IPv6 Translation and Tunneling Technologies

With the exhaustion of the IPv4 addressing space quickly approaching, it has become a high priority for organizations to begin their own deployments of IPv6. This can be accomplished in a number of different ways. The common methods include side-by-side implementations of IPv4 and IPv6, the implementation of tunneling over existing IPv4 networks, and the implementation of a translation process from IPv4 to IPv6. This article examines these specific methods and how they can be used to support an IPv6 deployment.

IPv4/IPv6 Coexistence

The transition from IPv4 to IPv6 will not be something that is done overnight; it will take a number of years before IPv6 has anywhere near 100 percent implementation. In these intervening years (including now), a number of mechanisms have been (and will be) developed to make the transition as easy as possible.

The first of the available options is referred to as dual stack. When using this method, an organization essentially does not transition to IPv6 but simply builds a parallel IPv6 network next to their existing IPv4 network.

The second of the available options is tunneling. The basic idea behind tunneling methods is that IPv6 will be tunneled over an existing IPv4 network. A number of different tunneling methods are available and can be selected based on the requirements of the situation.

The third of the available options is translation. The idea behind translation is that at a boundary router between an IPv4 and an IPv6 network a translation process maps an IPv4 address to an IPv6 address (or vice versa).

Dual Stack

When a network is configured as dual stack, each device on the network is configured with both an IPv4 address and an IPv6 address, the idea being that once all the devices have implemented IPv6, the IPv4 part of the network will be depreciated. This method is common for businesses looking to slowly convert their existing devices from IPv4 to IPv6. These companies can configure their routing infrastructure to support both IPv4 and IPv6 but bring their other network devices over to IPv6 at a slower pace.

It is also possible for individual devices to be configured as dual stack and use one of the tunneling technologies discussed in the next section.

Tunneling

The concept behind tunneling is not new; many people use tunneling daily, but just use it for other reasons. For example, many companies use IPsec or Secure Sockets Layer (SSL) tunnels to secure information when it is being transmitted over an untrusted network.

Many different tunneling methods are available. Which one to use depends on the specific implementation details. Table 1 lists some commonly available tunneling methods and their suggested usage.

Translation

The concept of address translation is also not a new concept to most network engineers; this is because Network Address Translation (NAT) is implemented between different IPv4 networks in almost every residential household. The concept behind this type of NAT and the newer technologies that support address translation between IPv4 and IPv6 networks is similar. IPv6 translation technologies differ from IPv6 tunneling technologies; this is because the translation technologies enable IPv4-only devices to speak to IPv6-only devices, which is not possible with any of the tunneling methods.

However, IPv4/IPv6 translation and IPv4-only translation entail a certain amount of complexity. What happens when an IPv6-only device is attempting to communicate with a device on the public IPv4 Internet and only an IPv4 DNS record (A) exists? In these situations, a secondary technology is required to step in and provide additional services for the connection to work.

The first method to be introduced to provide IPv6 translation services was Network Address Translation – Protocol Translation (NAT-PT). NAT-PT defined a mechanism to not only translate between IPv4 to IPv6 addresses but also a built-in ability to provide protocol translation services for Internet Control Message Protocol (ICMP), File Transfer Protocol (FTP), and Domain Name System (DNS). The component that was responsible for these translation services is called the application layer gateway (ALG).

The ALG piece of the NAT-PT method raised a number of issues. With additional testing and real-life experience, a new method was introduced that separated the address translation functionality and the application layer translation functionalities: NAT64 and DNS64.

DNS64 can synthesize IPv6 address resource records (AAAA) from IPv4 resource records (A); it does this by encoding the returned IPv4 address into a IPv6 address format.

Summary

The selection of an IPv6 transition mechanism depends greatly on the current status of an organization’s network and how fast they want to transition their devices from IPv4 to IPv6. Logic seems to say that those organizations with bleeding-edge technology tastes and small staffs will probably be (or are already) the first people in line to transition over to IPv6. Those larger companies that have tens of thousands of network devices will most likely transition a piece at a time following the experience level of each department.

The transition to IPv6 is coming, and all those network engineers reading this article should become experts in IPv6 as quickly as possible. The process of converting networks from IPv4 to IPv6 will shortly become a large-scale request, and those with the correct skills will be in demand, a fact even more important in the current economy.

Next up, IPv6 Tunneling Technology Configuration.