Internet Protocol version 6 deployment

From Citizendium
Revision as of 18:10, 30 August 2008 by imported>Howard C. Berkowitz
Jump to navigation Jump to search

Template:TOC-right It is necessary to have a basic idea of how IPv6 works in order to understand an explanation of deploying it; see Internet Protocol version 6. Not every detail is relevant, but some of the more critical aspects include addressing administration, address assignment, appropriate Domain Name System (DNS).

Transition terminology

Some terminology will help structure the discussion. From RFC 2893, there are definitions of node types and mechanisms of coexistence.[1]

An additional discussion gets more into the routing aspets of transition; it is intended only for interim cutover.[2]

Node types

  • IPv4-only node: A host or router that implements only IPv4. An IPv4-only node does not understand IPv6. The installed base of IPv4 hosts and routers existing before the transition begins are IPv4-only nodes.
  • IPv6/IPv4 node: A host or router that implements both IPv4 and IPv6.
    • Dual stack node: A host or router whose IPv4 and IPv6 stacks never need to interconnect, and whose interface(s) are connected only to a pure IPv4 or IPv6 network. Ideally, the nature of the application being IPv4 or IPv6 is hidden from the user, and only the host or router administrator is aware of the dual stacks.
  • IPv6-only node: A host or router that implements IPv6 and does not implement IPv4. See the easiest case below.
  • IPv6 node: Any host or router that implements IPv6. IPv6/IPv4 and IPv6-only nodes are both IPv6 nodes.
  • IPv4 node: Any host or router that implements IPv4. IPv6/IPv4 and IPv4-only nodes are both IPv4 nodes.

Transition techniques

RFC identifies two basic transition techniques. Of course, the ideal is when the network and hosts have no legacy IPv4 requirements, and can be all-IPv6 from the first day.

There are two "basic" tunneling modes:

  • IPv6-over-IPv4 tunneling: The technique of encapsulating IPv6 packets within IPv4 so that they can be carried across IPv4 routing infrastructures.
  • Configured tunneling: IPv6-over-IPv4 tunneling where the IPv4 tunnel endpoint address(es) are determined by configuration information on tunnel endpoints. All tunnels are assumed to be bidirectional. The tunnel provides a (virtual) point-to-point link to the IPv6 layer, using the configured IPv4 addresses as the lower-layer endpoint addresses.

Other, more complex techniques, involve either a viable application layer gateway between separate IPv4 and IPv6 universes, or some type of translation between IPv4 and IPv6 packets:

  • 6to4: Assigns an interim unique IPv6 address prefix to a site with at least one globally routable IPv4 address, and specifies an encapsulation mechanism for transmitting IPv6 packets using such a prefix over the global IPv4 network. Potential scaling problems are known to exist, although it does not increase the size of the IPv4 global routing table, and adds one entry to the IPv6 global routing table.
  • ISATAP: An address assignment and host-to-host, host-to-router, and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6/IPv4 hosts across an IPv4 intranet. [3] ISATAP is fully compatible with autoconfiguration
  • TEREDO: The TEREDO service is a mechanism where the IPv6 packets are carried over a IPv4 network, with the additional constraint that the "TEREDO servers" are located on the "inside" of an IPv4 to IPv4 network address translation device. In addition to the stateless TEREDO servers, there are TEREDO relays, which appear, to the IPv6-only hosts, as IPv6 routers. [4]

Deployment and coexistence principles

For coexistence to occur, the largest number of nodes (IPv4 or IPv6 nodes) can communicate using an IPv4 infrastructure, an IPv6 infrastructure, or an infrastructure that is a combination of IPv4 and IPv6. The simplest form of coexistence comes when only the external routers need to be aware of the other protocok family; they tunnel the less widely deployed protocol over an infrastructure belonging to the more widely deployed. Tunneling protocols are not a panacea, as they may introduce issues, especially when their overhead limits the maximum transmission unit size that can be used by the "payload" protool.

True migration will exist only when IPv4 nodes are converted to IPv6-only nodes. However, for the foreseeable future, practical migration is achieved when as many IPv4-only nodes as possible are converted to IPv6/IPv4 nodes, or there are "islands" of IPv6-only nodes that only need to deal with IPv4 for inter-island transportation.

IPv4-only nodes can communicate with IPv6-only nodes only when using an IPv4-to-IPv6 proxy or translation gateway.

Considering specific situations

To have meaningful discussions of deployment, the problem has to be stated in terms of:

  • The types of end nodes required
  • The cases where the other protocol family needs to supply some part of connetivity
  • Any constraints that apply to the transfer of information over a "foreign" connectivity medium, such as MTU size or support of a particular per-hop behavior not supported in the foreign protocol
  • Operational requirements such as multihoming, especially when multiple providers are involved

An inventory is a fine place to start. Determine:

  • which hosts will never speak to anything that is not completely IPv6, such as the internals of the cellular network
  • which hosts can be completely proxied at an application level

Basic scenarios

The easiest case

The ideal situation for IPv6 introduction is one in which there is no particular need for compatibility with any existing networks. This has been the case in several situations, such as advanced cellular telephony networks, in which the Internet Protocol addressing is purely internal to the network. The telephones continue to use telephone numbers, not IP addresses.

Most major operating systems and routers have IPv6 support, as well as common support services such as domain name service

In this case, there is no immediately obvious need for IPv6-IPv4 interaction. Do no be surprised, however, if some infrastructure devices, such as a protocol analyzer, network management system, or security device, which you want to use, is not IPv6 compatible, and will present a relatively small coexistence or transition challenge.

Connecting islands

For a variation of the pure IPv6 environment, assume you have three locations that are all IPv6. Your challenge is that there is no economically attractive way to interconnect those sites with direct physical leased line. Somehow, you will have to use the IPv4 public Internet, or a provider-provisioned virtual private network from a IPv4 service provider, to interconnect the three sites.

In this situation, only the routers interconnecting the sites will need to be IPv4 aware. While tunneling protocols are not perfect, they may be a reasonable interim solution.

100% application proxy

Another situation where IPv6 may be minimally disruptive is in a country that has no existing Internet infrastructure, and, for various national policy reasons, will permit no direct connections to the Internet; everything must go through a firewall/application proxy. All machines going into the "inside" can be natively IPv6. Again recognizing this as an ideal situation, assume that any Web requests will only use DNS names. The "inside" HTTP requests terminate at an application-layer proxy, which then takes the name in the URL, looks it up in an IPv4 DNS, speaks to the web server, gets the application data, and transfers the application data in the proxy. As long as there are no embedded IP addresses, this may well work. Of course, the Web is not all of the Internet, and the scenario described is Web only, and for those web pages that never embed IP addresses.

IPv6 test and provider networks

6Bone

Operating system specific

Linux

Mac OS

Microsoft

Microsoft has announced strategies for Windows products, especially Vista and Server 2008, for IPv6 operation in various combinations of existing IPv4 public network connectivity,native ISP IPv6 support, IPv4 private address space networks, and coexisting V4/V6.[5]

Microsoft assumes that at present, the basic ISP environment will be IPv4, so Windows will default to IPv6 over IPv4 tunneling unless the ISP indicates native v6 is available. Any IPv6 Windows system directly connected to an ISP will require one globally routable IPv4 address. Subsequent Windows system connected to the IPv6 gateway will hear 6to4 router announcements for the host with the v4 address. [2]

If an existing network has no public IPv4 addresses, and there are NATs that are IPv4 only, Microsoft will use Teredo IPv6 over UDP over IPv4 tunneling.

When enterprises want to move incrementally to IPv6, Microsoft's approach is ISATAP, which allows coexistence and interoperation between IPv4 and IPv6.[3]

Router specific

Cisco

Cisco distinguishes between service provider and enterprise IPv6 deployment. The company strongly recommends that organizations first set up familiarization laboratory environments, become familiar with the technology, and then assess specific requirements and select deployment strategies. [6]

According to Cisco, there are four basic means of communication: The four key strategies for deploying IPv6 are as follows:

  • IPv6 in IPv4 tunnels, with a number of implementation choices including manually configured IPv6 tunnels, generic route encapsulation (GRE) tunnels, tunnel broker and other semiautomatic methods, and automatic tunneling with IPv4-compatible addressing or 6to4.
  • Deploying over dedicated layer 1/2 links. In this model, the individual domains connect using the same transmission infrastructure as the existing V4. Such an approach makes the most sense when the organization has its own physical facilities, in a laboratory environment, as a telecommunications service provider, or a specialized enterprise (e.g., military) that has its own physical facilities. This could be done with new leased lines from a provider, but it might be more economical to get MPLS links from the provider, and run separate V4 and V6 paths.
  • MPLS off3ers a number of techniques, but very little change will be needed to a running MPLS environments, since only the Label Edge Routers (LER) need be awre of v6.
  • Coexistence in a mixed IPv4-IPv6 backbone, with dual-stack routers.

Enterprise

Enterprises have two basic ways to set up familiarization. The first is to get V6 address space and connect to the 6bone or other appropriate test network. Alternaltively, the enterpise can create two or more IPv6 domains, experiment with single-domain operations, and then interconnect them over the existing IPv4 infrastructure.

Service provider

Juniper

Quagga

All Quagga interfaces may be configured with IPv6 addressing, and static routing, as well as RIPng, OSPFv3, and BGP-4+ all are supported. The routers participate in stateless autoconfiguration. Quagga supports RIPng, OSPFv3 and BGP-4+. [7]

References

  1. E. Nordmark, R. Gilligan. (October 2005), Basic Transition Mechanisms for IPv6 Hosts and Routers, RFC 4213
  2. 2.0 2.1 B. Carpenter, K. Moore (February 2001), Connection of IPv6 Domains via IPv4 Clouds, RFC 3056
  3. 3.0 3.1 F. Templin, T. Gleeson, D. Thaler. (March 2008.), Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)., RFC5214
  4. C. Huitema (February 2006), Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)., RFC4380
  5. Microsoft Corporation (February 12, 2008), Microsoft's Objectives for IP Version 6
  6. Cisco Systems, IPv6 deployment strategies
  7. Quagga, IPv6 support
Retrieved from "https://citizendium.org/wiki/index.php?title=Internet_Protocol_version_6_deployment&oldid=525490"