130 likes | 306 Views
Problem Statement of China Telecom. Guoliang YANG yanggl@gsta.com. Problems and Challenges for China Telecom. Government. ICP. Network. Customer. 1. Address Pool Exhaustion. 2. Protocol Incompatibility. Predicted extinction date. Different protocol Packet format
E N D
Problem Statement of China Telecom Guoliang YANG yanggl@gsta.com
Problems and Challenges for China Telecom Government ICP Network Customer 1.Address Pool Exhaustion 2. Protocol Incompatibility • Predicted extinction date • Different protocol Packet format • Different treatment for software Worldwide 2010.10 Asia 2012.8 China Telecom 2013.3 1 Motivation 2Technology • CT status quo ( Unit: million) Total Space 91 Exhausting speed 17per yr 4Deployment 3Environment 4. Lack of transition experience 3. Inactive Industry Chain • Giant network scope and large numbers of service platforms need Considerable human and material resources • No practical criteria referenced for IPv6 transition • No clear guidelines from government • No drivers for ICP • Users do not care • Long Life cycle of ROI (ROI, Return on Investment) • For network management,product development and service flow, no mature experiences and examples can be learned from. 2 2
Contents • IPv4 Contents Transition application • Transition Technology Selection • Problems in deploying Dual Stack • NAT444 authentication • User tracing • Impact on internet application • Problems in deploying tunnels • incapable multicast service in Ds-lite • Problems in deploying protocol translation • Infeasible fixed range port in DIVI • Address planning strategy network • Unavailable PPPoEv6 in Windows XP users
Transition Technology Selection • Considerations which need to be made when applying various transition technologies to existing networks. Various transition technologies may have different impacts to the services: • Dual Stack with Carrier Grade NAT444 • Tunnel technologies • Protocol Translation
Problems in deploying Dual StackCarrier Grade NAT444: Authentication • Single-Sign-On of the website: • The user’s IPv4 private address is allocated by BRAS after AAA process, so, only user's private ipv4 address is mapped with the user account in AAA system. In some cases, website may make SSO authentication with user’s IP address via carrier’s AAA server. • User accesses the Internet website with public address, whilethe address in the carrier’s AAA Server is private address. So the user can not be authorized. • VPNauthentication • In L2TP and NAT444 environments with user creating VPN itself, if the user wants to access the enterprise internal network via VPN, some authentication protocol such as EAP, may not be supported in these two environments. • AAA authentication • In some cases, dual stack users may establish dial-up sessions to BRAS to get IPv4 and IPv6 address separately. • BRAS may probably send different radius authentication request packets to AAA. According to current anti-attack policies in AAA server, the AAA server will deal with the first request packet and ignore the other ones.
Problems in deploying Dual StackCarrier Grade NAT444: User tracing • Flow Analysis System and Behavior Analysis System • The existing Flow Analysis and Behavior Analysis System of Carrier is centralized and deployed in backbone. In NAT444 environment, they both need to be placed before NAT device, in order to collect users’ data and analysis their behavior accurately by their IPv4 address.
Problems in deploying Dual StackCarrier Grade NAT444: Others • Internet user access the private network users initiatively. Currently two access methods are considered in the metropolitan area network: • Communication between Private IP host, the traffic will not go through NAT444 device. • Communication between Private IP host and Public one, the traffic will go through NAT444 device. For the user who wants to visit a website which is provided by private address host, it is not accessible. • NAT444 doesn’t support the current PPTP VPN.
Problems in deploying tunnel • What is the sequence of deployment for tunnel technologies: • 6RD、DS-lite and L2TP, etc • 6RDDS-lite or directly to DS-lite? • Incapable multicast service in DS-Lite: • For China Telecom, the IPTV multicast replication point is located in BRAS. There is a trend to move down the replication point to access node. • In the DS-Lite scenario, the IPTV multicast replication point will be at AFTR which will lead some performance problems and conflict with the above trend. • What is the investment benefit and maintenance cost of different tunnel technology?
Problems in deploying protocol translation • Infeasible fixed range port in DIVI • DIVI assigns a fixed range of ports to the HG, for users sake, it is infeasible and unfair for customers. • Much larger traffic will pass the DIVI gateway than other technology
Address Planning Strategy • When IPv6 is deployed, how to plan the IP address pool in a large scale network is a problem.
IPv4 Contents Transition • Lacking business driven and technology driven for IPv4 Internet contents Providers (ICP) to provide IPv6 contents. For example, the lifecycle of online games is short and deploying IPv6 has long lifecycle of ROI. (Return on Investment) • ICPs need carriers’ guidelines or solutions about the IPv4 contents transition. • How ICP can provide IPv6 services with the least changes?