Ntt communications ipv6 backbone access and applications l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 29

NTT Communications’ IPv6 Backbone, Access, and Applications PowerPoint PPT Presentation


  • 217 Views
  • Uploaded on
  • Presentation posted in: General

NTT Communications’ IPv6 Backbone, Access, and Applications. Takeshi TOMOCHIKA 6 th July, 2004 NTT Communications. NTT Communications’ IPv6 Activities Dual Stack ADSL Access Service Service Platform & framework. Agenda. NTT Communication ’ s Global IPv6 Backbone. ntt.net

Download Presentation

NTT Communications’ IPv6 Backbone, Access, and Applications

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ntt communications ipv6 backbone access and applications l.jpg

NTT Communications’ IPv6 Backbone, Access, and Applications

Takeshi TOMOCHIKA

6th July, 2004

NTT Communications


Agenda l.jpg

NTT Communications’ IPv6 Activities

Dual Stack ADSL Access Service

Service Platform & framework

Agenda


Ntt communication s global ipv6 backbone l.jpg

NTT Communication’s Global IPv6 Backbone

ntt.net

Global Backbone

EQUI6IX

NSPIXP6

JPNAP6

PAIX

EQUI6IX

ESPANIX

PARIX

UK6X

LINX

AMS-IX

DE-CIX

Korea

The U.S.

Taiwan

Japan

Hong Kong

Australia

Europe

Malaysia

Our Strength

  • Global IPv6 network covering Asia, US, Europe

  • IPv4/IPv6 dual-stack backbone

  • Providing commercial IPv6 transit services in Japan (Apr ’01-), in Europe (Feb ’03-), in U.S. (June ’03-) and many other AP-Region countries (June ’03-)

  • 24x7 monitoring and operations by dual NOCs in Japan and U.S.

  • More than 3 year’s experience of operation

  • Worldwide IPv6-IX Connectivity

    • Japan : NSPIXP6, JPNAP6 (Tokyo)

    • U.S. : PAIX, Equi6IX (West coast), Equi6IX (East coast)

    • Europe : LINX, UK6X (London), AMS-IX (Amsterdam), DE-CIC (Frankfurt), PARIX (Paris), ESPANIX (Madrid)


Ntt communications two ases l.jpg

NTT Communications’ two ASes

LINX

AMS-IX

UK6X

NSPIXP6

PAIX

JPNAP6

EQUI6IX

EQUI6IX

U.S.

Verio

Korea

NTT Korea

Hong Kong

NTT Com Asia

Europe

NTT Europe

Taiwan

NTT Taiwan

AS2914

ntt.net

AS 4713

Malaysia

NTT MSC

Australia

NTT Australia

DE-CIX

PARIX

ESPANIX


Transition of ntt communications ipv6 services l.jpg

Transition of NTT Communications’ IPv6 Services

2001

2002

2003

2004

200X

Year

-OCN ADSL

Dual Service (2002 summer-)

Personal

-OCN IPv6 Tunneling Service

(2001 spring-)

IPv6 and IPv4

Dual Stack

Service

SOHO

IPv6

over IPv4

Tunneling

service

-ntt.net IPv6

Tunneling Service

(2002 spring-)

Enterprise

IPv6

Native

service

-ntt.net Dual

Stack Service

(2004 spring-)

iDC

-ntt.net IPv6 Gateway Service

(2001 spring-)

ISP

Broad

Bandwith


Ntt net s global backbone transition l.jpg

Current

IPv4/IPv6 Dual stack

Q1 2000 ~ Q2 2003

IPv4 and IPv6 separately

Before 2000

Only IPv4

ntt.net IPv6 Backbone

ntt.net IPv4/IPv6

Dual Stack Backbone

  • World wide global IP network

  • Global tier1 network as one AS;2914

  • Only IPv4 available

IPv4/IPv6 Dual-link

IPv6 Native-link

IPv6 over IPv4

Tunnel-link

ntt.net IPv4 Backbone

ntt.net IPv4 Backbone

v6

v4

v6

v4

v4

v6

  • Setup global IPv6 backbone covering Asia, the U.S. and Europe

  • IPv4 and IPv6 network are separate

  • Routing control and peering policies are independent between

  • IPv4 and IPv6

  • <<IPv6 Backbone>>

  • Use Tunneling-link, where appropriate, to save cost

  • Provide Native service and tunneling service, not dual service

  • <<IPv4 Backbone>>

  • No effect for existing IPv4 backbone from IPv6 side

  • IPv6 traffic are transferred as IPv4 traffic on the tunneling-link

  • All of backbone routers handle both

  • IPv4 and IPv6 traffic

  • Routing control and peering policies

  • are independent between IPv4 and IPv6

  • Basically trouble on one protocol is

  • isolated from the ones in another

  • protocol

  • ntt.net runs more than 100 dual stack backbone routers now!

ntt.net’s Global Backbone Transition


History of ntt communications ipv6 activities l.jpg

1996NTT Labs started to operate one of the world’s largest global IPv6 research networks.

1997CICNet and NWNet, later acquired by Verio, started operating major nodes of 6bone.

1999NTT Communications (NTT Com) obtained sTLA from APNIC.

NTT Com started IPv6 tunneling trial service for its domestic ISP “OCN” customers in Japan (over 200 trial customers).

2000NTT MCL started the world’s first commercial IPv6 IX (s-IX) in San Jose, US.

NTT Europe started IPv6 trial service (over 400 trial customers).

2001NTT Com started the world’s first commercial IPv6 services, “ntt.net IPv6 Gateway Service” and “OCN IPv6 Tunneling Service”.

HKNet started commercial IPv6 services in Hong Kong.

NTT Com played a key role in Japan National Project “IPv6 Home Appliance Trials”.

NTT Com participated in European Communities’ “6NET/ Large-Scale International IPv6 Test bed” Project .

NTT Com participated in Chinese IPv6 Telecom Trial Network “6TNET” Project .

History of NTT Communications IPv6 Activities


History of ntt communications ipv6 activities cont l.jpg

2002OCN started “IPv6/IPv4 dual stack ADSL access service” with Plug and Play feature (site auto-configuration).

NTT MSC started commercial IPv6 services in Malaysia.

NTT Australia IP started IPv6 services in Australia.

NTT Com won the World Communication Awards 2002, “Best Technology Foresight – IPv6” and “Best carrier – AP Region”.

2003NTT Europe just started commercial IPv6 services in Europe.

VERIO (in US) and some Asia/Pacific Region subsidiaries (Korea, Taiwan) started commercial IPv6 services.

ntt.net’s backbone supported IPv4 and IPv6 dual stack.

2004We Provide IPv6/IPv4 dual stack services at all of ntt.net’ s POPs.

History of NTT Communications IPv6 Activities (Cont’)


Ntt communications evolution in ipv6 l.jpg

NTT Communications’ Evolution in IPv6

Service platform

p2p application trial “P2P VPN Platform”

Join European Project “6net”

Activities

Join Chinese Project “6TNet”

Application layer

Join Japanese National Project

1996

1997

1998

1999

2000

2001

2002

2003

Research Phase

Trial Phase

Commercial Service Phase

- NTT Labs started global IPv6 research network

- NTT Communications started commercial IPv6 service in Japan

- Verio joined 6bone in the U.S.

- NTT Com obtained sTLA address

Services in Japan

OCN Tunneling Trial (200 users)

Network layer

- NTT MCL started commercial IPv6-IX service in the U.S.

Service in Europe

NTT Europe IPv6 Trial (400 users)

Service in Hong Kong

Services in Malaysia / Australia

Services in Korea, Taiwan,

and The U.S.


Slide10 l.jpg

NTT Communications’ IPv6 Activities

Dual Stack ADSL Access Service

Service Platform & framework


Slide11 l.jpg

Broadband Market in Japan & Our Position

Corporate BB (Oct. 2002)

DSL access (Mar. 2003)

Subscribers

Residential BB (Mar, 2003)

2001

2002

2003

(Source: Nikkei Market Access Report, and www.soumu.go.jp)


Ocn ipv6 ipv4 dual adsl service outline l.jpg

Features:

Broad band (12M) access service via ADSL line of ACCA networks

Provide IPv4 and IPv6 dual stack connectivity

Ease to set up by Plug and Play function

Prospective customer segments:

Advanced individual / So-Ho users

IPv6 applications or devices developer

Address assignment:

IPv4 : one global address (dynamic)

IPv6 : one /48 global address prefix (static)

Additional service:

As same as OCN IPv4 services (e-mail, Web, News, etc…)

IPv6 DNS service

IPv4 access

OCNv6

OCNv4

IPv6 access

OCN IPv6/IPv4 Dual ADSL Service outline

\5,980 / month

Service description

Customer’s LAN

ADSL access line

OCN/

ACCA

Auto configuration

For router

Auto configuration

For hosts

Plug and Play function


Ocn ipv6 ipv4 dual adsl service with pnp function l.jpg

OCN IPv6/IPv4 Dual ADSL Service with PnP function

PE

Host

CPE

ADSL

LAN

IPCP

PPP

Global IPv4 Address

Private IPv4 Address

DHCPv4

IPV6CP+PD

IPv4 connection

RA

IPv6 connection

Link local IPv6 address

Global IPv6 address /48

/48

/64

Site Prefix

????

????????

Interface ID

DHCPv6-PD

/64

/48

Site Prefix

NW ID

????????

Router Advertisement


Standardization l.jpg

Standardization

PE

Host

CPE

RADIUS

ADSL

LAN

Authentication

Link configuration

RADIUSv6

PPP(IPV6CP)

RFC2472

RFC3162

CPE configuration

(Prefix / DNS)

DHCPv6-PD

RFC3315

RFC3633

RFC3769

RFC3646

Stateless ADDR

RFC2462

NTT Communications contributed to these RFCs

Host configuration

(Address / DNS)

(DHCPv6-lite or etc.)

RFC3736

draft-shirasaki-dualstack-service-04


Experiences with our dual adsl service l.jpg

Has been working well since the beggining of the service

No impact on IPv4 single stack CPE

Nation wide service via L2TP

Other ISPs in Japan are using same spec

1500+ customers use this mechanism today

Experiences with our Dual ADSL Service


Slide16 l.jpg

NTT Communications’ IPv6 Activities

Dual Stack ADSL Access Service

Service Platform & framework


New internet business model created by ipv6 l.jpg

New Internet Business model created by IPv6

Global IP address

Mobile equipment

NW for mobile

Real-time data

distribution

Remote

Maintenance

×

Secure End-to-End

Communication

IPv4

IPv6

Remote

Control

Data exchange

NAT

LAN

Home

Network

Private address

Information appliances

OA equipment

IPv4 : one-way communication

・ due to NAT, the business model is

only client & server.

IPv6: two-way communication

・two-way communications between information

appliance and mobile equipment

・New internet business models will be created


Vpn model in ipv4 world and ipv6 world l.jpg

IPv4 (conventional model)

Access from “MANY”

Access from “IN side” to “OUT side”

Office

Web server

Mail server

IPv4 Internet

LAN

Company’s

Intranet

IPsec

Node

IPsec

Node

Secure Transmission : Site to Site IPsec VPN

Private address segments

Global address segments

Private address segments

IPv6 (improved model)

Out side

Access from “OUT-side” to ”IN-side”

Office

Restricted, secure access

IPv6 Internet

LAN

Remote office

LAN

Secure Transmission : End to End IPsec VPN

Global address segments

VPN model in IPv4 world and IPv6 world


One of a problem of p2p secure communication l.jpg

One of a problem of p2p secure communication…

IPv4

IPv6

  • Lack of Global IP address

  • Apply NAT and

  • introduce private address

  • Enough Global IP address

  • Can assign Global IP addresses

  • on every device networked

Global IP Address

  • Only Site to Site secure

  • communications available

  • Can setup secure communication

  • not only Site to Site connection

  • but also End to End connectio:

  • the key of the IPv6 market

Secure communication

One of a problem is Management of security configuration

End users have to manage security policy which can involve

many different configurations at end equipment.

Our solution is :P2P VPN Platform


Ipv6 p2p vpn platform trial service l.jpg

Hacker

IPv6 P2P VPN Platform Trial Service

IPsec policy server to provide IPsec policy file to each peer on demand

- Effortless setup: Set up end-to-end secure communication easily using web interface

No or low skill requirements

- Adaptable to all communication modes: Client-Server, Peer-to-Peer, Mobile

- Secure instant communication: Connect instantly, while achieving end-to-end security

CA

IPsec

Policy

Server

Verio

Data Center

Headquarters

Branch Office :A

Strategic

Team

IPsec

Policy

ntt.net IPv6 Global Backbone

IPsec

Server

IPsec

Branch Office :B

IPsec

IPsec

HOTSPOT

・・:xσ+]%・・

?

?

Joint development by

Digital Certificate


Case study p2p vpn platform l.jpg

Case study : P2P VPN Platform

Exchange medical data via End to End IPsec secure connection

Set up IPsec connection and manage their

security policy easily:

Just only register the correspondent person

on his/her own address book in the web site

  • Set up users

  • Certify users

IPsec

Management

server

IPsec (authentication, encryption)

certificate

IPv6 network

User : C

Clinic : B

Hospital : A

certificate

Secure data exchange

certificate

User : B

??

User : A

Keep integrity

・・:xσ+]%・・

Hacker


Slide22 l.jpg

m2m-x (Machine to Machine for any[thing|place|time])

~Provide End-to-End Secure Communications Using IPv6~

m2m-x

Management Server

“Secure, Easy and Low-priced”

Mobile Phone

Gateway

Signaling Channel

IPv6

Internet

Non-PC devices

Enterprise Network

Data Channel

Home Network

  • M2m-x management server functions:

  • - Authentication of all the devices

  • - Access Control based on the security policy

  • Transmission of encryption keys in a way making the calculation process light-weighted

  • The existence of the device is hidden from unauthorized users

  • Transmission of Information necessary for dynamic control of Firewall devices

Core Technology

= SIP & IPsec


M2m x ip home appliance trials 2004 1q 3q l.jpg

m2m-x IP Home Appliance trials (2004.1Q-3Q)

Multi-Media Communication

(Sanyo)

Personal VPN

(NTT Com, Fujitsu, Toshiba, DIT)

Ubiquitous Printing

(Ricoh)

PS2 TV-Phone

(Sony)

Ubiquitous

Office

Visual

Communication

IPv6

m2m-x

(NTT Com)

Cyber Conference

(Pioneer)

Net Toy

Home

Security

EMIT Home System

(Matsushita)

Hotline w/ TOY Control Port

(Takara)

Bluetooth Home Security

(Toshiba)


Slide24 l.jpg

Ubiquitous Open Platform Forum

  • Home Appliance Manufacturers and ISPs established “Ubiquitous Open Platform Forum” to accelerate Internet Home Appliance market (Feb. 10th, 2004)

    • Manufacturers: Hitachi, Matsushita Electric Works, Mitsubishi, Panasonic, Pioneer, Sanyo, Sony, Toshiba

    • ISPs: NTT Com, KDDI, Fujitsu, NEC, Panasonic, Sony

  • To establish a ubiquitous platform that permits easy setup, secure communication, and easy real-time connection among various home appliances

  • NTT Com is leading this forum and NTT Com employees are acting in key roles

  • NTT Com is proposing m2m-x as the standard platform of UOPF

http://uopf.org/en/


Slide25 l.jpg

Technology Outline of m2m-x ~Security Based on SIP/IPsec~

- RADIUS Authentication

friendly to ISPs’ operation

Signaling based on SIP

m2m-x Management

Server

RADIUS

Auth-Server

Mutual Authentication

Based on

Pre-Shared Key

or X.509 Certificate

Signaling Channel is encrypted

with IPsec at the time of SIP

REGISTER Authentication

process.

SIP REGISTER

Establishment of

IPsec Tunnel

UA2

m2m-x Management

Server

UA1

Encryption Key Exchange

for Data Channel

Data Channel is also encrypted

with IPsec making use of

secure Signaling Channel.

SIP INVITE

Establishment of

IPsec Tunnel

UA2

Data Channel

UA1


Slide26 l.jpg

DNS vs m2m-x (example: private server access)

X anybody can see the presence and address of your home server

X tiresome FW/ NAT configuration

X services are always open for anybody

DNS

X tiresome id/pass and access management

WAN

LAN

My PDA

My Server

FW/NAT

  • access list

  • - -

  • - -

Attacker

access management

automatic and real-time access security control

Possible to hide the existence of a node from unauthorized users

  • access list

  • - -

  • - -

m2m-x

automatic encryption management

WAN

×

LAN

My PDA

FW/NAT

My Server

X

Attacker


Slide27 l.jpg

Key Management Method

Pre-Shared Key: some advantages

but, Not Scalable. So,

Normal Pre-shared Key model

m2m-x Pre-shared Key model

m2m-x Management

Server

All User Agents (UAs) have shared keys with the others

(Full mesh model)

- Not scalable

Each UA has the shared key only with the management server (trusted 3rd party model)


Conclusion l.jpg

Conclusion

  • We have worldwidefull dual stack backbone.

  • We have more than three years experience to provide commercial IPv6 connectivity services.

  • We have not only IPv6 connectivity services but also IPv6 promotions, service platforms and new frameworks.

  • We are your partner.


Contact l.jpg

Contact

  • NTT Communications:

  • http://www.v6.ntt.net/index_e.html

  • IPv6 portal site:

  • http://www.ipv6style.jp/en/index.shtml

  • UOPF: http://uopf.org/en/

  • Mail to : [email protected]

Thank you for your attention!


  • Login