Transcript NTT Com

NTT Communications’
IPv6 Backbone,
Access, and Applications
Takeshi TOMOCHIKA
6th July, 2004
NTT Communications
NTT Communications Corporation
1
Agenda
1. NTT Communications’ IPv6 Activities
2. Dual Stack ADSL Access Service
3. Service Platform & framework
NTT Communications Corporation
2
NTT Communication’s Global IPv6 Backbone
ntt.net
Global Backbone
NSPIXP6 JPNAP6
PAIX EQUI6IX
EQUI6IX ESPANIX PARIX UK6X LINX AMS-IX DE-CIX
Korea
The U.S.
Taiwan
Japan
Hong Kong
Malaysia
Australia
Europe
Our Strength
Global IPv6 network covering Asia, US, Europe
IPv4/IPv6 dual-stack backbone
Providing commercial IPv6 transit services in Japan (Apr ’01-), in Europe
(Feb ’03-), in U.S. (June ’03-) and many other AP-Region countries (June ’03-)
24x7 monitoring and operations by dual NOCs in Japan and U.S.
More than 3 year’s experience of operation
Worldwide IPv6-IX Connectivity
Japan : NSPIXP6, JPNAP6 (Tokyo)
U.S. : PAIX, Equi6IX (West coast), Equi6IX (East coast)
Europe : LINX, UK6X (London), AMS-IX (Amsterdam), DE-CIC (Frankfurt), PARIX (Paris), ESPANIX (Madrid)
NTT Communications Corporation
3
NTT Communications’ two ASes
NSPIXP6
JPNAP6
PAIX
U.S.
Verio
Korea
NTT Korea
Hong Kong
NTT Com Asia
Malaysia
NTT MSC
Taiwan
NTT Taiwan
UK6X LINX AMS-IX
EQUI6IX EQUI6IX
ntt.net
AS
4713
AS2914
Europe
NTT Europe
Australia
NTT Australia
DE-CIX
PARIX
ESPANIX
NTT Communications Corporation
4
Transition of NTT Communications’ IPv6 Services
2001
Enterprise
iDC
ISP
2003
2004
200X
Year
-OCN ADSL
Dual Service (2002 summer-)
Personal
SOHO
2002
-OCN IPv6 Tunneling Service
(2001 spring-)
IPv6
over IPv4
Tunneling
service
-ntt.net IPv6
Tunneling Service
(2002 spring-)
IPv6
Native
service
IPv6 and IPv4
Dual Stack
Service
-ntt.net Dual
Stack Service
(2004 spring-)
-ntt.net IPv6 Gateway Service
(2001 spring-)
Broad
Bandwith
NTT Communications Corporation
5
ntt.net’s Global Backbone Transition
Before 2000
Only IPv4
Q1 2000 ~ Q2 2003
IPv4 and IPv6 separately
•World wide global IP network
•Global tier1 network as one
AS;2914
•Only IPv4 available
ntt.net IPv6 Backbone
IPv6 Native-link
v6
IPv6 over IPv4
Tunnel-link
v6
Current
IPv4/IPv6 Dual stack
IPv4/IPv6 Dual-link
v6
v4
v4
v4
ntt.net IPv4 Backbone
ntt.net IPv4 Backbone
•Setup global IPv6 backbone covering Asia, the U.S. and Europe
•IPv4 and IPv6 network are separate
•Routing control and peering policies are independent between
IPv4 and IPv6
<<IPv6 Backbone>>
•Use Tunneling-link, where appropriate, to save cost
•Provide Native service and tunneling service, not dual service
<<IPv4 Backbone>>
•No effect for existing IPv4 backbone from IPv6 side
•IPv6 traffic are transferred as IPv4 traffic on the tunneling-link
ntt.net IPv4/IPv6
Dual Stack Backbone
•All of backbone routers handle both
IPv4 and IPv6 traffic
•Routing control and peering policies
are independent between IPv4 and IPv6
•Basically trouble on one protocol is
isolated from the ones in another
protocol
ntt.net runs more than 100
dual stack backbone routers
now!
NTT Communications Corporation
6
History of NTT Communications IPv6 Activities
1996
1997
1999
2000
2001
NTT Labs started to operate one of the world’s largest global
IPv6 research networks.
CICNet and NWNet, later acquired by Verio, started operating major
nodes of 6bone.
NTT Communications (NTT Com) obtained sTLA from APNIC.
NTT Com started IPv6 tunneling trial service for its domestic
ISP “OCN” customers in Japan (over 200 trial customers).
NTT MCL started the world’s first commercial IPv6 IX (s-IX) in San Jose,
US.
NTT Europe started IPv6 trial service (over 400 trial customers).
NTT Com started the world’s first commercial IPv6 services,
“ntt.net IPv6 Gateway Service” and “OCN IPv6 Tunneling
Service”.
HKNet started commercial IPv6 services in Hong Kong.
NTT Com played a key role in Japan National Project “IPv6 Home
Appliance Trials”.
NTT Com participated in European Communities’ “6NET/ Large-Scale
International IPv6 Test bed” Project .
NTT Com participated in Chinese IPv6 Telecom Trial Network “6TNET”
Project .
NTT Communications Corporation
7
History of NTT Communications IPv6 Activities
2002
(Cont’)
OCN started “IPv6/IPv4 dual stack ADSL access service” with
Plug and Play feature (site auto-configuration).
NTT MSC started commercial IPv6 services in Malaysia.
NTT Australia IP started IPv6 services in Australia.
NTT Com won the World Communication Awards 2002, “Best
Technology Foresight – IPv6” and “Best carrier – AP Region”.
2003
NTT Europe just started commercial IPv6 services in Europe.
VERIO (in US) and some Asia/Pacific Region subsidiaries (Korea,
Taiwan) started commercial IPv6 services.
ntt.net’s backbone supported IPv4 and IPv6 dual stack.
2004
We Provide IPv6/IPv4 dual stack services at all of ntt.net’ s
POPs.
NTT Communications Corporation
8
NTT Communications’ Evolution in IPv6
Service platform
p2p application trial “P2P VPN Platform”
Join European Project “6net”
Activities
Join Chinese Project “6TNet”
Application layer
1996
1997
1998
Join Japanese National Project
1999
Research Phase
2000
2001
Trial Phase
- NTT Labs started global IPv6 research network
- Verio joined 6bone in the U.S.
- NTT Com obtained sTLA address
Network layer
2002
2003
Commercial Service Phase
- NTT Communications started commercial IPv6 service in Japan
OCN Tunneling Trial (200 users)
Services in Japan
- NTT MCL started commercial IPv6-IX service in the U.S.
NTT Europe IPv6 Trial (400 users)
Service in Europe
Service in Hong Kong
Services in Malaysia / Australia
Services in Korea, Taiwan,
and The U.S.
NTT Communications Corporation
9
1. NTT Communications’ IPv6 Activities
2. Dual Stack ADSL Access Service
3. Service Platform & framework
NTT Communications Corporation
10
Broadband Market in Japan & Our Position
Corporate BB （Oct. 2002）
DSL access （Mar. 2003）
Subscribers
others
/no
answers
30%
10,000,000
9,000,000
NTT
Com
36%
DSL
FTTH
S
2%
8,000,000
C
2% N
7,000,000
3%
6,000,000
NTTPC
2%
F
J
4% 6%
K
11%
IIJ
4%
Residential BB (Mar, 2003)
5,000,000
4,000,000
3,000,000
2,000,000
1,000,000
0
1
2
2001
3
4
5
6
7
8
9 10 11 12 1
2
3
4
5
6
7
2002
（Source: Nikkei Market Access Report, and www.soumu.go.jp）
8
9 10 11 12 1
2
3
4
5
6
2003
NTT Communications Corporation
11
OCN IPv6/IPv4 Dual ADSL Service outline
Features:
– Broad band (12M) access service via ADSL line of ACCA networks
– Provide IPv4 and IPv6 dual stack connectivity
IPv4 access
– Ease to set up by Plug and Play function
OCNv6
OCNv4
IPv6 access
Prospective customer segments:
Service description
– Advanced individual / So-Ho users
– IPv6 applications or devices developer
Address assignment:
– IPv4 : one global address (dynamic)
– IPv6 : one /48 global address prefix (static)
ADSL access line
Customer’s LAN
OCN/
ACCA
Auto configuration
For router
Additional service:
Auto configuration
For hosts
Plug and Play function
– As same as OCN IPv4 services (e-mail, Web, News, etc…)
– IPv6 DNS service
NTT Communications Corporation
12
OCN IPv6/IPv4 Dual ADSL Service with PnP function
PE
CPE
ADSL
Global IPv4 Address
Host
LAN
Private IPv4 Address
IPv4 connection
IPCP
DHCPv4
IPv6 connection
PPP
IPV6CP+PD
RA
Link local IPv6 address
/48
Site Prefix
Global IPv6 address /48
/64
????
DHCPv6-PD
????????
Interface ID
/48
/64
Site Prefix NW ID
????????
Router Advertisement
NTT Communications Corporation
13
Standardization
PE
RADIUS
ADSL
Host
CPE
LAN
Authentication
Link configuration
RADIUSv6
PPP(IPV6CP)
RFC3162
RFC2472
CPE configuration
(Prefix / DNS)
Host configuration
(Address / DNS)
DHCPv6-PD
NTT Communications
contributed to these
RFCs
RFC3315
RFC3633
RFC3769
RFC3646
Stateless ADDR
RFC2462
(DHCPv6-lite or etc.)
RFC3736
draft-shirasaki-dualstack-service-04
NTT Communications Corporation
14
Experiences with our Dual ADSL Service
• Has been working well since the beggining of
the service
• No impact on IPv4 single stack CPE
• Nation wide service via L2TP
• Other ISPs in Japan are using same spec
– 1500+ customers use this mechanism today
NTT Communications Corporation
15
1. NTT Communications’ IPv6 Activities
2. Dual Stack ADSL Access Service
3. Service Platform & framework
NTT Communications Corporation
16
New Internet Business model created by IPv6
Global IP address
Mobile equipment
Real-time data NW for mobile
distribution
×
IPv4
NAT
Data exchange
Remote
Control
Remote
Maintenance
Secure End-to-End
Communication
IPv6
LAN
Home
Network
Private address
Information appliances OA equipment
IPv4 : one-way communication
・ due to NAT, the business model is
only client & server.
IPv6： two-way communication
・two-way communications between information
appliance and mobile equipment
・New internet business models will be created
NTT Communications Corporation
17
VPN model in IPv4 world and IPv6 world
IPv4 (conventional model)
Office
Access from “MANY”
Access from “IN side” to “OUT side”
Web server
Mail server
IPv4 Internet
LAN
IPsec
Node Secure Transmission :
Private address
segments
Site to Site
Company’s
IPsec Intranet
IPsec VPN Node
Global address segments
Private address
segments
Out side
IPv6 (improved model)
Office
LAN
Access from “OUT-side” to ”IN-side”
Restricted, secure access
IPv6 Internet
Secure Transmission :
Remote office
End to End IPsec VPN
LAN
Global address segments
NTT Communications Corporation
18
One of a problem of p2p secure communication…
IPv4
Global IP Address
IPv6
•Lack of Global IP address
•Apply NAT and
introduce private address
•Only Site to Site secure
Secure communication communications available
•Enough Global IP address
•Can assign Global IP addresses
on every device networked
•Can setup secure communication
not only Site to Site connection
but also End to End connectio:
the key of the IPv6 market
One of a problem is Management of security configuration
End users have to manage security policy which can involve
many different configurations at end equipment.
Our solution is :
P2P VPN Platform
NTT Communications Corporation
19
IPv6 P2P VPN Platform Trial Service
IPsec policy server to provide IPsec policy file to each peer on demand
- Effortless setup: Set up end-to-end secure communication easily using web interface
No or low skill requirements
- Adaptable to all communication modes: Client-Server, Peer-to-Peer, Mobile
- Secure instant communication: Connect instantly, while achieving end-to-end security
Verio
Data Center
Branch Office :A
CA
IPsec
Policy
Server
Headquarters
Strategic
Team
IPsec
Policy
IPsec
Branch Office :B
ntt.net IPv6 Global Backbone
IPsec
IPsec
IPsec
Joint development by
・・：xσ+]%・・
??
Server
HOTSPOT
Hacker
Digital Certificate
NTT Communications Corporation
20
Case study : P2P VPN Platform
Exchange medical data via End to End IPsec secure connection
Set up IPsec connection and manage their
security policy easily:
Just only register the correspondent person
on his/her own address book in the web site
IPsec
Management
server
•Set up users
•Certify users
certificate
User : C
IPv6 network
Clinic : B
Hospital : A
certificate
Secure data exchange
certificate
IPsec (authentication, encryption)
User : A
Keep integrity
・・：xσ+]%・・
Hacker
??
User : B
NTT Communications Corporation
21
m2m-x (Machine to Machine for any[thing|place|time])
~Provide End-to-End Secure Communications Using IPv6~
m2m-x
Management Server
Mobile Phone
Gateway
Non-PC devices
“Secure, Easy
and Low-priced”
Signaling
Channel
IPv6
Internet
Enterprise Network
Data Channel
Home Network
M2m-x management server functions:
Core Technology
= SIP & IPsec
- Authentication of all the devices
- Access Control based on the security policy
- Transmission of encryption keys in a way making the calculation process light-weighted
- The existence of the device is hidden from unauthorized users
- Transmission of Information necessary for dynamic control of Firewall devices
NTT Communications Corporation
22
m2m-x IP Home Appliance trials (2004.1Q-3Q)
Multi-Media Communication
Personal VPN
(Sanyo)
(NTT Com, Fujitsu, Toshiba, DIT)
Ubiquitous Printing
(Ricoh)
PS2 TV-Phone
(Sony)
Visual
Communication
IPv6
m2m-x
(NTT Com)
Ubiquitous
Office
Cyber Conference
Net Toy
(Pioneer)
Home
Security
EMIT Home System
(Matsushita)
Bluetooth Home Security
Hotline w/ TOY Control Port
(Toshiba)
(Takara)
NTT Communications Corporation
23
Ubiquitous Open Platform Forum
• Home Appliance Manufacturers and ISPs established “Ubiquitous
Open Platform Forum” to accelerate Internet Home Appliance market
(Feb. 10th, 2004)
– Manufacturers: Hitachi, Matsushita Electric Works, Mitsubishi,
Panasonic, Pioneer, Sanyo, Sony, Toshiba
– ISPs: NTT Com, KDDI, Fujitsu, NEC, Panasonic, Sony
• To establish a ubiquitous platform that permits easy setup, secure
communication, and easy real-time connection among various home
appliances
• NTT Com is leading this forum and NTT Com employees are acting in
key roles
• NTT Com is proposing m2m-x as the standard platform of UOPF
http://uopf.org/en/
NTT Communications Corporation
24
Technology Outline of m2m-x ~Security Based on SIP/IPsec~
- RADIUS Authentication
friendly to ISPs’ operation
RADIUS
Auth-Server
Signaling Channel is encrypted
with IPsec at the time of SIP
REGISTER Authentication
process.
UA1
Data Channel is also encrypted
with IPsec making use of
secure Signaling Channel.
UA1
Signaling based on SIP
m2m-x
Management
Server
SIP REGISTER
Mutual Authentication
Based on
Pre-Shared Key
or X.509 Certificate
Establishment of
IPsec Tunnel
m2m-x
Management
Server
UA2
Encryption Key Exchange
for Data Channel
SIP INVITE
Establishment of
IPsec Tunnel
Data Channel
UA2
NTT Communications Corporation
25
DNS vs m2m-x (example: private server access)
X anybody can see
the presence and
address of your
home server
DNS
X tiresome FW/ NAT
configuration
X services are always
open for anybody
FW/NAT
WAN
My PDA
Attacker
My PDA
Attacker
access list
-----
access
management
LAN
access list
-----
m2m-x
× WAN
X
My Server
automatic and
real-time access
security control
FW/NAT
Possible to hide the
existence of a node
from unauthorized
users
X tiresome id/pass
and access
management
automatic
encryption
management
LAN
My Server
NTT Communications Corporation
26
Key Management Method
Pre-Shared Key: some advantages
but, Not Scalable. So,
Normal Pre-shared Key model
m2m-x Pre-shared Key model
m2m-x
Management
Server
All User Agents (UAs) have
shared keys with the others
(Full mesh model)
- Not scalable
Each UA has the shared key only with the
management server (trusted 3rd party model)
NTT Communications Corporation
27
Conclusion
•We have worldwide full dual stack backbone.
•We have more than three years experience to
provide commercial IPv6 connectivity services.
•We have not only IPv6 connectivity services but also
IPv6 promotions, service platforms and new
frameworks.
•We are your partner.
NTT Communications Corporation
28
Contact
•NTT Communications:
http://www.v6.ntt.net/index_e.html
•IPv6 portal site:
http://www.ipv6style.jp/en/index.shtml
•UOPF:
http://uopf.org/en/
•Mail to : [email protected]
Thank you for your attention!
NTT Communications Corporation
29