1

Transition Mechanism

Certified IPv6 Network Engineer (CNE6) – Level 1

• Understanding ICMPv6• Technical Details of ICMPv6• ICMPv6 Packet format• Types of ICMPv6 Messages• Operations of ICMPv6• Understanding NDP• Technical Details• NDP Messages• Router Solicitation (RS)• Router Solicitation Packet• Router Solicitation Format• Router Advertisement (RA)• Router Advertisement Packet• Router Advertisement Format• Router Advertisement Options• Neighbor Solicitation (NS)• Neighbor Solicitation Packet• Neighbor Solicitation options• Using NS for D.A.D

• Neighbor Advertisement (NA)• Neighbor Advertisement Packet• Neighbor Advertisement Options• Redirect• Redirect Header• Redirect Example• Understanding NDP Processes• Router Discovery• Prefix Discovery • Prefix Discovery using RA&RS• Parameter discovery• Address Autoconfiguration• Address Resolution• Next-Hop Determination• Neighbor Unreachability Detection• Understanding Neighbor States• Duplicate Address Detection• Duplicate Address Detection (DAD)

Explained

Outline

Overview

Transition MechanismsAre technologies to facilitate the transitioning of the

Internet from its IPv4 infrastructure to IPv6.Well known mechanisms:•Dual-Stack•Tunneling•Translation(and it’s variances)

Types of nodes

Type Definition

IPv4-Only node A host or router that implements only IPv4. An IPv4-only node does not understand IPv6.

IPv6/IPv4 node A host or router that implements both IPv4 and IPv6.

IPv6-only node A host or router that implements only IPv6 and does not implement IPv4.

IPv6 node Any host or router that implements IPv6. IPv6/IPv4 and IPv6-only nodes are both IPv6 nodes.

IPv4 node Any host or router that implements IPv4. IPv6/IPv4 and IPv4-only nodes are both IPv4 nodes.

As defined in RFC4213

Dual-Stack

Understanding Dual-Stack• Dual-stack nodes, as the name suggests, maintain two protocol stacks

that operate in parallel and thus allow the end system or router to operate via either protocol.

• In end systems, they enable both IPv4 and IPv6 capable applications to operate on the same node.

• Dual-stack capabilities in routers allow handling of both IPv4 and IPv6 packet types.

Dual-Stack Operating Systems

Dual-Stack examples

A & AAAA (Quad A) records

MacOS IPv4/v6 settings

Tunneling

Understanding Tunneling• For IPv6 transition, the IPv6 protocol data unit (PDU) is generally carried

as the payload of an IPv4 packet. • Encapsulation of the payload protocol data unit is performed at the tunnel

entrance (source), and decapsulation is performed at the tunnel exit point (destination).

Tunneling IPv6 in IPv4

• IPv6 is encapsulated in IPv4– Identified by ‘Protocol 41’

• Many topologies possible – – Router to Router– Host to Router – Host to Host

• The tunnel node endpoints takes care of the encapsulation. This process is “transparent” to the other nodes.

Tunneling Mechanisms

• The following IPv6 tunneling techniques to be used over IPv4 networks.• IPv6 Manually Configured Tunnel• IPv6 over IPv4 GRE Tunnel• 6over4• Automatic IPv4-Compatible Tunnel• Automatic 6to4 Tunnel• Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) Tunnel• Teredo Tunnel• IPv6 Rapid Deployment (6rd)

Understanding Configured Tunneling

• These tunnels are used when using IPv6 addresses that do not have any embedded IPv4 information.

• Tunnel endpoints are explicitly configured. The IPv6 and IPv4 addresses of the endpoints of the tunnel MUST be specified.

– All IPv6 implementations support this

• Tunnel endpoints must be dual stack nodes– The IPv4 address is the endpoint for the tunnel– Require a reachable IPv4 address (no NAT between the endpoints)

Configured Tunnels must be configured manually.

Understanding IPv6 over IPv4 GRE Tunnel

• Uses the standard Generic Routing Encapsulation (GRE) tunneling technique.

• As in manually configured tunnels, these tunnels are links between two points, with a separate tunnel for each link.

• GRE tunnels are not tied to a specific passenger or transport protocol.• GRE tunnels are used between two points and require configuration of

both the source and destination addresses of the tunnel.• The edge routers and end systems used as tunnel end points must be dual

stack devices.

Understanding Automatic IPv4-Compatible Tunnel

• Is an IPv6 over IPv4 tunnel mechanism which uses an IPv4-compatible IPv6 address.

• Can be configured between end systems, edge routers, or an edge router and an end system. But mainly been used to establish connection between routers.

• Automatic IPv4-compatible tunnel technique constructs tunnels with remote nodes on the fly.

• Tunnel source and destination are automatically determined by the IPv4 address.

• The IPv4-compatible tunnel is largely replaced by the 6to4.• The use of IPv4-compatible tunnel as a transition mechanism is nearly

deprecated.

Example ::192.168.99.1

Understanding Automatic 6to4 Tunnel

• 6to4 tunnel treats the IPv4 infrastructure as a virtual non-broadcast link using an IPv4 address embedded in the IPv6 address to find the other end of the tunnel.

• Each IPv6 domain requires a dual-stack router.• The key requirement is that each site has a 6to4 IPv6 address.

• Each site, even if it has just one public IPv4 address, has a unique routing prefix in IPv6.

How 6to4 Works

6to4 Relay Routers• 6to4 doesn’t provide connectivity to the global IPv6

Internet.• 6to4 Relay Routers (RR) provides such capabilities.• These RR are standard routers with both 6to4 and a

normal IPv6 address.• RR provide a routing service between the native IPv6

domain and the 6to4 domain.

Understanding ISATAP

• Intrasite Automatic Tunnel Addressing Protocol (ISATAP) is similar to 6to4 that enables incremental deployment of IPv6.

• Allow hosts that are multiple IPv4 hops away from an IPv6 router to participate in the IPv6 network by automatically tunneling IPv6 packets over IPv4.

• All ISATAP nodes are dual stacked.• ISATAP requires the first 64 bit of the address to be available. (known as the

ISATAP prefix)• The 64-bit interface identifier is formed by concatenating 0000:5EFE and the

IPv4 address of the dual-stack node (e.g. 192.168.99.1).

Understanding TEREDO

• Teredo (also known as Shipworm) service is a tunnel mechanism that provides IPv6 connectivity to nodes located behind one or more IPv4 NATs.

• Tunnels IPv6 packets over the User Datagram Protocol (UDP) through NAT devices.

• Teredo service is defined for the case where the NAT device cannot be upgraded to offer native IPv6 routing or act as a 6to4 router/or other mechanisms.

• The Teredo network consists of a set of Teredo clients, servers, and relays.• Teredo tunnels use Teredo servers and Teredo relays.

• The Teredo servers are stateless and manage a small fraction of the traffic between Teredo clients

• Teredo relays act as IPv6 routers between the Teredo service and the native IPv6 Internet

Teredo Addressing

• The Teredo prefix is 2001::/32. • The Teredo server IPv4 address is the public IPv4

address. • The Flags field indicates the type of NAT used by the

Teredo client. • The last two fields are the “obscured” mapped

external IPv4 address and port of the Teredo client.

• Teredo client (TC): IPv4 node that wants access to the IPv6 Internet• Teredo server (TS):

– assist in the address configuration of Teredo clients– facilitate the initial communication between Teredo clients and other

Teredo clients or between Teredo clients and IPv6-only hosts• Teredo relay (TR): IPv6 router that can receive traffic from the IPv6

Internet to the Teredo client and forward it to the Teredo client interface.

Teredo Architecture

E.g. Teredo Communication

1. TC sends v6 echo request to TS.1

2. TS relays the echo request to the IPv6-only host (6H).

3. 6H sends an IPv6 echo reply with the TC’s address as destination. The IPv6 infrastructure will route this packet to the nearest TR based on 2001::/32 routes.

4. The TR will tunnel the echo reply to the TC:

– cone NAT, the packet will be forwarded to the TC

– restricted cone NAT, this packet would be discarded, and additional procedures, involving bubble packets

5. TC determines relay IPv4 address from the received packet send packets to the 6H via the TR.

6. The TR extracts the IPv6 packet and forwards to the 6H. Future communications can follow this same path.

1. TS are expected to relay these requests.

E.g. Teredo Communication

Saturday, April 8, 2023 23

• Thank You