UCloud Xu Liang: Three IPv6 external network access solutions to fully meet users' multi-stage needs

[51CTO.com original article] On May 28, 2019, UCloud, a neutral cloud computing service provider in China, held the UCloud User Conference and Think in Cloud in Beijing with the theme of "Neutral Security, Empowering the Industry". At the afternoon forum, Xu Liang, head of UCloud's virtual network platform, delivered a speech entitled "Application and Implementation of Public Cloud IPv6 Network". Under the guidance of national policies, the speed of transition from IPv4 to IPv6 in China's Internet protocol is gradually accelerating, and the huge opportunities for upgrading brought about by the process of network construction and transformation have attracted active participation from all parties in the industry, so Xu Liang's analysis has received a lot of attention.

During the break of the meeting, a 51CTO reporter interviewed Xu Liang and discussed UCloud's construction ideas and market layout in IPv6, as well as his judgment on the future development trend of IPv6 in China.

Image: Xu Liang, head of UCloud virtual network platform

Three IPv6 extranet access solutions, each suitable for different user scenarios

According to Xu Liang, there are currently three main UCloud IPv6 external network access solutions: NAT64, ULB7 and VPC, each of which is suitable for different scenarios.

1. NAT64 solution

The most prominent feature of NAT64 products is "fast". The main advantage is that it allows users to quickly access the IPv6 network without modifying the backend service. UCloud converts IPv6 into IPv4 protocol through standard NAT64, and then connects it to the IPv4 network through the NAT64 gateway. The advantage of this solution is that the customer's backend code does not need to be modified. As long as the "NAT64 conversion" function is selected on the front-end IPv4 address, IPv6 users can access it. The performance and efficiency of the NAT64 conversion service are very high, so the user experience is also very good.

2. ULB7 solution

NAT64 has a disadvantage. After users perform IPv6-IPv4 address conversion, they cannot get the IPv6 source address. Xu Liang said that in order to help these customers who have a strong demand for source addresses, UCloud has further launched the ULB7 load balancing product. Because most load balancing processes HTTP requests, UCloud embeds the IPv6 source address in the HTTP X-Forward-For header and transmits it to the backend customer. The load balancing product used is the high-availability ULB7 independently developed by UCloud.

3. VPC solution

VPC can mainly solve the problem of IPv6 support in a multi-cloud interoperability environment. The user's IPv6 request will be sent directly to the host, and then the host's distributed firewall will send it to the virtual machine. The whole process has high efficiency and performance, and can bring the most native IPv6 experience. However, this product will require that the customer's back-end application has been modified to support IPv6.

According to Xu Liang, this product is expected to be officially launched in the third quarter of 2019. The advantage of this solution is that each cloud host in the VPC can obtain a public IPv6 address, that is, as long as the user purchases public network bandwidth, it will naturally support multi-cloud interoperability. The VPC solution lacks the NAT layer after the IPv6 network, making the network interconnection very close to the physical network, greatly reducing the difficulty of multi-cloud interoperability.

Of course, UCloud will also actively cooperate with third-party multi-cloud vendors to enable them to call the API interface in the VPC product to achieve network interconnection. "After the full popularization of IPv6, if you don't consider the tariff, the easiest way is to do multi-cloud deployment through the public network. Because the entire IPv6 network has a flat structure, each virtual machine has a public network address, which is a great benefit in multi-cloud deployment." Xu Liang pointed out.

Customer demand becomes the driving force of UCloud's R&D, and dual stack is still the mainstream at this stage

The reporter learned that UCloud had already started to launch IPv6-related application products as early as 2016. At that time, the initial demand came from the review of Apple's APP Store. Apple required that all listed APPs must support IPv6. When UCloud received feedback and requirements from customers, it launched the PathX product to improve the user's APP review pass rate. Gradually, Apple's review became more and more stringent. At the same time, many domestic customers began to have the demand to "go overseas", and the products needed to meet the requirements of foreign IPv6, so UCloud began to pay attention to the research and development of IPv6 products. Later, the national policy orientation became clearer and clearer, and the domestic IPv6 process began to accelerate gradually. Customer demand became the driving force of UCloud, and slowly UCloud's products began to take shape.

Xu Liang told reporters that the development of IPv6 products involves the input of multiple departments within the company, such as load balancing, storage, object storage, security, etc. When talking about UCloud's accumulation in IPv6, Xu Liang revealed that as early as 2017, UCloud established a pure IPv6 K8S cluster and successively submitted many IPv6-related patches to several open source communities to ensure the compatibility of IPv6 and ensure its normal operation on these open source software. In this process, UCloud has also accumulated rich experience.

Regarding future planning, Xu Liang said that UCloud is considering deploying IPv4 and IPv6 dual stacks on edge nodes in data centers in the future, and will gradually transition to a pure IPv6 data center environment within the data center. At this stage, the dual stack approach is still the main approach in the short term. However, in terms of virtual network products, since the virtual network itself is implemented in an Overlay manner, it does not require the physical network to completely complete the IPv6 transformation. Therefore, in the UCloud solution, it is encapsulated as an Overlay at the Internet entrance and then sent directly to the host machine. Therefore, UCloud virtual network products do not actually have a particularly strong dependence on physical networks, and can bring in IPv6 traffic.

The key to popularizing IPv6 lies in the ecosystem

Regarding the challenges that IPv6 has encountered in its popularization, Xu Liang pointed out that the key to IPv6 popularization lies in the ecosystem. He cited two examples from different perspectives to highlight the importance of the ecosystem.

The first example is from the user hardware procurement, taking the data center core switch as an example. It is well known that IPv4 and IPv6 share the table entries of the switch memory, but if the IPv6 demand is not taken into account when purchasing data center equipment, the table entries purchased may be relatively small. In the actual operation stage, if the original core switch can support 20,000 physical servers, then once the IPv6 function is enabled, the core switch can only support 10,000 physical servers, because IPv6 will occupy half of the resources. This means that the core switch cannot be upgraded in situ, nor can such a feature be enabled in situ. It may be necessary to upgrade the core switch before enabling the IPv6 feature, which is a difficulty.

The second example revolves around business, taking CDN as an example. The cache layer of CDN is all WEB servers. Although WEB servers have relatively complete support for IPv6, there are still many differences in starting IPv6 at the business level. For example, CDN needs to determine the user's region through IP address, so as to provide users with nearby access services more quickly through some scheduling algorithms. In this scenario, CDN relies on a complete IPv6 address library. However, the IPv6 address library is not yet mature and needs time to be gradually completed.

"In recent years, we have seen that the IPv6 ecosystem is gradually becoming complete, but it is still not enough. The business model, network quality, coverage and other aspects need to be further optimized. I think it also requires more extensive participation from the upstream and downstream links of the industrial chain, so that users can have awareness of IPv6 support from the initial purchase, and then the application of IPv6 will gradually become richer, and finally a huge ecological system will be formed." In an interview with ***, Xu Liang concluded.

[51CTO original article, please indicate the original author and source as 51CTO.com when reprinting on partner sites]