NOTES: UK IPV6 COUNCIL (1)

Last week saw the first proper meeting of the UK IPv6 council, an initiative started earlier this year by a few people who want to improve the current situation. What this situation actually is you get to find out below, because I was there and this is what I think.

The event agenda is listed in full here and the slides are available on the LinkedIn group. The presentations and Q&A sessions were recorded, so they will be available at some point as well.

As you can see, I ended up writing quite a long post - I had to show a lot of restraint in a few cases. You'll find the main points of each presentation, together with some links and my commentary.

That's enough introduction, let's dive in.

IPv6 Status in the UK

Well, it's not very good. The percentage of users that are IPv6 enabled is, as of Oct 2014, about 0.27% (according to Cisco 6labs). To compare, Belgium is the king and queen with a whopping 27% of its user base. Other notable mentions are Germany 11%, US 9.7%, Peru 8.7% and Romania 7% (woo!).

It is quite interesting that from a transit AS point of view, the UK is at a nice figure of 75%, which suggests that the core infrastructure is quite ready. From a prefix point of view though, only 37% of the LIR-allocated v6 addresses are actually advertised and routable.

Looking at Eric Vyncke's stats paints a slightly uglier picture:

  • 19.9% of prefixes (894) are not announced in BGP or covered by an aggregate
  • 63.8% of prefixes (2860) are announced in BGP as part of aggregates
  • 16.3% of prefixes (731) are announced in BGP directly (from the customer that owns them)
    • out of these, 486 prefixes have actually had traffic

So, while from a user point of view there's pretty much nothing going on, at least service providers have been doing something about it.

The interpretation above is my own, as I frankly don't remember the figures in the presentation, only the sources and the bottom line.

The bottom line being: the UK is behind, but has the potential to catch up quickly due to its big user-base once service providers deploy IPv6 connectivity to their customers.

Useful links:

You can get a widget from Cisco 6labs (you can configure the list of countries) - the visual impact is rather amusing, while not very accurate (you can see above it's not really 0%). The one to the left is a locally served static picture (shows the state today) and the one to the right is dynamic, so hopefully in the near future it will start showing an improvement.

Note: the overall values seem a bit variable, they changed a lot in the last few days (for the worse), possible due to Cisco making changes to the formulas.

Diagram Cisco 6lab IPv6 stats widget

BT

The first big service provider to take the stage was BT. They're working on it and they basically started as any sane person would: dual stacking and buying a Carrier-Grade NAT platform. You know, just in case.

While they can manage for now with their existing IPv4 space, things will get tight at some point. That leaves you with two options: you either manage to roll out IPv6 in a safe (read: customer can't tell the difference) manner or you go with NAT.

A few lessons were learned as part of the process and they make a great deal of sense:

  • DualStack has to be deployed first in your core (local and global infrastructure, transit, 21CN etc.) and OSS systems.
  • OSS was a pain (badly designed applications, the bane of IPv6).
  • Education was overlooked - it makes sense, because for most people IPv6 is a big bad 128bit monster.
  • Operational knowledge must be built over time, can't be instantly switched on.

The Q&A session at the end was very good, as most others were, and props to the BT duo (Stuart Smith/Rob Shakir) for giving relevant and well articulated answers.

BSkyB

Interesting presentation from Nick Chettle. The story starts in a similar way: IPv4 space is still enough for customer base needs, but work is in progress on DS for CPE and BNGs and on-net CDNs.

There are a few more details in there for the curious: the CPE gets a /56 via DHCPv6, implements IPv6 FW (RFC6092) and does SLAAC on the customer LAN.

As they're working on updating CPEs (which is probably one of the bigger challenges of a FBB provider), they are running staff trials and they haven't found any major issues.

One has to be careful with deploying IPv6 to customers, as they won't really care either way (apart from the tech savvy minority), so the experience needs to be identical to IPv4 - for example, the XBOX One prefers IPv6 to IPv4 (as most modern DS devices), so if you give your customer both you'd better get it right. With IPv4 the XBOX uses IPSEC tunnels between peers to avoid known issues with CPEs, NAT and port forwarding (and other such wonderful IPv4 baggage).

Interestingly enough, the policy of prefix assignment is... dynamic. Yep, still dynamic, the argument given being that this is not a business offering. As a techie this makes me cringe.

Virgin Media

The VM preso seemed a bit less v6-enthusiastic in comparison with the first two, but they're actually in a good position and we had some great Q&A.

While the others kept CGN in their back pocket, in the VM cable world there is no such thing (allegedly) - they have enough IPv4, even after having to "fight" for some of it within the larger organization (Liberty Global).

CPEs (about 4.2M of 'em) are supplied and managed internally and have been IPv6 ready for a while, but such functionality is disabled for now, until they are ready (2015, maybe). From this point of view VM has already solved one of the bigger challenges of v6 deployment.

Across Liberty Global, some countries are deploying IPv6 due to IPv4 depletion. For example, Germany is running DS-Lite, mostly due to the fact that they were very efficient with their IPv4 requirements and ran out earlier than all of us greedy future-minded engineers.

A question arose about the public facing websites, whether they would make them accessible over IPv6. The answer, realistic but nevertheless amusing, was that, as long as customers can't access them over IPv6, they didn't want them getting any funny ideas before the product was ready to go.

IDEALondon

The event was hosted at IDEA London, which is an innovation center for start-ups, funded by Cisco, DC Thomson and University College London.

The place looks nice and shiny and it was a good venue, apart from some connectivity problems: mobile signal was 0 inside across all operators and WiFi access was wonky. This meant we had to actually pay attention to the presentations, so there you go.

If you want to know more about the place, the Cisco sponsored competitions and all that other stuff, look for Cisco BIG, @CiscoUKI, @IDEALondon and @NVINetwork.

Belgium and IPv6

This is where Eric Vyncke, IPv6 Council Belgium Co-Chair, came to show off let us know how Belgium is doing when it comes to bringing IPv6 to its end-users.

And they're doing very well, as they've enabled almost 30% of their users. This is mostly due to deployment in fixed broadband and cable providers (VOO, Belgacom, Telenet).

One interesting stance they took was that their Finance regulator got involved when carriers started using CGN, because, from their point of view, it has an impact on security and user experience. This basically means that an IPv4 service that uses CGN does not provide the same value to the customer as having a public IPv4/v6 address.

This is a great start, but they have quite a few issues that need to be worked on:

  • no Belgian mobile operators have deployed IPv6
  • IPv6 prefixes allocated to end-users are dynamic and change too often
  • default security policy is to block all inbound traffic (quite interesting that France and Switzerland decided to leave everything wide open)

The last bit is content availability. While all major CDNs and international content providers are dual-stacked, most of the local belgian websites are not accessible via IPv6 (about 8% according to Eric's statistics). The Czech Republic is way ahead of everyone else (42%), with Slovenia and USA (d'oh) around the 30% mark.

Eric defines the IPv6 Triangle Relationship, where Subscribers, Content and Network are all interconnected and interdependent. They're doing well on Subscribers and Network, but poorly on Content.

Belgium is ahead in the race, but I guess the English speaking world has a bit of an advantage when it comes to content availability.

IPv6 Security

This is where things get technical and what separates the men from the boys. I won't get into details, because there's a lot of content to go through and I wouldn't be able to do it justice in a few paragraphs.

In short, the agenda was:

  • debunking IPv6 myths
  • shared issues between IPv4 and IPv6
  • specific issues with IPv6
  • enforcing a security policy in IPv6

Eric's presentation was excellent (albeit a bit rushed due to having only 45 minutes for it) and a must-see. You could either get your hands on the recording (keep your eyes on the UK IPv6 Council website) or look up some of his other presentations at Cisco Live (available online).

Governments enabled with IPv6 (GEN6)

GEN6 is an EU sponsored project dealing with enabling IPv6 for government services in 9 european countries. The pilot project was in the Czech Republic and it was expanded to other countries afterwards.

Presenting was Jiří Průša (CZ.NIC), rightfully proud of the progress of his own government, which is leading the charge.

CZ, NL, DE and SK were the front runners and there's a lot of data in the presentation if you are interested - such as splits on national, regional or local levels and differences between WWW, DNS and email services.

Netflix

Very positive presentation. It can be summarized as "everything is dual-stacked, we offer IPv4 and IPv6 and it just works".

It shows why CDNs are mostly IPv6 enabled already - it's not that difficult, especially when you have a reasonably new infrastructure (without all that legacy baggage to slow you down).

All of their content sits in Netflix Openconnect (AS2906), with the exception of the brains of the operations (Amazon AWS) and the box-art (3rd party CDN, which might not be 100% ready - nobody's perfect, eh?).

Check the slides for more juicy details regarding the infrastructure, servers and the high-level logic behind the whole operation.

University of Southampton

It's time for the universities to take the spotlight and show us how it's done. By the time we got to their presentation, I'd already chatted with Andy Gatward (Reading University) and Tim Chown (University of Southampton) and learned that they've done a lot.

They've dual-stacked their computer-science (ECS) network and servers, which means there's IPv6 network access across the campus (wired and wireless - eduroam) and university or Internet services can be accessed over IPv6.

The drivers behind this effort are many:

  • supporting teaching - students must learn about IPv6, as they will graduate into an IPv4 starved world (I love how dramatic this sounds)
  • learning about security - most modern devices are IPv6 ready and actually prefer it if connectivity is available
  • simplifying connectivity between international campuses
  • improving research and innovation
  • operational simplicity - remove some of the IPv4 complexity that's there because of address starvation

Unfortunately, not many UK universities are implementing IPv6 on a large scale (only 10-15 of them), a lot of the time due to financial constraints and prioritization issues.

The thing to take away from this is that universities have started with IPv6 a long time ago and they've influenced and fixed a lot of the early issues with vendor implementations. Their experience is something that companies should tap as a priority.

Janet

So who's this Janet? What is Janet is more appropiate: a service provider dedicated to the research and education communities. They started looking at IPv6 around 1997 with dodgy routers and even dodgier software. Nowadays, they can proudly say they've been running a dual-stack service for over 10 years. Nice.

They mandate IPv6 on any transit peering and provide connectivity DS to all of their customers. Uptake has been low, quoting about 3 out of 200Gbps on their external border.

The ones doing that traffic are the early adopters: Southampton, Reading, Lancaster, Loughborough Universities. And Particle Physicists. I'm not sure why they need IPv6 to shift the monstrous amounts of data coming out of CERN, but I'm happy they use it.

EE and the mobile industry

As a surprise guest, Nick Heatley from EE came in to talk about what they are doing. Which is quite a bit, as it stands: VoIP (IMS) services over IPv6 and internal trials for 3G/4G data services with no plan for an official launch yet.

They're using 464XLAT (RFC6877), which allows for an IPv4 experience over an IPv6 only transport network. This technology got a lot of support after T-Mobile USA found out that they couldn't offer the same level of service with their IPv6 only 4G network - but they fixed that and they're doing quite well now, with over 10 million customers. Orange Poland is in the same boat, with about 10-15% of their customer base.

To complete the list, Verizon Wireless supports both v4 and v6 in a dual-stacked infrastructure with great results, as their APNIC presentation shows.

And we're done.

I haven't mentioned two presentations, mostly because I can't remember much about the first (Digital UK) and the second was complex and too rushed (Sparkl).

It was a fantastic day, very well organized and the presentations had great content. The discussion breaks in between weren't nearly long enough, as Veronika had to push us back into the room each time. We compensated by having a few beers after the day was done at the local pub, so all is well.

And, as always, thanks for reading.


comments powered by Disqus