IPv6 at XS4ALL Netnod meeting
Marco Hogewoning IPv6 Evangineer
[email protected] 17 sept 2009
Company profile • • • • • • • •
Oldest Dutch ISP, founded May 1st 1993 Origins in Hacktic co-founder AMS-IX Ltd since 1996 100% KPN subsidiary since Dec 1998 200 employees 300.000 customers DSL, hosting and co-location
Marco Hogewoning
IPv6 History • • • • • • •
Sixbone space in Oct 2001 (3FFE:8280::/28) PA block in Aug 2002 (2001:888::/32) Tunnel server Free IPv6 Usenet in Oct 2002 (newszilla6.xs4all.nl) Hack with PPTP on DSL (Speedtouch) Google-over-ipv6 Approx 300 mbit/s (content heavy)
Marco Hogewoning
Initial requirements • Platform/vendor independent • Use open standards where possible • No EUI-64 in core or server networks • Dual-stack everywhere • Subnet per customer (/56 - /48) • No EUI-64 addresses on CPE WAN interface • CPE must have a firewall built-in • CPE should be auto-detecting/negotiation
Marco Hogewoning
Equipment involved • XS4ALL core • Juniper T640 • Cisco 6509 • Foundry serveriron
• XS4ALL access • Juniper E320 version 9.3.x
• Telco • DSLAM Alcatel-Lucent
• Customer • • • •
Speedtouch FRITZ!Box 7170 Zyxell Cisco (rare)
Marco Hogewoning
Current network setup
Marco Hogewoning
Numberplan
Marco Hogewoning
Numberplan 0.1 • /48 per PoP • /56 per router • 2001:888::/48 servers • 2001:888:10::/48 tunnel interfaces (end-user)
• /36 tunnelspace (routed) • /35 colocation (/48 subnet = vlan)
Marco Hogewoning
Servers • No EUI-64 • port number for services (i.e. POP3 at ::110) • Management incorporates IPv4 (literal) • 194.109.0.42/32 -> 2001:888:0:42:194:109:0:42/64 • Warning: 2001:888:0:42:194.109.0.42/64 is different ! • Warning: so is 2001:888:0:42::C26D:002A/64
• Default gateway manually set to ::1/64
(usually)
Marco Hogewoning
Numberplan DSL • /36 per BRAS • Geographical allocation (initial /44 per area) • Renumber pilot customers ?
Marco Hogewoning
DSL Deployment
Marco Hogewoning
History • Initial hack in 2002 using PPTP (nerdy) • Missing features on E-series • Stability issues on JUNOSe 8.x/9.0 • Expensive CPE • Cisco ‘beta’
Marco Hogewoning
Initial deployment (may 2008) • E320 testbed running 9.0 • Cisco 87x behind atm transport • E-series crashed after fiddling some options
Marco Hogewoning
Pilot may 2009 • Fixed JUNOSe deployed because of other issues • Cisco stable and within specs • FRITZ!Box released (Cebit)
Marco Hogewoning
Current setup • E320 acting as DHCPv6 server • Leasetime 1 day • Prefix learned via regular AAA (radius) • 1 PPP session with both IPCP and IPv6CP • No RA towards customers after AVM patch • CPE WAN interface on localscope
Marco Hogewoning
Config sample E320 interface loopback 1 ipv6 address 2001:888:0:4601::1/64 profile "PROFILE_ATMPPP" ipv6 virtual-router default ipv6 unnumbered loopback 1 ipv6 mtu 1500 ipv6 sa-validate ipv6 ipv6 route 2001:888:0:4600::/56 null0 ipv6 route 2001:980:3000::/36 null0 service dhcpv6-local ipv6 dhcpv6-local prefix-lifetime 1 0 0 0 ipv6 dhcpv6-local dns-server 2001:888:0:6::66 ipv6 dhcpv6-local dns-server 2001:888:0:9::99
(20 lines, 648 bytes) Marco Hogewoning
Config sample Cisco 87x ipv6 unicast-routing ipv6 cef interface Dialer0 ipv6 enable ipv6 dhcp client pd DHCPPREFIX interface vlan1 ipv6 address DHCPPREFIX 0:0:0:1::/64 eui-64 ipv6 enable ipv6 route ::/0 Dialer0
Marco Hogewoning
Pilot status • ~ 30 customers configured • ~ 20 customers live • ‘Missing customers’: • No time • Configuration issues on IOS • Can’t run services
Marco Hogewoning
CPE status status • Cisco working except for Wifi • AVM FRITZ!Box public beta, missing firewall • Netscreen DSL broken, maybe need newer box • Thompson promised working stack midoktober 09 • Draytek ran of with the spec
Marco Hogewoning
Issues
Marco Hogewoning
Internal • No database support • Provisioning tool called ‘vi’ • Hard to traceback abuse • Lack of knowledge in other departments • No services • Dual stack eats E320 resources, need more hardware
Marco Hogewoning
Legal • Lawful intercept in NL makes no difference between IPv4 and IPv6 • Central database with IP addresses (CIOT) • Data retention ?
Marco Hogewoning
CPE • No firewall • Interface • No manual config (LAN on EUI-64)
Marco Hogewoning
Feedback • “The wife didn’t notice” • “Easy” • “Boring” • “I want to run services” • “Fix the firewall”
Marco Hogewoning
Roadmap • Fix legal issues • Fix provisioning • Get services up • Increase to 200 ~ 500 customers • Get extra hardware in
Marco Hogewoning
Miscellaneous items
Marco Hogewoning
What to do with reverse DNS ? • Currently we delegate to customer • Plan is to have self service center support • How many entries per customer ? • How to handle EUI-64 ? • Interface to accept mac-address ?
Marco Hogewoning
Servers • Transition BSD -> Linux • Loads of in house software • New BSS being rolled out • OSS changes unsure
Marco Hogewoning
Organization • Needs training • Needs more priority • Create more awareness • Plan ahead with investments
Marco Hogewoning
External marketing • Open up • Help others • Dutch IPv6 Taskforce • RIPE • meetings • www.IPv6ActNow.org • Other industry fora (*IX/*NOF/ISOC) • Press !!!!!!
Marco Hogewoning
Activate customers • Press coverage • Company newsletters • Seminairs • Hands-on training • Tunnel server to circumvent pilot • Focus on content
Marco Hogewoning
Plan for alternatives • Count your IPv4 • Expect NAT in some form somewhere • You might be ready, but what about the other side ?
Marco Hogewoning
Cooperate • Use events like this to share experience • Team up when interacting with vendors • Talk to/with IETF, ISOC, RIPE • IPv6 has to be a joined effort
Marco Hogewoning
