“ipv4 to ipv6 transition”
DESCRIPTION
Transition Mechanisms Immediate migration to IPv6-only network is not possible IPv4 and IPv6 Coexists for long period of time. Some transition mechanisms have been standardized TUNNELING DUAL STACK & TRANSLATION (network address & protocol translation) Currently: IPv6 exists over IPv4 Islands Future: IPv4 exists over IPv6 Islands Finally IPv6-only Islands 4/26/2017TRANSCRIPT
05/03/23 1
Babu Ram Dawadi@IOE Pulchowk Campus
Transition Mechanisms Immediate migration to IPv6-only network is not possible
IPv4 and IPv6 Coexists for long period of time.
Some transition mechanisms have been standardized TUNNELING DUAL STACK & TRANSLATION (network address & protocol translation)
Currently: IPv6 exists over IPv4 Islands
Future: IPv4 exists over IPv6 Islands
Finally IPv6-only Islands
05/03/23 2
What is a tunnel? A tunnel identifies packets in a data stream
Identify by encapsulation (new header possibly new trailer)
Identify by labeling. Entry into a tunnel gives the data stream different
characteristicsE.g., Privacy, authentication, different routing
characteristicsSecurity is not always the goal of the tunnel
Also called virtual private networks (VPNs) in many situations
TunnelingTunneling enables IPv6 hosts/routers to communicate with other IPv6
hosts/router over IPv4 network
Tunneling encapsulates IPv6 datagrams within IPv4 packets
05/03/23 4
Tunneling…IPv4/IPv6 hosts and routers can tunnel IPv6 datagram
over regions of IPv4 routing topology by encapsulating them within IPv4 packets.
Tunneling techniques are classified by the way the encapsulating node determines the address of the node at the end of the tunnel:Host-to-hostHost-to-routerRouter-to-routerRouter-to-host
In router-to-router and host-to-router tunneling methods, the IPv6 packet is tunneled to a router
05/03/23 5
IPv6 over IPv4 TunnelingThe IPv4 Protocol field is set to 41 to indicate an encapsulated IPv6
packet.The Source and Destination fields are set to IPv4 addresses of the tunnel
endpoints. The tunnel endpoints are either manually configured as part of the tunnel interface or are automatically derived from the next-hop address of the matching route for the destination and the tunneling interface.
05/03/23 6
Host-to-Host In the host-to-host tunneling configuration, an IPv6/IPv4 node that resides
within an IPv4 infrastructure creates an IPv6 over IPv4 tunnel to reach another IPv6/IPv4 node that resides within the same IPv4 infrastructure.
IPv6/IPv4 hosts that use ISATAP addresses to tunnel across an organization’s IPv4 infrastructure.
IPv6/IPv4 hosts that use IPv4-compatible addresses to tunnel across an organization’s IPv4 infrastructure.
05/03/23 7
Host-to-Router and Router-to-Host In the host-to-router tunneling configuration, an IPv6/IPv4 node that resides
within an IPv4 infrastructure creates an IPv6 over IPv4 tunnel to reach an IPv6/IPv4 router
In the router-to-host tunneling configuration, an IPv6/IPv4 router creates an IPv6 over IPv4 tunnel across an IPv4 infrastructure to reach an IPv6/IPv4 node
Figure below shows host-to-router (for traffic traveling from Node A to Node B) and router-to-host (for traffic traveling from Node B to Node A) tunneling.
05/03/23 8
Router to Router Tunneling In the router-to-router tunneling configuration, two IPv6/IPv4 routers
connect two IPv6-capable infrastructures over an IPv4 infrastructureThe IPv6 over IPv4 tunnel between the two routers acts as a single hop.For each IPv6/IPv4 router, there is a tunnel interface representing the
IPv6 over IPv4 tunnel and routes that use the tunnel interface
05/03/23 9
Tunneling (Contd…)Configured Tunneling
Tunnel end point address must be determined from configuration in the encapsulating node
05/03/23 10
Automatic Tunneling Tunnel End Points address is determined by IPv4 compatible Destination
address (0::IPv4-address)
The packet being processed on the router will be redirected if the destination IPv6 address is an IPv4 compatible address and automatic tunneling is then used
Automatic TunnelingThe nodes performing automatic tunneling are assigned an
IPv4 compatible address. This sort of address is identified by a 96 bit prefix consisting
only of zeros and an IPv4 address in the low-order 32 bits
IPv4 Compatible IPv6 Address FormatWhen the packet is being processed in the router, it is redirected if the
destination IPv6 address is an IPv4 compatible address, and automatic tunneling is then used
If the destination address is a native IPv6 address, automatic tunneling cannot be used.
05/03/23 11
96-bits 32-bits
0:0:0:0:0:0 IPv4 Address
Automatic Tunneling
6to4, 6over4 and ISATAP are examples of automatic Tunneling
05/03/23 12
Description Source Address Destination Address
Packet from Host A Host B Src=IPv6 Dst=0::IPv4 of B
Tunnel from Router Host B Src=IPv4 Dst=IPv4
Tunnel from Host B Router Src=IPv4 Dst=IPv4
Packet from Host B Host A Src=0::IPv4 of B Dst=IPv6
6to4 Tunneling6to4 is a mechanism for IPv6 sites to communicate with each other
over the IPv4 network without explicit tunnel set-up
A relay router is a 6to4 router configured to support transit routing between 6to4 addresses and native IPv6 addresses.
The IANA permanently assigned one IPv6 address prefix for “6to4”. It is 2002::/16.
The “6to4” prefix 2002::/16 can be prepended to a host or router’s globally-unique 32-bit IPv4 address (<IPv4-Addr>) to form a 48-bit “6to4” prefix 2002:<IPv4-Addr>
05/03/23 13
6to4 Tunn.. In all scenarios the 6to4 router advertises the prefix 2002:IPv4::/48 to
the local net
6to4 is an efficient method for routing between 6to4 networks, but may be inefficient between native IPv6 networks and 6to4 networks
05/03/23 14
DUAL-STACKDual-stack node has complete support for both IPv4 &
IPv6
In communication with IPv6 host, it acts like IPv6 only node and to communicate with IP4 only host, it acts like IPv4 only node.
Three mode of operation: IPv6-stack, IPv4-stack & Dual-stack
05/03/23 17
DSTM: Dual Stack Transition MechanismDSTM is an IPv4 to IPv6 transition proposal based on the use of IPv4
over IPv6 dynamic tunnels and the temporary allocation of IPv4 global addresses to Dual-Stack hosts
DSTM is intended for IPv6-only networks in which hosts still need to exchange information with other IPv4 hosts or applications
DSTM benefits IPv4 applications are run over an IPv6-only network. Network administration is simplified: only IPv6 is routed inside the
domain. Need of IPv4 global addresses are reduced: Hosts are given a global IPv4
address on a temporary basis only when an application requires it.
05/03/23 18
DSTM: configuration A Dual-stack host in an IPv6-only network wishing to communicate using IPv4;
A DSTM server who administrates the IPv4 addresses pool and
A DSTM gateway in charge of encapsulation and decapsulation of IPv4 over IPv6 packets. In the architecture required for DSTM, only C needs to have direct IPv4 connectivity and a permanent IPv4 address.
05/03/23 19
Tunnel BrokerTunnel broker with the dedicated servers to manage automatic tunnel request
form end users
Tunnel broker is the point where users connects to register and activate tunnels
05/03/23 20
Tunnel Broker…Tunnel broker clients are the dual stack nodes where TB and clients
have to share pre-configured or automatically established security association.
TB Share load of network tunnel end points with several tunnel servers by sending configuration orders to relevant tunnel server whenever a tunnel has to be created.
Communication between the broker and the servers can take place with IPv4 or IPv6.
A tunnel server is a dual stack router connected to the internet
05/03/23 21
TranslationMain goal is to provide transparent routing for nodes in IPv6 to
communicate nodes in IPv4.
Translate IPv6 packets into IPv4 packets & vice-versa
It offer transition mechanism in addition to tunneling/dual-stack.
Network Address Translation-Protocol Translation (NAT-PT) is the technique widely been used to overcome the limitation of IPv4 address.
IP, TCP, UDP, ICMP header s/messages are translated
05/03/23 22
Translation…Category
Stateless IP/ICMP Translation (SIIT) & Network Address translator Protocol Translator
NAT-PT allows IPv6 only host to talk to IPv4 only hosts and vice versa
IPv4 NAT=> Translate one IPv4 address to Another IPv4 address
Here NAT refers to translation of IPv4 address to IPv6 and Vice-Versa.
Provides routing between IPv4 and IPv6 address realms
All NAT-PT configurations are performed on router and hence no changes are made to hosts.
05/03/23 23
Protocol TranslationTranslating IPv4 headers to IPv6 headers
Source address: The low-order 32 bits is the IPv4 source address. The high-order 96 bits is the designated PREFIX for all v4 communications. Addresses using this PREFIX will be routed to the NAT-PT gateway PREFIX::/96).
Destination address: NAT-PT retains a mapping between the IPv4 destination address and the IPv6 address of the destination node. The IPv4 destination address is replaced by the IPv6 address retained in that mapping.
05/03/23 24
Protocol TranslationTranslating IPv6 headers to IPv4 headers
Source address: The NAT-PT retains a mapping between the IPv6 source address and an IPv4 address from the pool of IPv4 addresses available. The IPv6 source address is replaced by the IPv4 address retained in that mapping.
Destination address: IPv6 packets that are translated have a destination address of the form PREFIX::IPv4/96. Thus the low-order 32 bits of the IPv6 destination address is copied to the IPv4 destination address.
05/03/23 25
05/03/23 26
To communicate with IPv4 node, NAT-PT generate fake IPv6 address of IPv4 node by appending IPv4 address of destination to the 96-bits prefix.
The prefix is supplied on the configuration
The fake address can be generated using Application Level gateway Program: Trick-Or-Treat Daemon (DNS-ALG)
05/03/23 27
IPv6 Host A IPv4 Host BNAT-PT120.10.40/24
1-packetSrc: 2001:d30:119::2Dst: prefix::202.70.91.6
Tran
slat
ion
2-packetSrc: 120.10.40.10Dst: 202.70.91.6
3-packetSrc: 202.70.91.6Dst: 120.10.40.10
4-packetSrc: prefix::202.70.91.6Dst: 2001:d30:119::2
How
NA
T-PT
wor
ks ?
DNS-ALG for NAT-PT: Trick Or Treat DaemonTOTD is a small DNS proxy name server which supports IPv6 and
enable IPv6 only sites to access IPv4 sites by using some translation mechanism such as NAT-PT
It is a IPv6 DNS proxy which receive DNS queries from clients and forward it to a normal DNS server
If the reachable normal DNS server is IPv4 only, TOTD must be configured with dual stack mechanism otherwise for IPv6 reachable DNS server, it can be configured for IPv6 only server
05/03/23 28
TOTD..Events made when client make a request to TOTD server
Request an AAAA/A6 records: when a client request an AAAA/A6 record, the TOTD server simply forward the request to the client only if the requested record exists otherwise an A record is requested to normal DNS server and TOTD will receive an answer in IPv4 which will be translated into IPv6 address by adding certain PREFIX to the IPv4 address and forwards it to the client.
PTR lookup: when a client tries a PTR lookup, TOTD simply proxies the look up only if the PTR lookup is using normal global IPv6 address. Otherwise if the PTR lookup is using converted IPv6 address, TOTD will convert the address back to IPv4 and the PTR lookup result will be forwarded to the requested client.
Other request: other queries will be always ignored and the reply is simply forwarded to the client without modification.
05/03/23 29
TOTDTOTD generates the fake IPv6 address by appending IPv4
address with IPv6/64 prefix.
The prefix is configured with TOTD configuration
05/03/23 30
NAT-PT & DNS-ALG testTOTD: a DNS-ALG which is an IPv6 DNS proxy
Generates fake IPv6 address of IPv4 only node.
A combinational test with NAT-PT, DNS, DNS-ALG has been proposed.
05/03/23 31
Totd ServerDNS-ALG
NAT PT
Client IPv6 Only Normal DNS
Server
Internet IPv4/IPv6
IPv6 Only
IPv4/IPv6
NA-PT,DNS &TOTD
Users-IPv6 onlyUsers-IPv6 only
TOTD ServerTOTD Server
Issues a DNS query to ask for the IP address of
www.ioe.edu.np
Forward the DNS querywww.ioe.edu.np
DNS Reply 202.70.91.6
DNS ServerDNS Server
NAT-PTNAT-PT
DNS Reply 2001:D30:101:624:: CA46:5B06
Destination 2001:D30:101:624 ::CA46:5B06
Ioe.edu.npIoe.edu.np
IPv4 onlyIPv4 only
202.
70.9
1.6
11
22
33
44
55
55
66
77
[root@tu-soi ~]# cat /etc/totd.confforwarder ::1 port 5353forwarder 2001:d30:101:1::11 port 53forwarder 2001:d30:102:1000::1001 port 53prefix 2001:d30:101:624::
[root@tu-soi ~]# ping6 www.ioe.edu.npPING www.ioe.edu.np(2001:d30:101:624::ca46:5b06) 56 data bytes64 bytes from 2001:d30:101:624::ca46:5b06: icmp_seq=0 ttl=44 time=2126 ms64 bytes from 2001:d30:101:624::ca46:5b06: icmp_seq=1 ttl=47 time=2153 ms 32
Users-IPv6 onlyUsers-IPv6 only
TOTD ServerTOTD Server
DNS ServerDNS Server
NAT-PTNAT-PT
Ioe.edu.npIoe.edu.np
IPv4 onlyIPv4 only
OthersOthers
Proxy ServerProxy Server
Email ServerEmail ServerDNS
DNS
Que
ries
Que
ries
and
and
Repl
ies
Repl
ies
HTTP Traffic
HTTP Traffic
33
NAT-PT, DNS, DNS-ALG, SQUIDIPv6-SQUID: To reduce the processing overhead in NAT-PT
[root@tu-soi ~]# tail -f /var/log/squid/access.log1199694696.227 1510 2001:d30:119:0:b091:e66d:22b:dca0 TCP_MISS/304 457 GET http://www.ioe.edu.np/stylet.css - PARENT_HIT/2001:d30:101:1::5 text/css1199694696.867 4980 2001:d30:119:0:b091:e66d:22b:dca0 TCP_MISS/200 10314 GET http://www.ioe.edu.np/ - DEFAULT_PARENT/2001:d30:101:1::5 text/html1199694697.742 1514 2001:d30:119:0:b091:e66d:22b:dca0 TCP_MISS/304 456 GET http://www.ioe.edu.np/bglink.css - PARENT_HIT/2001:d30:101:1::5 text/css
34
IPv4 Only web accessed via IPv6-
only Node
Address [2001:d30:119::2] port 3128
35
IPv4 Mail Server accessed via IPv6-
only Node
ComparisonMechanisms Remarks
Tunneling: Can communicate with remote IPv6 network without supporting IPv6 in ISP network Loads on the router (consumes time & CPU power for encapsulation and dcapsulation) MTU size issue and fragmentation problems
Dual-Stack: easy to use and can communicate with both hosts Two separate protocols running over single machine consumes CPU power and memory firewall protection for both protocols (burden)
Don’t solve the problem of IPv4 address exhaustion
Translation: Does not support Advanced IPv6 feature Easy to implement, single border router acting as NAT-PT IPv6 hosts can directly communicate with IPv4 hosts Independent of Hosts
Encourage for transition to IPv6 network
05/03/23 36
Concluding RemarksMigration to IPv6 network should be done as soon as possible
due to IPv4 address inadequacy.
IPv6-Network is ready to implement, Though all the applications are not ready with IPv6 like what is available in IPv4.
More researches are needed for IPv6 compatible application implementation.
Upgrading current network to IPv6 seems difficult, so needs to upgrade by creating IPv6-only sub-network.
05/03/23 37
Conclusion (Contd…)Currently Tunneling/Dual-Stack seems better
because IPv4 network is dominant but NAT-PT is the better approach when IPv6 become dominant.
Awareness & Training regarding the implementation is necessary in Nepal from the root by implementing IPv6 from academic research network
05/03/23 38
The current status of IPv4/IPv6 shows that the world will have IPv6-only network beyond 2030
Conclusion (Contd…)
3905/03/23
Deployment Challenges and RiskFor the Government
Policy IssuesPolitical IssuesCost of overall transition (cost of HW/SW/Training)Lack of Human Resources
Private sectorsEconomical Issues-Cost of Migration (cost of HW/SW/Training)Service Related Issues
Quality and Reliability of Service after MigrationLevel of TrustNational Polices Meets with Global Standards
05/03/23 40
Thank You!
05/03/23 41