Post on 17-Mar-2020
Eric Vynckeevyncke@cisco.comDecember 2017
IPv6-Centric Networking
What is IPv6?
IPv6 in One Slide• IPv6 is IPv4 with larger addresses
• 128 bits vs. 32 bits
• Data-link layer unchanged: Ethernet, xDSL, …
• Transport layer unchanged: UDP, TCP, …
• Format:• x:x:x:x:x:x:x:x where x is 16 bits hexadecimal field
• 2001:0000:130F:0000:0000:09C0:876A:130B• Case insensitive
• Leading zeros in a field are optional:• 2001:0:130F:0:0:9C0:876A:130B
• Successive fields of 0 are represented as ::, but only once in an address:• 2001:0:130F::9C0:876A:130B• FF01:0:0:0:0:0:0:1 => FF01::1• 0:0:0:0:0:0:0:1 => ::1• 0:0:0:0:0:0:0:0 => ::
Address Representation
Provider Assigned (PA) Global UnicastAddresses
• Provider Aggregatable/Assigned Global Unicast addresses are:• Addresses for generic use of IPv6• Structured as a hierarchy to keep the aggregation
• Provider Independent (PI) also exists, same format but allow multi-homing
Interface IDGlobal Routing Prefix SLA
001
64 bits3 45 bits 16 bits
Provider Site Host
00 90 27 17 FC
0F
00 90 27 17 FC
0F
EUI-64
• EUI-64 address is formed by inserting "FFFE" and ORing a bit identifying the uniqueness of the MAC address
• MAC address is unique and stable => part of IPv6 can be used to identify a user L
• IETF may deprecate this use (under discussion)
00 90 27
02 90 27
17 FC
0F
17 FC
0FFF FE
FF FE
000000X0 Where X=1 = Unique0 = Not UniqueX = 1
Ethernet MAC Address (48 bits)
64-bit Version
Uniqueness of the MAC
EUI-64 Address
FF FE
IPv6 Privacy Extensions (RFC 4941)
• Temporary addresses for IPv6 host client application, e.g. web browser• Inhibit device/user tracking • Random 64 bit interface ID, then run Duplicate Address Detection
before using it• Rate of change based on local policy
• Enabled by default in Windows, Android, iOS 4.3, Mac OS/X 10.7
2001
/32 /48 /64/23
Interface ID
Link-Local
• Link-local addresses:• Have a limited scope of the link• Are automatically configured with the interface ID
Interface ID0
128 bits
1111 1110 10
FE80::/10
10 bits
64 bits
IPv4 and IPv6 Header Comparison
Version HL Type of
Service Total Length
Identification Flags Fragment Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options Padding
Version
Traffic Class Flow Label
Payload Length Next Header Hop Limit
Source Address
Destination Address
IPv4 Header IPv6 Header
Field’s Name Kept from IPv4 to IPv6Fields Not Kept in IPv6Name and Position Changed in IPv6New Field in IPv6
Extension Headers
§ Extension Headers Are Daisy Chained
§ Upper Layer Headers, must be last, following extension headers
ClassFlow6 Hop
Destination
VLen
Source
Upper Layer TCP Header
Payload
ClassFlow43 Hop
Destination
VLen
Source
Upper Layer UDP Header
Payload
Routing Header17
ClassFlow43 Hop
Destination
VLen
Source
Upper Layer TCP Header
Payload
Routing Header60
Destination Options6
More options...More difficult to parseÞ More bugsÞ More security issue
IPv6 Address Assignment• Lowest-order 64-bit field of unicast addresses may be assigned in several different
ways
Manually configured
Stateless configuration
Assigned via DHCP
Auto-generated pseudo-random number (RFC 4941)
DHCPv6 Request
DHCPv6 Reply
Router Solicitation
Router Announcement2
1 Router Solicitation
Router Announcement2
1
(/64 prefix, timers, etc…)
IPv6 Address = /64 prefix + EUI64 (e.g. MAC address) IPv6 Address = /64 prefix + Random 64 bits (rfc3041)
RS
RA2
1
4
3
IPv4
& IP
v6IP
v6 O
nly
Stateless Autoconfiguration
• Router solicitations are sent by booting nodes to request RAs for configuring the interfaces.
2. RA2. RA1. RS
2. RA:ICMP Type = 134
Src = Router Link-local AddressDst = All-nodes multicast addressData= options, prefix(es), lifetime, autoconfig flag (no managed flag)
1. RS:ICMP Type = 133
Src = ::Dst = All-Routers multicast Addressquery= please send RA
ICMP type = 136 (Neighbor Advertisement) Src = one B’s I/F address , Dst=A target = BOption = Target link-layer address (MACB)
NA
BA
data
Address Resolution protocol: resolveOperations: discover the MAC address of a given IP address
B MAC B REACH
MAC BICMP type = 135 (Neighbor Solicitation) Source = A, SLLA=MACADst = Solicited-node multicast address of B (SOLB)target = BQuery = what is B’s Link-Layer Address?
NS-lookup
Neighbor cache
B - INCMPL
A MACA PROBE Neighbor cache
13
Tunneling Services
Connect Islands of IPv6 or IPv4IPv4 over IPv6 IPv6 over IPv4
IPv6 Co-existence Techniques
Dual Stack
Recommended Enterprise Co-existence strategy
Translation Services
Connect to the IPv6 community
IPv4
IPv6
Business Partners
Internet consumers
Remote Workers
International Sites
Government Agencies
IPv6IPv4
Source Cisco Systems
Dual Stack• Both IPv4 and IPv6 stacks are enabled.
• Applications can talk to both.
• Choice of the IP version is based on name lookup and application preference.
IPv4 IPv6
HostnametoIPaddress
Arecord:www.abc.test.A192.168.30.1
IPv6 and DNS
AAAA record: www.abc.test AAAA 2001:db8:C18:1::2
IPaddresstohostname
PTRrecord:2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.c.0.8.b.d.0.1.0.0.2.ip6.arpaPTRwww.abc.test.
PTR record:1.30.168.192.in-addr.arpa. PTR www.abc.test.
Users in Dual-Stack Selecting IPv4 or IPv6
IPv4 Internet
IPv6
IPv4
Dual-Stack Serverwww.foo.com
IPv6 Internet
ISP DNS Server
1) www.foo.com?
2) IPv4 and IPv6 addresses of www.foo.com
3) Should I use IPv4 or IPv6 ???
Decision by the USER/INITIATOR:-RFC 6555: Happy Eyeball, try both and keep the fastest-RFC 6724: local policy, usually IPv6 is preferred
Content provider has no influence
IPv6 Deployment in 2017…
The IPv6 Triangle Relationship
Subscribers /Devices
NetworkContent
Worldwide IPv6 UsersThe “mother” of deployment measures
https://www.google.com/ipv6/statistics.html
Doubling every 12 months...
Exponential growth
World-Wide Status: IPv6-enabled users
From Google: US=33%, Belgium=50%, Peru = 20%, Japan=21%
IPv6 Subscribers in Belgium in 2013
http://www.vyncke.org/ipv6status/compare.php?metric=p&countries=be based on Google data
Jan 2014: Partial deployment at Telenet
Jan 2013: Partial deployment at VOO
Jun 2013: Full deployment at VOO
Oct 2013: deployment at Belgacom (new Bbox 3)
BELNET & EDPnet
Worldwide Ranking...
http://www.stateoftheinternet.com/trends-visualizations-ipv6-adoption-ipv4-exhaustion-global-heat-map-network-country-growth-data.html
https://labs.apnic.net/ipv6-measurement/Economies/BE/
How much faster is IPv6 than IPv4 for Facebook mobile users?
Faster Slower
Source: Paul Saab, Facebook (@scale conference and IPv6 World Confgress)
v4
Time to HTTP GET completion
Exciting New
IPv6 Centric Innovations
BRK
Multiple IPv6 Prefixes
Multiple IPv6 Prefixes – ISP Selection
ISP A
ISP B
DHCPv6-PD A
DHCPv6-PD B ServiceB
Service A
Multiple IPv6 Prefixes – Service Selection
HNCPsrc addr = B
src addr = A
A
B
app
“Source + Destination IPv6 Routing”
Yes, that’s right. Choose your source address, I’ll make sure packets go down the right path.
“So, the source address I select affects the path and associated policy throughout the network?”
Yikes! What do I do! I’ve never asked the user for this kind of information before!
BRK 28
Credit: Gert Doering, SpaceNet AG, Munich, Germany
IPv6 Multiprefix Application Integration
BRK29
A New, Evolutive API and Transport-Layer Architecture for the Internet: https://www.neat-project.org/
European H-2020 project - 7M€10 partners (Cisco, Mozilla, EMC, Celerway…)
Provisioning Domain (information about a prefix) via DNS draft-stenberg-mif-mpvd-dns-00Integration to NEAT code: https://github.com/NEAT-project/neat/pull/80
Wednesday, June 29: plenary session in OsloIPv6 Multiprefix NEAT Integration
Asking the user to choose with relevant criteria and
simple UI
6CN Network Native Content Propagation
… at Infinite ScaleIPv6 Content Networking
• Dynamic Adaptive Streaming over HTTP (DASH)• A media presentation description (MPD also known as 'manifest')
describes segment information (timing, URL, media characteristics like video resolution and bit rates
Video Distribution: MPEG DASH (refresh)
<?xml version="1.0"?><MPD …><AdaptationSet segmentAlignment="true" bitstreamSwitching="true" maxWidth="1280" maxHeight="720" maxFrameRate="25" par="16:9" lang="und">
<Representation id="1" mimeType="video/mp4" codecs="avc3.640032" width="1280" height="720" frameRate="25" sar="1:1" startWithSAP="1" bandwidth="3125554">
<SegmentList timescale="12800" duration="25600"><SegmentURL media="ts_Fly2015.m4v_4500000_track1_1.m4s"/>
…</SegmentList>
</Representation><Representation id="2" mimeType="video/mp4" codecs="avc3.64001f" width="640" height="360" frameRate="25"
sar="1:1" startWithSAP="1" bandwidth="1158864"><SegmentList timescale="12800" duration="25600"><SegmentURL media="ts_Fly2015.m4v_1200000_track1_1.m4s"/>…
Legacy MPD example
Video Distribution High Level System DesignEdge CacheDistribution
Mid-Tier Cache-Cluster
Geo-Redundant Origin for all Unicast
Geo-Redundant Mid-Tier Caches
On-net & Off-netManaged & Unmanaged
HTTP Unicast
HTTP Caching & Delivery for ABR Streaming
Virtualized Data Center Applications on OpenStack or VMWare
Dynamically Ingests HTTP content from Live and VOD Sources
Scales out delivery of Live, VOD, CDVR, PDL, Caching to Edge Servers
Intelligent traffic routingfor global networkclient redirection andload balancing
Caching on RequestPlayer 1
Edge-Cache Mid-Cache Origin
Player 2
MISS
MISS
HIT
HIT
GET /content.tsHost: edge
GET http://origin/content.ts
GET /content.tsHost: origin
The Universal Resource (Locator) Identifier
IPv6 increases this part by around 30 orders of magnitude.
6CN: Coding Content Description – Example of ipv6 address template
Fields Stream Type Service ID Content Descriptor Chunk Descriptor
Bits 2 12 2624
5 4 15
Comments
= 4 types
00 = linear01 = non-linear10 = UGC11 = corp.
= 4096 services per type
= 70+ millions per service
= 32 profiles
To combining appropriated AV formats and ABR qualities
=0 reserved value
= durationFrom 1 to 15s
=0 can be reserved for none, so a single (big) chunk/file
= chunk sequence number
Allows by iteration to (pre)-fetch/cache over the networkCombined with Duration, it references from 6 hours to 4 days per service/content. It also gives direct time stamps for trick modes
=0 can be reserved for the dash manifest
Fields Show/Serie ID Episode ID
Bits 16 10
Comment = 65000+ per service = 1000+ per show
Fields Source ID Movie ID
Bits 12 14
Comment = 4000+ per service = 16000+ per source
Fields #Day #Clock
Bits 15 11
Comment year/month/day minute in the day
Example of recommendation
IPV6 Routing prefix + subnet id Interface identifier
Bits 48 + 16 64
http://demo.6cn.solutions/nf/decode.php?addr=2604%3A1380%3A1000%3A86ed%3A4000%3A0%3A192%3A116CN Address Decoder here :
What’s inside an IPv6 Address?
<?xml version='1.0' encoding='UTF-8'?>
<MPD …>
<AdaptationSet bitstreamSwitching="true" lang="und" maxFrameRate="25" maxHeight="720" maxWidth="1280" par="16:9" segmentAlignment="true">
<Representation bandwidth="3125554" codecs="avc3.640032" frameRate="25" height="720" id="1" mimeType="video/mp4" sar="1:1" startWithSAP="1" width="1280">
<SegmentList duration="25600" timescale="12800">
<SegmentURL media="http://[2604:1380:1000:86ed:4000:0:1092:1]" />
<SegmentURL media="http://[2604:1380:1000:86ed:4000:0:1092:2]" />
…
IPv6-Centre MPD
Caching with IPv6 Address per chunkPlayer 1
Edge-Cache Mid-Cache Origin
Player 2
MISS
MISS
HIT
HIT
GET /Host: 2001:db8:cafe::...
GET http://[2001:db8:beef::..]/
GET /Host: 2001:db8:beef::
IPv6 IPv6UnchangedIPv4 and/or IPv6
Content-Aware Network Analytics
• Each object == unique IPv6 address• With hard-coded semantics: video profile, stream, content ID (~ title), duration, ...• Could be exposed by Content Provider even if encrypted• Network devices have a real-time unique sensor: NetFlow (= IPfix)
• Open standard (NBC-U already pushing in Streaming Video Alliance, planning approach with Comcast to RIPE and IETF)
• Can do aggregation• Location awareness
6CN turns network data (Netflow) into augmented Content data
Interpret Netflow Data in “Eyeball Minutes” or Bytes
http://demo.6cn.solutions/nf/index.php
28 minutes of HD video and
25 minutes of SD video
34 MB of HD video and 3 MB of SD Video
Demo here:
IPv6 in the Data Center
• In IPv4, one IP address per host, shared by all VM then shared by all containers…
• In IPv6, one IPv6 /64 per host and one IPv6 /128 per container
• Do we need ports in TCP or UDP anymore ?• It is routing within DC and no more layer-2 switching
• Increased stability• Increased security
Datacenter, VM and Containers
IPv6 Segment Routing
Routing beyond the network interface
IPv6
ContentServicesNetwork
IPv6 Segment RoutingStack of 128-bit Segment IDs within the IPv6 header
IPv6Source, S
Source SDest D
Payload
Dest, D
Source SDest D
Payload
IPv6 Segment Routing
Source, S Dest, DA CB
Source SDest D
Payload
IPv6 Segment Routing
Source, S
Segment D
Segment C
Segment B
Segment A
Source SDest D
Payload
Dest, DA CB
Can come from SDN Controller
IPv6 Segment Routing
Source, S
Segment D
Segment C
Segment B
Segment A
Source SDest A
Payload
Dest, DA CB
IPv6 Segment Routing
Source, S
Segment D
Segment C
Segment B
Segment A
Source SDest A
Payload
Dest, D
Segment D
Segment C
Segment B
Segment A
Source SDest B
Payload
A CB
IPv6 Segment Routing
Source, S
Segment D
Segment C
Segment B
Segment A
Source SDest A
Payload
Dest, D
Segment D
Segment C
Segment B
Segment A
Source SDest B
Payload
A C
Segment D
Segment C
Segment B
Segment A
Source SDest C
Payload
B
IPv6 Segment Routing
Source, S
Segment D
Segment C
Segment B
Segment A
Source SDest A
Payload
Dest, D
Segment D
Segment C
Segment B
Segment A
Source SDest B
Payload
A
Segment D
Segment C
Segment B
Segment A
Source SDest D
Payload
C
Segment D
Segment C
Segment B
Segment A
Source SDest C
Payload
B
IPv6 Segment Routing
Source, S
Segment D
Segment C
Segment B
Segment A
Source SDest A
Payload
Dest, D
Segment D
Segment C
Segment B
Segment A
Source SDest B
Payload
A
Segment D
Segment C
Segment B
Segment A
Source SDest D
Payload
C
Segment D
Segment C
Segment B
Segment A
Source SDest C
Payload
B
Segment D
Segment C
Segment B
Segment A
Source SDest D
Payload
Conclusion
• IPv6 is being deployed for 3 years, Belgium is leading• IPv6 is very similar to IPv4• BUT, brings
• Multiple addresses: one per video sequence, disk object, …• New header: segment routing
So what about IPv6?
First office in Brussels
10 employees
New campus in Diegem
3 buildings
Cisco acquires Scientific Atlanta
(ex Barconet) in Kortrijk
100 employees
Cisco Belgium: Our Journey
1993 1996 2001 2006
Cisco Belgium 600 employees
Diegem: 500 300 in Tech Assist
CenterThe highest certified Cisco technical support center in the world with over 65% CCIE certified engineers40 different nationalities
Kortrijk: 100video engineering
2000 man/years of video engineering experience12 Phd 80% adv. degree
Application Deadline
1st Round
Phone Interview
2nd Round
Video
3rd Round
Assessment Center
Start Program
Recruitment Process ASE (2) and ASR (2)
23/02/2018 2-9/03/2018 9-16/03/2018 16/03/201818/03/2018
29/07/2018
The world best Customer Service Experience
Multicultural Environment
Working at TACInnovation
Technical Services
Growth
Latest Technology
Excellence
Recruiting & Onboarding Timeline CSE (3)
Application Deadline1st Round
Phone Interview
2nd Round
Assessment Center
Start Program
4/03/2018 11-18/03/2018 9/04/2018 1/09/2017
How to connect with us:
• Cisco.com/careers
• All our roles are also posted on LinkedIn
• Find us on social media @WeAreCisco