View - Institute of Network Coding

download report

Transcript View - Institute of Network Coding

Intelligence at the Edge:
the Evolution of IP Communications
Fred Baker
Cisco Fellow
Former IETF Chair
Chair, IPv6 Operations
IETF liaison to SGIP/SGAC
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Agenda
 Why IPv6?
Main drivers & benefits to evolve/migrate from IPv4 to IPv6
 Industry status
IPv6 penetration and deployment today
 Challenges/issues
IPv6 deployment
IPv4 to IPv6 migration
 Industry best practices & lessons learned
 Future evolution of applications using the architecture
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
2
Near vs Long term perspective
 Perspective:
In the long term, all networks want the relative simplicity and limited
cost of a single networking protocol
In the short term, the world isn’t going to switch simultaneously
 Two definitions:
“Migration”: Turning the new on and turning the old off
“Deployment”: Turning the new on
 I tend to think that:
In the near term, the question is how to deploy and use IPv6 in
new network offerings and interoperate with existing IPv4
capabilities
In the long term, once a critical percentage of users have IPv6
enabled, continuing to run IPv4 becomes a business decision.
When we turn IPv4 off, we have migrated.
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
3
Why IPv6?
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
4
Why did the IETF design IPv6?
 Running out of IPv4 addresses
Except it was 1992 and statistically we expected to run out in 19931994
 Response to the issue:
RFC 1550: IP: Next Generation (IPng) White Paper Solicitation
Four responses, resulting in IPv6 – RFCs 1883, 1884, 1885,
1886
Also, description of GSE and the NIMROD Routing Architecture
CIDR deployed by RIRs and incorporated into routing protocols –
RFCs 1517, 1518, 1519, 1520, early 1990’s
Also OSPFv2, IS-IS, BGP, and RIPv2
RFC 1918 private addresses, and implementation of Network
Address Translation
 IPng ultimately resolved to IPv6.
We didn’t know it would take 15 years to deploy
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
5
The issue of address depletion
 The ISP problem:
The Internet that is deployed will continue to run
But it will be harder for ISPs and edge networks to deploy new
services and add new customers
 The user problem:
ISPs will be forced to provide current services using shared IPv4
address space and offer IPv6 for user-managed services
At some point, services that consumers want to get to will require
them to use IPv6 as a result
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
6
Where Is the Broadband Internet Today?
The Europe/America/East Asia/ANZ Fiber Corridor
Today
Presentation_ID
Map copyright 2008 TeleGeography
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
7
Power, and by Extension, Money,
Throughout the World
NASA “Earth at Night,” August 2006
Today
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
8
IPv4 Address space throughout the
world today
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
9
IPv6 penetration and deployment
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
10
Who is implementing/adopting
IPv6?
 Originally, the research networks and communities
Internet II, Renater, CERNET2, TWAREN, AARNET, …
Commercial Networks in Japan: NTT, IIJ, KDDI, …
 Large companies, major ISPs, and content providers
Facebook, Google, …
Comcast, Free.fr, Verizon, AT&T, …
 Governments
 Starting to hear of
ISPs losing customers over lack of IPv6 offerings in RFI/RFP
responses, which suggests that auditors are driving enterprise
customers to require IPv6 service even if they don’t buy it today.
IPv6-only networks operated by various providers
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
11
Prepare
Optimize
Plan
IPv6 enabled web sites
Operate
(growing list at sixy.ch)
Design
Implement
http://[2402:6000:200:100::4]
Yosemite
http://[2001:4830:20e0:1::5]
http://[2001:470:d:2ed::1]
ipv6.google.com
http://[2001:b48:12:1::2]
http://[2001:da8:200:200::4:28]
Sandviken Kommun
http://[2001:b48:10::3]
http://[2405:5000:1:2::99]
http://[2001:49f0:1000::3]
http://[2001:44b8:8020:f501:250:56ff:feb3:6633]
http://[2001:218:2001:3005::8a]
http://[2001:252:0:1::2008:6]
http://[2607:f0d0:1000:11:1::2]
http://[2001:470:0:64::2]
Helsingborg Dagblad
http://[2001:2040:2000::6]
http://[2406:0:6a:4::167]
http://[2a02:250::6]
http://[2a01:e0c:1:1599::1]
http://[2001:470:1:1d::d8da:84ea]
http://[2001:558:1004:9:69:252:76:96]
http://[2a01:a8:0:5::26]
http://[2001:470:0:e6::4a52:2717]
http://[2607:f4e8:12:fffe:230:48ff:fe96:f99e]
http://[2001:470:1:3a::13]
http://[2620:0:ef0:13::20]
http://[2607:f0d0:3001:62:1::53]
http://[2001:440:fff9:100:202:b3ff:fea4:a44e]
http://[2620:0:1cfe:face:b00c::3]
http://[2607:f238:2::51]
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
http://[2001:4f8:fff6::21]
http://[2001:9b0:1:104:230:48ff:fe56:31ae]
http://[2a01:48:1:0:2e0:81ff:fe05:4658]
http://[2001:838:1:1:210:dcff:fe20:7c7c]
12
Mobile Telephones and Networks
Data derived from public statements
 Telephones:
iPhone IOS 4.0, Android
IPv6 is on, can run IPv6-only, can’t turn IPv6 off from UI
Samsung, Nokia support IPv6
Windows Mobile has supported IPv6 on the WiFi interface since
2005
Motorola doesn’t yet
 Networks
China Mobile has convened two 3GPP workshops on IPv6-only
networks
3GPP later versions target IPv6-only networks
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
13
Does it work?
Cisco Networkers EMEA
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
14
The experiment
 A ultra-thin team (2 people) deployed IPv6 at a large
networking vendor conference in Barcelona early 2008
 3000+ attendees, little IPv6 knowledge
 IPv6 was not made public
 What can be measured?
 What was measured?
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
15
IPv6 Internet
IPv4 Internet
CPU was easy 
www
Monitoring Station
Fedora
ISR
1841 Router
Catalyst
Bridging
WLAN
Bridging
IPv6 Prefix: 2a01:3e0::/64
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
16
Which OS? (based on User-Agent )
A dual-stack web server tracked the User-Agent: IPv6
access
19% Windows XP
16% Windows CE
16% Linux
15% Mac OS/X
12% Vista
6% Symbian
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
17
“The current exponential growth of
the network seems to show that
connectivity is its own reward, and
is more valuable than any
individual application such as mail
or the world-wide web.”
RFC 1958: Architectural Principles of the Internet
http://www.ietf.org/rfc/rfc1958.txt
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
18
18
What trouble can
I get into?
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
19
Prepare
Optimize
Plan
Operate
Design
Business Challenges
Implement
 Avoid natural tendency to ignore IPv4 complexity as ‘cost of
doing business’ while highlighting explicit costs to add IPv6.
 IPv6 can lead to less complex, easier to manage,
implementation and operations
Enables greater ROI over time from emerging and new business apps
 Natural evolution to improve operations, productivity, and
service
Could just replace 1:1, but ask:
‘Where does the network need to be in 3-5 years?’
‘Which applications and services will be expected?’
(mobility, virtual presence, …)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
20
Business Risks
 Staff training – reducing perceived service level
 Network management tools – scripts and commercial products
ignoring the IPv6 deployment
 Awareness – Microsoft will tunnel unless there is native service
 Applications – not providing IPv6 support before IPv4 is missing
from part of the network or a partner
 Multi-homing – Global address allocation policy for enterprise
deployments
 Traffic patterns – old wan traffic models dominated by client/server
apps, new by peer-to-peer collaboration tools
 Timing – deployment being forced in short order by a partner
interaction rather than planned and orderly over time
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
21
Prepare
Optimize
Plan
Operate
Design
Business - Costs
Implement
 The largest cost for most network managers will be
training.
Related but different protocol.
 Another major cost will be retooling custom apps and
scripts.
Frequent coding shortcuts assume an address will always be 32 bits.
 Is IPv6 deployment an opportunity to integrate other
engineering changes that have not been large enough
to justify by themselves?
What costs will be attributed to IPv6 vs. general evolution?
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
22
Prepare
Optimize
Plan
Operate
Design
Adoption Spectrum
Implement
• Mostly or completely
past the “why?” phase
• Assessment (e2e)
• Weeding out vendors
(features and $)
• Focus on training and
filling gaps
Kicking the tires
Production/Looking
for parity and
beyond
Pilot/Early
Deployment
• Still fighting vendors
• Content and wide-scale
app deployment
• Review operational cost
of 2 stacks
• Competitive/Strategic
advantages of new
environment
• Is it real?
• Do I need to deploy
everywhere?
• Equipment status?
• SP support?
• Addressing
• What does it cost?
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
23
Prepare
Optimize
Plan
Operate
Design
IPv6 Deployment strategy
Implement
Train the architects
Protocol differences create an operational experience vacuum
Develop addressing plan
use any initial /32 for infrastructure or labs ; get a real block for customers
customer prefix delegation on nibble boundary to align with ptr authority
Enable core & PE routers
dual-stack, with tunneling where necessary to align with life-cycle
Enable support services
dual-stack the servers, populate DNS AAAA, configure AAA, deploy management and
monitoring tools
Establish peering
encourage content sites to deploy to minimize the need for IPv4/IPv6 nat
Enable customers
tunnel over legacy distribution media where necessary
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
24
Prepare
Optimize
Plan
Operate
Design
Coexistence Strategy
Implement
Don’t forget the Applications
While infrastructure
is everyone’s initial
focus, nothing
happens until the
applications use the
new API.
IPv4-only apps will
remain IPv4-only,
and these legacy
apps will fail when
presented with an
IPv6-only
infrastructure.
Presentation_ID
Services & Applications running over IPv6
IPv4/IPv6 Coexistence Infrastructure
IPv6
Internet
Preserve IPv4
Today
IPv4
Run-Out
2010
2011-12
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
Future
25
Industry best practices for
IPv6 deployment
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
26
IETF looking at deployment
 IPv4/IPv6 coexistence
IPv4/IPv6 Dual Stack Deployment
IPv4/IPv6 Translation
IPv4/IPv6 and IPv6/IPv4 Tunneling
 Moving along
Securing the network
General operational issues
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
27
Recommended Approach to Deployment:
RFC 4213 Dual-Stack Deployment
IPv4+IPv6 Hosts
 Solution:
Hosts today are IPv4+IPv6:
Windows Vista, Macintosh, Linux, BSD
Make the network IPv4+IPv6.
When forced to deploy IPv6-only
networks, they will be able to talk with
other hosts.
IPv4+IPv6
Network
 But…
We have run out of time for this to be
smooth
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
IPv6-only
Hosts or Network
28
Translation: three components
 DNS64:
Translate DNS records
 Translator
IPv4 Internet
Stateless mode
Modified SIIT algorithm
Uses Service Provider Prefix, IPv4 prefix
embedded in IPv6 prefix
Scalable translation IPv4<->IPv6
DNS
ALG
Stateful mode (NAT64) similar to IPv4/IPv4
NAT
Permits session initiation IPv6-native -> IPv4
hosts
No session initiation IPv4 -> IPv6-native
IPv6 Network
 Effect:
Encourage movement of IPv4 servers to
IPv6-only network
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
29
Dynamic IPv6/IPv4 tunneling
IPv6 packet
6rd
6rd
6rd
Access
Node
IPv6 packets
IPv4
L3 Edge
(IPv4)
IPv6 packetCE
6rd
Border
Relays
IPv6 + IPv4 Network
SP IPv4 Network
IPv6
IPv6
 IPv6 service in the home is essentially identical to native IPv6 service
 IPv6 Packets Follow IPv4 routing
 6rd Border Relay traversed only when exiting or entering a 6rd Domain
 6rd Border Relays are fully stateless, no limit on “number of subscribers” supported
 Border Relays may be placed in multiple locations, addressed via anycast.
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
30
“…it is possible to employ IPv6-only
networking, though there are a number of
issues such as lack of IPv6 support in
some applications and bugs in untested
parts of code.
As a result, dual-stack [RFC4213]
remains as our recommended model for
general purpose networking at this time,
but IPv6-only networking can be
employed by early adopters or highly
controlled networks.”
Jari Arkko
http://tools.ietf.org/html/draft-arkkoipv6-only-experience
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
31
The biggest problems with
coexistence mechanisms
 They give the illusion of full service but deliver a small
subset
Example – the web works well through IPv4/IPv4 translation, but
BitTorrent shows us that far more interesting services are
possible
 Issues of management and fault diagnosis
Everything gets harder for the operator
 Operational and capital costs increase
Since everything is a little harder, it takes smart people to run the
network
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
32
For further reading…
 http://tools.ietf.org/html/draft-arkko-ipv6-transitionguidelines
“Guidelines for Using IPv6 Transition Mechanisms during IPv6
Deployment”, Jari Arkko, Fred Baker, 9-Nov-10
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
33
The “Internet of Things”:
New Applications for Internet Technology
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
34
Internet of Things:
What kinds of machines?
 Primarily about autonomous actors
Not your PC, that does things because you tell it to
Not your phone in the sense of placing calls
Often systems that provide support in interesting ways
 Types of services
Building automation – environmental control and telemetry
Industrial automation
Safety and surveillance issues
Health monitoring
And so on…
 Is TCP/IP the right technology for SCADA(Supervisory
Control And Data Acquisition) networks?
This varies with the application
For many purposes, IP future-proofs the network
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
35
Forestry
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
36
Mapping forests and forest events
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
37
Deborah Estrin’s sensor networks
 Networks deployed in
random distribution
 Low power
 Delivering sensor data
to a central site for some
purpose
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
38
Forest Management
 Several universities have tested
distributed sensor networks
Monitor weather/climate in a
managed forest
Observe fires in action
 Premise: map isotherms and
isobars
Periodic and event-driven neighborto-neighbor information exchange
Sensors that report sudden changes
and then stop reporting give crisis
information
 Application is a distributed
sensor
Individual sensors relatively
unimportant; GPS location of
reporting sensor more important.
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
Courtesy LA Times July39 200
Health Care
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
40
Health Monitoring
 Issue:
Unobtrusive monitoring and early detection of patient health
improves health care
It also reduces the cost of health care dramatically
 Numerous projects, including some in China, are
interested in exploring the use of networked sensors
Infrared detectors for motion and estimation of body temperature
Location of people in the house
And so on…
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
41
What does a sensor look like?
 Thermal Imaging:
Data sheets on some
models claim accuracy to
0.5˚C
 Location:
Motion sensors say
“someone is here”
Surveillance Cameras may
be able to identify people
 Pulse, Pedometer, etc
Available in drug stores
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
42
Requirements for sensors and reporting
 They need to be
Inexpensive
Easy to install/maintain
Networked (mobile or stationary) for
connectivity
Appropriate & acceptable to the client
 They need to be able to
Identify the person they are monitoring
Accurately record and report changes
of important data
Medical measurements
Daily routine
Maintain information privacy
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
43
How would we network them?
 Type of network
3GPP might be a good transmission system for mobile sensors
Fixed sensors could fit into residential broadband
 Application considerations:
Need to log normal events for possible future analysis
Give periodic reports: “Here are my logs, but I don’t see
anything”
Be able to issue alerts: “person pressed the ‘I need help’ button”
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
44
The Smart Grid
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
45
Smart Grid
 The Electrical Grid is a
large network that
supports the reliable
delivery of electrical power
Ongoing measurements for
maintenance and billing
purposes
Communication between
cooperating processes such
as generators and phase
measurement units
Operational command/control
– turning circuits on and off,
demand response, many
other purposes
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
46
Functional Requirements for
communication
 “…the Network should enable an application in a
particular domain to communicate with an application in
any other domain in the information network, with
proper management control over who and where
applications can be interconnected.”
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
NIST Roadmap, Version 1.0, September 2009
47
Conceptual Reference Model
Source: NIST Smart Grid Framework
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
48
Demand Response – Example Only!
IEC 61970
IEC 61968
MultiSpeak
ebXML
OpenADR
SOAP
REST
HTTP
1b. Register
Customer
2b. Announce
Price Event
4a.
Billing
Cycle
3b. Record
Participation
2a. Market Price
Change
1a. Enroll
Customer
4b. Send Bill
2c. Distribute
Price Event
Interface
Message
1a. Sequence Number
Example Standards
Stages:
1. Enrollment
2. Event
3. Monitoring
4. Billing
ZigBee SE
WiFi
BACnet
HomePlug
Ethernet
3a. Report
Usage
ANSI C12
SONET
WDM
Frame Relay
WiMAX
ANSI C12
BPL
Cellular
WiMAX
Proprietary
2d.
Local
Price
Event
2e.
Reduce
Usage
Source: EnerNex
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
49
Example of an attack: Stuxnet
 Said to be military-grade weapon that
attacks specific control systems
Depends on disabling automated
processes in process control
systems
 Not initially carried by the Internet
It is, however, networked once in
Therefore prototypical weapon of
motivated attacker
 Worst way to defeat it:
Security by obscurity
 Best way to defeat it:
Not get the virus
Not execute the code
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
50
DOE / NIST / UCAIug / ASAP-SG Effort
US DOE
FFRDC’s
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
51
Data storage requirements
 In utility company
Kinds of data
Customer billing data
Aggregate planning data
Requirements often met by chain of custody procedures
 In the home
Meter keeps records every few minutes for several hours
Very interesting to:
Occupant, who wants to optimize their bill
Utility, who wants to manage electricity and send bills
Third party services
Third parties that want to play games, rob the house, etc
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
52
Data security requirements
 Billing records have value to many parties, not all of
which are helpful
Utility billing and planning
Customer self-optimization
Neighborhood gossip
Criminal attacks
 Data may need to be
Verifiable after the fact – perhaps years later
Accessible by authorized parties
Shielded from unauthorized parties
Some data needs to be Public in flight
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
53
What kinds of security mechanisms
are available?
Presentation_ID
Communication
Layer
Type of control
Example
Data Content
End to end integrity in
message-based exchange
W3C XML
Signature
Application Layer
Application to application
authentication, authorization,
encryption
TLS, HTTPS,
DKIM,
S/MIME, SSH
Network Layer
System-to-system
authentication, authorization,
encryption
IPsec ESP
Physical/Link
Layer
Limited Membership
SSID, IEEE 802.1X
with EAP-TLS
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
54
General view
 There are numerous other approaches to
communication in use in the grid and in building
automation
IEC 14908 Building Automation
ANSI C12.19, C12.22, and related management
IEC 61850 “Goose” protocol between generators
 Internet Protocol Suite, especially IPv6, considered
appropriate for most uses in the Smart Grid
Specified in numerous IEC specifications
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
55
Intelligence at the Edge:
the Evolution of IP Communications
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
56