IPv6 Deployment Strategies: Translation Techniques

Similar to many of the solutions proposed to extend the life of the IPv4 address space, a variety of proposal exist for the purpose of translating IPv6 to IPv4 addresses as a method of migrating networks to IPv6. The common thread with these solutions is that rather than use the dual-stack or tunneling techniques outlined earlier, a company would instead run IPv6 internally on its network, and then use some type of translation server or gateway for continued access to the IPv4 Internet.

Although this method would break the “end-to-end” connectivity that is a central premise of IPv6, it does present an interesting solution that many companies may choose to employ as a migration strategy. One such recommendation is outlined in RFC 2766 is known as Network Address Translation – Protocol Translation (NAT-PT). A variety of IPv6 translation RFCs are currently under consideration, but the ultimate standards are still largely yet to be determined.

IPv6 Deployment Strategies: Tunneling Techniques

A variety of different tunneling techniques already exist for the purpose of interconnecting IPv6 networks using the infrastructure provided by existing IPv4 networks. For example, imagine if a company were to deploy IPv6 in two of their offices. Using various tunneling methods, the company could interconnect these offices over an IPv4-based network such as an existing WAN connection or the Internet. In order to do this, the routers providing the interconnection between the IPv6 and IPv4 networks must be dual stack devices. The advantages of using tunneling include the fact that it allows service providers to begin providing end-to-end IPv6 connections, even before they have fully converted their infrastructure to supporting IPv6.

A number of different methods for tunneling IPv6 over IPv4 networks are currently in use including manually configured tunnels, generic routing encapsulation (GRE) tunnels, automatic IPv6 to IPv4 tunnels that use techniques similar to IPv4-mapped IPv6 addresses, and more. One inherent limitation of IPv6 tunneling techniques is that they do not support common Internet connection methods like network address translation (NAT).

IPv6 Deployment Strategies: Dual Stack Technique

The dual stack technique is likely to become quite common as companies make the transition from IPv4 to IPv6. As the name suggests, this method involves running both IPv4 and IPv6 protocol stacks on network equipment such as hosts and routers until the transition to a purely IPv6 network can be completed. Under this scenario, Cisco routers on a network would be configured to route both IPv4 and IPv6 traffic, with hosts configured to use both protocol stacks as well. Cisco has already developed versions of its IOS software that support both protocol stacks simultaneously. Unfortunately, it will likely take quite some time before all of the applications that end users require access to support IPv6. As such, using a dual-stack technique would quite likely be a long-term arrangement, requiring two protocol stacks to be managed simultaneously, not to mention greater memory requirements on equipment like routers. However, the dual stack technique does provide an effective method for organizations to begin deploying and testing IPv6 throughout their networks.

Addressing IPv6 Hosts

Throughout this section there have been clues as to how hosts, and specifically interfaces, obtain their IPv6 addresses. The three methods by which an IPv6 host can obtain an IP address include stateless autoconfiguration, statefulautoconfiguration, or manually.
Stateless autoconfiguration is the easiest IPv6 address allocation method available. When used, stateless autoconfiguration uses the network prefix information contained in router advertisements as the first 64 bits of its addresses, and then appends its MAC address in EUI-64 format as the interface portion. This method is especially useful in environment where a DHCP server is neither configured nor present. On local networks without a router, a host using stateless autoconfiguration will use the link local network prefix and append to this its EUI-64 format MAC address.

For a higher degree on control over which addresses IPv6 interfaces use, statefulautoconfiguration can use another addressing method. When an IPv6 node sends out its router solicitation message at startup, the router can be configured to include whether a DHCP server should be used in its reply. If a DHCP server should be used, the node will used attempt to find a DHCP server through the use of multicasts. This is again an improvement over IPv4, where clients attempting to lease an IP address from a DHCP server use broadcast messages.

Finally, IPv6 addresses can also be configured manually. While generally not suggested for individual hosts, certain network nodes (such as routers) will require explicit configuration. Given the length and complexity of IPv6 addresses, it is generally best to use either stateful or stateless autoconfiguration for hosts to reduce potential errors and keep things simple.

Note: You may be curious about how DNS works in an IPv6 environment. Not surprisingly, the method is very similar to DNS in IPv4. However, when a host is attempting to obtain the IPv6 address associated with a fully qualified domain name (FQDN) or hostname, it sends a DNS query looking for the AAAA record associated with the host, rather than the standard A record used to resolve IPv4 addresses.

IPv6 Discovery Processes

On an IPv6 network, a number of important functions happen using discovery processes. These include the discovery of neighboring devices and routers, as well as the maximum transmission unit (MTU) that is supported between a source and destination host. Some of these concepts are similar to ones found on an IPv4 network, while others represent new ways of dealing with traditional IPv4 configuration issues.

Neighbor discovery is the process by which an IPv6 node discovers the link-layer address of systems that it needs to communicate with on the local subnet, and is the method by which a node keeps track of local routers. This neighbor discovery process uses a new version of ICMP – ICMPv6. Ultimately, multicasts and anycasts are used for neighbor discovery functions on an IPv6 network. For example, recall the ARP function on an IPv4 network; a host would send out a broadcast requesting that the host with the specified IP send back its MAC address. In IPv6, ICMP multicasts are used to send out a request looking for the link-layer address associated with a known IPv6 address. This helps to reduce some of the traditional issues associated with broadcast traffic negatively impacting network performance.

Router discovery is a feature of IPv6 that allows an IPv6 node to discover the routers connected to its local link network. Although a similar feature exists in IPv4, it is rarely used with most administrators relying upon manually configured gateway addresses instead. Two main types of router discovery messages are used on IPv6 networks – router solicitations, and router advertisements. A router advertisement is a multicast message periodically sent by an IPv6 router that allows a host to gather valuable information about the network. For example, a router advertisement could contain information about the address configuration method that should be used, the IP prefixes in use on the network (or any changes to them), which router should be considered the default router, and more. Router advertisements will be looked at in more detail in the section on addressing hosts.

In contrast, a node sends out a router solicitation method when it does not have a configured IP address at start up. The purpose of this multicast is to gather information about how the node should be configured, but without the need to wait for the next router advertisement. For example, the result of a router solicitation message could be a reply from a local router specifying that the host should auto-configure its IPv6 address, or perhaps that it should use DHCP instead.

Another very important discovery process on IPv6 networks is maximum transmission unit (MTU) discovery. In previous articles in the CCNA series, we looked at how a router was capable of fragmenting an IPv4 packet when the next network on the path to a destination used a smaller MTU size – for example, when forwarding data from a Token Ring segment to an Ethernet segment. While this method helped to avoid some of the issues associated with interconnecting different network types, it also slowed down the communication process, since a router was not only responsible for reframing and making forwarding decisions, but also fragmenting packets and subsequently reframing them all as well. In IPv6, routers no longer fragment any packets. Instead, the sending node uses a process referred to as MTU discovery to determine the larger possible MTU that is supported between itself and the destination host. If any fragmentation needs to take place, it must be done on the sending node – IPv6 routers stay out of this process completely, leading to greater routing efficiency.

To understand how MTU discovery works, consider the figure below. In it, we see a source host attempting to discover the biggest MTU possible between itself and the destination. In this case, the MTU between Host A and its local router is 1500 bytes, the MTU between Routers A and B is 1400, and the MTU between Router B and the destination is 1200.

Figure

To discover the MTU, Host A will sent out a packet to Host B attempting to use its 1500 byte MTU. At Router A, an ICMPv6 error message (packet too big) will be sent back saying that an MTU of 1400 should be used. Host A will then send out another packet with an MTU of 1400, which will be designated as too big by Router B, with a maximum MTU of 1280 specified. Since Host B is connected to a network with an MTU of 1280, Host A now knows that this is the MTU that it should use to communicate with Host B. Although this process may seen cumbersome, it’s worth noting that IPv6 specifies a minimum MTU size of 1280 bytes, and that 1500 is usually the default MTU configured on most internetworking equipment.

IPv6 Multicast Addresses

Must like the reserved Class D address space in IPv4, IPv6 dedicates some of its address space to multicast traffic, albeit a much larger portion. If you recall, a multicast transmission is one in which a single transmission is received by many systems, or a one-to-many technique. In IPv6, multicasts use the prefix FF00::/8. Common examples of multicast addresses used in IPv6 include the destination address FF02::1, which is used to send a multicast to all hosts on a given subnet. Similarly, the multicast address FF02::2 is used to communicate with all routers on a subnet. Later in this series you’ll learn more about how some routing protocols use multicasts to facilitate inter-router communication.

IPv6 Anycast Addresses

IPv6 also defines an entirely new type of address and transmission, known as an “anycast”. Simply put, an anycast address is a standard IPv6 global address that is assigned to a number of different interfaces on different systems. When a packet is destined for an anycast address, the “closest” device to the sender will process the packet. In this case, the concept of “closest” is defined by the routing protocols in use on the network. At this time, anycast addresses can only be used as a destination address, cannot be used as a source address, and are only assigned to routers. A common use in IPv6 is to apply the same anycast address to all routers interfaces that connect to the same subnet. The potential uses of anycast transmission methods are being explored further by the IETF, and the technique is already finding its way into new technologies like Mobile IP.

IPv6 Unicast Addresses

Like in the world of IPv4, a unicast transmission represents data meant for a single destination address only. However, IPv6 uses a few different types of unicast addresses for different purposes. These include global, site-local, link-local, and IPv4-mapped IPv6 addresses. Each is outlined below.

Global Unicast Address. Very similar in function to an IPv4 unicast address such as 131.107.1.100, these addresses include a global routing prefix, a subnet ID, and an interface ID as outlined earlier.

Site-Local Unicast Address. Very similar in function to the IPv4 private address space that includes ranges like 10.0.0.0/8, these addresses are meant for internal communications and are not routable on the public Internet. Site-local addresses start with the prefix FEC0::/10, and then include the appropriate subnet ID and interface ID as outlined earlier.

Link-Local Unicast Address. For certain communications that are meant to stay within a given broadcast domain, IPv6 uses link-local addresses. These addresses are used for features like stateless autoconfiguration, which will be looked at shortly. Link-local addresses start with the prefix FE80::/10, and then include an interface ID. Note that since these addresses never communicate outside of their local subnet, the subnet ID is not included.

IPv4-mapped IPv6 Address. For environments that are transitioning between IPv4 and IPv6, IPv6 provides another type of unicast address known as an IPv4-mapped IPv6 address. This addressing method is used on systems running both an IPv4 and IPv6 protocol stack. When used, a system will include its current 32-bit IPv4 address in the low-order bits of an IPv6 address, preceded by 16 bits set to FFFF, and the remaining bits set to 0. For example, a host with the IPv4 address 131.107.1.100 would use the address of 0:0:0:0:0:FFFF:131.107.1.100.

IPv6 Subnetting and Address Allocation

If you’ve been working with IPv4 for some time now, you may already be familiar with subnet masks and how they work to segment the IPv4 address space into subnets. In the IPv6 world, subnetting works somewhat differently, relying on a dedicated field within an IPv6 address. While the next section will look at the breakdown of the IPv6 address space in more detail, for now it’s enough to say that an IPv6 unicast address includes a 16-bit field known as the Subnet ID or Site-Level Aggregator. Because this field is 16 bits in length, it gives companies the option of configuring up to 65535 individual subnets. The structure of an IPv6 global address is outlined below.

Tip: Remember that in IPv6, the Subnet ID (also know as the Site Level Aggregator field) is used to define individual subnets.

As part of developing the IPv6 address space, a number of the “problems” associated with IPv4 were taken into account. For example, IPv6 provides a much more organized hierarchical addressing scheme, addressing some of the limitations and problems associated with routing in the IPv4 world. The figure below outlines the major elements of a global IPv6 unicast address. To gain a better understanding of IPv6, it is worth knowing a little more about how these addresses are allocated in the real world.

Figure

First and foremost, the first three bits of the global IPv6 address space are set to use the prefix 2000::/3 (remember, this is not the decimal number 2000, but a series of four hexadecimal digits). Like the CIDR notation you are already familiar with, the /3 represents a mask that defines a portion of the address space. In this case, all IPv6 addresses that start with the binary values 001 (2000::/3) through 111 (E000::/3) are global addresses (with the exception of FF00::/8, which are addresses reserved for multicasts). Ultimately, these global addresses need to have a 64-bit interface identifier, as displayed in the previous figure. The 64-bit interface identifier is usually created by taking an interface’s MAC address (which is 48 bits in length) and wedging another 16-bit hexadecimal string (FFFE) between the OUI (first 24 bits) and unique serial number (last 24 bits) of the MAC address. This format is known as extended universal identifier (EUI) 64 format, or EUI-64 for short. When all is said and done, the last 64 bits of an IPv6 global address represent an interface.

So what are the other parts of the address space used for? Well, so far we know that the last 64 bits of an IPv6 address represent a unique interface, while the 16 bits that precede that represent the Subnet ID. As such, the first 48 bits define what is known as the Global Routing Prefix, and since the global address space starts at 2000::/3, that leaves 45 bits to break up the Global Routing Prefix itself.

Without getting into too much detail here, the IPv6 address space is allocated by the Internet Assigned Numbers Authority (IANA). The IANA assigns addresses to the various registries, such as the American Registry for Internet Numbers (ARIN) in the Americas. A registry is given a /16 portion of the address space, such as the 2001:0400::/16 address space allocated to ARIN. From this allocated space, a registry such as ARIN would begin granting address space to ISPs with a /32 prefix. Then, individual ISPs would allocate this address space to organizations using a /48 prefix.

Once a company has been granted their address in the /48 space, they can begin to allocate this address space internally, segmenting the space into smaller subnets or networks by using the 16-bit Subnet ID field. From there, hosts are addressed using the remaining 64 bits of the address space as outlined earlier.

As if it we not enough that IPv6 introduces a whole new addressing scheme, this version of IP also introduces a new concept in terms of how hosts are individually addressed. For example, in the world of IPv4, a host usually had a single IP address assigned to it. In the world of IPv6, however, a host is assigned multiple types of addresses on a per-interface basis. These addresses include different types of unicast, multicast, and anycast addresses. One that you may find conspicuously absent is the famous broadcast – in fact, you might be happy to know that IPv6 doesn’t support broadcasts at all.

IPv6 Address Formats

As mentioned in my last article, an IPv6 address is 128 bits in length, represented in hexadecimal. Much like a MAC address, an IPv6 address is broken down into 2-byte (16-bit) sections separated by a colon; the major difference being that an IPv6 address includes 8 of these sections rather than 3 with a MAC address. In fact, the standard configuration of an IPv6 address actually uses a system’s MAC address as part of the interface ID of a host, as I’ll explain shortly. The address below shows an example of a full 128-bit IPv6 address:

2031:0000:130D:0000:0000:08D0:875D:130A

The first thing to recognize about an IPv6 address is that it can actually be compressed quite easily. For example, in the address above, each 2-byte section that contains only 0s can be reduced to a single 0. By the same token, any 2-byte section that begins with a 0 can also have that leading 0(s) dropped. In other words, in compressed form the address just considered would be represented as:

2031:0:130D:0:0:8D0:875D:130A

Although this is a little better, there is still an even easier way to represent an IPv6 address. Because the IPv6 address space is so large, there’s a good change that you’re likely to find many 0s in any given address. So, in cases where more than more than one successive field contains 0s only, you can represent it with double colons (::) in the address. For example, the compressed address 2031:0:130D:0:0:08D0:875D:130A could be represented as:

2031:0:130D::8D0:875D:130A

When an IPv6 system comes across this double colon (::) within an address, it knows that it should include as many 0s as necessary to get the address back to 128 bits. However, it’s very important to note than the double colons can only be included once within a given address – if it were included more than once, a system couldn’t possible know where all the 0s were to be placed in the expanded address.

Tip: Remember that double colons (::) can be used as placeholders for contiguous 0 fields in an IPv6 address, but only once within any given address.

In some cases, using the pair of colons makes an address very small indeed. For example, the loopback address in IPv6 is 0000:0000:0000:0000:0000:0000:0000:0001. By using the double colon arrangement just learned, this address can also be identified as:

::1

Overall, IPv6 addressing is probably neither easier nor harder than what you’ve come to know and love with IPv4 – it’s simply different. As with anything new, it will just take a little time to understand and appreciate this new addressing format.

While this article gives you an introduction to IPv6, we’re just getting started. In my next CCDA article I’ll walk you through how subnetting occurs in this address space, and we’ll explore different IP address allocation and transmission methods. Stay tuned!