2013 03 27 Juniper Scalable Nat Solution

MX
CARRIER GRADE NAT

IPv6,

IPv4
Juniper
Copyright 2010 Juniper Networks, Inc.
www.juniper.net

IANA
1 2011

2008
2008
2008
0%
2011 !
www.juniper.net
IPV6?
, ,

,
, IPv4

(P2P)
-

5
www.juniper.net
IPV6:
IPv6 : 10923
IPv4 : 443315
: Geoff Houston http://bgp.potaroo.net/v6/as6447/

16 2012
www.juniper.net
IPv6/IPv4 = 2,46%

IPv6
0,2%
: Arbor Networks, 19 2011, Six Months, Six Providers and IPv6,

http://asert.arbornetworks.com/2011/04/six-months-six-providers-and-ipv6/
7
www.juniper.net

IPV6

IPv4?
IPv6?

?

IPv6-?
www.juniper.net
IPv4

, IPv6 IPv4 ,
IPv4- NAT
IPv6 ,

www.juniper.net

JUNIPER NETWORKS
10
www.juniper.net
JUNIPER NETWORKS
NAT
4
350 .
600-700 .
NAT- Juniper Networks
8
Application Layer Gateway

DS-Lite, NAT-traversal,
11
www.juniper.net
NAT
NAT

NAT44
1:1, IPv4<->IPv4
NAPT44
N:1, IPv4<->IPv4
NAPT64
N:1, IPv4<->IPv6
Twice NAT, RFC 2663
12
, IPv4 <-> IPv4
NAT66
1:1, IPv6<->IPv6
NAPT66
N:1, IPv6<->IPv6
www.juniper.net
NAT
NAT
Endpoint Independent Mapping
NAT-traversal,
NAT. /
/ .
. RFC 4787.
( RTP/RTCP) (
0-1023 ).
, syslog
.
.
.
Address Pooling
ALG
20 ALG, : FTP, RTSP, PPTP
,
13
www.juniper.net
NAT

,
N+1 ( stateful-failover)

14
www.juniper.net

MX240, MX480, MX960

10GE ( )
MX240
MX480
MX960
2+1
11+1
480 /c
1,44 /c
2,64 /c
24
72
132
MS-DPC
NAPT44(4)
NAPT44(4)

17
17
600 /
1,2 /
18 /c
18 /c
8,5
8,5
60
60

(IMIX)

4
15
www.juniper.net
AS-MPC AS-MIC
L4-7 Services IPSEC, Stateful Firewall, NAT, MLPPP, MLFR
AS-MPC Overview
2H 2013
4x NPUs
Inline Software Development Kit
Very high scale/feature performance for NG Mobility

Up to 60Gbps of services capacity
Trio based inline offload
AS-MIC Overview
In addition to TRIO
Inline Services
GRE, IPIP tunnels
JFLOW, NAT
BFD, Ethernet OAM
2H 2013
One NPU per MIC

Compatible with MX80 family services slot
Up to 10Gbps of services capacity
16
www.juniper.net
MS-DPC
Description
MS- MIC - 16G
MS-MPC - Per
NPU
per NPU
NAT
Max flows*(Millions)
14
30
PPS(Mpps)
Throughput(Gbps)
14
Flow setup rate*(flows/sec)
200K
180K
240K
For per MPC scaling, multiply by four.

17
www.juniper.net
, NAT- 3-

CPE
BNG
MX
CPE
MX
BNG
MX
2

PE/BNG

VRF
MX

(

) 6
VRF (
6 active/backup)
3

NPU MS-DPC (
)
, NAT,
.
18
www.juniper.net
19
www.juniper.net

/

200 80
20
regress@kevlar# show services

service-set ss1 {
syslog {
host local;
options {
+
session-open;
+
session-close;
+
packet-logs;
+
stateful-firewall-logs;
+
alg-logs;
+
nat-logs;
+
ids-logs;
}
}
}
}
www.juniper.net
( )
21
www.juniper.net
NAT
,
. .

. (
) .

.
:
/
/

( )
22
www.juniper.net
NAT
,
TCP/UDP/ICMP, NAPT44.
23
ALG
services {
nat {
pool pool1 {
address-range low 32.32.32.1 high 32.32.32.32;
port {
automatic {
random-allocation;
}
+
block-allocation {
+
block-size 256; /* Min 64, Max 64512, default 128 */
+
max-blocks-per-user 8; /* Max 2048, default 8 */
+
active-block-timeout 300; /* 0(default), Min 120secs, Max MAX_UINT */
+
}
}
address-allocation round-robin;
}
}
}
www.juniper.net
IPV4
IPV6
25
www.juniper.net
IPV6 IPV6
IPv6
IPv6
IPv4
LB4
IPv6
26
LB4/6
LB6
IPv6
IPv6-
IPv6
IPv4
IPv6
IPv4/IPv6-
www.juniper.net
IPV6- IPV4
: IPv6-
IPv6
IPv6
IPv4
IPv6
IPv4
LB4
NAT64
LB4/6
NAT64
IPv4
IPv4/IPv6
()
c NAT64
27
IPv4
IPv4
NAT64
( IPv6)
, IPv6-
www.juniper.net
WWW.JUNIPER.NET IPV6
http://ipv6.juniper.net IPv6 8- 2010 .
NAT64
IPv4-
28
www.juniper.net
:
IPV6
example.com IPv6
?
Dual-Stack (, , )
dual-stack IPv4
(, )
- ...
IPv6->IPv4

29
www.juniper.net

30
www.juniper.net
CARRIER GRADE NAT (CGN) 444

IPv4
IPv4 src: 192.168.1.3
IPv4 dst: 88.221.183.148
IPv4 src : 12345
IPv4 dst : 80
IPv4
IPv4 src: 10.6.7.8
( RFC1918)
IPv4 dst: 88.221.183.148
IPv4 src : 23456
IPv4 dst : 80
IPv4
IPv4 src: 1.2.3.4
( )
IPv4 dst: 88.221.183.148
IPv4 src : 45678
IPv4 dst : 80
IPv4
192.168.1.3
IPv4 CPE
NAT
CGN
NAT
CPE NAT
:
:
31
192.168.1.3 + 12345
10.6.7.8 + : 23456
CGN NAT
:
:
10.6.7.8 + 23456
1.2.3.4 + 45678
www.juniper.net
www.juniper.net
88.221.183.148
NAT 64
IPv4
IPv4 src: 1.2.3.4
( ISP)
IPv4 dst: 88.221.183.148
IPv4 src : 45678
IPv4 dst : 80
IPv6
IPv6 src: 2001:db8::1
IPv6 dst: 2009:db9:7
(AAAA DNS64 www.juniper.net)
IPv6 src : 12345
IPv6 dst : 80
IPv4
2001:db8::1
IPv6 CPE
NAT64
NAT64
:
:
32
2001:db8::1 + 12345
1.2.3.4 + 45678
www.juniper.net
www.juniper.net
88.221.183.148
IPV6
33
www.juniper.net
1. + .
IPv4
IPv6 6RD

, 6RD- CPE
CPE
DHCP
IPv6
IPv4 CPE
IPv4-
6rd relay
IPv4
IPv6

IPv6
34
ASBR
www.juniper.net
IPv4
IPV6 RAPID DEPLOYMENT (6RD)

IPv6
IPv6 src: 2001:db8:6464:100:1
IPv6 dst: 2620:12:0:102::10
IPv6 src : 12345
IPv6 dst : 80
IPv4
IPv4 src: 10.10.100.1
IPv4 dst: 6rd relay
IPv6
IPv6 src: 2001:db8:6464:100:1
IPv6 dst: 2620:12:0:102::10
IPv6 src : 12345
IPv6 dst : 80
IPv6
IPv6 src: 2001:db8::1
IPv6 dst: 2620:12:0:102::10 IPv6
src : 12345
IPv6 dst : 80
IPv6
2001:db8:6464:100::1
IPv4 CPE
6rd
10.100.100.1
6rd relay

6rd IPv4 CPE
IPv6 .
35
www.juniper.net
ipv6.juniper.net
2620:12:0:102::10
2. IPV4+IPV6 .
IPv4 IPv6
PPPoE
DHCPv4 + DHCPv6
, , L3
BRAS/BSR
IPv6
CPE ( )
IPv4/IPv6 -
ASBR
IPv4
IPv6

36
www.juniper.net
IPv4
3. IPV6.
IPV4.
IPv4 IPv6
CPE
IPv6
IPv4 .. Address Family Translation Router
Dual Stack Lite (DS-Lite)
DS-Lite = IPinIP + NAT 44
, IPv4 BRAS/BSR
IPv4-
IPv6
IPv6 CPE
IPv6-
ASBR
IPv4
IPv6

IPv4
37
AFTR
www.juniper.net
IPv4
DUAL STACK LITE (DS-LITE)

IPv4
IPv4 src: 192.168.1.3
IPv4 dst: 88.221.183.148
IPv4 src : 12345
IPv4 dst : 80
IPv6
IPv6 src: IPv6 CPE
IPv6 dst: IPv6 AFTR
IPv4
IPv4 src: 1.2.3.4
( )
IPv4 dst: 88.221.183.148
IPv4 src : 45678
IPv4 dst : 80
IPv4
IPv4 src: 192.168.1.3
IPv4 dst: 88.221.183.148
IPv4 src : 12345
IPv4 dst : 80
IPv4
192.168.1.3
IPv6 CPE
DS-Lite
AFTR
AFTR
:
:
38
IPv6 CPE + 192.168.1.3 + 12345

1.2.3.4 + 45678
www.juniper.net
www.juniper.net
88.221.183.148

Язык

Добро пожаловать в Scribd!

2013 03 27 Juniper Scalable Nat Solution

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Описание:

Авторское право:

Доступные форматы

2013 03 27 Juniper Scalable Nat Solution

Загружено:

Описание:

Авторское право:

Доступные форматы

Похожие издания

MX

CARRIER GRADE NAT

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

: Geoff Houston http://bgp.potaroo.net/v6/as6447/

Copyright 2010 Juniper Networks, Inc.

: Arbor Networks, 19 2011, Six Months, Six Providers and IPv6,

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

NAT- Juniper Networks

Copyright 2010 Juniper Networks, Inc.

Twice NAT, RFC 2663

, IPv4 <-> IPv4

Copyright 2010 Juniper Networks, Inc.

Endpoint Independent Mapping

20 ALG, : FTP, RTSP, PPTP

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

Very high scale/feature performance for NG Mobility

One NPU per MIC

Copyright 2010 Juniper Networks, Inc.

MS- MIC - 16G

Flow setup rate*(flows/sec)

For per MPC scaling, multiply by four.

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

regress@kevlar# show services

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

CARRIER GRADE NAT (CGN) 444

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

IPV6 RAPID DEPLOYMENT (6RD)

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

Copyright 2010 Juniper Networks, Inc.

DUAL STACK LITE (DS-LITE)

IPv6 CPE + 192.168.1.3 + 12345

Похожие интересы

Документы, похожие на «2013 03 27 Juniper Scalable Nat Solution»

Похожие издания

Оценить

Поделиться