IPv4 to IPv6�Transition Technologies : IPv4 to IPv6 Transition Technologies
� The migration of Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6) will not happen overnight. There will be a period of transition when both protocols are in use over the same infrastructure. To address this transition period, the designers of IPv6 have created technologies and address types so that IPv6 nodes can communicate with each other in a mixed environment, even if they are separated by an IPv4-only infrastructure. This presentation describes the IPv4 to IPv6 transition technologies . : The migration of Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6) will not happen overnight. There will be a period of transition when both protocols are in use over the same infrastructure. To address this transition period, the designers of IPv6 have created technologies and address types so that IPv6 nodes can communicate with each other in a mixed environment, even if they are separated by an IPv4-only infrastructure. This presentation describes the IPv4 to IPv6 transition technologies . Abstract
Slide3 : Outline
Introduction
Node Type
Transition Mechanisms
Tunneling Configurations
Windows Server 2008 and Windows Vista Tunneling Technologies
IPv4 and IPv6 Transition Algorithm
Introduction : Introduction
Protocol transitions are deployed by installing and configuring the new protocol on all nodes within the network and verifying that all node and router operations work successfully.
Possible in a small or medium sized organization .
Therefore, while migration is the long-term goal, equal consideration must be given to the interim coexistence of IPv4 and IPv6 nodes.
Transition criteria : Transition criteria
Existing IPv4 hosts can be upgraded at any time, independent of the upgrade of other hosts or routers.
New hosts, using only IPv6, can be added at any time, without dependencies on other hosts or routing infrastructure.
Existing IPv4 hosts, with IPv6 installed, can continue to use their IPv4 addresses and do not need additional addresses.
Little preparation is required to either upgrade existing IPv4 nodes to IPv6 or deploy new IPv6 nodes.
Node Types : Node Types
IPv4-only node : A node that implements only IPv4 (and has only IPv4 addresses) and does not support IPv6. Most hosts and routers installed today are IPv4-only nodes.
IPv6-only node: A node that implements only IPv6 (and has only IPv6 addresses) and does not support IPv4. This node is only able to communicate with IPv6 nodes and applications. This type of node is not common today, but might become more prevalent as smaller devices such as cellular phones and handheld computing devices include the IPv6 protocol.
IPv6/IPv4 node: A node that implements both IPv4 and IPv6.
IPv4 node: A node that implements IPv4. An IPv4 node can be an IPv4-only node or an IPv6/IPv4 node.
IPv6 node: A node that implements IPv6. An IPv6 node can be an IPv6-only node or an IPv6/IPv4 node.
True vs. practical migration : True vs. practical migration
True migration is achieved when all IPv4 nodes are converted to IPv6-only nodes.
practical migration is achieved when as many IPv4-only nodes as possible are converted to IPv6/IPv4 nodes.
IPv4-only nodes can communicate with IPv6-only nodes only when using an IPv4-to-IPv6 proxy or translation gateway.
Transition Mechanisms : Transition Mechanisms
To coexist with an IPv4 infrastructure and to provide an eventual transition to an IPv6-only infrastructure, the following mechanisms are used:
Using both IPv4 and IPv6
IPv6 over IPv4 tunneling
DNS infrastructure
Using Both IPv4 and IPv6 : Using Both IPv4 and IPv6
During the time that the routing infrastructure is being transitioned from IPv4-only, to IPv4 and IPv6, and finally to IPv6-only, hosts must be able to reach destinations using either IPv4 or IPv6.
To use both IPv4 and IPv6 Internet layers on the same host, IPv6/IPv4 hosts can have the following architectures:
Dual IP layer architecture
Dual stack architecture
Dual IP Layer Architecture : Dual IP Layer Architecture
A dual IP layer architecture contains both IPv4 and IPv6 Internet layers with a single implementation of Transport layer protocols such as TCP and UDP .
The Next Generation TCP/IP stack in Windows Server 2008 and Windows Vista is a new implementation of the TCP/IP protocol suite that includes both IPv4 and IPv6 in a dual IP layer architecture
Dual IP Layer Architecture : Dual IP Layer Architecture
With a single protocol stack that contains both IPv4 and IPv6, a host running Windows Server 2008 or Windows Vista can create the following types of packets:
IPv4 packets
IPv6 packets
IPv6 over IPv4 packets
These are IPv6 packets that are encapsulated with an IPv4 header.
Dual Stack Architecture : Dual Stack Architecture A dual stack architecture contains both IPv4 and IPv6 Internet layers with separate protocol stacks containing separate implementations of Transport layer protocols such as TCP and UDP.
The IPv6 protocol for Windows Server 2003 and Windows XP is a dual stack architecture.
The IPv6 protocol driver, Tcpip6.sys, contains a separate implementation of TCP and UDP.
Dual Stack Architecture : Dual Stack Architecture
With both IPv4 and IPv6 protocol stacks, a host running Windows Server 2003 or Windows XP can create the following types of packets:
IPv4 packets
IPv6 packets
IPv6 over IPv4 packets
The IPv6 protocol for Windows Server 2003 is not a dual IP layer, it functions in the same way as a dual IP layer in terms of providing functionality for IPv6 transition.
DNS Infrastructure : DNS Infrastructure
Needed for successful coexistence because of the prevalent use of names rather than addresses to refer to network resources.
Upgrading the DNS infrastructure consists of populating the DNS servers with records to support IPv6 name-to-address and address-to-name resolutions.
After the addresses are obtained using a DNS name query, the sending node must select which addresses are used for communication.
IPv6 over IPv4 Tunneling : IPv6 over IPv4 Tunneling Encapsulation of IPv6 packets with an IPv4 header .
IPv6 packets can be sent over an IPv4 infrastructure.
Within the IPv4 header:
The IPv4 Protocol field is set to 41 to indicate an encapsulated IPv6 packet.
The Source and Destination fields are set to IPv4 addresses of the tunnel endpoints.
The tunnel endpoints are either manually configured as:
part of the tunnel interface or
automatically derived from the next-hop address of the matching route for the destination and the tunneling interface.
IPv6 over IPv4 Tunneling : IPv6 over IPv4 Tunneling For IPv6 over IPv4 tunneling, the IPv6 path maximum transmission unit (MTU) for the destination is typically 20 less than the IPv4 path MTU for the destination.
If the IPv4 path MTU is not stored for each tunnel, there are instances where the IPv4 packet will need to be fragmented at an intermediate IPv4 router.
IPv6 over IPv4 tunneled packet must be sent with the Don’t Fragment flag in the IPv4 header set to 0.
Tunneling Configurations : Tunneling Configurations
The following tunneling configurations with which to tunnel IPv6 traffic between IPv6/IPv4 nodes over an IPv4 infrastructure:
Router-to-Router
Host-to-Router or Router-to-Host
Host-to-Host
IPv6 over IPv4 tunneling only describes an encapsulation of IPv6 packets with an IPv4 header so that IPv6 nodes are reachable across an IPv4 infrastructure.
Unlike tunneling for the Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP), there is no exchange of messages for tunnel setup, maintenance, or termination.
Additionally, IPv6 over IPv4 tunneling does not provide security for tunneled IPv6 packets.
Router-to-Router : Router-to-Router
Two IPv6/IPv4 routers connect two IPv6-capable infrastructures over an IPv4 infrastructure.
The tunnel endpoints span a logical link in the path between the source and destination.
The IPv6 over IPv4 tunnel between the two routers acts as a single hop.
Routes within each IPv4 or IPv6 infrastructure point to the IPv6/IPv4 router on the edge.
For each IPv6/IPv4 router, there is a tunnel interface representing the IPv6 over IPv4 tunnel and routes that use the tunnel interface.
Router-to-Router : Router-to-Router Examples of Router-to-Router tunneling configuration are:
An IPv6-only test lab that tunnels across an organization’s IPv4 infrastructure to reach the IPv6 Internet.
Two IPv6-only routing domains that tunnel across the IPv4 Internet.
A 6to4 router that tunnels across the IPv4 Internet to reach another 6to4 router or a 6to4 relay. For more information about 6to4, see "6to4" in this white paper.
Host-to-Router and Router-to-Host : Host-to-Router and Router-to-Host
IPv6/IPv4 node that resides within an IPv4 infrastructure creates an IPv6 over IPv4 tunnel to reach an IPv6/IPv4 router.
The tunnel endpoints span the first segment of the path between the source and destination nodes.
The IPv6 over IPv4 tunnel between the IPv6/IPv4 node and the IPv6/IPv4 router acts as a single hop.
On the IPv6/IPv4 node, a tunnel interface representing the IPv6 over IPv4 tunnel is created and a route (typically a default route) is added using the tunnel interface.
The IPv6/IPv4 node tunnels the IPv6 packet based on the matching route, the tunnel interface, and the destination address of the IPv6/IPv4 node.
Host-to-Router and Router-to-Host : Host-to-Router and Router-to-Host
In the router-to-host tunneling configuration, an IPv6/IPv4 router creates an IPv6 over IPv4 tunnel across an IPv4 infrastructure to reach an IPv6/IPv4 node.
The tunnel endpoints span the last segment of the path between the source node and destination node.
On the IPv6/IPv4 router, a tunnel interface representing the IPv6 over IPv4 tunnel is created and a route (typically a subnet route) is added using the tunnel interface.
The IPv6/IPv4 router tunnels the IPv6 packet based on the matching subnet route, the tunnel interface, and the destination address of the IPv6/IPv4 node.
Host-to-Router and Router-to-Host : Host-to-Router and Router-to-Host Examples of host-to-router and router-to-host tunneling are:
An IPv6/IPv4 host that tunnels across an organization’s IPv4 infrastructure to reach the IPv6 Internet.
An Intra-site Automatic Tunnel Addressing Protocol (ISATAP) host that tunnels across an IPv4 network to an ISATAP router to reach the IPv6 Internet, another IPv4 network, or an IPv6-capable network. For more information about ISATAP, see "ISATAP" in this white paper.
An ISATAP router that tunnels across an IPv4 network to reach an ISATAP host.
Slide23 : Host-to-Host IPv6/IPv4 node that resides within an IPv4 infrastructure creates an IPv6 over IPv4 tunnel to reach another IPv6/IPv4 node that resides within the same IPv4 infrastructure.
The tunnel endpoints span the entire path between the source and destination nodes.
The IPv6 over IPv4 tunnel between the IPv6/IPv4 nodes acts as a single hop.
On each IPv6/IPv4 node, an interface representing the IPv6 over IPv4 tunnel is created.
Routes might be present to indicate that the destination node is on the same logical subnet defined by the IPv4 infrastructure.
Based on the sending interface, the optional route, and the destination address, the sending host tunnels the IPv6 traffic to the destination.
Host-to-Host : Host-to-Host Examples of Host-to-Host tunneling configuration are:
IPv6/IPv4 hosts that use ISATAP addresses to tunnel across an organization’s IPv4 infrastructure.
IPv6/IPv4 hosts that use IPv4-compatible addresses to tunnel across an organization’s IPv4 infrastructure.
Types of Tunnels : Types of Tunnels Configured Tunnels
Requires manual configuration of tunnel endpoints.
The IPv4 addresses of tunnel endpoints are not derived from addresses that are encoded in the next-hop address when sending or forwarding the packet.
Router-to-router tunneling configurations can be manually configured.
The tunnel interface configuration, consisting of the IPv4 addresses of the tunnel endpoints, must be manually specified along with static routes that use the tunnel interface.
Automatic Tunnels
A tunnel that does not require manual configuration.
Tunnel endpoints for automatic tunnels are determined by the use of routes, next-hop addresses based on destination IPv6 addresses, and logical tunnel interfaces.
Slide26 : Windows Server 2008 and Windows Vista Tunneling Technologies
ISATAP
6to4
Both are used for unicast communication across the IPv4 Internet and is enabled by default.
Teredo
Used for unicast communication across the IPv4 Internet over network address translators (NATs).
Teredo support is included and is disabled by default.
Teredo support is included with Windows Server 2008, Windows Server 2003 Service Pack 1 and later, Windows XP with SP2 and later, and Windows XP with SP1 and the Advanced Networking Pack for Windows XP, and is disabled by default.
Teredo support is also included with Windows Vista and is enabled but inactive by default.
IPv4 and IPv6 Transition Algorithm : IPv4 and IPv6 Transition Algorithm
Stateless Internet Protocol/Internet Control Messaging Protocol Translation (SIIT)
Network Address Translation–Protocol Translation (NAT-PT)
Stateless Internet Protocol/Internet Control Messaging Protocol Translation (SIIT) : Stateless Internet Protocol/Internet Control Messaging Protocol Translation (SIIT)
(SIIT) is an IPv6 transition mechanism that allows IPv6-only hosts to talk to IPv4-only hosts.
The mechanism involves a stateless mapping or bidirectional translation algorithm between IPv4 and IPv6 packet headers as well as between Internet Control Messaging Protocol version 4 (ICMPv4) and ICMPv6 messages.
requires the assignment of an IPv4 address to the IPv6-only host, and this IPv4 address is used by the host in forming a special IPv6 address that includes this IPv4 address.
Slide29 :
The mechanism is intended to preserve IPv4 addresses. So, rather than permanently assigning IPv4 addresses to IPv6-only hosts.
SIIT requires the assignment of temporary IPv4 addresses to the IPv6-only hosts.
The translation process can be performed directly in the end system or in a network-based device.
SIIT is a stateless IP/ICMP translation to process each conversion individually without any reference to previously translated packets. Stateless Internet Protocol/Internet Control Messaging Protocol Translation (SIIT)
Slide30 :
Translating an IPv4 address into an IPv6 address is straightforward, with SIIT defining it as embedding the IPv4 address in the low 32 bits of a specially defined IPv6 address, termed an IPv4-mapped IPv6 address. Stateless Internet Protocol/Internet Control Messaging Protocol Translation (SIIT)
Network Address Translation–Protocol Translation (NAT-PT) : Network Address Translation–Protocol Translation (NAT-PT)
(NAT-PT) employs a stateful IPv4/IPv6 header translation on a network device on the boundary of the IPv4 and IPv6 networks.
The translation is between an IPv4 address and an IPv6 address. NAT-PT uses a pool of IPv4 addresses for assignment to the IPv6 nodes on a dynamic basis as sessions.
One of the benefits of NAT-PT is that no changes are required to existing hosts because all the NAT-PT translations are performed at the network-based NAT-PT device.
Slide32 : It uses a pool of public IPv4 addresses assigned on a dynamic basis within the NAT-PT device as sessions are initiated between IPv4-only and IPv6-only nodes. A table is kept in the device of the mapping between these addresses.
In the following figure, the following are assumed:
The IPv6 end system is on the same subnetwork as the NAT-PT device and uses a link-local address, FECD:BA98::7654:3210, when communicating with the NAT-PT device.
The session is being established by the IPv6 end system.
Network Address Translation–Protocol Translation (NAT-PT)
Slide33 : The NAT-PT device has a pool of addresses, including the subnet 120.130.26/24, to use in mapping the incoming IPv6 source addresses, in this case the above link-local address. Network Address Translation–Protocol Translation (NAT-PT)
Slide34 :
When establishing a session from the IPv6-only node to the IPv4-only node, the IPv6 node will learn the IPv4 address of the destination IPv4 node via a DNS lookup.
At session initiation, the IPv6 node will originate a packet with the following:
IPv6 source address: FECD:BA98::7654:3210
IPv6 destination address: PREFIX::132.146.243.30. Network Address Translation–Protocol Translation (NAT-PT)
Slide35 :
On reception of the packet, the NAT-PT device will assign an IPv4 address from its pool, and this assigned address will be used as the source address in forwarding the packet to the IPv4 node. The resulting translated packet will have the following:
IPv4 source address: 120.130.26.10, assigned for the IPv4 address pool
IPv4 destination address: 132.146.243.30, the IPv4 address of the IPv4 end system Network Address Translation–Protocol Translation (NAT-PT)
Conclusion : Conclusion
Numerous IPv4-to-IPv6 transition mechanisms have been devised to readily enable the migration.
Leading router and operating system vendors already support IPv6, as well as various transition implementations.
However, bringing it all together into a comprehensive migration plan for your network can be a daunting task.
Migrating to IPv6 involves the upgrading of applications, hosts, routers, and DNS to support IPv6.
Because the migration might take years, IPv6/IPv4 nodes must be able to coexist over IPv4 infrastructures such as the Internet and private intranets.
References : References Microsoft Corporation, IPv6 Transition Technologies , February 2008.
John J. Amoss and Daniel Minoli, Handbook of IPv4 to IPv6 Transition, 2008.
Tim Rooney, IPv4-to-IPv6 Transition Strategies, February 2007.
C. Huitema, Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs), RFC 4380, February 2006.
R. Hinden and S. Deering, IP Version 6 Addressing Architecture, RFC 2373, July 1998.
G. Tsirtsis and P. Srisuresh, Network Address Translation–Protocol Translation (NAT-PT), RFC 2766, February 2000.
Thanks For All��There is any question?☻ : Thanks For All There is any question?☻