Introduction: Recently, the news that the world has officially run out of IPv4 addresses has been all over the technical media, and IPv6 has been pushed to the front of people once again. IP, as the passport of the network world, its importance is self-evident. What is the development history of IPv6 in China as a solution to IPv4 address exhaustion? Product link Tencent cloud, is how to carry out large-scale IPv6 transformation? Yunka Community has specially curated the “IPv6” series to reveal the secrets. Follow the “yunjia Community” public account and reply to “IP” for more content. (Qin Zhenhua; Editing: Wei Wei)

I. Twists and turns: the development of IPv6 in China

IP, as the passport of the network world, its importance is self-evident. IPv4 was not designed to take into account the explosive growth of the Internet, let alone the development of the Internet of Things, and its limited address space will inevitably lead to address exhaustion. IPv6, which could give every grain of sand in the world an IP, burst onto the scene 20 years ago along with the mobile Internet as a solution to IPv4 address exhaustion. However, due to a variety of reasons, IPv6 has failed to bloom together with mobile Internet in China. Now, 5G era kicked off, the country once again sounded the call of IPv6. IPv4 addresses have officially run out of these days, and with the right timing, IPv6 is sure to come back to life.

So, what is the development history of IPv6 in China? Can IPv6 become the main artery of the next generation of Internet in China, and write a beautiful chapter for the Internet of everything?

1. 1999: Not so good

RIPE NCC, a regional Internet registry in charge of parts of Europe, the Middle East and Central Asia, first allocated IPv6 in 1999, and 2019 will be 20 years later. Twenty years ago, IPv6 was also introduced into China. In the following years, the country also tried to promote IPv6 vigorously, but the development of IPv6 was unsatisfactory due to many factors. IPv6 was only promoted and used in the education network, but the mobile Internet, which is closely related to the life of the public, was gradually far away. The utilization rate of IPv6 in China remains below 2% all the year round, which is in sharp contrast to the hot development trend of IPv6 in the world and the Asia-Pacific region.

2. Looking back on 2017: The Action Plan to Scale up the Deployment of Internet Protocol Version 6 (IPv6) was issued

When most people slowly forget IPv6, the country and the government has always been behind the silent efforts. In November 2017, the Action Plan for Large-scale Deployment of Internet Protocol Version 6 (IPv6) was issued:

“The development of the next generation Internet based on IPv6 will significantly improve the carrying capacity and service level of China’s Internet, better integrate into the Internet, share the fruits of global development, strongly support economic and social development, and win the initiative for future development.

Promoting the large-scale deployment of IPv6 is an overall upgrade of the Internet technology industry ecology, which has a profound impact on the innovation and reform of network information technology, industry and application. To develop the next generation Internet based on IPv6, help to promote our country’s capacity for independent innovation and industrial development of high-end network information technology level, efficient support mobile Internet, Internet, industrial Internet, cloud computing, big data, rapid development emerging areas such as artificial intelligence, constantly creating new forms, new technology to promote further prosperity network applications, We will foster an advanced and open industry ecosystem of next-generation Internet technologies.

Expediting the large-scale application of IPv6 provides a new platform for solving network security problems, and provides a new idea for improving the efficiency of network security management and innovating network security mechanism. To develop the next generation Internet based on IPv6, helps to further innovation network security means, improve network security guarantee system, significantly enhanced network security situational awareness and ability of rapid disposal, a sharp rise in the important data resources and individual information security protection level, further enhance the security of Internet credible and comprehensive ability.”

3. Focus on 2019: Key events emerge

In 2018, when 5G has gradually become a fashionable word in the streets, IPv6 technology, which is more important than 5G, is still struggling in the corner. However, by the end of 2019, IPv6 was no longer silent and had grown by leaps and bounds.

In 2019, several key events about IPv6 emerged:

  • In April 2019, the Ministry of Industry and Information Technology (MIIT) issued the Notice on launching the special Action on IPv6 Network Readiness in 2019 (hereinafter referred to as the Notice), which clarified the goal of realizing IPv6 in China by the end of 2019. For example, 90% of LTE terminals have obtained IPv6 addresses. The proportion of fixed broadband terminals with IPv6 addresses reached 40%; The number of LTE network IPv6 active connections reached 800 million. Complete IPv6 transformation of all 13 Internet backbone direct connection points; Public cloud vendors have upgraded 70% of their products to IPv6.

  • In July 2019, Nansha Development Zone Management Committee and National Engineering Center for Next Generation Internet announced the establishment of the innovation center, and planned to deploy and operate an international IPv6 root server in Nansha.

  • In July 2019, the Expert Committee on promoting IPv6 Scale Deployment held the 2019 China IPv6 Development Forum during the 2019 China Internet Conference and issued a white paper titled “the State of IPv6 Development in China”.

  • In November 2019, the European Network Coordination Centre (RIPE NCC) confirmed that all 4.3 billion IPv4 addresses in the world had been assigned.

Ii. Progress by leaps and bounds: current status of IPv6 development in China

High-speed rail construction is eight horizontal and eight vertical, while IPv6 construction is cloud, network, terminal three. Operators, public cloud vendors, CDN vendors, Internet vendors and government departments are the backbone of this IPv6 transformation. From the initial wait-and-see and ignorant gradually become active, support each other and catch up with each other. With the advent of the Internet of Things era, China, which is in the leading position of the Internet and 5G in the world, has once again begun the vast transformation of IPv6.

Listen to thunder in silence. After just two years of efforts, China has made great progress in IPv6 transformation. In particular, 90% of the network infrastructure of telecom operators has been completed, laying a solid foundation for the large-scale deployment of IPv6.

In July 2019, the Report on the Status of IPv6 development in China released by the Expert Committee on promoting IPv6 Scale Deployment shows that:

“As of May 2019, the total traffic of China Telecom, China Mobile and China Unicom man exports reached 398.43Gbps, LTE core network 508.87Gbps, backbone direct connection points 75.74Gbps, and the total IPv6 traffic of international entrances and exits reached 80.45Gbps.

By June 2019, the number of active IPv6 users in China had reached 130 million. The number of IPv6 addresses allocated by telecom companies in Korea is 1.207 billion.

As of December 4, 2019, the National IPv6 Development Monitoring Platform (https://v6cngi.6aas.com) shows that China’s IPv6 development Index has reached 49.67.

3. Getting better: Tencent Cloud IPv6 transformation

1. Numerous difficulties: Tencent cloud products are interlinked, and IPv6 transformation is a great challenge

Tencent has many years of practical experience and technical accumulation in IPv6, is the domestic IPv6 practice forerunner. In 2011, Tencent cooperated with Education.net to build its own IPv6 experimental platform for its various businesses to conduct IPv6 experiments and pilot.

However, Tencent cloud IPv6 upgrade, facing very big challenges: Tencent cloud more than 50 kinds of products, more than 100 proceeds, in computing, storage, network, database, security, Internet of things, intelligent AI and big data, etc., have IaaS products, a PaaS products, there is a SaaS products, product iteration cycle fast, individual products and depend on each other, especially the dependence on network products and platforms. The biggest difficulty is that different products rely on different network communication architectures, especially network products, which depend on the underlying network and need to be linked and advanced in depth.

As a result, the project team carefully sorted out the relationships, developed a detailed Roadmap and implementation plan, and gradually implemented this plan. Tencent cloud product overall transformation Roadmap is mainly divided into the following four stages.

  • Phase 1: IPv6 NAT64 transition technology and DNS support IPv6 smooth upgrade

  • Phase 2: Private networks, subnets, cloud servers, elastic network cards, load balancing, and content distribution support dual stacks

  • Phase 3: DDoS high defense, security group, IP address library, WAF, HTTPDNS support dual stack

  • Stage 4: CDB, COS, API gateway and other IAAS, security, big data, Internet of Things and other PAAS products support double stack

The fact proves that this kind of deep play method is very effective, each product transformation rhythm is clear and bright. By June 2019, we completed the IPv6 transformation of private networks, subnets, cloud servers, elastic network cards, content distribution and other products.

Before September 2019, we completed the IPv6 transformation of DDoS high defense, security group, IP address library, WAF and other products.

2. Accumulated: Won the first prize of science and technology

On November 19, 2019, China Communications Society announced the results of the 2019 “China Communications Society Science and Technology Award”, and Tencent, China Mobile, China Ict, Huawei’s joint project “Mobile Internet IPv6 Technology Breakthrough and Scale Application” won the first prize. Among them, such innovative technologies as distributed SDN cloud network technology based on IPv4/IPv6 dual-stack super large cloud platform and security defense technology such as DDoS based on four-dimensional integrated dual-stack intelligent defense system have been highly recognized.

Tencent Cloud has completed the transformation of more than 40 types of IPv6 products such as cloud host, VPC network, load balancing, domain name resolution, content distribution and DDoS, and plans to complete the IPv6 transformation of PaaS products such as big data, Internet of things and audio and video by the end of the year.

At the business level, Tencent cloud currently supports more than 150 million users of cloud applications such as Tencent Video, Tencent News and QQ browser to access IPv6. Tencent has become one of the enterprises with the largest number of IPv6 users in the world.

Iv. The Challenge and innovation of Tencent cloud platform IPv6 transformation

1. The challenge

The so-called army and horses are not moving, and the basic network facilities and supporting platforms are our basic resources. Before upgrading IPv6 products, you need to upgrade the underlying network.

In 2012, Tencent’s BGP exit in Shenzhen was connected to IPv6 BGP of education network to provide IPv6 services for its own businesses. Later, we connected with operators in Shenzhen, Shanghai and Tianjin for business testing. However, limited by the carrier network and the low number of users at that time, IPv6 services did not scale up.

Tencent Cloud has opened 25 geographical regions, operating 53 available areas; In China alone, there are dozens of BGP exits and dozens of parks that need to be transformed, and the workload and difficulty of transformation are very great. Fortunately, as one of the earliest pioneers of IPv6 deployment in China, Tencent Cloud has accumulated more experience in the transformation of core network and public network exit. Thanks to these experiences, we have made rapid progress in the transformation of BGP exits. At the beginning of 2019, we have basically completed the transformation of major domestic exits. In the second half of 2019, we also launched the transformation of some overseas public network exports, striving to complete the transformation of some overseas cities and the launch of products by the end of 2019, so that overseas enterprises can use IPv6 earlier and welcome a large number of overseas IPv6 users. At the BGP egress, we communicate with the carrier through BGPv6, while the MPLS IPv6 VPN of the internal core network uses 6VPE, and the traffic model is consistent with IPv4.

In addition to the transformation of the basic network, we also carried out the transformation of 10 supporting platforms. The support system includes management system, IPv6 automatic deployment system, network monitoring system, server monitoring system, public network quality detection system, network planning and construction system, CMDB asset management system.

The advantage of IPv6 is the larger address space and address length, but the disadvantage is that it is not easy to remember and easy to introduce configuration problems. In the deployment and implementation of large-scale basic resources, there are obvious disadvantages if relying on manual operation. The new intelligent IPv6 address management system realizes the integrated intelligent operation of IPv6 address entry, allocation, configuration, monitoring and recycling through the visual platform and script tools. It solves the difficulties in the deployment, implementation, operation and maintenance of IPv6 system and greatly reduces the overall TCO. The IP address network management system is interconnected with the cloud platform and CMDB, compatible with overlay and underlay address management, and realizes automatic address allocation management based on service attributes.

Whether it is the automated delivery of IPv6 equipment room or IPv6 traffic management, the biggest challenge facing large cloud platform systems is the collection and storage of large traffic data, as well as multi-dimensional real-time analysis and display. At the same time, hardware devices vary from manufacturers, so how to use standard solutions for integrated operations? Therefore, in the process of IPv6 traffic monitoring and data analysis, the first step is to standardize monitoring and collection by adapting hardware resources of different manufacturers. Then, Kafka, Spark and other data designed for large-scale data processing are introduced to superimpose and summarize the data from all dimensions of real-time analysis, and provide query services through API and graphical Web interface.

Innovation of 2.

The IPv6 upgrade is a very important opportunity to upgrade large cloud platforms as a whole. Therefore, we should not only upgrade IPv6, but also use IPv6 continuous innovation to solve some challenges of IPv6, and achieve the overall upgrade of the cloud platform.

In large-scale distributed cloud Overlay Network SDN controller needs to manage millions of computing resources, IP address resources, and routing entries, supporting Internet communication, hybrid cloud communication, and cross-regional communication scenarios. The introduction of IPv6 addresses not only brings the problem of the number of super-large IP addresses and routing specifications, but also poses more challenges to the multi-scenario communication mode and IP address allocation management, because IPv6 no longer distinguishes between Intranet and extranet and does not perform NAT. We developed the next generation SDN controller based on IPv6, which not only solves the multi-scenario communication of IPv4/IPv6 dual-stack network, sub-machine migration and Fallback mechanism in dual-stack environment, but also provides more powerful management and control capability for the next generation IPv6 support network, supporting tens of millions of user VPCS. In terms of Overlay network encapsulation supporting IPv6, Overlay headers (such as Vxlan and GRE) cannot encapsulate 128bytes oF IPv6 addresses. We also solved this problem by using mapping technology. The specification and performance of routing table and mapping table are perfectly solved by large-scale distributed SDN controller.

Facing IPv6 DDoS attacks, CC attacks, DNS hijacking and other security issues, it builds a four-dimensional integrated dual-stack intelligent defense system, and independently develops aegis security system supporting IPv6. Through the unified API of the cloud platform, DDoS prevention and detection, network virtual firewall, gateway application layer security agent, and cloud host IPv6 protocol layer security are linked in a unified manner to build a four-dimensional intelligent defense system, realizing automatic detection, early warning, and isolation. The DDoS defense system upgrades system modules such as the detection center, access center, attack cleaning center, and unified management center to provide application-layer vulnerability detection, intrusion prevention, and user-based secure access authentication. Traditional IPv4 DDoS security detection combines with THE CMDB to implement defense policies based on identifying each IP address, which cannot adapt to the /56 user IPv6 address space. Each user’s defense involves 2 56 IP address storage and query. Based on the new big data system and IPv6 identification algorithm, aegis security system stores and queries according to the address segment /56, which can greatly improve the speed of query detection and reduce the storage pressure

In the application end transformation, Tencent has accumulated rich experience in its own research business, and actively share experience with other peers. In the application layer APP transformation scheme, Tencent has optimized several self-developed businesses based on Happy Eyeballs, and obtained whether the background configuration needs to enable the dual-stack network-priority IPv6 policy through the bypass configuration interface. If an IPv6 preference is required, the system initiates the IPv6 and IPv4 access to the horseracing mechanism and makes concessions to IPv6 during horseracing to meet the IPv6 preference requirement. When the IPv6 horse race wins, IPv6 is used to request the background; If the IPv6 access fails, the IP address is fallback to IPv4 immediately.

5. New beginnings

IPv6 transformation has entered the middle of the field, but for cloud vendors, this is just the beginning, as we are about to be tested by a larger number of IPv6 users and IPv6 traffic.

If you’re reading this on IPv6, the furthest distance in the world is when IPv6 comes to you and you don’t see it.

Good forecast

Product link Tencent cloud, is how to carry out large-scale IPv6 transformation? Yunka Community has specially curated the “IPv6” series to reveal the secrets. In the next article, we will share Tencent cloud IPv6 private network and IPv6 load balancing operation best practices, welcome to follow.

Author’s brief introduction

Qin Zhenhua, senior product manager of Tencent Cloud, is currently responsible for the planning of Tencent cloud network products, and is committed to promoting the implementation of new next-generation network technologies such as IPv6, DPDK, intelligent network card and 100G.

Follow the “Cloud Plus Community” public account and reply to “IP” for more information about IPv6.