Microsoft IT: Journey to IPv6 Veronika McKillop Network Architect Microsoft CSE&O
Agenda • Network Overview • Dual-Stack Status • Moving to IPv6-Only
June 2015 Apple WWDC
IPv4 Market Group
This WAS the plan…
RFC 7269 Dual al-stack stack Wirel eless ess Gues est t globall ally “Scream tests” of IPv6 -Only Only
Guest network Internet- First Ever erythin ything g needs s IPv6 v6, , not everythi ything g will l be IPv6-Only Only
IPv4 4 VPN Heade dend Corporat orate e Network ork 64 translati tion/ on/decapsul ulati tion on MAP-BR BR IPv6 6 Inter ernet net SP Agg Agg SP Core NAT44 & 46 trans nslation/enc on/encapsul ulation LB IPv4-Only ly DNS 3. & 4. IPv4 4 Inter ernet net Aggregatio tion / 2. 2. IPv6-Only nly/du /dual al-sta stack ck Backbone one P&T 5. 5. v6 SP Regio ional Agg v4 Regio ional networks rks Local l P&T 1. 1. 1. VPN client does VPN concentrator address resolution 2. Load-Balancer provides DNS A record 3. VPN session establishment over IPv4 is NAT44 translated on the home CPE 4. Then 4->6 header translation/encapsulation is performed on the home CPE 5. This traffic is forwarded over IPv6-Only/Dual-stack network to MAP Border Relay
IPv4 4 VPN Heade dend 6. 6. Corporat orate e Network ork 64 translati tion/ on/decapsul ulati tion on 8. ?? MAP-BR BR IPv6 6 Inter ernet net SP Agg Agg SP Core NAT44 & 46 trans nslation/enc on/encapsul ulation LB IPv4-Only ly DNS 3. & 4. IPv4 4 Inter ernet net Aggregatio tion / 2. 2. IPv6 v6-Only/dua nly/dual-st stack ck Backbone one P&T 7. 7. v6 SP Regio ional Agg The Futur ure e is NOW v4 5. 5. Regio ional networks rks Local l P&T Free e (France) ance), , Charter er 1. 1. Commun unic icati ations ns, Comcast ast 6. At MAP-BR the traffic is IPv6 traffic has header replaced with IPv4/decapsulated (tests) s), , your any given n mobile e 7. The traffic is forwarded over IPv4 to the VPN headend ISP (BT/EE, EE, T-Mob Mobil ile e US, 8. Will the VPN Headend accept this traffic? Reliance JIO)… The header has been tampered with (MAP-T) • What about Jumbo frames (in MAP-E), fragmentation (it is SW processed on the MAP-BR)?? •
DS VPN Headend Corporat orate e Network ork 6. 64 translati tion/ on/decapsul ulati tion on MAP-BR BR IPv6 6 Inter ernet net SP Agg Agg SP Core NAT44 & 46 LB DS DNS trans nslation/enc on/encapsul ulation 2. 2. Aggregati tion / IPv6 v6-Only/dua nly/dual-st stack ck Back ckbone P&T IPv4 4 Inter ernet net 3. 3. v6 SP Regio gional Agg gg v4 4. 4. 1. VPN client performs VPN concentrator address resolution Regio ional networks rks Local l P&T 2. Load-balancer provides DNS A/AAAA record 1. 1. 3. VPN session establishment over IPv6 is natively forwarded out the home CPE 4. This traffic is forwarded over IPv6-Only network to the nearest exit point (local P&T etc.) 5. At the local exit point the traffic is natively forwarded to the IPv6 address of the VPN Headend. 6. VPN session is established and both IPv6 and IPv4 traffic from the user device for the Corpnet is sent through the VPN tunnel It doesn’t matter what IPv4 -as as-a-Se Service vice technol hnolog ogy is used d by the ISP , native ve IPv6 gets around nd it.
https://datatracker.ietf.org/doc/html/draft-bruneau-intarea-provisioning-domains
Recommend
More recommend
