Randy Bush, moderator of the next section He begged to do the introduction for a specific reason; deployment of IPv6 that is beneficial to this companies' P&L; possibly the only one in existence thus far. He did a very studied and purposeful view of using IPv6 to benefit his company! IPv6 @ comcast Managing 100+ million IP Addresses [slides are at: http://www.nanog.org/mtg-0606/pdf/alain-durand.pdf Alain Durand Office of the CTO Director IPv6 Architecture Alain_Durand@cable.comcast.com Agenda Comcast needs for IPv6 Comcast plans for IPv6 Challenges simplistic view of comcast IP problem 20 million subscribers in video 2.5 set-top boxes per subscriber 2 IP per set top-box per DOCSIS std. total 100 millions IP addresses needed that's not including high speed data, nor comcast digital voice, nor mergers/acquisition Used to use RFC1918 for cable modems. that space was exhausted in 2005 Comcast recently was allocated the largest part of net 73 and has renumbered cable modems in that space. In the control plane, all devices need to be remotely managed, so NAT isn't going to help us IPv6 is the clear solution for us However, even we are starting now, the move to IPv6 isn't going to happen overnight. Triple play effect on the use of IP addresses 2005 HSD only 2006 T+ Cable Modem 1 1 Home computer/router 1 1 eMTA (voice adapter) 0 1-2 Set top box (STB) 0 2 total num of IP addresss 1-2 8-9 (assume 2.5 STB per household IP Addresses: Natural Growth vs New Services nice graph--based on trends, not real data Contingency plans: use public address space use "dark" space (pre-RFC1918 space) federalization (split into separate domains) (trying to avoid that) IPv6 strategy start early deployment plans started back in 2005 deploy v6 initially on the control plane for the management and operation of the edge devices they manage DOCSIS CM, set top boxes, packetCable MTA (voice) be ready to offer customers new services that use IPv6 LATER, not now--first step is to just be able to manage their own gear. migration to v6 must be minimally disruptive. deploying v6 must be in roadmap for all vendors ops, infrastructure, systems must be ready to support v6 devices. over time, IPv6 will penetrate Comcast "DNA" Deploy v6 for IP addrs of the CM and STB architecture: dual-stack at the core, v6 only at the edges deployment approach: from the core to the edges backbone->regional networks->CMTS->devices this is an incremental deloyment; existing deployments will be untouched in the beginning Follow same operational model as with IPv4; lots of DHCP! News Flash: All routers on Comcast IP backbone are IPv6 eanbled first ping on 10GE production backbone TTLs aren't quite working properly, still checking on that. [so, even mainstream vendors still don't have v6 working quite properly yet] New CM will be v6 ready (dual-stack capable) On an IPv4 only CMTS, CM will have v4 address only On v6 enabled CMTS, CM will only have v6 address No CM boxes will have both; if they could support v4 on all, wouldn't have this issue to start with! Provisioning, Monitoring, Back-Office mostly software upgrade problem not unlike the Y2K issue fields need to be bigger in database and web scripts Should system "X" be upgraded for v6? does it communicate with devices that are v6 only? payload Q: does sstem "x" manipulate IP data that could be v6 (store, input, display) Comcast inventory analysis About 100 systems 10 need major upgrades for transport 30 need minor upgrades just for display/storage Back office management of cable modems. network transport will still be v4 however, back office systems may need to be modified to display/input/store v6 related data (CM v6 addr) Payload can be v6 while transport is v4. IPv6 certification Basic IPv4 compliance taken for granted today IP level component testing is limited IPv6 is still new technology maturity level of vendor implementations vary greatly some have v6 for 10 years even those have features not fully baked others have nothing, will rush to buy 3rd party stack. Bar for v6 product acceptance has to be higher than what we typically accept now for IPv4 Formal v6 requirement list before purchasing v6 conformance testing/certification to accept product v6 training most engineers have heard about it, don't know much fear factor can expect new hires to have 2-4 years of v4, but 0 v6 initial and continuous training process is critical! v6 vendors CM (cable modems) (DOCSIS 3.0/2.0b) CMTS Router Provisioning system OSS Video/Voice back-end systems Retail Market (Consumer electronics) Home Gateways Video (eg TV with embedded cable modem) Right now, provisioning system is most challenging. v6 protocols MIBS: some OSS vendors implement RFC2465 (deprecated) some router vendor implement partial RFC4293 (new combined v4+v6 MIB, but only v6 part) IGP comcast run OSPF v2 for IPv4 looking at OSPF v3 and IS-IS for IPv6 Integrating v4 and v6 security Integrating v4 and v6 QoS OSPF v2 and v3 share acronym, that's about it. QoS code points will be challenging; mark, and then trust QoS to deal with markings independent of the type of packets the markings are on. That's pretty much it. Not such a difficult process, mainly making sure the vendors do the right thing, beating on them with a big stick. Q: Dave Huberman, ARIN--without going into specifics of comcast--thank you, that's a very big landmark! You have upgrade so many items, spend all this time retraining staff, training new staff; how do you sell this gigantic cost to the 44th floor? A: The cost is non-negligible, but it pertains to business continuance, so in general executives aren't going to say no to it. Q: Lane?--similar question, it's an upper management support question. It costs money to do this! A: Extremely strong business motivation for doing it in the case of comcast; a good object lesson for others in how to get management on board with v6 migrations. More pushback from midlevel managers than from the top levels has been seen, actually. Q: Steve Schultz, NASA; any plans to implement IPv6 multicast, interdomain? At some point, will need to bring multicast to the set top boxes? Will they need both v4 and v6 multicast streams in core? A: They only want one multicast stream, from bandwidth size requirements, so will translate at the edges for now from v4 to v6. This effort is all for device management, though, so multicast won't be an issue for a while. Q: Doug Montgomery?; need for certification and profiles--do you see LOGO program for v6, as sufficient? A: Has been looking at v6 LOGO phase 1 and phase 2, they go deeply into neighbor discovery, but doesn't cover MIBs, or routing protocols, or transports other than ethernet. It's a minimum entrance requirement (phase 1 now, phase 2 in a few months), but that's not sufficient on its own; they have requirements above and beyond LOGO phase 1 and phase 2. Q: Merike, global security; some vendors have limitations on their v6 security features; what has vendor response been to them, since they're a big company. A: They have had to raise pressure on a few, yes; but since nobody wants to lose Comcast account, they have been responsive. Q: Tony Hain, Cisco. Doing this with management, not seeing any demand from customers; customers shouldn't know underlying protocols, so they'll never demand. Is there a plan to eventually get it to customers? A: it's really based on services they can offer; if there's a service that's v6 only that they can sell to customers, they'll roll out v6 to the home. Q: someone from Juniper: why comcast needs 100 million IP addresses. They use v4 right now, what do they use? A: they don't have 100 million yet, that's what they're growing to; using 10/8 and 73/8 for now, may use some dark space during the migration period. They're still using public space for now. Q: Bora Akyul?, Broadcom; you mentioned this in the certification. Plenty of RFCs that obsolete each other. IPv6 is richly optioned protocol compared to v4. How do you decide which options you want to use? Will you publicize those to your vendors? A: DHCP v6 vs stateless autoconfiguration, may be conflicting methods. They decided they wanted to use DHCP v6, NOT stateless autoconfiguration, for example. Q: Exactly! will they use a lot of extension headers? Q: No, keep it simple! Q: Randy Bush, IIJ? Two things he knows; a) what is the simplest way to get from here to there b) don't try to convert the users--they don't need to know what's happening at the protocol layer Q: Matt, Yahoo, asks about whether they will be planning to give net 73 back when the IPv6 conversion is done? A: Well, they have a bunch of other systems that need to communicate using v4, until they have a solution that can do v6, will keep the v4 addresses.