Comcast pitches IPv6 strategy to standards body

Carrier touts simple, gradual approach to upgrade the Internet

Comcast has developed an innovative approach for gradually migrating its customers to the next-generation Internet, and the ISP is promoting this approach to the Internet's leading standards body.

Comcast is the largest cable operator in the United States, with 24.7 million cable customers, 14.1 million broadband customers and 5.2 million voice customers.  

Comcast is upgrading its networks from IPv4, the Internet's main communications protocol, to the standard known as IPv6. IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet. IPv6 uses 128-bit addresses and supports an unlimited number of devices.

At issue is how Comcast will support new customers when IPv4 addresses run out, which is expected in 2011. Comcast can give these customers IPv6 addresses, but their home computers, printers, gaming systems and other Internet-connected devices are likely to support only IPv4.

Comcast engineers have come up with a solution to this problem, dubbed Dual-Stack Lite, which it says is backwards compatible with IPv4 and can be deployed incrementally.

Comcast outlined Dual-Stack Lite in a draft document published by the Internet Engineering Task Force on July 7. Dual-Stack Lite will be discussed at an IETF meeting in Dublin scheduled for later this month.  

"This is about making IPv6 deployable incrementally," says Alain Durand, director of Internet governance and IPv6 architecture in the Office of the CTO at Comcast. Durand, a longtime IETF participant and IPv6 developer, chairs the IETF's Softwires working group, which is looking at IPv4-to-IPv6 transition issues.

"If you look at all the technologies deployed on the Internet in the last 15 years, all the successful ones have been deployed incrementally," Durand says. "You can deploy [Dual-Stack Lite] in your own network and get some benefits immediately regardless of whether your neighbors are doing it."

Durand points out that Comcast has not yet committed to using Dual-Stack Lite internally.

"This is a technology that we are looking at, but we have not committed to deploy it," Durand says. "It seems promising, but we have to make sure that it actually works and that it actually scales to the size of our network before we put it in our network."

Deploying IPv6

Comcast has been deploying IPv6 internally since 2005.

"Our backbone has been operational with IPv6 since 2006, and our original network has been progressively migrating to IPv6," Durand says. "What we are doing is moving to edge management of cable modems. This is the part that's in a trial phase."

Durand says it's critical for Comcast to be able to manage its cable modems and set top boxes after all of the IPv4 addresses are used up.

"IPv6 enables us to have global visibility of all of our networks," Durand says. "It allows us to manage tens of millions of devices in one single view."

Currently, Comcast gives one global IPv4 address to each of its customers. The customers are given home gateways that use private IPv4 addresses for each of its devices, such as PCs or gaming consoles. The global IPv4 address is matched to multiple private IPv4 addresses through a process known as network address translation (NAT), which is done by the gateway.

When IPv4 addresses are used up, Comcast will need to find a strategy for allowing a customer's IPv4-only devices to use an IPv6 address to communicate over an IPv4-driven Internet.

"We cannot force our customers to replace every single device in there homes. This is a non-starter," Durand says. "Also, if you look at the content on the Internet, the majority is reachable with IPv4. That may change in the future, but this is going to take many, many years."

The question is how Comcast can give its customers access to IPv4 content when there are no IPv4 addresses available. Unless customers upgrade their PCs to Vista, which is IPv6 enabled, they won't be able to reach IPv4 content without a new mechanism such as NATs for IPv6.

Comcast's idea is to allow many broadband customers to share one global IPv4 address instead of giving one global IPv4 address per customer.

"The exact ratio of IPv4 addresses to customers is something we are studying right now," Durand says. "We are working on some tests to see if it is 1 to 5, or 1 to 100 or 1 to 200."

This approach would be for new customers only; existing Comcast customers would keep the global IPv4 addresses they already have.

The trick with sharing public IPv4 addresses among many customers is doing it in the simplest way, Durand says.

One possibility involves two layers of NATs: one in customer gateways between private IPv4 addresses and shared public IPv4 addresses; and another inside carrier networks between shared IPv4 addresses and IPv6 addresses.

Durand says multiple layers of NATs would result in networks that are more complex and costly for carriers to operate.

"With two layers of NATs, there are two places where NATs can be tricky and create problems," Durand says. "Also your single view of the network is fragmented," which hinders debugging and repairs.

How Dual-Stack Lite works

Instead, the Dual-Stack Lite approach would use one layer of NAT -- the carrier-grade NAT -- along with IPv4 to IPv6 tunneling from the customer's gateway to the carrier's NAT.

With Dual-Stack Lite, the carrier upgrades its networks to IPv6 but uses a combination of tunneling and NAT to allow customers with IPv4-only devices and IPv6 addresses to access IPv4 and IPv6 content.

New customers with IPv6 addresses would get special home gateways that do tunneling but not NAT. These gateways would take IPv4 packets and ship them over an IPv6 tunnel to the carrier-grade NAT, which handles translation in a way that's similar to today's IPv4 NATs.

"This greatly simplifies and reduces the cost of the home gateway," Durand says. He adds that the new home gateways would be dual stack, which means they support both IPv4 and IPv6.

The carrier-grade NAT would be a dual-stack router that terminates IPv4 to IPv6 tunnels and performs traditional IPv4 NAT. Durand says the carrier-grade NAT could be implemented on a PC running Linux,or it could be implemented in software only.

"We are talking to some open source developers about creating this," Durand says.

Durand says the NAT/tunneling combination is simpler and less expensive than multiple layers of NATs for carriers to maintain during the transition from IPv4 to IPv6. This approach also allows a carrier to have visibility into home gateways through IPv6.

"The beauty of this is that there is no new technology to invent," Durand says. "This is combining pieces that already exist. We have known how to use tunnels for 15 years, and IPv4 NATs are nothing new. We'll have the same thing with the carrier-grade NAT except that it does also need the capacity to decapsulate the packets from the tunnel and remember which tunnel it was coming from."

Although Comcast's focus is on serving its residential customers, Durand says the Dual-Stack Lite approach could be used in enterprise networks.

"You can apply most of this to any large-sized network that has lots of remote branches," he says. "The remote branches would do IPv4 and IPv6 internally and then have an IPv6-only address. The IPv4 traffic would be tunneled over an IPv6 connection to a carrier-grade NAT in the corporate network. This will enable you to deploy very large IPv4 networks without worrying about running out of IPv4 addresses."

Durand says that the Dual-Stack Lite approach will accelerate the Internet's transition to IPv6, not delay it.

"The alternative is all those layers of NAT, which will be all IPv4 with not IPv6 at all," Durand says. "If we go forward with multiple layers of NATs, there is no incentive ever for deploying IPv6…This plan can accelerate the deployment of IPv6 because it makes it incrementally deployable."

Comcast points out that it is trying to propose Dual-Stack Lite as an industrywide solution to IPv6 transition.

"This is not something that is a Comcast-only solution. This is something that we are working with the rest of the industry on," Durand says. "I have had a number of discussions with service providers around the world, especially in Japan and Europe, who are very interested in something like this."

Learn more about this topic

Much-maligned feature being added to IPv6 

How China is migrating to next-gen Internet

NATs necessary for IPv6, says IETF chair 
Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies