Tuesday 07 February 2012
|About | Sitemap | Faq | Contact |
 
 
News | Meetings | Document Store | Registration Services | Database | Policies | Training | Mailing Lists | Tools | Statistics
:: IPv6 Portal  

Date:

20070928


PDF version  

 

Transition Mechanisms

Listed below is a description of the different transition mechanisms options available to ensure IPv4 and IPv6 interoperability. These mechanisms are categorized in the following three broad classes:

1- Dual-stack,
2- Tunnels (includes configured and automatic tunnels),
3- Translation mechanisms.

Dual-stacks

The term “dual-stack” refers to TCP/IP capable devices providing support for both IPv4 and IPv6. It is important to understand that having a device being able to communicate over both IPv4 or IPv6 does not necessarily means that all applications operating within this device are capable of utilizing both IPv4 and IPv6. The term “Dual-stack routing” refers to a network that is dual IP, that is to say all routers must be able to route both IPv4 and IPv6.

Requiring all new devices be both IPv4 and IPv6 capable permits these devices to have the ability to use either IP protocol version, depending on the services available, the network availability, service, and the administrative policy. A transition scenario which calls for “dual-stack everywhere” provides the most flexible operational environment. Dual-stacked hosts running on a dual-stack network allow applications to migrate one at a time from IPv4 transport to IPv6 transport. Legacy applications and devices that are not yet upgraded to support access to the IPv6 stack can coexist with upgraded IPv6 applications on the same network system.

Tunnels

The term “tunneling” refers to a means to encapsulate one version of IP in another so the packets can be sent over a backbone that does not support the encapsulated IP version. For example, when two isolated IPv6 networks need to communicate over an IPv4 network, dual-stack routers at the network edges can be used to set up a tunnel which encapsulates the IPv6 packets within IPv4, allowing the IPv6 systems to communicate without having to upgrade the IPv4 network infrastructure that exists between the networks.

Configured Tunnels

The term “configured tunnels” is used when network administrators manually configure the tunnel within the endpoint routers at each end of the tunnel. Any changes to the network like renumbering must be must manually reflected on the tunnel endpoint. Tunnels result in additional IP header overhead since they encapsulate IPv6 packets within IPv4 (or vice versa).

Automatic Tunnels

The term “automatic tunnels” is used when a device directly create their own tunnels to dual-stacked routers for shipping IP packets within IP. The IPv6 Tunnel Broker (RFC 3053), 6to4 (RFC 3056), Teredo (Tunneling IPv6 over UDP through NATs- RFC 4380) and ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) ship IPv6 packets within IPv4 and can be referenced as IPv6-over-IPv4 mechanisms while DSTM (Dual-stack Transition Mechanism) ships IPv4 packets within IPv6 and can be reference as IPv4-over-IPv6 mechanism.

The IPv6 tunnel broker mechanism uses dual-stacked servers sitting between IPv6 and IPv4 networks to assist in the set up of a configured tunnel to a host. 6to4, Teredo and ISATAP allow end host systems to create their own automatic tunnels to dual-stacked routers for shipping IPv6 packets within IPv4. While ISATAP is mainly for IPv6-over-IPv4 tunneling within a domain, all of the other IPv6-over-IPv4 mechanisms are designed to tunnel IPv6 packets out of an IPv4-only administrative domain. Like configured tunnels, automatic tunneling has double IP header overhead, since tunnels encapsulate IPv6 packets within IPv4 (or vice versa).

DSTM technique provides a unique solution to the IPv4-IPv6 transition problem. This mechanism is designed to rapidly reduce the reliance on IPv4 routing and is intended for IPv6-only networks in which hosts still occasionally need to exchange information directly with other IPv4 hosts or applications. Network administration is simplified and the need of IPv4 global addresses is reduced. DSTM can be integrated with an IPv6 Tunnel Broker for tighter security integration. DSTM routers can be coupled with IPv4 Firewalls and Intrusion Detection systems to secure IPv4 tunnel endpoints from IPv4-based attacks.

Special consideration must be given to the security risk associated with automatic tunneling as it allows user-nodes to establish tunnels that may bypass a site’s security checkpoints such as firewalls and intrusion detection systems. In general, a full dual-stack along with IPv6-capable firewalls, guards, intrusion detection, and end-host security may provide a more secure and interoperable IPv6 transition solution than tunneling. However, for network infrastructures that contain IPv4-only or IPv6-only routing coupled with dual-stack end-nodes, automatic tunneling provides a flexible transition strategy. Again the risks associated with all potential solutions must be carefully considered.

Protocols Translators

The term “translators” refers to devices capable of translating traffic from IPv4 to IPv6 or vice and versa. This mechanism is intended to eliminate the need for dual-stack network operation by translating traffic from IPv4-only devices to operate within an IPv6 infrastructure. This option is recommended only as a last resort because translation interferes with objective of end-to-end transparency in network communications. Use of protocol translators cause problems with NAT and highly constrain the use of IP-addressing.

 

 

 
AfriNIC IPv6 Resources
IPv6 Resource Home
IPv6 Training
IPv6 Documents
IPv6 Addresses (Yearly)
IPv6 Addresses (by country)
v6 prefixes - BGP report
FTP Statistics
   
External IPv6 Resources
IPv6 Prefix per RIR
IANA IPv6 Address Space
v6 looking Glass
IPv4/IPv6 checker
   
Copyright © 2005-2010 AfriNIC. All rights reserved.
For website comments/feedback, click here . For general inquiries, email contact@afrinic.net