Overview of Ipv6 Transition Mechanisms!

Overview of IPv6 Transition Mechanisms!

& their CPE requirements for Access Networks Mukom Akong T. mukom@afrinic.net | @perfexcellent Agenda

FOR EACH transition mechanism DISCUSS § Infrastructural elements § Brief overview § Where it is typically employed

Mechanisms Transition § CPE requirements NEXT

www.afrinic.net | slide 2 Transition mechanisms for access networks

Transition mechanisms

Dual stack Tunneling Translation

Mechanisms Transition 6rd NAT64

www.afrinic.net | slide 3 IPv6 address provisioning requirements

Device

Hosts CPEs

IPv6 address IPv6 address

Default gateway Default gateway

Provisioning IPv6 Address DNS server DNS server Preﬁx for LAN(s)

learn.afrinic.net | slide 4 Transition Mechanisms | Dual Stack Customer network Delegated preﬁx Critical CPErequirements CPE www.afrinic.net Access network | slide 5 | slide Default gateway DNS resolver address IPv6 IPv6 Address Provisioning RDNSS Stateless DHCPv6 Stateful DHCPv6 SLAAC Options for automatic address provisioning Address ✔ ✔ ✖ ✖ www.afrinic.net

Gateway Default | slide 6 | slide ✔ ✖ ✖ ✖

server DNS ✔ ✔ ✔ ✖

Delegated Prefix ✔ ✖ ✖

www.afrinic.net | slide 7 Dual Stack – Infrastructural elements

Access network

Customer Provider core network network CPE PE

u IPv4 and IPv6 is enabled on all network elements

Mechanisms | Dual Stack Transition u Typically used when access network can easily support IPv6

www.afrinic.net | slide 8 Transition Mechanisms | Dual Stack Customer network Dual Stack –CPErequirements Delegated preﬁx CPE www.afrinic.net Access network | slide 9 | slide IPv6 default gatewayIPv6 default gatewayIPv4 DNS resolvers (v4 &v6) address IPv6 address &mask IPv4 Some implications of running dual stack

① Increased complexity in PE configuration ② Support staff must be trained to troubleshoot both protocols Mechanisms Transition

www.afrinic.net | slide 10 www.afrinic.net | slide 11 Tunneling– Infrastructural elements

IPv4-only Access network Dual stacked Provider core customer network network CPE PE

u IPv6 is carried within IPv4 packets across the access network

Mechanisms | 6rd Transition u Both the CPE and PE must be dual stack u Use case: access network elements don’t support IPv6

www.afrinic.net | slide 12 Types of tunnels

u Manual § Requires manual configuration at both ends § Not scalable for use in access networks u Semi automatic, Tunnel Broker [RFC 3053] § Remote end is auto-configured, other is manual § Not scalable for use in access networks u Automatic § Tunnels are created on demand Mechanisms | 6rd Transition § Examples: 6to4, 6rd, ISATAP § 6rd is currently the most recommended tunnel mechanism

www.afrinic.net | slide 13 Overview of 6rd © © Mark Townsley , Cisco

u 6rd = IPv6 Rapid Deployment (RFC 5969) u Plug-n-play ease of 6to4 without the drawbacks Mechanisms | 6rd Transition u Uses an ISP’s v6 prefix rather than 2002::/16 thus limiting the operational domain to the ISP’s network.

www.afrinic.net | slide 14 Transition Mechanisms | 6rd 6rd delegated prefixisderivedfrom theCPEWAN IPv4 address Dual stacked Customer network 6rd delegated preﬁx 6rd –CPErequirements CPE www.afrinic.net Access network | slide 15 15 | slide IPv4 default gatewayIPv4 DNS resolvers (v4) address &mask IPv4 www.afrinic.net | slide 16 NAT64 – Infrastructural elements

IPv6-only Access network V6-only Provider core customer network network CPE PE

u Only mechanism where a v6-only host can talk to a v4 host u Typical use case: greenfield IPv6 only networks Mechanisms | NAT64 Transition

www.afrinic.net | slide 17 NAT64 & DNS64 – Use Case for Access Networks Mechanisms | NAT64 Transition

Source: Marc Blanchette, Viagenie

www.afrinic.net | slide 18 IPv4-IPv6 Translation: NAT64 & DNS64

u Only mechanism for getting v4 only speaking to v6 only u Operates in two modes: § Stateful - one to many v4 address mapping § Stateless - one to one address mapping with only IP & ICMP header translation) u Current Implementations § Ecdysis (free and Open Source)

Mechanisms | 6rd Transition § MS Forefront UAG DirectAccess § Cisco CGv6

www.afrinic.net | slide 19 NAT64 & DNS64 – How it Works

4 Synthesize AAAA from A using WKP 64:ff9b::/96

2 Regular DNS A? www.example.com 3 www ple.com 5 .example.com = am DNS64 192.0.2.6 x .e

ple.com = Inside: 2001:db8::1 am Outside: 192.0.2.1 x c000:206 src:1 .e :: 7 92.0.2. 1 dst 1 AAAA? www f9b ::c000:206 NAT64 :192.0.2.6 www 4:f 4:ff9b 6 :6 src:1 1:db8::2 9 92.0.2.6 Do v6<->v4 N Do v6<->v4 dst 1:db8::2 | dst c:200 R :192.0.2. | sr e-ca Mechanisms Transition 6 10 src:200 1 8 ::c000:206 64:ff9b lc check v6 Host src:[ 2001:db8::2 v4 Server

sums www.example.com APT 192.0.2.6

www.afrinic.net | slide 20 Transition Mechanisms | 6rd The NAT64 functionality istypicallyatthe providersedge Customer network V6-only NAT64 –CPErequirements delegated preﬁx CPE www.afrinic.net IPv6 AccessIPv6 network | slide 21 21 | slide IPv6 default gatewayIPv6 DNS resolvers (v6) address IPv6 Thank U | Questions ?