Overview of IPv6 Transition Mechanisms!
& their CPE requirements for Access Networks Mukom Akong T. mukom@afrinic.net | @perfexcellent Agenda
FOR EACH transition mechanism DISCUSS § Infrastructural elements § Brief overview § Where it is typically employed
Mechanisms Transition § CPE requirements NEXT
www.afrinic.net | slide 2 Transition mechanisms for access networks
Transition mechanisms
Dual stack Tunneling Translation
Mechanisms Transition 6rd NAT64
www.afrinic.net | slide 3 IPv6 address provisioning requirements
Device
Hosts CPEs
IPv6 address IPv6 address
Default gateway Default gateway
Provisioning IPv6 Address DNS server DNS server Prefix for LAN(s)
learn.afrinic.net | slide 4 Transition Mechanisms | Dual Stack Customer network Delegated prefix Critical CPErequirements CPE www.afrinic.net Access network | slide 5 | slide Default gateway DNS resolver address IPv6 IPv6 Address Provisioning RDNSS Stateless DHCPv6 Stateful DHCPv6 SLAAC Options for automatic address provisioning Address ✔ ✔ ✖ ✖ www.afrinic.net
Gateway Default | slide 6 | slide ✔ ✖ ✖ ✖
server DNS ✔ ✔ ✔ ✖
Delegated Prefix ✔ ✖ ✖
www.afrinic.net | slide 7 Dual Stack – Infrastructural elements
Access network
Customer Provider core network network CPE PE
u IPv4 and IPv6 is enabled on all network elements
Mechanisms | Dual Stack Transition u Typically used when access network can easily support IPv6
www.afrinic.net | slide 8 Transition Mechanisms | Dual Stack Customer network Dual Stack –CPErequirements Delegated prefix CPE www.afrinic.net Access network | slide 9 | slide IPv6 default gatewayIPv6 default gatewayIPv4 DNS resolvers (v4 &v6) address IPv6 address &mask IPv4 Some implications of running dual stack
① Increased complexity in PE configuration ② Support staff must be trained to troubleshoot both protocols Mechanisms Transition
www.afrinic.net | slide 10 www.afrinic.net | slide 11 Tunneling– Infrastructural elements
IPv4-only Access network Dual stacked Provider core customer network network CPE PE
u IPv6 is carried within IPv4 packets across the access network
Mechanisms | 6rd Transition u Both the CPE and PE must be dual stack u Use case: access network elements don’t support IPv6
www.afrinic.net | slide 12 Types of tunnels
u Manual § Requires manual configuration at both ends § Not scalable for use in access networks u Semi automatic, Tunnel Broker [RFC 3053] § Remote end is auto-configured, other is manual § Not scalable for use in access networks u Automatic § Tunnels are created on demand Mechanisms | 6rd Transition § Examples: 6to4, 6rd, ISATAP § 6rd is currently the most recommended tunnel mechanism
www.afrinic.net | slide 13 Overview of 6rd © © Mark Townsley , Cisco
u 6rd = IPv6 Rapid Deployment (RFC 5969) u Plug-n-play ease of 6to4 without the drawbacks Mechanisms | 6rd Transition u Uses an ISP’s v6 prefix rather than 2002::/16 thus limiting the operational domain to the ISP’s network.
www.afrinic.net | slide 14 Transition Mechanisms | 6rd 6rd delegated prefixisderivedfrom theCPEWAN IPv4 address Dual stacked Customer network 6rd delegated prefix 6rd –CPErequirements CPE www.afrinic.net Access network | slide 15 15 | slide IPv4 default gatewayIPv4 DNS resolvers (v4) address &mask IPv4 www.afrinic.net | slide 16 NAT64 – Infrastructural elements
IPv6-only Access network V6-only Provider core customer network network CPE PE
u Only mechanism where a v6-only host can talk to a v4 host u Typical use case: greenfield IPv6 only networks Mechanisms | NAT64 Transition
www.afrinic.net | slide 17 NAT64 & DNS64 – Use Case for Access Networks Mechanisms | NAT64 Transition
Source: Marc Blanchette, Viagenie
www.afrinic.net | slide 18 IPv4-IPv6 Translation: NAT64 & DNS64
u Only mechanism for getting v4 only speaking to v6 only u Operates in two modes: § Stateful - one to many v4 address mapping § Stateless - one to one address mapping with only IP & ICMP header translation) u Current Implementations § Ecdysis (free and Open Source)
Mechanisms | 6rd Transition § MS Forefront UAG DirectAccess § Cisco CGv6
www.afrinic.net | slide 19 NAT64 & DNS64 – How it Works
4 Synthesize AAAA from A using WKP 64:ff9b::/96
2 Regular DNS A? www.example.com 3 www ple.com 5 .example.com = am DNS64 192.0.2.6 x .e
ple.com = Inside: 2001:db8::1 am Outside: 192.0.2.1 x c000:206 src:1 .e :: 7 92.0.2. 1 dst 1 AAAA? www f9b ::c000:206 NAT64 :192.0.2.6 www 4:f 4:ff9b 6 :6 src:1 1:db8::2 9 92.0.2.6 Do v6<->v4 N Do v6<->v4 dst 1:db8::2 | dst c:200 R :192.0.2. | sr e-ca Mechanisms Transition 6 10 src:200 1 8 ::c000:206 64:ff9b lc check v6 Host src:[ 2001:db8::2 v4 Server
sums www.example.com APT 192.0.2.6
www.afrinic.net | slide 20 Transition Mechanisms | 6rd The NAT64 functionality istypicallyatthe providersedge Customer network V6-only NAT64 –CPErequirements delegated prefix CPE www.afrinic.net IPv6 AccessIPv6 network | slide 21 21 | slide IPv6 default gatewayIPv6 DNS resolvers (v6) address IPv6 Thank U | Questions ?
www.afrinic.net