WHITE PAPER

915-0123-01 Rev. D, January 2016www.ixiacom.com

Best Practices forDeploying IPv6 over Broadband Access

2

3

Table of ContentsIntroduction ................................................................................................. 4

IPv6 Solutions for Broadband Access......................................................... 4

Translation ................................................................................................... 5

Tunneling ..................................................................................................... 5

Dual-Stack Lite (DS-Lite) ............................................................................ 5

IPv6 Rapid Deployment (6rd) ...................................................................... 6

Dual-Stack ................................................................................................... 8

How Dual-Stack PPP works ....................................................................... 8

Test Requirements ....................................................................................... 9

Testing Tunneling ......................................................................................... 9

Testing Dual-Stack PPP ............................................................................. 11

Conclusion ..................................................................................................12

4

IntroductionService Providers: The IPv6 Bell Tolls for Thee! After more than a decade of forewarning, the IPv4 to IPv6 transition has finally reached critical mass. On February 1, 2011, the Internet Assigned Numbers Authority (IANA) allocated the last freely-available block of IPv4 addresses. At the same time, the number of users and “endpoints” requiring Internet access, and thus a unique IP address, continues to explode. With broadband deployments achieving global exponential growth, next-generation wireless rollouts on the horizon, and smart-phone use escalating, it is expected that there will be an increase of 5 billion unique endpoints between 2010 and 2015. Service providers are challenged to prepare their networks for the influx of IPv6 addresses.

As exemplified by Google’s support of IPv6 on its search, news, docs, maps, and YouTube, the Internet is already rich with IPv6 content and services; but IPv4 won’t just vanish as IPv6 comes on board. This creates a challenging situation for service providers, who must upgrade their network infrastructures to handle IPv4 and IPv6 co-existence.

While network cores are well-equipped to handle both IPv4 and IPv6, broadband access networks are not. IPv4 and IPv6 co-existence stresses the underlying network systems, which can introduce latency, degrade network responsiveness, and compromise service-level agreements (SLAs). The biggest transition concern is its impact on customers – will introducing IPv6 endpoints, forwarding tables, and services affect connectivity speed, service quality, and network reliability?

With fierce industry competitiveness over customer retention, service providers need assurance of a seamless IPv6 transition – at least from the customer perspective. To proactively address customer-impacting problems, service providers need a quick and reliable test solution that enables them to predict the effect of the IPv6 transition on their broadband access network.

IPv6 Solutions for Broadband AccessAn abrupt transition of the legacy IPv4 infrastructure to IPv6 is not practical because most Internet services are still based on IPv4 and many customers still run operating systems that do not fully support IPv6. Service providers must support both IPv4 and IPv6 endpoints and services to guarantee the quality of service (QoS) defined in their SLAs.

There are different methods used to achieve this goal across broadband access networks including:

• Translation

• Tunneling (includes dual-stack lite and IPv6 rapid deployment)

• Dual-stack

After more than a decade of

forewarning, the IPv4 to IPv6

transition has finally reached critical

mass. On February 1, 2011, the Internet Assigned Numbers

Authority (IANA) allocated the last

freely-available block of IPv4

addresses.

5

While service providers aim to capitalize on the benefits of quickly embracing IPv6, they must also contain the costs of doing so and ensure uninterrupted IPv4 support.

TranslationThe easiest way to conserve the depleting IPv4 address space is to use translation so that the outward-facing interface uses a public interface while the private network uses IP addresses that are not routed on the Internet. However, the known performance and scalability issues compel most service providers to deploy either tunneling or dual-stack transition mechanisms in broadband access networks.

TunnelingTunneling mechanisms are used to tunnel IPv6 island traffic over IPv4 networks and vice versa. The two tunneling schemes currently receiving significant industry attention are:

• Dual-stack Lite

• IPv6 rapid deployment

Dual-Stack Lite (DS-Lite)While service providers aim to capitalize on the benefits of quickly embracing IPv6, they must also contain the costs of doing so and ensure uninterrupted IPv4 support. With DS-Lite, broadband service providers handle IPv4 addresses using IP in IP (IPv4-in-IPv6) tunneling and Network Address Translation (NAT). DS-Lite simplifies the IPv4/IPv6 transition by de-coupling IPv6 deployment in the service provider network from the rest of the Internet.

How DS-Lite works

DS-Lite uses IPv6-only links between the provider and the customer. The DS-Lite home gateway is provisioned with an IPv6 address on its WAN interface. At the LAN-side interface, it operates its own DHCPv4 server, handing out RFC1918 private addresses to home devices. There is no NAT service on the customer premise equipment (CPE) device, such as a home gateway. The NAT service is located on a carrier-grade NAT device in the provider’s network, which is also a tunnel terminator for the Pv4-in-IPv6 tunnel.

The IPv4 packet from the home device to an external destination is encapsulated in an IPv6 packet by the DS-Lite home gateway and transported into the provider network. The packet is decapsulated at the carrier-grade NAT device (CGN), also referred to as an Address Family Translation Router (AFTR) and NAT44 is performed to map the home device’s private IPv4 address to a public IPv4 address. The IPv6 tunnel source address is added to the NAT table, along with an IPv4 source address and port, to both disambiguate the customer private address and provide the reference for the tunnel endpoint. If a home device needs to access an IPv6 service, it is transported “as-is” and routed to an Internet server.

With DS-Lite technology, the communications between end-nodes stay within their address family without requiring protocol family translation. If a home device needs to access an IPv6 service, it is transported “as-is” and routed to an Internet server.

6

There are multiple advantages of DS-Lite over using NAT cascading:

Tunneling IPv4 over IPv6 is far simpler than translation so it performs much better than NAT464.

The deployment of IPv6 in the service provider network is decoupled and independent of the customers migrating to IPv6. If customer equipment is IPv6-aware, the packets simply follow the IPv6 routing to reach the destination, and no tunneling is performed.

Increased traffic load is handled by adding more AFTR elements in the service provider network, providing flexibility to adapt to changing traffic load.

IPv6 Rapid Deployment (6rd)In order to quickly offer end-to-end IPv6 service, providers use 6rd to encapsulate IPv6 traffic in IPv4 headers, and tunnel home users’ IPv6 traffic through the IPv4 network to IPv6 internet service. This tunnel is terminated by an edge router on the service provider network and native IPv6 packets are then transmitted to the IPv6-capable Internet. This allows for rapid introduction of IPv6 services in provider networks as they transition from IPv4 to IPv6. This approach minimizes deployment costs because it only requires upgrades to the routers at the customer edge (CE routers) to support 6rd and additional border routers (BR) that terminate the tunnel. The service provider can operate one or several BRs at its border between its IPv4 infrastructure and the IPv6 Internet depending on the number of IPv6 hosts it has to support and the capacity of a single BR.

How 6rd works

6rd relies on IPv4 and is designed to deliver production-quality IPv6 alongside IPv4 with as little change to IPv4 networking and operation as possible.A 6rd domain consists of:

To quickly offer end-to-end IPv6

service, providers use 6rd to

encapsulate IPv6 traffic in IPv4

headers, and tunnel home users’ IPv6

traffic through the IPv4 network

to IPv6 internet service.

CGN/AFTR:

• Builds NAT table (maps IPv4/IPv6)

• Terminates IPv4-in-IPv6 tunnel

• Encapsulates IPv4 packet in IPv6 tunnel

DS-Lite Home Gateway:

• Uses IPv6 address WAN interfaces

• Operates DHCPv4 server on LAN interfaces

• Encapsulates IPv4 packet in IPv6 going to network

• Decapsulates IPv6 packet coming from network

Figure 1: How DS-Lite Works

7

An IPv6 prefix, called a ‘6rd prefix’, is selected by the service provider for use by a 6rd domain.

• 6rd CE routers, also referred to as Residential Gateways (RGs) or Customer Premises Equipment (CPE). A 6rd CE router functions as a customer edge in a 6rd deployment and is the initiator of the 6rd tunnel

• One or more 6rd BRs. A 6rd-enabled router is managed by the service provider at the edge of a 6rd domain. The BR terminates the IPv4 tunnel and transmits native IPv6 into the IPv6 network.

The 6rd mechanism relies on an algorithmic mapping between the IPv6 addresses and IPv4 addresses that are assigned for use within the service provider network. An IPv6 prefix, called a ‘6rd prefix’, is selected by the service provider for use by a 6rd domain. There is exactly one 6rd prefix for a given 6rd domain. A service provider may deploy 6rd with a single 6rd domain or multiple 6rd domains. A 6rd CE-calculated IPv6 prefix, called the ‘6rd delegated prefix’ is used within the customer site. The 6rd delegated prefix is achieved by combining the 6rd prefix and CE IPv4 address as shown in figure 2.

The above address mapping allows for automatic determination of IPv4 tunnel endpoints from IPv6 prefixes, allowing stateless operation of 6rd. The 6rd CE either includes the 6rd delegated prefix in its router advertisement out of its LAN-side interface (so each home device can auto-configure its IPv6 address), or runs a DHCPv6 server to assign IPv6 addresses from a 6rd-delegated prefix to home devices. The IPv6 packet is encapsulated inside IPv4 by a 6rd CE and follows the IPv4 routing topology within the service provider network among CEs and BRs.

6rd CPE:

• Encapsulates IPv6 traffic in IPv4 going to BRs

• Decapsulates IPv4 traffic coming from BRs

• Advertises 6rd-delegated prefix or runs DHCPv6 server to assign IPv6 to home devices

6rd BR:

• Encapsulates IPv6 traffic from IPv6 Internet server in IPv4 tunnel and delivers to 6rd CE

• Decapsulates IPv4 traffic from 6rd CE and delivers to IPv6 Internet server

Figure 2: ISP Architecture to Deploy IPv6 with 6rd (Source: http://tools.ietf.org/html/draft-despres-6rd-03)

Figure 3: 6rd Delegated Prefix

8

Dual-StackMany service providers plan to deploy dual-stack networks as a long-term strategy, supporting a mixture of IPv4 and IPv6 applications for customers that require both protocols. Dual-stack-capable devices support both IPv4 and IPv6, from the network layer to the applications. Applications choose to use either IPv4 or IPv6 based on the type of IP traffic and particular requirements of the communication. Dual-stack deployments are more costly and time-intensive to deploy than tunneling technologies, since all devices in the network require a software upgrade (at a minimum) to support both IPv4 and IPv6 protocol stacks and forwarding tables.

One important dual-stack technology for DSL networks is dual-stack PPP.

How Dual-Stack PPP worksDual-stack PPP resolves IPv4/IPv6 compatibility issues and facilitates transition to IPv6 by enabling IPv6/IPv4 nodes to send and receive both IPv4 and IPv6 packets. Each individual PPP session results in getting both an IPv4 address and an IPv6 prefix that are used to assign addresses to IP devices at the customer site.

The CPE supports formation of IPv4CP and IPv6CP over the same logical PPP LCP session and allows the end hosts to get IPv6 addresses. Using dual-stack PPP, the user’s

CE device can support IPv4 and IPv6 connectivity over a single PPP link, while keeping IPv6 and IPv4 connectivity independent from each other.

Dual-stack PPP over L2TP is a specialized case of dual-stack PPP, wherein the L2TP access concentrator (LAC) and L2TP network server (LNS) tunnel dual-stack PPP sessions. The result for the end user is still an IPv6 address, but dual-stack PPP over L2TP replicates PPP over an L2TP network.

Dual-stack PPP supports the use of DHCPv6 to get broadband subscribers their IPv6 addressing and other networking configuration information directly from the provider edge (PE).

Many service providers plan to deploy dual-stack

networks as a long-term strategy,

supporting a mixture of IPv4 and

IPv6 applications for customers

that require both protocols.

Figure 4: Dual-Stack PPP Implementation

9

It is important to measure the functionality and performance of tunneling mechanisms on network equipment prior to deployment of DS-Lite and 6rd.

Test RequirementsIt is important to measure the functionality and performance of tunneling mechanisms on network equipment prior to deployment of DS-Lite and 6rd. To offer customers a seamless IPv6 transition, service providers must ensure services can be delivered with requisite quality guarantees. Network design and configuration requires protocol and traffic stress-testing to identify the scalability limits of each device.

It is equally important to validate interoperability of the different network devices, especially given the compatibility risks between IPv4 and IPv6 devices. Test equipment plays a critical role in this validation as it enables reliable, repeatable measurements across network devices.

Testing Tunneling

Figures 5 and 6 show how test equipment is used to emulate the customer premises and home devices, as well as the Internet services, surrounding each broadband network device under test (DUT). This allows service providers to test network equipment under real-world scenarios without the time and expense of building extensive test beds of real equipment.

Emulated Home Devices

EmulatedCPE

Carrier gradeNAT devices

Emulated Internet Services

(Web Server)

HTTP

NAT IPv4DUT

IPv6

IPv4

Ixia Port Ixia Port

Figure 5: Test Equipment Emulates Customer Network and Internet Services to Test DS-Lite Implementation

10

As shown in Table 1 and 2, test equipment can validate key measurements for device functionality, forwarding performance, and application performance, allowing comparative analysis between different network hardware and tunneling implementations (i.e., DS-Lite vs. 6rd).

Below are summaries of key DS-Lite and 6rd test requirements.

Ixia Port Ixia Port

EmulatedHome Devices

EmulatedCPE

6rd BorderRelay

EmulatedInternet Services

(Web Server)

HTTP

6rdBR

IPv4

IPv6

Figure 6: Test Equipment Emulates Customer Network and Internet Services to Test 6rd Implementation

Table 1: DS-Lite Test Measurements

11

For dual-stack network deployments, supporting and scaling both IPv6 and IPv4 versions of each protocol can be process-intensive for infrastructure equipment.

Testing Dual-Stack PPPFor dual-stack network deployments, supporting and scaling both IPv6 and IPv4 versions of each protocol can be process-intensive for infrastructure equipment. It is imperative to verify that the device under test (DUT) can successfully complete the protocol negotiations, setup sessions at a high rate, and scale clients and traffic.

Figure 7 shows how test equipment is used to stress Dual-Stack PPP implementations by emulating DHCP clients, network servers, and access controllers.

Test equipment is used to emulate clients and servers surrounding the dual-stack DUT. Test equipment must:

• Simulate different clients types

• Emulate both IPv4 and IPv6 protocol stacks

• Generate both IPv4 and IPv6 traffic

• Test a variety of device types (BNGs, BRAS, LAC, LNS, etc.)

• Key dual-stack test requirements include:

Table 2: 6rd Test Measurements

Figure 7: Test Setup for Dual-Stack PPP

12

Real-world and worst-case pre-

deployment testing will play a critical role in mitigating

any risk to service reliability,

scalability, and quality.

ConclusionWith IPv4 address depletion, IPv6 applications and endpoints will soon become ubiquitous across networks from end to end. 2011 will be a year of significant access-network upgrades to support IPv6 and the dual-stack technologies required for IPv6 services. To ensure this evolution is transparent to subscribers, service providers and network equipment vendors must demonstrate that the network infrastructure equipment is ready for IPv4/IPv6 co-existence.

Real-world and worst-case pre-deployment testing will play a critical role in mitigating any risk to service reliability, scalability, and quality. Comparative metrics between network equipment will also enable service providers to maximize their investment in new and upgraded infrastructure, and best optimize network configurations.

13

WHITE PAPER

Ixia Worldwide Headquarters26601 Agoura Rd.Calabasas, CA 91302

(Toll Free North America)1.877.367.4942

(Outside North America)+1.818.871.1800(Fax) 818.871.1805www.ixiacom.com

Ixia European HeadquartersIxia Technologies Europe LtdClarion House, Norreys DriveMaidenhead SL6 4FLUnited Kingdom

Sales +44 1628 408750(Fax) +44 1628 639916

Ixia Asia Pacifi c Headquarters101 Thomson Road,#29-04/05 United Square, Singapore 307591

Sales +65.6332.0125Fax +65.6332.0127

915-0123-01 Rev. D, January 2016