2. Jeff Schmidt- Technology Team Manager, Telstra Wireless
Network Engineering
Manager responsible for Wireless IPv6 deployment and
Wireless Mobile IP Edge/Core Architecture
Introduction
Instructional Slide
3. 1. Why IPv6?
2. Business and Technical considerations
3. Network Architectures
4. Addressing and Subnetting
5. Deployment Model
6. Our Experience
7. Q&A
Agenda
5. Traffic growth and device per person
Network readiness for new technologies:
• Internet-of-Things
• VoLTE/IMS
• ViLTE
• Management and Backhaul
IPv4 public/private address depletion
Reduction in network inefficiencies
Why IPv6?
10. Continual investment to
extend IPv4 resources vs IPv6
to future proof our network
Business and Technical Considerations
NAT
IoT
$
$
or
11. As IPv4 addresses deplete, it will be more expensive to extend IPv4 resources
Dual-Stack is an effective transition technology but does not solve the IPv4 depletion
problem
Introducing IPv6:
- Reduced dependency on NAT
- Remove the need for regionalisation
- Pushes applications to move to IPv6
Business and Technical Considerations
13. • CGN performs NAT/PAT 44 and NAT/PAT 64
PAT substantially reduces Public and Private IPv4 address
demand, but does not prevent IPv4 address depletion.
IPv6 Implementation
Centralised CGN
Internet
IP Core / Edge
Internet
CGNAT BR
Region 1
Region 2
NAT/PAT 44
Private IPv4 to Public IPv4
CGNAT BR
NAT/PAT 64
Public IPv6 to Public IPv4
Backhaul
EPG
Backhaul
EPG
14. IPv6 Implementation
Traffic Flow
IPv4 Public Internet
Carrier Network
(IPv4 + IPv6)
IPv6 Public InternetIBR
NAT64
Public IPv6 to Public IPv4
Native IPv6
Radio Network
(IPv4 transport)
EPG
Single – Bearer
IPv6 only user plane
IPv6
16. Running a Single APN
InternetRadio Network Carrier Network
IPv4
eNodeB
GGSN/EPG
IPv4v6
APN
IPv4v6
IPv6
IBR
NAT44 / NAT64
DNS-DS
Create a single real APN that supports both DS and SS
17. IPv6 Implementation
Security
IPv4 Public Internet
Carrier Network
(IPv4 + IPv6)
IPv6 Public InternetCGNAT BR
NAT44/64 Translation
Stateful firewall
Untrust to Trust
Block all traffic originating from
internet
Trust to Untrust
Allow all traffic
Radio Network
(IPv4 transport)
EPG
Firewall Application
IPv6
IPv6 Native
Stateful firewall
Untrust to Trust
Block all traffic originating from
Internet
Trust to Untrust
Allow all traffic originating from IPv6
handset ranges only
Allow DNS traffic
Block all infrastructure ranges
Block all VoLTE ranges
APN ACL
Advertise only handset ranges to
Carrier Network
Block traffic with IP ranges not
configured on the EPG
18. As the CGNAT service is removed from the network wireless devices will
be exposed to unsolicited traffic from the Internet ie native IPv6
Wireless customers are more sensitive billing anomalies due to
unsolicited traffic
A simple firewall service blocking unsolicited traffic is required
The same firewall service will ensure wireless core infrastructure is
unreachable from the internet
Security
23. 3GPP currently dictates each UE to receive a /64
Future releases may require a /60 with DHCP-PD for single APN tethering
4x /44 per APN per EPG = 4M prefixes
You will probably also need a similar range for VoLTE APNs
KEY: make sure it is a structured subnetting schema so it is consistent
nationally and across the entire organisation.
Addressing and Subnetting
24. Infrastructure Addressing:
/64 per VLAN – Keep it simple!
Private or Public – but remember to use a firewall and policies to avoid
advertising the infrastructure out to the internet!
NAT is not a security feature!
Addressing and Subnetting
26. SP1 SP2 / SP3 SP4
Dual-Stack SS+NAT64+DNS64+CLAT SS/DS+NAT64+DNS-HD+CLAT
1. Every carrier will have a unique set of circumstances that dictates which
transition method they will use. There is no standard way of doing this.
2. You must determine which is the best method for your network.
In any method, remember to ensure you have a long-term strategy for the
eventual deployment of native Single Stack IPv6!
Carrier Examples
27. Two existing APNs – one for Handsets, one for Mobile Broadband and Tethering
or
464XLAT + NAT64 + DNS64 for the Handset APN only
IPv6 enabled DNS for all other APNs
Different APNs for different purposes
Telstra.WAP
Telstra.Internet
NAT64/
DNS64
464XLAT Internet
DNS-DS/
NAT44
Internet
28. HSS Configuration
PDP Context id = IPv4v6
MME Configuration
DAF = set
EPG Configuration
PDPTYPE = IPv4v6
EPG will then also have the following as a minimum within each APN:
-IPv6 Handset Range
-IPv4 Handset Range
-2x IPv4 DNS Name Servers, 2x IPv6 DNS Name Servers
Packet Core Configuration
29. Android 4.3+ supports 464XLAT. We recommend using anything that is
4.4.4+ or 5.1+
Depending on your setup, either PDP selection is based on the UE or the
Network.
International Roaming over IPv6 works today! But we recommend the APN
Roaming Protocol to be set to IPv4 only for the next two years.
UE Requirements and Settings
30. • Informed Front of House and provided training, as well as Enterprise
support and sales personnel
• Updated internal Knowledge Base
• Briefed Operations and provided training
• Created moderated forum with official details on the network change
• Provided direct email contact to Telstra Engineering
• Contacted the technical community via mailing lists and public forums
before launch
Launch Considerations
32. iPad Dual-Stack Carrier Settings
Significant IPv6 takeup on iPads since carrier update was made
available with Dual-Stack.
Update made via iOS patch. Users are not immediately aware IPv6 is
available on their iPads. Transparent migration.
IPv6 take up occurs when iPads are patched to the latest version
Single Stack will come later this year
Our Experience
33. Use DNS64 as a migration step from dual stack to single stack
Dual stack devices without DNS64 are least impacted with a migration towards single stack as
applications will continue to use IPv4
Enabling DNS64 will extend IPv6 usage for the devices and can be disabled easily if customers
applications are impacted
The number applications, protocols and specific implementations continues to make a
migration to IPv6 single stack a challenge
Check NGP / SMP behaviour
Our Experience
34. Tethered devices to remain on DS APN for time being
Ensure all internal services IPv6 enabled
464xlat – is it still required ? H323 breaks but is it required ?
Corporate VPNs are a challenge due to range of solutions and specific implementations
Test via test APNs
Our Experience
35. Our Experience
Step
increases in
IPv6 address
usage as
device types
move to
IPv6 ie iPad
dual stack
01/07/16
01/08/16
01/09/16
01/10/16
01/11/16
01/12/16
01/01/17
01/02/17
01/03/17
01/04/17
01/05/17
01/06/17
01/07/17
01/08/17
01/09/17
01/10/17
NSW QLD SA VIC WA Total
telstra.wap - IPv6 Usage
37. Mail services failing ie smtp
IPv6 smtp packets not leaving PGW, IPv4 service works – PGW bug ?
Bugs relating to IPv6 are becoming less common
Our Experience
38. APN can control IPv4, IPv6 or dual stack services
Some wireless devices restrict the use of APNs to control access to
services ie wholesale products, corporate access
Ensure device testing validates access to various differentiated services
from various device types, don’t assume APN control is available
through device
Our Experience
39. APN – IPv4v6, HLR/HSS – IPv4v6
Legacy devices configured with IPv4 only are not impacted
New devices configured with IPv4v6 obtains both addresses and is currently
growing significantly
Existing devices configured with IPv6 only obtains IPv6 only
CGNAT
NAT64 ALGs: ftp, sip, pptp, rtsp, h323
BYO device and existing services
40. Some applications fail with IPv6 – even with 464XLAT. Routing issues?
VPNs are a real problem – but is it a carrier problem or an application /
server problem?
HTTP / HTTPS works very well
SSH is not a major problem
IPv6 is faster in some cases – smaller BGP table, no NAT etc.
Major apps work very well – especially from the major content providers
IPv4 vs IPv6
41. Device by device migration via carrier configuration
Test APN, internal trials
Dual stack on a single device type
Turn on DNS64
Single stack on a less common device ie android device type x
Tethering APN last as there less control over applications and OS
running on tethered devices
Migration Strategy to get to IPv6 single stack
42. Engage the community early so they know what’s coming. They will appreciate you are still developing
and they will want to be part of the journey!
We receive support email through our contact points and reply as soon as possible. Don’t keep your
customers waiting
Skip the red tape – let customers engage engineering directly
Keep management happy! Report SIO and bandwidth usage!
Customer Support