IPv6 transition mechanisms

There are plenty of IPv6 transition technologies and I always forget some of them. Below is the list with description to have a quick reminder always when it’s needed. I’m considering all technologies from ISP’s point of view :

1. Dual-stack
The simplest one. All our infrastructure is IPv6 enabled and we give /64 prefix on customer’s CPE. Then all his devices make IPv6 addresses with EUI-64 and will access IPv6 websites and resources directly through our IPv6 enabled infrastructure. Customer PC is sending AAAA request to DNS server, get back answer with IPv6 address of site and traffic flows through IPv6 Internet. If there is no IPv6 entry, IPv4 A entry is used and customer works on IPv4.

2. ISATAP tunnels
Tunneling mechanism, recommended by cisco to use inside ISP network. Takes IPv4 address, creates IPv6 address from it. Example – customer got prefix 2001:aa1:b:b::/64 on his CPE, PC has got IP, his ISATAP address is 2001:aa1:b:b:200:5efe:a01:203.

Two main disadvantages :
– Don’t support multicast at all
– Don’t support any type of autoconfiguration (ND/DHCPv6)

How it works – when we run ISATAP on PC, it requests DNS for ISATAP router IPv4 addres, DNS answers with IPv4 address of router. PC creates a tunnel to Router and sends a request for IPv6 prefix and IPv6 of default gateway. IPv4 router answers and then customer creates own IPv6 address and sends IPv6 packets through router.
interface Tunnel 0
ip address 2001:aa1:b:b::/64 eui-64
no ipv6 nd suppress-ra
tunnel source
tunnel mode ipv6ip isatap

no IPv6 nd suppress-ra command is needed to send RA traffic to tunnel.

There are 3 scenarios how ISATAP can be used in ISP environment :
First two are called hybrid model:
a) Described scenario with running ISATAP IPv6 on PC is when our infrastructure is not IPv6 enabled (except aggregation router which is close to BGP border). So we can run on this aggregation router ISATAP service and provide IPv6 access to customers.

b) There is a model when core is not IPv6 enabled. Then customers connect with standard IPv6 ND/DHCPv6 to distribution L3 device, which has static ISATAP tunnel to aggregation router.

Third model is called Service block model:
c) Used to provide IPv6 access to datacenter from PCs. In core are located 2 cisco switches 6500. PCs are connecting to them and these switches moves traffic to dual-stack servers. Difference between approach under letter a) is that Service block model is more controlled. We don’t accept all IPv6 connections from user, we can give him IPv6 access only to some services, VLANs, applications.

3. 6rd tunnels
Looks like the best solution if we compare tunneling technologies.
Works in similar manner that ISATAP, but there is a difference:
– access to IPv6 network is provided by 6rd relay (ISP router in aggregation layer)
– use /32 prefixes for create users IPs
– supports autoconfiguration and multicast

4. 6over4 tunnels
Old technology, not used anymore. 6rd is a successor. Main disadvantage – were using multicast and is mapping it to 239.192.x.y IPv4 network. But often there is no support of multicast routing inside the network.

5. 6to4 tunnels
Works exactly in same manner as 6rd tunnel. The difference is that it is not connecting to any relay inside ISP network, but to random routers on IPv4 network, which works as public 6to4 relays. PC is not dependent on ISP but this type of connection is really unstable.

5. Teredo tunnels
Teredo has same idea as 6to4 tunnel – it’s ISP independent technology, running on PC of customer. Difference is that it is connecting to some reliable Teredo server (for example Microsoft, Hurican electric etc.). Teredo works over NAT, that’s why it has to maintain tables for NAT mapping and IPv6 address can change often. Main issue is performance and high latency of Teredo connection.

All technologies are used on IPv4 network and helps to transfer IPv6 packets from PC to some relay and then forward it through IPv6 global internet to destination.

There are also few NAT solutions. They can be used when we run IPv6 only network and we need our IPv6 PCs communicate with IPv4 world.

1. NAT64
Works similar to IPv4 NAT/PAT. Supports only TCP, UDP and ICMP, DST-NAT is also possible.
DNS64 server should be implemented together with NAT64. When PC sends request to DNS on IPv6 only network, it is always AAAA request. DNS server should check NS servers if AAAA entry exists, if not, it should take A entry, change it to AAAA and send back to IPv6 host PC.

Historical project – is not used anymore because it was using complicated communication with DNS and on practice was not good.