Post on 24-Aug-2018
transcript
IPv6 Deployment Techniquesand Issues in the Middle East
Saudi Arabian IPv6 Task Force 5th of May 2016
Phase 0:Large Content Providers
Providing online services to consumers
Content providers
•Major content is available over IPv6• Google, Youtube, Facebook etc…
•This has already happened• Let’s move on
3
Phase 1:Access Providers
Providing internet access to consumers
Why do Internet Service Providers deploy IPv6?
• IPv4 addresses have run out• Buying more addresses is expensive • Need to let multiple customers share one address (CGN)
•CGN has its problems• CGN increases cost and lowers quality and reliability • Limits on customers-per-address ratio
• Ratio will go down + more users = still have to buy addresses • Cost of CGN will keep increasing over time
5
Why do Internet Service Providers deploy IPv6?
•Large content providers support IPv6• Google, Youtube, Facebook etc. • Deploy IPv6 leads to less pressure on CGN
• Which improves the customer-to-address ratio • The more services on IPv6, the lower the pressure
• IPv6 provides a way out from the ever increasing cost of IPv4
6
IPv6 is taking offBut not uniformly
KSA is leading in the region
KSA is leading in the regionBut it didn't happen overnight
Common issuesacross regions
•CPE issues• Legacy devices • Performance problems • Memory leaks in IPv6 code
10
Common issuesacross regions
•Management / provisioning issues• Integrating IPv6 provisioning (i.e. DHCPv6) • Adapting to the different way that IPv6 is used
11
Common issuesacross regions
•Support issues• Training help desk staff • Monitoring complexity • Expanding NOC toolset
12
RIPE-631:IPv6 Troubleshooting for ISP Help desks
•Most problems are not IPv6 related•Help desks can get confused!
• IPv6 is new for them • They don’t have experience with IPv6 issues
•A generic troubleshooting guide can help!• Based on the open source testipv6.com tool • Customisable
13
Issues specific to theMiddle East
•Security and filtering issues• Content Filtering platforms with IPv6 support • Many governments strongly oppose CGN
•Less (inter)national interconnects• High dependence on a few large internet providers • Smaller internet providers often don’t have any options • Less flexibility and performance because absence of
Internet Exchange Points
14
IPv6 deployment options
•NAT444• Dual-stack infrastructure, more difficult remove IPv4 later • Requires CGN, which is expensive
•DNS64/NAT64• IPv6 infrastructure, IPv4 completely removed from core • Requires CGN, which is expensive • First large scale deployments are in 3G/4G networks • But also getting used more in e.g. office networks
15
IPv6 deployment options
•MAP-E / MAP-T• IPv6 infrastructure, IPv4 becomes a service • No CGN, scalability and redundancy with lower cost
•DS-Lite• IPv6 infrastructure, IPv4 becomes a service • Requires CGN, which is expensive
16
Phase 2:Enterprises
Both user and online service provider
Why do Enterprisesdeploy IPv6?
• IPv4 CGN is causing problems• Many users share an address
• No Traceability: fraud detection will become harder • When attacked blocking one address causes huge outage
• Security measures become less efficient • IP-Geolocation stops working
• Will impact marketing strategy and regional sales • Can also impact e.g. fraud detection
18
Why do Enterprisesdeploy IPv6?
• IPv6 provides a way out• Every device has its own address • Granularity of security measures can be controlled • IPv6-Geolocation can restore quality of data
19
IPv6 for Enterpriseswill be the next step
• IPv6 Chain of deployment:• Content providers deliver over IPv6
• Access providers deploy IPv6 to reach content better
• Enterprises deploy IPv6 to maintain security and visibility
• Enterprises make use of IPv6 for VPNs, cloud etc…
20
IPv6 inside the enterprise
•Why IPv6 inside?• Being able to use, test and monitor your own services • Being able to use other IPv6 based services • Unique addresses prevent addressing conflicts
• Think about VPNs, cloud computing etc…
21
Issues specific to theMiddle East
•Low number of ISPs to buy service from• Less competition, less market pressure to deploy IPv6
•Some national internet filters are stateful• Connecting to multiple ISPs causes problems
22
Issues specific to theMiddle East
•Less (inter)national interconnects• High dependence on a few large internet providers • Enterprises often don’t have any options • Less flexibility and performance because absence of
Internet Exchange Points
23
ServiceProvider
InternetExchange
InternetExchange
ServiceProvider
ServiceProvider
ServiceProvider
ServiceProvider
ServiceProvider
HomePhone
Enterprise
EnterprisePhone
Phone
Home
Phone Phone
Phone
Phone
Home
Home
Home
Home
Home
Home
Enterprise EnterpriseEnterprise
Enterprise
Enterprise
Connectivity in EU/US/Etc.Enterprises connect to one or more ISPs and even to IXPs.
There is always an option to get good IPv6
ServiceProvider
ServiceProvider
ServiceProvider
Rest ofthe world
InternetFilter
InternetFilter
Home
Phone
Home
Enterprise
Enterprise
PhonePhone
Phone
Enterprise
Enterprise
Home
Home
PhonePhone
Phone
Phone
Enterprise
Connectivity in Middle EastMuch more hierarchical and higher dependency on a few ISPs.
Enterprises often depend on a single ISP
IPv6 deployment optionsfor providing online services
• IPv6 handling by the load-balancer• Simplest to deploy
•Dual-stack throughout the data centre• Most technically “clean” way to deploy, but lot of work
• IPv4 handling at the edge (SIIT-DC)• Make the data centre IPv6-only internally • Best option for greenfield deployments
26
IPv6 deployment optionsinside the enterprise
•Rough deployment order:• Internet connection → Core → Servers and workstations
•Some nice possibilities to get experience• Deploy “closed” systems
• Exchange server clusters already use IPv6 • Storage clusters like Ceph • Security camera network
• Deploy on less critical systems like guest Wi-Fi
27
RIPE-554:Requirements for IPv6 in ICT Equipment
•Best Current Practice describing what to ask for when requesting IPv6 Support•Useful for tenders and RFPs•Originated by the Slovenian Government•Adopted by various others (Germany,
Sweden, The Netherlands, …)
28
Remember the end goal!Why are we doing all of this?
The goal
•The end goal is to get rid of IPv4• It causes too many problems • It requires too many ever increasing investments • Maintaining two protocols is more expensive than one
• It’s a long way…• IPv4 can only disappear when everyone has IPv6 • The longer someone takes to deploy IPv6,
the higher the cost for everybody
30