IPv4 depletion
3rd Feb, 2011, the Internet Assigned Numbers Authority (IANA) assigned the last batch of 5 /8 address blocks to the Regional Internet Registries, officially depleting the global pool of completely fresh blocks of addresses.
compatible
IPv6 and IPv4 packets are not compatible on the wire. Put simply, when implementing IPv6 you are layering a new logical network onto your existing physical topology.
3 classes of IPv6 transition mechanisms
- Dual Stack – This allows IPv4 and IPv6 to coexist in the same devices and networks.
- Tunneling (Encapsulation) – This allows the transport of IPv6 traffic over the existing IPv4 infrastructure.
- Translation – This allows IPv6 only nodes to communicate with IPv4 only nodes.
Dual Stack
Benefits:
• It can be deployed on hosts, routers, on same interfaces as v4
• Allows hosts to continue to reach v4 resources, while also adding v6 functionalityDNS
The Domain Name System (DNS) is used in both IPv4 and IPv6 to map between hostnames and IP addresses.
A new resource record type named "AAAA" has been defined for IPv6 addresses.
If the destination host has IPv4 and IPv6 addresses in the DNS, the typical behavior of applications is to start connecting to IPv6 addresses first.Tunneling
Tunneling provides a way to utilize an existing IPv4 routing infrastructure to carry IPv6 traffic.
- Router-to-Router – the tunnel spans one segment of the end-to-end path that the IPv6 packet takes
- Host-to-Router – tunnel spans the first segment of the packet’s end-to-end path
- Router-to-Host – tunnel spans only the last segment of the end-to-end path
- Host-to-Host – tunnel spans the entire end-to-end path that the packet takes
How does tunneling work
- Tunneling refers to a process by which one node encapsulates the IPv6 packet inside an IPv4 packet
- IPv6 packet consists of an IPv6 header, Transport Header and Application Protocol data
- To tunnel these IPv6 packets over the IPv4 network we add a IPv4 header and the IPv6 packet is put inside the payload of the IPv4 packet.
The tunneling process involves three steps
- Encapsulation at the tunnel entry point
- Decapsulation at the tunnel exit point
- and tunnel management
Two types of tunneling
Configured tunnels and Automatic tunnels
Configured Tunnels
- point to point in nature
- equivalent to a permanent link between two IPv6 domains over an IPv4 backbone
- benefits of point to point tunnels include: simple to deploy and allow transport of IPv6 packets over an IPv4 network
- issue : manually configured and they introduce a Single Point of Failure
- examples of IPv6 point-to-point tunnels: Manually Configured Tunnels (MCT) and Generic Routing Encapsulation (GRE) Tunnels
Automatic tunneling
- allows IPv6 nodes to communicate over an IPv4 infrastructure without the need for tunnel destination pre-configuration
- point to multipoint in nature
- allow the sending router to use a single tunnel interface to send packets to multiple remote routers
- examples: 6to4, ISATAP, tunnel broker and Teredo
6to4 address
- 6to4 special prefix 2002::/16
- IPv4 external address of border router in hex 192.0.2.4 -> C0 00: 02 04
- 2002:c000:0204::/48 to number its whole network
- The next 16 bits are used for the company to subnet
and the final 64 bits being used as the Interface Id
6to4 tunneling
- 2002::/16
- with 6to4 multipoint tunnels the destination IPv4 address is embedded in the destination IPv6 address
- the tunnel entry point extracts the IPv4 address of the tunnel exit point from the IPv6 destination address and routes the traffic towards Router2
6to4 R2 2002:C000:0304::/48 -> 192.0.3.4 - special 6o4 Relay routers, allow 6to4 networks to communicate with native IPv6 networks
at least one logical 6to4 interface and at least one native IPv6 interface
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
- provide IPv6 connectivity for dual-stack nodes over an IPv4 based intranet
- views the IPv4 network as a link layer for IPv6
diff between ISATAP and 6to4
- ISATAP tunnel interface IPv6 addresses embed the IPv4 address in the last two quartets
- using normal IPv6 unicast prefixes
- ISATAP interface identifiers: Modified EUI-64 format, 00:00:5E:FE / 02:00:5E:FE + 32-bit IPv4 address
example 2001:DB8:510::/64 and an IPv4 address of 62.2.84.115
ISATAP address is 2001:DB8:510::200:5EFE:3E02:5473 or 2001:DB8:510::200:5EFE:62.2.84.115
ISATAP similar with 6to4
- used to identify the IPv4 address of the remote router for the purposes of tunneling IPv6 packets
- create dynamic multiport tunnels
ISATAP Tunneling
- Host A, Host B and router are all dual-stack and have an enabled implementation of ISATAP
- All nodes must support ISATAP in order to communicate
- The default router can be statically configured in all ISATAP nodes within the one site
- native IPv6 host, send the packet to native IPv6 host C through the default ISATAP router set on A
A limitation of both 6to4 and ISATAP is that they do not traverse NAT.
Tunnel broker
- providing IPv6 connectivity to users already connected to the IPv4
- offering semi automatic tunnel services to end users
- a Tunnel Broker (TB) and many Tunnel Servers (TS)
The Tunnel Broker (TB) : the user connects to register and activate tunnels
For scalability reasons the Tunnel Broker can share the load of network side tunnel end-points among several tunnel servers
Teredo network
Teredo’s distinguishing feature is that it is able to perform its function
even from behind NAT devices such as home routers
The Teredo network is based on the following components:
-Teredo client
-Teredo server
And Teredo relay
Each Teredo client is assigned a public IPv6 address which is constructed using the following 5 components:
- Prefix: As we saw earlier in 6to4 tunneling addressing, it uses a special prefix. Teredo also uses a special prefix to provide an IPv6 address to nodes. Teredo clients are assigned an IPv6 address that
starts with the Teredo prefix (2001:0::/32). - The next 32 bits are the IPv4 address of the Teredo Server.
- Flags: a set of 16 bits that document the type of address and NAT.
- UDP Port number of the external NAT mapping of the client: 16 bits
- Finally the IPv4 address of the external NAT mapping of the client: 32 bits.
Translation OPTIONS
- Stateless IP/ICMP Translation Algorithm (SIIT)
When an IP/ICMP translator receives an IPv4 datagram addressed to a destination towards the IPv6 domain, it translates the IPv4 header of that packet into an IPv6 header. - Network Address Translation – Protocol Translation (NAT-PT)
NAT-PT allows native IPv6 hosts and applications to communicate with native IPv4 hosts and applications, and vice versa.
Application level gateway (ALG)
- Application level gateways (ALGs) that receive and decode the application protocol connections over one IP protocol and then restart another connection over the other IP protocol can be considered a translation
- mechanism at the application layer.
- EXAMPLES OF ALG’S
HTTP APPLICATION SPECIFIC PROXY
SMTP APPLICATION LEVEL GATEWAY
Carrier-grade NAT (CGN)
also known as large-scale NAT (LSN) uses an approach whereby the remaining IPv4 addresses will have to be shared among customers so it is necessary to share a single IPv4 address across multiple customers.
Critics of carrier-grade NAT argue the following aspects:
- It breaks the end-to-end principle.
- It has significant security, scalability, and reliability problems, by virtue of being stateful.
Several variations in the deployment architectures for network addressing solutions
They are all similar in the way that they enable providers to share a small IPv4 address pool among a large number of users. They differ in the way that packets are carried to the CGN.
• In NAT444, they are carried over IPv4.
• In NAT64, they are carried over IPv6.
• In DS Lite, they are carried as IPV4 packets over an IPv6 tunnel.
CGN should not be seen as an alternative to IPv6. It only extends the life of IPv4 addresses.Still all IPv4 addressing, IPv6 is deferred.
Dual-Stack Lite
- designed to let an Internet service provider omit the deployment of any IPv4 address to the customer’s customer-premises equipment (CPE). Instead, only global IPv6 addresses are provided.
- This tunneling of IPv4 packets enables IPv4 applications and IPv4 hosts to communicate with the IPv4 Internet over the IPv6-only links. Using this approach, a service provider can deploy IPv6 and still provide an IPv4 service.
- A drawback to this method is that DS Lite functionality must be added to existing customers’ CPE either through a software upgrade or by replacing the unit.
6rd
- 6rd is a mechanism to facilitate IPv6 rapid deployment across IPv4 infrastructures of Internet service providers (ISPs).
- It is derived from 6to4, a pre-existing mechanism to transfer IPv6 packets over the IPv4 network, with the significant change that it operates entirely within the end-user’s ISP’s network, thus avoiding the major architectural problems inherent in the original design of 6to4.
- making each ISP use one of its own IPv6 prefixes instead of the special 2002::/16 prefix
- 2 key components. These are 6rd Customer Edge (CE) routers and 6rd Border Relay (BR).