NTT Communications’ IPv 6 Backbone, Access, and Applications Takeshi TOMOCHIKA 6 th July, 2004 NTT Communications Corporation 1
Agenda 1. NTT Communications’ IPv 6 Activities 2. Dual Stack ADSL Access Service 3. Service Platform & framework NTT Communications Corporation 2
NTT Communication’s Global IPv 6 Backbone ntt. net Global Backbone NSPIXP 6 JPNAP 6 PAIX EQUI 6 IX ESPANIX PARIX UK 6 X LINX AMS-IX DE-CIX Korea The U. S. Taiwan Japan Hong Kong Malaysia Australia Europe Our Strength ØGlobal IPv 6 network covering Asia, US, Europe ØIPv 4/IPv 6 dual-stack backbone ØProviding commercial IPv 6 transit services in Japan (Apr ’ 01 -), in Europe (Feb ’ 03 -), in U. S. (June ’ 03 -) and many other AP-Region countries (June ’ 03 -) Ø 24 x 7 monitoring and operations by dual NOCs in Japan and U. S. ØMore than 3 year’s experience of operation ØWorldwide IPv 6 -IX Connectivity üJapan : NSPIXP 6, JPNAP 6 (Tokyo) üU. S. : PAIX, Equi 6 IX (West coast), Equi 6 IX (East coast) üEurope : LINX, UK 6 X (London), AMS-IX (Amsterdam), DE-CIC (Frankfurt), PARIX (Paris), ESPANIX (Madrid) NTT Communications Corporation 3
NTT Communications’ two ASes NSPIXP 6 JPNAP 6 PAIX U. S. Verio Korea NTT Korea Hong Kong NTT Com Asia Malaysia NTT MSC Taiwan NTT Taiwan UK 6 X LINX AMS-IX EQUI 6 IX ntt. net AS 4713 AS 2914 Europe NTT Europe Australia NTT Australia DE-CIX PARIX ESPANIX NTT Communications Corporation 4
Transition of NTT Communications’ IPv 6 Services 2001 Enterprise i. DC ISP 2003 2004 200 X Year -OCN ADSL Dual Service (2002 summer-) Personal SOHO 2002 -OCN IPv 6 Tunneling Service (2001 spring-) IPv 6 over IPv 4 Tunneling service -ntt. net IPv 6 Tunneling Service (2002 spring-) IPv 6 Native service IPv 6 and IPv 4 Dual Stack Service -ntt. net Dual Stack Service (2004 spring-) -ntt. net IPv 6 Gateway Service (2001 spring-) Broad Bandwith NTT Communications Corporation 5
ntt. net’s Global Backbone Transition Before 2000 Only IPv 4 Q 1 2000 ~ Q 2 2003 IPv 4 and IPv 6 separately • World wide global IP network • Global tier 1 network as one AS; 2914 • Only IPv 4 available ntt. net IPv 6 Backbone IPv 6 Native-link v 6 IPv 6 over IPv 4 Tunnel-link v 6 Current IPv 4/IPv 6 Dual stack IPv 4/IPv 6 Dual-link v 6 v 4 v 4 ntt. net IPv 4 Backbone • Setup global IPv 6 backbone covering Asia, the U. S. and Europe • IPv 4 and IPv 6 network are separate • Routing control and peering policies are independent between IPv 4 and IPv 6 <<IPv 6 Backbone>> • Use Tunneling-link, where appropriate, to save cost • Provide Native service and tunneling service, not dual service <<IPv 4 Backbone>> • No effect for existing IPv 4 backbone from IPv 6 side • IPv 6 traffic are transferred as IPv 4 traffic on the tunneling-link ntt. net IPv 4/IPv 6 Dual Stack Backbone • All of backbone routers handle both IPv 4 and IPv 6 traffic • Routing control and peering policies are independent between IPv 4 and IPv 6 • Basically trouble on one protocol is isolated from the ones in another protocol ntt. net runs more than 100 dual stack backbone routers now! NTT Communications Corporation 6
History of NTT Communications IPv 6 Activities 1996 1997 1999 2000 2001 NTT Labs started to operate one of the world’s largest global IPv 6 research networks. CICNet and NWNet, later acquired by Verio, started operating major nodes of 6 bone. NTT Communications (NTT Com) obtained s. TLA from APNIC. NTT Com started IPv 6 tunneling trial service for its domestic ISP “OCN” customers in Japan (over 200 trial customers). NTT MCL started the world’s first commercial IPv 6 IX (s-IX) in San Jose, US. NTT Europe started IPv 6 trial service (over 400 trial customers). NTT Com started the world’s first commercial IPv 6 services, “ntt. net IPv 6 Gateway Service” and “OCN IPv 6 Tunneling Service”. HKNet started commercial IPv 6 services in Hong Kong. NTT Com played a key role in Japan National Project “IPv 6 Home Appliance Trials”. NTT Com participated in European Communities’ “ 6 NET/ Large-Scale International IPv 6 Test bed” Project. NTT Com participated in Chinese IPv 6 Telecom Trial Network “ 6 TNET” Project. NTT Communications Corporation 7
History of NTT Communications IPv 6 Activities 2002 (Cont’) OCN started “IPv 6/IPv 4 dual stack ADSL access service” with Plug and Play feature (site auto-configuration). NTT MSC started commercial IPv 6 services in Malaysia. NTT Australia IP started IPv 6 services in Australia. NTT Com won the World Communication Awards 2002, “Best Technology Foresight – IPv 6” and “Best carrier – AP Region”. 2003 NTT Europe just started commercial IPv 6 services in Europe. VERIO (in US) and some Asia/Pacific Region subsidiaries (Korea, Taiwan) started commercial IPv 6 services. ntt. net’s backbone supported IPv 4 and IPv 6 dual stack. 2004 We Provide IPv 6/IPv 4 dual stack services at all of ntt. net’ s POPs. NTT Communications Corporation 8
NTT Communications’ Evolution in IPv 6 Service platform p 2 p application trial “P 2 P VPN Platform” P 2 P Platform Join European Project “ 6 net” Activities Join Chinese Project “ 6 TNet” Application layer 1996 1997 1998 Join Japanese National Project 1999 Research Phase 2000 2001 Trial Phase - NTT Labs started global IPv 6 research network - Verio joined 6 bone in the U. S. - NTT Com obtained s. TLA address Network layer 2002 2003 Commercial Service Phase - NTT Communications started commercial IPv 6 service in Japan OCN Tunneling Trial (200 users) Services in Japan - NTT MCL started commercial IPv 6 -IX service in the U. S. NTT Europe IPv 6 Trial (400 users) Service in Europe Service in Hong Kong Services in Malaysia / Australia Services in Korea, Taiwan, and The U. S. NTT Communications Corporation 9
1. NTT Communications’ IPv 6 Activities 2. Dual Stack ADSL Access Service 3. Service Platform & framework NTT Communications Corporation 10
Broadband Market in Japan & Our Position Corporate BB (Oct. 2002) DSL access (Mar. 2003) Subscribers Residential BB (Mar, 2003) 2001 2002 (Source: Nikkei Market Access Report, and www. soumu. go. jp) 2003 NTT Communications Corporation 11
OCN IPv 6/IPv 4 Dual ADSL Service outline 1. Features: 0 , 98 1. Broad band (12 M) access service via ADSL line of ACCA networks 5 2. Provide IPv 4 and IPv 6 dual stack connectivity IPv 4 access 3. Ease to set up by Plug and Play function OCNv 6 OCNv 4 IPv 6 access 2. Prospective customer segments: Service description 1. Advanced individual / So-Ho users 2. IPv 6 applications or devices developer 3. Address assignment: 1. IPv 4 : one global address (dynamic) 2. IPv 6 : one /48 global address prefix (static) / h ont m ADSL access line Customer’s LAN OCN/ ACCA Auto configuration For router 4. Additional service: Auto configuration For hosts Plug and Play function – As same as OCN IPv 4 services (e-mail, Web, News, etc…) – IPv 6 DNS service NTT Communications Corporation 12
OCN IPv 6/IPv 4 Dual ADSL Service with Pn. P function PE CPE ADSL Global IPv 4 Address Host LAN Private IPv 4 Address IPv 4 connection IPCP DHCPv 4 IPv 6 connection PPP IPV 6 CP+PD RA Link local IPv 6 address /48 Site Prefix Global IPv 6 address /48 /64 ? ? DHCPv 6 -PD ? ? ? ? Interface ID /48 /64 Site Prefix NW ID ? ? ? ? Router Advertisement NTT Communications Corporation 13
Standardization PE RADIUS ADSL Host CPE LAN Authentication Link configuration RADIUSv 6 PPP(IPV 6 CP) RFC 3162 RFC 2472 CPE configuration (Prefix / DNS) Host configuration (Address / DNS) DHCPv 6 -PD NTT Communications contributed to these RFCs RFC 3315 RFC 3633 RFC 3769 RFC 3646 Stateless ADDR RFC 2462 (DHCPv 6 -lite or etc. ) RFC 3736 draft-shirasaki-dualstack-service-04 NTT Communications Corporation 14
Experiences with our Dual ADSL Service • Has been working well since the beggining of the service • No impact on IPv 4 single stack CPE • Nation wide service via L 2 TP • Other ISPs in Japan are using same spec – 1500+ customers use this mechanism today NTT Communications Corporation 15
1. NTT Communications’ IPv 6 Activities 2. Dual Stack ADSL Access Service 3. Service Platform & framework NTT Communications Corporation 16
New Internet Business model created by IPv 6 Global IP address Mobile equipment Real-time data NW for mobile distribution × IPv 4 NAT Data exchange Remote Control Remote Maintenance Secure End-to-End Communication IPv 6 LAN Home Network Private address Information appliances OA equipment IPv 4 : one-way communication ・ due to NAT, the business model is only client & server. IPv 6: two-way communication ・two-way communications between information appliance and mobile equipment ・New internet business models will be created NTT Communications Corporation 17
VPN model in IPv 4 world and IPv 6 world IPv 4 (conventional model) Office Access from “MANY” Access from “IN side” to “OUT side” Web server Mail server IPv 4 Internet LAN IPsec Node Secure Transmission : Private address segments Site to Site Company’s IPsec Intranet IPsec VPN Node Global address segments Private address segments Out side IPv 6 (improved model) Office LAN Access from “OUT-side” to ”IN-side” Restricted, secure access IPv 6 Internet Secure Transmission : Remote office End to End IPsec VPN LAN Global address segments NTT Communications Corporation 18
One of a problem of p 2 p secure communication… IPv 4 Global IP Address IPv 6 • Lack of Global IP address • Apply NAT and introduce private address • Only Site to Site secure Secure communications available • Enough Global IP address • Can assign Global IP addresses on every device networked • Can setup secure communication not only Site to Site connection but also End to End connectio: the key of the IPv 6 market One of a problem is Management of security configuration End users have to manage security policy which can involve many different configurations at end equipment. Our solution is : P 2 P VPN Platform NTT Communications Corporation 19
IPv 6 P 2 P VPN Platform Trial Service IPsec policy server to provide IPsec policy file to each peer on demand - Effortless setup: Set up end-to-end secure communication easily using web interface No or low skill requirements - Adaptable to all communication modes: Client-Server, Peer-to-Peer, Mobile - Secure instant communication: Connect instantly, while achieving end-to-end security Verio Data Center Branch Office : A CA IPsec Policy Server Headquarters Strategic Team IPsec Policy IPsec Branch Office : B ntt. net IPv 6 Global Backbone IPsec Joint development by ・・:xσ+]%・・ ? ? Server HOTSPOT Hacker Digital Certificate NTT Communications Corporation 20
Case study : P 2 P VPN Platform Exchange medical data via End to End IPsec secure connection Set up IPsec connection and manage their security policy easily: Just only register the correspondent person on his/her own address book in the web site IPsec Management server • Set up users • Certify users certificate User : C IPv 6 network Clinic : B Hospital : A certificate Secure data exchange IPsec (authentication, encryption) User : A Keep integrity ・・:xσ+]%・・ Hacker ? ? certificate User : B NTT Communications Corporation 21
![m 2 m-x (Machine to Machine for any[thing|place|time]) ~Provide End-to-End Secure Communications Using IPv](https://present5.com/presentation/53065cc4cfb6d837dffd569ebe7edc50/image-22.jpg "m 2 m-x (Machine to Machine for any[thing|place|time]) ~Provide End-to-End Secure Communications Using IPv")
m 2 m-x (Machine to Machine for any[thing|place|time]) ~Provide End-to-End Secure Communications Using IPv 6~ m 2 m-x Management Server Mobile Phone Gateway Non-PC devices Signaling Channel IPv 6 Internet “Secure, Easy and Low-priced” Enterprise Network Data Channel Home Network M 2 m-x management server functions: Core Technology = SIP & IPsec - Authentication of all the devices - Access Control based on the security policy - Transmission of encryption keys in a way making the calculation process light-weighted - The existence of the device is hidden from unauthorized users - Transmission of Information necessary for dynamic control of Firewall devices NTT Communications Corporation 22
m 2 m-x IP Home Appliance trials (2004. 1 Q-3 Q) Multi-Media Communication Personal VPN (Sanyo) (NTT Com, Fujitsu, Toshiba, DIT) Ubiquitous Printing (Ricoh) PS 2 TV-Phone (Sony) Visual Communication IPv 6 m 2 m-x (NTT Com) Ubiquitous Office Cyber Conference Net Toy (Pioneer) Home Security EMIT Home System (Matsushita) Bluetooth Home Security Hotline w/ TOY Control Port (Toshiba) (Takara) NTT Communications Corporation 23
Ubiquitous Open Platform Forum • Home Appliance Manufacturers and ISPs established “Ubiquitous Open Platform Forum” to accelerate Internet Home Appliance market (Feb. 10 th, 2004) – Manufacturers: Hitachi, Matsushita Electric Works, Mitsubishi, Panasonic, Pioneer, Sanyo, Sony, Toshiba – ISPs: NTT Com, KDDI, Fujitsu, NEC, Panasonic, Sony • To establish a ubiquitous platform that permits easy setup, secure communication, and easy real-time connection among various home appliances • NTT Com is leading this forum and NTT Com employees are acting in key roles • NTT Com is proposing m 2 m-x as the standard platform of UOPF http: //uopf. org/en/ NTT Communications Corporation 24
Technology Outline of m 2 m-x ~Security Based on SIP/IPsec~ - RADIUS Authentication friendly to ISPs’ operation RADIUS Auth-Server Signaling Channel is encrypted with IPsec at the time of SIP REGISTER Authentication process. UA 1 Data Channel is also encrypted with IPsec making use of secure Signaling Channel. UA 1 Signaling based on SIP m 2 m-x Management Server SIP REGISTER Mutual Authentication Based on Pre-Shared Key or X. 509 Certificate Establishment of IPsec Tunnel m 2 m-x Management Server UA 2 Encryption Key Exchange for Data Channel SIP INVITE Establishment of IPsec Tunnel Data Channel UA 2 NTT Communications Corporation 25
DNS vs m 2 m-x (example: private server access) X anybody can see the presence and address of your home server DNS X tiresome FW/ NAT configuration X services are always open for anybody FW/NAT WAN My PDA Attacker access list ----- access management LAN access list ----- m 2 m-x × WAN X My Server automatic and real -time access security control FW/NAT Possible to hide the existence of a node from unauthorized users X tiresome id/pass and access management automatic encryption management LAN My Server NTT Communications Corporation 26
Key Management Method Pre-Shared Key: some advantages but, Not Scalable. So, Normal Pre-shared Key model m 2 m-x Management Server All User Agents (UAs) have shared keys with the others (Full mesh model) - Not scalable Each UA has the shared key only with the management server (trusted 3 rd party model) NTT Communications Corporation 27
Conclusion • We have worldwide full dual stack backbone • We have more than three years experience to provide commercial IPv 6 connectivity services. • We have not only IPv 6 connectivity services but also IPv 6 promotions, service platforms and new frameworks • We are your partner. NTT Communications Corporation 28
Contact • NTT Communications: http: //www. v 6. ntt. net/index_e. html • IPv 6 portal site: http: //www. ipv 6 style. jp/en/index. shtml • UOPF: http: //uopf. org/en/ • Mail to : ipv 6@ntt. com Thank you for your attention! NTT Communications Corporation 29
Скачать презентацию NTT Communications IPv 6 Backbone Access and Applications
53065cc4cfb6d837dffd569ebe7edc50.ppt