year
What is required for an IPv6 Internet Access Service?
Complex infrastructure is barrier to cost-efficient IPv6
deployment. Legacy infrastructure cannot be upgraded easily.
End-to-end overview of Swisscom‘s Internet Access Service
IT Systems:
network
DHCP, RADIUS,
wholesale
LDAP
ADSL
VDSL
PPP
IPoE
IPoEoA
native Ethernet
L2 platform,
IPv6 not required, but
scalability issues
Route
Reflector:
Required IPv6
features
available
IT Systems: Various
user/service
databases
3P-PE
6VPE ready
L2 platform, IPv6
not required
Aggregation
SSG
IPv6 not
required
IPoE
Access
LNS
P Routers:
Ethernet over MPLS
BNG
L2 platform,
IPv6 not
required
IPv4/IPv6
dual stack
Required
IPv6
features
available
(6VPE)
MPLS VPN
FTTH
L2 platform,
IPv6 not
required
MPLS VPN
MPLS VPN
No IPv6
support in
used mode
of operation
retail
ATM
BRAS
L2 platform,
IPv6 not
required
6
ISG
Access Core
Edge
ISP connectivity
ISP core
Internet peering
Using 6RD, IPv6 Internet access is an incremental
upgrade.
Production-quality IPv6 Internet access at a fraction of the costs
7
IT Systems:
DHCP, RADIUS,
• No complex
upgrade of infrastructure,
wholesale
LDAP
leverage
IPv4
network
to
provide
ATM
IPv6 access. Simply... BRAS
ADSL
MPLS VPN
L2 platform,
IPv6 not
required
VDSL
native Ethernet
available
6RD CE
router
L2 platform,
IPv6 not required, but
scalability issues
3P-PE
6VPE ready
Ethernet over MPLS
IPoE
L2 platform,
IPv6 not
required
Access
Routers:
Swisscom PInternet
BNG
IPv6 not
Access Service
required
network (IPv4 only)
L2 platform, IPv6
not required
Aggregation
IPv4/IPv6
dual stack
Required
IPv6
features
available
(6VPE)
IPv4 access
network
Home network (dual stack)
IT Systems: Various
user/service
databases
LNS
6RD Border
Relay Zürich
SSG
MPLS VPN
native IPv6
home network
6RD Border
Relay
Lausanne
MPLS VPN
No IPv6
support in
used mode
of operation
FTTH
– Add IPv6 and 6RD support to
customer modems
L2 platform,
PPP
Route
IPv6 not
IPoE
Reflector:
–
Add
6RD
Border
Relays
to
dual-stack
required
IPoEoA
Required IPv6
portion of network
features
retail
ISG
AccessInternet
Core ISP
connectivity
ISP core
peering
(dual stack)
Edge
IPv6
Internet
Internet peering
6RD is a Stateless Tunnel Technology, Embedding the
CE’s IPv4 Address into the IPv6 Prefix.
IPv6 Rapid Deployment on IPv4 Infrastructures (RFC 5969)
Network
topology
native
IPv6
network
IPv6 address
format for 6RD
IPv4
network
native IPv6
network
6RD CE router
6RD Border Relay
send to preconfigured BR address
send to embedded CE address
IPv6 prefix is calculated from the IPv4 address
2A02:1200
0
85.5.7.171
Subnet ID
60
28
6RD prefix
Interface ID
64
subscriber subnetting
up to 32 bits of subscriber’s IPv4 address
IPv4 header &
encapsulated
IPv6 packet
(downstream)
8
IPv4 Header
IPv6 Header
IPv4 dest 85.5.7.171
copy
IPv6 Payload
6RD Border Relay
Implementation Details
9
• Cisco ASR1002-ESP10
 scales up to 10 Gb/s per box (tested)
• Using anycast IPv4 address, geographically distributed  scale by adding
more boxes
• Topology: “Router on a stick“
 No danger of black hole routing, as IPv4 and IPv6 interface status is
inherently coupled.
Router on a stick
Separate IPv4
and IPv6
interface
6RD Border Relay
IPv4 + IPv6
6RD Border Relay
OSPFv3
OSPFv2
OSPFv3
OSPFv2
IPv4
IPv6
Dual stack core
router
Link failure
propagated
on both
IGPs
IPv4
Link failure
not noticed in
IPv4 IGP (or
vice versa)
IPv6
6RD CPE Routers
Implementation Details
• Vendors: Motorola, ADB Broadband (formerly Pirelli
Broadband)
• 6RD parameters configured using TR-069
– Swisscom 6RD prefix and length (2a02:1200::/28)
– IPv4 bits suffix length (all 32 bits)
– 6rd Border Relay anycast IPv4 address
– Swisscom DNS servers
– IPv6 flag (enable/disable)
• IPv6 must be enabled by customer on “customer centre”
website (no other changes to IT/OSS tools)
• Third-party modems (AVM Fritz Box and others) work, but
need manual configuration
10
Implementation details
IT aspects
11
IT Systems
DNS
• Display IPv6 check box on “customer centre” website if router
supports IPv6, store IPv6 status in customer database
• Display IPv6 status to customer support, enable them to change
status
• Implement new TR069 parameters for 6RD
• No other changes! No address management, no provisioning, etc!
• Separate DNS (Google white-listed) that can stop handing out AAAA
records if problems with IPv6 should occur
• 6rd.swisscom.com
First deployment experiences:
expect to find problems with turning on IPv6
12
• 2011 – the year of the MTU? Make sure Path MTU Discovery works!
• 7600 with 6748 LAN card and IOS 12.2(22)SXF10: sets IPv6 MTU to
1486 Bytes (no matter what is configured)
• Motorola CPE (Beta version) does not do PTMUD at all…
• ASR-1k: ICMP Packet Too Big messages use final destination’s
address as source address (not local address)
• 7600 with 12.2(33)SRE3: Buffer leak when IPv6 is enabled. Requires
periodic reboot of the box.
Swisscom will launch IPv6 for residential
customers in 2011, using 6rd technology.
13
• 6RD changes the IPv6 “business case” from complex & expensive to
simple & cheap. There’s no excuse for not deploying IPv6 now!
• 6RD is simple, reliable, scalable technology
– Fast prototyping thanks to Linux implementation
– Vendors engineering/beta implementations quickly available, yet
(inter-) worked flawlessly
– Tested and proven scalability
• Large-scale pilot to be started in July 2011.
– If you are a Swisscom customer and
– have a “Centro” series router, then
– apply at swisscom.ipv6@swisscom.com
– Check out the “sneak preview” at http://labs.swisscom.com
14