Summit 16: IPv6 in DT's TeraStream

IPv6 in TerastreamAxel Clauberg, @aclauberg

Building a new network, Do we still need aNY of that?

8-MAR-2016© Deutsche Telekom AG, 2016 2

MPL

S

ATMSDH

OTNPPPoE

MPLS FR

R

MPL

S-TE

GM

PLSIPv4

MPL

S-TP

END TO END OPTIMIZATIONThe Power of IPv6

8-MAR-2016 3© Deutsche Telekom AG, 2016

Customer Access Aggregation

R1

R2

CoreService Production Peering

IP&Optical

Infrastructure Cloud


Mobile

Ethernet

xDSL

FTTH

IPv6

IPv4 Lightweight 4o6 - Softwire IPv4Non-IP – MEF OAM Keyed IPv6 tunnel

INFRASTRUCTURE CLOUDNETWORK FUNCTION CLOUDIFICATION

4

Network Services (DNS, DHCP)

vBRAS

Apps

ContentIMS

Mobile Core & Services

Self-Provisioning

SoftwireIPv4Business

VPN Services

Video

Network I/O Optimized

Full Automation

8-MAR-2016© Deutsche Telekom AG, 2016

TERASTREAM PILOT HRVATSKI TELEKOM – DEC 2012


TERASTREAM PILOT GERMANY – SEP 2014


SERVICE DIFFERENTIATION BASED ON ADDRESSESUSING IPv6 ADDRESS SPACE AS LABELS

7

Provider User - HostUser Subnet

56 8 64

Network Structure bits ServicebitsRegistry/IANA assigned

P Public 0=SP-intern, 1=externI Infrastructure 0=end user, 1=infrastructure packetE Endpoint/Service 0=endpoint, 1=serviceSSS Service Type 0=res, 1=internet, 4=video, 5=L2, 6=voice, 7=mgmtM 0=fixed, 1=mobile endpoint

Examples: Source DestinationPIESSS PIESSS

-------------------------------------------------------------------------------User -> IMS 000110 011110IMS -> User 011110 000110User -> User (best effort) X00001 X00001User -> Internet (best effort)100001 XXXXXXInternet -> User (best effort)XXXXXX 100001Lan-Lan service 010101 010101

© Deutsche Telekom AG, 2016 8-MAR-2016

IPv4 AS A SERVICE – LIGHTWEIGHT 4o6 SOFTWIRES


R1 R2

Home Network

v4 host

v4 Internet

v6


v4

IPv4 in IPv6 Softwire Tunnel

lwB4 (Port restricted NAPT44)

CPE or other

device

lwAFTRPerforms ingress routing based

on DSTv4 ADDR+DST L4 port

Initial approach

• The Croatian pilot started using OpenStack Folsom, later Grizzly.

• The German pilot started using IceHouse.

• Running IPv6-only meant: Dirty Hacks requiredNot all OpenStack services could use IPv6 for communication between themselves.IPv6 address assignment to virtual machines was nearly impossible in combination with L2 plugin. Many things didn’t work properly.IPv6 only environment was not possible since VMs cannot be bootstrapped with nova-metadata server since there is only IPv4 defined for nova-metadata server (aka 169.254.169.254).TeraStream specific network layout (each VLAN on each port on each machine would have different IPv6 subnet) cannot be supported.Security features (IP address anti-spoofing etc.) were not working properly using TeraStream network design and Neutron L2 plugin.Unable to configure multiple IPv6 addresses for VMs, including proper routes

• Hacks lead straight to difficulties in maintaining the environment…


Which parts would be solved in Mitaka today?

• OpenStack services are now able to work in IPv6 only environment, although some hick-ups are expected.

• IPv6 address assignment to VMs should generally work, but unfortunately only some ways of IPv6 (auto)configuration are possible.

• IPv6 only VMs still cannot use nova-metadata server

• Neutron now has IPAM plugin, so TeraStream specific network setup should be feasible (since Kilo/Liberty).

• Security features should generally work (IP address anti-spoofing etc.) and should support flexible network setup (as TeraStream network design), if used with Neutron IPAM plugin.

• Still unable to configure multiple IPv6 addresses for VMs, including proper routes


How did we solve our problem?

• The TeraStream services did not require a full blown OpenStackOnly build for Router-like functions, running in an exposed host domain

• We moved to a Container and KVM-based approach, optimized around the Snabb Switch, integrated with our YANG-based Realtime Network and Service Management.

• Our production roll-out in our Pan-European network uses a different approach.


Thank You !

Technology

Summit 16: IPv6 in DT's TeraStream