IPv6 Transition Mechanisms
The only available public IP addresses are IPv6 addresses. But vast majority of the content is still working on IPv4.
How IPv6 users can connect to the IPv4 world and How IPv4 users can reach to the IPv6 content ? This is accomplished with the IPv6 transition mechanisms.
In this post, I will explain the IPv6 transition mechanisms briefly, share some of my IPv6 real life design experiences and observations and will provide a road map for the future IPv6 design and deployment resources which I am going to cover on the website.
Probably the IPv6 transition technologies is a misleading term. Because; IPv4 infrastructure is not removed with these technologies.They are not an IPv6 migration mechanisms.
Thus probably the IPv6 integration technologies is a better term.
But still throughout this post I will be using IPv6 transition technologies.
There are three types of IPv6 Transition mechanisms.
In the below picture, Native Routing , Dual Stack and the IPv6 tunneling is shown for illustration.
1.IPv6 Dual Stack
Dual stack means running IPv6 + IPv4 on the network,
The entire infrastructure is running both IPv4 and IPv6. Applications, interfaces, routing protocols, basically the whatever is running on top of IPv4, we enable IPv6 as well.
Dual stack is possibly the simplest IPv6 transition mechanism to implement. Every interface, applications and host runs IPv6 and IPv4 at the same time.
Dual stack operation is driven by DNS.
If destination address comes from DNS in an A record only, then communication is done via IPv4.
If destination address from DNS in a AAAA record only, then communication is done via IPv6.
If both A and AAAA record return, most of the applications prefer IPv6.
I share a post previously, titled as ‘ Is IPv6 dual stack is really a best method for IPv6 design ‘. If you haven’t read it, you should definitely check.
2. IPv6 Tunnels
- IPV6 – IPv4 – IPv6 (IPv6 packets are tunneled over IPv4 infrastructure)
- IPv4 – IPv6 – IPv4 (IPv4 packets are tunneled over IPv6 infrastructure)
Two IPv6 islands communicate over IPv4 part of the network or two IPv4 islands communicate over IPv6 part of the network.
Tunnels are used to sent IPv6 traffic over IPv4 network or IPv4 traffic over IPv6 network.
In the below figure, IPv6 packets are tunnelled over IPv4 infrastructure. Realize that Dual-Stack device is needed for connection to both IPv4 and IPv6 interfaces. Rest of the network is IPv4 though.
IPv6 over IPv4 infrastructure. Source: www.cisco.com
There are many tunneling solutions proposed, too many drafts and even an RFC out there but most of them expired or depreciated and here common ones will be shown only.
In general there are two types of IPv6 Tunneling solutions.
- Manual Tunnels:
For any type of tunnel, tunnel endpoints should be known and reachable. In Manual Tunnels, Tunnel endpoints are manually configured.
They are mostly used for permanent site-to-site connectivity.
IP-in-IP and GRE are the two examples of manual IPv6 tunnels.
Manual tunnels are not a scalable solution for large scale IPv6 deployments.
- Automatic Tunnels:
Commonly used for transient connectivity. They could be site-to-site or host-to-host tunnels.
Within Automatic Tunnels, there must be an automatic way to find to tunnel end points.
Every IPv6 Automatic tunneling solution either encapsulates IPv4 tunnel endpoints in IPv6 Address or it consults an Authoritative server for the tunnel endpoints. (Remember LISP?).
There are many IPv6 Automatic Tunneling mechanisms and will be explained in detail in the separate posts.
3. IPv6 Translation
- IPv6 – IPv4 (NAT64) – IPv6 packets are NATed to IPv4 and vice versa
- Private IPv4 – Public IPv4 (NAT44) – This one is not an IPv6 Translation but it is used to address IPv4 address exhaustion, mostly by the Service Providers and the large Enterprises. Solution is called LSN (Large Scale NAT) or CGN (Carrier Grade NAT)
With translation, IPv6 only device can communicate with IPv4 only device. But they think that they communicate with the same version of device.
Most common IPv6 translation mechanism is NAT64 +DNS64.
It replaces older version translation mechanism NAT-PT. NAT-PT is deprecated due to DNS security issues. DNS Application Layer Gateway were integrated in NAT-PT.
With NAT64 + DNS64 mechanism, DNS entity is separated from the NAT entity.
In this mechanism, IPv6 only device can communicate with IPv4 only device over IPv6 only network.
IPv6 translation mechanism as a transition technique is mostly used in Enterprise deployments.
All of the three mechanisms can be deployed at the same time in the network. In fact most network uses at least two of these methods simultaneously when they want to enable IPv6.
All of the IPv6 transition mechanisms which I mentioned in this post will be explained in the separate posts in great detail. This one was the introductory post and let me know your deployment, comments, questions in the comment box below.