Intelligence at the Edge the Evolution of IP

Скачать презентацию Intelligence at the Edge the Evolution of IP

62c9621be3458411bc846033746f5512.ppt

Количество слайдов: 56

Intelligence at the Edge: the Evolution of IP Communications Fred Baker Cisco Fellow Former IETF Chair, IPv 6 Operations IETF liaison to SGIP/SGAC Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1

Agenda § Why IPv 6? Main drivers & benefits to evolve/migrate from IPv 4 to IPv 6 § Industry status IPv 6 penetration and deployment today § Challenges/issues IPv 6 deployment IPv 4 to IPv 6 migration § Industry best practices & lessons learned § Future evolution of applications using the architecture Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2

Near vs Long term perspective § Perspective: In the long term, all networks want the relative simplicity and limited cost of a single networking protocol In the short term, the world isn’t going to switch simultaneously § Two definitions: “Migration”: Turning the new on and turning the old off “Deployment”: Turning the new on § I tend to think that: In the near term, the question is how to deploy and use IPv 6 in new network offerings and interoperate with existing IPv 4 capabilities In the long term, once a critical percentage of users have IPv 6 enabled, continuing to run IPv 4 becomes a business decision. When we turn IPv 4 off, we have migrated. Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 3

Why did the IETF design IPv 6? § Running out of IPv 4 addresses Except it was 1992 and statistically we expected to run out in 19931994 § Response to the issue: RFC 1550: IP: Next Generation (IPng) White Paper Solicitation Four responses, resulting in IPv 6 – RFCs 1883, 1884, 1885, 1886 Also, description of GSE and the NIMROD Routing Architecture CIDR deployed by RIRs and incorporated into routing protocols – RFCs 1517, 1518, 1519, 1520, early 1990’s Also OSPFv 2, IS-IS, BGP, and RIPv 2 RFC 1918 private addresses, and implementation of Network Address Translation § IPng ultimately resolved to IPv 6. We didn’t know it would take 15 years to deploy Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 5

The issue of address depletion § The ISP problem: The Internet that is deployed will continue to run But it will be harder for ISPs and edge networks to deploy new services and add new customers § The user problem: ISPs will be forced to provide current services using shared IPv 4 address space and offer IPv 6 for user-managed services At some point, services that consumers want to get to will require them to use IPv 6 as a result Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 6

Where Is the Broadband Internet Today? The Europe/America/East Asia/ANZ Fiber Corridor Today Presentation_ID Map copyright 2008 Tele. Geography © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 7

Who is implementing/adopting IPv 6? § Originally, the research networks and communities Internet II, Renater, CERNET 2, TWAREN, AARNET, … Commercial Networks in Japan: NTT, IIJ, KDDI, … § Large companies, major ISPs, and content providers Facebook, Google, … Comcast, Free. fr, Verizon, AT&T, … § Governments § Starting to hear of ISPs losing customers over lack of IPv 6 offerings in RFI/RFP responses, which suggests that auditors are driving enterprise customers to require IPv 6 service even if they don’t buy it today. IPv 6 -only networks operated by various providers Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 11

Prepare Plan Optimize Operate IPv 6 enabled web sites (growing list at sixy. ch) Design Implement http: //[2402: 6000: 200: 100: : 4] Yosemite http: //[2001: 4830: 20 e 0: 1: : 5] http: //[2001: 470: d: 2 ed: : 1] ipv 6. google. com http: //[2001: b 48: 12: 1: : 2] http: //[2001: da 8: 200: : 4: 28] Sandviken Kommun http: //[2001: b 48: 10: : 3] http: //[2405: 5000: 1: 2: : 99] http: //[2001: 49 f 0: 1000: : 3] http: //[2001: 44 b 8: 8020: f 501: 250: 56 ff: feb 3: 6633] http: //[2001: 218: 2001: 3005: : 8 a] http: //[2001: 252: 0: 1: : 2008: 6] http: //[2607: f 0 d 0: 1000: 11: 1: : 2] Helsingborg Dagblad http: //[2001: 2040: 2000: : 6] http: //[2001: 470: 0: 64: : 2] http: //[2406: 0: 6 a: 4: : 167] http: //[2 a 02: 250: : 6] http: //[2 a 01: e 0 c: 1: 1599: : 1] http: //[2001: 470: 1: 1 d: : d 8 da: 84 ea] http: //[2001: 558: 1004: 9: 69: 252: 76: 96] http: //[2 a 01: a 8: 0: 5: : 26] http: //[2001: 470: 0: e 6: : 4 a 52: 2717] http: //[2607: f 4 e 8: 12: fffe: 230: 48 ff: fe 96: f 99 e] http: //[2001: 470: 1: 3 a: : 13] http: //[2620: 0: ef 0: 13: : 20] http: //[2607: f 0 d 0: 3001: 62: 1: : 53] http: //[2001: 440: fff 9: 100: 202: b 3 ff: fea 4: a 44 e] http: //[2620: 0: 1 cfe: face: b 00 c: : 3] http: //[2607: f 238: 2: : 51] Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public http: //[2001: 4 f 8: fff 6: : 21] http: //[2001: 9 b 0: 1: 104: 230: 48 ff: fe 56: 31 ae] http: //[2 a 01: 48: 1: 0: 2 e 0: 81 ff: fe 05: 4658] http: //[2001: 838: 1: 1: 210: dcff: fe 20: 7 c 7 c] 12

Mobile Telephones and Networks Data derived from public statements § Telephones: i. Phone IOS 4. 0, Android IPv 6 is on, can run IPv 6 -only, can’t turn IPv 6 off from UI Samsung, Nokia support IPv 6 Windows Mobile has supported IPv 6 on the Wi. Fi interface since 2005 Motorola doesn’t yet § Networks China Mobile has convened two 3 GPP workshops on IPv 6 -only networks 3 GPP later versions target IPv 6 -only networks Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 13

The experiment § A ultra-thin team (2 people) deployed IPv 6 at a large networking vendor conference in Barcelona early 2008 § 3000+ attendees, little IPv 6 knowledge § IPv 6 was not made public § What can be measured? § What was measured? Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 15

IPv 6 Internet IPv 4 Internet 6 IPv www Monitoring Station Fedora Presentation_ID ISR 1841 Router 4 v in IP el unn T CPU was easy Catalyst Bridging WLAN Bridging IPv 6 Prefix: 2 a 01: 3 e 0: : /64 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 16

Which OS? (based on User-Agent ) A dual-stack web server tracked the User-Agent: IPv 6 access 19% Windows XP 16% Windows CE 16% Linux 15% Mac OS/X 12% Vista 6% Symbian Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 17

“The current exponential growth of the network seems to show that connectivity is its own reward, and is more valuable than any individual application such as mail or the world-wide web. ” RFC 1958: Architectural Principles of the Internet http: //www. ietf. org/rfc 1958. txt Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 18 18

Prepare Plan Optimize Operate Design Implement Business Challenges § Avoid natural tendency to ignore IPv 4 complexity as ‘cost of doing business’ while highlighting explicit costs to add IPv 6. § IPv 6 can lead to less complex, easier to manage, implementation and operations Enables greater ROI over time from emerging and new business apps § Natural evolution to improve operations, productivity, and service Could just replace 1: 1, but ask: ‘Where does the network need to be in 3 -5 years? ’ ‘Which applications and services will be expected? ’ (mobility, virtual presence, …) Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 20

Business Risks § Staff training – reducing perceived service level § Network management tools – scripts and commercial products ignoring the IPv 6 deployment § Awareness – Microsoft will tunnel unless there is native service § Applications – not providing IPv 6 support before IPv 4 is missing from part of the network or a partner § Multi-homing – Global address allocation policy for enterprise deployments § Traffic patterns – old wan traffic models dominated by client/server apps, new by peer-to-peer collaboration tools § Timing – deployment being forced in short order by a partner interaction rather than planned and orderly over time Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 21

Prepare Plan Optimize Operate Design Implement Business - Costs § The largest cost for most network managers will be training. Related but different protocol. § Another major cost will be retooling custom apps and scripts. Frequent coding shortcuts assume an address will always be 32 bits. § Is IPv 6 deployment an opportunity to integrate other engineering changes that have not been large enough to justify by themselves? What costs will be attributed to IPv 6 vs. general evolution? Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 22

Prepare Plan Optimize Operate Design Implement Adoption Spectrum • Mostly or completely past the “why? ” phase • Assessment (e 2 e) • Weeding out vendors (features and $) • Focus on training and filling gaps Kicking the tires Production/Looking for parity and beyond Pilot/Early Deployment • Still fighting vendors • Content and wide-scale app deployment • Review operational cost of 2 stacks • Competitive/Strategic advantages of new environment • Is it real? • Do I need to deploy everywhere? • Equipment status? • SP support? • Addressing • What does it cost? Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 23

Prepare Plan Optimize Operate Design Implement IPv 6 Deployment strategy Train the architects Protocol differences create an operational experience vacuum Develop addressing plan use any initial /32 for infrastructure or labs ; get a real block for customers customer prefix delegation on nibble boundary to align with ptr authority Enable core & PE routers dual-stack, with tunneling where necessary to align with life-cycle Enable support services dual-stack the servers, populate DNS AAAA, configure AAA, deploy management and monitoring tools Establish peering encourage content sites to deploy to minimize the need for IPv 4/IPv 6 nat Enable customers tunnel over legacy distribution media where necessary Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 24

Prepare Plan Optimize Operate Design Implement Coexistence Strategy Don’t forget the Applications While infrastructure is everyone’s initial focus, nothing happens until the applications use the new API. IPv 4 -only apps will remain IPv 4 -only, and these legacy apps will fail when presented with an IPv 6 -only infrastructure. Services & Applications running over IPv 6 IPv 4/IPv 6 Coexistence Infrastructure Preserve IPv 4 Run-Out 2010 Presentation_ID Today 2011 -12 IPv 6 Internet © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public Future 25

IETF looking at deployment § IPv 4/IPv 6 coexistence IPv 4/IPv 6 Dual Stack Deployment IPv 4/IPv 6 Translation IPv 4/IPv 6 and IPv 6/IPv 4 Tunneling § Moving along Securing the network General operational issues Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 27

Recommended Approach to Deployment: RFC 4213 Dual-Stack Deployment IPv 4+IPv 6 Hosts § Solution: Hosts today are IPv 4+IPv 6: Windows Vista, Macintosh, Linux, BSD Make the network IPv 4+IPv 6. When forced to deploy IPv 6 -only networks, they will be able to talk with other hosts. IPv 4+IPv 6 Network § But… We have run out of time for this to be smooth Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public IPv 6 -only Hosts or Network 28

Translation: three components § DNS 64: Translate DNS records IPv 4 Internet § Translator Stateless mode Modified SIIT algorithm Uses Service Provider Prefix, IPv 4 prefix embedded in IPv 6 prefix Scalable translation IPv 4<->IPv 6 DNS ALG Stateful mode (NAT 64) similar to IPv 4/IPv 4 NAT Permits session initiation IPv 6 -native -> IPv 4 hosts No session initiation IPv 4 -> IPv 6 -native IPv 6 Network § Effect: Encourage movement of IPv 4 servers to IPv 6 -only network Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 29

Dynamic IPv 6/IPv 4 tunneling IPv 6 packet 6 rd 6 rd Access Node IPv 4 L 3 Edge (IPv 4) IPv 6 packet. CE IPv 6 packets 6 rd Border Relays IPv 6 + IPv 4 Network SP IPv 4 Network IPv 6 § IPv 6 service in the home is essentially identical to native IPv 6 service § IPv 6 Packets Follow IPv 4 routing § 6 rd Border Relay traversed only when exiting or entering a 6 rd Domain § 6 rd Border Relays are fully stateless, no limit on “number of subscribers” supported § Border Relays may be placed in multiple locations, addressed via anycast. Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 30

“…it is possible to employ IPv 6 -only networking, though there a number of issues such as lack of IPv 6 support in some applications and bugs in untested parts of code. As a result, dual-stack [RFC 4213] remains as our recommended model for general purpose networking at this time, but IPv 6 -only networking can be employed by early adopters or highly controlled networks. ” Jari Arkko http: //tools. ietf. org/html/draft-arkkoipv 6 -only-experience Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 31

The biggest problems with coexistence mechanisms § They give the illusion of full service but deliver a small subset Example – the web works well through IPv 4/IPv 4 translation, but Bit. Torrent shows us that far more interesting services are possible § Issues of management and fault diagnosis Everything gets harder for the operator § Operational and capital costs increase Since everything is a little harder, it takes smart people to run the network Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 32

For further reading… § http: //tools. ietf. org/html/draft-arkko-ipv 6 -transitionguidelines “Guidelines for Using IPv 6 Transition Mechanisms during IPv 6 Deployment”, Jari Arkko, Fred Baker, 9 -Nov-10 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 33

Internet of Things: What kinds of machines? § Primarily about autonomous actors Not your PC, that does things because you tell it to Not your phone in the sense of placing calls Often systems that provide support in interesting ways § Types of services Building automation – environmental control and telemetry Industrial automation Safety and surveillance issues Health monitoring And so on… § Is TCP/IP the right technology for SCADA（Supervisory Control And Data Acquisition) networks? This varies with the application For many purposes, IP future-proofs the network Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 35

Deborah Estrin’s sensor networks § Networks deployed in random distribution § Low power § Delivering sensor data to a central site for some purpose Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 38

Forest Management § Several universities have tested distributed sensor networks Monitor weather/climate in a managed forest Observe fires in action § Premise: map isotherms and isobars Periodic and event-driven neighbor-to -neighbor information exchange Sensors that report sudden changes and then stop reporting give crisis information § Application is a distributed sensor Individual sensors relatively unimportant; GPS location of reporting sensor more important. Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public Courtesy LA Times July 200 39

Health Monitoring § Issue: Unobtrusive monitoring and early detection of patient health improves health care It also reduces the cost of health care dramatically § Numerous projects, including some in China, are interested in exploring the use of networked sensors Infrared detectors for motion and estimation of body temperature Location of people in the house And so on… Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 41

What does a sensor look like? § Thermal Imaging: Data sheets on some models claim accuracy to 0. 5˚C § Location: Motion sensors say “someone is here” Surveillance Cameras may be able to identify people § Pulse, Pedometer, etc Available in drug stores Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 42

Requirements for sensors and reporting § They need to be Inexpensive Easy to install/maintain Networked (mobile or stationary) for connectivity Appropriate & acceptable to the client § They need to be able to Identify the person they are monitoring Accurately record and report changes of important data Medical measurements Daily routine Maintain information privacy Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 43

How would we network them? § Type of network 3 GPP might be a good transmission system for mobile sensors Fixed sensors could fit into residential broadband § Application considerations: Need to log normal events for possible future analysis Give periodic reports: “Here are my logs, but I don’t see anything” Be able to issue alerts: “person pressed the ‘I need help’ button” Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 44

Smart Grid § The Electrical Grid is a large network that supports the reliable delivery of electrical power Ongoing measurements for maintenance and billing purposes Communication between cooperating processes such as generators and phase measurement units Operational command/control – turning circuits on and off, demand response, many other purposes Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 46

Functional Requirements for communication § “…the Network should enable an application in a particular domain to communicate with an application in any other domain in the information network, with proper management control over who and where applications can be interconnected. ” Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public NIST Roadmap, Version 1. 0, September 2009 47

Demand Response – Example Only! IEC 61970 IEC 61968 Multi. Speak eb. XML Open. ADR SOAP REST HTTP 1 b. Register Customer 2 b. Announce Price Event 4 a. Billing Cycle 3 b. Record Participation 2 a. Market Price Change 1 a. Enroll Customer 4 b. Send Bill 2 c. Distribute Price Event Interface Message 1 a. Sequence Number Example Standards Stages: 1. Enrollment 2. Event 3. Monitoring 4. Billing Zig. Bee SE Wi. Fi BACnet Home. Plug Ethernet 3 a. Report Usage ANSI C 12 SONET WDM Frame Relay Wi. MAX ANSI C 12 BPL Cellular Wi. MAX Proprietary 2 d. Local Price Event 2 e. Reduce Usage Source: Ener. Nex Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 49

Example of an attack: Stuxnet § Said to be military-grade weapon that attacks specific control systems Depends on disabling automated processes in process control systems § Not initially carried by the Internet It is, however, networked once in Therefore prototypical weapon of motivated attacker § Worst way to defeat it: Security by obscurity § Best way to defeat it: Not get the virus Not execute the code Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 50

Data storage requirements § In utility company Kinds of data Customer billing data Aggregate planning data Requirements often met by chain of custody procedures § In the home Meter keeps records every few minutes for several hours Very interesting to: Occupant, who wants to optimize their bill Utility, who wants to manage electricity and send bills Third party services Third parties that want to play games, rob the house, etc Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 52

Data security requirements § Billing records have value to many parties, not all of which are helpful Utility billing and planning Customer self-optimization Neighborhood gossip Criminal attacks § Data may need to be Verifiable after the fact – perhaps years later Accessible by authorized parties Shielded from unauthorized parties Some data needs to be Public in flight Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 53

What kinds of security mechanisms are available? Communication Layer Type of control Example Data Content End to end integrity in message-based exchange W 3 C XML Signature Application Layer Application to application authentication, authorization, encryption TLS, HTTPS, DKIM, S/MIME, SSH Network Layer System-to-system authentication, authorization, encryption IPsec ESP Physical/Link Layer Limited Membership SSID, IEEE 802. 1 X with EAP-TLS Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 54

General view § There are numerous other approaches to communication in use in the grid and in building automation IEC 14908 Building Automation ANSI C 12. 19, C 12. 22, and related management IEC 61850 “Goose” protocol between generators § Internet Protocol Suite, especially IPv 6, considered appropriate for most uses in the Smart Grid Specified in numerous IEC specifications Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 55