Transitioning to IPv 6 Issues and Mechanisms Jeff

3 Types of Transition Mechanisms u Dual Stacks v u IPv 4/IPv 6 coexistence

Dual Stacking In most cases, the simplest approach u IPv 6 now supported on

Dual Stacking IPv 4 -only Host: Dual-Stacked Host: stan. v 4. com 207. 14.

Tunnels Necessary if all nodes between communicating endpoints are not dual stacked u Add

Tunnel Applications IPv 4 IPv 6 Router to Router IPv 4 IPv 6 Host

Tunnel Types Automatic Tunnels u Application: Configured Tunnels u Application: v Permanent site-to-site connectivity

Automatic Tunnels: Endpoint Determination v Configured tunnels: Endpoints (IP addresses) are determined by administrator

Authoritative Server Approach: Tunnel Broker 3 Tunnel Broker 1 2 6 Client IPv 4

Imbedded Endpoint Address Approach: 6 to 4 138. 14. 85. 210 (Dotted Decimal) =

Imbedded Endpoint Address Approach: 6 to 4 Router Recognizes 6 to 4 Prefixes Local

Translators Necessary if IPv 6 -only endnode and IPv 4 -only endnode must speak

Translator Types u Network level translators Stateless IP/ICMP Translation Algorithm (SIIT)(RFC 2765) v NAT-PT

Translator Types u Network level translators v Stateless IP/ICMP Translation Algorithm (SIIT)(RFC 2765) v

Stateless IP/ICMP Translation (SIIT) 204. 127. 202. 4 IPv 4 Network IPv 6 Network

Network Address Translation - Protocol Translation (NAT-PT) IPv 4 Pool: 120. 130. 26/24 IPv

Network Address Translation - Protocol Translation (NAT-PT) IPv 6 Network IPv 4 Pool: 120.

Problems with NAT-PT v. Statefulness (mapping table) restricts asymmetric traffic v. Complicates network troubleshooting

Transition Strategies: Dual Stacked IPv 4/IPv 6 Backbone u u u (Possibly) lower capital

Transition Strategies: Separate IPv 4/IPv 6 Backbones (Possibly) higher capital expense u Lower operational

Conclusions Dual stacking is the simplest approach u Tunnel only when necessary u Translation

Thank you! jeff@juniper. net 9/19/2021 Copyright © 2006 Juniper Networks 23

Slides: 23

Download presentation

3 Types of Transition Mechanisms u Dual Stacks v u IPv 4/IPv 6 coexistence on one device Tunnels For tunneling IPv 6 across IPv 4 clouds v Later, for tunneling IPv 4 across IPv 6 clouds v IPv 6 <-> IPv 6 and IPv 4 <-> IPv 4 v u Translators v 9/19/2021 IPv 6 <-> IPv 4 Copyright © 2006 Juniper Networks 2

Dual Stacking In most cases, the simplest approach u IPv 6 now supported on most modern network platforms u Routers v Servers v Hosts v u If (almost) everything is “bilingual”, transition is controlled by DNS 9/19/2021 Copyright © 2006 Juniper Networks 3

Dual Stacking IPv 4 -only Host: Dual-Stacked Host: stan. v 4. com 207. 14. 182. 10 Query: stan. v 4. com? A Resource Record: 207. 14. 182. 10 199. 15. 23. 87 3 ffe: 3700: 1100: 1: 210: a 4 ff: fea 0: bc 97 DNS IPv 6 -only Host: ollie. v 6. com 3 ffe. 2301. 1700. 1. abcd. 1234. dada. 1 9/19/2021 Copyright © 2006 Juniper Networks 4

Dual Stacking IPv 4 -only Host: Dual-Stacked Host: stan. v 4. com 207. 14. 182. 10 Query: ollie. v 6. com? AAAA Resource Record: 3 ffe. 2301. 1700. 1. abcd. 1234. dada. 1 199. 15. 23. 87 3 ffe: 3700: 1100: 1: 210: a 4 ff: fea 0: bc 97 DNS IPv 6 -only Host: ollie. v 6. com 3 ffe. 2301. 1700. 1. abcd. 1234. dada. 1 9/19/2021 Copyright © 2006 Juniper Networks 5

Tunnel Types Automatic Tunnels u Application: Configured Tunnels u Application: v Permanent site-to-site connectivity v Carriers, SPs, large backbones v u v v Technologies: v GRE, IP-IP, IPSec… v MPLS u v Technologies: v v Controlled, deterministic v v v u u 9/19/2021 Transient connectivity Connectivity across “v 6 unaware” segments Router to Router Host to Host Tunnel Brokers 6 to 4 ISATAP Teredo? DSTM Possibly non-deterministic Possible security risks Copyright © 2006 Juniper Networks 8

Automatic Tunnels: Endpoint Determination v Configured tunnels: Endpoints (IP addresses) are determined by administrator v Automatic tunnels require an automatic endpoint determination v Two Approaches: 1. Assign them from an authoritative server v Tunnel brokers, Teredo, DSTM 2. Imbed them in IPv 6 addresses v 6 to 4, ISATAP 9/19/2021 Copyright © 2006 Juniper Networks 9

Authoritative Server Approach: Tunnel Broker 3 Tunnel Broker 1 2 6 Client IPv 4 Network 4 DNS AAA Authorization 2. Configuration request 3. TB chooses: • TS • IPv 6 addresses • Tunnel lifetime 4. 5. TB registers tunnel IPv 6 addresses Config info sent to TS 6. Config info sent to client: • Tunnel parameters • DNS name Tunnel enabled 7. 5 7 IPv 6 Tunnel 9/19/2021 1. Copyright © 2006 Juniper Networks Tunnel Server IPv 6 Network 10

Imbedded Endpoint Address Approach: 6 to 4 138. 14. 85. 210 (Dotted Decimal) = 8 a 0 e: 55 d 2 (Hex) IPv 4 Interface: 138. 14. 85. 210 IPv 4 Address: 65. 114. 168. 91 6 to 4 prefix: 2002: 8 a 0 e: 55 d 2: : /48 6 to 4 prefix: 2002: 4172: a 85 b: : /48 IPv 4 Network IPv 6 Site 6 to 4 Router 6 to 4 address: 2002: 8 a 0 e: 55 d 2: 1: 230: 65 ff: fe 2 c: 9 a 6 9/19/2021 Copyright © 2006 Juniper Networks 2002: 4172: a 85 b: 1: 20 a: 95 ff: fe 8 b: 3 cba 11

Imbedded Endpoint Address Approach: 6 to 4 Router Recognizes 6 to 4 Prefixes Local Tunnel Endpoint = 138. 14. 85. 210 Remote Tunnel Endpoint = 65. 114. 168. 91 Packet Source Address: 2002: 8 a 0 e: 55 d 2: 1: 230: 65 ff: fe 2 c: 9 a 6 Packet Destination Address: 2002: 4172: a 85 b: 1: 20 a: 95 ff: fe 8 b: 3 cba IPv 4 Network IPv 6 Site IPv 6 6 to 4 Router Host 1: 2002: 8 a 0 e: 55 d 2: 1: 230: 65 ff: fe 2 c: 9 a 6 Host 2: 2002: 4172: a 85 b: 1: 20 a: 95 ff: fe 8 b: 3 cba DNS: Host 2 = 2002. 4172. a 85 b: 20 a: 95 ff: fe 8 b: 3 cba 9/19/2021 Copyright © 2006 Juniper Networks 12

Translators Necessary if IPv 6 -only endnode and IPv 4 -only endnode must speak u Very few situations where translators should be required u Dual stacking and/or tunneling should be sufficient in most cases v The great majority of modern IPv 6 -capable network/host systems are dual stack, not IPv 6 -only v IPv 6 -only devices are likely to be specialized, and in IPv 6 -only networks v Add another layer of complexity to the network and the transition plan u Avoid them if you can u 9/19/2021 Copyright © 2006 Juniper Networks 13

Translator Types u Network level translators Stateless IP/ICMP Translation Algorithm (SIIT)(RFC 2765) v NAT-PT (RFC 2766) v Bump in the Stack (BIS) (RFC 2767) v u Transport level translators v u Transport Relay Translator (TRT) (RFC 3142) Application level translators Bump in the API (BIA)(RFC 3338) v SOCKS 64 (RFC 3089) v Application Level Gateways (ALG) v 9/19/2021 Copyright © 2006 Juniper Networks 14

Translator Types u Network level translators v Stateless IP/ICMP Translation Algorithm (SIIT)(RFC 2765) v NAT-PT (RFC 2766) v u Transport level translators v u Bump in the Stack (BIS) (RFC 2767) Transport Relay Translator (TRT) (RFC 3142) Application level translators Bump in the API (BIA)(RFC 3338) v SOCKS 64 (RFC 3089) v Application Level Gateways (ALG) v NAT-PT (using SIIT procedures) has emerged as the dominant translator 9/19/2021 Copyright © 2006 Juniper Networks 15

Stateless IP/ICMP Translation (SIIT) 204. 127. 202. 4 IPv 4 Network IPv 6 Network Source = 216. 148. 227. 68 Dest = 204. 127. 202. 4 SIIT Source = 204. 127. 202. 4 Dest = 216. 148. 227. 68 Source = : : ffff: 0: 216. 148. 227. 68 Dest = : : ffff: 204. 127. 202. 4 Source = : : ffff: 204. 127. 202. 4 Dest = : : ffff: 0: 216. 148. 227. 68 SIIT also changes: • Traffic Class TOS • Payload length • Protocol Number NH Number • TTL Hop Limit 3 ffe: 3700: 1100: 1: 210: a 4 ff: fea 0: bc 97 216. 148. 227. 68 9/19/2021 Copyright © 2006 Juniper Networks 16

Network Address Translation - Protocol Translation (NAT-PT) IPv 4 Pool: 120. 130. 26/24 IPv 6 prefix: 3 ffe: 3700: 1100: 2/64 IPv 6 Network IPv 4 Network DNS v 4 host. 4 net. org? NAT-PT v 4 host. 4 net. org A 204. 127. 202. 4 v 4 host. 4 net. org AAAA 3 ffe: 3700: 1100: 2: : 204. 127. 202. 4 v 4 host. 4 net. org 204. 127. 202. 4 v 6 host. 6 net. com 3 ffe: 3700: 1100: 1: 210: a 4 ff: fea 0: bc 97 9/19/2021 Copyright © 2006 Juniper Networks 17

Network Address Translation - Protocol Translation (NAT-PT) IPv 6 Network IPv 4 Pool: 120. 130. 26/24 IPv 6 prefix: 3 ffe: 3700: 1100: 2/64 IPv 4 Network Mapping Table Inside 3 ffe: 3700: 1100: 1: 210: a 4 ff: fea 0: bc 97 DNS Outside 120. 130. 26. 10 Source = 3 ffe: 3700: 1100: 1: 210: a 4 ff: fea 0: bc 97 Dest = 3 ffe: 3700: 1100: 2: : 204. 127. 202. 4 NAT-PT Source = 120. 130. 26. 10 Dest = 204. 127. 202. 4 Source = 204. 127. 202. 4 Dest = 120. 130. 26. 10 v 4 host. 4 net. org 204. 127. 202. 4 Source = 3 ffe: 3700: 1100: 2: : 204. 127. 202. 4 Dest = 3 ffe: 3700: 1100: 1: 210: a 4 ff: fea 0: bc 97 v 6 host. 6 net. com 3 ffe: 3700: 1100: 1: 210: a 4 ff: fea 0: bc 97 9/19/2021 Copyright © 2006 Juniper Networks 18

Problems with NAT-PT v. Statefulness (mapping table) restricts asymmetric traffic v. Complicates network troubleshooting v. Single point of failure or attack v. Possible DNS difficulties v. Many of the same constraints, vulnerabilities as v 4 NAT v. Nevertheless, some see v 6 NAT as a necessity v. Maintaining provider independence, for example 9/19/2021 Copyright © 2006 Juniper Networks 19

Transition Strategies: Dual Stacked IPv 4/IPv 6 Backbone u u u (Possibly) lower capital expense (Possibly) higher operational complexity More risk of network disruption during migration Less incremental migration Legacy equipment issues Access 9/19/2021 Access IPv 4/IPv 6 IPv 4 Copyright © 2006 Juniper Networks 20

Transition Strategies: Separate IPv 4/IPv 6 Backbones (Possibly) higher capital expense u Lower operational complexity u Low risk to operational network u Easier, more incremental migration u IPv 6 Access IPv 4 9/19/2021 Copyright © 2006 Juniper Networks 21

Conclusions Dual stacking is the simplest approach u Tunnel only when necessary u Translation should seldom be needed, if at all u A long-range transition plan reduces cost u v u IPv 6 SW/HW phased in as part of normal network evolution Biggest transition expense is likely to be planning, testing, inventory, training, etc. i. e. , human resource expenses v Not capital expenses v 9/19/2021 Copyright © 2006 Juniper Networks 22