Microsoft IT: Journey to IPv6 Veronika McKillop Network Architect - - PowerPoint PPT Presentation

Veronika McKillop

Network Architect Microsoft CSE&O

Microsoft IT: Journey to IPv6

• Network Overview
• Dual-Stack Status
• Moving to IPv6-Only

Agenda

June 2015 Apple WWDC

IPv4 Market Group

This WAS the plan…

RFC 7269 Dual al-stack stack Wirel eless ess Gues est t globall ally “Scream tests” of IPv6-Only Only

Guest network

Ever erythin ything g needs s IPv6 v6, , not everythi ything g will l be IPv6-Only Only

Internet- First

LB IPv4-Only ly DNS

Corporat

• rate

e Network

• rk

SP Agg Agg SP Core

IPv6-Only nly/du /dual al-sta stack ck

NAT44 & 46 trans nslation/enc

• n/encapsul

ulation

• 3. & 4.

1. 1. 2. 2.

MAP-BR BR 64 translati tion/

• n/decapsul

ulati tion

• n

5. 5.

IPv4 4 VPN Heade dend

v4 v6

Local l P&T Aggregatio tion / Backbone

• ne P&T

IPv6 6 Inter ernet net IPv4 4 Inter ernet net

SP Regio ional Agg Regio ional networks rks

1. VPN client does VPN concentrator address resolution 2. Load-Balancer provides DNS A record 3. VPN session establishment over IPv4 is NAT44 translated on the home CPE 4. Then 4->6 header translation/encapsulation is performed on the home CPE 5. This traffic is forwarded over IPv6-Only/Dual-stack network to MAP Border Relay

LB IPv4-Only ly DNS

Corporat

• rate

e Network

• rk

SP Agg Agg SP Core

IPv6 v6-Only/dua nly/dual-st stack ck

NAT44 & 46 trans nslation/enc

• n/encapsul

ulation

• 3. & 4.

1. 1. 2. 2.

MAP-BR BR 64 translati tion/

• n/decapsul

ulati tion

• n

5. 5.

IPv4 4 VPN Heade dend

v4 v6

Local l P&T Aggregatio tion / Backbone

• ne P&T

IPv6 6 Inter ernet net IPv4 4 Inter ernet net

• 8. ??

SP Regio ional Agg Regio ional networks rks

7. 7.

6. At MAP-BR the traffic is IPv6 traffic has header replaced with IPv4/decapsulated 7. The traffic is forwarded over IPv4 to the VPN headend 8. Will the VPN Headend accept this traffic?

• The header has been tampered with (MAP-T)
• What about Jumbo frames (in MAP-E), fragmentation (it is SW processed on the MAP-BR)??

6. 6.

The Futur ure e is NOW

Free e (France) ance), , Charter er Commun unic icati ations ns, Comcast ast (tests) s), , your any given n mobile e ISP (BT/EE, EE, T-Mob Mobil ile e US, Reliance JIO)…

LB DS DNS

Corporat

• rate

e Network

• rk

SP Agg Agg SP Core

IPv6 v6-Only/dua nly/dual-st stack ck

NAT44 & 46 trans nslation/enc

• n/encapsul

ulation MAP-BR BR 64 translati tion/

• n/decapsul

ulati tion

• n

DS VPN Headend

v4 v6

Local l P&T

Aggregati tion / Back ckbone P&T

IPv6 6 Inter ernet net IPv4 4 Inter ernet net

SP Regio gional Agg gg Regio ional networks rks

1. VPN client performs VPN concentrator address resolution 2. Load-balancer provides DNS A/AAAA record 3. VPN session establishment over IPv6 is natively forwarded out the home CPE 4. This traffic is forwarded over IPv6-Only network to the nearest exit point (local P&T etc.) 5. At the local exit point the traffic is natively forwarded to the IPv6 address of the VPN Headend. 6. VPN session is established and both IPv6 and IPv4 traffic from the user device for the Corpnet is sent through the VPN tunnel 1. 1. 2. 2. 3. 3. 4. 4. 6.

It doesn’t matter what IPv4-as as-a-Se Service vice technol hnolog

• gy is used

d by the ISP , native ve IPv6 gets around nd it.

https://datatracker.ietf.org/doc/html/draft-bruneau-intarea-provisioning-domains