Overview of IPv6 Transition Mechanisms!
Mukom Akong T. [email protected] | @perfexcellent
& their CPE requirements for Access Networks
FOR EACH transition mechanism DISCUSS § Infrastructural elements § Brief overview § Where it is typically employed § CPE requirements
NEXT
Tran
siti
on M
echa
nism
s Agenda
www.afrinic.net | slide 2
Transition mechanisms for access networks
www.afrinic.net | slide 3
Tran
siti
on M
echa
nism
s
Transition mechanisms
Dual stack Tunneling
6rd
Translation
NAT64
Device
Hosts
IPv6 address
Default gateway
DNS server
CPEs
IPv6 address
Default gateway
DNS server
Prefix for LAN(s)
IPv6
Add
ress
Pro
visi
onin
g IPv6 address provisioning requirements
learn.afrinic.net | slide 4
Tran
siti
on M
echa
nism
s | D
ual S
tack
Critical CPE requirements
www.afrinic.net | slide 5
Customer network
CPE
Access network
Delegated prefix
IPv6 address DNS resolver Default gateway
IPv6
Add
ress
Pro
visi
onin
g Options for automatic address provisioning
www.afrinic.net | slide 6
Address Default
Gateway DNS
server Delegated
Prefix
SLAAC ✔ ✔ ✖
Stateful DHCPv6 ✔ ✖ ✔ ✔
Stateless DHCPv6 ✖ ✖ ✔ ✖
RDNSS ✖ ✖ ✔ ✖
www.afrinic.net | slide 7
u IPv4 and IPv6 is enabled on all network elements u Typically used when access network can easily support IPv6 Tr
ansi
tion
Mec
hani
sms
| Dua
l Sta
ck
Dual Stack – Infrastructural elements
www.afrinic.net | slide 8
Provider core network
Customer network
PE CPE
Access network
Tran
siti
on M
echa
nism
s | D
ual S
tack
Dual Stack – CPE requirements
www.afrinic.net | slide 9
Customer network
CPE
Access network
Delegated prefix
IPv4 address & mask IPv6 address DNS resolvers (v4 & v6) IPv4 default gateway IPv6 default gateway
① Increased complexity in PE configuration ② Support staff must be trained to troubleshoot both
protocols
Some implications of running dual stack
www.afrinic.net | slide 10
Tran
siti
on M
echa
nism
s
www.afrinic.net | slide 11
u IPv6 is carried within IPv4 packets across the access network
u Both the CPE and PE must be dual stack u Use case: access network elements don’t support IPv6
Tran
siti
on M
echa
nism
s | 6
rd
Tunneling– Infrastructural elements
www.afrinic.net | slide 12
Provider core network
Dual stacked customer network PE CPE
IPv4-only Access network
u Manual § Requires manual configuration at both ends § Not scalable for use in access networks
u Semi automatic, Tunnel Broker [RFC 3053] § Remote end is auto-configured, other is manual § Not scalable for use in access networks
u Automatic § Tunnels are created on demand § Examples: 6to4, 6rd, ISATAP § 6rd is currently the most recommended tunnel mechanism
Types of tunnels
www.afrinic.net | slide 13
Tran
siti
on M
echa
nism
s | 6
rd
u 6rd = IPv6 Rapid Deployment (RFC 5969) u Plug-n-play ease of 6to4 without the drawbacks u Uses an ISP’s v6 prefix rather than 2002::/16 thus limiting the
operational domain to the ISP’s network.
Tran
siti
on M
echa
nism
s | 6
rd
Overview of 6rd
www.afrinic.net | slide 14
© M
ark Tow
nsley, Cisco
Tran
siti
on M
echa
nism
s | 6
rd
6rd – CPE requirements
www.afrinic.net | slide 15
Dual stacked Customer network
CPE
Access network
6rd delegated prefix
IPv4 address & mask DNS resolvers (v4) IPv4 default gateway
6rd delegated prefix is derived from the CPE WAN IPv4 address
www.afrinic.net | slide 16
u Only mechanism where a v6-only host can talk to a v4 host u Typical use case: greenfield IPv6 only networks Tr
ansi
tion
Mec
hani
sms
| NA
T64
NAT64 – Infrastructural elements
www.afrinic.net | slide 17
Provider core network
V6-only customer network PE CPE
IPv6-only Access network
NAT64 & DNS64 – Use Case for Access Networks
www.afrinic.net | slide 18
Tran
siti
on M
echa
nism
s | N
AT6
4
Source: Marc Blanchette, Viagenie
u Only mechanism for getting v4 only speaking to v6 only u Operates in two modes:
§ Stateful - one to many v4 address mapping § Stateless - one to one address mapping with only IP & ICMP
header translation) u Current Implementations
§ Ecdysis (free and Open Source) § MS Forefront UAG DirectAccess § Cisco CGv6
IPv4-IPv6 Translation: NAT64 & DNS64
www.afrinic.net | slide 19
Tran
siti
on M
echa
nism
s | 6
rd
NAT64 & DNS64 – How it Works
www.afrinic.net | slide 20
Tran
siti
on M
echa
nism
s
DNS64
Regular DNS
v4 Serverwww.example.com
192.0.2.6
NAT64
v6 Host2001:db8::2
A? www.example.com
www.example.com = 192.0.2.6
2
3
Synthesize AAAA from A using WKP 64:ff9b::/96
4AAAA? w
ww.exam
ple.co
m
1
www.exam
ple.co
m =
64:ff
9b::c
000:2
06
5
6
7
810
Inside: 2001:db8::1Outside: 192.0.2.1
src:2001:db8::2 | dst:64:ff9b::c000:206
src:[64:ff9b::c000:206 | src:2001:db8::2
src:192.0.2.1dst:192.0.2.6src:192.0.2.6dst:192.0.2.1
9 Do v6<
->v4 N
APT
Re-calc checksums
Tran
siti
on M
echa
nism
s | 6
rd
NAT64 – CPE requirements
www.afrinic.net | slide 21
V6-only Customer network
CPE
IPv6 Access network
delegated prefix
IPv6 address DNS resolvers (v6) IPv6 default gateway
The NAT64 functionality is typically at the providers edge
Thank U | Questions ?
www.afrinic.net