Transition Mechanisms

Node Types (RFC 2893)

IPv4-only node An IPv4-only node implements only IPv4 (and is assigned only IPv4 addresses). This node does not support IPv6. Most hosts and routers installed today are IPv4-only nodes. IPv6-only node This node implements only IPv6 (and is assigned only IPv6 addresses). It is able to communicate with IPv6 nodes and applications only. Although this type of node is not common today, it may become more prevalent as smaller devices such as cellular phones and handheld computing devices include IPv6 stacks. IPv6/IPv4 node This node has an implementation of both IPv4 and IPv6. It is IPv6-enabled if it has an IPv6 interface configured. IPv4 node An IPv4 node implements IPv4 (it can send and receive IPv4 packets). It can be an IPv4-only node or an IPv6/IPv4 node. IPv6 node This node implements IPv6 (it can send and receive IPv6 packets). An IPv6 node can be an IPv6-only node or an IPv6/IPv4 node.

Compatibility Addresses
IPv4-compatible addresses The IPv4-compatible address, 0:0:0:0:0:0:w.x.y.z or ::w.x.y.z (where w.x.y.z is the dotted decimal representation of a public IPv4 address), is used by IPv6/IPv4 nodes that are communicating with IPv6 over an IPv4 infrastructure. When the IPv4-compatible address is used as an IPv6 destination, the IPv6 traffic is automatically encapsulated with an IPv4 header and sent to the destination using the IPv4 infrastructure. IPv4-mapped addresses The IPv4-mapped address, 0:0:0:0:0:FFFF:w.x.y.z or ::FFFF:w.x.y.z, is used to represent an IPv4-only node to an IPv6 node. 6over4 addresses 6over4 addresses are composed of a valid 64-bit unicast address prefix and the interface identifier ::WWXX:YYZZ (where WWXX:YYZZ is the colon hexadecimal representation of w.x.y.z, a unicast IPv4 address assigned to an interface). An example of a link-local 6over4 address based on the IPv4 address of 131.107.4.92 is FE80::836B:45C. 6to4 addresses 6to4 addresses are based on the prefix 2002:WWXX:YYZZ::/48 (in which WWXX:YYZZ is the colon hexadecimal representation of w.x.y.z, a public IPv4 address). ISATAP addresses ISATAP addresses are composed of a valid 64-bit unicast address prefix and the interface identifier ::0:5EFE:w.x.y.z (where w.x.y.z is a unicast IPv4 address assigned to an interface). An example of a link-local ISATAP address is FE80::5EFE:131.107.4.92.

Transition
Overview

Transition is expected to take many years

IPv4 address exhaustion: 2005 and beyond

IPv4 will not disappear anytime soon

IPv4 is deployed on an enormous scale Protocols die very slowly, if at all

Transition enablers
Vendors must provide comparable features, functionality, robustness, performance, at all levels (routers to application) Customers must drive the transition

Transition Mechanisms
Myriad proposals
Coexistence
Dual IP stacks
All network devices run both IPv4 and IPv6 stacks

Dual IP layers
TCP/UDP layer is shared

"Bump In the Stack" (BIS)

IPv6 modules in IPv4 implementations

Tunneling
Configured tunnels Automatic tunnels 6 to 4 tunnels ISATAP tunnels

Translation
SIIT Stateless IP/ICMP Translator NAT-Protocol Translation (NAT-PT)

Dual Stack Transition, Basic Method

Routers & DNS are updated to support dual stack (v4 and v6) Hosts are then updated gradually to be dual
Use v6 if policy and both ends support it Otherwise use v4 DNS used to determine capability of other end Tunneling may be used with this approach Eventually v4 is phased out

This is included in RFC 2893 Transition Mechanisms for IPv6 Hosts and Routers
(originally proposed in RFC 1347)

Dual Stacks

Dual Stacks Network

Tunneling
Configured tunnels
Connects IPv6 hosts or networks over an existing IPv4 infrastructure Generally used between sites exchanging traffic regularly Static tunnels configured on point-to-point basis Examples: CCC, MPLS, GRE, IP-IP, IPSec

Automatic tunnels
Tunnel is created then removed after use Requires IPv4 compatible addresses

6 to 4 dynamically established
Desirable as no explicit tunnel configuration required

6 over 4 - dynamically established

Assumes IPv4 transit network is multicast enabled

Tunneling

Router to router Tunnel

Host to router Tunnel

Router to host Tunnel

Host to host Tunnel

Configured Tunnel = Manual Tunnel

60.0.0.#
F0/0

IPv4 Network

200.100.#.1
F0/1

F0/0

Ma nua lly Co nfig ure d IPv 6 Tu nne l

F0/1

User 1

User 2

200.100.#.2

2300:400:100:A::1/64

2300:400:200:A::1/64

Format Packet
tunnel source FastEthernet 0/0 tunnel destination 60.0.0.1

Automatic Tunneling Using IPv4Compatible Addresses

::/96 is set aside for IPv4-compatible addresses

6to4 Tunneling
Connects isolated IPv6 domains over an IPv4 infrastructure Minimal manual configuration Uses globally unique prefix comprised of the unique 6 to 4 TLA and the globally unique IPv4 address of the exit router Expected to ease initial transition

6to4 Address Format

2002:IPV4ADDR:SubnetID::/64

How 6to4 works

Pop Quiz 1

Answer

Intrasite Automatic Tunnel Addressing Protocol (ISATAP)

Allow hosts that are multiple IPv4 hops away from an IPv6 router to participate in the IPv6 network by automatically tunneling IPv6 packets over IPv4

Example

Pop test

Teredo
provides address assignment & host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind NATs

Teredo Tunnel

Teredo client to IPv6 host connection

Sample Teredo Topology

Teredo Architecture
Teredo client: IPv4 node that wants access to the IPv6 Internet Teredo server:
assist in the address configuration of Teredo clients facilitate the initial communication between Teredo clients and other Teredo clients or between Teredo clients and IPv6-only hosts

Teredo relay: IPv6 router that can receive traffic from the IPv6 Internet to the Teredo client and forward it to the Teredo client interface.

Sample Teredo Communication

Sample Teredo Communication

1. Client sends an IPv6 echo request via its Teredo server. Teredo servers are expected to relay these requests. 2. Teredo server relays the echo request to the IPv6-only host. 3. IPv6-only host sends an IPv6 echo reply with the Teredo client address as destination. The IPv6 infrastructure will route this packet to the nearest Teredo relay based on 2001::/32 routes. 4. The Teredo relay will tunnel the echo reply to the Teredo client 1. cone NAT, the packet will be forwarded to the Teredo client 2. restricted cone NAT, this packet would be discarded, and additional procedures, involving bubble packets 5. Client determines relay IPv4 address from the received packet send packets to the IPv6-only host via the Teredo relay. 6. The relay extracts the IPv6 packet and forwards to the IPonly host. Future communications can follow this same path.

Translation
Translation techniques perform IPv4-to-IPv6 translation (and vice versa) at a particular layer of the protocol stack, typically the network, transport or application layer. Unlike tunneling, which does not alter the tunneled data packet, translation mechanisms do modify or translate IP packets commutatively between IPv4 and IPv6. Translation approaches are generally recommended in an environment with IPv6-only nodes communicating with IPv4only nodes. In dual-stack environments, native or tunneling mechanisms are preferable.

Translator

Translation Mechanisms: SIIT

Stateless Internet Protocol/Internet Control Messaging Protocol Translation (SIIT)
allows IPv6-only hosts to talk to IPv4-only hosts stateless mapping or bidirectional translation algorithm between v4 and v6 packet headers ICMPv4 & ICMPv6 messages SIIT requires the assignment of temporary IPv4 addresses to the IPv6-only hosts

SIIT explained

Network based translation

Translation Mechanisms : NAT-PT

Network Address TranslationProtocol Translation (NAT-PT) employs a stateful IPv4/IPv6 header translation.
NAT-PT uses a pool of IPv4 addresses for assignment to the IPv6 nodes on a dynamic basis No changes are required to existing hosts because all the NAT-PT translations are performed at the network-based NAT-PT device

Network Address Translation -- Protocol Translation (NAT-PT)

Semantically similar to (v4-to-v4) NAT v6-only hosts need to connect to v4 world DNS servers dynamically assign addresses from pool of global IPv4 addresses IP headers and addresses in applications are translated at NAT boxes NAT box must maintain state
Address mappings, TCP sequence number change, Data Unit ID, reassembly, etc..

NAT-PT, continued
Translation for any one session must take place at the same NAT-PT router
Restricted topology NAT-PT is, like NAT, local to a domain This makes routing straightforward

Security is limited (end to end cant be translated, also no secure DNS) NAPT-PT extends maps TCP/UDP port #s (multiple v6 sessions use one v4 address)

NAT-PT Examples