When will everyone have enough IP addresses?

    The number of IP addresses for devices available in the global network via IPv4 protocol has reached about 4.3 billion and has already been almost exhausted due to the IP address length of 32 bits. 128 bits are involved in the IPv6 address space, which makes the number of addressable devices virtually infinite. IPv4 and IPv6 do not have direct and simple compatibility with each other. It is precisely because of this quick and cheap transition to IPv6 that only will not. Fearfully? Well no. You just need to embark on this road - and sooner or later we will enter the era of "pure" IPv6. Is this good or bad?

    image

    Recently, MTS subscribers of the Central Federal District have the opportunity to try out Internet access using IPv6. For one session using this protocol, the subscriber is given addressing in two standards at once: IPv4 and IPv6. This mode is called Dual-Stack. In order for your device to work with IPv6, you need to activate the free “Access to IPv6” service, as well as make some settings on the subscriber terminal. In this post, our specialist Oleg Ermakov, his nickname on Habrhab - eov, will tell you more about the new service . We give him the floor.

    Hello! My story will consist of two parts. The first describes user settings and ways to control that everything is going according to plan. The second one already gives a brief excursion into the technology: how it is done on the network of a mobile operator in the 3GPP-access field. The non-3GPP segment will not be affected. This is a topic for a separate article.

    Part I

    As a result of the transition to a new protocol, the subscriber has the following:

    1. Services that work with IPv6 addressing will receive and transmit traffic WITHOUT using NAT. I don’t know if everyone has encountered the fact that a Google search request sometimes requires a Captcha code, or does Google refuse to search at all. The reason is that Google believes that there are too many requests from one public IP, and this is perceived by him as a robotic poll.

    imageimage

    2. The subscriber will receive a public IPv6 address, and “incoming” traffic from the Internet will be available on it. Now, due to the use of NAT, this is not easy.

    3. The subscriber who "distributes" the Internet will be able to have his IPv6 address on each device that is located behind the "distributor". I propose to discuss the pros and cons of this in the comments ...

    I will not hide the fact that we (the operator) also benefit from the transition to IPv6: the more subscribers switch to IPv6, the less IPv4 addresses will be required for NAT / PAT broadcasts. I am sure that 99% of subscribers do not think that in the end they will bear the financial costs of purchasing additional IPv4 space.

    I foresee the question: “When will this service become available to subscribers throughout the country”? I answer. We are working on this and will try to launch access on most of the network before the end of this summer.

    On our site there is a setup instruction , general provisions are painted there. Additionally, I want to clarify a few points:

    1. So far, Dual-Stack only works on devices with Android, Windows, and on some routers. In the near future, IPv6 can be enabled on Apple mobile devices. However, to ensure operability with iOS devices, we need to pass a series of additional tests. Please treat this with understanding and be patient. So far, you can obtain IPv6 on Apple devices by connecting to a “mobile access point” with a working IPv6 service via Wi-Fi.

    2. At the current stage, the service is primarily aimed at advanced users who understand what they are doing and why. You are involved in high technology, and we are studying your customer experience, which is extremely important at this stage. We expect to receive user feedback, to refine and improve the service. In the future, we plan to simplify the connection and abandon the "service" as such and make IPv6 functionality available in the default settings of phones out of the box. Ideally, the transition to IPv6 in MTS mobile networks is planned to be seamless.

    3. In the connection settings, MANDATORY, specify APN internet.mts.ru and the protocol type IPv4v6 (this is IMPORTANT). The main sign of a correct APN indication is that the subscriber is given an IPv4 address from the range 10.0.0.0/8 of RFC1918, and not from the range 100.64.0.0/10 RFC6598 . If IPv4 or IPv6 is selected in the phone’s settings, the network will display exactly what is requested (IPv4 OR IPv6). In the first case, everything will work over IPv4, and in the second, most of the Internet resources will become unavailable simply because not all have switched to IPv6. If everything is done correctly, then two IPv4 and IPv6 (Dual-Stack) addresses will be issued. We do not intentionally plan to extend the solution to “incorrect settings” (with incorrect APN). In doing so, we proceed from the principle of “do no harm”.

    4. To access Internet resources in IPv6 addressing, it is necessary that the DNS system work as expected. For subscriber sessions with IPv4v6, an IPv6 DNS server is also issued. The presence of IPv6 DNS servers is not necessary, because IPv4 servers also successfully resolve AAAA records. When connected to a network, we issue both servers solely to ensure that everything is "feng shui."

    5. Pay special attention to the fact that the subscriber is given a public IPv6 address (actually a block of addresses / 64), which is accessible from the Internet! Do not neglect basic safety measures. It is highly advisable to install antivirus and Firewall.

    Thus, subscribers have an IPv4 and IPv6 address. Resolving Internet resources is carried out both over IPv4, and over IPv6. It's up to the apps. In our experience, the Google Chrome browser primarily uses IPv6 for resources that are able to work over IPv6. For example, such popular resources as Yandex and Google have long been working on IPv6.

    For verification, you can use the resource test-ipv6.com. If everything is set up correctly, then the test will show a rating of 10 out of 10.

    If this is not so, then you need to make sure that the traffic optimizers in the browser settings are turned off.

    image

    Part II

    Here we delve into the professional field. Those who prefer to limit themselves to the applied part of the narration, please comment or write your questions in PM. I must say right away that I can’t help everyone, but I’m ready to consider particularly interesting cases. Thank you for understanding.

    IPv6 as such appeared in 1998 and is described in RFC2460 ; support for IPv6 in mobile networks appeared in 3GPP Rel99 recommendations (2000). The technology is not widely used. Probably, then few people in the world knew what IPv6 was, and there was no shortage of IPv4 addresses. After 10 years, there was no urgent need, so we conducted internal testing, but did not introduce it.

    Starting with 3GPP Rel8 for LTE networks, the Dual-Stack era is emerging. The benefits are obvious. Dual-Stack makes technologies such as NAT64 and DNS64 unnecessary , while maintaining “backward compatibility” with IPv4 networks, essentially making a smooth transition between technologies.

    It got better, and it could already be used. Unfortunately, when establishing a connection, the network raises two PDP contexts and uses the network resources inefficiently.

    image

    Further development of Dual-Stack received in 3GPP Rel9. It added support for 2G / 3G networks, and it also made it possible to issue IPv4 and IPv6 addresses within the same PDP context (bearer). It is this technology that is used on the MTS network.

    image

    If you look a little deeper, we can say that 3GPP Rel10 describes the technologyDHCPv6 Prefix Delegation (DHCPv6-PD) . Now the need for its use in a mobile network is not obvious. If there are specific suggestions - write in the comments or in PM.

    In order for the technology to work, the necessary functionality was included on the network elements HLR / HSS, SGSN / MME, GGSN / PGW, PCRF, OCS, CDR-collector, and, of course, on the transport network.

    image

    HLR / HSS
    Connection of the service leads to the fact that in HLR and in HSS the protocol type in the APN settings changes from IPv4 to IPv4v6 (or both). The TS 29.272 (Rel9) specification says the following verbatim:

    7.3.62 PDN-Type ...
    7.3.62 PDN-Type
    The PDN-Type AVP is of type Enumerated and indicates the address type of PDN. The following values ​​are defined:

    IPv4 (0)
    This value shall be used to indicate that the PDN can be accessed only in
    IPv4 mode.

    IPv6 (1)
    This value shall be used to indicate that the PDN can be accessed only in IPv6 mode.

    IPv4v6 (2)
    This value shall be used to indicate that the PDN can be accessed both in IPv4 mode, in IPv6 mode, and also from UEs supporting dualstack IPv4v6.

    IPv4_OR_IPv6 (3)
    This value shall be used to indicate that the PDN can be accessed either in IPv4 mode, or in IPv6 mode, but not from UEs supporting dualstack IPv4v6. It should be noted that this value will never be used as a requested PDN Type from the UE, since UEs will only use one of their supported PDN Types, ie, IPv4 only, IPv6 only or IPv4v6 (dualstack). This value is only used as part of the APN subscription context, as an authorization mechanism between HSS and MME.

    As you may have guessed, we are using option 2.

    SGSN / MME
    Setting up these devices to support IPv6 is simple, it is, in fact, limited to activating the corresponding license and enabling dual-address-pdp support for SGSN and MME services, as well as in the RNC settings, connected to SGSN.

    PGW / GGSN
    Not so simple. Upgrades are made:
    - interfaces towards the transport network (address-family ipv6 rises), and IP routing is registered;
    - ip-pool are registered, from which addresses are issued to subscribers;
    - IPv6 support on APN is activated;
    - IPv6 DNS is registered, which will be issued to the subscriber when connected.

    PCRF / OCS
    PGW exchange with PCRF and OCS is performed using Diameter protocol (Gx and Gy interfaces, respectively). The peculiarity of IPv6 activation is that AVP Framed-IPv6-Prefix appears in this signal exchange and another AVP PDP-Address with IPv6 address is added. Accordingly, PCRF and OCS should accept and account for them (save).

    CDR Collector
    CDR record format is expected to change. The subscriber IPv4 address has moved to the new field servedPDPPDNAddressExt, and the IPv6 address will be recorded in servedPDPPDNAddress (this field initially supported both IPv4 and IPv6).

    recordType ...
    recordType PGWRECORD
    servedIMSI 25001 **********
    p-GWAddress 213.87.xx
    chargingID 15934348563
    servingNodeAddress 213.87.xx
    accessPointNameNI internet.mts.ru
    pdpPDNType IPV4 + IPV6
    servedPDPPDNAddress 2a00: 1fa0: 800 :: 5cDPef
    7ef 11.21.12.11
    servinggNodePLMNIdentifier 250, 01
    servedIMEISV 35915 ***********
    rATType eUTRAN
    mSTimeZone +03: 00,

    Transport network
    Address-family ipv6 rises and routing is registered.


    In conclusion, I want to ask you a question.

    Only registered users can participate in the survey. Please come in.

    Should operators block access from the Internet (in the case of IPv6 and from other subscribers) to TCP / UDP ports in the range 0-1023 to subscriber devices?

    • 21.5% Yes 113
    • 69.5% No 365
    • 8.9% I do not understand what it is 47

    Also popular now: