ipv6 ntt

Views:
 
Category: Entertainment
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

NTT Communications’ IPv6 Backbone, Access, and Applications: 

Takeshi TOMOCHIKA 6th July, 2004 NTT Communications NTT Communications’ IPv6 Backbone, Access, and Applications

Agenda: 

NTT Communications’ IPv6 Activities Dual Stack ADSL Access Service Service Platform & framework Agenda

NTT Communication’s Global IPv6 Backbone: 

NTT Communication’s Global IPv6 Backbone NSPIXP6 PAIX AMS-IX LINX UK6X JPNAP6 EQUI6IX Japan Korea Taiwan Hong Kong Malaysia Australia The U.S. Europe ntt.net Global Backbone DE-CIX PARIX Global IPv6 network covering Asia, US, Europe IPv4/IPv6 dual-stack backbone Providing commercial IPv6 transit services in Japan (Apr ’01-), in Europe (Feb ’03-), in U.S. (June ’03-) and many other AP-Region countries (June ’03-) 24x7 monitoring and operations by dual NOCs in Japan and U.S. More than 3 year’s experience of operation Worldwide IPv6-IX Connectivity Japan : NSPIXP6, JPNAP6 (Tokyo) U.S. : PAIX, Equi6IX (West coast), Equi6IX (East coast) Europe : LINX, UK6X (London), AMS-IX (Amsterdam), DE-CIC (Frankfurt), PARIX (Paris), ESPANIX (Madrid) Our Strength EQUI6IX ESPANIX

NTT Communications’ two ASes: 

NTT Communications’ two ASes NSPIXP6 PAIX EQUI6IX AMS-IX LINX UK6X JPNAP6 EQUI6IX Korea NTT Korea Hong Kong NTT Com Asia Malaysia NTT MSC Australia NTT Australia Europe NTT Europe U.S. Verio AS2914 AS 4713 Taiwan NTT Taiwan DE-CIX ntt.net PARIX ESPANIX

Transition of NTT Communications’ IPv6 Services: 

Transition of NTT Communications’ IPv6 Services 2001 Personal SOHO Enterprise ISP iDC Broad Bandwith IPv6 Native service 2002 2003 2004 200X Year -ntt.net IPv6 Gateway Service (2001 spring-) -ntt.net Dual Stack Service (2004 spring-) IPv6 and IPv4 Dual Stack Service IPv6 over IPv4 Tunneling service -OCN IPv6 Tunneling Service (2001 spring-) -ntt.net IPv6 Tunneling Service (2002 spring-) -OCN ADSL Dual Service (2002 summer-)

ntt.net’s Global Backbone Transition: 

ntt.net’s Global Backbone Transition

History of NTT Communications IPv6 Activities : 

History of NTT Communications IPv6 Activities 1996 NTT Labs started to operate one of the world’s largest global IPv6 research networks. 1997 CICNet and NWNet, later acquired by Verio, started operating major nodes of 6bone. 1999 NTT Communications (NTT Com) obtained sTLA from APNIC. NTT Com started IPv6 tunneling trial service for its domestic ISP “OCN” customers in Japan (over 200 trial customers). 2000 NTT MCL started the world’s first commercial IPv6 IX (s-IX) in San Jose, US. NTT Europe started IPv6 trial service (over 400 trial customers). 2001 NTT Com started the world’s first commercial IPv6 services, “ntt.net IPv6 Gateway Service” and “OCN IPv6 Tunneling Service”. HKNet started commercial IPv6 services in Hong Kong. NTT Com played a key role in Japan National Project “IPv6 Home Appliance Trials”. NTT Com participated in European Communities’ “6NET/ Large-Scale International IPv6 Test bed” Project . NTT Com participated in Chinese IPv6 Telecom Trial Network “6TNET” Project .

History of NTT Communications IPv6 Activities (Cont’): 

History of NTT Communications IPv6 Activities (Cont’) 2002 OCN started “IPv6/IPv4 dual stack ADSL access service” with Plug and Play feature (site auto-configuration). NTT MSC started commercial IPv6 services in Malaysia. NTT Australia IP started IPv6 services in Australia. NTT Com won the World Communication Awards 2002, “Best Technology Foresight – IPv6” and “Best carrier – AP Region”. 2003 NTT Europe just started commercial IPv6 services in Europe. VERIO (in US) and some Asia/Pacific Region subsidiaries (Korea, Taiwan) started commercial IPv6 services. ntt.net’s backbone supported IPv4 and IPv6 dual stack. 2004 We Provide IPv6/IPv4 dual stack services at all of ntt.net’ s POPs.

NTT Communications’ Evolution in IPv6: 

NTT Communications’ Evolution in IPv6 1996 1997 1998 1999 2000 2001 2002 2003 - NTT Com obtained sTLA address OCN Tunneling Trial (200 users) NTT Europe IPv6 Trial (400 users) Trial Phase - NTT MCL started commercial IPv6-IX service in the U.S. Services in Japan Service in Hong Kong Services in Malaysia / Australia Services in Korea, Taiwan, and The U.S. Service in Europe - NTT Communications started commercial IPv6 service in Japan Commercial Service Phase Join Japanese National Project Join Chinese Project “6TNet” Join European Project “6net” p2p application trial “P2P VPN Platform” Application layer - NTT Labs started global IPv6 research network - Verio joined 6bone in the U.S. Research Phase Network layer Activities Service platform

Slide10: 

NTT Communications’ IPv6 Activities Dual Stack ADSL Access Service Service Platform & framework

Slide11: 

Subscribers 2001 2002 2003 (Source: Nikkei Market Access Report, and www.soumu.go.jp) Corporate BB (Oct. 2002) Residential BB (Mar, 2003) DSL access (Mar. 2003) Broadband Market in Japan & Our Position

OCN IPv6/IPv4 Dual ADSL Service outline: 

Features: Broad band (12M) access service via ADSL line of ACCA networks Provide IPv4 and IPv6 dual stack connectivity Ease to set up by Plug and Play function Prospective customer segments: Advanced individual / So-Ho users IPv6 applications or devices developer Address assignment: IPv4 : one global address (dynamic) IPv6 : one /48 global address prefix (static) Additional service: As same as OCN IPv4 services (e-mail, Web, News, etc…) IPv6 DNS service OCN IPv6/IPv4 Dual ADSL Service outline OCN/ ACCA ADSL access line Customer’s LAN Auto configuration For router Auto configuration For hosts Plug and Play function Service description \5,980 / month

OCN IPv6/IPv4 Dual ADSL Service with PnP function : 

OCN IPv6/IPv4 Dual ADSL Service with PnP function DHCPv6-PD /48 /64 PPP IPCP Global IPv4 Address IPV6CP+PD Link local IPv6 address ADSL LAN PE CPE Host DHCPv4 RA Private IPv4 Address Global IPv6 address /48 Site Prefix ???? ???????? Site Prefix NW ID ???????? Router Advertisement /48 /64 Interface ID

Standardization: 

Standardization RADIUS ADSL LAN PE CPE Host RADIUSv6 RFC3162 PPP(IPV6CP) RFC2472 DHCPv6-PD RFC3315 RFC3633 RFC3769 RFC3646 Stateless ADDR RFC2462 (DHCPv6-lite or etc.) RFC3736 Authentication Link configuration CPE configuration (Prefix / DNS) Host configuration (Address / DNS) NTT Communications contributed to these RFCs draft-shirasaki-dualstack-service-04

Experiences with our Dual ADSL Service: 

Experiences with our Dual ADSL Service Has been working well since the beggining of the service No impact on IPv4 single stack CPE Nation wide service via L2TP Other ISPs in Japan are using same spec 1500+ customers use this mechanism today

Slide16: 

NTT Communications’ IPv6 Activities Dual Stack ADSL Access Service Service Platform & framework

New Internet Business model created by IPv6: 

NAT IPv4 Global IP address Private address IPv4 : one-way communication ・ due to NAT, the business model is only client & server. × IPv6: two-way communication ・two-way communications between information appliance and mobile equipment ・New internet business models will be created NW for mobile LAN Home Network Information appliances Mobile equipment OA equipment IPv6 Data exchange Remote Maintenance Remote Control Real-time data distribution Secure End-to-End Communication New Internet Business model created by IPv6

VPN model in IPv4 world and IPv6 world: 

VPN model in IPv4 world and IPv6 world

One of a problem of p2p secure communication…: 

One of a problem of p2p secure communication… IPv4 IPv6 Global IP Address Lack of Global IP address Apply NAT and introduce private address Enough Global IP address Can assign Global IP addresses on every device networked Secure communication Only Site to Site secure communications available Can setup secure communication not only Site to Site connection but also End to End connectio: the key of the IPv6 market

IPv6 P2P VPN Platform Trial Service: 

IPv6 P2P VPN Platform Trial Service IPsec policy server to provide IPsec policy file to each peer on demand - Effortless setup: Set up end-to-end secure communication easily using web interface No or low skill requirements - Adaptable to all communication modes: Client-Server, Peer-to-Peer, Mobile - Secure instant communication: Connect instantly, while achieving end-to-end security ntt.net IPv6 Global Backbone IPsec Policy Server CA Headquarters HOTSPOT Branch Office :A Branch Office :B ・・:xσ+]%・・ ? ? Strategic Team IPsec IPsec IPsec IPsec IPsec Policy Digital Certificate Verio Data Center Server Joint development by

Case study : P2P VPN Platform: 

Case study : P2P VPN Platform User : A Hospital : A User : B Clinic : B IPv6 network IPsec Management server IPsec (authentication, encryption) Secure data exchange Exchange medical data via End to End IPsec secure connection User : C certificate certificate certificate Set up users Certify users Hacker Keep integrity ・・:xσ+]%・・ ??

Slide22: 

m2m-x Management Server Home Network Mobile Phone Gateway IPv6 Internet Enterprise Network ~Provide End-to-End Secure Communications Using IPv6~ m2m-x (Machine to Machine for any[thing|place|time]) M2m-x management server functions: - Authentication of all the devices - Access Control based on the security policy Transmission of encryption keys in a way making the calculation process light-weighted The existence of the device is hidden from unauthorized users Transmission of Information necessary for dynamic control of Firewall devices “Secure, Easy and Low-priced” Core Technology = SIP & IPsec Signaling Channel Data Channel Non-PC devices

m2m-x IP Home Appliance trials (2004.1Q-3Q): 

m2m-x IP Home Appliance trials (2004.1Q-3Q) IPv6 m2m-x (NTT Com) Home Security Visual Communication Ubiquitous Office Net Toy Personal VPN (NTT Com, Fujitsu, Toshiba, DIT) Multi-Media Communication (Sanyo) PS2 TV-Phone (Sony) Hotline w/ TOY Control Port (Takara) Bluetooth Home Security (Toshiba) Cyber Conference (Pioneer) EMIT Home System (Matsushita) Ubiquitous Printing (Ricoh)

Slide24: 

Ubiquitous Open Platform Forum Home Appliance Manufacturers and ISPs established “Ubiquitous Open Platform Forum” to accelerate Internet Home Appliance market (Feb. 10th, 2004) Manufacturers: Hitachi, Matsushita Electric Works, Mitsubishi, Panasonic, Pioneer, Sanyo, Sony, Toshiba ISPs: NTT Com, KDDI, Fujitsu, NEC, Panasonic, Sony To establish a ubiquitous platform that permits easy setup, secure communication, and easy real-time connection among various home appliances NTT Com is leading this forum and NTT Com employees are acting in key roles NTT Com is proposing m2m-x as the standard platform of UOPF http://uopf.org/en/

Slide25: 

Establishment of IPsec Tunnel Technology Outline of m2m-x ~Security Based on SIP/IPsec~ SIP REGISTER SIP INVITE RADIUS Auth-Server - RADIUS Authentication friendly to ISPs’ operation Signaling Channel is encrypted with IPsec at the time of SIP REGISTER Authentication process. Data Channel is also encrypted with IPsec making use of secure Signaling Channel. Mutual Authentication Based on Pre-Shared Key or X.509 Certificate Establishment of IPsec Tunnel Encryption Key Exchange for Data Channel UA1 UA1 UA2 UA2 m2m-x Management Server Data Channel m2m-x Management Server Signaling based on SIP

Slide26: 

DNS vs m2m-x (example: private server access) WAN LAN FW/NAT DNS X anybody can see the presence and address of your home server X tiresome FW/ NAT configuration X services are always open for anybody X tiresome id/pass and access management Attacker access list - - - - My Server My PDA WAN LAN FW/NAT m2m-x Possible to hide the existence of a node from unauthorized users automatic and real-time access security control × X automatic encryption management access list - - - - My PDA Attacker My Server access management

Slide27: 

m2m-x Management Server All User Agents (UAs) have shared keys with the others (Full mesh model) - Not scalable Each UA has the shared key only with the management server (trusted 3rd party model) Key Management Method Pre-Shared Key: some advantages but, Not Scalable. So, Normal Pre-shared Key model m2m-x Pre-shared Key model

Conclusion: 

Conclusion We have worldwide full dual stack backbone. We have more than three years experience to provide commercial IPv6 connectivity services. We have not only IPv6 connectivity services but also IPv6 promotions, service platforms and new frameworks. We are your partner.

Contact: 

Contact NTT Communications: http://www.v6.ntt.net/index_e.html IPv6 portal site: http://www.ipv6style.jp/en/index.shtml UOPF: http://uopf.org/en/ Mail to : ipv6@ntt.com Thank you for your attention!

authorStream Live Help